You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lenya.apache.org by qMax <qm...@mediasoft.ru> on 2005/04/18 08:39:15 UTC
lame bug in org.apache.lenya.ac.Identity
At 2004-12-13, 00:28:01Z, gregor wrote:
>public boolean belongsTo(AccreditableManager manager) throws AccessControlException {
> boolean belongs = true;
> Identifiable identifiables[] = getIdentifiables();
> int i = 0;
> while (belongs && i < identifiables.length) {
> if (identifiables[i] instanceof User) {
> User user = (User) identifiables[i];
> User otherUser = manager.getUserManager().getUser(user.getId());
> belongs = belongs && user == otherUser;
here users are compared with "==", which compares by Object instances
instead of user.equals(otherUser), which compares by uid or whatever.
my LDAPAccreditableManager does not reuse created LDAPUser objects,
because of their external mutability.
Of cause requested user was another Object and Identity was not recognized.
.../idrid' vangedrid' perikis' krem brule edrena vosh!/...
i've wasted 3 days...
--
qMax
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lenya.apache.org
For additional commands, e-mail: dev-help@lenya.apache.org
Re[2]: lame bug in org.apache.lenya.ac.Identity
Posted by qMax <qm...@mediasoft.ru>.
Monday, April 18, 2005, 3:17:54 PM, andreas@apache.org wrote:
>> AH> In this case, we would have to recondiser the implementation of belongsTo().
>>
>> Torsten recently proposed to reconsider whole auth stuff and use something common like JAAS.
>> It seems there are things to.
>> But who would undertake it ?
AH> Someone who can't live with our implementation.
AH> Are you interested? :)
Finally, i survived with your implementation :)
I've implemented LDAPAccreditableManager (with changing of Identity.belongsTo()),
"and it works fine for me" - as it's usually said.
But i'd not say it was fun time.
And i still see no way to make it updatable.
(and i actually am not looking for it)
--
qMax
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lenya.apache.org
For additional commands, e-mail: dev-help@lenya.apache.org
Re[2]: lame bug in org.apache.lenya.ac.Identity
Posted by qMax <qm...@mediasoft.ru>.
Monday, April 18, 2005, 3:17:54 PM, andreas@apache.org wrote:
AH> qMax wrote:
>> Monday, April 18, 2005, 2:41:51 PM, andreas@apache.org wrote:
>> AH> Actually this has to be == and not equals(), because only the == operator
>> AH> ensures that the user belongs to the same accreditable manager. equals()
>> AH> would hold true for equal users from different accreditable managers as
>> AH> well. So it's not a bug, it's a feature.
>>
>> Meybe this should be taken in account in implementation of Item.equal ?
>> in my case - i could compare full DN and providerurl,
>> in case of FileAccreditables - they should compare their config dir, etc.
AH> This makes sense.
Now, to commit my LDAPAcreditable manager,
i probably should also patch Identity.belongsTo() to use .equals(),
as well as FileUser/FileGroup/etc.equals().
Would it be ok ?
(And against what subversion should i better make a patch ?)
--
qMax
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lenya.apache.org
For additional commands, e-mail: dev-help@lenya.apache.org
Re: lame bug in org.apache.lenya.ac.Identity
Posted by Andreas Hartmann <an...@apache.org>.
qMax wrote:
> Monday, April 18, 2005, 2:41:51 PM, andreas@apache.org wrote:
> AH> Actually this has to be == and not equals(), because only the == operator
> AH> ensures that the user belongs to the same accreditable manager. equals()
> AH> would hold true for equal users from different accreditable managers as
> AH> well. So it's not a bug, it's a feature.
>
> Meybe this should be taken in account in implementation of Item.equal ?
> in my case - i could compare full DN and providerurl,
> in case of FileAccreditables - they should compare their config dir, etc.
This makes sense.
> What if different Accreditable managers set up for the same
> config dir, ldap context, samba domain, tomcat realm, etc ?
>
>
>>>my LDAPAccreditableManager does not reuse created LDAPUser objects,
>>>because of their external mutability.
>
>
> AH> In this case, we would have to recondiser the implementation of belongsTo().
>
> Torsten recently proposed to reconsider whole auth stuff and use something common like JAAS.
> It seems there are things to.
> But who would undertake it ?
Someone who can't live with our implementation.
Are you interested? :)
-- Andreas
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lenya.apache.org
For additional commands, e-mail: dev-help@lenya.apache.org
Re[2]: lame bug in org.apache.lenya.ac.Identity
Posted by qMax <qm...@mediasoft.ru>.
Monday, April 18, 2005, 2:41:51 PM, andreas@apache.org wrote:
AH> Actually this has to be == and not equals(), because only the == operator
AH> ensures that the user belongs to the same accreditable manager. equals()
AH> would hold true for equal users from different accreditable managers as
AH> well. So it's not a bug, it's a feature.
Meybe this should be taken in account in implementation of Item.equal ?
in my case - i could compare full DN and providerurl,
in case of FileAccreditables - they should compare their config dir, etc.
What if different Accreditable managers set up for the same
config dir, ldap context, samba domain, tomcat realm, etc ?
>> my LDAPAccreditableManager does not reuse created LDAPUser objects,
>> because of their external mutability.
AH> In this case, we would have to recondiser the implementation of belongsTo().
Torsten recently proposed to reconsider whole auth stuff and use something common like JAAS.
It seems there are things to.
But who would undertake it ?
--
qMax
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lenya.apache.org
For additional commands, e-mail: dev-help@lenya.apache.org
Re: lame bug in org.apache.lenya.ac.Identity
Posted by Andreas Hartmann <an...@apache.org>.
qMax wrote:
> At 2004-12-13, 00:28:01Z, gregor wrote:
>
>>public boolean belongsTo(AccreditableManager manager) throws AccessControlException {
>> boolean belongs = true;
>> Identifiable identifiables[] = getIdentifiables();
>> int i = 0;
>> while (belongs && i < identifiables.length) {
>> if (identifiables[i] instanceof User) {
>> User user = (User) identifiables[i];
>> User otherUser = manager.getUserManager().getUser(user.getId());
>> belongs = belongs && user == otherUser;
>
> here users are compared with "==", which compares by Object instances
> instead of user.equals(otherUser), which compares by uid or whatever.
Actually this has to be == and not equals(), because only the == operator
ensures that the user belongs to the same accreditable manager. equals()
would hold true for equal users from different accreditable managers as
well. So it's not a bug, it's a feature.
> my LDAPAccreditableManager does not reuse created LDAPUser objects,
> because of their external mutability.
In this case, we would have to recondiser the implementation of belongsTo().
-- Andreas
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lenya.apache.org
For additional commands, e-mail: dev-help@lenya.apache.org