This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 0f544f1b9a8f686346135a3cc8765c3179a6af2b
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Tue Apr 13 16:01:13 2021 +0100
Code alignment with 8.5.x - no functional change
---
java/org/apache/catalina/realm/JNDIRealm.java | 718 +++++++++++---------------
1 file changed, 307 insertions(+), 411 deletions(-)
diff --git a/java/org/apache/catalina/realm/JNDIRealm.java
b/java/org/apache/catalina/realm/JNDIRealm.java
index aef4053..a9032cf 100644
--- a/java/org/apache/catalina/realm/JNDIRealm.java
+++ b/java/org/apache/catalina/realm/JNDIRealm.java
@@ -183,7 +183,6 @@ import org.ietf.jgss.GSSName;
*/
public class JNDIRealm extends RealmBase {
-
// ----------------------------------------------------- Instance Variables
/**
@@ -196,13 +195,11 @@ public class JNDIRealm extends RealmBase {
*/
protected String connectionName = null;
-
/**
* The connection password for the server we will contact.
*/
protected String connectionPassword = null;
-
/**
* The connection URL for the server we will contact.
*/
@@ -222,7 +219,6 @@ public class JNDIRealm extends RealmBase {
*/
protected String contextFactory = "com.sun.jndi.ldap.LdapCtxFactory";
-
/**
* How aliases should be dereferenced during search operations.
*/
@@ -237,13 +233,13 @@ public class JNDIRealm extends RealmBase {
/**
* Descriptive information about this Realm implementation.
*/
- protected static final String info =
- "org.apache.catalina.realm.JNDIRealm/1.0";
-
+ protected static final String info =
"org.apache.catalina.realm.JNDIRealm/1.0";
/**
* Descriptive information about this Realm implementation.
+ * @deprecated This will be removed in Tomcat 9 onwards.
*/
+ @Deprecated
protected static final String name = "JNDIRealm";
@@ -253,7 +249,6 @@ public class JNDIRealm extends RealmBase {
*/
protected String protocol = null;
-
/**
* Should we ignore PartialResultExceptions when iterating over
NamingEnumerations?
* Microsoft Active Directory often returns referrals, which lead
@@ -263,7 +258,6 @@ public class JNDIRealm extends RealmBase {
*/
protected boolean adCompat = false;
-
/**
* How should we handle referrals? Microsoft Active Directory often
returns
* referrals. If you need to follow them set referrals to "follow".
@@ -272,20 +266,17 @@ public class JNDIRealm extends RealmBase {
*/
protected String referrals = null;
-
/**
* The base element for user searches.
*/
protected String userBase = "";
-
/**
* The message format used to search for a user, with "{0}" marking
* the spot where the username goes.
*/
protected String userSearch = null;
-
/**
* When searching for users, should the search be performed as the user
* currently being authenticated? If false, {@link #connectionName} and
@@ -294,7 +285,6 @@ public class JNDIRealm extends RealmBase {
*/
private boolean userSearchAsUser = false;
-
/**
* The MessageFormat object associated with the current
* <code>userSearch</code>.
@@ -307,7 +297,6 @@ public class JNDIRealm extends RealmBase {
*/
protected boolean userSubtree = false;
-
/**
* The attribute name used to retrieve the user password.
*/
@@ -321,7 +310,6 @@ public class JNDIRealm extends RealmBase {
*/
protected String userRoleAttribute = null;
-
/**
* A string of LDAP user patterns or paths, ":"-separated
* These will be used to form the distinguished name of a
@@ -332,7 +320,6 @@ public class JNDIRealm extends RealmBase {
*/
protected String[] userPatternArray = null;
-
/**
* The message format used to form the distinguished name of a
* user, with "{0}" marking the spot where the specified username
@@ -340,7 +327,6 @@ public class JNDIRealm extends RealmBase {
*/
protected String userPattern = null;
-
/**
* An array of MessageFormat objects associated with the current
* <code>userPatternArray</code>.
@@ -352,34 +338,29 @@ public class JNDIRealm extends RealmBase {
*/
protected String roleBase = "";
-
/**
* The MessageFormat object associated with the current
* <code>roleBase</code>.
*/
protected MessageFormat roleBaseFormat = null;
-
/**
* The MessageFormat object associated with the current
* <code>roleSearch</code>.
*/
protected MessageFormat roleFormat = null;
-
/**
* The name of an attribute in the user's entry containing
* roles for that user
*/
protected String userRoleName = null;
-
/**
* The name of the attribute containing roles held elsewhere
*/
protected String roleName = null;
-
/**
* The message format used to select roles for a user, with "{0}" marking
* the spot where the distinguished name of the user goes. The "{1}"
@@ -387,7 +368,6 @@ public class JNDIRealm extends RealmBase {
*/
protected String roleSearch = null;
-
/**
* Should we search the entire subtree for matching memberships?
*/
@@ -422,7 +402,6 @@ public class JNDIRealm extends RealmBase {
*/
protected String commonRole = null;
-
/**
* The timeout, in milliseconds, to use when trying to create a connection
* to the directory. The default is 5000 (5 seconds).
@@ -447,14 +426,12 @@ public class JNDIRealm extends RealmBase {
*/
protected int timeLimit = 0;
-
/**
* Should delegated credentials from the SPNEGO authenticator be used if
* available
*/
protected boolean useDelegatedCredential = true;
-
/**
* The QOP that should be used for the connection to the LDAP server after
* authentication. This value is used to set the
@@ -519,37 +496,35 @@ public class JNDIRealm extends RealmBase {
return forceDnHexEscape;
}
+
public void setForceDnHexEscape(boolean forceDnHexEscape) {
this.forceDnHexEscape = forceDnHexEscape;
}
+
/**
* @return the type of authentication to use.
*/
public String getAuthentication() {
-
return authentication;
-
}
+
/**
* Set the type of authentication to use.
*
* @param authentication The authentication
*/
public void setAuthentication(String authentication) {
-
this.authentication = authentication;
-
}
+
/**
* @return the connection username for this Realm.
*/
public String getConnectionName() {
-
return this.connectionName;
-
}
@@ -559,9 +534,7 @@ public class JNDIRealm extends RealmBase {
* @param connectionName The new connection username
*/
public void setConnectionName(String connectionName) {
-
this.connectionName = connectionName;
-
}
@@ -569,9 +542,7 @@ public class JNDIRealm extends RealmBase {
* @return the connection password for this Realm.
*/
public String getConnectionPassword() {
-
return this.connectionPassword;
-
}
@@ -581,9 +552,7 @@ public class JNDIRealm extends RealmBase {
* @param connectionPassword The new connection password
*/
public void setConnectionPassword(String connectionPassword) {
-
this.connectionPassword = connectionPassword;
-
}
@@ -591,9 +560,7 @@ public class JNDIRealm extends RealmBase {
* @return the connection URL for this Realm.
*/
public String getConnectionURL() {
-
return this.connectionURL;
-
}
@@ -603,9 +570,7 @@ public class JNDIRealm extends RealmBase {
* @param connectionURL The new connection URL
*/
public void setConnectionURL(String connectionURL) {
-
this.connectionURL = connectionURL;
-
}
@@ -613,9 +578,7 @@ public class JNDIRealm extends RealmBase {
* @return the JNDI context factory for this Realm.
*/
public String getContextFactory() {
-
return this.contextFactory;
-
}
@@ -625,11 +588,10 @@ public class JNDIRealm extends RealmBase {
* @param contextFactory The new context factory
*/
public void setContextFactory(String contextFactory) {
-
this.contextFactory = contextFactory;
-
}
+
/**
* @return the derefAliases setting to be used.
