You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2007/10/19 15:01:48 UTC
svn commit: r586411 -
/directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/
Author: elecharny
Date: Fri Oct 19 06:01:47 2007
New Revision: 586411
URL: http://svn.apache.org/viewvc?rev=586411&view=rev
Log:
removed two of the 6 classes in the SASL chain. Removed some warnings
Removed:
directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/ChainGuard.java
directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/HandleSimple.java
Modified:
directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/AbstractSaslCallbackHandler.java
directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/BindHandlerChain.java
directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/ConfigureChain.java
directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/CramMd5CallbackHandler.java
directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/CramMd5MechanismHandler.java
directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/DigestMd5CallbackHandler.java
directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/DigestMd5MechanismHandler.java
directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/GetBindDn.java
directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/GetLdapContext.java
directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/GssapiCallbackHandler.java
directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/GssapiMechanismHandler.java
directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/HandleSasl.java
directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/MechanismHandler.java
directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/SaslFilter.java
Modified: directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/AbstractSaslCallbackHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/AbstractSaslCallbackHandler.java?rev=586411&r1=586410&r2=586411&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/AbstractSaslCallbackHandler.java (original)
+++ directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/AbstractSaslCallbackHandler.java Fri Oct 19 06:01:47 2007
@@ -36,7 +36,6 @@
import javax.naming.NamingException;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
-import javax.naming.spi.InitialContextFactory;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
@@ -196,7 +195,7 @@
* @param env An environment to be used to acquire an {@link LdapContext}.
* @return An {@link LdapContext} for the client.
*/
- protected LdapContext getContext( IoSession session, Object message, Hashtable env )
+ protected LdapContext getContext( IoSession session, Object message, Hashtable<String, Object> env )
{
BindRequest request = ( BindRequest ) message;
LdapResult result = request.getResultResponse().getLdapResult();
@@ -205,24 +204,9 @@
try
{
- if ( env.containsKey( "server.use.factory.instance" ) )
- {
- InitialContextFactory factory = ( InitialContextFactory ) env.get( "server.use.factory.instance" );
-
- if ( factory == null )
- {
- throw new NullPointerException( "server.use.factory.instance was set in env but was null" );
- }
-
- // Bind is a special case where we have to use the referral property to deal
- ctx = ( LdapContext ) factory.getInitialContext( env );
- }
- else
- {
- MutableControl[] connCtls = request.getControls().values().toArray( EMPTY );
- env.put( DirectoryService.JNDI_KEY, directoryService );
- ctx = new InitialLdapContext( env, connCtls );
- }
+ MutableControl[] connCtls = request.getControls().values().toArray( EMPTY );
+ env.put( DirectoryService.JNDI_KEY, directoryService );
+ ctx = new InitialLdapContext( env, connCtls );
}
catch ( NamingException e )
{
Modified: directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/BindHandlerChain.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/BindHandlerChain.java?rev=586411&r1=586410&r2=586411&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/BindHandlerChain.java (original)
+++ directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/BindHandlerChain.java Fri Oct 19 06:01:47 2007
@@ -39,9 +39,7 @@
public BindHandlerChain( DirectoryService directoryService, SessionRegistry registry )
{
addLast( "configureChain", new ConfigureChain() );
- addLast( "chainGuard", new ChainGuard() );
