You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2006/01/28 00:27:20 UTC
svn commit: r373029 -
/tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java
Author: markt
Date: Fri Jan 27 15:27:16 2006
New Revision: 373029
URL: http://svn.apache.org/viewcvs?rev=373029&view=rev
Log:
Bug 7831
Add basic support for CLIENT-CERT authentication in JNDIRealm
It is likely that users will have to extend JNDIRealm and override
getPrincipal(X509Certificate) for their particular configuration.
Modified:
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java
Modified: tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java
URL: http://svn.apache.org/viewcvs/tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java?rev=373029&r1=373028&r2=373029&view=diff
==============================================================================
--- tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java (original)
+++ tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java Fri Jan 27 15:27:16 2006
@@ -986,10 +986,6 @@
// Form the dn from the user pattern
String dn = userPatternFormatArray[curUserPattern].format(new String[] { username });
- // Return if no attributes to retrieve
- if (attrIds == null || attrIds.length == 0)
- return new User(username, dn, null, null);
-
// Get required attributes from user entry
Attributes attrs = null;
try {
@@ -1485,17 +1481,80 @@
}
-
/**
* Return the Principal associated with the given user name.
*/
protected Principal getPrincipal(String username) {
- return (null);
+ DirContext context = null;
+ Principal principal = null;
+
+ try {
+
+ // Ensure that we have a directory context available
+ context = open();
+
+ // Occassionally the directory context will timeout. Try one more
+ // time before giving up.
+ try {
+
+ // Authenticate the specified username if possible
+ principal = getPrincipal(context, username);
+
+ } catch (CommunicationException e) {
+
+ // log the exception so we know it's there.
+ containerLog.warn(sm.getString("jndiRealm.exception"), e);
+
+ // close the connection so we know it will be reopened.
+ if (context != null)
+ close(context);
+
+ // open a new directory context.
+ context = open();
+
+ // Try the authentication again.
+ principal = getPrincipal(context, username);
+
+ }
+
+
+ // Release this context
+ release(context);
+
+ // Return the authenticated Principal (if any)
+ return (principal);
+
+ } catch (NamingException e) {
+
+ // Log the problem for posterity
+ containerLog.error(sm.getString("jndiRealm.exception"), e);
+
+ // Close the connection so that it gets reopened next time
+ if (context != null)
+ close(context);
+
+ // Return "not authenticated" for this request
+ return (null);
+
+ }
+
}
+ /**
+ * Return the Principal associated with the given user name.
+ */
+ protected synchronized Principal getPrincipal(DirContext context,
+ String username)
+ throws NamingException {
+
+ User user = getUser(context, username);
+
+ return new GenericPrincipal(this, user.username, user.password ,
+ getRoles(context, user));
+ }
/**
* Open (if necessary) and return a connection to the configured
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org