modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/authentication/AuthenticateUserAction.java
| 30 ++++++++++
modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/core/jaas/LdapLoginModule.java
| 2
2 files changed, 30 insertions(+), 2 deletions(-)
New commits:
commit 14371b8ab9271598d798b32f236a4fed586ff491
Author: Simeon Pinder <spinder(a)redhat.com>
Date: Fri Apr 30 09:13:25 2010 -0400
BZ 586435:conditionally check for case insensitive ldap usernames and reload
accordingly.
diff --git
a/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/authentication/AuthenticateUserAction.java
b/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/authentication/AuthenticateUserAction.java
index 2328e25..db8b1f0 100644
---
a/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/authentication/AuthenticateUserAction.java
+++
b/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/authentication/AuthenticateUserAction.java
@@ -38,6 +38,8 @@ import org.apache.struts.tiles.actions.TilesAction;
import org.rhq.core.domain.auth.Subject;
import org.rhq.core.domain.authz.Permission;
import org.rhq.core.domain.configuration.Configuration;
+import org.rhq.core.domain.criteria.SubjectCriteria;
+import org.rhq.core.domain.util.PageList;
import org.rhq.enterprise.gui.legacy.AttrConstants;
import org.rhq.enterprise.gui.legacy.Constants;
import org.rhq.enterprise.gui.legacy.WebUser;
@@ -94,6 +96,34 @@ public class AuthenticateUserAction extends TilesAction {
// entry in the principals table. If they do, then we know we use JDBC
authentication
// for that user. If they do not, then we must be using LDAP to
authenticate that user.
hasPrincipal =
subjectManager.isUserWithPrincipal(logonForm.getJ_username());
+
+ if (!hasPrincipal && needsRegistration) {
+ //for the case when they're already registered but entering a
case sensitive different name
+ //BZ-586435: insert case insensitivity for usernames with ldap auth
+ // locate first matching subject and attach.
+ SubjectCriteria subjectCriteria = new SubjectCriteria();
+ subjectCriteria.setCaseSensitive(false);
+ subjectCriteria.setStrict(true);
+ subjectCriteria.addFilterName(logonForm.getJ_username());
+ subjectCriteria.fetchRoles(true);
+ subjectCriteria.fetchConfiguration(true);
+ PageList<Subject> subjectsLocated =
LookupUtil.getSubjectManager().findSubjectsByCriteria(
+ LookupUtil.getSubjectManager().getOverlord(), subjectCriteria);
+ //if subject variants located then take the first one with a
principal otherwise do nothing
+ //To defend against the case where they create an account with the
same name but not
+ //case as an rhq sysadmin or higher perms, then make them relogin
with same creds entered.
+ if (!subjectsLocated.isEmpty()) {//then case insensitive username
matches found. Try to use instead.
+ Subject ldapSubject = subjectsLocated.get(0);
+ String msg = "Located existing ldap account with different
case for [" + ldapSubject.getName()
+ + "]. " + "Attempting to authenticate with
that account instead.";
+ log.info(msg);
+ subject = subjectManager.login(ldapSubject.getName(),
logonForm.getJ_password());
+ sessionId = subject.getSessionId();
+ log.debug("Logged in as [" + ldapSubject.getName() +
"] with session id [" + sessionId + "]");
+ needsRegistration = false;
+ }
+ }
+
} else {
// with regular JDBC authentication, we are guaranteed to have a
principal
hasPrincipal = true;
diff --git
a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/core/jaas/LdapLoginModule.java
b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/core/jaas/LdapLoginModule.java
index d6e6ae8..b857325 100644
---
a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/core/jaas/LdapLoginModule.java
+++
b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/core/jaas/LdapLoginModule.java
@@ -212,8 +212,6 @@ public class LdapLoginModule extends UsernamePasswordLoginModule {
String groupMember = (String)
options.get("GroupMemberFilter");
SubjectManagerLocal sManager = LookupUtil.getSubjectManager();
Subject ldapSubject = sManager.getSubjectByName(getUsername());
-
- //if (user id already exists) && (groupFilter defined) &&
(groupMember defined)
if (ldapSubject != null && ((groupFilter != null) &&
!groupFilter.trim().isEmpty())
&& ((groupMember != null) &&
!groupMember.trim().isEmpty())) {
//check authorized groups to see if this user is authorized via ldap
Show replies by date