You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2021/04/09 17:33:11 UTC
[tomcat] branch 8.5.x updated: Code clean-up. No functional change.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 5862cb9 Code clean-up. No functional change.
5862cb9 is described below
commit 5862cb95edbeb75782c923619453affe4d47c614
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Fri Apr 9 16:56:25 2021 +0100
Code clean-up. No functional change.
---
java/org/apache/catalina/realm/JNDIRealm.java | 676 +++++++++++---------------
1 file changed, 290 insertions(+), 386 deletions(-)
diff --git a/java/org/apache/catalina/realm/JNDIRealm.java b/java/org/apache/catalina/realm/JNDIRealm.java
index 1eedab6..e4ba051 100644
--- a/java/org/apache/catalina/realm/JNDIRealm.java
+++ b/java/org/apache/catalina/realm/JNDIRealm.java
@@ -181,7 +181,6 @@ import org.ietf.jgss.GSSName;
*/
public class JNDIRealm extends RealmBase {
-
// ----------------------------------------------------- Instance Variables
/**
@@ -194,19 +193,16 @@ public class JNDIRealm extends RealmBase {
*/
protected String connectionName = null;
-
/**
* The connection password for the server we will contact.
*/
protected String connectionPassword = null;
-
/**
* The connection URL for the server we will contact.
*/
protected String connectionURL = null;
-
/**
* The JNDI context factory used to acquire our InitialContext. By
* default, assumes use of an LDAP server using the standard JNDI LDAP
@@ -214,7 +210,6 @@ public class JNDIRealm extends RealmBase {
*/
protected String contextFactory = "com.sun.jndi.ldap.LdapCtxFactory";
-
/**
* How aliases should be dereferenced during search operations.
*/
@@ -226,7 +221,6 @@ public class JNDIRealm extends RealmBase {
*/
public static final String DEREF_ALIASES = "java.naming.ldap.derefAliases";
-
/**
* Descriptive information about this Realm implementation.
* @deprecated This will be removed in Tomcat 9 onwards.
@@ -241,7 +235,6 @@ public class JNDIRealm extends RealmBase {
*/
protected String protocol = null;
-
/**
* Should we ignore PartialResultExceptions when iterating over NamingEnumerations?
* Microsoft Active Directory often returns referrals, which lead
@@ -251,7 +244,6 @@ public class JNDIRealm extends RealmBase {
*/
protected boolean adCompat = false;
-
/**
* How should we handle referrals? Microsoft Active Directory often returns
* referrals. If you need to follow them set referrals to "follow".
@@ -260,20 +252,17 @@ public class JNDIRealm extends RealmBase {
*/
protected String referrals = null;
-
/**
* The base element for user searches.
*/
protected String userBase = "";
-
/**
* The message format used to search for a user, with "{0}" marking
* the spot where the username goes.
*/
protected String userSearch = null;
-
/**
* When searching for users, should the search be performed as the user
* currently being authenticated? If false, {@link #connectionName} and
@@ -282,13 +271,11 @@ public class JNDIRealm extends RealmBase {
*/
private boolean userSearchAsUser = false;
-
/**
* Should we search the entire subtree for matching users?
*/
protected boolean userSubtree = false;
-
/**
* The attribute name used to retrieve the user password.
*/
@@ -302,7 +289,6 @@ public class JNDIRealm extends RealmBase {
*/
protected String userRoleAttribute = null;
-
/**
* A string of LDAP user patterns or paths, ":"-separated
* These will be used to form the distinguished name of a
@@ -313,7 +299,6 @@ public class JNDIRealm extends RealmBase {
*/
protected String[] userPatternArray = null;
-
/**
* The message format used to form the distinguished name of a
* user, with "{0}" marking the spot where the specified username
@@ -321,26 +306,22 @@ public class JNDIRealm extends RealmBase {
*/
protected String userPattern = null;
-
/**
* The base element for role searches.
*/
protected String roleBase = "";
-
/**
* The name of an attribute in the user's entry containing
* roles for that user
*/
protected String userRoleName = null;
-
/**
* The name of the attribute containing roles held elsewhere
*/
protected String roleName = null;
-
/**
* The message format used to select roles for a user, with "{0}" marking
* the spot where the distinguished name of the user goes. The "{1}"
@@ -348,7 +329,6 @@ public class JNDIRealm extends RealmBase {
*/
protected String roleSearch = null;
-
/**
* Should we search the entire subtree for matching memberships?
*/
@@ -383,7 +363,6 @@ public class JNDIRealm extends RealmBase {
*/
protected String commonRole = null;
-
/**
* The timeout, in milliseconds, to use when trying to create a connection
* to the directory. The default is 5000 (5 seconds).
@@ -408,14 +387,12 @@ public class JNDIRealm extends RealmBase {
*/
protected int timeLimit = 0;
-
/**
* Should delegated credentials from the SPNEGO authenticator be used if
* available
*/
protected boolean useDelegatedCredential = true;
-
/**
* The QOP that should be used for the connection to the LDAP server after
* authentication. This value is used to set the
@@ -473,31 +450,26 @@ public class JNDIRealm extends RealmBase {
private boolean forceDnHexEscape = false;
-
/**
* Non pooled connection to our directory server.
*/
protected JNDIConnection singleConnection = new JNDIConnection();
-
/**
* The lock to ensure single connection thread safety.
*/
protected final Lock singleConnectionLock = new ReentrantLock();
-
/**
* Connection pool.
*/
protected SynchronizedStack<JNDIConnection> connectionPool = null;
-
/**
* The pool size limit. If 1, pooling is not used.
*/
protected int connectionPoolSize = 1;
-
/**
* Whether to use context ClassLoader or default ClassLoader.
* True means use context ClassLoader, and True is the default
@@ -512,37 +484,35 @@ public class JNDIRealm extends RealmBase {
return forceDnHexEscape;
}
+
public void setForceDnHexEscape(boolean forceDnHexEscape) {
this.forceDnHexEscape = forceDnHexEscape;
}
+
/**
* @return the type of authentication to use.
*/
public String getAuthentication() {
-
return authentication;
-
}
+
/**
* Set the type of authentication to use.
*
* @param authentication The authentication
*/
public void setAuthentication(String authentication) {
-
this.authentication = authentication;
-
}
+
/**
* @return the connection username for this Realm.
*/
public String getConnectionName() {
-
return this.connectionName;
-
}
@@ -552,9 +522,7 @@ public class JNDIRealm extends RealmBase {
* @param connectionName The new connection username
*/
public void setConnectionName(String connectionName) {
-
this.connectionName = connectionName;
-
}
@@ -562,9 +530,7 @@ public class JNDIRealm extends RealmBase {
* @return the connection password for this Realm.
*/
public String getConnectionPassword() {
-
return this.connectionPassword;
-
}
@@ -574,9 +540,7 @@ public class JNDIRealm extends RealmBase {
* @param connectionPassword The new connection password
*/
public void setConnectionPassword(String connectionPassword) {
-
this.connectionPassword = connectionPassword;
-
}
@@ -584,9 +548,7 @@ public class JNDIRealm extends RealmBase {
* @return the connection URL for this Realm.
*/
public String getConnectionURL() {
-
return this.connectionURL;
-
}
@@ -596,9 +558,7 @@ public class JNDIRealm extends RealmBase {
* @param connectionURL The new connection URL
*/
public void setConnectionURL(String connectionURL) {
-
this.connectionURL = connectionURL;
-
}
@@ -606,9 +566,7 @@ public class JNDIRealm extends RealmBase {
* @return the JNDI context factory for this Realm.
