From 5b1d2dce397291f2fa589afd5e5417df6566fd5f Mon Sep 17 00:00:00 2001
From: markt <markt@13f79535-47bb-0310-9956-ffa450edef68>
Date: Fri, 11 Feb 2011 14:49:41 +0000
Subject: [PATCH] Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=50751
 Don't try to retrieve attributes if we don't need to. If anonymous bind is
 not allowed, the login will always fail.

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@1069824 13f79535-47bb-0310-9956-ffa450edef68
---
 java/org/apache/catalina/realm/JNDIRealm.java | 5 +++++
 webapps/docs/changelog.xml                    | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/java/org/apache/catalina/realm/JNDIRealm.java b/java/org/apache/catalina/realm/JNDIRealm.java
index a4914e838..2d316d473 100644
--- a/java/org/apache/catalina/realm/JNDIRealm.java
+++ b/java/org/apache/catalina/realm/JNDIRealm.java
@@ -1245,6 +1245,11 @@ public class JNDIRealm extends RealmBase {
                                     String dn)
         throws NamingException {
 
+        // If no attributes are requested, no need to look for them
+        if (attrIds == null || attrIds.length > 0) {
+            return new User(username, dn, null, null);
+        }
+
         // Get required attributes from user entry
         Attributes attrs = null;
         try {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 57e955923..d74b00789 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -72,6 +72,11 @@
         point the response is committed when a writer is being used. (markt)
       </fix>
       <fix>
+        <bug>50751</bug>: When authenticating with the JNDI Realm, only attempt
+        to read user attributes from the directory if attributes are required.
+        (markt)
+      </fix>
+      <fix>
         <bug>50752</bug>: Fix typo in debug message in deprecated Embedded
         class. (markt)
       </fix>
-- 
2.11.0