DO NOT REPLY [Bug 46925] New: Nested groups in JNDI realm with non-recursive implementation

bugzilla Fri, 27 Mar 2009 03:59:02 -0700

https://issues.apache.org/bugzilla/show_bug.cgi?id=46925


           Summary: Nested groups in JNDI realm with non-recursive
                    implementation
           Product: Tomcat 6
           Version: unspecified
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: Catalina
        AssignedTo: dev@tomcat.apache.org
        ReportedBy: ste...@labeo.de


Created an attachment (id=23420)
 --> (https://issues.apache.org/bugzilla/attachment.cgi?id=23420)
Patch which replaced the recursive method with a while loop ("memberOf
Algorithm")

I have modified the method getRoles in org.apache.catalina.realm.JNDIRealm in
the trunk in order to use a while loop to detect nested groups (instead of the
recursive method currently implemented there).

The algorithm is inspired by the article "Practices in Directory Groups" found
here:
http://middleware.internet2.edu/dir/groups/internet2-mace-dir-groups-best-practices-200210.htm
 
It avoids group slurping and handles cyclic group memberships as well.

Find a patch attached.

Greetings from Amsterdam, Stefan

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

DO NOT REPLY [Bug 46925] New: Nested groups in JNDI realm with non-recursive implementation

Reply via email to