You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2002/06/15 01:27:34 UTC
DO NOT REPLY [Bug 9702] -
JNDIRealm StartTLS/SSL support request
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9702>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9702
JNDIRealm StartTLS/SSL support request
------- Additional Comments From jemiller@uchicago.edu 2002-06-14 23:27 -------
I think I have a fix for this. I have the SSL part at least (not StartTLS).
Basically, it just adds a "secure" attribute. It defaults to false. If it is
set to true, it enables SSL (modelled after the way the HTTPConnector works).
<Realm className="org.apache.catalina.realm.JNDIRealm"
debug="99"
connectionURL="ldap://myldapserver:636"
secure="true"
userPattern="uid={0}, ou=People, dc=mydc"
userRoleName="objectClass"/>
Here's the diff for it. I could probably add in StartTLS support as well. The
only thing that I'm unsure of is what to name the attribute so that it's clear
to users. Maybe I could have it check a "protocol" attribute like the
HTTPConnector does and if it's set to "tls" use StartTLS, and if it's set
to "ssl" use SSL? Currently, the StartTLS implementation in JSSE has a hang
bug that occurs with most LDAP servers, so, it may be better to wait on
putting that in.
If this looks OK, can someone put these changes in for me?
Index: JNDIRealm.java
===================================================================
RCS file: /home/cvspublic/jakarta-tomcat-
4.0/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java,v
retrieving revision 1.8
diff -r1.8 JNDIRealm.java
322a323,326
> /**
> * The secure connection flag.
> */
> protected boolean secure = false;
422a427,437
> /**
> * Set the secure connection flag.
> *
> * @param secure The new secure connection flag
> */
> public void setSecure(boolean secure)
> {
>
> this.secure = secure;
>
> }
741c756,766
< /**
---
> /**
> * Return the secure connection flag. Default value is "false".
> */
> public boolean getSecure()
> {
>
> return (this.secure);
>
> }
>
> /**
1296a1322,1323
> if (secure == true)
> env.put(Context.SECURITY_PROTOCOL, "ssl");
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>