Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=50751

Don't try to retrieve attributes if we don't need to. If anonymous bind is not allowed, the login will always fail.

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@1069824 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/java/org/apache/catalina/realm/JNDIRealm.java b/java/org/apache/catalina/realm/JNDIRealm.java
index a4914e8..2d316d4 100644 (file)
--- a/java/org/apache/catalina/realm/JNDIRealm.java
+++ b/java/org/apache/catalina/realm/JNDIRealm.java
@@ -1245,6 +1245,11 @@ public class JNDIRealm extends RealmBase {
                                     String dn)
         throws NamingException {
 
+        // If no attributes are requested, no need to look for them
+        if (attrIds == null || attrIds.length > 0) {
+            return new User(username, dn, null, null);
+        }
+
         // Get required attributes from user entry
         Attributes attrs = null;
         try {

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 57e9559..d74b007 100644 (file)
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -72,6 +72,11 @@
         point the response is committed when a writer is being used. (markt)
       </fix>
       <fix>
+        <bug>50751</bug>: When authenticating with the JNDI Realm, only attempt
+        to read user attributes from the directory if attributes are required.
+        (markt)
+      </fix>
+      <fix>
         <bug>50752</bug>: Fix typo in debug message in deprecated Embedded
         class. (markt)
       </fix>