directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From trus...@apache.org
Subject svn commit: r190357 - in /directory/apacheds/branches/direve-158/core/src/main/java/org/apache/ldap/server: SystemPartition.java jndi/DefaultContextFactoryContext.java
Date Mon, 13 Jun 2005 06:09:35 GMT
Author: trustin
Date: Sun Jun 12 23:09:33 2005
New Revision: 190357

URL: http://svn.apache.org/viewcvs?rev=190357&view=rev
Log:
Fixed: problems with anonymous access

Modified:
    directory/apacheds/branches/direve-158/core/src/main/java/org/apache/ldap/server/SystemPartition.java
    directory/apacheds/branches/direve-158/core/src/main/java/org/apache/ldap/server/jndi/DefaultContextFactoryContext.java

Modified: directory/apacheds/branches/direve-158/core/src/main/java/org/apache/ldap/server/SystemPartition.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/branches/direve-158/core/src/main/java/org/apache/ldap/server/SystemPartition.java?rev=190357&r1=190356&r2=190357&view=diff
==============================================================================
--- directory/apacheds/branches/direve-158/core/src/main/java/org/apache/ldap/server/SystemPartition.java
(original)
+++ directory/apacheds/branches/direve-158/core/src/main/java/org/apache/ldap/server/SystemPartition.java
Sun Jun 12 23:09:33 2005
@@ -42,6 +42,8 @@
 {
     /** the default user principal or DN */
     public final static String ADMIN_PRINCIPAL = "uid=admin,ou=system";
+    /** the DN of the default user principal */
+    public final static Name ADMIN_PRINCIPAL_NAME = getAdminDn();
     /** the admin super user uid */
     public final static String ADMIN_UID = "admin";
     /** the initial admin passwd set on startup */
@@ -134,8 +136,6 @@
         }
         catch ( NamingException e )
         {
-            e.printStackTrace();
-            // should never really happen since names are correct
         }
 
         return adminDn;

Modified: directory/apacheds/branches/direve-158/core/src/main/java/org/apache/ldap/server/jndi/DefaultContextFactoryContext.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/branches/direve-158/core/src/main/java/org/apache/ldap/server/jndi/DefaultContextFactoryContext.java?rev=190357&r1=190356&r2=190357&view=diff
==============================================================================
--- directory/apacheds/branches/direve-158/core/src/main/java/org/apache/ldap/server/jndi/DefaultContextFactoryContext.java
(original)
+++ directory/apacheds/branches/direve-158/core/src/main/java/org/apache/ldap/server/jndi/DefaultContextFactoryContext.java
Sun Jun 12 23:09:33 2005
@@ -72,21 +72,6 @@
  */
 class DefaultContextFactoryContext implements ContextFactoryContext
 {
-    /** shorthand reference to the authentication type property */
-    private static final String TYPE = Context.SECURITY_AUTHENTICATION;
-
-    /** shorthand reference to the authentication credentials property */
-    private static final String CREDS = Context.SECURITY_CREDENTIALS;
-
-    /** shorthand reference to the authentication principal property */
-    private static final String PRINCIPAL = Context.SECURITY_PRINCIPAL;
-
-    /** shorthand reference to the admin principal name */
-    private static final String ADMIN = SystemPartition.ADMIN_PRINCIPAL;
-
-    /** shorthand reference to the admin principal distinguished name */
-    private static final Name ADMIN_NAME = SystemPartition.getAdminDn();
-
     private AbstractContextFactory factory;
     
     /** the initial context environment that fired up the backend subsystem */
@@ -171,6 +156,11 @@
             environment.put( Context.SECURITY_CREDENTIALS, credential );
         }
         
+        if( authentication != null )
+        {
+            environment.put( Context.SECURITY_AUTHENTICATION, authentication );
+        }
+        
         if( rootDN == null )
         {
             rootDN = "";
@@ -189,21 +179,8 @@
 
         StartupConfiguration cfg = ( StartupConfiguration ) Configuration.toConfiguration(
env );
 
-        if ( isAnonymous( env ) )
-        {
-            env.put( PRINCIPAL, "" );
-        }
-        
         env.put( Context.PROVIDER_URL, "" );
         
