You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by tr...@apache.org on 2005/11/09 14:30:28 UTC
svn commit: r332034 -
/directory/protocol-providers/ldap/trunk/src/main/java/org/apache/ldap/server/protocol/LdapProtocolProvider.java
Author: trustin
Date: Wed Nov 9 05:30:23 2005
New Revision: 332034
URL: http://svn.apache.org/viewcvs?rev=332034&view=rev
Log:
Changed LdapProtocolHandler to understand SSLFilterMessages
Modified:
directory/protocol-providers/ldap/trunk/src/main/java/org/apache/ldap/server/protocol/LdapProtocolProvider.java
Modified: directory/protocol-providers/ldap/trunk/src/main/java/org/apache/ldap/server/protocol/LdapProtocolProvider.java
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/ldap/trunk/src/main/java/org/apache/ldap/server/protocol/LdapProtocolProvider.java?rev=332034&r1=332033&r2=332034&view=diff
==============================================================================
--- directory/protocol-providers/ldap/trunk/src/main/java/org/apache/ldap/server/protocol/LdapProtocolProvider.java (original)
+++ directory/protocol-providers/ldap/trunk/src/main/java/org/apache/ldap/server/protocol/LdapProtocolProvider.java Wed Nov 9 05:30:23 2005
@@ -65,12 +65,14 @@
import org.apache.mina.common.IoHandler;
import org.apache.mina.common.IoSession;
import org.apache.mina.filter.LoggingFilter;
+import org.apache.mina.filter.SSLFilter;
import org.apache.mina.filter.codec.ProtocolCodecFactory;
import org.apache.mina.filter.codec.ProtocolCodecFilter;
import org.apache.mina.filter.codec.ProtocolDecoder;
import org.apache.mina.filter.codec.ProtocolEncoder;
import org.apache.mina.handler.DemuxingIoHandler;
import org.apache.mina.handler.MessageHandler;
+import org.apache.mina.util.SessionLog;
/**
* An LDAP protocol provider implementation which dynamically associates
@@ -357,9 +359,42 @@
SessionRegistry.getSingleton().remove( session );
}
+ public void messageReceived( IoSession session, Object message ) throws Exception
+ {
+ // Translate SSLFilter messages into LDAP extended request
+ // defined in RFC #2830, 'Lightweight Directory Access Protocol (v3):
+ // Extension for Transport Layer Security'.
+ //
+ // The RFC specifies the payload should be empty, but we use
+ // it to notify the TLS state changes. This hack should be
+ // OK from the viewpoint of security because StartTLS
+ // handler should react to only SESSION_UNSECURED message
+ // and degrade authentication level to 'anonymous' as specified
+ // in the RFC, and this is no threat.
+
+ if( message == SSLFilter.SESSION_SECURED )
+ {
+ ExtendedRequest req = new ExtendedRequestImpl( 0 );
+ req.setOid( "1.3.6.1.4.1.1466.20037" );
+ req.setPayload( "SECURED".getBytes( "ISO-8859-1" ) );
+ req.setLocked( true );
+ message = req;
+ }
+ else if( message == SSLFilter.SESSION_UNSECURED )
+ {
+ ExtendedRequest req = new ExtendedRequestImpl( 0 );
+ req.setOid( "1.3.6.1.4.1.1466.20037" );
+ req.setPayload( "UNSECURED".getBytes( "ISO-8859-1" ) );
+ req.setLocked( true );
+ message = req;
+ }
+
+ super.messageReceived( session, message );
+ }
+
public void exceptionCaught( IoSession session, Throwable cause )
{
- cause.printStackTrace();
+ SessionLog.warn( session, "Unexpected exception.", cause );
}
}