Author: markt
Date: Mon Mar 8 17:59:51 2010
New Revision: 920422
URL: http://svn.apache.org/viewvc?rev=920422&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=48629
Make nested role search work with username as well as DN
Add roleNested to the docs
Patch provided by Felix Schumacher
Modified:
tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java
tomcat/trunk/webapps/docs/realm-howto.xml
Modified: tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java?rev=920422&r1=920421&r2=920422&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java (original)
+++ tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java Mon Mar 8
17:59:51 2010
@@ -30,7 +30,9 @@
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
+import java.util.Map;
import java.util.Set;
+import java.util.Map.Entry;
import javax.naming.Context;
import javax.naming.CommunicationException;
@@ -1683,12 +1685,12 @@
// Directory Groups". It avoids group slurping and handles cyclic
group memberships as well.
// See http://middleware.internet2.edu/dir/ for details
- Set<String> newGroupDNs = new HashSet<String>(groupMap.keySet());
- while (!newGroupDNs.isEmpty()) {
- Set<String> newThisRound = new HashSet<String>(); // Stores
the groups we find in this iteration
+ Map<String, String> newGroups = new
HashMap<String,String>(groupMap);
+ while (!newGroups.isEmpty()) {
+ Map<String, String> newThisRound = new HashMap<String,
String>(); // Stores the groups we find in this iteration
- for (String groupDN : newGroupDNs) {
- filter = roleFormat.format(new String[] { groupDN });
+ for (Entry<String, String> group : newGroups.entrySet()) {
+ filter = roleFormat.format(new String[] { group.getKey(),
group.getValue() });
if (containerLog.isTraceEnabled()) {
containerLog.trace("Perform a nested group search with
base "+ roleBase + " and filter " + filter);
@@ -1706,7 +1708,7 @@
String name = getAttributeValue(roleName, attrs);
if (name != null && dname != null &&
!groupMap.keySet().contains(dname)) {
groupMap.put(dname, name);
- newThisRound.add(dname);
+ newThisRound.put(dname, name);
if (containerLog.isTraceEnabled()) {
containerLog.trace(" Found nested role "
+ dname + " -> " + name);
@@ -1720,7 +1722,7 @@
}
}
- newGroupDNs = newThisRound;
+ newGroups = newThisRound;
}
}
Modified: tomcat/trunk/webapps/docs/realm-howto.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/realm-howto.xml?rev=920422&r1=920421&r2=920422&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/realm-howto.xml (original)
+++ tomcat/trunk/webapps/docs/realm-howto.xml Mon Mar 8 17:59:51 2010
@@ -651,6 +651,12 @@
<li><strong>roleName</strong> - the attribute in a role entry
containing the name of that role.</li>
+<li><strong>roleNested</strong> - enable nested roles. Set to
+ <code>true</code> if you want to nest roles in roles. If configured
+ every newly found roleName and distinguished
+ Name will be recursively tried for a new role search.
+ The default value is <code>false</code>.</li>
+
</ul>
</li>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
