You are viewing a plain text version of this content. The canonical link for it is here.
Posted to ftpserver-dev@incubator.apache.org by Niklas Gustavsson <ni...@protocol7.com> on 2006/12/21 16:54:18 UTC
LDAPUserManager
Is anyone currently using the LDAPUserManager? I'm looking into doing a
complete rewrite if it that would do a regular LDAP bind to authenticate
the user and then look up LDAP attributes. This would different from
today when a full Java User object is stored in the LDAP directory. Do
this rewrite would enable us to work with any LDAP directory, e.g.
Active Directory.
Using bind is the same method as used by Acegi Security. I'm also
considering providing an adapter to Acegi and completely remove our LDAP
UM, instead pointing at the Acegi one.
/niklas
Re: How to identify sessions
Posted by Mark Proctor <li...@markproctor.com>.
doh! you've already made it do key/value pairs, should have read the
email more closely. Just trying it out now.
Mark
Mark Proctor wrote:
> Yup that's fine, I can store a HashMap in there with key/value pairs
> for that session. We need to get an FAQ together for this sort of
> stuff :)
>
> Mark
> Niklas Gustavsson wrote:
>> Mark Proctor wrote:
>>> I would like to store additional session data for a sesssion. I was
>>> going to do this by having a HashMap in the FtpLet, but I need to
>>> find a unique key for the request. Currently I can only think of
>>> using connection time and user name, but this cannot be guaranteed
>>> to be unique. Could we maybe have a long counter that is incremented
>>> for each connection which can be used as an id and always available
>>> from the FtpRequest?
>>
>>
>> On FtpRequest you will find get/setAttribute() methods which are
>> meant for storing session associated data. Would this suffice for you?
>>
>> With the MINA refactoring coming up I'm planing for a more dedicated
>> session interface (split out from RequestHandler and FtpRequest).
>>
>> /niklas
>>
>>
>
>
Re: How to identify sessions
Posted by Mark Proctor <li...@markproctor.com>.
Yup that's fine, I can store a HashMap in there with key/value pairs for
that session. We need to get an FAQ together for this sort of stuff :)
Mark
Niklas Gustavsson wrote:
> Mark Proctor wrote:
>> I would like to store additional session data for a sesssion. I was
>> going to do this by having a HashMap in the FtpLet, but I need to
>> find a unique key for the request. Currently I can only think of
>> using connection time and user name, but this cannot be guaranteed to
>> be unique. Could we maybe have a long counter that is incremented for
>> each connection which can be used as an id and always available from
>> the FtpRequest?
>
>
> On FtpRequest you will find get/setAttribute() methods which are meant
> for storing session associated data. Would this suffice for you?
>
> With the MINA refactoring coming up I'm planing for a more dedicated
> session interface (split out from RequestHandler and FtpRequest).
>
> /niklas
>
>
Re: How to identify sessions
Posted by Niklas Gustavsson <ni...@protocol7.com>.
Mark Proctor wrote:
> I would like to store additional session data for a sesssion. I was
> going to do this by having a HashMap in the FtpLet, but I need to find a
> unique key for the request. Currently I can only think of using
> connection time and user name, but this cannot be guaranteed to be
> unique. Could we maybe have a long counter that is incremented for each
> connection which can be used as an id and always available from the
> FtpRequest?
On FtpRequest you will find get/setAttribute() methods which are meant
for storing session associated data. Would this suffice for you?
With the MINA refactoring coming up I'm planing for a more dedicated
session interface (split out from RequestHandler and FtpRequest).
/niklas
How to identify sessions
Posted by Mark Proctor <li...@markproctor.com>.
I would like to store additional session data for a sesssion. I was
going to do this by having a HashMap in the FtpLet, but I need to find a
unique key for the request. Currently I can only think of using
connection time and user name, but this cannot be guaranteed to be
unique. Could we maybe have a long counter that is incremented for each
connection which can be used as an id and always available from the
FtpRequest?
Mark
Re: Pass, onLogin and User
Posted by Niklas Gustavsson <ni...@protocol7.com>.