*/
@@ -637,33 +599,32 @@ public class JNDIRealm extends RealmBase {
return derefAliases;
}
+
/**
* Set the value for derefAliases to be used when searching the directory.
*
* @param derefAliases New value of property derefAliases.
*/
public void setDerefAliases(java.lang.String derefAliases) {
- this.derefAliases = derefAliases;
+ this.derefAliases = derefAliases;
}
+
/**
* @return the protocol to be used.
*/
public String getProtocol() {
-
return protocol;
-
}
+
/**
* Set the protocol for this Realm.
*
* @param protocol The new protocol.
*/
public void setProtocol(String protocol) {
-
this.protocol = protocol;
-
}
@@ -707,9 +668,7 @@ public class JNDIRealm extends RealmBase {
* @return the base element for user searches.
*/
public String getUserBase() {
-
return this.userBase;
-
}
@@ -719,9 +678,7 @@ public class JNDIRealm extends RealmBase {
* @param userBase The new base element
*/
public void setUserBase(String userBase) {
-
this.userBase = userBase;
-
}
@@ -729,9 +686,7 @@ public class JNDIRealm extends RealmBase {
* @return the message format pattern for selecting users in this Realm.
*/
public String getUserSearch() {
-
return this.userSearch;
-
}
@@ -741,13 +696,12 @@ public class JNDIRealm extends RealmBase {
* @param userSearch The new user search pattern
*/
public void setUserSearch(String userSearch) {
-
this.userSearch = userSearch;
- if (userSearch == null)
+ if (userSearch == null) {
userSearchFormat = null;
- else
+ } else {
userSearchFormat = new MessageFormat(userSearch);
-
+ }
}
@@ -765,9 +719,7 @@ public class JNDIRealm extends RealmBase {
* @return the "search subtree for users" flag.
*/
public boolean getUserSubtree() {
-
return this.userSubtree;
-
}
@@ -777,9 +729,7 @@ public class JNDIRealm extends RealmBase {
* @param userSubtree The new search flag
*/
public void setUserSubtree(boolean userSubtree) {
-
this.userSubtree = userSubtree;
-
}
@@ -787,7 +737,6 @@ public class JNDIRealm extends RealmBase {
* @return the user role name attribute name for this Realm.
*/
public String getUserRoleName() {
-
return userRoleName;
}
@@ -798,9 +747,7 @@ public class JNDIRealm extends RealmBase {
* @param userRoleName The new userRole name attribute name
*/
public void setUserRoleName(String userRoleName) {
-
this.userRoleName = userRoleName;
-
}
@@ -808,9 +755,7 @@ public class JNDIRealm extends RealmBase {
* @return the base element for role searches.
*/
public String getRoleBase() {
-
return this.roleBase;
-
}
@@ -820,13 +765,12 @@ public class JNDIRealm extends RealmBase {
* @param roleBase The new base element
*/
public void setRoleBase(String roleBase) {
-
this.roleBase = roleBase;
- if (roleBase == null)
+ if (roleBase == null) {
roleBaseFormat = null;
- else
+ } else {
roleBaseFormat = new MessageFormat(roleBase);
-
+ }
}
@@ -834,9 +778,7 @@ public class JNDIRealm extends RealmBase {
* @return the role name attribute name for this Realm.
*/
public String getRoleName() {
-
return this.roleName;
-
}
@@ -846,9 +788,7 @@ public class JNDIRealm extends RealmBase {
* @param roleName The new role name attribute name
*/
public void setRoleName(String roleName) {
-
this.roleName = roleName;
-
}
@@ -856,9 +796,7 @@ public class JNDIRealm extends RealmBase {
* @return the message format pattern for selecting roles in this Realm.
*/
public String getRoleSearch() {
-
return this.roleSearch;
-
}
@@ -868,13 +806,12 @@ public class JNDIRealm extends RealmBase {
* @param roleSearch The new role search pattern
*/
public void setRoleSearch(String roleSearch) {
-
this.roleSearch = roleSearch;
- if (roleSearch == null)
+ if (roleSearch == null) {
roleFormat = null;
- else
+ } else {
roleFormat = new MessageFormat(roleSearch);
-
+ }
}
@@ -892,9 +829,7 @@ public class JNDIRealm extends RealmBase {
* @return the "search subtree for roles" flag.
*/
public boolean getRoleSubtree() {
-
return this.roleSubtree;
-
}
@@ -904,18 +839,15 @@ public class JNDIRealm extends RealmBase {
* @param roleSubtree The new search flag
*/
public void setRoleSubtree(boolean roleSubtree) {
-
this.roleSubtree = roleSubtree;
-
}
+
/**
* @return the "The nested group search flag" flag.
*/
public boolean getRoleNested() {
-
return this.roleNested;
-
}
@@ -925,9 +857,7 @@ public class JNDIRealm extends RealmBase {
* @param roleNested The nested group search flag
*/
public void setRoleNested(boolean roleNested) {
-
this.roleNested = roleNested;
-
}
@@ -935,9 +865,7 @@ public class JNDIRealm extends RealmBase {
* @return the password attribute used to retrieve the user password.
*/
public String getUserPassword() {
-
return this.userPassword;
-
}
@@ -947,9 +875,7 @@ public class JNDIRealm extends RealmBase {
* @param userPassword The new password attribute
*/
public void setUserPassword(String userPassword) {
-
this.userPassword = userPassword;
-
}
@@ -957,6 +883,7 @@ public class JNDIRealm extends RealmBase {
return userRoleAttribute;
}
+
public void setUserRoleAttribute(String userRoleAttribute) {
this.userRoleAttribute = userRoleAttribute;
}
@@ -965,14 +892,10 @@ public class JNDIRealm extends RealmBase {
* @return the message format pattern for selecting users in this Realm.
*/
public String getUserPattern() {
-
return this.userPattern;
-
}
-
-
/**
* Set the message format pattern for selecting users in this Realm.
* This may be one simple pattern, or multiple patterns to be tried,
@@ -984,11 +907,10 @@ public class JNDIRealm extends RealmBase {
* @param userPattern The new user pattern
*/
public void setUserPattern(String userPattern) {
-
this.userPattern = userPattern;
- if (userPattern == null)
+ if (userPattern == null) {
userPatternArray = null;
- else {
+ } else {
userPatternArray = parseUserPatternString(userPattern);
int len = this.userPatternArray.length;
userPatternFormatArray = new MessageFormat[len];
@@ -1006,9 +928,7 @@ public class JNDIRealm extends RealmBase {
* @return Value of property alternateURL.
*/
public String getAlternateURL() {
-
return this.alternateURL;
-
}
@@ -1018,9 +938,7 @@ public class JNDIRealm extends RealmBase {
* @param alternateURL New value of property alternateURL.
*/
public void setAlternateURL(String alternateURL) {
-
this.alternateURL = alternateURL;
-
}
@@ -1028,9 +946,7 @@ public class JNDIRealm extends RealmBase {
* @return the common role
*/
public String getCommonRole() {
-
return commonRole;
-
}
@@ -1040,9 +956,7 @@ public class JNDIRealm extends RealmBase {
* @param commonRole The common role
*/
public void setCommonRole(String commonRole) {
-
this.commonRole = commonRole;
-
}
@@ -1050,9 +964,7 @@ public class JNDIRealm extends RealmBase {
* @return the connection timeout.
