Author: rjung Date: Fri Sep 19 12:51:59 2008 New Revision: 697213 URL: http://svn.apache.org/viewvc?rev=697213&view=rev Log: Add an optional and configurable default role to the JNDIRealm. This comes handy, if you only want to authenticate the users, but have a security constraint with a role in the app.
Modified: tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java tomcat/trunk/webapps/docs/config/realm.xml tomcat/trunk/webapps/docs/realm-howto.xml Modified: tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java?rev=697213&r1=697212&r2=697213&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java (original) +++ tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java Fri Sep 19 12:51:59 2008 @@ -347,6 +347,12 @@ */ protected int curUserPattern = 0; + /** + * Add this role to every authenticated user + */ + protected String commonRole = null; + + // ------------------------------------------------------------- Properties /** @@ -776,6 +782,28 @@ } + /** + * Return the common role + */ + public String getCommonRole() { + + return commonRole; + + } + + + /** + * Set the common role + * + * @param commonRole The common role + */ + public void setCommonRole(String commonRole) { + + this.commonRole = commonRole; + + } + + // ---------------------------------------------------------- Realm Methods @@ -1363,6 +1391,8 @@ if (list == null) { list = new ArrayList<String>(); } + if (commonRole != null) + list.add(commonRole); // Are we configured to do role searches? if ((roleFormat == null) || (roleName == null)) Modified: tomcat/trunk/webapps/docs/config/realm.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/realm.xml?rev=697213&r1=697212&r2=697213&view=diff ============================================================================== --- tomcat/trunk/webapps/docs/config/realm.xml (original) +++ tomcat/trunk/webapps/docs/config/realm.xml Fri Sep 19 12:51:59 2008 @@ -304,6 +304,12 @@ can be used. If no value is given the providers default is used.</p> </attribute> + <attribute name="commonRole" required="false"> + <p>A role name assigned to each successfully authenticated user in + addition to the roles retrieved from LDAP. If not specified, only + the roles retrieved via LDAP are used.</p> + </attribute> + <attribute name="connectionName" required="false"> <p>The directory username to use when establishing a connection to the directory for LDAP search operations. If not Modified: tomcat/trunk/webapps/docs/realm-howto.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/realm-howto.xml?rev=697213&r1=697212&r2=697213&view=diff ============================================================================== --- tomcat/trunk/webapps/docs/realm-howto.xml (original) +++ tomcat/trunk/webapps/docs/realm-howto.xml Fri Sep 19 12:51:59 2008 @@ -859,6 +859,12 @@ can be used. If no value is given the providers default is used.</p> </attribute> + <attribute name="commonRole" required="false"> + <p>A role name assigned to each successfully authenticated user in + addition to the roles retrieved from LDAP. If not specified, only + the roles retrieved via LDAP are used.</p> + </attribute> + <attribute name="connectionName" required="false"> <p>The directory username to use when establishing a connection to the directory for LDAP search operations. If not --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]