You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@karaf.apache.org by jb...@apache.org on 2017/02/24 11:43:43 UTC
[1/2] karaf git commit: [KARAF-4989] Improve parsing of role.mapping
option in JAAS LDAP Login Module in order to support FQDN
Repository: karaf
Updated Branches:
refs/heads/master 0e03f5cf0 -> 991903641
[KARAF-4989] Improve parsing of role.mapping option in JAAS LDAP Login Module in order to support FQDN
Project: http://git-wip-us.apache.org/repos/asf/karaf/repo
Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/f18cad5b
Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/f18cad5b
Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/f18cad5b
Branch: refs/heads/master
Commit: f18cad5bf0cd9ab0ca9b6f9995943f4abea5cb40
Parents: 0e03f5c
Author: Andrea Tarocchi <at...@redhat.com>
Authored: Thu Feb 16 13:53:06 2017 +0000
Committer: Jean-Baptiste Onofr� <jb...@apache.org>
Committed: Fri Feb 24 11:10:37 2017 +0100
----------------------------------------------------------------------
.../karaf/jaas/modules/ldap/LDAPOptions.java | 6 +--
.../jaas/modules/ldap/LdapLoginModuleTest.java | 50 ++++++++++++++++++++
.../karaf/jaas/modules/ldap/example.com.ldif | 2 +-
.../modules/ldap/example.com_with_escapes.ldif | 1 +
4 files changed, 55 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/karaf/blob/f18cad5b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPOptions.java
----------------------------------------------------------------------
diff --git a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPOptions.java b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPOptions.java
index 24c28ad..c0bd75b 100644
--- a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPOptions.java
+++ b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPOptions.java
@@ -125,9 +125,9 @@ public class LDAPOptions {
LOGGER.debug("Parse role mapping {}", option);
String[] mappings = option.split(";");
for (String mapping : mappings) {
- String[] map = mapping.split("=", 2);
- String ldapRole = map[0].trim();
- String[] karafRoles = map[1].split(",");
+ int index = mapping.lastIndexOf("=");
+ String ldapRole = mapping.substring(0,index).trim();
+ String[] karafRoles = mapping.substring(index+1).split(",");
if (roleMapping.get(ldapRole) == null) {
roleMapping.put(ldapRole, new HashSet<String>());
}
http://git-wip-us.apache.org/repos/asf/karaf/blob/f18cad5b/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/ldap/LdapLoginModuleTest.java
----------------------------------------------------------------------
diff --git a/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/ldap/LdapLoginModuleTest.java b/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/ldap/LdapLoginModuleTest.java
index ff51a31..e93c0dd 100644
--- a/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/ldap/LdapLoginModuleTest.java
+++ b/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/ldap/LdapLoginModuleTest.java
@@ -438,5 +438,55 @@ public class LdapLoginModuleTest extends AbstractLdapTestUnit {
assertTrue(module.logout());
assertEquals("Principals should be gone as the user has logged out", 0, subject.getPrincipals().size());
}
+
+ @Test
+ public void testRoleMappingFqdn() throws Exception {
+ Properties options = ldapLoginModuleOptions();
+ options.put(LDAPOptions.ROLE_MAPPING, "cn=admin,ou=groups,dc=example,dc=com=karaf;cn=admin,ou=mygroups,dc=example,dc=com=another");
+ options.put(LDAPOptions.ROLE_BASE_DN, "ou=groups,dc=example,dc=com");
+ options.put(LDAPOptions.ROLE_SEARCH_SUBTREE, "true");
+ options.put(LDAPOptions.ROLE_FILTER, "(member=%fqdn)");
+ options.put(LDAPOptions.ROLE_NAME_ATTRIBUTE, "description");
+ LDAPLoginModule module = new LDAPLoginModule();
+ CallbackHandler cb = new CallbackHandler() {
+ public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+ for (Callback cb : callbacks) {
+ if (cb instanceof NameCallback) {
+ ((NameCallback) cb).setName("admin");
+ } else if (cb instanceof PasswordCallback) {