*/
public String getConnectionTimeout() {
-
return connectionTimeout;
-
}
@@ -1062,18 +974,15 @@ public class JNDIRealm extends RealmBase {
* @param timeout The new connection timeout
*/
public void setConnectionTimeout(String timeout) {
-
this.connectionTimeout = timeout;
-
}
+
/**
* @return the read timeout.
*/
public String getReadTimeout() {
-
return readTimeout;
-
}
@@ -1083,9 +992,7 @@ public class JNDIRealm extends RealmBase {
* @param timeout The new read timeout
*/
public void setReadTimeout(String timeout) {
-
this.readTimeout = timeout;
-
}
@@ -1113,6 +1020,7 @@ public class JNDIRealm extends RealmBase {
return useDelegatedCredential;
}
+
public void setUseDelegatedCredential(boolean useDelegatedCredential) {
this.useDelegatedCredential = useDelegatedCredential;
}
@@ -1122,6 +1030,7 @@ public class JNDIRealm extends RealmBase {
return spnegoDelegationQop;
}
+
public void setSpnegoDelegationQop(String spnegoDelegationQop) {
this.spnegoDelegationQop = spnegoDelegationQop;
}
@@ -1145,6 +1054,7 @@ public class JNDIRealm extends RealmBase {
return useStartTls;
}
+
/**
* Flag whether StartTLS should be used when connecting to the ldap server
*
@@ -1156,6 +1066,7 @@ public class JNDIRealm extends RealmBase {
this.useStartTls = useStartTls;
}
+
/**
* @return list of the allowed cipher suites when connections are made
using
* StartTLS
@@ -1175,6 +1086,7 @@ public class JNDIRealm extends RealmBase {
return this.cipherSuitesArray;
}
+
/**
* Set the allowed cipher suites when opening a connection using StartTLS.
* The cipher suites are expected as a comma separated list.
@@ -1198,6 +1110,7 @@ public class JNDIRealm extends RealmBase {
return this.hostnameVerifier.getClass().getCanonicalName();
}
+
/**
* Set the {@link HostnameVerifier} to be used when opening connections
* using StartTLS. An instance of the given class name will be constructed
@@ -1214,6 +1127,7 @@ public class JNDIRealm extends RealmBase {
}
}
+
/**
* @return the {@link HostnameVerifier} to use for peer certificate
* verification when opening connections using StartTLS.
@@ -1222,8 +1136,7 @@ public class JNDIRealm extends RealmBase {
if (this.hostnameVerifier != null) {
return this.hostnameVerifier;
}
- if (this.hostNameVerifierClassName == null
- || hostNameVerifierClassName.equals("")) {
+ if (this.hostNameVerifierClassName == null ||
hostNameVerifierClassName.equals("")) {
return null;
}
try {
@@ -1267,6 +1180,7 @@ public class JNDIRealm extends RealmBase {
}
}
+
/**
* Set the {@link SSLSocketFactory} to be used when opening connections
* using StartTLS. An instance of the factory with the given name will be
@@ -1280,6 +1194,7 @@ public class JNDIRealm extends RealmBase {
this.sslSocketFactoryClassName = factoryClassName;
}
+
/**
* Set the ssl protocol to be used for connections using StartTLS.
*
@@ -1290,6 +1205,7 @@ public class JNDIRealm extends RealmBase {
this.sslProtocol = protocol;
}
+
/**
* @return the list of supported ssl protocols by the default
* {@link SSLContext}
@@ -1303,6 +1219,7 @@ public class JNDIRealm extends RealmBase {
}
}
+
private Object constructInstance(String className)
throws ClassNotFoundException, InstantiationException,
IllegalAccessException, IllegalArgumentException,
SecurityException, InvocationTargetException, NoSuchMethodException {
@@ -1310,6 +1227,7 @@ public class JNDIRealm extends RealmBase {
return clazz.getConstructor().newInstance();
}
+
// ---------------------------------------------------------- Realm Methods
/**
@@ -1337,10 +1255,11 @@ public class JNDIRealm extends RealmBase {
// Ensure that we have a directory context available
context = open();
- // Occasionally the directory context will timeout. Try one more
- // time before giving up.
try {
+ // Occasionally the directory context will timeout. Try one
more
+ // time before giving up.
+
// Authenticate the specified username if possible
principal = authenticate(context, username, credentials);
@@ -1378,8 +1297,9 @@ public class JNDIRealm extends RealmBase {
containerLog.info(sm.getString("jndiRealm.exception.retry"),
e);
// close the connection so we know it will be reopened.
- if (context != null)
+ if (context != null) {
close(context);
+ }
// open a new directory context.
context = open();
@@ -1400,26 +1320,20 @@ public class JNDIRealm extends RealmBase {
// Log the problem for posterity
containerLog.error(sm.getString("jndiRealm.exception"), e);
- // Close the connection so that it gets reopened next time
- if (context != null)
+ // close the connection so we know it will be reopened.
+ if (context != null) {
close(context);
+ }
// Return "not authenticated" for this request
- if (containerLog.isDebugEnabled())
+ if (containerLog.isDebugEnabled()) {
containerLog.debug("Returning null principal.");
+ }
return null;
-
}
-
}
- // -------------------------------------------------------- Package Methods
-
-
- // ------------------------------------------------------ Protected Methods
-
-
/**
* Return the Principal associated with the specified username and
* credentials, if there is one; otherwise return <code>null</code>.
@@ -1432,22 +1346,18 @@ public class JNDIRealm extends RealmBase {
*
* @exception NamingException if a directory server error occurs
*/
- public synchronized Principal authenticate(DirContext context,
- String username,
- String credentials)
+ public synchronized Principal authenticate(DirContext context, String
username, String credentials)
throws NamingException {
- if (username == null || username.equals("")
- || credentials == null || credentials.equals("")) {
- if (containerLog.isDebugEnabled())
+ if (username == null || username.equals("") || credentials == null ||
credentials.equals("")) {
+ if (containerLog.isDebugEnabled()) {
containerLog.debug("username null or empty: returning null
principal.");
+ }
return null;
}
if (userPatternArray != null) {
- for (int curUserPattern = 0;
- curUserPattern < userPatternFormatArray.length;
- curUserPattern++) {
+ for (int curUserPattern = 0; curUserPattern <
userPatternFormatArray.length; curUserPattern++) {
// Retrieve user information
User user = getUser(context, username, credentials,
curUserPattern);
if (user != null) {
@@ -1475,12 +1385,14 @@ public class JNDIRealm extends RealmBase {
} else {
// Retrieve user information
User user = getUser(context, username, credentials);
- if (user == null)
+ if (user == null) {
return null;
+ }
// Check the user's credentials
- if (!checkCredentials(context, user, credentials))
+ if (!checkCredentials(context, user, credentials)) {
return null;
+ }
// Search for additional roles
List<String> roles = getRoles(context, user);
@@ -1494,6 +1406,8 @@ public class JNDIRealm extends RealmBase {
}
+ // ------------------------------------------------------ Protected Methods
+
/**
* Return a User object containing information about the user
* with the specified username, if found in the directory;
@@ -1506,9 +1420,7 @@ public class JNDIRealm extends RealmBase {
*
* @see #getUser(DirContext, String, String, int)
*/
- protected User getUser(DirContext context, String username)
- throws NamingException {
-
+ protected User getUser(DirContext context, String username) throws
NamingException {
return getUser(context, username, null, -1);
}
@@ -1526,9 +1438,7 @@ public class JNDIRealm extends RealmBase {
*
* @see #getUser(DirContext, String, String, int)
*/
- protected User getUser(DirContext context, String username, String
credentials)
- throws NamingException {
-
+ protected User getUser(DirContext context, String username, String
credentials) throws NamingException {
return getUser(context, username, credentials, -1);
}
@@ -1551,18 +1461,19 @@ public class JNDIRealm extends RealmBase {
* @return the User object
* @exception NamingException if a directory server error occurs
*/
- protected User getUser(DirContext context, String username,
- String credentials, int curUserPattern)
- throws NamingException {
+ protected User getUser(DirContext context, String username, String
credentials, int curUserPattern)
+ throws NamingException {
User user = null;
// Get attributes to retrieve from user entry
- ArrayList<String> list = new ArrayList<String>();
- if (userPassword != null)
+ List<String> list = new ArrayList<String>();
+ if (userPassword != null) {
list.add(userPassword);
- if (userRoleName != null)
+ }
+ if (userRoleName != null) {
list.add(userRoleName);
+ }
if (userRoleAttribute != null) {
list.add(userRoleAttribute);
}
@@ -1594,8 +1505,7 @@ public class JNDIRealm extends RealmBase {
if (userPassword == null && credentials != null && user != null) {
// The password is available. Insert it since it may be required
for
// role searches.
