You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by ak...@apache.org on 2005/05/06 02:34:26 UTC
svn commit: r168482 - in /directory:
apacheds/trunk/core/src/main/java/org/apache/ldap/server/authn/
apacheds/trunk/core/src/main/java/org/apache/ldap/server/jndi/
apacheds/trunk/main/
apacheds/trunk/main/src/main/java/org/apache/ldap/server/jndi/
shared/kerberos/trunk/common/src/java/org/apache/kerberos/service/
shared/kerberos/trunk/common/src/java/org/apache/kerberos/store/
Author: akarasulu
Date: Thu May 5 17:34:25 2005
New Revision: 168482
URL: http://svn.apache.org/viewcvs?rev=168482&view=rev
Log:
changes ...
o turned 1000 * 60 into 60000 in constant
o the principal store is a specific type namely JNDI based store so renamed the
principal store implementation to point this out
o added new kdc.store.searchbase env property key and constant for the
search base rdn used by the store relative to the jndi context it gets
o added kerberos deps (common and protocol) into main's project descriptor
o made it so SCF now can start both the LDAP and Kerberos protocol
provider services
o also we cleanup both services if shutdown is requested and both are on ...
it does not matter if none, one or both is enabled the factory handles it
o added trigger property to enable kerberos called server.enable.kerberos
Added:
directory/shared/kerberos/trunk/common/src/java/org/apache/kerberos/store/JndiPrincipalStoreImpl.java
- copied, changed from r165520, directory/shared/kerberos/trunk/common/src/java/org/apache/kerberos/store/PrincipalStoreImpl.java
Removed:
directory/shared/kerberos/trunk/common/src/java/org/apache/kerberos/store/PrincipalStoreImpl.java
Modified:
directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authn/LdapPrincipal.java
directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/jndi/EnvKeys.java
directory/apacheds/trunk/main/project.xml
directory/apacheds/trunk/main/src/main/java/org/apache/ldap/server/jndi/ServerContextFactory.java
directory/shared/kerberos/trunk/common/src/java/org/apache/kerberos/service/KdcConfiguration.java
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authn/LdapPrincipal.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authn/LdapPrincipal.java?rev=168482&r1=168481&r2=168482&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authn/LdapPrincipal.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/authn/LdapPrincipal.java Thu May 5 17:34:25 2005
@@ -64,7 +64,6 @@
}
-
/**
* Gets a cloned copy of the normalized distinguished name of this
* principal as a JNDI Name. It must be cloned to protect this Principal
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/jndi/EnvKeys.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/jndi/EnvKeys.java?rev=168482&r1=168481&r2=168482&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/jndi/EnvKeys.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/jndi/EnvKeys.java Thu May 5 17:34:25 2005
@@ -121,4 +121,11 @@
* be used to test the server and not as a feature since it may go away.
*/
public static final String TEST_ENTRIES = "server.test.entries";
+
+ /**
+ * Switch used to start up the kerberos server. This should be used when
+ * firing up the server for the first time. This is used with the
+ * ServerContextFactory which means the property should probably not be here.
