DO NOT REPLY [Bug 21669] New: - JNDIRealm roleBase pattern enahncement

Wed, 16 Jul 2003 15:55:35 -0700 

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21669>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21669

JNDIRealm roleBase pattern enahncement

           Summary: JNDIRealm roleBase pattern enahncement
           Product: Tomcat 4
           Version: 4.1.24
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Enhancement
          Priority: Other
         Component: Catalina
        AssignedTo: [EMAIL PROTECTED]
        ReportedBy: [EMAIL PROTECTED]


Currently the roleBase attribute must be a fxed location in the directory. A 
simple change would allow the role base to be specified relative to the user 
DN. My enhancement suggestion would change the roleBase definition as follows:

roleBase - the base entry for the role search. If not specified, the search 
base is the top level directory context. If specified it may optionally include 
pattern replacements "{0}".."{n}" corrosponding to the name parts of the user's 
distinguished name (as returned by javax.naming.Name.get()).

For example, in the <Realm> defintion in server.xml you could specify the 
roleBase as:

    roleBase="ou=Groups,{1},{0}"

The majority of the code to accomplish this would be in JNDIRealm.getRoles() 
and could look like this:

        String base = null;
        if ( roleBaseFormat != null )
        {
                NameParser np = context.getNameParser("");
                Name name = np.parse(dn);
                String nameParts[] = new String[name.size()];
                for ( int idx = 0 ; idx < name.size() ; idx++ )
                        nameParts[idx] = name.get(idx);
        base = roleBaseFormat.format(nameParts);
        }

        // Perform the configured search and process the results
        if (debug >= 3) {
            log("  Searching role base '" + base + "' for attribute '" +
                roleName + "'");
            log("  With filter expression '" + filter + "'");
        }
        NamingEnumeration results =
            context.search(base, filter, controls);

Thank You,
Art

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to