-
Bug
-
Resolution: Done
-
Major
-
fuse-esb-7.1.0
-
None
-
None
-
%
We are developing a authentication/authorization model that runs on Fuse ESB. We would like to leverage the LDAPLoginModule to not only authenticate the user but also to provide all the roles to which the user is assigned. In the current module: org.apache.karaf.jaas.modules.ldap.LDAPLoginModule (version 2.3.0)
=== starting from line 249:
NamingEnumeration namingEnumeration = context.search(roleBaseDN, roleFilter, controls);
while (namingEnumeration.hasMore()) {
SearchResult result = (SearchResult) namingEnumeration.next();
Attributes attributes = result.getAttributes();
String role = (String) attributes.get(roleNameAttribute).get();
if (role != null) {
principals.add(new RolePrincipal(role));
}
}
Attributes.get(...).get() will return only one attribute according to javax.naming.directory.Attribute.get():
Retrieves one of this attribute's values. If the attribute has more than one value and is unordered,
any one of the values is returned. If the attribute has more than one value and is ordered, the first value is returned.
We have multiple roles associated with a user and all roles must be used.
suggested fix is:
Attribute roles = attributes.get(roleNameAttribute); if (roles != null) { for (int i=0; i<roles.size(); i++) { String role = roles.get(i); if (role != null) { principals.add(new RolePrincipal(role)); } }