- return new User(user.getUserName(), user.getDN(), credentials,
- user.getRoles(), user.getUserRoleId());
+ return new User(user.getUserName(), user.getDN(), credentials,
user.getRoles(), user.getUserRoleId());
}
return user;
@@ -1615,11 +1525,8 @@ public class JNDIRealm extends RealmBase {
* @return the User object
* @exception NamingException if a directory server error occurs
*/
- protected User getUserByPattern(DirContext context,
- String username,
- String[] attrIds,
- String dn)
- throws NamingException {
+ protected User getUserByPattern(DirContext context, String username,
String[] attrIds, String dn)
+ throws NamingException {
// If no attributes are requested, no need to look for them
if (attrIds == null || attrIds.length == 0) {
@@ -1633,13 +1540,15 @@ public class JNDIRealm extends RealmBase {
} catch (NameNotFoundException e) {
return null;
}
- if (attrs == null)
+ if (attrs == null) {
return null;
+ }
// Retrieve value of userPassword
String password = null;
- if (userPassword != null)
+ if (userPassword != null) {
password = getAttributeValue(userPassword, attrs);
+ }
String userRoleAttrValue = null;
if (userRoleAttribute != null) {
@@ -1648,8 +1557,9 @@ public class JNDIRealm extends RealmBase {
// Retrieve values of userRoleName attribute
ArrayList<String> roles = null;
- if (userRoleName != null)
+ if (userRoleName != null) {
roles = addAttributeValues(userRoleName, attrs, roles);
+ }
return new User(username, dn, password, roles, userRoleAttrValue);
}
@@ -1670,17 +1580,14 @@ public class JNDIRealm extends RealmBase {
* @exception NamingException if a directory server error occurs
* @see #getUserByPattern(DirContext, String, String[], String)
*/
- protected User getUserByPattern(DirContext context,
- String username,
- String credentials,
- String[] attrIds,
- int curUserPattern)
- throws NamingException {
+ protected User getUserByPattern(DirContext context, String username,
String credentials, String[] attrIds,
+ int curUserPattern) throws NamingException {
User user = null;
- if (username == null || userPatternFormatArray[curUserPattern] == null)
+ if (username == null || userPatternFormatArray[curUserPattern] ==
null) {
return null;
+ }
// Form the dn from the user pattern
String dn = userPatternFormatArray[curUserPattern].format(new String[]
{ username });
@@ -1715,13 +1622,12 @@ public class JNDIRealm extends RealmBase {
* @return the User object
* @exception NamingException if a directory server error occurs
*/
- protected User getUserBySearch(DirContext context,
- String username,
- String[] attrIds)
- throws NamingException {
+ protected User getUserBySearch(DirContext context, String username,
String[] attrIds)
+ throws NamingException {
- if (username == null || userSearchFormat == null)
+ if (username == null || userSearchFormat == null) {
return null;
+ }
// Form the search filter
String filter = userSearchFormat.format(new String[] { username });
@@ -1739,12 +1645,12 @@ public class JNDIRealm extends RealmBase {
constraints.setTimeLimit(timeLimit);
// Specify the attributes to be retrieved
- if (attrIds == null)
+ if (attrIds == null) {
attrIds = new String[0];
+ }
constraints.setReturningAttributes(attrIds);
- NamingEnumeration<SearchResult> results =
- context.search(userBase, filter, constraints);
+ NamingEnumeration<SearchResult> results = context.search(userBase,
filter, constraints);
try {
// Fail if no entries found
@@ -1753,10 +1659,11 @@ public class JNDIRealm extends RealmBase {
return null;
}
} catch (PartialResultException ex) {
- if (!adCompat)
+ if (!adCompat) {
throw ex;
- else
+ } else {
return null;
+ }
}
// Get result for the first entry found
@@ -1765,29 +1672,34 @@ public class JNDIRealm extends RealmBase {
// Check no further entries were found
try {
if (results.hasMore()) {
- if(containerLog.isInfoEnabled())
+ if (containerLog.isInfoEnabled()) {
containerLog.info("username " + username + " has
multiple entries");
+ }
return null;
}
} catch (PartialResultException ex) {
- if (!adCompat)
+ if (!adCompat) {
throw ex;
+ }
}
String dn = getDistinguishedName(context, userBase, result);
- if (containerLog.isTraceEnabled())
+ if (containerLog.isTraceEnabled()) {
containerLog.trace(" entry found for " + username + " with dn
" + dn);
+ }
// Get the entry's attributes
Attributes attrs = result.getAttributes();
- if (attrs == null)
+ if (attrs == null) {
return null;
+ }
// Retrieve value of userPassword
String password = null;
- if (userPassword != null)
+ if (userPassword != null) {
password = getAttributeValue(userPassword, attrs);
+ }
String userRoleAttrValue = null;
if (userRoleAttribute != null) {
@@ -1796,8 +1708,9 @@ public class JNDIRealm extends RealmBase {
// Retrieve values of userRoleName attribute
ArrayList<String> roles = null;
- if (userRoleName != null)
+ if (userRoleName != null) {
roles = addAttributeValues(userRoleName, attrs, roles);
+ }
return new User(username, dn, password, roles, userRoleAttrValue);
} finally {
@@ -1823,30 +1736,25 @@ public class JNDIRealm extends RealmBase {
* @return <code>true</code> if the credentials are validated
* @exception NamingException if a directory server error occurs
*/
- protected boolean checkCredentials(DirContext context,
- User user,
- String credentials)
- throws NamingException {
+ protected boolean checkCredentials(DirContext context, User user, String
credentials) throws NamingException {
- boolean validated = false;
+ boolean validated = false;
- if (userPassword == null) {
- validated = bindAsUser(context, user, credentials);
- } else {
- validated = compareCredentials(context, user, credentials);
- }
+ if (userPassword == null) {
+ validated = bindAsUser(context, user, credentials);
+ } else {
+ validated = compareCredentials(context, user, credentials);
+ }
- if (containerLog.isTraceEnabled()) {
- if (validated) {
-
containerLog.trace(sm.getString("jndiRealm.authenticateSuccess",
- user.getUserName()));
- } else {
-
containerLog.trace(sm.getString("jndiRealm.authenticateFailure",
- user.getUserName()));
- }
- }
- return validated;
- }
+ if (containerLog.isTraceEnabled()) {
+ if (validated) {
+
containerLog.trace(sm.getString("jndiRealm.authenticateSuccess",
user.getUserName()));
+ } else {
+
containerLog.trace(sm.getString("jndiRealm.authenticateFailure",
user.getUserName()));
+ }
+ }
+ return validated;
+ }
/**
@@ -1859,17 +1767,15 @@ public class JNDIRealm extends RealmBase {
* @return <code>true</code> if the credentials are validated
* @exception NamingException if a directory server error occurs
*/
- protected boolean compareCredentials(DirContext context,
- User info,
- String credentials)
- throws NamingException {
-
+ protected boolean compareCredentials(DirContext context, User info, String
credentials) throws NamingException {
// Validate the credentials specified by the user
- if (containerLog.isTraceEnabled())
+ if (containerLog.isTraceEnabled()) {
containerLog.trace(" validating credentials");
+ }
- if (info == null || credentials == null)
+ if (info == null || credentials == null) {
return false;
+ }
String password = info.getPassword();
@@ -1886,21 +1792,20 @@ public class JNDIRealm extends RealmBase {
* @return <code>true</code> if the credentials are validated
* @exception NamingException if a directory server error occurs
*/
- protected boolean bindAsUser(DirContext context,
- User user,
- String credentials)
- throws NamingException {
+ protected boolean bindAsUser(DirContext context, User user, String
credentials) throws NamingException {
- if (credentials == null || user == null)
- return false;
+ if (credentials == null || user == null) {
+ return false;
+ }
- String dn = user.getDN();
- if (dn == null)
- return false;
+ String dn = user.getDN();
+ if (dn == null) {
+ return false;
+ }
- // Validate the credentials specified by the user
- if (containerLog.isTraceEnabled()) {
- containerLog.trace(" validating credentials by binding as the
user");
+ // Validate the credentials specified by the user
+ if (containerLog.isTraceEnabled()) {
+ containerLog.trace(" validating credentials by binding as the
user");
}
userCredentialsAdd(context, dn, credentials);
@@ -1925,48 +1830,47 @@ public class JNDIRealm extends RealmBase {
return validated;
}
- /**
- * Configure the context to use the provided credentials for
- * authentication.