*/
public String getContextFactory() {
-
return this.contextFactory;
-
}
@@ -618,11 +576,10 @@ public class JNDIRealm extends RealmBase {
* @param contextFactory The new context factory
*/
public void setContextFactory(String contextFactory) {
-
this.contextFactory = contextFactory;
-
}
+
/**
* @return the derefAliases setting to be used.
*/
@@ -630,33 +587,32 @@ public class JNDIRealm extends RealmBase {
return derefAliases;
}
+
/**
* Set the value for derefAliases to be used when searching the directory.
*
* @param derefAliases New value of property derefAliases.
*/
public void setDerefAliases(java.lang.String derefAliases) {
- this.derefAliases = derefAliases;
+ this.derefAliases = derefAliases;
}
+
/**
* @return the protocol to be used.
*/
public String getProtocol() {
-
return protocol;
-
}
+
/**
* Set the protocol for this Realm.
*
* @param protocol The new protocol.
*/
public void setProtocol(String protocol) {
-
this.protocol = protocol;
-
}
@@ -700,9 +656,7 @@ public class JNDIRealm extends RealmBase {
* @return the base element for user searches.
*/
public String getUserBase() {
-
return this.userBase;
-
}
@@ -712,9 +666,7 @@ public class JNDIRealm extends RealmBase {
* @param userBase The new base element
*/
public void setUserBase(String userBase) {
-
this.userBase = userBase;
-
}
@@ -722,9 +674,7 @@ public class JNDIRealm extends RealmBase {
* @return the message format pattern for selecting users in this Realm.
*/
public String getUserSearch() {
-
return this.userSearch;
-
}
@@ -753,9 +703,7 @@ public class JNDIRealm extends RealmBase {
* @return the "search subtree for users" flag.
*/
public boolean getUserSubtree() {
-
return this.userSubtree;
-
}
@@ -765,9 +713,7 @@ public class JNDIRealm extends RealmBase {
* @param userSubtree The new search flag
*/
public void setUserSubtree(boolean userSubtree) {
-
this.userSubtree = userSubtree;
-
}
@@ -775,7 +721,6 @@ public class JNDIRealm extends RealmBase {
* @return the user role name attribute name for this Realm.
*/
public String getUserRoleName() {
-
return userRoleName;
}
@@ -786,9 +731,7 @@ public class JNDIRealm extends RealmBase {
* @param userRoleName The new userRole name attribute name
*/
public void setUserRoleName(String userRoleName) {
-
this.userRoleName = userRoleName;
-
}
@@ -796,9 +739,7 @@ public class JNDIRealm extends RealmBase {
* @return the base element for role searches.
*/
public String getRoleBase() {
-
return this.roleBase;
-
}
@@ -817,9 +758,7 @@ public class JNDIRealm extends RealmBase {
* @return the role name attribute name for this Realm.
*/
public String getRoleName() {
-
return this.roleName;
-
}
@@ -829,9 +768,7 @@ public class JNDIRealm extends RealmBase {
* @param roleName The new role name attribute name
*/
public void setRoleName(String roleName) {
-
this.roleName = roleName;
-
}
@@ -839,9 +776,7 @@ public class JNDIRealm extends RealmBase {
* @return the message format pattern for selecting roles in this Realm.
*/
public String getRoleSearch() {
-
return this.roleSearch;
-
}
@@ -870,9 +805,7 @@ public class JNDIRealm extends RealmBase {
* @return the "search subtree for roles" flag.
*/
public boolean getRoleSubtree() {
-
return this.roleSubtree;
-
}
@@ -882,18 +815,15 @@ public class JNDIRealm extends RealmBase {
* @param roleSubtree The new search flag
*/
public void setRoleSubtree(boolean roleSubtree) {
-
this.roleSubtree = roleSubtree;
-
}
+
/**
* @return the "The nested group search flag" flag.
*/
public boolean getRoleNested() {
-
return this.roleNested;
-
}
@@ -903,9 +833,7 @@ public class JNDIRealm extends RealmBase {
* @param roleNested The nested group search flag
*/
public void setRoleNested(boolean roleNested) {
-
this.roleNested = roleNested;
-
}
@@ -913,9 +841,7 @@ public class JNDIRealm extends RealmBase {
* @return the password attribute used to retrieve the user password.
*/
public String getUserPassword() {
-
return this.userPassword;
-
}
@@ -925,9 +851,7 @@ public class JNDIRealm extends RealmBase {
* @param userPassword The new password attribute
*/
public void setUserPassword(String userPassword) {
-
this.userPassword = userPassword;
-
}
@@ -935,6 +859,7 @@ public class JNDIRealm extends RealmBase {
return userRoleAttribute;
}
+
public void setUserRoleAttribute(String userRoleAttribute) {
this.userRoleAttribute = userRoleAttribute;
}
@@ -943,14 +868,10 @@ public class JNDIRealm extends RealmBase {
* @return the message format pattern for selecting users in this Realm.
*/
public String getUserPattern() {
-
return this.userPattern;
-
}
-
-
/**
* Set the message format pattern for selecting users in this Realm.
* This may be one simple pattern, or multiple patterns to be tried,
@@ -978,9 +899,7 @@ public class JNDIRealm extends RealmBase {
* @return Value of property alternateURL.
*/
public String getAlternateURL() {
-
return this.alternateURL;
-
}
@@ -990,9 +909,7 @@ public class JNDIRealm extends RealmBase {
* @param alternateURL New value of property alternateURL.
*/
public void setAlternateURL(String alternateURL) {
-
this.alternateURL = alternateURL;
-
}
@@ -1000,9 +917,7 @@ public class JNDIRealm extends RealmBase {
* @return the common role
*/
public String getCommonRole() {
-
return commonRole;
-
}
@@ -1012,9 +927,7 @@ public class JNDIRealm extends RealmBase {
* @param commonRole The common role
*/
public void setCommonRole(String commonRole) {
-
this.commonRole = commonRole;
-
}
@@ -1022,9 +935,7 @@ public class JNDIRealm extends RealmBase {
* @return the connection timeout.
*/
public String getConnectionTimeout() {
-
return connectionTimeout;
-
}
@@ -1034,18 +945,15 @@ public class JNDIRealm extends RealmBase {
* @param timeout The new connection timeout
*/
public void setConnectionTimeout(String timeout) {
-
this.connectionTimeout = timeout;
-
}
+
/**
* @return the read timeout.
*/
public String getReadTimeout() {
-
return readTimeout;
-
}
@@ -1055,9 +963,7 @@ public class JNDIRealm extends RealmBase {
* @param timeout The new read timeout
*/
public void setReadTimeout(String timeout) {
-
this.readTimeout = timeout;
-
}
@@ -1085,6 +991,7 @@ public class JNDIRealm extends RealmBase {
return useDelegatedCredential;
}
+
public void setUseDelegatedCredential(boolean useDelegatedCredential) {
this.useDelegatedCredential = useDelegatedCredential;
}
@@ -1094,6 +1001,7 @@ public class JNDIRealm extends RealmBase {
return spnegoDelegationQop;
}
+
public void setSpnegoDelegationQop(String spnegoDelegationQop) {
this.spnegoDelegationQop = spnegoDelegationQop;
}
@@ -1106,6 +1014,7 @@ public class JNDIRealm extends RealmBase {
return useStartTls;
}
+
/**
* Flag whether StartTLS should be used when connecting to the ldap server
*
@@ -1117,6 +1026,7 @@ public class JNDIRealm extends RealmBase {
this.useStartTls = useStartTls;
}
+
/**
* @return list of the allowed cipher suites when connections are made using
* StartTLS
@@ -1136,6 +1046,7 @@ public class JNDIRealm extends RealmBase {
return this.cipherSuitesArray;
}
+
/**
* Set the allowed cipher suites when opening a connection using StartTLS.