+ */
+ public static final String ENABLE_KERBEROS = "server.enable.kerberos" ;
}
Modified: directory/apacheds/trunk/main/project.xml
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/main/project.xml?rev=168482&r1=168481&r2=168482&view=diff
==============================================================================
--- directory/apacheds/trunk/main/project.xml (original)
+++ directory/apacheds/trunk/main/project.xml Thu May 5 17:34:25 2005
@@ -74,11 +74,16 @@
<version>0.20-dev</version>
<url>http://jdbm.sourceforge.net</url>
</dependency>
- <dependency>
- <groupId>directory-shared</groupId>
- <artifactId>ldap-common</artifactId>
- <version>0.9-SNAPSHOT</version>
- </dependency>
+ <dependency>
+ <groupId>directory-shared</groupId>
+ <artifactId>ldap-common</artifactId>
+ <version>0.9-SNAPSHOT</version>
+ </dependency>
+ <dependency>
+ <groupId>directory-shared</groupId>
+ <artifactId>kerberos-common</artifactId>
+ <version>0.4-SNAPSHOT</version>
+ </dependency>
<dependency>
<groupId>aspectj</groupId>
<artifactId>aspectjrt</artifactId>
@@ -93,11 +98,16 @@
<artifactId>apacheds-shared</artifactId>
<version>0.9-SNAPSHOT</version>
</dependency>
- <dependency>
- <groupId>directory-protocols</groupId>
- <artifactId>ldap-protocol</artifactId>
- <version>0.9-SNAPSHOT</version>
- </dependency>
+ <dependency>
+ <groupId>directory-protocols</groupId>
+ <artifactId>ldap-protocol</artifactId>
+ <version>0.9-SNAPSHOT</version>
+ </dependency>
+ <dependency>
+ <groupId>directory-protocols</groupId>
+ <artifactId>kerberos-protocol</artifactId>
+ <version>0.4-SNAPSHOT</version>
+ </dependency>
<dependency>
<groupId>directory-asn1</groupId>
<artifactId>asn1-codec</artifactId>
Modified: directory/apacheds/trunk/main/src/main/java/org/apache/ldap/server/jndi/ServerContextFactory.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/main/src/main/java/org/apache/ldap/server/jndi/ServerContextFactory.java?rev=168482&r1=168481&r2=168482&view=diff
==============================================================================
--- directory/apacheds/trunk/main/src/main/java/org/apache/ldap/server/jndi/ServerContextFactory.java (original)
+++ directory/apacheds/trunk/main/src/main/java/org/apache/ldap/server/jndi/ServerContextFactory.java Thu May 5 17:34:25 2005
@@ -18,21 +18,17 @@
import java.io.IOException;
-import java.io.InputStream;
import java.net.InetSocketAddress;
import java.util.Hashtable;
+import java.util.Properties;
+import java.util.Iterator;
import javax.naming.Context;
-import javax.naming.Name;
import javax.naming.NamingException;
-import javax.naming.directory.Attributes;
-import javax.naming.ldap.LdapContext;
+import javax.naming.ldap.InitialLdapContext;
+import javax.naming.ldap.Control;
import org.apache.ldap.common.exception.LdapConfigurationException;
-import org.apache.ldap.common.ldif.LdifIterator;
-import org.apache.ldap.common.ldif.LdifParser;
-import org.apache.ldap.common.ldif.LdifParserImpl;
-import org.apache.ldap.common.message.LockableAttributesImpl;
import org.apache.ldap.common.name.LdapName;
import org.apache.ldap.common.util.PropertiesUtils;
import org.apache.ldap.server.protocol.LdapProtocolProvider;
@@ -40,6 +36,10 @@
import org.apache.mina.registry.Service;
import org.apache.mina.registry.ServiceRegistry;
import org.apache.mina.registry.SimpleServiceRegistry;
+import org.apache.kerberos.service.KdcConfiguration;
+import org.apache.kerberos.protocol.KerberosProtocolProvider;
+import org.apache.kerberos.store.PrincipalStore;
+import org.apache.kerberos.store.JndiPrincipalStoreImpl;
/**
@@ -54,10 +54,12 @@
{
/** the default LDAP port to use */
private static final int LDAP_PORT = 389;
-
+
private static final ServiceRegistry DEFAULT_MINA_REGISTRY;
- private static Service minaService;
+ private static Service ldapService;
+
+ private static Service kerberosService;
private static ServiceRegistry minaRegistry;
@@ -83,6 +85,15 @@
// ------------------------------------------------------------------------
+ /**
+ * Checks first for a shutdown operation and if so stops the server. Otherwise
+ * it initializes the networking subsystem starting up the mina registery and
+ * other protocol provider services if enabled including the LDAP provider.
