From 58180915f22ff694ba4d2c4a30db144339ca2a23 Mon Sep 17 00:00:00 2001
From: rjung <rjung@13f79535-47bb-0310-9956-ffa450edef68>
Date: Fri, 19 Sep 2008 19:51:59 +0000
Subject: [PATCH] Add an optional and configurable default role to the
 JNDIRealm. This comes handy, if you only want to authenticate the users, but
 have a security constraint with a role in the app.

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@697213 13f79535-47bb-0310-9956-ffa450edef68
---
 java/org/apache/catalina/realm/JNDIRealm.java | 30 +++++++++++++++++++++++++++
 webapps/docs/config/realm.xml                 |  6 ++++++
 webapps/docs/realm-howto.xml                  |  6 ++++++
 3 files changed, 42 insertions(+)

diff --git a/java/org/apache/catalina/realm/JNDIRealm.java b/java/org/apache/catalina/realm/JNDIRealm.java
index 114b01339..150738b20 100644
--- a/java/org/apache/catalina/realm/JNDIRealm.java
+++ b/java/org/apache/catalina/realm/JNDIRealm.java
@@ -347,6 +347,12 @@ public class JNDIRealm extends RealmBase {
      */
     protected int curUserPattern = 0;
 
+    /**
+     *  Add this role to every authenticated user
+     */
+    protected String commonRole = null;
+
+
     // ------------------------------------------------------------- Properties
 
     /**
@@ -776,6 +782,28 @@ public class JNDIRealm extends RealmBase {
     }
 
 
+    /**
+     * Return the common role
+     */
+    public String getCommonRole() {
+
+        return commonRole;
+
+    }
+
+
+    /**
+     * Set the common role
+     *
+     * @param commonRole The common role
+     */
+    public void setCommonRole(String commonRole) {
+
+        this.commonRole = commonRole;
+
+    }
+
+
     // ---------------------------------------------------------- Realm Methods
 
 
@@ -1363,6 +1391,8 @@ public class JNDIRealm extends RealmBase {
         if (list == null) {
             list = new ArrayList<String>();
         }
+        if (commonRole != null)
+            list.add(commonRole);
 
         // Are we configured to do role searches?
         if ((roleFormat == null) || (roleName == null))
diff --git a/webapps/docs/config/realm.xml b/webapps/docs/config/realm.xml
index 0af0f9266..ac1e313f7 100644
--- a/webapps/docs/config/realm.xml
+++ b/webapps/docs/config/realm.xml
@@ -304,6 +304,12 @@
          can be used. If no value is given the providers default is used.</p>
        </attribute>
 
+      <attribute name="commonRole" required="false">
+        <p>A role name assigned to each successfully authenticated user in
+        addition to the roles retrieved from LDAP. If not specified, only
+        the roles retrieved via LDAP are used.</p>
+      </attribute>
+
       <attribute name="connectionName" required="false">
         <p>The directory username to use when establishing a
         connection to the directory for LDAP search operations. If not
diff --git a/webapps/docs/realm-howto.xml b/webapps/docs/realm-howto.xml
index 09f8f0f45..cfd37ba1b 100644
--- a/webapps/docs/realm-howto.xml
+++ b/webapps/docs/realm-howto.xml
@@ -859,6 +859,12 @@ attributes are supported by this implementation:</p>
         can be used. If no value is given the providers default is used.</p>
       </attribute>
 
+      <attribute name="commonRole" required="false">
+        <p>A role name assigned to each successfully authenticated user in
+        addition to the roles retrieved from LDAP. If not specified, only
+        the roles retrieved via LDAP are used.</p>
+      </attribute>
+
       <attribute name="connectionName" required="false">
         <p>The directory username to use when establishing a
         connection to the directory for LDAP search operations. If not
-- 
2.11.0