* The cipher suites are expected as a comma separated list.
@@ -1147,6 +1058,7 @@ public class JNDIRealm extends RealmBase {
this.cipherSuites = suites;
}
+
/**
* @return the connection pool size, or the default value 1 if pooling
* is disabled
@@ -1155,6 +1067,7 @@ public class JNDIRealm extends RealmBase {
return connectionPoolSize;
}
+
/**
* Set the connection pool size
* @param connectionPoolSize the new pool size
@@ -1163,6 +1076,7 @@ public class JNDIRealm extends RealmBase {
this.connectionPoolSize = connectionPoolSize;
}
+
/**
* @return name of the {@link HostnameVerifier} class used for connections
* using StartTLS, or the empty string, if the default verifier
@@ -1175,6 +1089,7 @@ public class JNDIRealm extends RealmBase {
return this.hostnameVerifier.getClass().getCanonicalName();
}
+
/**
* Set the {@link HostnameVerifier} to be used when opening connections
* using StartTLS. An instance of the given class name will be constructed
@@ -1191,6 +1106,7 @@ public class JNDIRealm extends RealmBase {
}
}
+
/**
* @return the {@link HostnameVerifier} to use for peer certificate
* verification when opening connections using StartTLS.
@@ -1199,8 +1115,7 @@ public class JNDIRealm extends RealmBase {
if (this.hostnameVerifier != null) {
return this.hostnameVerifier;
}
- if (this.hostNameVerifierClassName == null
- || hostNameVerifierClassName.equals("")) {
+ if (this.hostNameVerifierClassName == null || hostNameVerifierClassName.equals("")) {
return null;
}
try {
@@ -1220,6 +1135,7 @@ public class JNDIRealm extends RealmBase {
}
}
+
/**
* Set the {@link SSLSocketFactory} to be used when opening connections
* using StartTLS. An instance of the factory with the given name will be
@@ -1233,6 +1149,7 @@ public class JNDIRealm extends RealmBase {
this.sslSocketFactoryClassName = factoryClassName;
}
+
/**
* Set the ssl protocol to be used for connections using StartTLS.
*
@@ -1243,6 +1160,7 @@ public class JNDIRealm extends RealmBase {
this.sslProtocol = protocol;
}
+
/**
* @return the list of supported ssl protocols by the default
* {@link SSLContext}
@@ -1256,12 +1174,14 @@ public class JNDIRealm extends RealmBase {
}
}
+
private Object constructInstance(String className)
throws ReflectiveOperationException {
Class<?> clazz = Class.forName(className);
return clazz.getConstructor().newInstance();
}
+
/**
* Sets whether to use the context or default ClassLoader.
* True means use context ClassLoader.
@@ -1272,6 +1192,7 @@ public class JNDIRealm extends RealmBase {
useContextClassLoader = useContext;
}
+
/**
* Returns whether to use the context or default ClassLoader.
* True means to use the context ClassLoader.
@@ -1282,6 +1203,7 @@ public class JNDIRealm extends RealmBase {
return useContextClassLoader;
}
+
// ---------------------------------------------------------- Realm Methods
/**
@@ -1364,21 +1286,14 @@ public class JNDIRealm extends RealmBase {
closePooledConnections();
// Return "not authenticated" for this request
- if (containerLog.isDebugEnabled())
+ if (containerLog.isDebugEnabled()) {
containerLog.debug("Returning null principal.");
+ }
return null;
-
}
-
}
- // -------------------------------------------------------- Package Methods
-
-
- // ------------------------------------------------------ Protected Methods
-
-
/**
* Return the Principal associated with the specified username and
* credentials, if there is one; otherwise return <code>null</code>.
@@ -1391,22 +1306,18 @@ public class JNDIRealm extends RealmBase {
*
* @exception NamingException if a directory server error occurs
*/
- public Principal authenticate(JNDIConnection connection,
- String username,
- String credentials)
- throws NamingException {
+ public Principal authenticate(JNDIConnection connection, String username, String credentials)
+ throws NamingException {
- if (username == null || username.equals("")
- || credentials == null || credentials.equals("")) {
- if (containerLog.isDebugEnabled())
+ if (username == null || username.equals("") || credentials == null || credentials.equals("")) {
+ if (containerLog.isDebugEnabled()) {
containerLog.debug("username null or empty: returning null principal.");
+ }
return null;
}
if (userPatternArray != null) {
- for (int curUserPattern = 0;
- curUserPattern < userPatternArray.length;
- curUserPattern++) {
+ for (int curUserPattern = 0; curUserPattern < userPatternArray.length; curUserPattern++) {
// Retrieve user information
User user = getUser(connection, username, credentials, curUserPattern);
if (user != null) {
@@ -1434,12 +1345,14 @@ public class JNDIRealm extends RealmBase {
} else {
// Retrieve user information
User user = getUser(connection, username, credentials);
- if (user == null)
+ if (user == null) {
return null;
+ }
// Check the user's credentials
- if (!checkCredentials(connection.context, user, credentials))
+ if (!checkCredentials(connection.context, user, credentials)) {
return null;
+ }
// Search for additional roles
List<String> roles = getRoles(connection, user);
@@ -1453,6 +1366,8 @@ public class JNDIRealm extends RealmBase {
}
+ // ------------------------------------------------------ Protected Methods
+
/**
* Return a User object containing information about the user
* with the specified username, if found in the directory;
@@ -1465,9 +1380,7 @@ public class JNDIRealm extends RealmBase {
*
* @see #getUser(JNDIConnection, String, String, int)
*/
- protected User getUser(JNDIConnection connection, String username)
- throws NamingException {
-
+ protected User getUser(JNDIConnection connection, String username) throws NamingException {
return getUser(connection, username, null, -1);
}
@@ -1485,9 +1398,7 @@ public class JNDIRealm extends RealmBase {
*
* @see #getUser(JNDIConnection, String, String, int)
*/
- protected User getUser(JNDIConnection connection, String username, String credentials)
- throws NamingException {
-
+ protected User getUser(JNDIConnection connection, String username, String credentials) throws NamingException {
return getUser(connection, username, credentials, -1);
}
@@ -1510,18 +1421,19 @@ public class JNDIRealm extends RealmBase {
* @return the User object
* @exception NamingException if a directory server error occurs
*/
- protected User getUser(JNDIConnection connection, String username,
- String credentials, int curUserPattern)
- throws NamingException {
+ protected User getUser(JNDIConnection connection, String username, String credentials, int curUserPattern)
+ throws NamingException {
User user = null;
// Get attributes to retrieve from user entry
- ArrayList<String> list = new ArrayList<>();
- if (userPassword != null)
+ List<String> list = new ArrayList<>();
+ if (userPassword != null) {
list.add(userPassword);
- if (userRoleName != null)
+ }
+ if (userRoleName != null) {
list.add(userRoleName);
+ }
if (userRoleAttribute != null) {
list.add(userRoleAttribute);
}
@@ -1553,8 +1465,7 @@ public class JNDIRealm extends RealmBase {
if (userPassword == null && credentials != null && user != null) {
// The password is available. Insert it since it may be required for
// role searches.