addLast( "handleSasl", new HandleSasl( directoryService ) );
- addLast( "handleSimple", new HandleSimple() );
addLast( "getLdapContext", new GetLdapContext( registry ) );
addLast( "returnSuccess", new ReturnSuccess() );
}
Modified: directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/ConfigureChain.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/ConfigureChain.java?rev=586411&r1=586410&r2=586411&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/ConfigureChain.java (original)
+++ directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/ConfigureChain.java Fri Oct 19 06:01:47 2007
@@ -27,10 +27,12 @@
import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
import org.apache.directory.server.kerberos.shared.store.operations.GetPrincipal;
import org.apache.directory.server.ldap.LdapServer;
-import org.apache.directory.server.ldap.constants.SupportedSASLMechanisms;
import org.apache.directory.server.protocol.shared.ServiceConfigurationException;
import org.apache.directory.server.protocol.shared.store.ContextOperation;
import org.apache.directory.shared.ldap.aci.AuthenticationLevel;
+import org.apache.directory.shared.ldap.message.BindRequest;
+import org.apache.directory.shared.ldap.message.LdapResult;
+import org.apache.directory.shared.ldap.message.ResultCodeEnum;
import org.apache.directory.shared.ldap.name.LdapDN;
import org.apache.mina.common.IoSession;
import org.apache.mina.handler.chain.IoHandlerCommand;
@@ -63,14 +65,14 @@
session.getAttribute( LdapServer.class.toString() );
Map<String, String> saslProps = new HashMap<String, String>();
- saslProps.put( Sasl.QOP, getActiveQop( ldapServer ) );
+ saslProps.put( Sasl.QOP, ldapServer.getSaslQopString() );
saslProps.put( "com.sun.security.sasl.digest.realm", getActiveRealms( ldapServer ) );
session.setAttribute( "saslProps", saslProps );
session.setAttribute( "saslHost", ldapServer.getSaslHost() );
session.setAttribute( "baseDn", ldapServer.getSearchBaseDn() );
- Set activeMechanisms = getActiveMechanisms( ldapServer );
+ Set<String> activeMechanisms = ldapServer.getSupportedMechanisms();
if ( activeMechanisms.contains( "GSSAPI" ) )
{
@@ -86,78 +88,51 @@
}
}
- session.setAttribute( "supportedMechanisms", activeMechanisms );
+ BindRequest bindRequest = ( BindRequest ) message;
- next.execute( session, message );
- }
-
-
- private Set getActiveMechanisms( LdapServer ldapServer )
- {
- List<String> supportedMechanisms = new ArrayList<String>();
- supportedMechanisms.add( SupportedSASLMechanisms.SIMPLE );
- supportedMechanisms.add( SupportedSASLMechanisms.CRAM_MD5 );
- supportedMechanisms.add( SupportedSASLMechanisms.DIGEST_MD5 );
- supportedMechanisms.add( SupportedSASLMechanisms.GSSAPI );
-
- Set<String> activeMechanisms = new HashSet<String>();
-
- for ( String desiredMechanism : ldapServer.getSupportedMechanisms() )
- {
- if ( supportedMechanisms.contains( desiredMechanism ) )
- {
- activeMechanisms.add( desiredMechanism );
- }
- }
-
- return activeMechanisms;
- }
-
-
- private String getActiveQop( LdapServer ldapServer )
- {
- List<String> supportedQop = new ArrayList<String>();
- supportedQop.add( "auth" );
- supportedQop.add( "auth-int" );
- supportedQop.add( "auth-conf" );
-
- StringBuilder saslQop = new StringBuilder();
-
- Iterator it = ldapServer.getSaslQop().iterator();
- while ( it.hasNext() )
+ // Guard clause: Reject unsupported SASL mechanisms.
+ if ( !ldapServer.getSupportedMechanisms().contains( bindRequest.getSaslMechanism() ) )
{
- String desiredQopLevel = ( String ) it.next();
- if ( supportedQop.contains( desiredQopLevel ) )
- {
- saslQop.append( desiredQopLevel );
- }
+ LOG.error( "Bind error : {} mechanism not supported. Please check the server.xml configuration file (supportedMechanisms field)",
+ bindRequest.getSaslMechanism() );
- if ( it.hasNext() )
- {
- // QOP is comma-delimited
- saslQop.append( "," );
- }
- }
+ LdapResult bindResult = bindRequest.getResultResponse().getLdapResult();
+ bindResult.setResultCode( ResultCodeEnum.AUTH_METHOD_NOT_SUPPORTED );
+ bindResult.setErrorMessage( bindRequest.getSaslMechanism() + " is not a supported mechanism." );
+ session.write( bindRequest.getResultResponse() );
+ return;
+ }
+
+ /**
+ * We now have a canonicalized authentication mechanism for this session,
+ * suitable for use in Hashed Adapter's, aka Demux HashMap's.
