in artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/LegacyLDAPSecuritySettingPlugin.java [377:481]
private void processSearchResult(Map<String, Set<Role>> securityRoles,
SearchResult searchResult) throws NamingException {
LdapName searchResultLdapName = new LdapName(searchResult.getName());
Attributes attrs = searchResult.getAttributes();
if (attrs == null || attrs.size() == 0) {
if (logger.isDebugEnabled()) {
logger.debug("Skipping LDAP search result \"{}\" with {} attributes", searchResultLdapName, (attrs == null ? "null" : attrs.size()));
}
return;
}
List<Rdn> rdns = searchResultLdapName.getRdns();
if (rdns.size() < 3) {
if (logger.isDebugEnabled()) {
logger.debug("\tSkipping LDAP search result \"{}\" with {} RDNs.", searchResultLdapName, rdns.size());
}
return;
}
final boolean prepareDebugLog = logger.isDebugEnabled();
final StringBuilder logMessage = prepareDebugLog ? new StringBuilder() : null;
if (prepareDebugLog) {
logMessage.append("LDAP search result: ").append(searchResultLdapName);
}
// we can count on the RDNs being in order from right to left
Rdn rdn = rdns.get(rdns.size() - 3);
String rawDestinationType = rdn.getValue().toString();
String destinationType = "unknown";
if (rawDestinationType.toLowerCase().contains("queue")) {
destinationType = "queue";
} else if (rawDestinationType.toLowerCase().contains("topic")) {
destinationType = "topic";
}
if (prepareDebugLog) {
logMessage.append("\n\tDestination type: ").append(destinationType);
}
rdn = rdns.get(rdns.size() - 2);
if (prepareDebugLog) {
logMessage.append("\n\tDestination name: ").append(rdn.getValue());
}
String destination = rdn.getValue().toString();
rdn = rdns.get(rdns.size() - 1);
if (prepareDebugLog) {
logMessage.append("\n\tPermission type: ").append(rdn.getValue());
}
String permissionType = rdn.getValue().toString();
if (prepareDebugLog) {
logMessage.append("\n\tAttributes: ").append(attrs);
}
Attribute attr = attrs.get(roleAttribute);
NamingEnumeration<?> e = attr.getAll();
Set<Role> roles = securityRoles.get(destination);
boolean exists = false;
if (roles == null) {
roles = new HashSet<>();
} else {
exists = true;
}
while (e.hasMore()) {
String value = (String) e.next();
LdapName ldapname = new LdapName(value);
rdn = ldapname.getRdn(ldapname.size() - 1);
String roleName = rdn.getValue().toString();
if (prepareDebugLog) {
logMessage.append("\n\tRole name: ").append(roleName);
}
boolean write = permissionType.equalsIgnoreCase(writePermissionValue);
boolean read = permissionType.equalsIgnoreCase(readPermissionValue);
boolean admin = permissionType.equalsIgnoreCase(adminPermissionValue);
Role existingRole = null;
for (Role role : roles) {
if (role.getName().equals(roleName)) {
existingRole = role;
}
}
Role newRole = new Role(roleName,
write, // send
read, // consume
(allowQueueAdminOnRead && read) || admin, // createDurableQueue
(allowQueueAdminOnRead && read) || admin, // deleteDurableQueue
(allowQueueAdminOnRead && read) || admin, // createNonDurableQueue
admin, // deleteNonDurableQueue
mapAdminToManage ? admin : false, // manage - map to admin based on configuration
read, // browse
admin, // createAddress
admin); // deleteAddress
if (existingRole != null) {
existingRole.merge(newRole);
} else {
roles.add(newRole);
}
}
if (prepareDebugLog) {
logger.debug(String.valueOf(logMessage));
}
if (!exists) {
securityRoles.put(destination, roles);
}
}