Author: rjung
Date: Fri Sep 19 12:51:59 2008
New Revision: 697213
URL: http://svn.apache.org/viewvc?rev=697213&view=rev
Log:
Add an optional and configurable default role to the JNDIRealm.
This comes handy, if you only want to authenticate the users,
but have a security constraint with a role in the app.
Modified:
tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java
tomcat/trunk/webapps/docs/config/realm.xml
tomcat/trunk/webapps/docs/realm-howto.xml
Modified: tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java?rev=697213&r1=697212&r2=697213&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java (original)
+++ tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java Fri Sep 19
12:51:59 2008
@@ -347,6 +347,12 @@
*/
protected int curUserPattern = 0;
+ /**
+ * Add this role to every authenticated user
+ */
+ protected String commonRole = null;
+
+
// ------------------------------------------------------------- Properties
/**
@@ -776,6 +782,28 @@
}
+ /**
+ * Return the common role
+ */
+ public String getCommonRole() {
+
+ return commonRole;
+
+ }
+
+
+ /**
+ * Set the common role
+ *
+ * @param commonRole The common role
+ */
+ public void setCommonRole(String commonRole) {
+
+ this.commonRole = commonRole;
+
+ }
+
+
// ---------------------------------------------------------- Realm Methods
@@ -1363,6 +1391,8 @@
if (list == null) {
list = new ArrayList<String>();
}
+ if (commonRole != null)
+ list.add(commonRole);
// Are we configured to do role searches?
if ((roleFormat == null) || (roleName == null))
Modified: tomcat/trunk/webapps/docs/config/realm.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/realm.xml?rev=697213&r1=697212&r2=697213&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/realm.xml (original)
+++ tomcat/trunk/webapps/docs/config/realm.xml Fri Sep 19 12:51:59 2008
@@ -304,6 +304,12 @@
can be used. If no value is given the providers default is used.</p>
</attribute>
+ <attribute name="commonRole" required="false">
+ <p>A role name assigned to each successfully authenticated user in
+ addition to the roles retrieved from LDAP. If not specified, only
+ the roles retrieved via LDAP are used.</p>
+ </attribute>
+
<attribute name="connectionName" required="false">
<p>The directory username to use when establishing a
connection to the directory for LDAP search operations. If not
Modified: tomcat/trunk/webapps/docs/realm-howto.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/realm-howto.xml?rev=697213&r1=697212&r2=697213&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/realm-howto.xml (original)
+++ tomcat/trunk/webapps/docs/realm-howto.xml Fri Sep 19 12:51:59 2008
@@ -859,6 +859,12 @@
can be used. If no value is given the providers default is used.</p>
</attribute>
+ <attribute name="commonRole" required="false">
+ <p>A role name assigned to each successfully authenticated user in
+ addition to the roles retrieved from LDAP. If not specified, only
+ the roles retrieved via LDAP are used.</p>
+ </attribute>
+
<attribute name="connectionName" required="false">
<p>The directory username to use when establishing a
connection to the directory for LDAP search operations. If not
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
