Add support code for custom user attributes

Based on code from 473 by Carsten Klein.

Author: rmaucher

java/org/apache/catalina/realm/RealmBase.java

@@ -26,6 +26,7 @@
 import java.security.Principal;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
+import java.util.Collections;
 import java.util.List;
 import java.util.Locale;
 
@@ -72,6 +73,21 @@ public abstract class RealmBase extends LifecycleMBeanBase implements Realm {
 
     private static final Log log = LogFactory.getLog(RealmBase.class);
 
+    /**
+     * The character used for delimiting user attribute names.
+     * <p>
+     * Applies to some of the Realm implementations only.
+     */
+    protected static final String USER_ATTRIBUTES_DELIMITER = ",";
+
+    /**
+     * The character used as wildcard in user attribute lists. Using it means
+     * <i>query all available user attributes</i>.
+     * <p>
+     * Applies to some of the Realm implementations only.
+     */
+    protected static final String USER_ATTRIBUTES_WILDCARD = "*";
+
     private static final List<Class<? extends DigestCredentialHandlerBase>> credentialHandlerClasses = new ArrayList<>();
 
     static {
@@ -143,6 +159,22 @@ public abstract class RealmBase extends LifecycleMBeanBase implements Realm {
     private int transportGuaranteeRedirectStatus = HttpServletResponse.SC_FOUND;
 
 
+    /**
+     * The comma separated names of user attributes to additionally query from the
+     * realm. These will be provided to the user through the created
+     * Principal's <i>attributes</i> map. Support for this feature is optional.
+     */
+    protected String userAttributes = null;
+
+
+    /**
+     * The list of user attributes to additionally query from the
+     * realm. These will be provided to the user through the created
+     * Principal's <i>attributes</i> map. Support for this feature is optional.
+     */
+    protected List<String> userAttributesList = null;
+
+
     // ------------------------------------------------------------- Properties
 
     /**
@@ -264,6 +296,33 @@ public void setStripRealmForGss(boolean stripRealmForGss) {
     }
 
 
+    /**
+     * @return the comma separated names of user attributes to additionally query from realm
+     */
+    public String getUserAttributes() {
+        return userAttributes;
+    }
+
+    /**
+     * Set the comma separated names of user attributes to additionally query from
+     * the realm. These will be provided to the user through the created
+     * Principal's <i>attributes</i> map. In this map, each field value is bound to
+     * the field's name, that is, the name of the field serves as the key of the
+     * mapping.
+     * <p>
+     * If set to the wildcard character, or, if the wildcard character is part of
+     * the comma separated list, all available attributes - except the
+     * <i>password</i> attribute (as specified by <code>userCredCol</code>) - are
+     * queried. The wildcard character is defined by constant
+     * {@link RealmBase#USER_ATTRIBUTES_WILDCARD}. It defaults to the asterisk (*)
+     * character.
+     *
+     * @param userAttributes the comma separated names of user attributes
+     */
+    public void setUserAttributes(String userAttributes) {
+        this.userAttributes = userAttributes;
+    }
+
     // --------------------------------------------------------- Public Methods
 
     @Override
@@ -845,6 +904,40 @@ public boolean hasRole(Wrapper wrapper, Principal principal, String role) {
     }
 
 
+    /**
+     * Parse the specified delimiter separated attribute names and return a list of
+     * that names or <code>null</code>, if no attributes have been specified.
+     * <p>
+     * If a wildcard character is found, return a list consisting of a single
+     * wildcard character only.
+     *
+     * @param userAttributes comma separated names of attributes to parse
+     * @return a list containing the parsed attribute names or <code>null</code>, if
+     *         no attributes have been specified
+     */
+    protected List<String> parseUserAttributes(String userAttributes) {
+        if (userAttributes == null) {
+            return null;
+        }
+        List<String> attrs = new ArrayList<>();
+        for (String name : userAttributes.split(USER_ATTRIBUTES_DELIMITER)) {
+            name = name.trim();
+            if (name.length() == 0) {
+                continue;
+            }
+            if (name.equals(USER_ATTRIBUTES_WILDCARD)) {
+                return Collections.singletonList(USER_ATTRIBUTES_WILDCARD);
+            }
+            if (attrs.contains(name)) {
+                // skip duplicates
+                continue;
+            }
+            attrs.add(name);
+        }
+        return attrs.size() > 0 ? attrs : null;
+    }
+
+
     /**
      * Check if the specified Principal has the specified security role, within the context of this Realm. This method
      * or {@link #hasRoleInternal(Principal, String)} can be overridden by Realm implementations, but the default is
@@ -979,7 +1072,9 @@ protected void startInternal() throws LifecycleException {
         if (credentialHandler == null) {
             credentialHandler = new MessageDigestCredentialHandler();
         }
-
+        if (userAttributes != null) {
+            userAttributesList = parseUserAttributes(userAttributes);
+        }
         setState(LifecycleState.STARTING);
     }
 

webapps/docs/changelog.xml

@@ -156,6 +156,10 @@
         <bug>66524</bug> Correct eviction ordering in WebResource cache to
         by LRU as intended. (schultz)
       </fix>
+      <update>
+        Add support code for custom user attributes in <code>RealmBase</code>.
+        Based on code from <pr>473</pr> by Carsten Klein. (remm)
+      </update>
     </changelog>
   </subsection>
   <subsection name="Coyote">