View | Details | Raw Unified | Return to bug 48629
Collapse All | Expand All

(-)a/java/org/apache/catalina/realm/JNDIRealm.java (-7 / +9 lines)
Lines 29-35 import java.util.HashSet; Link Here
29
import java.util.Hashtable;
29
import java.util.Hashtable;
30
import java.util.Iterator;
30
import java.util.Iterator;
31
import java.util.List;
31
import java.util.List;
32
import java.util.Map;
32
import java.util.Set;
33
import java.util.Set;
34
import java.util.Map.Entry;
33
35
34
import javax.naming.Context;
36
import javax.naming.Context;
35
import javax.naming.CommunicationException;
37
import javax.naming.CommunicationException;
Lines 1679-1690 public class JNDIRealm extends RealmBase { Link Here
1679
            // Directory Groups". It avoids group slurping and handles cyclic group memberships as well.
1681
            // Directory Groups". It avoids group slurping and handles cyclic group memberships as well.
1680
            // See http://middleware.internet2.edu/dir/ for details
1682
            // See http://middleware.internet2.edu/dir/ for details
1681
1683
1682
            Set<String> newGroupDNs = new HashSet<String>(groupMap.keySet());
1684
            Map<String, String> newGroups = new HashMap<String,String>(groupMap);
1683
            while (!newGroupDNs.isEmpty()) {
1685
            while (!newGroups.isEmpty()) {
1684
                Set<String> newThisRound = new HashSet<String>(); // Stores the groups we find in this iteration
1686
                Map<String, String> newThisRound = new HashMap<String, String>(); // Stores the groups we find in this iteration
1685
1687
1686
                for (String groupDN : newGroupDNs) {
1688
                for (Entry<String, String> group : newGroups.entrySet()) {
1687
                    filter = roleFormat.format(new String[] { groupDN });
1689
                    filter = roleFormat.format(new String[] { group.getKey(), group.getValue() });
1688
1690
1689
                    if (containerLog.isTraceEnabled()) {
1691
                    if (containerLog.isTraceEnabled()) {
1690
                        containerLog.trace("Perform a nested group search with base "+ roleBase + " and filter " + filter);
1692
                        containerLog.trace("Perform a nested group search with base "+ roleBase + " and filter " + filter);
Lines 1702-1708 public class JNDIRealm extends RealmBase { Link Here
1702
                            String name = getAttributeValue(roleName, attrs);
1704
                            String name = getAttributeValue(roleName, attrs);
1703
                            if (name != null && dname != null && !groupMap.keySet().contains(dname)) {
1705
                            if (name != null && dname != null && !groupMap.keySet().contains(dname)) {
1704
                                groupMap.put(dname, name);
1706
                                groupMap.put(dname, name);
1705
                                newThisRound.add(dname);
1707
                                newThisRound.put(dname, name);
1706
1708
1707
                                if (containerLog.isTraceEnabled()) {
1709
                                if (containerLog.isTraceEnabled()) {
1708
                                    containerLog.trace("  Found nested role " + dname + " -> " + name);
1710
                                    containerLog.trace("  Found nested role " + dname + " -> " + name);
Lines 1716-1722 public class JNDIRealm extends RealmBase { Link Here
1716
                    }
1718
                    }
1717
                }
1719
                }
1718
1720
1719
                newGroupDNs = newThisRound;
1721
                newGroups = newThisRound;
1720
            }
1722
            }
1721
        }
1723
        }
1722
1724
(-)a/webapps/docs/realm-howto.xml (+7 lines)
Lines 678-685 find the names of roles associated with the authenticated user:</p> Link Here
678
<li><strong>roleName</strong> - the attribute in a role entry
678
<li><strong>roleName</strong> - the attribute in a role entry
679
     containing the name of that role.</li>
679
     containing the name of that role.</li>
680
680
681
<li><strong>roleNested</strong> - enable nested roles. Set to
682
     <code>true</code> if you want to nest roles in roles. If configured
683
     every newly found roleName and distinguished
684
     Name will be recursively tried for a new role search.
685
     The default value is <code>false</code>.</li>
686
681
</ul>
687
</ul>
682
688
689
683
</li>
690
</li>
684
</ul>
691
</ul>
685
692

Return to bug 48629