- return new User(user.getUserName(), user.getDN(), credentials,
- user.getRoles(), user.getUserRoleId());
+ return new User(user.getUserName(), user.getDN(), credentials, user.getRoles(), user.getUserRoleId());
}
return user;
@@ -1574,11 +1485,8 @@ public class JNDIRealm extends RealmBase {
* @return the User object
* @exception NamingException if a directory server error occurs
*/
- protected User getUserByPattern(DirContext context,
- String username,
- String[] attrIds,
- String dn)
- throws NamingException {
+ protected User getUserByPattern(DirContext context, String username, String[] attrIds, String dn)
+ throws NamingException {
// If no attributes are requested, no need to look for them
if (attrIds == null || attrIds.length == 0) {
@@ -1592,13 +1500,15 @@ public class JNDIRealm extends RealmBase {
} catch (NameNotFoundException e) {
return null;
}
- if (attrs == null)
+ if (attrs == null) {
return null;
+ }
// Retrieve value of userPassword
String password = null;
- if (userPassword != null)
+ if (userPassword != null) {
password = getAttributeValue(userPassword, attrs);
+ }
String userRoleAttrValue = null;
if (userRoleAttribute != null) {
@@ -1607,8 +1517,9 @@ public class JNDIRealm extends RealmBase {
// Retrieve values of userRoleName attribute
ArrayList<String> roles = null;
- if (userRoleName != null)
+ if (userRoleName != null) {
roles = addAttributeValues(userRoleName, attrs, roles);
+ }
return new User(username, dn, password, roles, userRoleAttrValue);
}
@@ -1629,17 +1540,14 @@ public class JNDIRealm extends RealmBase {
* @exception NamingException if a directory server error occurs
* @see #getUserByPattern(DirContext, String, String[], String)
*/
- protected User getUserByPattern(JNDIConnection connection,
- String username,
- String credentials,
- String[] attrIds,
- int curUserPattern)
- throws NamingException {
+ protected User getUserByPattern(JNDIConnection connection, String username, String credentials, String[] attrIds,
+ int curUserPattern) throws NamingException {
User user = null;
- if (username == null || userPatternArray[curUserPattern] == null)
+ if (username == null || userPatternArray[curUserPattern] == null) {
return null;
+ }
// Form the dn from the user pattern
String dn = connection.userPatternFormatArray[curUserPattern].format(new String[] { username });
@@ -1674,13 +1582,12 @@ public class JNDIRealm extends RealmBase {
* @return the User object
* @exception NamingException if a directory server error occurs
*/
- protected User getUserBySearch(JNDIConnection connection,
- String username,
- String[] attrIds)
- throws NamingException {
+ protected User getUserBySearch(JNDIConnection connection, String username, String[] attrIds)
+ throws NamingException {
- if (username == null || connection.userSearchFormat == null)
+ if (username == null || connection.userSearchFormat == null) {
return null;
+ }
// Form the search filter
String filter = connection.userSearchFormat.format(new String[] { username });
@@ -1698,12 +1605,12 @@ public class JNDIRealm extends RealmBase {
constraints.setTimeLimit(timeLimit);
// Specify the attributes to be retrieved
- if (attrIds == null)
+ if (attrIds == null) {
attrIds = new String[0];
+ }
constraints.setReturningAttributes(attrIds);
- NamingEnumeration<SearchResult> results =
- connection.context.search(userBase, filter, constraints);
+ NamingEnumeration<SearchResult> results = connection.context.search(userBase, filter, constraints);
try {
// Fail if no entries found
@@ -1712,10 +1619,11 @@ public class JNDIRealm extends RealmBase {
return null;
}
} catch (PartialResultException ex) {
- if (!adCompat)
+ if (!adCompat) {
throw ex;
- else
+ } else {
return null;
+ }
}
// Get result for the first entry found
@@ -1730,24 +1638,28 @@ public class JNDIRealm extends RealmBase {
return null;
}
} catch (PartialResultException ex) {
- if (!adCompat)
+ if (!adCompat) {
throw ex;
+ }
}
String dn = getDistinguishedName(connection.context, userBase, result);
- if (containerLog.isTraceEnabled())
+ if (containerLog.isTraceEnabled()) {
containerLog.trace(" entry found for " + username + " with dn " + dn);
+ }
// Get the entry's attributes
Attributes attrs = result.getAttributes();
- if (attrs == null)
+ if (attrs == null) {
return null;
+ }
// Retrieve value of userPassword
String password = null;
- if (userPassword != null)
+ if (userPassword != null) {
password = getAttributeValue(userPassword, attrs);
+ }
String userRoleAttrValue = null;
if (userRoleAttribute != null) {
@@ -1756,8 +1668,9 @@ public class JNDIRealm extends RealmBase {
// Retrieve values of userRoleName attribute
ArrayList<String> roles = null;
- if (userRoleName != null)
+ if (userRoleName != null) {
roles = addAttributeValues(userRoleName, attrs, roles);
+ }
return new User(username, dn, password, roles, userRoleAttrValue);
} finally {
@@ -1783,30 +1696,25 @@ public class JNDIRealm extends RealmBase {
* @return <code>true</code> if the credentials are validated
* @exception NamingException if a directory server error occurs
*/
- protected boolean checkCredentials(DirContext context,
- User user,
- String credentials)
- throws NamingException {
+ protected boolean checkCredentials(DirContext context, User user, String credentials) throws NamingException {
- boolean validated = false;
+ boolean validated = false;
- if (userPassword == null) {
- validated = bindAsUser(context, user, credentials);
- } else {
- validated = compareCredentials(context, user, credentials);
- }
+ if (userPassword == null) {
+ validated = bindAsUser(context, user, credentials);
+ } else {
+ validated = compareCredentials(context, user, credentials);
+ }
- if (containerLog.isTraceEnabled()) {
- if (validated) {
- containerLog.trace(sm.getString("jndiRealm.authenticateSuccess",
- user.getUserName()));
- } else {
- containerLog.trace(sm.getString("jndiRealm.authenticateFailure",
- user.getUserName()));
- }
- }
- return validated;
- }
+ if (containerLog.isTraceEnabled()) {
+ if (validated) {
+ containerLog.trace(sm.getString("jndiRealm.authenticateSuccess", user.getUserName()));
+ } else {
+ containerLog.trace(sm.getString("jndiRealm.authenticateFailure", user.getUserName()));
+ }
+ }
+ return validated;
+ }
/**
@@ -1819,17 +1727,15 @@ public class JNDIRealm extends RealmBase {
* @return <code>true</code> if the credentials are validated
* @exception NamingException if a directory server error occurs
*/
- protected boolean compareCredentials(DirContext context,
- User info,
- String credentials)
- throws NamingException {
-
+ protected boolean compareCredentials(DirContext context, User info, String credentials) throws NamingException {
// Validate the credentials specified by the user
- if (containerLog.isTraceEnabled())
+ if (containerLog.isTraceEnabled()) {
containerLog.trace(" validating credentials");
+ }
- if (info == null || credentials == null)
+ if (info == null || credentials == null) {
return false;
+ }
String password = info.getPassword();
@@ -1846,21 +1752,20 @@ public class JNDIRealm extends RealmBase {
* @return <code>true</code> if the credentials are validated
* @exception NamingException if a directory server error occurs
*/
- protected boolean bindAsUser(DirContext context,
- User user,
- String credentials)
- throws NamingException {
+ protected boolean bindAsUser(DirContext context, User user, String credentials) throws NamingException {
- if (credentials == null || user == null)
- return false;
+ if (credentials == null || user == null) {
+ return false;
+ }
- String dn = user.getDN();
- if (dn == null)
- return false;
+ String dn = user.getDN();
+ if (dn == null) {
+ return false;
+ }
- // Validate the credentials specified by the user
- if (containerLog.isTraceEnabled()) {
- containerLog.trace(" validating credentials by binding as the user");
+ // Validate the credentials specified by the user
+ if (containerLog.isTraceEnabled()) {
+ containerLog.trace(" validating credentials by binding as the user");
}
userCredentialsAdd(context, dn, credentials);
@@ -1885,48 +1790,47 @@ public class JNDIRealm extends RealmBase {
return validated;
}
- /**
- * Configure the context to use the provided credentials for
- * authentication.
