Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 73B13200BD4 for ; Thu, 1 Dec 2016 15:46:39 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id 724B0160B0F; Thu, 1 Dec 2016 14:46:39 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 90CA3160B0B for ; Thu, 1 Dec 2016 15:46:38 +0100 (CET) Received: (qmail 19004 invoked by uid 500); 1 Dec 2016 14:46:37 -0000 Mailing-List: contact commits-help@karaf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@karaf.apache.org Delivered-To: mailing list commits@karaf.apache.org Received: (qmail 18995 invoked by uid 99); 1 Dec 2016 14:46:37 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 01 Dec 2016 14:46:37 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id A9127E09CD; Thu, 1 Dec 2016 14:46:37 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: jbonofre@apache.org To: commits@karaf.apache.org Message-Id: <9e802d4e229e440d98f62503927f6c0f@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: karaf git commit: [KARAF-4871] LDAPLoginModule allows non defined role filter. Thanks to Colm O hEigeartaigh. Date: Thu, 1 Dec 2016 14:46:37 +0000 (UTC) archived-at: Thu, 01 Dec 2016 14:46:39 -0000 Repository: karaf Updated Branches: refs/heads/karaf-4.0.x 48b067cde -> 69b067608 [KARAF-4871] LDAPLoginModule allows non defined role filter. Thanks to Colm O hEigeartaigh. Project: http://git-wip-us.apache.org/repos/asf/karaf/repo Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/69b06760 Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/69b06760 Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/69b06760 Branch: refs/heads/karaf-4.0.x Commit: 69b06760856948e23b9cba7589de99c41ae6f85b Parents: 48b067c Author: Jean-Baptiste Onofré Authored: Thu Dec 1 15:44:06 2016 +0100 Committer: Jean-Baptiste Onofré Committed: Thu Dec 1 15:46:30 2016 +0100 ---------------------------------------------------------------------- .../karaf/jaas/modules/ldap/LDAPCache.java | 87 +++++++++++--------- 1 file changed, 47 insertions(+), 40 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/karaf/blob/69b06760/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPCache.java ---------------------------------------------------------------------- diff --git a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPCache.java b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPCache.java index 203eb66..f80af8c 100644 --- a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPCache.java +++ b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPCache.java @@ -124,11 +124,13 @@ public class LDAPCache implements Closeable, NamespaceChangeListener, ObjectChan eventContext.addNamingListener(options.getUserBaseDn(), filter, constraints, this); filter = options.getRoleFilter(); - filter = filter.replaceAll(Pattern.quote("%u"), Matcher.quoteReplacement("*")); - filter = filter.replaceAll(Pattern.quote("%dn"), Matcher.quoteReplacement("*")); - filter = filter.replaceAll(Pattern.quote("%fqdn"), Matcher.quoteReplacement("*")); - filter = filter.replace("\\", "\\\\"); - eventContext.addNamingListener(options.getRoleBaseDn(), filter, constraints, this); + if (filter != null) { + filter = filter.replaceAll(Pattern.quote("%u"), Matcher.quoteReplacement("*")); + filter = filter.replaceAll(Pattern.quote("%dn"), Matcher.quoteReplacement("*")); + filter = filter.replaceAll(Pattern.quote("%fqdn"), Matcher.quoteReplacement("*")); + filter = filter.replace("\\", "\\\\"); + eventContext.addNamingListener(options.getRoleBaseDn(), filter, constraints, this); + } } return context; @@ -238,50 +240,55 @@ public class LDAPCache implements Closeable, NamespaceChangeListener, ObjectChan } String filter = options.getRoleFilter(); - filter = filter.replaceAll(Pattern.quote("%u"), Matcher.quoteReplacement(user)); - filter = filter.replaceAll(Pattern.quote("%dn"), Matcher.quoteReplacement(userDn)); - filter = filter.replaceAll(Pattern.quote("%fqdn"), Matcher.quoteReplacement(userDnNamespace)); - filter = filter.replace("\\", "\\\\"); + if (filter != null) { + filter = filter.replaceAll(Pattern.quote("%u"), Matcher.quoteReplacement(user)); + filter = filter.replaceAll(Pattern.quote("%dn"), Matcher.quoteReplacement(userDn)); + filter = filter.replaceAll(Pattern.quote("%fqdn"), Matcher.quoteReplacement(userDnNamespace)); + filter = filter.replace("\\", "\\\\"); - LOGGER.debug("Looking for the user roles in LDAP with "); - LOGGER.debug(" base DN: " + options.getRoleBaseDn()); - LOGGER.debug(" filter: " + filter); + LOGGER.debug("Looking for the user roles in LDAP with "); + LOGGER.debug(" base DN: " + options.getRoleBaseDn()); + LOGGER.debug(" filter: " + filter); - NamingEnumeration namingEnumeration = context.search(options.getRoleBaseDn(), filter, controls); - try { - List rolesList = new ArrayList<>(); - while (namingEnumeration.hasMore()) { - SearchResult result = (SearchResult) namingEnumeration.next(); - Attributes attributes = result.getAttributes(); - Attribute roles1 = attributes.get(options.getRoleNameAttribute()); - if (roles1 != null) { - for (int i = 0; i < roles1.size(); i++) { - String role = (String) roles1.get(i); - if (role != null) { - LOGGER.debug("User {} is a member of role {}", user, role); - // handle role mapping - Set roleMappings = tryMappingRole(role); - if (roleMappings.isEmpty()) { - rolesList.add(role); - } else { - for (String roleMapped : roleMappings) { - rolesList.add(roleMapped); + NamingEnumeration namingEnumeration = context.search(options.getRoleBaseDn(), filter, controls); + try { + List rolesList = new ArrayList<>(); + while (namingEnumeration.hasMore()) { + SearchResult result = (SearchResult) namingEnumeration.next(); + Attributes attributes = result.getAttributes(); + Attribute roles1 = attributes.get(options.getRoleNameAttribute()); + if (roles1 != null) { + for (int i = 0; i < roles1.size(); i++) { + String role = (String) roles1.get(i); + if (role != null) { + LOGGER.debug("User {} is a member of role {}", user, role); + // handle role mapping + Set roleMappings = tryMappingRole(role); + if (roleMappings.isEmpty()) { + rolesList.add(role); + } else { + for (String roleMapped : roleMappings) { + rolesList.add(roleMapped); + } } } } } - } - } - return rolesList.toArray(new String[rolesList.size()]); - } finally { - if (namingEnumeration != null) { - try { - namingEnumeration.close(); - } catch (NamingException e) { - // Ignore + } + return rolesList.toArray(new String[rolesList.size()]); + } finally { + if (namingEnumeration != null) { + try { + namingEnumeration.close(); + } catch (NamingException e) { + // Ignore + } } } + } else { + LOGGER.debug("The user role filter is null so no roles are retrieved"); + return new String[] {}; } }