[Lada-commits] [PATCH] ange ShibbolethFilter to accept non-ldap-formated roles (without cn=..)
Wald Commits
scm-commit at wald.intevation.org
Wed Sep 28 08:48:11 CEST 2016
# HG changeset patch
# User Michael Stanko <mstanko at bfs.de>
# Date 1475045284 -7200
# Node ID 37952c111f71bd1699c5288472ff04a25daece1a
# Parent 3c9616e5439ff90d01aa513d743960c20e7e9898
ange ShibbolethFilter to accept non-ldap-formated roles (without cn=..)
diff -r 3c9616e5439f -r 37952c111f71 src/main/java/de/intevation/lada/util/auth/ShibbolethFilter.java
--- a/src/main/java/de/intevation/lada/util/auth/ShibbolethFilter.java Fri Sep 23 17:56:22 2016 +0200
+++ b/src/main/java/de/intevation/lada/util/auth/ShibbolethFilter.java Wed Sep 28 08:48:04 2016 +0200
@@ -1,24 +1,20 @@
/* Copyright (C) 2015 by Bundesamt fuer Strahlenschutz
* Software engineering by Intevation GmbH
*
- * This file is Free Software under the GNU GPL (v>=3)
- * and comes with ABSOLUTELY NO WARRANTY! Check out
- * the documentation coming with IMIS-Labordaten-Application for details.
+ * This file is Free Software under the GNU GPL (v>=3)
+ * and comes with ABSOLUTELY NO WARRANTY! Check out
+ * the documentation coming with IMIS-Labordaten-Application for details.
*/
package de.intevation.lada.util.auth;
import java.io.IOException;
import java.io.InputStream;
-import java.util.ArrayList;
-import java.util.Enumeration;
-import java.util.List;
+import java.util.HashSet;
+import java.util.Set;
import java.util.Properties;
import javax.inject.Inject;
-import javax.naming.InvalidNameException;
-import javax.naming.ldap.LdapName;
-import javax.naming.ldap.Rdn;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
@@ -104,9 +100,8 @@
return;
}
- List<String> rolesValue = extractRoles(roles);
- if (roles == null || "".equals(roles) ||
- rolesValue == null || rolesValue.isEmpty()) {
+ Set<String> rolesValue = extractRoles(roles);
+ if (rolesValue == null || rolesValue.isEmpty()) {
httpResponse.reset();
httpResponse.setStatus(401);
httpResponse.getOutputStream().print("{\"success\":false,\"message\":\"698\",\"data\":" +
@@ -133,30 +128,18 @@
}
- private List<String> extractRoles(String roles) {
- LdapName ldap;
- try {
- ldap = new LdapName("");
+ private Set<String> extractRoles(String roles) {
+ Set<String> groups = new HashSet<>();
+ if (roles == null || "".equals(roles) || "(null)".equals(roles)) {
+ return groups;
+ } else {
String[] groupStrings = roles.split(";");
+ String item;
for (int i = 0; i < groupStrings.length; i++) {
- String[] items = groupStrings[i].trim().split(",");
- for (int j = 0; j < items.length; j++) {
- ldap.add(items[j]);
- }
- }
- List<Rdn> rdns = ldap.getRdns();
- List<String> groups = new ArrayList<String>();
- for (Rdn rdn: rdns) {
- String value = (String)rdn.getValue();
- if (rdn.getType().equals("cn") &&
- !"groups".equals(rdn.getValue().toString())) {
- groups.add(value);
- }
+ item = groupStrings[i].replaceAll(",.*", "").replace("cn=", "");
+ groups.add(item);
}
return groups;
- } catch (InvalidNameException e) {
- logger.debug("ShibbolethFilter failed!", e);
- return null;
}
}
More information about the Lada-commits
mailing list