[jboss-cvs] JBossAS SVN: r57225 - projects/security/trunk/src/main/org/jboss/security/auth/spi
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Wed Sep 27 00:36:10 EDT 2006
Author: scott.stark at jboss.org
Date: 2006-09-27 00:36:08 -0400 (Wed, 27 Sep 2006)
New Revision: 57225
Modified:
projects/security/trunk/src/main/org/jboss/security/auth/spi/LdapExtLoginModule.java
Log:
SECURITY-10, query the top level role context for matching roles.
Modified: projects/security/trunk/src/main/org/jboss/security/auth/spi/LdapExtLoginModule.java
===================================================================
--- projects/security/trunk/src/main/org/jboss/security/auth/spi/LdapExtLoginModule.java 2006-09-27 04:30:00 UTC (rev 57224)
+++ projects/security/trunk/src/main/org/jboss/security/auth/spi/LdapExtLoginModule.java 2006-09-27 04:36:08 UTC (rev 57225)
@@ -1,24 +1,24 @@
/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
package org.jboss.security.auth.spi;
import java.security.Principal;
@@ -375,7 +375,7 @@
results = ctx.search(baseDN, filter, filterArgs, constraints);
if (results.hasMore() == false)
{
- results.close();
+ results.close();
throw new NamingException("Search of baseDN(" + baseDN + ") found no matches");
}
@@ -387,6 +387,7 @@
else
throw new NamingException("Can't follow referal for authentication: " + name);
+ results.close();
results = null;
// Bind as the user dn to authenticate the user
InitialLdapContext userCtx = constructInitialLdapContext(userDN, credential);
@@ -412,18 +413,35 @@
NamingEnumeration results = ctx.search(rolesCtxDN, roleFilter, filterArgs, constraints);
try
{
- while (results.hasMore())
- {
- SearchResult sr = (SearchResult) results.next();
- String dn = canonicalize(sr.getName());
- String[] attrNames = {roleAttributeID};
- Attributes result = ctx.getAttributes(dn, attrNames);
- if( result != null && result.size() > 0 )
- {
- Attribute roles = result.get(roleAttributeID);
- for (int n = 0; n < roles.size(); n ++)
- {
- String roleName = (String) roles.get(n);
+ while (results.hasMore())
+ {
+ SearchResult sr = (SearchResult) results.next();
+ String dn = canonicalize(sr.getName());
+ if( nesting == 0 && roleAttributeIsDN && roleNameAttributeID != null )
+ {
+ // Check the top context for role names
+ String[] attrNames = {roleNameAttributeID};
+ Attributes result2 = ctx.getAttributes(dn, attrNames);
+ Attribute roles2 = result2.get(roleNameAttributeID);
+ if( roles2 != null )
+ {
+ for(int m = 0; m < roles2.size(); m ++)
+ {
+ String roleName = (String) roles2.get(m);
+ addRole(roleName);
+ }
+ }
+ }
+
+ // Query the context for the roleDN values
+ String[] attrNames = {roleAttributeID};
+ Attributes result = ctx.getAttributes(dn, attrNames);
+ if( result != null && result.size() > 0 )
+ {
+ Attribute roles = result.get(roleAttributeID);
+ for (int n = 0; n < roles.size(); n ++)
+ {
+ String roleName = (String) roles.get(n);
if (roleAttributeIsDN)
{
// Query the roleDN location for the value of roleNameAttributeID
@@ -453,20 +471,20 @@
// The role attribute value is the role name
addRole(roleName);
}
- }
- }
-
- if (nesting < recursionMax)
- {
- rolesSearch(ctx, constraints, user, dn,
- recursionMax, nesting + 1);
- }
- }
+ }
+ }
+
+ if (nesting < recursionMax)
+ {
+ rolesSearch(ctx, constraints, user, dn,
+ recursionMax, nesting + 1);
+ }
+ }
}
finally
{
- if( results != null )
- results.close();
+ if( results != null )
+ results.close();
}
}
More information about the jboss-cvs-commits
mailing list