activemq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From michaelpea...@apache.org
Subject [2/2] activemq-artemis git commit: ARTEMIS-1547 support referrals in LDAP login module
Date Sun, 10 Dec 2017 21:51:30 GMT
ARTEMIS-1547 support referrals in LDAP login module


Project: http://git-wip-us.apache.org/repos/asf/activemq-artemis/repo
Commit: http://git-wip-us.apache.org/repos/asf/activemq-artemis/commit/84bedaf2
Tree: http://git-wip-us.apache.org/repos/asf/activemq-artemis/tree/84bedaf2
Diff: http://git-wip-us.apache.org/repos/asf/activemq-artemis/diff/84bedaf2

Branch: refs/heads/master
Commit: 84bedaf2e4e6cea95d21c15e97254ede5bfc4b66
Parents: 5817dad
Author: Justin Bertram <jbertram@apache.org>
Authored: Fri Dec 8 14:06:09 2017 -0600
Committer: Michael Pearce <michael.andre.pearce@me.com>
Committed: Sun Dec 10 21:50:47 2017 +0000

----------------------------------------------------------------------
 .../spi/core/security/jaas/LDAPLoginModule.java      | 15 ++++++++++++++-
 docs/user-manual/en/security.md                      |  2 ++
 2 files changed, 16 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/84bedaf2/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/LDAPLoginModule.java
----------------------------------------------------------------------
diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/LDAPLoginModule.java
b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/LDAPLoginModule.java
index ee2c980..a1ba4e7 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/LDAPLoginModule.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/LDAPLoginModule.java
@@ -82,6 +82,7 @@ public class LDAPLoginModule implements LoginModule {
    private static final String EXPAND_ROLES_MATCHING = "expandRolesMatching";
    private static final String SASL_LOGIN_CONFIG_SCOPE = "saslLoginConfigScope";
    private static final String AUTHENTICATE_USER = "authenticateUser";
+   private static final String REFERRAL = "referral";
 
    protected DirContext context;
 
@@ -104,7 +105,7 @@ public class LDAPLoginModule implements LoginModule {
       this.subject = subject;
       this.handler = callbackHandler;
 