+ */
+ session.setAttribute( "sessionMechanism", bindRequest.getSaslMechanism() );
- return saslQop.toString();
+ next.execute( session, message );
}
+ /**
+ * Create a list of all the configured realms.
+ */
private String getActiveRealms( LdapServer ldapServer )
{
StringBuilder realms = new StringBuilder();
+ boolean isFirst = true;
- Iterator it = ldapServer.getSaslRealms().iterator();
- while ( it.hasNext() )
+ for ( String realm:ldapServer.getSaslRealms() )
{
- String realm = ( String ) it.next();
- realms.append( realm );
-
- if ( it.hasNext() )
+ if ( isFirst )
+ {
+ isFirst = false;
+ }
+ else
{
- // realms are space-delimited
- realms.append( " " );
+ realms.append( ' ' );
}
+
+ realms.append( realm );
}
return realms.toString();
@@ -202,8 +177,7 @@
return subject;
}
-
-
+
private Object execute( LdapServer ldapServer, ContextOperation operation ) throws Exception
{
if ( ctx == null )
@@ -222,5 +196,5 @@
}
return operation.execute( ctx, null );
- }
+ }
}
Modified: directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/CramMd5CallbackHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/CramMd5CallbackHandler.java?rev=586411&r1=586410&r2=586411&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/CramMd5CallbackHandler.java (original)
+++ directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/CramMd5CallbackHandler.java Fri Oct 19 06:01:47 2007
@@ -63,7 +63,7 @@
protected String lookupPassword( String username, String realm )
{
- Hashtable env = getEnvironment( session );
+ Hashtable<String, Object> env = getEnvironment( session );
LdapContext ctx = getContext( session, message, env );
Modified: directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/CramMd5MechanismHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/CramMd5MechanismHandler.java?rev=586411&r1=586410&r2=586411&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/CramMd5MechanismHandler.java (original)
+++ directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/CramMd5MechanismHandler.java Fri Oct 19 06:01:47 2007
@@ -21,6 +21,7 @@
import org.apache.directory.server.core.DirectoryService;
+import org.apache.directory.shared.ldap.message.BindRequest;
import org.apache.mina.common.IoSession;
import javax.security.auth.callback.CallbackHandler;
@@ -45,7 +46,7 @@
}
- public SaslServer handleMechanism( IoSession session, Object message ) throws Exception
+ public SaslServer handleMechanism( IoSession session, BindRequest bindRequest ) throws Exception
{
SaslServer ss;
@@ -63,7 +64,7 @@
*/
Map<String, String> saslProps = new HashMap<String, String>();
- CallbackHandler callbackHandler = new CramMd5CallbackHandler( directoryService, session, message );
+ CallbackHandler callbackHandler = new CramMd5CallbackHandler( directoryService, session, bindRequest );
ss = Sasl.createSaslServer( "CRAM-MD5", "ldap", saslHost, saslProps, callbackHandler );
session.setAttribute( SASL_CONTEXT, ss );
Modified: directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/DigestMd5CallbackHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/DigestMd5CallbackHandler.java?rev=586411&r1=586410&r2=586411&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/DigestMd5CallbackHandler.java (original)
+++ directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/DigestMd5CallbackHandler.java Fri Oct 19 06:01:47 2007
@@ -63,7 +63,7 @@
protected String lookupPassword( String username, String realm )
{
- Hashtable env = getEnvironment( session );
+ Hashtable<String, Object> env = getEnvironment( session );
LdapContext ctx = getContext( session, message, env );
Modified: directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/DigestMd5MechanismHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/DigestMd5MechanismHandler.java?rev=586411&r1=586410&r2=586411&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/DigestMd5MechanismHandler.java (original)
+++ directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/DigestMd5MechanismHandler.java Fri Oct 19 06:01:47 2007