- *
- * @param context DirContext to configure
- * @param dn Distinguished name of user
- * @param credentials Credentials of user
- * @exception NamingException if a directory server error occurs
- */
- private void userCredentialsAdd(DirContext context, String dn,
- String credentials) throws NamingException {
+
+ /**
+ * Configure the context to use the provided credentials for
+ * authentication.
+ *
+ * @param context DirContext to configure
+ * @param dn Distinguished name of user
+ * @param credentials Credentials of user
+ * @exception NamingException if a directory server error occurs
+ */
+ private void userCredentialsAdd(DirContext context, String dn, String
credentials) throws NamingException {
// Set up security environment to bind as the user
context.addToEnvironment(Context.SECURITY_PRINCIPAL, dn);
context.addToEnvironment(Context.SECURITY_CREDENTIALS, credentials);
}
+
/**
* Configure the context to use {@link #connectionName} and
* {@link #connectionPassword} if specified or an anonymous connection if
* those attributes are not specified.
*
- * @param context DirContext to configure
- * @exception NamingException if a directory server error occurs
+ * @param context DirContext to configure
+ * @exception NamingException if a directory server error occurs
*/
- private void userCredentialsRemove(DirContext context)
- throws NamingException {
+ private void userCredentialsRemove(DirContext context) throws
NamingException {
// Restore the original security environment
if (connectionName != null) {
- context.addToEnvironment(Context.SECURITY_PRINCIPAL,
- connectionName);
+ context.addToEnvironment(Context.SECURITY_PRINCIPAL,
connectionName);
} else {
context.removeFromEnvironment(Context.SECURITY_PRINCIPAL);
}
if (connectionPassword != null) {
- context.addToEnvironment(Context.SECURITY_CREDENTIALS,
- connectionPassword);
+ context.addToEnvironment(Context.SECURITY_CREDENTIALS,
connectionPassword);
} else {
context.removeFromEnvironment(Context.SECURITY_CREDENTIALS);
}
}
+
/**
* Return a List of roles associated with the given User. Any
* roles present in the user's directory entry are supplemented by
@@ -1978,21 +1882,23 @@ public class JNDIRealm extends RealmBase {
* @return the list of role names
* @exception NamingException if a directory server error occurs
*/
- protected List<String> getRoles(DirContext context, User user)
- throws NamingException {
+ protected List<String> getRoles(DirContext context, User user) throws
NamingException {
- if (user == null)
+ if (user == null) {
return null;
+ }
String dn = user.getDN();
String username = user.getUserName();
String userRoleId = user.getUserRoleId();
- if (dn == null || username == null)
+ if (dn == null || username == null) {
return null;
+ }
- if (containerLog.isTraceEnabled())
+ if (containerLog.isTraceEnabled()) {
containerLog.trace(" getRoles(" + dn + ")");
+ }
// Start with roles retrieved from the user entry
List<String> list = new ArrayList<String>();
@@ -2000,8 +1906,9 @@ public class JNDIRealm extends RealmBase {
if (userRoles != null) {
list.addAll(userRoles);
}
- if (commonRole != null)
+ if (commonRole != null) {
list.add(commonRole);
+ }
if (containerLog.isTraceEnabled()) {
containerLog.trace(" Found " + list.size() + " user internal
roles");
@@ -2009,16 +1916,18 @@ public class JNDIRealm extends RealmBase {
}
// Are we configured to do role searches?
- if ((roleFormat == null) || (roleName == null))
+ if ((roleFormat == null) || (roleName == null)) {
return list;
+ }
// Set up parameters for an appropriate search
String filter = roleFormat.format(new String[] {
doRFC2254Encoding(dn), username, userRoleId });
SearchControls controls = new SearchControls();
- if (roleSubtree)
+ if (roleSubtree) {
controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
- else
+ } else {
controls.setSearchScope(SearchControls.ONELEVEL_SCOPE);
+ }
controls.setReturningAttributes(new String[] {roleName});
String base = null;
@@ -2038,16 +1947,18 @@ public class JNDIRealm extends RealmBase {
NamingEnumeration<SearchResult> results = searchAsUser(context, user,
base, filter, controls,
isRoleSearchAsUser());
- if (results == null)
+ if (results == null) {
return list; // Should never happen, but just in case ...
