karaf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jbono...@apache.org
Subject [1/2] karaf git commit: [KARAF-4989] Improve parsing of role.mapping option in JAAS LDAP Login Module in order to support FQDN
Date Fri, 24 Feb 2017 11:43:43 GMT
Repository: karaf
Updated Branches:
  refs/heads/master 0e03f5cf0 -> 991903641


[KARAF-4989] Improve parsing of role.mapping option in JAAS LDAP Login Module in order to
support FQDN


Project: http://git-wip-us.apache.org/repos/asf/karaf/repo
Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/f18cad5b
Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/f18cad5b
Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/f18cad5b

Branch: refs/heads/master
Commit: f18cad5bf0cd9ab0ca9b6f9995943f4abea5cb40
Parents: 0e03f5c
Author: Andrea Tarocchi <atarocch@redhat.com>
Authored: Thu Feb 16 13:53:06 2017 +0000
Committer: Jean-Baptiste Onofré <jbonofre@apache.org>
Committed: Fri Feb 24 11:10:37 2017 +0100

----------------------------------------------------------------------
 .../karaf/jaas/modules/ldap/LDAPOptions.java    |  6 +--
 .../jaas/modules/ldap/LdapLoginModuleTest.java  | 50 ++++++++++++++++++++
 .../karaf/jaas/modules/ldap/example.com.ldif    |  2 +-
 .../modules/ldap/example.com_with_escapes.ldif  |  1 +
 4 files changed, 55 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/karaf/blob/f18cad5b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPOptions.java
----------------------------------------------------------------------
diff --git a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPOptions.java
b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPOptions.java
index 24c28ad..c0bd75b 100644
--- a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPOptions.java
+++ b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPOptions.java
@@ -125,9 +125,9 @@ public class LDAPOptions {
             LOGGER.debug("Parse role mapping {}", option);
             String[] mappings = option.split(";");
             for (String mapping : mappings) {
-                String[] map = mapping.split("=", 2);
-                String ldapRole = map[0].trim();
-                String[] karafRoles = map[1].split(",");
+                int index = mapping.lastIndexOf("=");
+                String ldapRole = mapping.substring(0,index).trim();
+                String[] karafRoles = mapping.substring(index+1).split(",");
                 if (roleMapping.get(ldapRole) == null) {
                     roleMapping.put(ldapRole, new HashSet<String>());
                 }

http://git-wip-us.apache.org/repos/asf/karaf/blob/f18cad5b/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/ldap/LdapLoginModuleTest.java
----------------------------------------------------------------------
diff --git a/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/ldap/LdapLoginModuleTest.java
b/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/ldap/LdapLoginModuleTest.java
index ff51a31..e93c0dd 100644
--- a/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/ldap/LdapLoginModuleTest.java
+++ b/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/ldap/LdapLoginModuleTest.java
@@ -438,5 +438,55 @@ public class LdapLoginModuleTest extends AbstractLdapTestUnit {
         assertTrue(module.logout());
         assertEquals("Principals should be gone as the user has logged out", 0, subject.getPrincipals().size());
     }
+
+    @Test
+    public void testRoleMappingFqdn() throws Exception {
+        Properties options = ldapLoginModuleOptions();
+        options.put(LDAPOptions.ROLE_MAPPING, "cn=admin,ou=groups,dc=example,dc=com=karaf;cn=admin,ou=mygroups,dc=example,dc=com=another");
+        options.put(LDAPOptions.ROLE_BASE_DN, "ou=groups,dc=example,dc=com");
+        options.put(LDAPOptions.ROLE_SEARCH_SUBTREE, "true");
+        options.put(LDAPOptions.ROLE_FILTER, "(member=%fqdn)");
+        options.put(LDAPOptions.ROLE_NAME_ATTRIBUTE, "description");
+        LDAPLoginModule module = new LDAPLoginModule();
+        CallbackHandler cb = new CallbackHandler() {
+            public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException
{
+                for (Callback cb : callbacks) {
+                    if (cb instanceof NameCallback) {
+                        ((NameCallback) cb).setName("admin");
+                    } else if (cb instanceof PasswordCallback) {
+                        ((PasswordCallback) cb).setPassword("admin123".toCharArray());
+                    }
+                }
+            }
+        };
+        Subject subject = new Subject();
+        module.initialize(subject, cb, null, options);
+
+        assertEquals("Precondition", 0, subject.getPrincipals().size());
+        assertTrue(module.login());
+        assertTrue(module.commit());
+
+        assertEquals(2, subject.getPrincipals().size());
+
+        final List<String> roles = new ArrayList<String>(Arrays.asList("karaf"));
+
+        boolean foundUser = false;
+        boolean foundRole = false;
+        for (Principal principal : subject.getPrincipals()) {
+            if (principal instanceof UserPrincipal) {
+                assertEquals("admin", principal.getName());
+                foundUser = true;
+            } else if (principal instanceof RolePrincipal) {
+                assertTrue(roles.remove(principal.getName()));
+                foundRole = true;
+            }
+        }
+        assertTrue(foundUser);
+        assertTrue(foundRole);
+        assertTrue(roles.isEmpty());
+
+        assertTrue(module.logout());
+        assertEquals("Principals should be gone as the user has logged out", 0, subject.getPrincipals().size());
+    }
 }
             

