karaf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jbono...@apache.org
Subject karaf git commit: [KARAF-4871] LDAPLoginModule allows non defined role filter. Thanks to Colm O hEigeartaigh.
Date Thu, 01 Dec 2016 14:46:17 GMT
Repository: karaf
Updated Branches:
  refs/heads/master f08248feb -> 7eea1ff73


[KARAF-4871] LDAPLoginModule allows non defined role filter. Thanks to Colm O hEigeartaigh.


Project: http://git-wip-us.apache.org/repos/asf/karaf/repo
Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/7eea1ff7
Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/7eea1ff7
Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/7eea1ff7

Branch: refs/heads/master
Commit: 7eea1ff73ca667db6505c38d2dcf29c9048dcaec
Parents: f08248f
Author: Jean-Baptiste Onofré <jbonofre@apache.org>
Authored: Thu Dec 1 15:44:06 2016 +0100
Committer: Jean-Baptiste Onofré <jbonofre@apache.org>
Committed: Thu Dec 1 15:44:06 2016 +0100

----------------------------------------------------------------------
 .../karaf/jaas/modules/ldap/LDAPCache.java      | 87 +++++++++++---------
 1 file changed, 47 insertions(+), 40 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/karaf/blob/7eea1ff7/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPCache.java
----------------------------------------------------------------------
diff --git a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPCache.java
b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPCache.java
index 203eb66..f80af8c 100644
--- a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPCache.java
+++ b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPCache.java
@@ -124,11 +124,13 @@ public class LDAPCache implements Closeable, NamespaceChangeListener,
ObjectChan
             eventContext.addNamingListener(options.getUserBaseDn(), filter, constraints,
this);
 
             filter = options.getRoleFilter();
-            filter = filter.replaceAll(Pattern.quote("%u"), Matcher.quoteReplacement("*"));
-            filter = filter.replaceAll(Pattern.quote("%dn"), Matcher.quoteReplacement("*"));
-            filter = filter.replaceAll(Pattern.quote("%fqdn"), Matcher.quoteReplacement("*"));
-            filter = filter.replace("\\", "\\\\");
-            eventContext.addNamingListener(options.getRoleBaseDn(), filter, constraints,
this);
+            if (filter != null) {
+                filter = filter.replaceAll(Pattern.quote("%u"), Matcher.quoteReplacement("*"));
+                filter = filter.replaceAll(Pattern.quote("%dn"), Matcher.quoteReplacement("*"));
+                filter = filter.replaceAll(Pattern.quote("%fqdn"), Matcher.quoteReplacement("*"));
+                filter = filter.replace("\\", "\\\\");
+                eventContext.addNamingListener(options.getRoleBaseDn(), filter, constraints,
this);
+            }
         }
 
         return context;
@@ -238,50 +240,55 @@ public class LDAPCache implements Closeable, NamespaceChangeListener,
ObjectChan
         }
 
         String filter = options.getRoleFilter();
-        filter = filter.replaceAll(Pattern.quote("%u"), Matcher.quoteReplacement(user));
-        filter = filter.replaceAll(Pattern.quote("%dn"), Matcher.quoteReplacement(userDn));
-        filter = filter.replaceAll(Pattern.quote("%fqdn"), Matcher.quoteReplacement(userDnNamespace));
-        filter = filter.replace("\\", "\\\\");
+        if (filter != null) {
+            filter = filter.replaceAll(Pattern.quote("%u"), Matcher.quoteReplacement(user));
+            filter = filter.replaceAll(Pattern.quote("%dn"), Matcher.quoteReplacement(userDn));
+            filter = filter.replaceAll(Pattern.quote("%fqdn"), Matcher.quoteReplacement(userDnNamespace));
+            filter = filter.replace("\\", "\\\\");
 
-        LOGGER.debug("Looking for the user roles in LDAP with ");
-        LOGGER.debug("  base DN: " + options.getRoleBaseDn());
-        LOGGER.debug("  filter: " + filter);
+            LOGGER.debug("Looking for the user roles in LDAP with ");
+            LOGGER.debug("  base DN: " + options.getRoleBaseDn());
+            LOGGER.debug("  filter: " + filter);
 
-        NamingEnumeration namingEnumeration = context.search(options.getRoleBaseDn(), filter,
controls);
-        try {
-            List<String> rolesList = new ArrayList<>();
-            while (namingEnumeration.hasMore()) {
-                SearchResult result = (SearchResult) namingEnumeration.next();
-                Attributes attributes = result.getAttributes();
-                Attribute roles1 = attributes.get(options.getRoleNameAttribute());
-                if (roles1 != null) {
-                    for (int i = 0; i < roles1.size(); i++) {
-                        String role = (String) roles1.get(i);
-                        if (role != null) {
-                            LOGGER.debug("User {} is a member of role {}", user, role);
-                            // handle role mapping
-                            Set<String> roleMappings = tryMappingRole(role);
-                            if (roleMappings.isEmpty()) {
-                                rolesList.add(role);
-                            } else {
-                                for (String roleMapped : roleMappings) {
-                                    rolesList.add(roleMapped);
+            NamingEnumeration namingEnumeration = context.search(options.getRoleBaseDn(),
filter, controls);
+            try {
+                List<String> rolesList = new ArrayList<>();
+                while (namingEnumeration.hasMore()) {
+                    SearchResult result = (SearchResult) namingEnumeration.next();
+                    Attributes attributes = result.getAttributes();
+                    Attribute roles1 = attributes.get(options.getRoleNameAttribute());
+                    if (roles1 != null) {
+                        for (int i = 0; i < roles1.size(); i++) {
+                            String role = (String) roles1.get(i);
+                            if (role != null) {
+                                LOGGER.debug("User {} is a member of role {}", user, role);
+                                // handle role mapping
+                                Set<String> roleMappings = tryMappingRole(role);
+                                if (roleMappings.isEmpty()) {
+                                    rolesList.add(role);
+                                } else {
+                                    for (String roleMapped : roleMappings) {
+                                        rolesList.add(roleMapped);
+                                    }
                                 }
                             }
                         }
                     }
-                }
 
-            }
-            return rolesList.toArray(new String[rolesList.size()]);
-        } finally {
-            if (namingEnumeration != null) {
-                try {
-                    namingEnumeration.close();
-                } catch (NamingException e) {
-                    // Ignore
+                }
+                return rolesList.toArray(new String[rolesList.size()]);
+            } finally {
+                if (namingEnumeration != null) {
+                    try {
+                        namingEnumeration.close();
+                    } catch (NamingException e) {
+                        // Ignore
+                    }
                 }
             }
+        } else {
+            LOGGER.debug("The user role filter is null so no roles are retrieved");
+            return new String[] {};
         }
     }
 


Mime
View raw message