Bug 21669 - JNDIRealm roleBase pattern enahncement
Summary: JNDIRealm roleBase pattern enahncement
Alias: None
Product: Tomcat 4
Classification: Unclassified
Component: Catalina (show other bugs)
Version: 4.1.24
Hardware: All All
: P3 enhancement (vote)
Target Milestone: ---
Assignee: Tomcat Developers Mailing List
Depends on:
Reported: 2003-07-16 22:59 UTC by art_w
Modified: 2011-02-22 06:48 UTC (History)
0 users


Note You need to log in before you can comment on or make changes to this bug.
Description art_w 2003-07-16 22:59:24 UTC
Currently the roleBase attribute must be a fxed location in the directory. A 
simple change would allow the role base to be specified relative to the user 
DN. My enhancement suggestion would change the roleBase definition as follows:

roleBase - the base entry for the role search. If not specified, the search 
base is the top level directory context. If specified it may optionally include 
pattern replacements "{0}".."{n}" corrosponding to the name parts of the user's 
distinguished name (as returned by javax.naming.Name.get()).

For example, in the <Realm> defintion in server.xml you could specify the 
roleBase as:


The majority of the code to accomplish this would be in JNDIRealm.getRoles() 
and could look like this:

	String base = null;
	if ( roleBaseFormat != null )
		NameParser np = context.getNameParser("");
		Name name = np.parse(dn);
		String nameParts[] = new String[name.size()];
		for ( int idx = 0 ; idx < name.size() ; idx++ )
			nameParts[idx] = name.get(idx);
       	base = roleBaseFormat.format(nameParts);

        // Perform the configured search and process the results
        if (debug >= 3) {
            log("  Searching role base '" + base + "' for attribute '" +
                roleName + "'");
            log("  With filter expression '" + filter + "'");
        NamingEnumeration results =
            context.search(base, filter, controls);

Thank You,
Comment 1 Mark Thomas 2011-02-22 06:48:41 UTC
Thanks for the suggestion. Sorry it took so long to get to.

I have added this feature to 7.0.x and it will be included in 7.0.9 onwards.