+ }
- HashMap<String, String> groupMap = new HashMap<String, String>();
+ Map<String, String> groupMap = new HashMap<String, String>();
try {
while (results.hasMore()) {
SearchResult result = results.next();
Attributes attrs = result.getAttributes();
- if (attrs == null)
+ if (attrs == null) {
continue;
+ }
String dname = getDistinguishedName(context, roleBase, result);
String name = getAttributeValue(roleName, attrs);
if (name != null && dname != null) {
@@ -2055,8 +1966,9 @@ public class JNDIRealm extends RealmBase {
}
}
} catch (PartialResultException ex) {
- if (!adCompat)
+ if (!adCompat) {
throw ex;
+ }
} finally {
results.close();
}
@@ -2088,15 +2000,15 @@ public class JNDIRealm extends RealmBase {
containerLog.trace("Perform a nested group search with
base "+ roleBase + " and filter " + filter);
}
- results = searchAsUser(context, user, roleBase, filter,
controls,
- isRoleSearchAsUser());
+ results = searchAsUser(context, user, roleBase, filter,
controls, isRoleSearchAsUser());
try {
while (results.hasMore()) {
SearchResult result = results.next();
Attributes attrs = result.getAttributes();
- if (attrs == null)
+ if (attrs == null) {
continue;
+ }
String dname = getDistinguishedName(context,
roleBase, result);
String name = getAttributeValue(roleName, attrs);
if (name != null && dname != null &&
!groupMap.keySet().contains(dname)) {
@@ -2106,12 +2018,12 @@ public class JNDIRealm extends RealmBase {
if (containerLog.isTraceEnabled()) {
containerLog.trace(" Found nested role "
+ dname + " -> " + name);
}
-
}
- }
+ }
} catch (PartialResultException ex) {
- if (!adCompat)
+ if (!adCompat) {
throw ex;
+ }
} finally {
results.close();
}
@@ -2125,6 +2037,7 @@ public class JNDIRealm extends RealmBase {
return list;
}
+
/**
* Perform the search on the context as the {@code dn}, when
* {@code searchAsUser} is {@code true}, otherwise search the context with
@@ -2147,8 +2060,7 @@ public class JNDIRealm extends RealmBase {
* @throws NamingException
* if a directory server error occurs
*/
- private NamingEnumeration<SearchResult> searchAsUser(DirContext context,
- User user, String base, String filter,
+ private NamingEnumeration<SearchResult> searchAsUser(DirContext context,
User user, String base, String filter,
SearchControls controls, boolean searchAsUser) throws
NamingException {
NamingEnumeration<SearchResult> results;
try {
@@ -2173,26 +2085,30 @@ public class JNDIRealm extends RealmBase {
* @return the attribute value
* @exception NamingException if a directory server error occurs
*/
- private String getAttributeValue(String attrId, Attributes attrs)
- throws NamingException {
+ private String getAttributeValue(String attrId, Attributes attrs) throws
NamingException {
- if (containerLog.isTraceEnabled())
+ if (containerLog.isTraceEnabled()) {
containerLog.trace(" retrieving attribute " + attrId);
+ }
- if (attrId == null || attrs == null)
+ if (attrId == null || attrs == null) {
return null;
+ }
Attribute attr = attrs.get(attrId);
- if (attr == null)
+ if (attr == null) {
return null;
+ }
Object value = attr.get();
- if (value == null)
+ if (value == null) {
return null;
+ }
String valueString = null;
- if (value instanceof byte[])
+ if (value instanceof byte[]) {
valueString = new String((byte[]) value);
- else
+ } else {
valueString = value.toString();
+ }
return valueString;
}
@@ -2207,20 +2123,22 @@ public class JNDIRealm extends RealmBase {
* @return the list of attribute values
* @exception NamingException if a directory server error occurs
*/
- private ArrayList<String> addAttributeValues(String attrId,
- Attributes attrs,
- ArrayList<String> values)
- throws NamingException{
+ private ArrayList<String> addAttributeValues(String attrId, Attributes
attrs, ArrayList<String> values)
+ throws NamingException {
- if (containerLog.isTraceEnabled())
+ if (containerLog.isTraceEnabled()) {
containerLog.trace(" retrieving values for attribute " + attrId);
- if (attrId == null || attrs == null)
+ }
+ if (attrId == null || attrs == null) {
return values;
- if (values == null)
+ }
+ if (values == null) {
values = new ArrayList<String>();
+ }
Attribute attr = attrs.get(attrId);
- if (attr == null)
+ if (attr == null) {
return values;
+ }
NamingEnumeration<?> e = attr.getAll();
try {
while(e.hasMore()) {
@@ -2228,8 +2146,9 @@ public class JNDIRealm extends RealmBase {
values.add(value);
}
} catch (PartialResultException ex) {
- if (!adCompat)
+ if (!adCompat) {
throw ex;
+ }
} finally {
e.close();
}
@@ -2245,8 +2164,9 @@ public class JNDIRealm extends RealmBase {
protected void close(DirContext context) {
// Do nothing if there is no opened connection
- if (context == null)
+ if (context == null) {
return;
+ }
// Close tls startResponse if used
if (tls != null) {
@@ -2258,14 +2178,14 @@ public class JNDIRealm extends RealmBase {
}
// Close our opened connection
try {
- if (containerLog.isDebugEnabled())
+ if (containerLog.isDebugEnabled()) {
containerLog.debug("Closing directory context");
+ }
context.close();
} catch (NamingException e) {
containerLog.error(sm.getString("jndiRealm.close"), e);
}
this.context = null;
-
}
@@ -2299,9 +2219,9 @@ public class JNDIRealm extends RealmBase {
} catch (NamingException e) {
return null;
}
-
}
+
/**
* Get the principal associated with the specified certificate.
* @param username The user name
@@ -2312,9 +2232,9 @@ public class JNDIRealm extends RealmBase {
return getPrincipal(username, null);
}
+
@Override
- protected Principal getPrincipal(GSSName gssName,
- GSSCredential gssCredential) {
+ protected Principal getPrincipal(GSSName gssName, GSSCredential
gssCredential) {
String name = gssName.toString();
if (isStripRealmForGss()) {
@@ -2328,15 +2248,14 @@ public class JNDIRealm extends RealmBase {
return getPrincipal(name, gssCredential);
}
+
@Override
- protected Principal getPrincipal(String username,
- GSSCredential gssCredential) {
+ protected Principal getPrincipal(String username, GSSCredential
gssCredential) {
DirContext context = null;
Principal principal = null;
try {
-
// Ensure that we have a directory context available
context = open();
@@ -2353,8 +2272,9 @@ public class JNDIRealm extends RealmBase {
containerLog.info(sm.getString("jndiRealm.exception.retry"),
e);
// close the connection so we know it will be reopened.
- if (context != null)
+ if (context != null) {
close(context);
+ }
// open a new directory context.
context = open();
@@ -2368,8 +2288,9 @@ public class JNDIRealm extends RealmBase {
containerLog.info(sm.getString("jndiRealm.exception.retry"),
e);
// close the connection so we know it will be reopened.
- if (context != null)
+ if (context != null) {
close(context);
+ }
// open a new directory context.
context = open();
@@ -2379,7 +2300,6 @@ public class JNDIRealm extends RealmBase {
}
-
// Release this context
release(context);
@@ -2387,7 +2307,6 @@ public class JNDIRealm extends RealmBase {
return principal;
} catch (NamingException e) {
-
// Log the problem for posterity
containerLog.error(sm.getString("jndiRealm.exception"), e);
@@ -2397,10 +2316,7 @@ public class JNDIRealm extends RealmBase {
// Return "not authenticated" for this request
return null;
-
}
-
-
}
@@ -2412,9 +2328,8 @@ public class JNDIRealm extends RealmBase {
* @return the Principal associated with the given certificate.
