[jboss-cvs] JBossAS SVN: r64928 - branches/Branch_4_2/security/src/main/org/jboss/security/auth/spi.

[jboss-cvs-commits at lists.jboss.org]

Author: anil.saldhana at jboss.com
Date: 2007-08-28 17:11:48 -0400 (Tue, 28 Aug 2007)
New Revision: 64928

Modified:
   branches/Branch_4_2/security/src/main/org/jboss/security/auth/spi/LdapExtLoginModule.java
Log:
JBAS-4619: additional option parseRoleNameFromDN

Modified: branches/Branch_4_2/security/src/main/org/jboss/security/auth/spi/LdapExtLoginModule.java
===================================================================
--- branches/Branch_4_2/security/src/main/org/jboss/security/auth/spi/LdapExtLoginModule.java	2007-08-28 21:11:26 UTC (rev 64927)
+++ branches/Branch_4_2/security/src/main/org/jboss/security/auth/spi/LdapExtLoginModule.java	2007-08-28 21:11:48 UTC (rev 64928)
@@ -24,6 +24,7 @@
 import java.security.Principal;
 import java.security.acl.Group;
 import java.util.Iterator;
+import java.util.StringTokenizer;
 import java.util.Map.Entry;
 import java.util.Properties;
 import javax.naming.Context;
@@ -140,6 +141,7 @@
    private static final String ROLE_ATTRIBUTE_ID_OPT = "roleAttributeID";
    private static final String ROLE_ATTRIBUTE_IS_DN_OPT = "roleAttributeIsDN";
    private static final String ROLE_NAME_ATTRIBUTE_ID_OPT = "roleNameAttributeID";
+   private static final String PARSE_ROLE_NAME_FROM_DN_OPT = "parseRoleNameFromDN";
 
    private static final String BIND_DN = "bindDN";
    private static final String BIND_CREDENTIAL = "bindCredential";
@@ -161,6 +163,7 @@
    protected String roleAttributeID;
    protected String roleNameAttributeID;
    protected boolean roleAttributeIsDN;
+   protected boolean parseRoleNameFromDN;
    protected int recursion = 0;
    protected int searchTimeLimit = 10000;
    protected int searchScope = SearchControls.SUBTREE_SCOPE;
@@ -293,6 +296,11 @@
       roleNameAttributeID = (String) options.get(ROLE_NAME_ATTRIBUTE_ID_OPT);
       if (roleNameAttributeID == null)
          roleNameAttributeID = "name";
+      
+      //JBAS-4619:Parse Role Name from DN
+      String parseRoleNameFromDNOption = (String) options.get(PARSE_ROLE_NAME_FROM_DN_OPT);
+      parseRoleNameFromDN = Boolean.valueOf(parseRoleNameFromDNOption).booleanValue();
+      
       rolesCtxDN = (String) options.get(ROLES_CTX_DN_OPT);
       String strRecursion = (String) options.get(ROLE_RECURSION);
       try
@@ -419,17 +427,24 @@
 	         String dn = canonicalize(sr.getName());
             if( nesting == 0 && roleAttributeIsDN && roleNameAttributeID != null )
             {
-               // Check the top context for role names
-               String[] attrNames = {roleNameAttributeID};
-               Attributes result2 = ctx.getAttributes(dn, attrNames);
-               Attribute roles2 = result2.get(roleNameAttributeID);
-               if( roles2 != null )
+               if(parseRoleNameFromDN)
                {
-                  for(int m = 0; m < roles2.size(); m ++)
+                  parseRole(dn);
+               }
+               else
+               { 
+                  // Check the top context for role names
+                  String[] attrNames = {roleNameAttributeID};
+                  Attributes result2 = ctx.getAttributes(dn, attrNames);
+                  Attribute roles2 = result2.get(roleNameAttributeID);
+                  if( roles2 != null )
                   {
-                     String roleName = (String) roles2.get(m);
-                     addRole(roleName);
-                  }
+                     for(int m = 0; m < roles2.size(); m ++)
+                     {
+                        String roleName = (String) roles2.get(m);
+                        addRole(roleName);
+                     }
+                  }  
                }
             }
 
@@ -442,6 +457,11 @@
 	            for (int n = 0; n < roles.size(); n ++)
 	            {
 	               String roleName = (String) roles.get(n);
+	               if(roleAttributeIsDN && parseRoleNameFromDN)
+	               { 
+	            	   parseRole(roleName); 
+	               }
+	               else
                   if (roleAttributeIsDN)
                   {
                      // Query the roleDN location for the value of roleNameAttributeID
@@ -572,4 +592,19 @@
          }
       }
    }
+   
+   private void parseRole(String dn)
+   {
+      StringTokenizer st = new StringTokenizer(dn, ",");
+      while(st != null && st.hasMoreTokens())
+      {
+         String keyVal = st.nextToken();
+         if(keyVal.indexOf(roleNameAttributeID) > -1)
+         { 
+            StringTokenizer kst = new StringTokenizer(keyVal,"=");
+            kst.nextToken();
+            addRole(kst.nextToken());
+         } 
+      }
+   }
 }