[jboss-cvs] JBossAS SVN: r114536 - projects/security/security-negotiation/trunk/jboss-negotiation-extras/src/main/java/org/jboss/security/negotiation.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Wed Oct 23 13:39:27 EDT 2013
Author: darran.lofthouse at jboss.com
Date: 2013-10-23 13:39:26 -0400 (Wed, 23 Oct 2013)
New Revision: 114536
Modified:
projects/security/security-negotiation/trunk/jboss-negotiation-extras/src/main/java/org/jboss/security/negotiation/AdvancedLdapLoginModule.java
Log:
Cache isTraceEnabled once and use throughout authentication, any attempt to change this mid authentication would always be a race.
Modified: projects/security/security-negotiation/trunk/jboss-negotiation-extras/src/main/java/org/jboss/security/negotiation/AdvancedLdapLoginModule.java
===================================================================
--- projects/security/security-negotiation/trunk/jboss-negotiation-extras/src/main/java/org/jboss/security/negotiation/AdvancedLdapLoginModule.java 2013-10-17 09:04:35 UTC (rev 114535)
+++ projects/security/security-negotiation/trunk/jboss-negotiation-extras/src/main/java/org/jboss/security/negotiation/AdvancedLdapLoginModule.java 2013-10-23 17:39:26 UTC (rev 114536)
@@ -96,7 +96,7 @@
private static final String ROLE_NAME_ATTRIBUTE_ID = "roleNameAttributeID";
private static final String ROLE_SEARCH_SCOPE = "searchScope";
private static final String REFERRAL_USER_ATTRIBUTE_ID_TO_CHECK = "referralUserAttributeIDToCheck";
-
+
// Authentication Settings
private static final String ALLOW_EMPTY_PASSWORD = "allowEmptyPassword";
@@ -175,13 +175,13 @@
protected String roleNameAttributeID;
protected String referralUserAttributeIDToCheck = null;
-
+
// Authentication Settings
protected boolean allowEmptyPassword;
// inner state fields
private String referralUserDNToCheck;
-
+
/*
* Module State
*/
@@ -189,11 +189,14 @@
private Set<String> processedRoleDNs = new HashSet<String>();
+ private boolean trace;
+
@Override
public void initialize(Subject subject, CallbackHandler handler, Map sharedState, Map options)
{
addValidOptions(ALL_VALID_OPTIONS);
super.initialize(subject, handler, sharedState, options);
+ trace = log.isTraceEnabled();
// Search Context Settings
bindAuthentication = (String) options.get(BIND_AUTHENTICATION);
@@ -308,8 +311,9 @@
{
// Obtain the username and password
processIdentityAndCredential();
- if (log.isTraceEnabled())
+ if (trace) {
log.trace("Identity - " + getIdentity().getName());
+ }
// Initialise search ctx
String bindCredential = this.bindCredential;
if (AUTH_TYPE_GSSAPI.equals(bindAuthentication) == false)
@@ -344,7 +348,7 @@
{
referralUserDNToCheck = userDN;
}
-
+
// If authentication required authenticate as user
if (super.loginOk == false)
{
@@ -479,8 +483,9 @@
results.close();
results = null;
- if (log.isTraceEnabled())
+ if (trace) {
log.trace("findUserDN - " + userDN);
+ }
return userDN;
}
catch (NamingException e)
@@ -534,24 +539,24 @@
NamingEnumeration results = null;
try
{
- if (log.isTraceEnabled())
+ if (trace) {
log.trace("rolesCtxDN=" + rolesCtxDN + " roleFilter=" + roleFilter + " filterArgs[0]=" + filterArgs[0]
+ " filterArgs[1]=" + filterArgs[1]);
+ }
-
if (roleFilter != null && roleFilter.length() > 0)
{
boolean referralsExist = true;
while (referralsExist)
- {
+ {
try
- {
+ {
results = searchContext.search(rolesCtxDN, roleFilter, filterArgs, roleSearchControls);
while (results.hasMore())
{
SearchResult sr = (SearchResult) results.next();
String resultDN = null;
- if (sr.isRelative())
+ if (sr.isRelative())
{
resultDN = canonicalize(sr.getName());
}
@@ -563,7 +568,7 @@
}
referralsExist = false;
}
- catch (ReferralException e)
+ catch (ReferralException e)
{
searchContext = (LdapContext) e.getReferralContext();
}
@@ -599,8 +604,9 @@
protected void obtainRole(LdapContext searchContext, String dn, SearchResult sr) throws NamingException, LoginException
{
- if (log.isTraceEnabled())
+ if (trace) {
log.trace("rolesSearch resultDN = " + dn);
+ }
String[] attrNames =
{roleAttributeID};
@@ -636,7 +642,7 @@
}
}
}
-
+
private Attributes getAttributesFromReferralEntity(SearchResult sr) throws NamingException
{
Attributes result = sr.getAttributes();
@@ -659,11 +665,10 @@
protected void loadRoleByRoleNameAttributeID(LdapContext searchContext, String roleDN)
{
- String[] returnAttribute =
- {roleNameAttributeID};
- boolean TRACE = log.isTraceEnabled();
- if (TRACE)
+ String[] returnAttribute = {roleNameAttributeID};
+ if (trace) {
log.trace("Using roleDN: " + roleDN);
+ }
try
{
Attributes result2 = searchContext.getAttributes(roleDN, returnAttribute);
@@ -679,34 +684,36 @@
}
catch (NamingException e)
{
- if (TRACE)
+ if (trace) {
log.trace("Failed to query roleNameAttrName", e);
+ }
}
}
protected void recurseRolesSearch(LdapContext searchContext, String roleDN) throws LoginException
{
- boolean TRACE = log.isTraceEnabled();
if (recurseRoles)
{
if (processedRoleDNs.contains(roleDN) == false)
{
processedRoleDNs.add(roleDN);
- if (TRACE)
+ if (trace) {
log.trace("Recursive search for '" + roleDN + "'");
+ }
rolesSearch(searchContext, roleDN);
}
else
{
- if (TRACE)
+ if (trace) {
log.trace("Already visited role '" + roleDN + "' ending recursion.");
+ }
}
}
}
protected void traceLdapEnv(Properties env)
{
- if (log.isTraceEnabled())
+ if (trace)
{
Properties tmp = new Properties();
tmp.putAll(env);
@@ -740,8 +747,9 @@
try
{
Principal p = super.createIdentity(roleName);
- if (log.isTraceEnabled())
+ if (trace) {
log.trace("Assign user '" + getIdentity().getName() + "' to role " + roleName);
+ }
userRoles.addMember(p);
}
catch (Exception e)
More information about the jboss-cvs-commits
mailing list