geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ga...@apache.org
Subject svn commit: r1495244 - /geronimo/server/branches/3.0/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/SpnegoLoginModule.java
Date Fri, 21 Jun 2013 00:00:59 GMT
Author: gawor
Date: Fri Jun 21 00:00:58 2013
New Revision: 1495244

URL: http://svn.apache.org/r1495244
Log:
GERONIMO-6472: SpnegoLoginModule fixes

Modified:
    geronimo/server/branches/3.0/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/SpnegoLoginModule.java

Modified: geronimo/server/branches/3.0/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/SpnegoLoginModule.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/3.0/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/SpnegoLoginModule.java?rev=1495244&r1=1495243&r2=1495244&view=diff
==============================================================================
--- geronimo/server/branches/3.0/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/SpnegoLoginModule.java
(original)
+++ geronimo/server/branches/3.0/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/SpnegoLoginModule.java
Fri Jun 21 00:00:58 2013
@@ -74,9 +74,11 @@ public class SpnegoLoginModule implement
 
     public final static String SEARCH_BASE = "searchBase";
 
+    public final static String USER_SEARCH_ATTRIBUTE = "userSearchAttribute";
+
     public final static String LDAP_CONTEXT_FACTORY = "ldapContextFactory";
 
-    public final static List<String> supportedOptions = Collections.unmodifiableList(Arrays.asList(TARGET_NAME,
LDAP_URL, LDAP_LOGIN_NAME, LDAP_LOGIN_PASSWORD, SEARCH_BASE, LDAP_CONTEXT_FACTORY));
+    public final static List<String> supportedOptions = Collections.unmodifiableList(Arrays.asList(TARGET_NAME,
LDAP_URL, LDAP_LOGIN_NAME, LDAP_LOGIN_PASSWORD, SEARCH_BASE, LDAP_CONTEXT_FACTORY, USER_SEARCH_ATTRIBUTE));
 
     private String username;
 
@@ -100,6 +102,8 @@ public class SpnegoLoginModule implement
 
     private String searchBase;
 
+    private String userSearchAttribute;
+
     private String ldapContextFactory;
 
     private static Logger log = LoggerFactory.getLogger(SpnegoLoginModule.class);
@@ -122,6 +126,10 @@ public class SpnegoLoginModule implement
             if (ldapContextFactory == null || ldapContextFactory.length() == 0) {
                 ldapContextFactory = "com.sun.jndi.ldap.LdapCtxFactory";
             }
+            this.userSearchAttribute = (String) options.get(USER_SEARCH_ATTRIBUTE);
+            if (userSearchAttribute == null) {
+                userSearchAttribute = "sAMAccountName";
+            }
         } catch (Exception e) {
             log.error("Initialization failed", e);
             throw new IllegalArgumentException("Unable to configure Spnego login module:
" + e.getMessage(), e);
@@ -183,7 +191,7 @@ public class SpnegoLoginModule implement
                 String userName = srcName.toString().substring(0, indexOfAt);
                 SearchControls searchCtls = new SearchControls();
                 String returnedAtts[] = { "primaryGroupID", "memberOf", "objectSid;binary"
};
-                String searchFilter = "(&(objectClass=user)(cn=" + userName + "))";
+                String searchFilter = "(&(objectClass=user)(" + userSearchAttribute +
"=" + userName + "))";
                 String groupSearchFilter = null;
                 int totalResults = 0;
                 try {
@@ -214,10 +222,11 @@ public class SpnegoLoginModule implement
                                 }
                                 groupSearchFilter = "(&(objectSid=" + binaryToStringSID(groupSid)
+ "))";
                                 Attribute answer1 = attrs.get("memberOf");
-                                for (int i = 0; i < answer1.size(); i++) {
-                                    String str = answer1.get(i).toString();
-                                    String str1[] = str.split("CN=");
-                                    allPrincipals.add(new GeronimoGroupPrincipal(str1[1].substring(0,
str1[1].indexOf(","))));
+                                if (answer1 != null) {
+                                    for (int i = 0; i < answer1.size(); i++) {
+                                        String str = answer1.get(i).toString();
+                                        allPrincipals.add(parseGroup(str));
+                                    }
                                 }
                             } catch (NullPointerException e) {
                                 throw new LoginException("Errors listing attributes: " +
e);
@@ -229,8 +238,7 @@ public class SpnegoLoginModule implement
                     // Loop through the search results
                     while (answer2.hasMoreElements()) {
                         SearchResult sr = answer2.next();
-                        String str1[] = sr.getName().split("CN=");
-                        allPrincipals.add(new GeronimoGroupPrincipal(str1[1].substring(0,
str1[1].indexOf(","))));
+                        allPrincipals.add(parseGroup(sr.getName()));
                     }
                 } catch (NamingException e) {
                     throw (LoginException) new LoginException().initCause(e);
@@ -249,6 +257,16 @@ public class SpnegoLoginModule implement
         return loginSucceeded;
     }
 
+    private GeronimoGroupPrincipal parseGroup(String groupName) {
+        String str1[] = groupName.split("CN=");
+        int pos = str1[1].indexOf(",");
+        if (pos == -1) {
+            return new GeronimoGroupPrincipal(str1[1]);
+        } else {
+            return new GeronimoGroupPrincipal(str1[1].substring(0, pos));
+        }
+    }
+
     public boolean abort() throws LoginException {
         if (loginSucceeded) {
             // Clear out the private state



Mime
View raw message