- *
- * @param context DirContext to configure
- * @param dn Distinguished name of user
- * @param credentials Credentials of user
- * @exception NamingException if a directory server error occurs
- */
- private void userCredentialsAdd(DirContext context, String dn,
- String credentials) throws NamingException {
+
+ /**
+ * Configure the context to use the provided credentials for
+ * authentication.
+ *
+ * @param context DirContext to configure
+ * @param dn Distinguished name of user
+ * @param credentials Credentials of user
+ * @exception NamingException if a directory server error occurs
+ */
+ private void userCredentialsAdd(DirContext context, String dn, String credentials) throws NamingException {
// Set up security environment to bind as the user
context.addToEnvironment(Context.SECURITY_PRINCIPAL, dn);
context.addToEnvironment(Context.SECURITY_CREDENTIALS, credentials);
}
+
/**
* Configure the context to use {@link #connectionName} and
* {@link #connectionPassword} if specified or an anonymous connection if
* those attributes are not specified.
*
- * @param context DirContext to configure
- * @exception NamingException if a directory server error occurs
+ * @param context DirContext to configure
+ * @exception NamingException if a directory server error occurs
*/
- private void userCredentialsRemove(DirContext context)
- throws NamingException {
+ private void userCredentialsRemove(DirContext context) throws NamingException {
// Restore the original security environment
if (connectionName != null) {
- context.addToEnvironment(Context.SECURITY_PRINCIPAL,
- connectionName);
+ context.addToEnvironment(Context.SECURITY_PRINCIPAL, connectionName);
} else {
context.removeFromEnvironment(Context.SECURITY_PRINCIPAL);
}
if (connectionPassword != null) {
- context.addToEnvironment(Context.SECURITY_CREDENTIALS,
- connectionPassword);
+ context.addToEnvironment(Context.SECURITY_CREDENTIALS, connectionPassword);
} else {
context.removeFromEnvironment(Context.SECURITY_CREDENTIALS);
}
}
+
/**
* Return a List of roles associated with the given User. Any
* roles present in the user's directory entry are supplemented by
@@ -1938,21 +1842,23 @@ public class JNDIRealm extends RealmBase {
* @return the list of role names
* @exception NamingException if a directory server error occurs
*/
- protected List<String> getRoles(JNDIConnection connection, User user)
- throws NamingException {
+ protected List<String> getRoles(JNDIConnection connection, User user) throws NamingException {
- if (user == null)
+ if (user == null) {
return null;
+ }
String dn = user.getDN();
String username = user.getUserName();
String userRoleId = user.getUserRoleId();
- if (dn == null || username == null)
+ if (dn == null || username == null) {
return null;
+ }
- if (containerLog.isTraceEnabled())
+ if (containerLog.isTraceEnabled()) {
containerLog.trace(" getRoles(" + dn + ")");
+ }
// Start with roles retrieved from the user entry
List<String> list = new ArrayList<>();
@@ -1960,8 +1866,9 @@ public class JNDIRealm extends RealmBase {
if (userRoles != null) {
list.addAll(userRoles);
}
- if (commonRole != null)
+ if (commonRole != null) {
list.add(commonRole);
+ }
if (containerLog.isTraceEnabled()) {
containerLog.trace(" Found " + list.size() + " user internal roles");
@@ -1969,16 +1876,18 @@ public class JNDIRealm extends RealmBase {
}
// Are we configured to do role searches?
- if ((connection.roleFormat == null) || (roleName == null))
+ if ((connection.roleFormat == null) || (roleName == null)) {
return list;
+ }
// Set up parameters for an appropriate search
String filter = connection.roleFormat.format(new String[] { doRFC2254Encoding(dn), username, userRoleId });
SearchControls controls = new SearchControls();
- if (roleSubtree)
+ if (roleSubtree) {
controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
- else
+ } else {
controls.setSearchScope(SearchControls.ONELEVEL_SCOPE);
+ }
controls.setReturningAttributes(new String[] {roleName});
String base = null;
@@ -1998,16 +1907,18 @@ public class JNDIRealm extends RealmBase {
NamingEnumeration<SearchResult> results = searchAsUser(connection.context, user, base, filter, controls,
isRoleSearchAsUser());
- if (results == null)
+ if (results == null) {
return list; // Should never happen, but just in case ...