+ *
+ * @param env the JNDI environment parameters
+ * @return the new LDAP context to be wrapped by InitialContext
+ * @throws NamingException if there are problems starting or stopping the server
+ */
public Context getInitialContext( Hashtable env ) throws NamingException
{
Context ctx = null;
@@ -100,7 +111,19 @@
if ( minaRegistry != null )
{
- minaRegistry.unbind( minaService );
+ if ( ldapService != null )
+ {
+ minaRegistry.unbind( ldapService );
+
+ ldapService = null;
+ }
+
+ if ( kerberosService != null )
+ {
+ minaRegistry.unbind( kerberosService );
+
+ kerberosService = null;
+ }
}
}
catch( NamingException ne )
@@ -130,16 +153,29 @@
ctx = super.getInitialContext( env );
// fire up the front end if we have not explicitly disabled it
+
if ( initialEnv != null && ! initialEnv.containsKey( EnvKeys.DISABLE_PROTOCOL ) )
{
- startUpWireProtocol();
+ setupRegistry();
+
+ startLdapProtocol();
+
+ if ( initialEnv.containsKey( EnvKeys.ENABLE_KERBEROS ) )
+ {
+ startKerberosProtocol();
+ }
}
return ctx;
}
- private void startUpWireProtocol() throws NamingException
+ /**
+ * Starts up the MINA registry so various protocol providers can be started.
+ *
+ * @throws NamingException if there is a problem initializing the registry
+ */
+ private void setupRegistry() throws NamingException
{
ServiceRegistry registry = null;
@@ -153,32 +189,98 @@
}
}
- int port = PropertiesUtils.get( initialEnv, EnvKeys.LDAP_PORT, LDAP_PORT );
+ if( DEFAULT_MINA_REGISTRY == null )
+ {
+ throw new NamingException( "Default MINA service registry is not available." );
+ }
+
+ if( registry == null )
+ {
+ registry = DEFAULT_MINA_REGISTRY;
+ }
- Service service = new Service( "ldap", TransportType.SOCKET,
- new InetSocketAddress( port ) );
+ minaRegistry = registry;
+ }
- try
+
+ /**
+ * Starts the Kerberos protocol provider which is backed by the LDAP store.
+ *
+ * @throws NamingException if there are problems starting up the Kerberos provider
+ */
+ private void startKerberosProtocol() throws NamingException
+ {
+ /*
+ * Looks like KdcConfiguration takes properties and we use Hashtable for JNDI
+ * so I'm copying over the String based properties into a new Properties obj.
+ */
+
+ Properties props = new Properties();
+
+ Iterator list = initialEnv.keySet().iterator();
+
+ while ( list.hasNext() )
{
- if( DEFAULT_MINA_REGISTRY == null )
- {
- throw new NamingException( "Default MINA service registry is not available." );
- }
+ String key = ( String ) list.next();
- if( registry == null )
+ if ( initialEnv.get( key ) instanceof String )
{
- registry = DEFAULT_MINA_REGISTRY;
+ props.setProperty( key, ( String ) initialEnv.get( key ) );
}
+ }
+
+ KdcConfiguration config = new KdcConfiguration( props );
- registry.bind( service, new LdapProtocolProvider( ( Hashtable ) initialEnv.clone() ) );
-
- minaService = service;
+ int port = PropertiesUtils.get( initialEnv, KdcConfiguration.KERBEROS_PORT_KEY, KdcConfiguration.DEFAULT_KERBEROS_PORT );
+
+ Service service= new Service( "kerberos", TransportType.DATAGRAM, new InetSocketAddress( port ) );
+
+ InitialLdapContext ctx = new InitialLdapContext( initialEnv, new Control[]{} );
+
+ Object baseStr = initialEnv.get( JndiPrincipalStoreImpl.KDC_STORE_SEARCHBASE );
+
+ if ( baseStr == null )
+ {
+ throw new LdapConfigurationException( "Trying to start kerberos service without setting " + JndiPrincipalStoreImpl.KDC_STORE_SEARCHBASE );
+ }
+
+ LdapName base = new LdapName( ( String ) baseStr );
+
+ PrincipalStore store = new JndiPrincipalStoreImpl( ctx, base );
+
+ try
+ {
+ minaRegistry.bind( service, new KerberosProtocolProvider( config, store ) );
+
+ kerberosService = service;
+ }
+ catch ( IOException e )
+ {
+ e.printStackTrace();
+ }
