You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by ba...@apache.org on 2016/10/13 15:21:35 UTC
svn commit: r1764706 - in /jackrabbit/oak/branches/1.4: ./
oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java
Author: baedke
Date: Thu Oct 13 15:21:35 2016
New Revision: 1764706
URL: http://svn.apache.org/viewvc?rev=1764706&view=rev
Log:
OAK-4931: LdapIdentityProvider doesn't use configured custom attributes for all searches
Modified:
jackrabbit/oak/branches/1.4/ (props changed)
jackrabbit/oak/branches/1.4/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java
Propchange: jackrabbit/oak/branches/1.4/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Thu Oct 13 15:21:35 2016
@@ -1,3 +1,3 @@
/jackrabbit/oak/branches/1.0:1665962
-/jackrabbit/oak/trunk:1733615,1733875,1733913,1733929,1734230,1734254,1734279,1734941,1735052,1735081,1735141,1735267,1735405,1735484,1735549,1735564,1735588,1735622,1735638,1735919,1735983,1736176,1737309-1737310,1737334,1737349,1737998,1738004,1738136,1738138,1738207,1738234,1738252,1738775,1738795,1738833,1738950,1738957,1738963,1739712,1739760,1739867,1739894,1739959-1739960,1740114,1740116,1740250,1740333,1740349,1740360,1740625-1740626,1740774,1740837,1740879,1740971,1741016,1741032,1741339,1741343,1742077,1742117,1742125,1742363,1742520,1742888,1742916,1743097,1743172,1743343,1743674,1744265,1744292,1744589,1744670,1744672,1744959,1745038,1745127,1745197,1745336,1745368,1746086,1746117,1746342,1746345,1746408,1746696,1746981,1747198,1747200,1747341-1747342,1747380,1747387,1747406,1747492,1747512,1747654,1748505,1748553,1748722,1748870,1749275,1749350,1749424,1749443,1749464,1749475,1749645,1749662,1749815,1749872,1749875,1749899,1750052,1750076-1750077,1750287,1750457,1750462
,1750465,1750495,1750626,1750809,1750886,1751410,1751445-1751446,1751478,1751753,1751755,1751871,1752198,1752202,1752259,1752273-1752274,1752283,1752292,1752438,1752447-1752448,1752508,1752596,1752616,1752659,1752672,1753262,1753331-1753332,1753335-1753336,1753355,1753444,1754117,1754239,1755157,1755191,1756520,1756580,1757119,1757166,1758213,1758713,1759433,1760340,1760373,1760387,1760661-1760662,1761412,1761444,1761571,1761762,1761787,1761876,1762453,1762612,1762632,1762635,1763347,1763355-1763356,1763378,1763465,1763735,1764678
+/jackrabbit/oak/trunk:1733615,1733875,1733913,1733929,1734230,1734254,1734279,1734941,1735052,1735081,1735141,1735267,1735405,1735484,1735549,1735564,1735588,1735622,1735638,1735919,1735983,1736176,1737309-1737310,1737334,1737349,1737998,1738004,1738136,1738138,1738207,1738234,1738252,1738775,1738795,1738833,1738950,1738957,1738963,1739712,1739760,1739867,1739894,1739959-1739960,1740114,1740116,1740250,1740333,1740349,1740360,1740625-1740626,1740774,1740837,1740879,1740971,1741016,1741032,1741339,1741343,1742077,1742117,1742125,1742363,1742520,1742888,1742916,1743097,1743172,1743343,1743674,1744265,1744292,1744589,1744670,1744672,1744959,1745038,1745127,1745197,1745336,1745368,1746086,1746117,1746342,1746345,1746408,1746696,1746981,1747198,1747200,1747341-1747342,1747380,1747387,1747406,1747492,1747512,1747654,1748505,1748553,1748722,1748870,1749275,1749350,1749424,1749443,1749464,1749475,1749645,1749662,1749815,1749872,1749875,1749899,1750052,1750076-1750077,1750287,1750457,1750462
,1750465,1750495,1750626,1750809,1750886,1751410,1751445-1751446,1751478,1751753,1751755,1751871,1752198,1752202,1752259,1752273-1752274,1752283,1752292,1752438,1752447-1752448,1752508,1752596,1752616,1752659,1752672,1753262,1753331-1753332,1753335-1753336,1753355,1753444,1754117,1754239,1755157,1755191,1756520,1756580,1757119,1757166,1758213,1758713,1759433,1760340,1760373,1760387,1760661-1760662,1761412,1761444,1761571,1761762,1761787,1761876,1762453,1762612,1762632,1762635,1763347,1763355-1763356,1763378,1763465,1763735,1764678,1764705
/jackrabbit/trunk:1345480
Modified: jackrabbit/oak/branches/1.4/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.4/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java?rev=1764706&r1=1764705&r2=1764706&view=diff
==============================================================================
--- jackrabbit/oak/branches/1.4/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java (original)
+++ jackrabbit/oak/branches/1.4/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java Thu Oct 13 15:21:35 2016
@@ -18,6 +18,7 @@ package org.apache.jackrabbit.oak.securi
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
+import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
@@ -65,6 +66,7 @@ import org.apache.jackrabbit.commons.ite
