[jboss-cvs] JBossAS SVN: r75353 - projects/security/security-negotiation/trunk/jboss-negotiation/src/main/java/org/jboss/security/negotiation/spnego.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Thu Jul 3 14:15:24 EDT 2008 

Author: darran.lofthouse at jboss.com
Date: 2008-07-03 14:15:24 -0400 (Thu, 03 Jul 2008)
New Revision: 75353

Modified:
   projects/security/security-negotiation/trunk/jboss-negotiation/src/main/java/org/jboss/security/negotiation/spnego/AdvancedLdapLoginModule.java
Log:
[SECURITY-133] Added role recursion.

Modified: projects/security/security-negotiation/trunk/jboss-negotiation/src/main/java/org/jboss/security/negotiation/spnego/AdvancedLdapLoginModule.java
===================================================================
--- projects/security/security-negotiation/trunk/jboss-negotiation/src/main/java/org/jboss/security/negotiation/spnego/AdvancedLdapLoginModule.java	2008-07-03 18:02:34 UTC (rev 75352)
+++ projects/security/security-negotiation/trunk/jboss-negotiation/src/main/java/org/jboss/security/negotiation/spnego/AdvancedLdapLoginModule.java	2008-07-03 18:15:24 UTC (rev 75353)
@@ -24,9 +24,11 @@
 import java.security.Principal;
 import java.security.PrivilegedAction;
 import java.security.acl.Group;
+import java.util.HashSet;
 import java.util.Iterator;
 import java.util.Map;
 import java.util.Properties;
+import java.util.Set;
 import java.util.Map.Entry;
 
 import javax.management.ObjectName;
@@ -166,8 +168,10 @@
    /** The proof of login identity */
    private char[] credential;
 
-   private transient SimpleGroup userRoles = new SimpleGroup("Roles");
+   private SimpleGroup userRoles = new SimpleGroup("Roles");
 
+   private Set<String> processedRoleDNs = new HashSet<String>();
+
    @Override
    public void initialize(Subject subject, CallbackHandler handler, Map sharedState, Map options)
    {
@@ -496,6 +500,15 @@
                      {
                         log.trace("Failed to query roleNameAttrName", e);
                      }
+
+                     if (recurseRoles)
+                     {
+                        if (processedRoleDNs.contains(roleDN) == false)
+                        {
+                           processedRoleDNs.add(roleDN);
+                           rolesSearch(searchContext, roleDN);
+                        }
+                     }
                   }
                   else
                   {

More information about the jboss-cvs-commits mailing list