Subject currentSubject = CurrentSubject.current();
if (currentSubject != null //
+ && getRealm().isPresent() //
&& !currentSubject.getPrivateCredentials(Authorization.class).isEmpty() //
- && !currentSubject.getPrivateCredentials(KerberosTicket.class).isEmpty()) {
+ && !currentSubject.getPrivateCredentials(KerberosTicket.class).isEmpty()) //
+ {
// TODO not only Kerberos but also bind scope with kept password ?
Authorization auth = currentSubject.getPrivateCredentials(Authorization.class).iterator().next();
// bind with authenticating user
return getRole(name);
} else {
wc.getModifiedData().put(dn, attrs);
- LdapEntry newRole = newRole(dn, type, attrs);
+ LdapEntry newRole = doCreateRole(dn, type, attrs);
wc.getNewData().put(dn, newRole);
return (Role) newRole;
}
}
- protected LdapEntry newRole(LdapName dn, int type, Attributes attrs) {
+ private LdapEntry doCreateRole(LdapName dn, int type, Attributes attrs) {
LdapEntry newRole;
BasicAttribute objClass = new BasicAttribute(objectClass.name());
if (type == Role.USER) {
objClass.add(top.name());
objClass.add(extensibleObject.name());
attrs.put(objClass);
- newRole = newUser(dn, attrs);
+ newRole = newUser(dn);
} else if (type == Role.GROUP) {
String groupObjClass = getGroupObjectClass();
objClass.add(groupObjClass);
// objClass.add(LdifName.extensibleObject.name());
objClass.add(top.name());
attrs.put(objClass);
- newRole = newGroup(dn, attrs);
+ newRole = newGroup(dn);
} else
throw new IllegalArgumentException("Unsupported type " + type);
return newRole;
@Override
public Iterable<? extends Role> getHierarchyUnitRoles(HierarchyUnit hierarchyUnit, String filter, boolean deep) {
- LdapName dn = LdapNameUtils.toLdapName(hierarchyUnit.getContext());
+ LdapName dn = LdapNameUtils.toLdapName(hierarchyUnit.getBase());
try {
return getRoles(dn, filter, deep);
} catch (InvalidSyntaxException e) {
/*
* ROLES CREATION
*/
- protected LdapEntry newUser(LdapName name, Attributes attrs) {
+ protected LdapEntry newUser(LdapName name) {
// TODO support devices, applications, etc.
- return new LdifUser(this, name, attrs);
+ return new LdifUser(this, name);
}
- protected LdapEntry newGroup(LdapName name, Attributes attrs) {
- return new LdifGroup(this, name, attrs);
+ protected LdapEntry newGroup(LdapName name) {
+ return new LdifGroup(this, name);
}