--- file_not_specified_in_diff
+++ file_not_specified_in_diff
@@ -861,4 +861,1 @@
- // Retrieve user information
- User user = getUser(context, username);
- if (user == null)
- return (null);
---
+ List roles = null;
@@ -866,3 +863,4 @@
- // Check the user's credentials
- if (!checkCredentials(context, user, credentials))
- return (null);
---
+ if ( userPassword == null )
+ {
+ // Bind to the directory to authenticate (and obtain roles).
+ roles = bindAsUser(context, username, credentials);
@@ -870,2 +868,3 @@
- // Search for additional roles
- List roles = getRoles(context, user);
---
+ if ( debug >= 2 )
+ log(sm.getString(((roles != null) ? "jndiRealm.authenticateSuccess" : "jndiRealm.authenticateFailure"),
+ username));
@@ -873,0 +872,30 @@
+ if ( roles == null )
+ return(null);
+ }
+ else
+ {
+ // Retrieve user information
+ User user = getUser(context, username);
+ if (user == null)
+ return (null);
+
+ boolean validated = compareCredentials(context, user, credentials);
+
+ if (debug >= 2) {
+ if (validated) {
+ log(sm.getString("jndiRealm.authenticateSuccess",
+ user.username));
+ } else {
+ log(sm.getString("jndiRealm.authenticateFailure",
+ user.username));
+ }
+ }
+
+ // Check the user's credentials
+ if (!validated)
+ return (null);
+
+ // Search for additional roles
+ roles = getRoles(context, user);
+ }
+
@@ -1073,42 +1102,0 @@
- * Check whether the given User can be authenticated with the
- * given credentials. If the userPassword
- * configuration attribute is specified, the credentials
- * previously retrieved from the directory are compared explicitly
- * with those presented by the user. Otherwise the presented
- * credentials are checked by binding to the directory as the
- * user.
- *
- * @param context The directory context
- * @param user The User to be authenticated
- * @param credentials The credentials presented by the user
- *
- * @exception NamingException if a directory server error occurs
- */
- protected boolean checkCredentials(DirContext context,
- User user,
- String credentials)
- throws NamingException {
-
- boolean validated = false;
-
- if (userPassword == null) {
- validated = bindAsUser(context, user, credentials);
- } else {
- validated = compareCredentials(context, user, credentials);
- }
-
- if (debug >= 2) {
- if (validated) {
- log(sm.getString("jndiRealm.authenticateSuccess",
- user.username));
- } else {
- log(sm.getString("jndiRealm.authenticateFailure",
- user.username));
- }
- }
- return (validated);
- }
-
-
-
- /**
@@ -1153,1 +1140,5 @@
- * Check credentials by binding to the directory as the user
---
+ * Return a List of roles associated with the given User. Any
+ * roles present in the user's directory entry are supplemented by
+ * a directory search. If no roles are associated with this user,
+ * a zero-length List is returned. If the user is not validated,
+ * returns null
.
@@ -1156,2 +1147,3 @@
- * @param user The User to be authenticated
- * @param credentials Authentication credentials
---
+ * @param username Username of the Principal to look up
+ * @param credentials Password or other credentials to use in
+ * authenticating this username
@@ -1161,5 +1153,4 @@
- protected boolean bindAsUser(DirContext context,
- User user,
- String credentials)
- throws NamingException {
- Attributes attr;
---
+ protected List bindAsUser(DirContext context,
+ String username,
+ String credentials)
+ throws NamingException {
@@ -1167,4 +1158,76 @@
- if (credentials == null || user == null)
- return (false);
-
- String dn = user.dn;
---
+ if (username == null || username.equals("")
+ || credentials == null || credentials.equals(""))
+ return (null);
+
+ ArrayList roles = null;
+
+ // Bind to the directory to authenticate and obtain roles.
+
+ String dn = null;
+
+ // Use pattern or search for user entry
+ if (userPatternFormat != null) {
+ if (debug >= 2)
+ log("lookupUser(" + username + ")");
+
+ // Form the dn from the user pattern
+ dn = userPatternFormat.format(new String[] { username });
+ if (debug >= 3) {
+ log(" dn=" + dn);
+ }
+ } else {
+ if (userSearchFormat == null)
+ return (null);
+
+ // Form the search filter
+ String filter = userSearchFormat.format(new String[] { username });
+
+ // Set up the search controls
+ SearchControls constraints = new SearchControls();
+
+ if (userSubtree) {
+ constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
+ }
+ else {
+ constraints.setSearchScope(SearchControls.ONELEVEL_SCOPE);
+ }
+ constraints.setReturningAttributes(new String[0]);
+
+ if (debug > 3) {
+ log(" Searching for " + username);
+ log(" base: " + userBase + " filter: " + filter);
+ }
+
+ NamingEnumeration results =
+ context.search(userBase, filter, constraints);
+
+ // Fail if no entries found
+ if (results == null || !results.hasMore()) {
+ if (debug > 2) {
+ log(" username not found");
+ }
+ return(null);
+ }
+
+ // Get result for the first entry found
+ SearchResult result = (SearchResult)results.next();
+
+ // Check no further entries were found
+ if (results.hasMore()) {
+ log("username " + username + " has multiple entries");
+ return (null);
+ }
+
+ // Get the entry's distinguished name
+ NameParser parser = context.getNameParser("");
+ Name contextName = parser.parse(context.getNameInNamespace());
+ Name baseName = parser.parse(userBase);
+ Name entryName = parser.parse(result.getName());
+ Name name = contextName.addAll(baseName);
+ name = name.addAll(entryName);
+ dn = name.toString();
+
+ if (debug > 2)
+ log(" entry found for " + username + " with dn " + dn);
+ }
+
@@ -1172,1 +1235,1 @@
- return (false);
---
+ return (null);
@@ -1184,1 +1247,0 @@
- boolean validated = false;
@@ -1189,2 +1251,20 @@
- attr = context.getAttributes("", null);
- validated = true;
---
+ ArrayList list = new ArrayList();
+ if (userRoleName != null)
+ list.add(userRoleName);
+ String[] attrIds = new String[list.size()];
+ list.toArray(attrIds);
+
+ Attributes attrs = context.getAttributes("", attrIds);
+ if (attrs != null)
+ {
+ // Retrieve values of userRoleName attribute
+ if (userRoleName != null)
+ roles = addAttributeValues(userRoleName, attrs, roles);
+ }
+
+ // Search for additional roles.
+ roles = (ArrayList)getRoles(context, new User(username, dn, null, roles));
+
+ // To indicate success roles must be non-null.
+ if ( roles == null )
+ roles = new ArrayList();
@@ -1197,1 +1277,1 @@
-
---
+
@@ -1213,2 +1293,2 @@
- return (validated);
- }
---
+ return (roles);
+ }