+ }
- HashMap<String, String> groupMap = new HashMap<>();
+ Map<String, String> groupMap = new HashMap<>();
try {
while (results.hasMore()) {
SearchResult result = results.next();
Attributes attrs = result.getAttributes();
- if (attrs == null)
+ if (attrs == null) {
continue;
+ }
String dname = getDistinguishedName(connection.context, roleBase, result);
String name = getAttributeValue(roleName, attrs);
if (name != null && dname != null) {
@@ -2015,8 +1926,9 @@ public class JNDIRealm extends RealmBase {
}
}
} catch (PartialResultException ex) {
- if (!adCompat)
+ if (!adCompat) {
throw ex;
+ }
} finally {
results.close();
}
@@ -2045,18 +1957,19 @@ public class JNDIRealm extends RealmBase {
group.getValue(), group.getValue() });
if (containerLog.isTraceEnabled()) {
- containerLog.trace("Perform a nested group search with base "+ roleBase + " and filter " + filter);
+ containerLog.trace("Perform a nested group search with base "+ roleBase +
+ " and filter " + filter);
}
- results = searchAsUser(connection.context, user, roleBase, filter, controls,
- isRoleSearchAsUser());
+ results = searchAsUser(connection.context, user, roleBase, filter, controls, isRoleSearchAsUser());
try {
while (results.hasMore()) {
SearchResult result = results.next();
Attributes attrs = result.getAttributes();
- if (attrs == null)
+ if (attrs == null) {
continue;
+ }
String dname = getDistinguishedName(connection.context, roleBase, result);
String name = getAttributeValue(roleName, attrs);
if (name != null && dname != null && !groupMap.keySet().contains(dname)) {
@@ -2066,12 +1979,12 @@ public class JNDIRealm extends RealmBase {
if (containerLog.isTraceEnabled()) {
containerLog.trace(" Found nested role " + dname + " -> " + name);
}
-
}
- }
+ }
} catch (PartialResultException ex) {
- if (!adCompat)
+ if (!adCompat) {
throw ex;
+ }
} finally {
results.close();
}
@@ -2085,6 +1998,7 @@ public class JNDIRealm extends RealmBase {
return list;
}
+
/**
* Perform the search on the context as the {@code dn}, when
* {@code searchAsUser} is {@code true}, otherwise search the context with
@@ -2107,8 +2021,7 @@ public class JNDIRealm extends RealmBase {
* @throws NamingException
* if a directory server error occurs
*/
- private NamingEnumeration<SearchResult> searchAsUser(DirContext context,
- User user, String base, String filter,
+ private NamingEnumeration<SearchResult> searchAsUser(DirContext context, User user, String base, String filter,
SearchControls controls, boolean searchAsUser) throws NamingException {
NamingEnumeration<SearchResult> results;
try {
@@ -2133,26 +2046,30 @@ public class JNDIRealm extends RealmBase {
* @return the attribute value
* @exception NamingException if a directory server error occurs
*/
- private String getAttributeValue(String attrId, Attributes attrs)
- throws NamingException {
+ private String getAttributeValue(String attrId, Attributes attrs) throws NamingException {
- if (containerLog.isTraceEnabled())
+ if (containerLog.isTraceEnabled()) {
containerLog.trace(" retrieving attribute " + attrId);
+ }
- if (attrId == null || attrs == null)
+ if (attrId == null || attrs == null) {
return null;
+ }
Attribute attr = attrs.get(attrId);
- if (attr == null)
+ if (attr == null) {
return null;
+ }
Object value = attr.get();
- if (value == null)
+ if (value == null) {
return null;
+ }
String valueString = null;
- if (value instanceof byte[])
+ if (value instanceof byte[]) {
valueString = new String((byte[]) value);
- else
+ } else {
valueString = value.toString();
+ }
return valueString;
}
@@ -2167,20 +2084,22 @@ public class JNDIRealm extends RealmBase {
* @return the list of attribute values
* @exception NamingException if a directory server error occurs
*/
- private ArrayList<String> addAttributeValues(String attrId,
- Attributes attrs,
- ArrayList<String> values)
- throws NamingException{
+ private ArrayList<String> addAttributeValues(String attrId, Attributes attrs, ArrayList<String> values)
+ throws NamingException {
- if (containerLog.isTraceEnabled())
+ if (containerLog.isTraceEnabled()) {
containerLog.trace(" retrieving values for attribute " + attrId);
- if (attrId == null || attrs == null)
+ }
+ if (attrId == null || attrs == null) {
return values;
- if (values == null)
+ }
+ if (values == null) {
values = new ArrayList<>();
+ }
Attribute attr = attrs.get(attrId);
- if (attr == null)
+ if (attr == null) {
return values;
+ }
NamingEnumeration<?> e = attr.getAll();
try {
while(e.hasMore()) {
@@ -2188,8 +2107,9 @@ public class JNDIRealm extends RealmBase {
values.add(value);
}
} catch (PartialResultException ex) {
- if (!adCompat)
+ if (!adCompat) {
throw ex;
+ }
} finally {
e.close();
}
@@ -2222,8 +2142,9 @@ public class JNDIRealm extends RealmBase {
}
// Close our opened connection
try {
- if (containerLog.isDebugEnabled())
+ if (containerLog.isDebugEnabled()) {
containerLog.debug("Closing directory context");
+ }
connection.context.close();
} catch (NamingException e) {
containerLog.error(sm.getString("jndiRealm.close"), e);
@@ -2233,9 +2154,9 @@ public class JNDIRealm extends RealmBase {
if (connectionPool == null) {
singleConnectionLock.unlock();
}
-
}
+
/**
* Close all pooled connections.
*/
@@ -2251,6 +2172,7 @@ public class JNDIRealm extends RealmBase {
}
}
+
@Override
@Deprecated
protected String getName() {
@@ -2273,7 +2195,6 @@ public class JNDIRealm extends RealmBase {
JNDIConnection connection = null;
User user = null;
try {
-
// Ensure that we have a directory context available
connection = get();
@@ -2296,7 +2217,6 @@ public class JNDIRealm extends RealmBase {
user = getUser(connection, username, null);
}
-
// Release this context
release(connection);
@@ -2307,15 +2227,14 @@ public class JNDIRealm extends RealmBase {
// ... and have a password
return user.getPassword();
}
-
} catch (NamingException e) {
// Log the problem for posterity
containerLog.error(sm.getString("jndiRealm.exception"), e);
return null;
}
-
}
+
/**
* Get the principal associated with the specified certificate.
* @param username The user name
@@ -2326,9 +2245,9 @@ public class JNDIRealm extends RealmBase {
return getPrincipal(username, null);
}
+
@Override
- protected Principal getPrincipal(GSSName gssName,
- GSSCredential gssCredential) {
+ protected Principal getPrincipal(GSSName gssName, GSSCredential gssCredential) {
String name = gssName.toString();
if (isStripRealmForGss()) {
@@ -2342,15 +2261,14 @@ public class JNDIRealm extends RealmBase {
return getPrincipal(name, gssCredential);
}
+
@Override
- protected Principal getPrincipal(String username,
- GSSCredential gssCredential) {
+ protected Principal getPrincipal(String username, GSSCredential gssCredential) {
JNDIConnection connection = null;
Principal principal = null;
try {
-
// Ensure that we have a directory context available
connection = get();
@@ -2362,7 +2280,6 @@ public class JNDIRealm extends RealmBase {
principal = getPrincipal(connection, username, gssCredential);
} catch (CommunicationException | ServiceUnavailableException e) {
-
// log the exception so we know it's there.
containerLog.info(sm.getString("jndiRealm.exception.retry"), e);
@@ -2375,10 +2292,8 @@ public class JNDIRealm extends RealmBase {
// Try the authentication again.
principal = getPrincipal(connection, username, gssCredential);
-
}
-
// Release this context
release(connection);
@@ -2386,16 +2301,12 @@ public class JNDIRealm extends RealmBase {
return principal;
} catch (NamingException e) {
-
// Log the problem for posterity
containerLog.error(sm.getString("jndiRealm.exception"), e);
// Return "not authenticated" for this request
return null;
-
}
-
-
}
@@ -2407,9 +2318,8 @@ public class JNDIRealm extends RealmBase {
* @return the Principal associated with the given certificate.
