Repository: karaf Updated Branches: refs/heads/karaf-4.0.x 0addcfd89 -> 59f6fa9e9
KARAF-4637 - LDAPLoginModule - Added option to trim usernames Project: http://git-wip-us.apache.org/repos/asf/karaf/repo Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/59f6fa9e Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/59f6fa9e Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/59f6fa9e Branch: refs/heads/karaf-4.0.x Commit: 59f6fa9e9ec4bbbb68891733b97705322f031d75 Parents: 0addcfd Author: Paolo Antinori <[email protected]> Authored: Wed Jul 27 11:38:53 2016 +0200 Committer: Andrea Cosentino <[email protected]> Committed: Thu Jul 28 10:19:06 2016 +0200 ---------------------------------------------------------------------- .../jaas/modules/ldap/LDAPLoginModule.java | 5 +++ .../karaf/jaas/modules/ldap/LDAPOptions.java | 5 +++ .../jaas/modules/ldap/LdapLoginModuleTest.java | 44 ++++++++++++++++++++ 3 files changed, 54 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/karaf/blob/59f6fa9e/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java ---------------------------------------------------------------------- diff --git a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java index f8743c6..6d759e1 100644 --- a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java +++ b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java @@ -80,6 +80,11 @@ public class LDAPLoginModule extends AbstractKarafLoginModule { // valid password (because if authentication = none, the password could be any // value - it is ignored). LDAPOptions options = new LDAPOptions(this.options); + if(options.isUsernameTrim()){ + if(user != null){ + user = user.trim(); + } + } String authentication = options.getAuthentication(); if ("none".equals(authentication) && (user != null || tmpPassword != null)) { logger.debug("Changing from authentication = none to simple since user or password was specified."); http://git-wip-us.apache.org/repos/asf/karaf/blob/59f6fa9e/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPOptions.java ---------------------------------------------------------------------- diff --git a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPOptions.java b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPOptions.java index de7d8fb..912ce2f 100644 --- a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPOptions.java +++ b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPOptions.java @@ -55,6 +55,7 @@ public class LDAPOptions { public static final String SSL_KEYALIAS = "ssl.keyalias"; public static final String SSL_TRUSTSTORE = "ssl.truststore"; public static final String SSL_TIMEOUT = "ssl.timeout"; + public static final String USERNAMES_TRIM = "usernames.trim"; public static final String DEFAULT_INITIAL_CONTEXT_FACTORY = "com.sun.jndi.ldap.LdapCtxFactory"; public static final String DEFAULT_AUTHENTICATION = "simple"; public static final int DEFAULT_SSL_TIMEOUT = 10; @@ -81,6 +82,10 @@ public class LDAPOptions { return options.hashCode(); } + public boolean isUsernameTrim() { + return Boolean.parseBoolean((String) options.get(USERNAMES_TRIM)); + } + public String getUserFilter() { return (String) options.get(USER_FILTER); } http://git-wip-us.apache.org/repos/asf/karaf/blob/59f6fa9e/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/ldap/LdapLoginModuleTest.java ---------------------------------------------------------------------- diff --git a/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/ldap/LdapLoginModuleTest.java b/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/ldap/LdapLoginModuleTest.java index 307aae5..2c11915 100644 --- a/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/ldap/LdapLoginModuleTest.java +++ b/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/ldap/LdapLoginModuleTest.java @@ -184,6 +184,50 @@ public class LdapLoginModuleTest extends AbstractLdapTestUnit { } @Test + public void testTrimmedUsernameLogin() throws Exception { + Properties options = ldapLoginModuleOptions(); + options.put("usernames.trim", "true"); + LDAPLoginModule module = new LDAPLoginModule(); + CallbackHandler cb = new CallbackHandler() { + public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { + for (Callback cb : callbacks) { + if (cb instanceof NameCallback) { + ((NameCallback) cb).setName("cheese "); + } else if (cb instanceof PasswordCallback) { + ((PasswordCallback) cb).setPassword("foodie".toCharArray()); + } + } + } + }; + Subject subject = new Subject(); + module.initialize(subject, cb, null, options); + + assertEquals("Precondition", 0, subject.getPrincipals().size()); + assertTrue(module.login()); + assertTrue(module.commit()); + + assertEquals(1, subject.getPrincipals().size()); + + boolean foundUser = false; + boolean foundRole = false; + for (Principal pr : subject.getPrincipals()) { + if (pr instanceof UserPrincipal) { + assertEquals("cheese", pr.getName()); + foundUser = true; + } else if (pr instanceof RolePrincipal) { + assertEquals("admin", pr.getName()); + foundRole = true; + } + } + assertTrue(foundUser); + // cheese is not an admin so no roles should be returned + assertFalse(foundRole); + + assertTrue(module.logout()); + assertEquals("Principals should be gone as the user has logged out", 0, subject.getPrincipals().size()); + } + + @Test public void testBadPassword() throws Exception { Properties options = ldapLoginModuleOptions(); LDAPLoginModule module = new LDAPLoginModule();