@@ -21,6 +21,7 @@
import org.apache.directory.server.core.DirectoryService;
+import org.apache.directory.shared.ldap.message.BindRequest;
import org.apache.mina.common.IoSession;
import javax.security.auth.callback.CallbackHandler;
@@ -44,7 +45,7 @@
}
- public SaslServer handleMechanism( IoSession session, Object message ) throws Exception
+ public SaslServer handleMechanism( IoSession session, BindRequest bindRequest ) throws Exception
{
SaslServer ss;
@@ -55,10 +56,9 @@
else
{
String saslHost = ( String ) session.getAttribute( "saslHost" );
- //noinspection unchecked
- Map<String, String> saslProps = ( Map<String,String> ) session.getAttribute( "saslProps" );
+ Map<String, String> saslProps = ( Map<String, String> ) session.getAttribute( "saslProps" );
- CallbackHandler callbackHandler = new DigestMd5CallbackHandler( directoryService, session, message );
+ CallbackHandler callbackHandler = new DigestMd5CallbackHandler( directoryService, session, bindRequest );
ss = Sasl.createSaslServer( "DIGEST-MD5", "ldap", saslHost, saslProps, callbackHandler );
session.setAttribute( SASL_CONTEXT, ss );
Modified: directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/GetBindDn.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/GetBindDn.java?rev=586411&r1=586410&r2=586411&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/GetBindDn.java (original)
+++ directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/GetBindDn.java Fri Oct 19 06:01:47 2007
@@ -103,11 +103,11 @@
try
{
- NamingEnumeration answer = ctx.search( "", matchAttrs, attrIDs );
+ NamingEnumeration<SearchResult> answer = ctx.search( "", matchAttrs, attrIDs );
if ( answer.hasMore() )
{
- SearchResult result = ( SearchResult ) answer.next();
+ SearchResult result = answer.next();
// Changed from original GetPrincipal, along with accessor and member variable.
bindDn = result.getName();
Modified: directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/GetLdapContext.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/GetLdapContext.java?rev=586411&r1=586410&r2=586411&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/GetLdapContext.java (original)
+++ directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/GetLdapContext.java Fri Oct 19 06:01:47 2007
@@ -26,7 +26,6 @@
import javax.naming.NamingException;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
-import javax.naming.spi.InitialContextFactory;
import org.apache.directory.server.ldap.SessionRegistry;
import org.apache.directory.shared.ldap.exception.LdapException;
@@ -63,31 +62,15 @@
public void execute( NextCommand next, IoSession session, Object message ) throws Exception
{
- Hashtable env = getEnvironment( session, message );
+ Hashtable<String, Object> env = getEnvironment( session, message );
BindRequest request = ( BindRequest ) message;
LdapResult result = request.getResultResponse().getLdapResult();
LdapContext ctx;
try
{
- if ( env.containsKey( "server.use.factory.instance" ) )
- {
- InitialContextFactory factory = ( InitialContextFactory ) env.get( "server.use.factory.instance" );
-
- if ( factory == null )
- {
- throw new NullPointerException( "server.use.factory.instance was set in env but was null" );
- }
-
- // Bind is a special case where we have to use the referral property to deal
- ctx = ( LdapContext ) factory.getInitialContext( env );
- }
- else
- {
- //noinspection SuspiciousToArrayCall
- MutableControl[] connCtls = request.getControls().values().toArray( EMPTY );
- ctx = new InitialLdapContext( env, connCtls );
- }
+ MutableControl[] connCtls = request.getControls().values().toArray( EMPTY );
+ ctx = new InitialLdapContext( env, connCtls );
registry.setLdapContext( session, ctx );
@@ -128,13 +111,13 @@
result.setErrorMessage( msg );
session.write( request.getResultResponse() );
- //noinspection UnusedAssignment
+
ctx = null;
}
}
- private Hashtable getEnvironment( IoSession session, Object message )
