Bug 46925 - Nested groups in JNDI realm with non-recursive implementation
Summary: Nested groups in JNDI realm with non-recursive implementation
Status: RESOLVED FIXED
Alias: None
Product: Tomcat 6
Classification: Unclassified
Component: Catalina (show other bugs)
Version: unspecified
Hardware: All All
: P2 enhancement (vote)
Target Milestone: default
Assignee: Tomcat Developers Mailing List
URL:
Keywords:
: 40218 (view as bug list)
Depends on:
Blocks:
 
Reported: 2009-03-27 03:58 UTC by Stefan Zoerner
Modified: 2010-03-11 13:09 UTC (History)
1 user (show)



Attachments
Patch which replaced the recursive method with a while loop ("memberOf Algorithm") (9.86 KB, patch)
2009-03-27 03:58 UTC, Stefan Zoerner
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Zoerner 2009-03-27 03:58:28 UTC
Created attachment 23420 [details]
Patch which replaced the recursive method with a while loop ("memberOf Algorithm")

I have modified the method getRoles in org.apache.catalina.realm.JNDIRealm in the trunk in order to use a while loop to detect nested groups (instead of the recursive method currently implemented there).

The algorithm is inspired by the article "Practices in Directory Groups" found here: http://middleware.internet2.edu/dir/groups/internet2-mace-dir-groups-best-practices-200210.htm 
It avoids group slurping and handles cyclic group memberships as well.

Find a patch attached.

Greetings from Amsterdam, Stefan
Comment 1 Rainer Jung 2009-04-27 11:57:02 UTC
Applied to trunk as r769102, thanks for the patch.

I consider proposing backporting most of the JDNIRealm improvements to TC 6 after intensive testing.
Comment 2 Mark Thomas 2010-03-10 14:11:42 UTC
This improvement was added to 6.0.x in 6.0.21 onwards
Comment 3 Konstantin Kolinko 2010-03-11 13:09:57 UTC
*** Bug 40218 has been marked as a duplicate of this bug. ***