[jboss-cvs] JBossAS SVN: r75353 - projects/security/security-negotiation/trunk/jboss-negotiation/src/main/java/org/jboss/security/negotiation/spnego.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu Jul 3 14:15:24 EDT 2008
Author: darran.lofthouse at jboss.com
Date: 2008-07-03 14:15:24 -0400 (Thu, 03 Jul 2008)
New Revision: 75353
Modified:
projects/security/security-negotiation/trunk/jboss-negotiation/src/main/java/org/jboss/security/negotiation/spnego/AdvancedLdapLoginModule.java
Log:
[SECURITY-133] Added role recursion.
Modified: projects/security/security-negotiation/trunk/jboss-negotiation/src/main/java/org/jboss/security/negotiation/spnego/AdvancedLdapLoginModule.java
===================================================================
--- projects/security/security-negotiation/trunk/jboss-negotiation/src/main/java/org/jboss/security/negotiation/spnego/AdvancedLdapLoginModule.java 2008-07-03 18:02:34 UTC (rev 75352)
+++ projects/security/security-negotiation/trunk/jboss-negotiation/src/main/java/org/jboss/security/negotiation/spnego/AdvancedLdapLoginModule.java 2008-07-03 18:15:24 UTC (rev 75353)
@@ -24,9 +24,11 @@
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.acl.Group;
+import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Properties;
+import java.util.Set;
import java.util.Map.Entry;
import javax.management.ObjectName;
@@ -166,8 +168,10 @@
/** The proof of login identity */
private char[] credential;
- private transient SimpleGroup userRoles = new SimpleGroup("Roles");
+ private SimpleGroup userRoles = new SimpleGroup("Roles");
+ private Set<String> processedRoleDNs = new HashSet<String>();
+
@Override
public void initialize(Subject subject, CallbackHandler handler, Map sharedState, Map options)
{
@@ -496,6 +500,15 @@
{
log.trace("Failed to query roleNameAttrName", e);
}
+
+ if (recurseRoles)
+ {
+ if (processedRoleDNs.contains(roleDN) == false)
+ {
+ processedRoleDNs.add(roleDN);
+ rolesSearch(searchContext, roleDN);
+ }
+ }
}
else
{
More information about the jboss-cvs-commits
mailing list