+ private Hashtable<String, Object> getEnvironment( IoSession session, Object message )
{
Object principal = session.getAttribute( Context.SECURITY_PRINCIPAL );
Modified: directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/GssapiCallbackHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/GssapiCallbackHandler.java?rev=586411&r1=586410&r2=586411&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/GssapiCallbackHandler.java (original)
+++ directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/GssapiCallbackHandler.java Fri Oct 19 06:01:47 2007
@@ -72,7 +72,7 @@
{
LOG.debug( "Processing conversion of principal name to DN." );
- Hashtable env = getEnvironment( session );
+ Hashtable<String, Object> env = getEnvironment( session );
LdapContext ctx = getContext( session, message, env );
Modified: directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/GssapiMechanismHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/GssapiMechanismHandler.java?rev=586411&r1=586410&r2=586411&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/GssapiMechanismHandler.java (original)
+++ directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/GssapiMechanismHandler.java Fri Oct 19 06:01:47 2007
@@ -21,6 +21,7 @@
import org.apache.directory.server.core.DirectoryService;
+import org.apache.directory.shared.ldap.message.BindRequest;
import org.apache.mina.common.IoSession;
import javax.security.auth.Subject;
@@ -45,7 +46,7 @@
this.directoryService = directoryService;
}
- public SaslServer handleMechanism( IoSession session, Object message ) throws Exception
+ public SaslServer handleMechanism( IoSession session, BindRequest bindRequest ) throws Exception
{
SaslServer ss;
@@ -57,17 +58,15 @@
{
Subject subject = ( Subject ) session.getAttribute( "saslSubject" );
- final Map saslProps = ( Map ) session.getAttribute( "saslProps" );
+ final Map<String, String> saslProps = ( Map<String, String> ) session.getAttribute( "saslProps" );
final String saslHost = ( String ) session.getAttribute( "saslHost" );
- final CallbackHandler callbackHandler = new GssapiCallbackHandler( directoryService, session, message );
+ final CallbackHandler callbackHandler = new GssapiCallbackHandler( directoryService, session, bindRequest );
- //noinspection unchecked
- ss = ( SaslServer ) Subject.doAs( subject, new PrivilegedExceptionAction()
+ ss = ( SaslServer ) Subject.doAs( subject, new PrivilegedExceptionAction<SaslServer>()
{
- public Object run() throws Exception
+ public SaslServer run() throws Exception
{
- //noinspection unchecked
return Sasl.createSaslServer( "GSSAPI", "ldap", saslHost, saslProps, callbackHandler );
}
} );
Modified: directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/HandleSasl.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/HandleSasl.java?rev=586411&r1=586410&r2=586411&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/HandleSasl.java (original)
+++ directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/HandleSasl.java Fri Oct 19 06:01:47 2007
@@ -30,6 +30,7 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import javax.naming.Context;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import java.util.Collections;
@@ -48,7 +49,7 @@
/**
* A Hashed Adapter mapping SASL mechanisms to their handlers.
*/
- private final Map handlers;
+ private final Map<String, MechanismHandler> handlers;
public HandleSasl( DirectoryService directoryService )
@@ -65,29 +66,37 @@
public void execute( NextCommand next, IoSession session, Object message ) throws Exception
{
String sessionMechanism = ( String ) session.getAttribute( "sessionMechanism" );
+ BindRequest bindRequest = (BindRequest)message;
- if ( handlers.containsKey( sessionMechanism ) )
+ if ( sessionMechanism.equals( "SIMPLE" ) )
{
- SaslServer ss = handleMechanism( sessionMechanism, session, message );
- handleMechanism( ss, next, session, message );
+ /*
+ * This is the principal name that will be used to bind to the DIT.
