[Jboss-cvs] JBossAS SVN: r56027 - trunk/security/src/main/org/jboss/security/auth/spi
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu Aug 17 10:35:29 EDT 2006
Author: anil.saldhana at jboss.com
Date: 2006-08-17 10:35:29 -0400 (Thu, 17 Aug 2006)
New Revision: 56027
Modified:
trunk/security/src/main/org/jboss/security/auth/spi/LdapExtLoginModule.java
Log:
JBAS-3448:LdapExtLoginModule will not leak connections
JBAS-3438: Handle "/" in the middle of SearchResult gracefully
Modified: trunk/security/src/main/org/jboss/security/auth/spi/LdapExtLoginModule.java
===================================================================
--- trunk/security/src/main/org/jboss/security/auth/spi/LdapExtLoginModule.java 2006-08-17 14:14:10 UTC (rev 56026)
+++ trunk/security/src/main/org/jboss/security/auth/spi/LdapExtLoginModule.java 2006-08-17 14:35:29 UTC (rev 56027)
@@ -328,17 +328,25 @@
searchScope = SearchControls.SUBTREE_SCOPE;
// Get the admin context for searching
- InitialLdapContext ctx = constructInitialLdapContext(bindDN, bindCredential);
- // Validate the user by binding against the userDN
- String userDN = bindDNAuthentication(ctx, username, credential, baseDN, baseFilter);
+ InitialLdapContext ctx = null;
+ try
+ {
+ ctx = constructInitialLdapContext(bindDN, bindCredential);
+ // Validate the user by binding against the userDN
+ String userDN = bindDNAuthentication(ctx, username, credential, baseDN, baseFilter);
- // Query for roles matching the role filter
- SearchControls constraints = new SearchControls();
- constraints.setSearchScope(searchScope);
- constraints.setReturningAttributes(new String[0]);
- constraints.setTimeLimit(searchTimeLimit);
- rolesSearch(ctx, constraints, username, userDN, recursion, 0);
- ctx.close();
+ // Query for roles matching the role filter
+ SearchControls constraints = new SearchControls();
+ constraints.setSearchScope(searchScope);
+ constraints.setReturningAttributes(new String[0]);
+ constraints.setTimeLimit(searchTimeLimit);
+ rolesSearch(ctx, constraints, username, userDN, recursion, 0);
+ }
+ finally
+ {
+ if( ctx != null )
+ ctx.close();
+ }
return true;
}
@@ -404,7 +412,7 @@
while (results.hasMore())
{
SearchResult sr = (SearchResult) results.next();
- String dn = sr.getName() + "," + rolesCtxDN;
+ String dn = canonicalize(sr.getName());
String[] attrNames = {roleAttributeID};
Attributes result = ctx.getAttributes(dn, attrNames);
if( result != null && result.size() > 0 )
@@ -483,19 +491,36 @@
env.setProperty(Context.PROVIDER_URL, providerURL);
env.setProperty(Context.SECURITY_PRINCIPAL, dn);
env.put(Context.SECURITY_CREDENTIALS, credential);
- traceLdapEnv(env);
+ traceLdapEnv(env);
return new InitialLdapContext(env, null);
}
private void traceLdapEnv(Properties env)
{
- if(trace)
- {
- Properties tmp = new Properties();
- tmp.putAll(env);
- tmp.setProperty(Context.SECURITY_CREDENTIALS, "***");
- log.trace("Logging into LDAP server, env=" + tmp.toString());
- }
+ if(trace)
+ {
+ Properties tmp = new Properties();
+ tmp.putAll(env);
+ tmp.setProperty(Context.SECURITY_CREDENTIALS, "***");
+ log.trace("Logging into LDAP server, env=" + tmp.toString());
+ }
+ }
+
+ //JBAS-3438 : Handle "/" correctly
+ private String canonicalize(String searchResult)
+ {
+ String result = searchResult;
+ int len = searchResult.length();
+
+ if (searchResult.endsWith("\""))
+ {
+ result = searchResult.substring(0,len - 1)
+ + "," + rolesCtxDN + "\"";
+ }
+ else
+ {
+ result = searchResult + "," + rolesCtxDN;
+ }
+ return result;
}
-
}
More information about the jboss-cvs-commits
mailing list