karaf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jbono...@apache.org
Subject [13/50] [abbrv] karaf git commit: KARAF-4637 - LDAPLoginModule - Added option to trim usernames
Date Mon, 22 Aug 2016 09:30:11 GMT
KARAF-4637 - LDAPLoginModule - Added option to trim usernames


Project: http://git-wip-us.apache.org/repos/asf/karaf/repo
Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/b30c4fb7
Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/b30c4fb7
Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/b30c4fb7

Branch: refs/heads/master
Commit: b30c4fb792211e496e7de39ec12e8e2350b0a63f
Parents: b317eff
Author: Paolo Antinori <pantinor@redhat.com>
Authored: Wed Jul 27 11:38:53 2016 +0200
Committer: Jean-Baptiste Onofré <jbonofre@apache.org>
Committed: Mon Aug 22 11:29:19 2016 +0200

----------------------------------------------------------------------
 .../jaas/modules/ldap/LDAPLoginModule.java      |  5 +++
 .../karaf/jaas/modules/ldap/LDAPOptions.java    |  5 +++
 .../jaas/modules/ldap/LdapLoginModuleTest.java  | 44 ++++++++++++++++++++
 3 files changed, 54 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/karaf/blob/b30c4fb7/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java
----------------------------------------------------------------------
diff --git a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java
b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java
index f8743c6..6d759e1 100644
--- a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java
+++ b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java
@@ -80,6 +80,11 @@ public class LDAPLoginModule extends AbstractKarafLoginModule {
         // valid password (because if authentication = none, the password could be any 
         // value - it is ignored).
         LDAPOptions options = new LDAPOptions(this.options);
+        if(options.isUsernameTrim()){
+            if(user != null){
+                user = user.trim();
+            }
+        }
         String authentication = options.getAuthentication();
         if ("none".equals(authentication) && (user != null || tmpPassword != null))
{
             logger.debug("Changing from authentication = none to simple since user or password
was specified.");

http://git-wip-us.apache.org/repos/asf/karaf/blob/b30c4fb7/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPOptions.java
----------------------------------------------------------------------
diff --git a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPOptions.java
b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPOptions.java
index 390cbb3..60a7d54 100644
--- a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPOptions.java
+++ b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPOptions.java
@@ -55,6 +55,7 @@ public class LDAPOptions {
     public static final String SSL_KEYALIAS = "ssl.keyalias";
     public static final String SSL_TRUSTSTORE = "ssl.truststore";
     public static final String SSL_TIMEOUT = "ssl.timeout";
+    public static final String USERNAMES_TRIM = "usernames.trim";
     public static final String DEFAULT_INITIAL_CONTEXT_FACTORY = "com.sun.jndi.ldap.LdapCtxFactory";
     public static final String DEFAULT_AUTHENTICATION = "simple";
     public static final int DEFAULT_SSL_TIMEOUT = 10;
@@ -81,6 +82,10 @@ public class LDAPOptions {
         return options.hashCode();
     }
 
+    public boolean isUsernameTrim() {
+        return Boolean.parseBoolean((String) options.get(USERNAMES_TRIM));
+    }
+
     public String getUserFilter() {
         return (String) options.get(USER_FILTER);
     }

http://git-wip-us.apache.org/repos/asf/karaf/blob/b30c4fb7/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/ldap/LdapLoginModuleTest.java
----------------------------------------------------------------------
diff --git a/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/ldap/LdapLoginModuleTest.java
b/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/ldap/LdapLoginModuleTest.java
index 307aae5..2c11915 100644
--- a/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/ldap/LdapLoginModuleTest.java
+++ b/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/ldap/LdapLoginModuleTest.java
@@ -184,6 +184,50 @@ public class LdapLoginModuleTest extends AbstractLdapTestUnit {
     }
 
     @Test
+    public void testTrimmedUsernameLogin() throws Exception {
+        Properties options = ldapLoginModuleOptions();
+        options.put("usernames.trim", "true");
+        LDAPLoginModule module = new LDAPLoginModule();
+        CallbackHandler cb = new CallbackHandler() {
+            public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException
{
+                for (Callback cb : callbacks) {
+                    if (cb instanceof NameCallback) {
+                        ((NameCallback) cb).setName("cheese   ");
+                    } else if (cb instanceof PasswordCallback) {
+                        ((PasswordCallback) cb).setPassword("foodie".toCharArray());
+                    }
+                }
+            }
+        };
+        Subject subject = new Subject();
+        module.initialize(subject, cb, null, options);
+
+        assertEquals("Precondition", 0, subject.getPrincipals().size());
+        assertTrue(module.login());
+        assertTrue(module.commit());
+
+        assertEquals(1, subject.getPrincipals().size());
+
+        boolean foundUser = false;
+        boolean foundRole = false;
+        for (Principal pr : subject.getPrincipals()) {
+            if (pr instanceof UserPrincipal) {
+                assertEquals("cheese", pr.getName());
+                foundUser = true;
+            } else if (pr instanceof RolePrincipal) {
+                assertEquals("admin", pr.getName());
+                foundRole = true;
+            }
+        }
+        assertTrue(foundUser);
+        // cheese is not an admin so no roles should be returned
+        assertFalse(foundRole);
+
+        assertTrue(module.logout());
+        assertEquals("Principals should be gone as the user has logged out", 0, subject.getPrincipals().size());
+    }
+
+    @Test
     public void testBadPassword() throws Exception {
         Properties options = ldapLoginModuleOptions();
         LDAPLoginModule module = new LDAPLoginModule();


Mime
View raw message