inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged V3.2 to HEAD

Browse Source 
18157: ETHREEOH-3787: Support portal URL rewriting within surf webscripts
      - WebScriptServletResponse extended to use portlet helper to rewrite URLs when running in context of a portlet. (We can't use WebScriptPortletRequest / Response because we need the full servlet runtime for Surf.)
      - CMIS test webscripts corrected to be portlet enabled
   18272: Merged DEV/BELARUS/V3.2-2010_01_11 to V3.2
      18257: ETHREEOH-4002: User/Group sync does not handle LDAP communication failures
         - Merged with corrections
   18276: ETHREEOH-4002: Correction to previous checkin - modification dates are only persisted after successful processing of users and groups, so need to delete them on comms failure
   18326: ETHREEOH-3873: usr:authorityContainer type metadata must be left in place for upgraded repositories
      - Otherwise you get errors when re-indexing the migrated group nodes
   18340: ETHREEOH-4069: LDAP sync cannot resolve DNs containing a slash character
      - Due to JNDI interpreting the slash character as a separator
   18403: ETHREEOH-4008: LDAP sync should preserve case of group members
      - Was incorrectly extracting attributes from lower-cased DN


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@18433 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Dave Ward
2010-02-03 12:59:34 +00:00
parent 089c5932ee
commit cdb8e6ef43
2 changed files with 66 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
source/java/org/alfresco/repo/security/sync/ldap/LDAPUserRegistry.java
View File

@@ -41,7 +41,9 @@ import java.util.TreeMap;
import java.util.TreeSet;
import java.util.regex.Pattern;
import javax.naming.CompositeName;
import javax.naming.InvalidNameException;
import javax.naming.Name;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
@@ -684,13 +686,14 @@ public class LDAPUserRegistry implements UserRegistry, LDAPNameResolver, Initial
{
// Attempt to parse the member attribute as a DN. If this fails we have a fallback
// in the catch block
LdapName distinguishedName = new LdapName(attribute.toLowerCase());
LdapName distinguishedNameForComparison = new LdapName(attribute.toLowerCase());
Attribute nameAttribute;
// If the user and group search bases are different we may be able to recognize user
// and group DNs without a secondary lookup
if (disjoint)
{
LdapName distinguishedName = new LdapName(attribute);
Attributes nameAttributes = distinguishedName.getRdn(distinguishedName.size() - 1)
.toAttributes();
@@ -714,12 +717,12 @@ public class LDAPUserRegistry implements UserRegistry, LDAPNameResolver, Initial
}
// If we can't determine the name and type from the DN alone, try a directory lookup
if (distinguishedName.startsWith(userDistinguishedNamePrefix)
|| distinguishedName.startsWith(groupDistinguishedNamePrefix))
if (distinguishedNameForComparison.startsWith(userDistinguishedNamePrefix)
|| distinguishedNameForComparison.startsWith(groupDistinguishedNamePrefix))
{
try
{
Attributes childAttributes = this.ctx.getAttributes(attribute, new String[]
Attributes childAttributes = this.ctx.getAttributes(jndiName(attribute), new String[]
{
"objectclass", LDAPUserRegistry.this.groupIdAttributeName,
LDAPUserRegistry.this.userIdAttributeName
@@ -805,7 +808,7 @@ public class LDAPUserRegistry implements UserRegistry, LDAPNameResolver, Initial
// fetch the next batch
if (nextStart > 0 && !PATTERN_RANGE_END.matcher(memAttribute.getID().toLowerCase()).find())
{
Attributes childAttributes = this.ctx.getAttributes(result.getNameInNamespace(), new String[]
Attributes childAttributes = this.ctx.getAttributes(jndiName(result.getNameInNamespace()), new String[]
{
LDAPUserRegistry.this.memberAttributeName + ";range=" + nextStart + '-'
+ (nextStart + LDAPUserRegistry.this.attributeBatchSize - 1)
@@ -835,6 +838,23 @@ public class LDAPUserRegistry implements UserRegistry, LDAPNameResolver, Initial
return lookup.values();
}
/**
* Converts a given DN into one suitable for use through JNDI. In particular, escapes special characters such as '/'
* which have special meaning to JNDI.
*
* @param dn
* the dn
* @return the name
* @throws InvalidNameException
* the invalid name exception
*/
private static Name jndiName(String dn) throws InvalidNameException
{
Name n = new CompositeName();
n.add(dn);
return n;
}
/**
* Invokes the given callback on each entry returned by the given query.
*
@@ -862,7 +882,7 @@ public class LDAPUserRegistry implements UserRegistry, LDAPNameResolver, Initial
NamingEnumeration<SearchResult> searchResults;
searchResults = ctx.search(searchBase, query, searchControls);
while (searchResults.hasMoreElements())
while (searchResults.hasMore())
{
SearchResult result = searchResults.next();
callback.process(result);
@@ -919,9 +939,9 @@ public class LDAPUserRegistry implements UserRegistry, LDAPNameResolver, Initial
NamingEnumeration<SearchResult> searchResults = ctx.search(this.userSearchBase, "(&" + this.personQuery
+ "(" + this.userIdAttributeName + "=" + userId + "))", userSearchCtls);
if (searchResults.hasMoreElements())
if (searchResults.hasMore())
{
return searchResults.next().getNameInNamespace();
return jndiName(searchResults.next().getNameInNamespace()).toString();
}
throw new AuthenticationException("Failed to resolve user: " + userId);
}
@@ -1200,7 +1220,7 @@ public class LDAPUserRegistry implements UserRegistry, LDAPNameResolver, Initial
do
{
readyForNextPage = this.searchResults == null;
while (!readyForNextPage && this.searchResults.hasMoreElements())
while (!readyForNextPage && this.searchResults.hasMore())
{
SearchResult result = this.searchResults.next();
Attributes attributes = result.getAttributes();