You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@karaf.apache.org by jb...@apache.org on 2016/08/22 09:30:11 UTC
[13/50] [abbrv] karaf git commit: KARAF-4637 - LDAPLoginModule -
Added option to trim usernames
KARAF-4637 - LDAPLoginModule - Added option to trim usernames
Project: http://git-wip-us.apache.org/repos/asf/karaf/repo
Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/b30c4fb7
Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/b30c4fb7
Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/b30c4fb7
Branch: refs/heads/master
Commit: b30c4fb792211e496e7de39ec12e8e2350b0a63f
Parents: b317eff
Author: Paolo Antinori <pa...@redhat.com>
Authored: Wed Jul 27 11:38:53 2016 +0200
Committer: Jean-Baptiste Onofr� <jb...@apache.org>
Committed: Mon Aug 22 11:29:19 2016 +0200
----------------------------------------------------------------------
.../jaas/modules/ldap/LDAPLoginModule.java | 5 +++
.../karaf/jaas/modules/ldap/LDAPOptions.java | 5 +++
.../jaas/modules/ldap/LdapLoginModuleTest.java | 44 ++++++++++++++++++++
3 files changed, 54 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/karaf/blob/b30c4fb7/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java
----------------------------------------------------------------------
diff --git a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java
index f8743c6..6d759e1 100644
--- a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java
+++ b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java
@@ -80,6 +80,11 @@ public class LDAPLoginModule extends AbstractKarafLoginModule {
// valid password (because if authentication = none, the password could be any
// value - it is ignored).
LDAPOptions options = new LDAPOptions(this.options);
+ if(options.isUsernameTrim()){
+ if(user != null){
+ user = user.trim();
+ }
+ }
String authentication = options.getAuthentication();
if ("none".equals(authentication) && (user != null || tmpPassword != null)) {
logger.debug("Changing from authentication = none to simple since user or password was specified.");
http://git-wip-us.apache.org/repos/asf/karaf/blob/b30c4fb7/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPOptions.java
----------------------------------------------------------------------
diff --git a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPOptions.java b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPOptions.java
index 390cbb3..60a7d54 100644
--- a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPOptions.java
+++ b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPOptions.java
@@ -55,6 +55,7 @@ public class LDAPOptions {
public static final String SSL_KEYALIAS = "ssl.keyalias";
public static final String SSL_TRUSTSTORE = "ssl.truststore";
public static final String SSL_TIMEOUT = "ssl.timeout";
+ public static final String USERNAMES_TRIM = "usernames.trim";
public static final String DEFAULT_INITIAL_CONTEXT_FACTORY = "com.sun.jndi.ldap.LdapCtxFactory";
public static final String DEFAULT_AUTHENTICATION = "simple";
public static final int DEFAULT_SSL_TIMEOUT = 10;
@@ -81,6 +82,10 @@ public class LDAPOptions {
return options.hashCode();
}
+ public boolean isUsernameTrim() {
+ return Boolean.parseBoolean((String) options.get(USERNAMES_TRIM));
+ }
+
public String getUserFilter() {
return (String) options.get(USER_FILTER);
}
http://git-wip-us.apache.org/repos/asf/karaf/blob/b30c4fb7/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/ldap/LdapLoginModuleTest.java
----------------------------------------------------------------------
diff --git a/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/ldap/LdapLoginModuleTest.java b/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/ldap/LdapLoginModuleTest.java
index 307aae5..2c11915 100644
--- a/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/ldap/LdapLoginModuleTest.java
+++ b/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/ldap/LdapLoginModuleTest.java
@@ -184,6 +184,50 @@ public class LdapLoginModuleTest extends AbstractLdapTestUnit {
}
@Test
+ public void testTrimmedUsernameLogin() throws Exception {
+ Properties options = ldapLoginModuleOptions();
+ options.put("usernames.trim", "true");
+ LDAPLoginModule module = new LDAPLoginModule();
+ CallbackHandler cb = new CallbackHandler() {
+ public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+ for (Callback cb : callbacks) {
+ if (cb instanceof NameCallback) {
+ ((NameCallback) cb).setName("cheese ");
+ } else if (cb instanceof PasswordCallback) {
+ ((PasswordCallback) cb).setPassword("foodie".toCharArray());
+ }
+ }
+ }
+ };
+ Subject subject = new Subject();
+ module.initialize(subject, cb, null, options);
+
+ assertEquals("Precondition", 0, subject.getPrincipals().size());
+ assertTrue(module.login());
+ assertTrue(module.commit());
+
+ assertEquals(1, subject.getPrincipals().size());
+
+ boolean foundUser = false;
+ boolean foundRole = false;
+ for (Principal pr : subject.getPrincipals()) {
+ if (pr instanceof UserPrincipal) {
+ assertEquals("cheese", pr.getName());
+ foundUser = true;
+ } else if (pr instanceof RolePrincipal) {
+ assertEquals("admin", pr.getName());
+ foundRole = true;
+ }
+ }
+ assertTrue(foundUser);
+ // cheese is not an admin so no roles should be returned
+ assertFalse(foundRole);
+
+ assertTrue(module.logout());
+ assertEquals("Principals should be gone as the user has logged out", 0, subject.getPrincipals().size());
+ }
+
+ @Test
public void testBadPassword() throws Exception {
Properties options = ldapLoginModuleOptions();
LDAPLoginModule module = new LDAPLoginModule();