+ }
+
+
+ /**
+ * Starts up the LDAP protocol provider to service LDAP requests
+ *
+ * @throws NamingException if there are problems starting the LDAP provider
+ */
+ private void startLdapProtocol() throws NamingException
+ {
+ int port = PropertiesUtils.get( initialEnv, EnvKeys.LDAP_PORT, LDAP_PORT );
+
+ Service service = new Service( "ldap", TransportType.SOCKET, new InetSocketAddress( port ) );
+
+ try
+ {
+ minaRegistry.bind( service, new LdapProtocolProvider( ( Hashtable ) initialEnv.clone() ) );
- minaRegistry = registry;
+ ldapService = service;
}
catch ( IOException e )
{
- String msg = "Failed to bind the service to the service registry: " + service;
+ String msg = "Failed to bind the LDAP protocol service to the service registry: " + service;
LdapConfigurationException lce = new LdapConfigurationException( msg );
Modified: directory/shared/kerberos/trunk/common/src/java/org/apache/kerberos/service/KdcConfiguration.java
URL: http://svn.apache.org/viewcvs/directory/shared/kerberos/trunk/common/src/java/org/apache/kerberos/service/KdcConfiguration.java?rev=168482&r1=168481&r2=168482&view=diff
==============================================================================
--- directory/shared/kerberos/trunk/common/src/java/org/apache/kerberos/service/KdcConfiguration.java (original)
+++ directory/shared/kerberos/trunk/common/src/java/org/apache/kerberos/service/KdcConfiguration.java Thu May 5 17:34:25 2005
@@ -32,6 +32,7 @@
{
/** the prop key const for kdc.primary.realm */
private static final String KDC_PRIMARY_REALM = "kdc.primary.realm";
+
/** the prop key const for kdc.principal */
private static final String KDC_PRINCIPAL = "kdc.principal";
@@ -55,7 +56,8 @@
public static final String CHANGEPW_PORT_KEY = "changepw.default.port";
private static final int BUFFER_SIZE = 1024;
- private static final int MINUTE = 1000 * 60;
+
+ private static final int MINUTE = 60000;
private static final String DEFAULT_REALM = "EXAMPLE.COM";
private static final String DEFAULT_PRINCIPAL = "krbtgt/EXAMPLE.COM@EXAMPLE.COM";
Copied: directory/shared/kerberos/trunk/common/src/java/org/apache/kerberos/store/JndiPrincipalStoreImpl.java (from r165520, directory/shared/kerberos/trunk/common/src/java/org/apache/kerberos/store/PrincipalStoreImpl.java)
URL: http://svn.apache.org/viewcvs/directory/shared/kerberos/trunk/common/src/java/org/apache/kerberos/store/JndiPrincipalStoreImpl.java?p2=directory/shared/kerberos/trunk/common/src/java/org/apache/kerberos/store/JndiPrincipalStoreImpl.java&p1=directory/shared/kerberos/trunk/common/src/java/org/apache/kerberos/store/PrincipalStoreImpl.java&r1=165520&r2=168482&rev=168482&view=diff
==============================================================================
--- directory/shared/kerberos/trunk/common/src/java/org/apache/kerberos/store/PrincipalStoreImpl.java (original)
+++ directory/shared/kerberos/trunk/common/src/java/org/apache/kerberos/store/JndiPrincipalStoreImpl.java Thu May 5 17:34:25 2005
@@ -28,8 +28,11 @@
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
* @version $Rev$
*/
-public class PrincipalStoreImpl implements PrincipalStore
+public class JndiPrincipalStoreImpl implements PrincipalStore
{
+ /** the environment property used for getting a store search base for the Kdc */
+ public static final String KDC_STORE_SEARCHBASE = "kdc.store.searchbase";
+
/** a handle on the provider context */
private LdapContext ctx;
@@ -44,7 +47,7 @@
* @param ctx the JNDI context to the store
* @param searchBase the name relative to the context to use as the search base
*/
- public PrincipalStoreImpl( LdapContext ctx, Name searchBase )
+ public JndiPrincipalStoreImpl( LdapContext ctx, Name searchBase )
{
this.ctx = ctx;