You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by at...@apache.org on 2007/12/21 17:27:18 UTC
svn commit: r606238 -
/portals/jetspeed-2/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/ldap/LdapMemberShipDaoImpl.java
Author: ate
Date: Fri Dec 21 08:27:17 2007
New Revision: 606238
URL: http://svn.apache.org/viewvc?rev=606238&view=rev
Log:
Fix for JS2-836: Lookup of LDAP users per role using a role membership attribute on a user is broken
Patch provided by Dennis Dam
Modified:
portals/jetspeed-2/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/ldap/LdapMemberShipDaoImpl.java
Modified: portals/jetspeed-2/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/ldap/LdapMemberShipDaoImpl.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/ldap/LdapMemberShipDaoImpl.java?rev=606238&r1=606237&r2=606238&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/ldap/LdapMemberShipDaoImpl.java (original)
+++ portals/jetspeed-2/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/ldap/LdapMemberShipDaoImpl.java Fri Dec 21 08:27:17 2007
@@ -351,15 +351,25 @@
public String[] searchUsersFromRoleByUser(final String rolePrincipalUid, SearchControls cons)
throws NamingException
{
-
- String query = "(&(" + getUserRoleMembershipAttribute() + "=" + rolePrincipalUid + ")" + getUserFilter() + ")";
+ String roleMemberAttr = getUserRoleMembershipAttribute();
+ /*
+ * search for those users with a role membership attribute matching two possible values:
+ * - the role principal UID (e.g. 'admin') or
+ * - the full DN of the role (e.g. 'cn=admin,ou=Roles,o=sevenSeas')
+ */
+ StringBuffer byRolePrincipalUidMatch = new StringBuffer("(").append(roleMemberAttr).append("=").append(rolePrincipalUid).append(")");
+ StringBuffer byRoleDNMatch = new StringBuffer("(").append(roleMemberAttr).append("=").append(getRoleDN(rolePrincipalUid, true)).append(")");
+
+ StringBuffer completeRoleAttrMatch = new StringBuffer("(|").append(byRolePrincipalUidMatch).append(byRoleDNMatch).append(")");
+ StringBuffer query= new StringBuffer("(&").append(completeRoleAttrMatch).append("(").append(getUserFilter()).append("))");
+
if (logger.isDebugEnabled())
{
logger.debug("query[" + query + "]");
}
cons.setSearchScope(getSearchScope());
- NamingEnumeration results = ((DirContext) ctx).search(getUserFilterBase(),query , cons);
+ NamingEnumeration results = ((DirContext) ctx).search(getUserFilterBase(),query.toString() , cons);
ArrayList userPrincipalUids = new ArrayList();
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org