[GitHub] [tomcat] cklein05 commented on a change in pull request #428: Enhancement: Additional user attributes queried by (some) realms

Sun, 20 Jun 2021 13:27:12 -0700 


cklein05 commented on a change in pull request #428:
URL: https://github.com/apache/tomcat/pull/428#discussion_r654984693



##########
File path: java/org/apache/catalina/realm/MemoryRealm.java
##########
@@ -167,23 +246,46 @@ public Principal authenticate(String username, String 
credentials) {
      * @param password User's password (clear text)
      * @param roles Comma-delimited set of roles associated with this user
      */
-    void addUser(String username, String password, String roles) {
+    void addUser(String username, String password, String roles, String 
fullname) {
 
         // Accumulate the list of roles for this user
-        List<String> list = new ArrayList<>();
+        Set<String> roleSet = new LinkedHashSet<>();
         roles += ",";
         while (true) {
             int comma = roles.indexOf(',');
             if (comma < 0) {
                 break;
             }
             String role = roles.substring(0, comma).trim();
-            list.add(role);
+            roleSet.add(role);
             roles = roles.substring(comma + 1);
         }
 
+        // Create the user attributes map for this user's principal
+        Map<String, Object> attributes = null;
+        if (userAttributesList != null) {
+            attributes = new LinkedHashMap<>();
+            for (String name : userAttributesList) {
+                switch (name) {
+                case "username":
+                case "name":
+                    attributes.put(name, new String(username));
+                    break;
+
+                case "fullname":
+                    attributes.put(name, new String(fullname));
+                    break;
+
+                case "roles":
+                    attributes.put(name, StringUtils.join(roleSet));

Review comment:
       A read-only collection does not make the collection's items immutable. 
Class `org.apache.catalina.users.MemoryRole` is neither `Cloneable` nor 
`Serializable`. So, creating a defensive copy is quite costly. Also, 
`MemoryRole` objects contain a list of `User` objects, which encapsulate the 
user's password. No good candidate for being exposed as a user attribute.
   
   So, I decided to just mimic the plain `role` XML attribute specified in file 
tomcat-users.xml. 




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to