import org.apache.jackrabbit.oak.commons.DebugTimer;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGroup;
+import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGroupRef;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentity;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityProvider;
@@ -191,7 +193,22 @@ public class LdapIdentityProvider implem
LdapConnection connection = connect();
try {
- Entry entry = connection.lookup(ref.getId(), "*");
+ String userIdAttr = config.getUserConfig().getIdAttribute();
+ String groupIdAttr = config.getGroupConfig().getIdAttribute();
+ String[] ca = config.getCustomAttributes();
+ Entry entry;
+ if (ca.length == 0) {
+ entry = connection.lookup(ref.getId(), SchemaConstants.ALL_USER_ATTRIBUTES);
+ }
+ else {
+ List<String> attributes = new ArrayList<>(Arrays.asList(ca));
+ attributes.add("objectClass");
+ attributes.add(userIdAttr);
+ attributes.add(groupIdAttr);
+ String[] attributeArray = new String[attributes.size()];
+ attributes.toArray(attributeArray);
+ entry = connection.lookup(ref.getId(), attributeArray);
+ }
if (entry == null) {
return null;
} else if (entry.hasObjectClass(config.getUserConfig().getObjectClasses())) {
@@ -381,11 +398,16 @@ public class LdapIdentityProvider implem
// Create the SearchRequest object
SearchRequest req = new SearchRequestImpl();
req.setScope(SearchScope.SUBTREE);
- req.addAttributes(SchemaConstants.NO_ATTRIBUTE);
+ String idAttribute = config.getGroupConfig().getIdAttribute();
+ req.addAttributes(idAttribute == null? SchemaConstants.NO_ATTRIBUTE : idAttribute);
req.setTimeLimit((int) config.getSearchTimeout());
req.setBase(new Dn(config.getGroupConfig().getBaseDN()));
req.setFilter(searchFilter);
+ if (log.isDebugEnabled()) {
+ log.debug("getDeclaredGroupRefs: using SearchRequest {}.", req);
+ }
+
Map<String, ExternalIdentityRef> groups = new HashMap<String, ExternalIdentityRef>();
DebugTimer timer = new DebugTimer();
connection = connect();
@@ -397,13 +419,13 @@ public class LdapIdentityProvider implem
Response response = searchCursor.get();
if (response instanceof SearchResultEntry) {
Entry resultEntry = ((SearchResultEntry) response).getEntry();
- ExternalIdentityRef groupRef = new ExternalIdentityRef(resultEntry.getDn().toString(), this.getName());
+ ExternalIdentityRef groupRef = new ExternalGroupRef(resultEntry.getDn().toString(), this.getName());
groups.put(groupRef.getId(), groupRef);
}
}
timer.mark("iterate");
if (log.isDebugEnabled()) {
- log.debug("search below {} with {} found {} entries. {}",
+ log.debug("getDeclaredGroupRefs: search below {} with {} found {} entries. {}",
config.getGroupConfig().getBaseDN(), searchFilter, groups.size(), timer.getString());
}
return groups;
@@ -557,6 +579,10 @@ public class LdapIdentityProvider implem
req.setBase(new Dn(idConfig.getBaseDN()));
req.setFilter(searchFilter);
+ if (log.isDebugEnabled()) {
+ log.debug("getEntry: using SearchRequest {}.", req);
+ }
+
// Process the request
SearchCursor searchCursor = null;
Entry resultEntry = null;
@@ -580,9 +606,9 @@ public class LdapIdentityProvider implem
}
if (log.isDebugEnabled()) {
if (resultEntry == null) {
- log.debug("search below {} with {} found 0 entries.", idConfig.getBaseDN(), searchFilter);
+ log.debug("getEntry: search below {} with {} found 0 entries.", idConfig.getBaseDN(), searchFilter);
} else {
- log.debug("search below {} with {} found {}", idConfig.getBaseDN(), searchFilter, resultEntry.getDn());
+ log.debug("getEntry: search below {} with {} found {}", idConfig.getBaseDN(), searchFilter, resultEntry.getDn());
}
}
return resultEntry;
@@ -692,7 +718,11 @@ public class LdapIdentityProvider implem
timer.mark("connect");
page = new ArrayList<Entry>();
try {
- searchCursor = connection.search(createSearchRequest(connection, cookie, config.getCustomAttributes()));
+ SearchRequest req = createSearchRequest(connection, cookie, config.getCustomAttributes());
+ if (log.isDebugEnabled()) {
+ log.debug("loadNextPage: using SearchRequest {}.", req);
+ }
+ searchCursor = connection.search(req);
while (searchCursor.next()) {
Response response = searchCursor.get();
@@ -700,7 +730,7 @@ public class LdapIdentityProvider implem
Entry resultEntry = ((SearchResultEntry) response).getEntry();
page.add(resultEntry);
if (log.isDebugEnabled()) {
- log.debug("search below {} with {} found {}", idConfig.getBaseDN(), searchFilter, resultEntry.getDn());
+ log.debug("loadNextPage: search below {} with {} found {}", idConfig.getBaseDN(), searchFilter, resultEntry.getDn());
}
}
}