Add an optional and configurable default role to the JNDIRealm.

This comes handy, if you only want to authenticate the users,
but have a security constraint with a role in the app.

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@697213 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/java/org/apache/catalina/realm/JNDIRealm.java b/java/org/apache/catalina/realm/JNDIRealm.java
index 114b013..150738b 100644 (file)
--- a/java/org/apache/catalina/realm/JNDIRealm.java
+++ b/java/org/apache/catalina/realm/JNDIRealm.java
@@ -347,6 +347,12 @@ public class JNDIRealm extends RealmBase {
      */
     protected int curUserPattern = 0;
 
+    /**
+     *  Add this role to every authenticated user
+     */
+    protected String commonRole = null;
+
+
     // ------------------------------------------------------------- Properties
 
     /**
@@ -776,6 +782,28 @@ public class JNDIRealm extends RealmBase {
     }
 
 
+    /**
+     * Return the common role
+     */
+    public String getCommonRole() {
+
+        return commonRole;
+
+    }
+
+
+    /**
+     * Set the common role
+     *
+     * @param commonRole The common role
+     */
+    public void setCommonRole(String commonRole) {
+
+        this.commonRole = commonRole;
+
+    }
+
+
     // ---------------------------------------------------------- Realm Methods
 
 
@@ -1363,6 +1391,8 @@ public class JNDIRealm extends RealmBase {
         if (list == null) {
             list = new ArrayList<String>();
         }
+        if (commonRole != null)
+            list.add(commonRole);
 
         // Are we configured to do role searches?
         if ((roleFormat == null) || (roleName == null))

diff --git a/webapps/docs/config/realm.xml b/webapps/docs/config/realm.xml
index 0af0f92..ac1e313 100644 (file)
--- a/webapps/docs/config/realm.xml
+++ b/webapps/docs/config/realm.xml
@@ -304,6 +304,12 @@
          can be used. If no value is given the providers default is used.</p>
        </attribute>
 
+      <attribute name="commonRole" required="false">
+        <p>A role name assigned to each successfully authenticated user in
+        addition to the roles retrieved from LDAP. If not specified, only
+        the roles retrieved via LDAP are used.</p>
+      </attribute>
+
       <attribute name="connectionName" required="false">
         <p>The directory username to use when establishing a
         connection to the directory for LDAP search operations. If not

diff --git a/webapps/docs/realm-howto.xml b/webapps/docs/realm-howto.xml
index 09f8f0f..cfd37ba 100644 (file)
--- a/webapps/docs/realm-howto.xml
+++ b/webapps/docs/realm-howto.xml
@@ -859,6 +859,12 @@ attributes are supported by this implementation:</p>
         can be used. If no value is given the providers default is used.</p>
       </attribute>
 
+      <attribute name="commonRole" required="false">
+        <p>A role name assigned to each successfully authenticated user in
+        addition to the roles retrieved from LDAP. If not specified, only
+        the roles retrieved via LDAP are used.</p>
+      </attribute>
+
       <attribute name="connectionName" required="false">
         <p>The directory username to use when establishing a
         connection to the directory for LDAP search operations. If not