KARAF-4637 - LDAPLoginModule - Added option to trim usernames
diff --git a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java
index f8743c6..6d759e1 100644
--- a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java
+++ b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java
@@ -80,6 +80,11 @@
// valid password (because if authentication = none, the password could be any
// value - it is ignored).
LDAPOptions options = new LDAPOptions(this.options);
+ if(options.isUsernameTrim()){
+ if(user != null){
+ user = user.trim();
+ }
+ }
String authentication = options.getAuthentication();
if ("none".equals(authentication) && (user != null || tmpPassword != null)) {
logger.debug("Changing from authentication = none to simple since user or password was specified.");
diff --git a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPOptions.java b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPOptions.java
index 390cbb3..60a7d54 100644
--- a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPOptions.java
+++ b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPOptions.java
@@ -55,6 +55,7 @@
public static final String SSL_KEYALIAS = "ssl.keyalias";
public static final String SSL_TRUSTSTORE = "ssl.truststore";
public static final String SSL_TIMEOUT = "ssl.timeout";
+ public static final String USERNAMES_TRIM = "usernames.trim";
public static final String DEFAULT_INITIAL_CONTEXT_FACTORY = "com.sun.jndi.ldap.LdapCtxFactory";
public static final String DEFAULT_AUTHENTICATION = "simple";
public static final int DEFAULT_SSL_TIMEOUT = 10;
@@ -81,6 +82,10 @@
return options.hashCode();
}
+ public boolean isUsernameTrim() {
+ return Boolean.parseBoolean((String) options.get(USERNAMES_TRIM));
+ }
+
public String getUserFilter() {
return (String) options.get(USER_FILTER);
}
diff --git a/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/ldap/LdapLoginModuleTest.java b/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/ldap/LdapLoginModuleTest.java
index 307aae5..2c11915 100644
--- a/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/ldap/LdapLoginModuleTest.java
+++ b/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/ldap/LdapLoginModuleTest.java
@@ -184,6 +184,50 @@
}
@Test
+ public void testTrimmedUsernameLogin() throws Exception {
+ Properties options = ldapLoginModuleOptions();
+ options.put("usernames.trim", "true");
+ LDAPLoginModule module = new LDAPLoginModule();
+ CallbackHandler cb = new CallbackHandler() {
+ public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+ for (Callback cb : callbacks) {
+ if (cb instanceof NameCallback) {
+ ((NameCallback) cb).setName("cheese ");
+ } else if (cb instanceof PasswordCallback) {
+ ((PasswordCallback) cb).setPassword("foodie".toCharArray());
+ }
+ }
+ }
+ };
+ Subject subject = new Subject();
+ module.initialize(subject, cb, null, options);
+
+ assertEquals("Precondition", 0, subject.getPrincipals().size());
+ assertTrue(module.login());
+ assertTrue(module.commit());
+
+ assertEquals(1, subject.getPrincipals().size());
+
+ boolean foundUser = false;
+ boolean foundRole = false;
+ for (Principal pr : subject.getPrincipals()) {
+ if (pr instanceof UserPrincipal) {
+ assertEquals("cheese", pr.getName());
+ foundUser = true;
+ } else if (pr instanceof RolePrincipal) {
+ assertEquals("admin", pr.getName());
+ foundRole = true;
+ }
+ }
+ assertTrue(foundUser);
+ // cheese is not an admin so no roles should be returned
+ assertFalse(foundRole);
+
+ assertTrue(module.logout());
+ assertEquals("Principals should be gone as the user has logged out", 0, subject.getPrincipals().size());
+ }
+
+ @Test
public void testBadPassword() throws Exception {
Properties options = ldapLoginModuleOptions();
LDAPLoginModule module = new LDAPLoginModule();