-      config = new LDAPLoginProperty[]{new LDAPLoginProperty(INITIAL_CONTEXT_FACTORY, (String)
options.get(INITIAL_CONTEXT_FACTORY)), new LDAPLoginProperty(CONNECTION_URL, (String) options.get(CONNECTION_URL)),
new LDAPLoginProperty(CONNECTION_USERNAME, (String) options.get(CONNECTION_USERNAME)), new
LDAPLoginProperty(CONNECTION_PASSWORD, (String) options.get(CONNECTION_PASSWORD)), new LDAPLoginProperty(CONNECTION_PROTOCOL,
(String) options.get(CONNECTION_PROTOCOL)), new LDAPLoginProperty(AUTHENTICATION, (String)
options.get(AUTHENTICATION)), new LDAPLoginProperty(USER_BASE, (String) options.get(USER_BASE)),
new LDAPLoginProperty(USER_SEARCH_MATCHING, (String) options.get(USER_SEARCH_MATCHING)), new
LDAPLoginProperty(USER_SEARCH_SUBTREE, (String) options.get(USER_SEARCH_SUBTREE)), new LDAPLoginProperty(ROLE_BASE,
(String) options.get(ROLE_BASE)), new LDAPLoginProperty(ROLE_NAME, (String) options.get(ROLE_NAME)),
new LDAPLoginProperty(ROLE_SEARCH_MATCHING, (String) options.get(ROLE_S
 EARCH_MATCHING)), new LDAPLoginProperty(ROLE_SEARCH_SUBTREE, (String) options.get(ROLE_SEARCH_SUBTREE)),
new LDAPLoginProperty(USER_ROLE_NAME, (String) options.get(USER_ROLE_NAME)), new LDAPLoginProperty(EXPAND_ROLES,
(String) options.get(EXPAND_ROLES)), new LDAPLoginProperty(EXPAND_ROLES_MATCHING, (String)
options.get(EXPAND_ROLES_MATCHING)), new LDAPLoginProperty(SASL_LOGIN_CONFIG_SCOPE, (String)
options.get(SASL_LOGIN_CONFIG_SCOPE)), new LDAPLoginProperty(AUTHENTICATE_USER, (String) options.get(AUTHENTICATE_USER))};
+      config = new LDAPLoginProperty[]{new LDAPLoginProperty(INITIAL_CONTEXT_FACTORY, (String)
options.get(INITIAL_CONTEXT_FACTORY)), new LDAPLoginProperty(CONNECTION_URL, (String) options.get(CONNECTION_URL)),
new LDAPLoginProperty(CONNECTION_USERNAME, (String) options.get(CONNECTION_USERNAME)), new
LDAPLoginProperty(CONNECTION_PASSWORD, (String) options.get(CONNECTION_PASSWORD)), new LDAPLoginProperty(CONNECTION_PROTOCOL,
(String) options.get(CONNECTION_PROTOCOL)), new LDAPLoginProperty(AUTHENTICATION, (String)
options.get(AUTHENTICATION)), new LDAPLoginProperty(USER_BASE, (String) options.get(USER_BASE)),
new LDAPLoginProperty(USER_SEARCH_MATCHING, (String) options.get(USER_SEARCH_MATCHING)), new
LDAPLoginProperty(USER_SEARCH_SUBTREE, (String) options.get(USER_SEARCH_SUBTREE)), new LDAPLoginProperty(ROLE_BASE,
(String) options.get(ROLE_BASE)), new LDAPLoginProperty(ROLE_NAME, (String) options.get(ROLE_NAME)),
new LDAPLoginProperty(ROLE_SEARCH_MATCHING, (String) options.get(ROLE_S
 EARCH_MATCHING)), new LDAPLoginProperty(ROLE_SEARCH_SUBTREE, (String) options.get(ROLE_SEARCH_SUBTREE)),
new LDAPLoginProperty(USER_ROLE_NAME, (String) options.get(USER_ROLE_NAME)), new LDAPLoginProperty(EXPAND_ROLES,
(String) options.get(EXPAND_ROLES)), new LDAPLoginProperty(EXPAND_ROLES_MATCHING, (String)
options.get(EXPAND_ROLES_MATCHING)), new LDAPLoginProperty(REFERRAL, (String) options.get(REFERRAL))};
       if (isLoginPropertySet(AUTHENTICATE_USER)) {
          authenticateUser = Boolean.valueOf(getLDAPPropertyValue(AUTHENTICATE_USER));
       }
@@ -539,6 +540,18 @@ public class LDAPLoginModule implements LoginModule {
             env.put(Context.PROVIDER_URL, getLDAPPropertyValue(CONNECTION_URL));
             env.put(Context.SECURITY_AUTHENTICATION, getLDAPPropertyValue(AUTHENTICATION));
 
+            // handle LDAP referrals
+            // valid values are "throw", "ignore" and "follow"
+            String referral = "ignore";
+            if (getLDAPPropertyValue(REFERRAL) != null) {
+               referral = getLDAPPropertyValue(REFERRAL);
+            }
+
+            env.put(Context.REFERRAL, referral);
+            if (logger.isDebugEnabled()) {
+               logger.debug("Referral handling: " + referral);
+            }
+
             if ("GSSAPI".equalsIgnoreCase(getLDAPPropertyValue(AUTHENTICATION))) {
 
                final String configScope = isLoginPropertySet(SASL_LOGIN_CONFIG_SCOPE) ? getLDAPPropertyValue(SASL_LOGIN_CONFIG_SCOPE)
: "broker-sasl-gssapi";

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/84bedaf2/docs/user-manual/en/security.md
----------------------------------------------------------------------
diff --git a/docs/user-manual/en/security.md b/docs/user-manual/en/security.md
index b14aee6..5a7f63a 100644
--- a/docs/user-manual/en/security.md
+++ b/docs/user-manual/en/security.md
@@ -543,6 +543,8 @@ managed using the X.500 system. It is implemented by `org.apache.activemq.artemi
 -   `authenticateUser` - boolean flag to disable authentication. Useful as an optimisation
when this module is used just for
     role mapping of a Subject's existing authenticated principals; default is `false`.
 
+-   `referral` - specify how to handle referrals; valid values: `ignore`, `follow`, `throw`;
default is `ignore`.
+
 -   `debug` - boolean flag; if `true`, enable debugging; this is used only for testing or
debugging; normally, it
     should be set to `false`, or omitted; default is `false`
 


Mime
View raw message