You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jetspeed-dev@portals.apache.org by at...@apache.org on 2007/12/21 17:27:18 UTC

svn commit: r606238 - /portals/jetspeed-2/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/ldap/LdapMemberShipDaoImpl.java

Author: ate
Date: Fri Dec 21 08:27:17 2007
New Revision: 606238

URL: http://svn.apache.org/viewvc?rev=606238&view=rev
Log:
Fix for JS2-836: Lookup of LDAP users per role using a role membership attribute on a user is broken
Patch provided by Dennis Dam

Modified:
    portals/jetspeed-2/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/ldap/LdapMemberShipDaoImpl.java

Modified: portals/jetspeed-2/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/ldap/LdapMemberShipDaoImpl.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/ldap/LdapMemberShipDaoImpl.java?rev=606238&r1=606237&r2=606238&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/ldap/LdapMemberShipDaoImpl.java (original)
+++ portals/jetspeed-2/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/ldap/LdapMemberShipDaoImpl.java Fri Dec 21 08:27:17 2007
@@ -351,15 +351,25 @@
 	public String[] searchUsersFromRoleByUser(final String rolePrincipalUid, SearchControls cons)
 	throws NamingException
 	{
-	
-		String query = "(&(" + getUserRoleMembershipAttribute() + "=" + rolePrincipalUid + ")" + getUserFilter() + ")";
+        String roleMemberAttr = getUserRoleMembershipAttribute();
+        /*
+         *  search for those users with a role membership attribute matching two possible values:  
+         *    - the role principal UID (e.g. 'admin') or
+         *    - the full DN of the role (e.g. 'cn=admin,ou=Roles,o=sevenSeas')     
+         */ 
+        StringBuffer byRolePrincipalUidMatch = new StringBuffer("(").append(roleMemberAttr).append("=").append(rolePrincipalUid).append(")");
+        StringBuffer byRoleDNMatch = new StringBuffer("(").append(roleMemberAttr).append("=").append(getRoleDN(rolePrincipalUid, true)).append(")");
+        
+        StringBuffer completeRoleAttrMatch = new StringBuffer("(|").append(byRolePrincipalUidMatch).append(byRoleDNMatch).append(")");
+        StringBuffer query= new StringBuffer("(&").append(completeRoleAttrMatch).append("(").append(getUserFilter()).append("))");
+        
 		if (logger.isDebugEnabled())
 		{
 		    logger.debug("query[" + query + "]");
 		}
 	    
 		cons.setSearchScope(getSearchScope());
-	    NamingEnumeration results = ((DirContext) ctx).search(getUserFilterBase(),query , cons);	    
+	    NamingEnumeration results = ((DirContext) ctx).search(getUserFilterBase(),query.toString() , cons);	    
 
 		ArrayList userPrincipalUids = new ArrayList();
 		



---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org