From: markt <markt@13f79535-47bb-0310-9956-ffa450edef68>
Date: Fri, 11 Feb 2011 14:49:41 +0000 (+0000)
Subject: Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=50751
X-Git-Url: https://git.internetallee.de/?a=commitdiff_plain;h=5b1d2dce397291f2fa589afd5e5417df6566fd5f;p=tomcat7.0

Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=50751
Don't try to retrieve attributes if we don't need to. If anonymous bind is not allowed, the login will always fail.

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@1069824 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/java/org/apache/catalina/realm/JNDIRealm.java b/java/org/apache/catalina/realm/JNDIRealm.java
index a4914e838..2d316d473 100644
--- a/java/org/apache/catalina/realm/JNDIRealm.java
+++ b/java/org/apache/catalina/realm/JNDIRealm.java
@@ -1245,6 +1245,11 @@ public class JNDIRealm extends RealmBase {
                                     String dn)
         throws NamingException {
 
+        // If no attributes are requested, no need to look for them
+        if (attrIds == null || attrIds.length > 0) {
+            return new User(username, dn, null, null);
+        }
+
         // Get required attributes from user entry
         Attributes attrs = null;
         try {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 57e955923..d74b00789 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -72,6 +72,11 @@
         point the response is committed when a writer is being used. (markt)
       </fix>
       <fix>
+        <bug>50751</bug>: When authenticating with the JNDI Realm, only attempt
+        to read user attributes from the directory if attributes are required.
+        (markt)
+      </fix>
+      <fix>
         <bug>50752</bug>: Fix typo in debug message in deprecated Embedded
         class. (markt)
       </fix>