* @exception NamingException if a directory server error occurs
*/
- protected Principal getPrincipal(JNDIConnection connection,
- String username, GSSCredential gssCredential)
- throws NamingException {
+ protected Principal getPrincipal(JNDIConnection connection, String username, GSSCredential gssCredential)
+ throws NamingException {
User user = null;
List<String> roles = null;
@@ -2421,12 +2331,9 @@ public class JNDIRealm extends RealmBase {
// Preserve the current context environment parameters
preservedEnvironment = context.getEnvironment();
// Set up context
- context.addToEnvironment(
- Context.SECURITY_AUTHENTICATION, "GSSAPI");
- context.addToEnvironment(
- "javax.security.sasl.server.authentication", "true");
- context.addToEnvironment(
- "javax.security.sasl.qop", spnegoDelegationQop);
+ context.addToEnvironment(Context.SECURITY_AUTHENTICATION, "GSSAPI");
+ context.addToEnvironment("javax.security.sasl.server.authentication", "true");
+ context.addToEnvironment("javax.security.sasl.qop", spnegoDelegationQop);
// Note: Subject already set in SPNEGO authenticator so no need
// for Subject.doAs() here
}
@@ -2436,23 +2343,20 @@ public class JNDIRealm extends RealmBase {
}
} finally {
if (gssCredential != null && isUseDelegatedCredential()) {
- restoreEnvironmentParameter(context,
- Context.SECURITY_AUTHENTICATION, preservedEnvironment);
- restoreEnvironmentParameter(context,
- "javax.security.sasl.server.authentication", preservedEnvironment);
- restoreEnvironmentParameter(context, "javax.security.sasl.qop",
- preservedEnvironment);
+ restoreEnvironmentParameter(context, Context.SECURITY_AUTHENTICATION, preservedEnvironment);
+ restoreEnvironmentParameter(context, "javax.security.sasl.server.authentication", preservedEnvironment);
+ restoreEnvironmentParameter(context, "javax.security.sasl.qop", preservedEnvironment);
}
}
if (user != null) {
- return new GenericPrincipal(user.getUserName(), user.getPassword(),
- roles, null, null, gssCredential);
+ return new GenericPrincipal(user.getUserName(), user.getPassword(), roles, null, null, gssCredential);
}
return null;
}
+
private void restoreEnvironmentParameter(DirContext context,
String parameterName, Hashtable<?, ?> preservedEnvironment) {
try {
@@ -2466,6 +2370,7 @@ public class JNDIRealm extends RealmBase {
}
}
+
/**
* Open (if necessary) and return a connection to the configured
* directory server for this Realm.
@@ -2490,6 +2395,7 @@ public class JNDIRealm extends RealmBase {
return connection;
}
+
/**
* Release our use of this connection so that it can be recycled.
*
@@ -2506,6 +2412,7 @@ public class JNDIRealm extends RealmBase {
}
}
+
/**
* Create a new connection wrapper, along with the
* message formats.
@@ -2520,8 +2427,7 @@ public class JNDIRealm extends RealmBase {
int len = userPatternArray.length;
connection.userPatternFormatArray = new MessageFormat[len];
for (int i = 0; i < len; i++) {
- connection.userPatternFormatArray[i] =
- new MessageFormat(userPatternArray[i]);
+ connection.userPatternFormatArray[i] = new MessageFormat(userPatternArray[i]);
}
}
if (roleBase != null) {
@@ -2533,6 +2439,7 @@ public class JNDIRealm extends RealmBase {
return connection;
}
+
/**
* Create a new connection to the directory server.
* @param connection The directory server connection wrapper
@@ -2567,12 +2474,14 @@ public class JNDIRealm extends RealmBase {
}
}
+
@Override
public boolean isAvailable() {
// Simple best effort check
return (connectionPool != null || singleConnection.context != null);
}
+
private DirContext createDirContext(Hashtable<String, String> env) throws NamingException {
if (useStartTls) {
return createTlsDirContext(env);
@@ -2581,13 +2490,13 @@ public class JNDIRealm extends RealmBase {
}
}
+
private SSLSocketFactory getSSLSocketFactory() {
if (sslSocketFactory != null) {
return sslSocketFactory;
}
final SSLSocketFactory result;
- if (this.sslSocketFactoryClassName != null
- && !sslSocketFactoryClassName.trim().equals("")) {
+ if (this.sslSocketFactoryClassName != null && !sslSocketFactoryClassName.trim().equals("")) {
result = createSSLSocketFactoryFromClassName(this.sslSocketFactoryClassName);
} else {
result = createSSLContextFactoryFromProtocol(sslProtocol);
@@ -2596,6 +2505,7 @@ public class JNDIRealm extends RealmBase {
return result;
}
+
private SSLSocketFactory createSSLSocketFactoryFromClassName(String className) {
try {
Object o = constructInstance(className);
@@ -2613,6 +2523,7 @@ public class JNDIRealm extends RealmBase {
}
}
+
private SSLSocketFactory createSSLContextFactoryFromProtocol(String protocol) {
try {
SSLContext sslContext;
@@ -2624,14 +2535,13 @@ public class JNDIRealm extends RealmBase {
}
return sslContext.getSocketFactory();
} catch (NoSuchAlgorithmException | KeyManagementException e) {
- List<String> allowedProtocols = Arrays
- .asList(getSupportedSslProtocols());
- throw new IllegalArgumentException(
- sm.getString("jndiRealm.invalidSslProtocol", protocol,
- allowedProtocols), e);
+ List<String> allowedProtocols = Arrays.asList(getSupportedSslProtocols());
+ throw new IllegalArgumentException(sm.getString("jndiRealm.invalidSslProtocol",
+ protocol, allowedProtocols), e);
}
}
+
/**
* Create a tls enabled LdapContext and set the StartTlsResponse tls
* instance variable.
@@ -2642,12 +2552,10 @@ public class JNDIRealm extends RealmBase {
* @throws NamingException
* when something goes wrong while negotiating the connection
*/
- private DirContext createTlsDirContext(
- Hashtable<String, String> env) throws NamingException {
+ private DirContext createTlsDirContext(Hashtable<String, String> env) throws NamingException {
Map<String, Object> savedEnv = new HashMap<>();
- for (String key : Arrays.asList(Context.SECURITY_AUTHENTICATION,
- Context.SECURITY_CREDENTIALS, Context.SECURITY_PRINCIPAL,
- Context.SECURITY_PROTOCOL)) {
+ for (String key : Arrays.asList(Context.SECURITY_AUTHENTICATION, Context.SECURITY_CREDENTIALS,
+ Context.SECURITY_PRINCIPAL, Context.SECURITY_PROTOCOL)) {
Object entry = env.remove(key);
if (entry != null) {
savedEnv.put(key, entry);
@@ -2656,8 +2564,7 @@ public class JNDIRealm extends RealmBase {
LdapContext result = null;
try {
result = new InitialLdapContext(env, null);
- tls = (StartTlsResponse) result
- .extendedOperation(new StartTlsRequest());
+ tls = (StartTlsResponse) result.extendedOperation(new StartTlsRequest());
if (getHostnameVerifier() != null) {
tls.setHostnameVerifier(getHostnameVerifier());
}
@@ -2666,22 +2573,21 @@ public class JNDIRealm extends RealmBase {
}
try {
SSLSession negotiate = tls.negotiate(getSSLSocketFactory());
- containerLog.debug(sm.getString("jndiRealm.negotiatedTls",
- negotiate.getProtocol()));
+ containerLog.debug(sm.getString("jndiRealm.negotiatedTls", negotiate.getProtocol()));
} catch (IOException e) {
throw new NamingException(e.getMessage());
}
} finally {
if (result != null) {
for (Map.Entry<String, Object> savedEntry : savedEnv.entrySet()) {
- result.addToEnvironment(savedEntry.getKey(),
- savedEntry.getValue());
+ result.addToEnvironment(savedEntry.getKey(), savedEntry.getValue());
}
}
}
return result;
}
+
/**
* Create our directory context configuration.
*
@@ -2692,40 +2598,48 @@ public class JNDIRealm extends RealmBase {
Hashtable<String,String> env = new Hashtable<>();
// Configure our directory context environment.