Mark Proctor wrote:
> What we have at the moment isn't intuitive. I would probably load the
> User class as default and add a field authorized true/false. Also don't
> forget to remove the intial "User user = request.getUser() " as its
> currently redundant.
>
> Mark
>
> Any catching of exceptions from user defined FtpLets should be logged,
> debug makes sense.
Hopefully both of these should now been taken care of. Feel free to
harass me further if your not happy with how I solved them :-)
/niklas
Re: Pass, onLogin and User
Posted by Mark Proctor <li...@markproctor.com>.
What we have at the moment isn't intuitive. I would probably load the
User class as default and add a field authorized true/false. Also don't
forget to remove the intial "User user = request.getUser() " as its
currently redundant.
Mark
Any catching of exceptions from user defined FtpLets should be logged,
debug makes sense.
Niklas Gustavsson wrote:
> Mark Proctor wrote:
>> The onLogin request.getUser() returns null. So I started looking at
>> the PASS class:
>> String userName = request.getUserArgument()
>> User user = request.getUser()
>> So here you are requesting user, which is always null, but even if it
>> did return a value you never use it anyway as user is later nulled as
>> it's actually set by the authentication code. Further to this you
>> call the onLogin method before you do the request.setUser(user), so
>> I guess I'm asking should User be available from onLogin or not?
>
> As it works right now, the Ftplet is given the possibility of denying
> the login. Maybe we should change this so that we first set the status
> as it would be logged in, and then if the Ftplet returns RET_SKIP we
> reset the status so that the user is now set as denied access. I would
> be happy to make this change if you think it makes sense.
>
>> If not, this should probably be documented. Either way the fist user
>> assigment and null check is redundant. I also notied that you are
>> swollowing Exceptions thrown by the FtpLets, even null pointers,
>> these should be atleast logged, as it makes tracking down bugs that
>> are occuring in them difficult.
>
> By this you mean for example:
> try{
> ftpletRet = ftpletContainer.onLogin(request, out);
> } catch(Exception e) {
> ftpletRet = FtpletEnum.RET_DISCONNECT;
> }
>
> Adding a log there would make sense, possibly at DEBUG level?
>
> /niklas
>
>
Re: Pass, onLogin and User
Posted by Niklas Gustavsson <ni...@protocol7.com>.
Mark Proctor wrote:
> The onLogin request.getUser() returns null. So I started looking at the
> PASS class:
> String userName = request.getUserArgument()
> User user = request.getUser()
> So here you are requesting user, which is always null, but even if it
> did return a value you never use it anyway as user is later nulled as
> it's actually set by the authentication code. Further to this you call
> the onLogin method before you do the request.setUser(user), so I guess
> I'm asking should User be available from onLogin or not?
As it works right now, the Ftplet is given the possibility of denying
the login. Maybe we should change this so that we first set the status
as it would be logged in, and then if the Ftplet returns RET_SKIP we
reset the status so that the user is now set as denied access. I would
be happy to make this change if you think it makes sense.
> If not, this
> should probably be documented. Either way the fist user assigment and
> null check is redundant. I also notied that you are swollowing
> Exceptions thrown by the FtpLets, even null pointers, these should be
> atleast logged, as it makes tracking down bugs that are occuring in them
> difficult.
By this you mean for example:
try{
ftpletRet = ftpletContainer.onLogin(request, out);
} catch(Exception e) {
ftpletRet = FtpletEnum.RET_DISCONNECT;
}
Adding a log there would make sense, possibly at DEBUG level?
/niklas
Pass, onLogin and User
Posted by Mark Proctor <li...@markproctor.com>.
The onLogin request.getUser() returns null. So I started looking at the
PASS class:
String userName = request.getUserArgument()
User user = request.getUser()
So here you are requesting user, which is always null, but even if it
did return a value you never use it anyway as user is later nulled as
it's actually set by the authentication code. Further to this you call
the onLogin method before you do the request.setUser(user), so I guess
I'm asking should User be available from onLogin or not? If not, this
should probably be documented. Either way the fist user assigment and
null check is redundant. I also notied that you are swollowing
Exceptions thrown by the FtpLets, even null pointers, these should be
atleast logged, as it makes tracking down bugs that are occuring in them
difficult.
Mark