tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 21669] New: - JNDIRealm roleBase pattern enahncement
Date Wed, 16 Jul 2003 22:59:25 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21669>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21669

JNDIRealm roleBase pattern enahncement

           Summary: JNDIRealm roleBase pattern enahncement
           Product: Tomcat 4
           Version: 4.1.24
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Enhancement
          Priority: Other
         Component: Catalina
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: art_w@eastpoint.com


Currently the roleBase attribute must be a fxed location in the directory. A 
simple change would allow the role base to be specified relative to the user 
DN. My enhancement suggestion would change the roleBase definition as follows:

roleBase - the base entry for the role search. If not specified, the search 
base is the top level directory context. If specified it may optionally include 
pattern replacements "{0}".."{n}" corrosponding to the name parts of the user's 
distinguished name (as returned by javax.naming.Name.get()).

For example, in the <Realm> defintion in server.xml you could specify the 
roleBase as:

    roleBase="ou=Groups,{1},{0}"

The majority of the code to accomplish this would be in JNDIRealm.getRoles() 
and could look like this:

	String base = null;
	if ( roleBaseFormat != null )
	{
		NameParser np = context.getNameParser("");
		Name name = np.parse(dn);
		String nameParts[] = new String[name.size()];
		for ( int idx = 0 ; idx < name.size() ; idx++ )
			nameParts[idx] = name.get(idx);
       	base = roleBaseFormat.format(nameParts);
	}

        // Perform the configured search and process the results
        if (debug >= 3) {
            log("  Searching role base '" + base + "' for attribute '" +
                roleName + "'");
            log("  With filter expression '" + filter + "'");
        }
        NamingEnumeration results =
            context.search(base, filter, controls);

Thank You,
Art

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message