+ ((PasswordCallback) cb).setPassword("admin123".toCharArray());
+ }
+ }
+ }
+ };
+ Subject subject = new Subject();
+ module.initialize(subject, cb, null, options);
+
+ assertEquals("Precondition", 0, subject.getPrincipals().size());
+ assertTrue(module.login());
+ assertTrue(module.commit());
+
+ assertEquals(2, subject.getPrincipals().size());
+
+ final List<String> roles = new ArrayList<String>(Arrays.asList("karaf"));
+
+ boolean foundUser = false;
+ boolean foundRole = false;
+ for (Principal principal : subject.getPrincipals()) {
+ if (principal instanceof UserPrincipal) {
+ assertEquals("admin", principal.getName());
+ foundUser = true;
+ } else if (principal instanceof RolePrincipal) {
+ assertTrue(roles.remove(principal.getName()));
+ foundRole = true;
+ }
+ }
+ assertTrue(foundUser);
+ assertTrue(foundRole);
+ assertTrue(roles.isEmpty());
+
+ assertTrue(module.logout());
+ assertEquals("Principals should be gone as the user has logged out", 0, subject.getPrincipals().size());
+ }
}
http://git-wip-us.apache.org/repos/asf/karaf/blob/f18cad5b/jaas/modules/src/test/resources/org/apache/karaf/jaas/modules/ldap/example.com.ldif
----------------------------------------------------------------------
diff --git a/jaas/modules/src/test/resources/org/apache/karaf/jaas/modules/ldap/example.com.ldif b/jaas/modules/src/test/resources/org/apache/karaf/jaas/modules/ldap/example.com.ldif
index 39fa562..a437f46 100644
--- a/jaas/modules/src/test/resources/org/apache/karaf/jaas/modules/ldap/example.com.ldif
+++ b/jaas/modules/src/test/resources/org/apache/karaf/jaas/modules/ldap/example.com.ldif
@@ -34,6 +34,7 @@ dn: cn=admin,ou=groups,dc=example,dc=com
objectClass: top
objectClass: groupOfNames
cn: admin
+description: cn=admin,ou=groups,dc=example,dc=com
member: cn=admin,ou=people,dc=example,dc=com
dn: cn=admin,ou=people,dc=example,dc=com
@@ -55,4 +56,3 @@ cn: cheese
sn: cheese
uid: cheese
userPassword: foodie
-
http://git-wip-us.apache.org/repos/asf/karaf/blob/f18cad5b/jaas/modules/src/test/resources/org/apache/karaf/jaas/modules/ldap/example.com_with_escapes.ldif
----------------------------------------------------------------------
diff --git a/jaas/modules/src/test/resources/org/apache/karaf/jaas/modules/ldap/example.com_with_escapes.ldif b/jaas/modules/src/test/resources/org/apache/karaf/jaas/modules/ldap/example.com_with_escapes.ldif
index 3736aea..2f6cff3 100644
--- a/jaas/modules/src/test/resources/org/apache/karaf/jaas/modules/ldap/example.com_with_escapes.ldif
+++ b/jaas/modules/src/test/resources/org/apache/karaf/jaas/modules/ldap/example.com_with_escapes.ldif
@@ -34,6 +34,7 @@ dn: cn=admin,ou=groups,dc=example,dc=com
objectClass: top
objectClass: groupOfNames
cn: admin
+description: cn=admin,ou=groups,dc=example,dc=com
member: cn=admin\,\=\+\<\>#\;\\,ou=people,dc=example,dc=com
dn: cn=admin\,\=\+\<\>#\;\\,ou=people,dc=example,dc=com
[2/2] karaf git commit: [KARAF-4989] This closes #283
Posted by jb...@apache.org.
[KARAF-4989] This closes #283
Project: http://git-wip-us.apache.org/repos/asf/karaf/repo
Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/99190364
Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/99190364
Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/99190364
Branch: refs/heads/master
Commit: 99190364126d7c33b72c5fe7229c8c9448d415ef
Parents: 0e03f5c f18cad5
Author: Jean-Baptiste Onofr� <jb...@apache.org>
Authored: Fri Feb 24 12:43:36 2017 +0100
Committer: Jean-Baptiste Onofr� <jb...@apache.org>
Committed: Fri Feb 24 12:43:36 2017 +0100
----------------------------------------------------------------------
.../karaf/jaas/modules/ldap/LDAPOptions.java | 6 +--
.../jaas/modules/ldap/LdapLoginModuleTest.java | 50 ++++++++++++++++++++
.../karaf/jaas/modules/ldap/example.com.ldif | 2 +-
.../modules/ldap/example.com_with_escapes.ldif | 1 +
4 files changed, 55 insertions(+), 4 deletions(-)
----------------------------------------------------------------------