http://git-wip-us.apache.org/repos/asf/karaf/blob/f18cad5b/jaas/modules/src/test/resources/org/apache/karaf/jaas/modules/ldap/example.com.ldif
----------------------------------------------------------------------
diff --git a/jaas/modules/src/test/resources/org/apache/karaf/jaas/modules/ldap/example.com.ldif
b/jaas/modules/src/test/resources/org/apache/karaf/jaas/modules/ldap/example.com.ldif
index 39fa562..a437f46 100644
--- a/jaas/modules/src/test/resources/org/apache/karaf/jaas/modules/ldap/example.com.ldif
+++ b/jaas/modules/src/test/resources/org/apache/karaf/jaas/modules/ldap/example.com.ldif
@@ -34,6 +34,7 @@ dn: cn=admin,ou=groups,dc=example,dc=com
 objectClass: top
 objectClass: groupOfNames
 cn: admin
+description: cn=admin,ou=groups,dc=example,dc=com
 member: cn=admin,ou=people,dc=example,dc=com
 
 dn: cn=admin,ou=people,dc=example,dc=com
@@ -55,4 +56,3 @@ cn: cheese
 sn: cheese
 uid: cheese
 userPassword: foodie
-

http://git-wip-us.apache.org/repos/asf/karaf/blob/f18cad5b/jaas/modules/src/test/resources/org/apache/karaf/jaas/modules/ldap/example.com_with_escapes.ldif
----------------------------------------------------------------------
diff --git a/jaas/modules/src/test/resources/org/apache/karaf/jaas/modules/ldap/example.com_with_escapes.ldif
b/jaas/modules/src/test/resources/org/apache/karaf/jaas/modules/ldap/example.com_with_escapes.ldif
index 3736aea..2f6cff3 100644
--- a/jaas/modules/src/test/resources/org/apache/karaf/jaas/modules/ldap/example.com_with_escapes.ldif
+++ b/jaas/modules/src/test/resources/org/apache/karaf/jaas/modules/ldap/example.com_with_escapes.ldif
@@ -34,6 +34,7 @@ dn: cn=admin,ou=groups,dc=example,dc=com
 objectClass: top
 objectClass: groupOfNames
 cn: admin
+description: cn=admin,ou=groups,dc=example,dc=com
 member: cn=admin\,\=\+\<\>#\;\\,ou=people,dc=example,dc=com
 
 dn: cn=admin\,\=\+\<\>#\;\\,ou=people,dc=example,dc=com


Mime
View raw message