* @exception NamingException if a directory server error occurs
*/
- protected synchronized Principal getPrincipal(DirContext context,
- String username, GSSCredential gssCredential)
- throws NamingException {
+ protected synchronized Principal getPrincipal(DirContext context, String
username, GSSCredential gssCredential)
+ throws NamingException {
User user = null;
List<String> roles = null;
@@ -2425,12 +2340,9 @@ public class JNDIRealm extends RealmBase {
// Preserve the current context environment parameters
preservedEnvironment = context.getEnvironment();
// Set up context
- context.addToEnvironment(
- Context.SECURITY_AUTHENTICATION, "GSSAPI");
- context.addToEnvironment(
- "javax.security.sasl.server.authentication", "true");
- context.addToEnvironment(
- "javax.security.sasl.qop", spnegoDelegationQop);
+ context.addToEnvironment(Context.SECURITY_AUTHENTICATION,
"GSSAPI");
+
context.addToEnvironment("javax.security.sasl.server.authentication", "true");
+ context.addToEnvironment("javax.security.sasl.qop",
spnegoDelegationQop);
// Note: Subject already set in SPNEGO authenticator so no need
// for Subject.doAs() here
}
@@ -2440,23 +2352,20 @@ public class JNDIRealm extends RealmBase {
}
} finally {
if (gssCredential != null && isUseDelegatedCredential()) {
- restoreEnvironmentParameter(context,
- Context.SECURITY_AUTHENTICATION, preservedEnvironment);
- restoreEnvironmentParameter(context,
- "javax.security.sasl.server.authentication",
preservedEnvironment);
- restoreEnvironmentParameter(context, "javax.security.sasl.qop",
- preservedEnvironment);
+ restoreEnvironmentParameter(context,
Context.SECURITY_AUTHENTICATION, preservedEnvironment);
+ restoreEnvironmentParameter(context,
"javax.security.sasl.server.authentication", preservedEnvironment);
+ restoreEnvironmentParameter(context,
"javax.security.sasl.qop", preservedEnvironment);
}
}
if (user != null) {
- return new GenericPrincipal(user.getUserName(), user.getPassword(),
- roles, null, null, gssCredential);
+ return new GenericPrincipal(user.getUserName(),
user.getPassword(), roles, null, null, gssCredential);
}
return null;
}
+
private void restoreEnvironmentParameter(DirContext context,
String parameterName, Hashtable<?, ?> preservedEnvironment) {
try {
@@ -2470,6 +2379,7 @@ public class JNDIRealm extends RealmBase {
}
}
+
/**
* Open (if necessary) and return a connection to the configured
* directory server for this Realm.
@@ -2479,8 +2389,9 @@ public class JNDIRealm extends RealmBase {
protected DirContext open() throws NamingException {
// Do nothing if there is a directory server connection already open
- if (context != null)
+ if (context != null) {
return context;
+ }
try {
@@ -2498,27 +2409,21 @@ public class JNDIRealm extends RealmBase {
// Not possible to reach this point and not throw an exception.
// Later versions of Java allow us to simply use "throw e"
here.
}
-
connectionAttempt = 1;
-
// log the first exception.
containerLog.info(sm.getString("jndiRealm.exception.retry"), e);
-
// Try connecting to the alternate url.
context = createDirContext(getDirectoryContextEnvironment());
-
} finally {
-
// reset it in case the connection times out.
// the primary may come back.
connectionAttempt = 0;
-
}
return context;
-
}
+
private DirContext createDirContext(Hashtable<String, String> env) throws
NamingException {
if (useStartTls) {
return createTlsDirContext(env);
@@ -2527,13 +2432,13 @@ public class JNDIRealm extends RealmBase {
}
}
+
private SSLSocketFactory getSSLSocketFactory() {
if (sslSocketFactory != null) {
return sslSocketFactory;
}
final SSLSocketFactory result;
- if (this.sslSocketFactoryClassName != null
- && !sslSocketFactoryClassName.trim().equals("")) {
+ if (this.sslSocketFactoryClassName != null &&
!sslSocketFactoryClassName.trim().equals("")) {
result =
createSSLSocketFactoryFromClassName(this.sslSocketFactoryClassName);
} else {
result = createSSLContextFactoryFromProtocol(sslProtocol);
@@ -2542,6 +2447,7 @@ public class JNDIRealm extends RealmBase {
return result;
}
+
private SSLSocketFactory createSSLSocketFactoryFromClassName(String
className) {
try {
Object o = constructInstance(className);
@@ -2583,6 +2489,7 @@ public class JNDIRealm extends RealmBase {
}
}
+
private SSLSocketFactory createSSLContextFactoryFromProtocol(String
protocol) {
try {
SSLContext sslContext;
@@ -2600,14 +2507,13 @@ public class JNDIRealm extends RealmBase {
sm.getString("jndiRealm.invalidSslProtocol", protocol,
allowedProtocols), e);
} catch (KeyManagementException e) {
- List<String> allowedProtocols = Arrays
- .asList(getSupportedSslProtocols());
- throw new IllegalArgumentException(
- sm.getString("jndiRealm.invalidSslProtocol", protocol,
- allowedProtocols), e);
+ List<String> allowedProtocols =
Arrays.asList(getSupportedSslProtocols());
+ throw new
IllegalArgumentException(sm.getString("jndiRealm.invalidSslProtocol",
+ protocol, allowedProtocols), e);
}
}
+
/**
* Create a tls enabled LdapContext and set the StartTlsResponse tls
* instance variable.
@@ -2618,12 +2524,10 @@ public class JNDIRealm extends RealmBase {
* @throws NamingException
* when something goes wrong while negotiating the connection
*/
- private DirContext createTlsDirContext(
- Hashtable<String, String> env) throws NamingException {
+ private DirContext createTlsDirContext(Hashtable<String, String> env)
throws NamingException {
Map<String, Object> savedEnv = new HashMap<String, Object>();
- for (String key : Arrays.asList(Context.SECURITY_AUTHENTICATION,
- Context.SECURITY_CREDENTIALS, Context.SECURITY_PRINCIPAL,
- Context.SECURITY_PROTOCOL)) {
+ for (String key : Arrays.asList(Context.SECURITY_AUTHENTICATION,
Context.SECURITY_CREDENTIALS,
+ Context.SECURITY_PRINCIPAL, Context.SECURITY_PROTOCOL)) {
Object entry = env.remove(key);
if (entry != null) {
savedEnv.put(key, entry);
@@ -2632,8 +2536,7 @@ public class JNDIRealm extends RealmBase {
LdapContext result = null;
try {
result = new InitialLdapContext(env, null);
- tls = (StartTlsResponse) result
- .extendedOperation(new StartTlsRequest());
+ tls = (StartTlsResponse) result.extendedOperation(new
StartTlsRequest());
if (getHostnameVerifier() != null) {
tls.setHostnameVerifier(getHostnameVerifier());
}
@@ -2642,22 +2545,21 @@ public class JNDIRealm extends RealmBase {
}
try {
SSLSession negotiate = tls.negotiate(getSSLSocketFactory());
- containerLog.debug(sm.getString("jndiRealm.negotiatedTls",
- negotiate.getProtocol()));
+ containerLog.debug(sm.getString("jndiRealm.negotiatedTls",
negotiate.getProtocol()));
} catch (IOException e) {
throw new NamingException(e.getMessage());
}
} finally {
if (result != null) {
for (Map.Entry<String, Object> savedEntry :
savedEnv.entrySet()) {
- result.addToEnvironment(savedEntry.getKey(),
- savedEntry.getValue());
+ result.addToEnvironment(savedEntry.getKey(),
savedEntry.getValue());
}
}
}
return result;
}
+
/**
* Create our directory context configuration.
*
@@ -2668,31 +2570,41 @@ public class JNDIRealm extends RealmBase {
Hashtable<String,String> env = new Hashtable<String,String>();
// Configure our directory context environment.