+ */
+ session.setAttribute( Context.SECURITY_PRINCIPAL, bindRequest.getName() );
+
+ /*
+ * These are the credentials that will be used to bind to the DIT.
+ * For the simple mechanism, this will be a password, possibly one-way hashed.
+ */
+ session.setAttribute( Context.SECURITY_CREDENTIALS, bindRequest.getCredentials() );
+
+ next.execute( session, bindRequest );
}
else
{
- next.execute( session, message );
- }
- }
-
+ MechanismHandler mechanismHandler = ( MechanismHandler ) handlers.get( sessionMechanism );
- private SaslServer handleMechanism( String mechanism, IoSession session, Object message ) throws Exception
- {
- MechanismHandler mechanismHandler = ( MechanismHandler ) handlers.get( mechanism );
-
- if ( mechanismHandler == null )
- {
- throw new IllegalArgumentException( "Handler unavailable for " + mechanism );
+ if ( mechanismHandler == null )
+ {
+ LOG.error( "Handler unavailable for " + sessionMechanism );
+ throw new IllegalArgumentException( "Handler unavailable for " + sessionMechanism );
+ }
+
+ SaslServer ss = mechanismHandler.handleMechanism( session, bindRequest );
+
+ handleMechanism( ss, next, session, bindRequest );
}
-
- return mechanismHandler.handleMechanism( session, message );
}
Modified: directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/MechanismHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/MechanismHandler.java?rev=586411&r1=586410&r2=586411&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/MechanismHandler.java (original)
+++ directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/MechanismHandler.java Fri Oct 19 06:01:47 2007
@@ -22,6 +22,7 @@
import javax.security.sasl.SaslServer;
+import org.apache.directory.shared.ldap.message.BindRequest;
import org.apache.mina.common.IoSession;
@@ -49,5 +50,5 @@
* @return The {@link SaslServer} to use for the duration of the bound session.
* @throws Exception
*/
- public SaslServer handleMechanism( IoSession session, Object message ) throws Exception;
+ public SaslServer handleMechanism( IoSession session, BindRequest bindRequest ) throws Exception;
}
Modified: directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/SaslFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/SaslFilter.java?rev=586411&r1=586410&r2=586411&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/SaslFilter.java (original)
+++ directory/apacheds/branches/bigbang/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/bind/SaslFilter.java Fri Oct 19 06:01:47 2007
@@ -24,6 +24,7 @@
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
+import org.apache.directory.server.ldap.constants.SaslQoP;
import org.apache.mina.common.ByteBuffer;
import org.apache.mina.common.IoFilterAdapter;
import org.apache.mina.common.IoSession;
@@ -87,7 +88,7 @@
* Unwrap the data for mechanisms that support QoP (DIGEST-MD5, GSSAPI).
*/
String qop = ( String ) context.getNegotiatedProperty( Sasl.QOP );
- boolean hasSecurityLayer = ( qop != null && ( qop.equals( "auth-int" ) || qop.equals( "auth-conf" ) ) );
+ boolean hasSecurityLayer = ( qop != null && ( qop.equals( SaslQoP.QOP_AUTH_INT ) || qop.equals( SaslQoP.QOP_AUTH_CONF ) ) );
if ( hasSecurityLayer )
{
@@ -131,7 +132,7 @@
* Wrap the data for mechanisms that support QoP (DIGEST-MD5, GSSAPI).
*/
String qop = ( String ) context.getNegotiatedProperty( Sasl.QOP );
- boolean hasSecurityLayer = ( qop != null && ( qop.equals( "auth-int" ) || qop.equals( "auth-conf" ) ) );
+ boolean hasSecurityLayer = ( qop != null && ( qop.equals( SaslQoP.QOP_AUTH_INT ) || qop.equals( SaslQoP.QOP_AUTH_CONF ) ) );
ByteBuffer saslLayerBuffer = null;