ASF Bugzilla – Attachment 6088 Details for
Bug 19444
JNDI Authentication roles must be anonymous accessible
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Diff from version 4.1.24.
JNDIRealm.diff (text/plain), 8.10 KB, created by
art_w
on 2003-04-29 22:01:42 UTC
(
hide
)
Description:
Diff from version 4.1.24.
Filename:
MIME Type:
Creator:
art_w
Created:
2003-04-29 22:01:42 UTC
Size:
8.10 KB
patch
obsolete
>861,864c861 >< // Retrieve user information >< User user = getUser(context, username); >< if (user == null) >< return (null); >--- >> List roles = null; >866,868c863,866 >< // Check the user's credentials >< if (!checkCredentials(context, user, credentials)) >< return (null); >--- >> if ( userPassword == null ) >> { >> // Bind to the directory to authenticate (and obtain roles). >> roles = bindAsUser(context, username, credentials); >870,871c868,870 >< // Search for additional roles >< List roles = getRoles(context, user); >--- >> if ( debug >= 2 ) >> log(sm.getString(((roles != null) ? "jndiRealm.authenticateSuccess" : "jndiRealm.authenticateFailure"), >> username)); >872a872,901 >> if ( roles == null ) >> return(null); >> } >> else >> { >> // Retrieve user information >> User user = getUser(context, username); >> if (user == null) >> return (null); >> >> boolean validated = compareCredentials(context, user, credentials); >> >> if (debug >= 2) { >> if (validated) { >> log(sm.getString("jndiRealm.authenticateSuccess", >> user.username)); >> } else { >> log(sm.getString("jndiRealm.authenticateFailure", >> user.username)); >> } >> } >> >> // Check the user's credentials >> if (!validated) >> return (null); >> >> // Search for additional roles >> roles = getRoles(context, user); >> } >> >1073,1114d1101 >< * Check whether the given User can be authenticated with the >< * given credentials. If the <code>userPassword</code> >< * configuration attribute is specified, the credentials >< * previously retrieved from the directory are compared explicitly >< * with those presented by the user. Otherwise the presented >< * credentials are checked by binding to the directory as the >< * user. >< * >< * @param context The directory context >< * @param user The User to be authenticated >< * @param credentials The credentials presented by the user >< * >< * @exception NamingException if a directory server error occurs >< */ >< protected boolean checkCredentials(DirContext context, >< User user, >< String credentials) >< throws NamingException { >< >< boolean validated = false; >< >< if (userPassword == null) { >< validated = bindAsUser(context, user, credentials); >< } else { >< validated = compareCredentials(context, user, credentials); >< } >< >< if (debug >= 2) { >< if (validated) { >< log(sm.getString("jndiRealm.authenticateSuccess", >< user.username)); >< } else { >< log(sm.getString("jndiRealm.authenticateFailure", >< user.username)); >< } >< } >< return (validated); >< } >< >< >< >< /** >1153c1140,1144 >< * Check credentials by binding to the directory as the user >--- >> * Return a List of roles associated with the given User. Any >> * roles present in the user's directory entry are supplemented by >> * a directory search. If no roles are associated with this user, >> * a zero-length List is returned. If the user is not validated, >> * returns <code>null</code>. >1156,1157c1147,1149 >< * @param user The User to be authenticated >< * @param credentials Authentication credentials >--- >> * @param username Username of the Principal to look up >> * @param credentials Password or other credentials to use in >> * authenticating this username >1161,1165c1153,1156 >< protected boolean bindAsUser(DirContext context, >< User user, >< String credentials) >< throws NamingException { >< Attributes attr; >--- >> protected List bindAsUser(DirContext context, >> String username, >> String credentials) >> throws NamingException { >1167,1170c1158,1233 >< if (credentials == null || user == null) >< return (false); >< >< String dn = user.dn; >--- >> if (username == null || username.equals("") >> || credentials == null || credentials.equals("")) >> return (null); >> >> ArrayList roles = null; >> >> // Bind to the directory to authenticate and obtain roles. >> >> String dn = null; >> >> // Use pattern or search for user entry >> if (userPatternFormat != null) { >> if (debug >= 2) >> log("lookupUser(" + username + ")"); >> >> // Form the dn from the user pattern >> dn = userPatternFormat.format(new String[] { username }); >> if (debug >= 3) { >> log(" dn=" + dn); >> } >> } else { >> if (userSearchFormat == null) >> return (null); >> >> // Form the search filter >> String filter = userSearchFormat.format(new String[] { username }); >> >> // Set up the search controls >> SearchControls constraints = new SearchControls(); >> >> if (userSubtree) { >> constraints.setSearchScope(SearchControls.SUBTREE_SCOPE); >> } >> else { >> constraints.setSearchScope(SearchControls.ONELEVEL_SCOPE); >> } >> constraints.setReturningAttributes(new String[0]); >> >> if (debug > 3) { >> log(" Searching for " + username); >> log(" base: " + userBase + " filter: " + filter); >> } >> >> NamingEnumeration results = >> context.search(userBase, filter, constraints); >> >> // Fail if no entries found >> if (results == null || !results.hasMore()) { >> if (debug > 2) { >> log(" username not found"); >> } >> return(null); >> } >> >> // Get result for the first entry found >> SearchResult result = (SearchResult)results.next(); >> >> // Check no further entries were found >> if (results.hasMore()) { >> log("username " + username + " has multiple entries"); >> return (null); >> } >> >> // Get the entry's distinguished name >> NameParser parser = context.getNameParser(""); >> Name contextName = parser.parse(context.getNameInNamespace()); >> Name baseName = parser.parse(userBase); >> Name entryName = parser.parse(result.getName()); >> Name name = contextName.addAll(baseName); >> name = name.addAll(entryName); >> dn = name.toString(); >> >> if (debug > 2) >> log(" entry found for " + username + " with dn " + dn); >> } >> >1172c1235 >< return (false); >--- >> return (null); >1184d1246 >< boolean validated = false; >1189,1190c1251,1270 >< attr = context.getAttributes("", null); >< validated = true; >--- >> ArrayList list = new ArrayList(); >> if (userRoleName != null) >> list.add(userRoleName); >> String[] attrIds = new String[list.size()]; >> list.toArray(attrIds); >> >> Attributes attrs = context.getAttributes("", attrIds); >> if (attrs != null) >> { >> // Retrieve values of userRoleName attribute >> if (userRoleName != null) >> roles = addAttributeValues(userRoleName, attrs, roles); >> } >> >> // Search for additional roles. >> roles = (ArrayList)getRoles(context, new User(username, dn, null, roles)); >> >> // To indicate success roles must be non-null. >> if ( roles == null ) >> roles = new ArrayList(); >1197c1277 >< >--- >> >1213,1214c1293,1294 >< return (validated); >< } >--- >> return (roles); >> }
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=6088">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 19444
:
6087
| 6088