- if (containerLog.isDebugEnabled() && connectionAttempt == 0)
+ if (containerLog.isDebugEnabled() && connectionAttempt == 0) {
containerLog.debug("Connecting to URL " + connectionURL);
- else if (containerLog.isDebugEnabled() && connectionAttempt > 0)
+ } else if (containerLog.isDebugEnabled() && connectionAttempt > 0) {
containerLog.debug("Connecting to URL " + alternateURL);
+ }
env.put(Context.INITIAL_CONTEXT_FACTORY, contextFactory);
- if (connectionName != null)
+ if (connectionName != null) {
env.put(Context.SECURITY_PRINCIPAL, connectionName);
- if (connectionPassword != null)
+ }
+ if (connectionPassword != null) {
env.put(Context.SECURITY_CREDENTIALS, connectionPassword);
- if (connectionURL != null && connectionAttempt == 0)
+ }
+ if (connectionURL != null && connectionAttempt == 0) {
env.put(Context.PROVIDER_URL, connectionURL);
- else if (alternateURL != null && connectionAttempt > 0)
+ } else if (alternateURL != null && connectionAttempt > 0) {
env.put(Context.PROVIDER_URL, alternateURL);
- if (authentication != null)
+ }
+ if (authentication != null) {
env.put(Context.SECURITY_AUTHENTICATION, authentication);
- if (protocol != null)
+ }
+ if (protocol != null) {
env.put(Context.SECURITY_PROTOCOL, protocol);
- if (referrals != null)
+ }
+ if (referrals != null) {
env.put(Context.REFERRAL, referrals);
- if (derefAliases != null)
+ }
+ if (derefAliases != null) {
env.put(JNDIRealm.DEREF_ALIASES, derefAliases);
- if (connectionTimeout != null)
+ }
+ if (connectionTimeout != null) {
env.put("com.sun.jndi.ldap.connect.timeout", connectionTimeout);
- if (readTimeout != null)
+ }
+ if (readTimeout != null) {
env.put("com.sun.jndi.ldap.read.timeout", readTimeout);
+ }
return env;
@@ -2705,15 +2617,12 @@ public class JNDIRealm extends RealmBase {
* @param context The directory context to release
*/
protected void release(DirContext context) {
-
// NO-OP since we are not pooling anything
-
}
// ------------------------------------------------------ Lifecycle Methods
-
/**
* Prepare for the beginning of active use of the public methods of this
* component and implement the requirements of
@@ -2748,16 +2657,15 @@ public class JNDIRealm extends RealmBase {
* @exception LifecycleException if this component detects a fatal error
* that needs to be reported
*/
- @Override
+ @Override
protected void stopInternal() throws LifecycleException {
-
super.stopInternal();
-
// Close any open directory server connection
close(this.context);
}
+
/**
* Given a string containing LDAP patterns for user locations (separated by
* parentheses in a pseudo-LDAP search string format -
@@ -2771,7 +2679,7 @@ public class JNDIRealm extends RealmBase {
protected String[] parseUserPatternString(String userPatternString) {
if (userPatternString != null) {
- ArrayList<String> pathList = new ArrayList<String>();
+ List<String> pathList = new ArrayList<String>();
int startParenLoc = userPatternString.indexOf('(');
if (startParenLoc == -1) {
// no parens here; return whole thing
@@ -2792,8 +2700,7 @@ public class JNDIRealm extends RealmBase {
while (userPatternString.charAt(endParenLoc - 1) == '\\') {
endParenLoc = userPatternString.indexOf(')',
endParenLoc+1);
}
- String nextPathPart = userPatternString.substring
- (startParenLoc+1, endParenLoc);
+ String nextPathPart =
userPatternString.substring(startParenLoc+1, endParenLoc);
pathList.add(nextPathPart);
startingPoint = endParenLoc+1;
startParenLoc = userPatternString.indexOf('(', startingPoint);
@@ -2801,7 +2708,6 @@ public class JNDIRealm extends RealmBase {
return pathList.toArray(new String[] {});
}
return null;
-
}
@@ -2857,49 +2763,42 @@ public class JNDIRealm extends RealmBase {
* @return String containing the distinguished name
* @exception NamingException if a directory server error occurs
*/
- protected String getDistinguishedName(DirContext context, String base,
- SearchResult result) throws NamingException {
+ protected String getDistinguishedName(DirContext context, String base,
SearchResult result) throws NamingException {
// Get the entry's distinguished name. For relative results, this
means
// we need to composite a name with the base name, the context name,
and
// the result name. For non-relative names, use the returned name.
+ String resultName = result.getName();
Name name;
if (result.isRelative()) {
- if (containerLog.isTraceEnabled()) {
- containerLog.trace(" search returned relative name: " +
- result.getName());
- }
- NameParser parser = context.getNameParser("");
- Name contextName = parser.parse(context.getNameInNamespace());
- Name baseName = parser.parse(base);
-
- // Bugzilla 32269
- Name entryName =
- parser.parse(new CompositeName(result.getName()).get(0));
-
- name = contextName.addAll(baseName);
- name = name.addAll(entryName);
+ if (containerLog.isTraceEnabled()) {
+ containerLog.trace(" search returned relative name: " +
resultName);
+ }
+ NameParser parser = context.getNameParser("");
+ Name contextName = parser.parse(context.getNameInNamespace());
+ Name baseName = parser.parse(base);
+
+ // Bugzilla 32269
+ Name entryName = parser.parse(new
CompositeName(resultName).get(0));
+
+ name = contextName.addAll(baseName);
+ name = name.addAll(entryName);
} else {
- String absoluteName = result.getName();
- if (containerLog.isTraceEnabled())
- containerLog.trace(" search returned absolute name: " +
- result.getName());
- try {
- // Normalize the name by running it through the name parser.
- NameParser parser = context.getNameParser("");
- URI userNameUri = new URI(absoluteName);
- String pathComponent = userNameUri.getPath();
- // Should not ever have an empty path component, since that is
/{DN}
- if (pathComponent.length() < 1 ) {
- throw new InvalidNameException(
- "Search returned unparseable absolute name: " +
- absoluteName );
- }
- name = parser.parse(pathComponent.substring(1));
- } catch ( URISyntaxException e ) {
- throw new InvalidNameException(
- "Search returned unparseable absolute name: " +
- absoluteName );
- }
+ if (containerLog.isTraceEnabled()) {
+ containerLog.trace(" search returned absolute name: " +
resultName);
+ }
+ try {
+ // Normalize the name by running it through the name parser.
+ NameParser parser = context.getNameParser("");
+ URI userNameUri = new URI(resultName);
+ String pathComponent = userNameUri.getPath();
+ // Should not ever have an empty path component, since that is
/{DN}
+ if (pathComponent.length() < 1 ) {
+ throw new InvalidNameException("Search returned
unparseable absolute name: " + resultName);
+ }
+ name = parser.parse(pathComponent.substring(1));
+ } catch ( URISyntaxException e ) {
+ throw new InvalidNameException("Search returned unparseable
absolute name: " + resultName);
+ }
}
if (getForceDnHexEscape()) {
@@ -2987,7 +2886,7 @@ public class JNDIRealm extends RealmBase {
}
- // ------------------------------------------------------ Private Classes
+ // ------------------------------------------------------ Protected Classes
/**
* A protected class representing a User
@@ -3000,9 +2899,7 @@ public class JNDIRealm extends RealmBase {
private final List<String> roles;
private final String userRoleId;
-
- public User(String username, String dn, String password,
- List<String> roles, String userRoleId) {
+ public User(String username, String dn, String password, List<String>
roles, String userRoleId) {
this.username = username;
this.dn = dn;
this.password = password;
@@ -3035,4 +2932,3 @@ public class JNDIRealm extends RealmBase {
}
}
}
-
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