- if (containerLog.isDebugEnabled() && connectionAttempt == 0)
+ if (containerLog.isDebugEnabled() && connectionAttempt == 0) {
containerLog.debug("Connecting to URL " + connectionURL);
- else if (containerLog.isDebugEnabled() && connectionAttempt > 0)
+ } else if (containerLog.isDebugEnabled() && connectionAttempt > 0) {
containerLog.debug("Connecting to URL " + alternateURL);
+ }
env.put(Context.INITIAL_CONTEXT_FACTORY, contextFactory);
- if (connectionName != null)
+ if (connectionName != null) {
env.put(Context.SECURITY_PRINCIPAL, connectionName);
- if (connectionPassword != null)
+ }
+ if (connectionPassword != null) {
env.put(Context.SECURITY_CREDENTIALS, connectionPassword);
- if (connectionURL != null && connectionAttempt == 0)
+ }
+ if (connectionURL != null && connectionAttempt == 0) {
env.put(Context.PROVIDER_URL, connectionURL);
- else if (alternateURL != null && connectionAttempt > 0)
+ } else if (alternateURL != null && connectionAttempt > 0) {
env.put(Context.PROVIDER_URL, alternateURL);
- if (authentication != null)
+ }
+ if (authentication != null) {
env.put(Context.SECURITY_AUTHENTICATION, authentication);
- if (protocol != null)
+ }
+ if (protocol != null) {
env.put(Context.SECURITY_PROTOCOL, protocol);
- if (referrals != null)
+ }
+ if (referrals != null) {
env.put(Context.REFERRAL, referrals);
- if (derefAliases != null)
+ }
+ if (derefAliases != null) {
env.put(JNDIRealm.DEREF_ALIASES, derefAliases);
- if (connectionTimeout != null)
+ }
+ if (connectionTimeout != null) {
env.put("com.sun.jndi.ldap.connect.timeout", connectionTimeout);
- if (readTimeout != null)
+ }
+ if (readTimeout != null) {
env.put("com.sun.jndi.ldap.read.timeout", readTimeout);
+ }
return env;
-
}
// ------------------------------------------------------ Lifecycle Methods
-
/**
* Prepare for the beginning of active use of the public methods of this
* component and implement the requirements of
@@ -2767,7 +2681,7 @@ public class JNDIRealm extends RealmBase {
* @exception LifecycleException if this component detects a fatal error
* that needs to be reported
*/
- @Override
+ @Override
protected void stopInternal() throws LifecycleException {
super.stopInternal();
// Close any open directory server connection
@@ -2780,6 +2694,7 @@ public class JNDIRealm extends RealmBase {
}
}
+
/**
* Given a string containing LDAP patterns for user locations (separated by
* parentheses in a pseudo-LDAP search string format -
@@ -2793,7 +2708,7 @@ public class JNDIRealm extends RealmBase {
protected String[] parseUserPatternString(String userPatternString) {
if (userPatternString != null) {
- ArrayList<String> pathList = new ArrayList<>();
+ List<String> pathList = new ArrayList<>();
int startParenLoc = userPatternString.indexOf('(');
if (startParenLoc == -1) {
// no parens here; return whole thing
@@ -2814,8 +2729,7 @@ public class JNDIRealm extends RealmBase {
while (userPatternString.charAt(endParenLoc - 1) == '\\') {
endParenLoc = userPatternString.indexOf(')', endParenLoc+1);
}
- String nextPathPart = userPatternString.substring
- (startParenLoc+1, endParenLoc);
+ String nextPathPart = userPatternString.substring(startParenLoc+1, endParenLoc);
pathList.add(nextPathPart);
startingPoint = endParenLoc+1;
startParenLoc = userPatternString.indexOf('(', startingPoint);
@@ -2823,7 +2737,6 @@ public class JNDIRealm extends RealmBase {
return pathList.toArray(new String[] {});
}
return null;
-
}
@@ -2879,47 +2792,42 @@ public class JNDIRealm extends RealmBase {
* @return String containing the distinguished name
* @exception NamingException if a directory server error occurs
*/
- protected String getDistinguishedName(DirContext context, String base,
- SearchResult result) throws NamingException {
+ protected String getDistinguishedName(DirContext context, String base, SearchResult result) throws NamingException {
// Get the entry's distinguished name. For relative results, this means
// we need to composite a name with the base name, the context name, and
// the result name. For non-relative names, use the returned name.
String resultName = result.getName();
Name name;
if (result.isRelative()) {
- if (containerLog.isTraceEnabled()) {
- containerLog.trace(" search returned relative name: " + resultName);
- }
- NameParser parser = context.getNameParser("");
- Name contextName = parser.parse(context.getNameInNamespace());
- Name baseName = parser.parse(base);
-
- // Bugzilla 32269
- Name entryName = parser.parse(new CompositeName(resultName).get(0));
-
- name = contextName.addAll(baseName);
- name = name.addAll(entryName);
+ if (containerLog.isTraceEnabled()) {
+ containerLog.trace(" search returned relative name: " + resultName);
+ }
+ NameParser parser = context.getNameParser("");
+ Name contextName = parser.parse(context.getNameInNamespace());
+ Name baseName = parser.parse(base);
+
+ // Bugzilla 32269
+ Name entryName = parser.parse(new CompositeName(resultName).get(0));
+
+ name = contextName.addAll(baseName);
+ name = name.addAll(entryName);
} else {
- if (containerLog.isTraceEnabled()) {
- containerLog.trace(" search returned absolute name: " + resultName);
- }
- try {
- // Normalize the name by running it through the name parser.
- NameParser parser = context.getNameParser("");
- URI userNameUri = new URI(resultName);
- String pathComponent = userNameUri.getPath();
- // Should not ever have an empty path component, since that is /{DN}
- if (pathComponent.length() < 1 ) {
- throw new InvalidNameException(
- "Search returned unparseable absolute name: " +
- resultName );
- }
- name = parser.parse(pathComponent.substring(1));
- } catch ( URISyntaxException e ) {
- throw new InvalidNameException(
- "Search returned unparseable absolute name: " +
- resultName );
- }
+ if (containerLog.isTraceEnabled()) {
+ containerLog.trace(" search returned absolute name: " + resultName);
+ }
+ try {
+ // Normalize the name by running it through the name parser.
+ NameParser parser = context.getNameParser("");
+ URI userNameUri = new URI(resultName);
+ String pathComponent = userNameUri.getPath();
+ // Should not ever have an empty path component, since that is /{DN}
+ if (pathComponent.length() < 1 ) {
+ throw new InvalidNameException("Search returned unparseable absolute name: " + resultName);
+ }
+ name = parser.parse(pathComponent.substring(1));
+ } catch ( URISyntaxException e ) {
+ throw new InvalidNameException("Search returned unparseable absolute name: " + resultName);
+ }
}
if (getForceDnHexEscape()) {
@@ -3007,7 +2915,7 @@ public class JNDIRealm extends RealmBase {
}
- // ------------------------------------------------------ Private Classes
+ // ------------------------------------------------------ Protected Classes
/**
* A protected class representing a User
@@ -3020,9 +2928,7 @@ public class JNDIRealm extends RealmBase {
private final List<String> roles;
private final String userRoleId;
-
- public User(String username, String dn, String password,
- List<String> roles, String userRoleId) {
+ public User(String username, String dn, String password, List<String> roles, String userRoleId) {
this.username = username;
this.dn = dn;
this.password = password;
@@ -3055,6 +2961,7 @@ public class JNDIRealm extends RealmBase {
}
}
+
/**
* Class holding the connection to the directory plus the associated
* non thread safe message formats.
@@ -3089,8 +2996,5 @@ public class JNDIRealm extends RealmBase {
* The directory context linking us to our directory server.
*/
protected DirContext context = null;
-
}
-
}
-
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org