Return-Path: 
 <scm-return-49615-apmail-geronimo-scm-archive=geronimo.apache.org@geronimo.apache.org>
X-Original-To: apmail-geronimo-scm-archive@www.apache.org
Delivered-To: apmail-geronimo-scm-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id CFDDBC291
	for <apmail-geronimo-scm-archive@www.apache.org>;
 Fri, 21 Jun 2013 00:01:22 +0000 (UTC)
Received: (qmail 49087 invoked by uid 500); 21 Jun 2013 00:01:22 -0000
Delivered-To: apmail-geronimo-scm-archive@geronimo.apache.org
Received: (qmail 49051 invoked by uid 500); 21 Jun 2013 00:01:22 -0000
Mailing-List: contact scm-help@geronimo.apache.org; run by ezmlm
Precedence: bulk
list-help: <mailto:scm-help@geronimo.apache.org>
list-unsubscribe: <mailto:scm-unsubscribe@geronimo.apache.org>
List-Post: <mailto:scm@geronimo.apache.org>
Reply-To: dev@geronimo.apache.org
List-Id: <scm.geronimo.apache.org>
Delivered-To: mailing list scm@geronimo.apache.org
Received: (qmail 49044 invoked by uid 99); 21 Jun 2013 00:01:22 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 21 Jun 2013 00:01:22 +0000
X-ASF-Spam-Status: No, hits=-2000.0 required=5.0
	tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 21 Jun 2013 00:01:19 +0000
Received: from eris.apache.org (localhost [127.0.0.1])
	by eris.apache.org (Postfix) with ESMTP id 5013E23889BB;
	Fri, 21 Jun 2013 00:00:59 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r1495244 -
 /geronimo/server/branches/3.0/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/SpnegoLoginModule.java
Date: Fri, 21 Jun 2013 00:00:59 -0000
To: scm@geronimo.apache.org
From: gawor@apache.org
X-Mailer: svnmailer-1.0.8-patched
Message-Id: <20130621000059.5013E23889BB@eris.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org

Author: gawor
Date: Fri Jun 21 00:00:58 2013
New Revision: 1495244

URL: http://svn.apache.org/r1495244
Log:
GERONIMO-6472: SpnegoLoginModule fixes

Modified:
    geronimo/server/branches/3.0/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/SpnegoLoginModule.java

Modified: geronimo/server/branches/3.0/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/SpnegoLoginModule.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/3.0/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/SpnegoLoginModule.java?rev=1495244&r1=1495243&r2=1495244&view=diff
==============================================================================
--- geronimo/server/branches/3.0/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/SpnegoLoginModule.java (original)
+++ geronimo/server/branches/3.0/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/SpnegoLoginModule.java Fri Jun 21 00:00:58 2013
@@ -74,9 +74,11 @@ public class SpnegoLoginModule implement
 
     public final static String SEARCH_BASE = "searchBase";
 
+    public final static String USER_SEARCH_ATTRIBUTE = "userSearchAttribute";
+
     public final static String LDAP_CONTEXT_FACTORY = "ldapContextFactory";
 
-    public final static List<String> supportedOptions = Collections.unmodifiableList(Arrays.asList(TARGET_NAME, LDAP_URL, LDAP_LOGIN_NAME, LDAP_LOGIN_PASSWORD, SEARCH_BASE, LDAP_CONTEXT_FACTORY));
+    public final static List<String> supportedOptions = Collections.unmodifiableList(Arrays.asList(TARGET_NAME, LDAP_URL, LDAP_LOGIN_NAME, LDAP_LOGIN_PASSWORD, SEARCH_BASE, LDAP_CONTEXT_FACTORY, USER_SEARCH_ATTRIBUTE));
 
     private String username;
 
@@ -100,6 +102,8 @@ public class SpnegoLoginModule implement
 
     private String searchBase;
 
+    private String userSearchAttribute;
+
     private String ldapContextFactory;
 
     private static Logger log = LoggerFactory.getLogger(SpnegoLoginModule.class);
@@ -122,6 +126,10 @@ public class SpnegoLoginModule implement
             if (ldapContextFactory == null || ldapContextFactory.length() == 0) {
                 ldapContextFactory = "com.sun.jndi.ldap.LdapCtxFactory";
             }
+            this.userSearchAttribute = (String) options.get(USER_SEARCH_ATTRIBUTE);
+            if (userSearchAttribute == null) {
+                userSearchAttribute = "sAMAccountName";
+            }
         } catch (Exception e) {
             log.error("Initialization failed", e);
             throw new IllegalArgumentException("Unable to configure Spnego login module: " + e.getMessage(), e);
@@ -183,7 +191,7 @@ public class SpnegoLoginModule implement
                 String userName = srcName.toString().substring(0, indexOfAt);
                 SearchControls searchCtls = new SearchControls();
                 String returnedAtts[] = { "primaryGroupID", "memberOf", "objectSid;binary" };
-                String searchFilter = "(&(objectClass=user)(cn=" + userName + "))";
+                String searchFilter = "(&(objectClass=user)(" + userSearchAttribute + "=" + userName + "))";
                 String groupSearchFilter = null;
                 int totalResults = 0;
                 try {
@@ -214,10 +222,11 @@ public class SpnegoLoginModule implement
                                 }
                                 groupSearchFilter = "(&(objectSid=" + binaryToStringSID(groupSid) + "))";
                                 Attribute answer1 = attrs.get("memberOf");
-                                for (int i = 0; i < answer1.size(); i++) {
-                                    String str = answer1.get(i).toString();
-                                    String str1[] = str.split("CN=");
-                                    allPrincipals.add(new GeronimoGroupPrincipal(str1[1].substring(0, str1[1].indexOf(","))));
+                                if (answer1 != null) {
+                                    for (int i = 0; i < answer1.size(); i++) {
+                                        String str = answer1.get(i).toString();
+                                        allPrincipals.add(parseGroup(str));
+                                    }
                                 }
                             } catch (NullPointerException e) {
                                 throw new LoginException("Errors listing attributes: " + e);
@@ -229,8 +238,7 @@ public class SpnegoLoginModule implement
                     // Loop through the search results
                     while (answer2.hasMoreElements()) {
                         SearchResult sr = answer2.next();
-                        String str1[] = sr.getName().split("CN=");
-                        allPrincipals.add(new GeronimoGroupPrincipal(str1[1].substring(0, str1[1].indexOf(","))));
+                        allPrincipals.add(parseGroup(sr.getName()));
                     }
                 } catch (NamingException e) {
                     throw (LoginException) new LoginException().initCause(e);
@@ -249,6 +257,16 @@ public class SpnegoLoginModule implement
         return loginSucceeded;
     }
 
+    private GeronimoGroupPrincipal parseGroup(String groupName) {
+        String str1[] = groupName.split("CN=");
+        int pos = str1[1].indexOf(",");
+        if (pos == -1) {
+            return new GeronimoGroupPrincipal(str1[1]);
+        } else {
+            return new GeronimoGroupPrincipal(str1[1].substring(0, pos));
+        }
+    }
+
     public boolean abort() throws LoginException {
         if (loginSucceeded) {
             // Clear out the private state