From 00fb92a9f7effd7dc4a1b973e805294cb7207fe7 Mon Sep 17 00:00:00 2001 From: Sudhish Nair Date: Fri, 2 Aug 2024 22:07:56 +0530 Subject: [PATCH 1/2] Fix for issue JBPM-10238 adding case insensitive comparison for entity --- .../task/identity/LDAPUserGroupCallbackImpl.java | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/jbpm-human-task/jbpm-human-task-core/src/main/java/org/jbpm/services/task/identity/LDAPUserGroupCallbackImpl.java b/jbpm-human-task/jbpm-human-task-core/src/main/java/org/jbpm/services/task/identity/LDAPUserGroupCallbackImpl.java index 440ef12010..2fd0a7fe92 100644 --- a/jbpm-human-task/jbpm-human-task-core/src/main/java/org/jbpm/services/task/identity/LDAPUserGroupCallbackImpl.java +++ b/jbpm-human-task/jbpm-human-task-core/src/main/java/org/jbpm/services/task/identity/LDAPUserGroupCallbackImpl.java @@ -43,6 +43,7 @@ *
  • ldap.user.id.dn (optional, is user id a DN, instructs the callback to query for user DN before searching for roles, default false)
  • *
  • ldap.search.scope (optional, if not given 'ONELEVEL_SCOPE' will be used) possible values are: OBJECT_SCOPE, ONELEVEL_SCOPE, SUBTREE_SCOPE
  • *
  • ldap.name.escape (optional, instructs to escape - illegal character in user/group name before the query - currently escapes only comma) by default is set to true
  • + *
  • ldap.entity.ignore.case (optional, perform case insensitive comparison for entity) by default is set to false
  • *
  • java.naming.factory.initial
  • *
  • java.naming.security.authentication
  • *
  • java.naming.security.protocol
  • @@ -66,6 +67,7 @@ public class LDAPUserGroupCallbackImpl extends AbstractLDAPUserGroupInfo impleme public static final String IS_USER_ID_DN = "ldap.user.id.dn"; public static final String SEARCH_SCOPE = "ldap.search.scope"; public static final String LDAP_NAME_ESCAPE = "ldap.name.escape"; + public static final String LDAP_ENTIY_IGNORE_CASE = "ldap.entity.ignore.case"; private static final String[] REQUIRED_PROPERTIES = {USER_CTX, ROLE_CTX, USER_FILTER, ROLE_FILTER, USER_ROLES_FILTER}; @@ -109,6 +111,9 @@ public boolean existsGroup(String groupId) { private boolean existsEntity(String entityId, String context, String filter, String attributeId) { entityId = escapeIllegalChars(entityId); String ldapEntityId = ldapSearcher.search(context, filter, entityId).getSingleAttributeResult(attributeId); + if(isIgnoreCase()){ + return entityId.equalsIgnoreCase(ldapEntityId); + } return entityId.equals(ldapEntityId); } @@ -139,6 +144,10 @@ private boolean isUserIdDn() { private boolean escapeOn() { return Boolean.parseBoolean(getConfigProperty(LDAP_NAME_ESCAPE, "true")); } + + private boolean isIgnoreCase() { + return Boolean.parseBoolean(getConfigProperty(LDAP_ENTIY_IGNORE_CASE, "false")); + } protected String escapeIllegalChars(String entityId) { if (!escapeOn()) { From b3766a70b46b6ced6f435588b3218145346548f3 Mon Sep 17 00:00:00 2001 From: Sudhish Nair Date: Mon, 5 Aug 2024 18:14:03 +0530 Subject: [PATCH 2/2] Fix for issue JBPM-10238 adding case insensitive comparison for entity --- .../services/task/identity/LDAPUserGroupCallbackImpl.java | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/jbpm-human-task/jbpm-human-task-core/src/main/java/org/jbpm/services/task/identity/LDAPUserGroupCallbackImpl.java b/jbpm-human-task/jbpm-human-task-core/src/main/java/org/jbpm/services/task/identity/LDAPUserGroupCallbackImpl.java index 2fd0a7fe92..fc839494f2 100644 --- a/jbpm-human-task/jbpm-human-task-core/src/main/java/org/jbpm/services/task/identity/LDAPUserGroupCallbackImpl.java +++ b/jbpm-human-task/jbpm-human-task-core/src/main/java/org/jbpm/services/task/identity/LDAPUserGroupCallbackImpl.java @@ -43,7 +43,7 @@ *
  • ldap.user.id.dn (optional, is user id a DN, instructs the callback to query for user DN before searching for roles, default false)
  • *
  • ldap.search.scope (optional, if not given 'ONELEVEL_SCOPE' will be used) possible values are: OBJECT_SCOPE, ONELEVEL_SCOPE, SUBTREE_SCOPE
  • *
  • ldap.name.escape (optional, instructs to escape - illegal character in user/group name before the query - currently escapes only comma) by default is set to true
  • - *
  • ldap.entity.ignore.case (optional, perform case insensitive comparison for entity) by default is set to false
  • + *
  • ldap.entity.ignore.case (optional, perform case insensitive comparison for exitsEntity) by default is set to false to ensure backward compatibility
  • *
  • java.naming.factory.initial
  • *
  • java.naming.security.authentication
  • *
  • java.naming.security.protocol
  • @@ -111,10 +111,8 @@ public boolean existsGroup(String groupId) { private boolean existsEntity(String entityId, String context, String filter, String attributeId) { entityId = escapeIllegalChars(entityId); String ldapEntityId = ldapSearcher.search(context, filter, entityId).getSingleAttributeResult(attributeId); - if(isIgnoreCase()){ - return entityId.equalsIgnoreCase(ldapEntityId); - } - return entityId.equals(ldapEntityId); + return isIgnoreCase() ? entityId.equalsIgnoreCase(ldapEntityId) : entityId.equals(ldapEntityId) ; + } @Override