-        // we need to check this here instead of in AuthenticationService
-        // because otherwise we are going to start up the system incorrectly
-        if ( isAnonymous( env ) && !cfg.isAllowAnonymousAccess() )
-        {
-            throw new LdapNoPermissionException(
-                    "ApacheDS is configured to disallow anonymous access" );
-        }
-
         cfg.validate();
         this.environment = env;
         this.configuration = cfg;
@@ -333,13 +310,13 @@
             if ( credential == null )
             {
                 throw new LdapConfigurationException( "missing required "
-                        + CREDS + " property for simple authentication" );
+                        + Context.SECURITY_CREDENTIALS + " property for simple authentication"
);
             }
 
             if ( principal == null )
             {
                 throw new LdapConfigurationException( "missing required "
-                        + PRINCIPAL + " property for simple authentication" );
+                        + Context.SECURITY_PRINCIPAL + " property for simple authentication"
);
             }
         }
         /*
@@ -352,13 +329,18 @@
             {
                 throw new LdapConfigurationException( "ambiguous bind "
                         + "settings encountered where bind is anonymous yet "
-                        + CREDS + " property is set" );
+                        + Context.SECURITY_CREDENTIALS + " property is set" );
             }
             if ( principal != null )
             {
                 throw new LdapConfigurationException( "ambiguous bind "
                         + "settings encountered where bind is anonymous yet "
-                        + PRINCIPAL + " property is set" );
+                        + Context.SECURITY_PRINCIPAL + " property is set" );
+            }
+            
+            if( configuration.isAllowAnonymousAccess() )
+            {
+                throw new LdapNoPermissionException( "Anonymous access disabled." );
             }
         }
         else
@@ -390,7 +372,7 @@
         /*
          * If the admin entry is there, then the database was already created
          */
-        if ( !rootNexus.hasEntry( ADMIN_NAME ) )
+        if ( !rootNexus.hasEntry( SystemPartition.ADMIN_PRINCIPAL_NAME ) )
         {
             firstStart = true;
 
@@ -402,11 +384,11 @@
             attributes.put( "uid", SystemPartition.ADMIN_UID );
             attributes.put( "userPassword", SystemPartition.ADMIN_PW );
             attributes.put( "displayName", "Directory Superuser" );
-            attributes.put( "creatorsName", ADMIN );
+            attributes.put( "creatorsName", SystemPartition.ADMIN_PRINCIPAL );
             attributes.put( "createTimestamp", DateUtils.getGeneralizedTime() );
             attributes.put( "displayName", "Directory Superuser" );
             
-            rootNexus.add( ADMIN, ADMIN_NAME, attributes );
+            rootNexus.add( SystemPartition.ADMIN_PRINCIPAL, SystemPartition.ADMIN_PRINCIPAL_NAME,
attributes );
         }
 
         // -------------------------------------------------------------------
@@ -421,7 +403,7 @@
             attributes.put( "objectClass", "top" );
             attributes.put( "objectClass", "organizationalUnit" );
             attributes.put( "ou", "users" );
-            attributes.put( "creatorsName", ADMIN );
+            attributes.put( "creatorsName", SystemPartition.ADMIN_PRINCIPAL );
             attributes.put( "createTimestamp", DateUtils.getGeneralizedTime() );
 
             rootNexus.add( "ou=users,ou=system", new LdapName( "ou=users,ou=system" ), attributes
);
@@ -439,7 +421,7 @@
             attributes.put( "objectClass", "top" );
             attributes.put( "objectClass", "organizationalUnit" );
             attributes.put( "ou", "groups" );
-            attributes.put( "creatorsName", ADMIN );
+            attributes.put( "creatorsName", SystemPartition.ADMIN_PRINCIPAL );
             attributes.put( "createTimestamp", DateUtils.getGeneralizedTime() );
 
             rootNexus.add( "ou=groups,ou=system", new LdapName( "ou=groups,ou=system" ),
attributes );
@@ -458,7 +440,7 @@
             attributes.put( "objectClass", "prefNode" );
             attributes.put( "objectClass", "extensibleObject" );
             attributes.put( "prefNodeName", "sysPrefRoot" );
-            attributes.put( "creatorsName", ADMIN );
+            attributes.put( "creatorsName", SystemPartition.ADMIN_PRINCIPAL );
             attributes.put( "createTimestamp", DateUtils.getGeneralizedTime() );
 
             LdapName dn = new LdapName( "prefNodeName=sysPrefRoot,ou=system" );
@@ -482,7 +464,7 @@
         while( i.hasNext() )
         {
             Attributes entry = ( Attributes ) i.next();
-            entry.put( "creatorsName", ADMIN );
+            entry.put( "creatorsName", SystemPartition.ADMIN_PRINCIPAL );
             entry.put( "createTimestamp", DateUtils.getGeneralizedTime() );
             
             Attribute dn = entry.remove( "dn" );
@@ -664,32 +646,5 @@
 
             partition.add( cfg.getSuffix(), normSuffix, cfg.getContextEntry() );
         }
-    }
-
-
-    /**
-     * Checks to see if an anonymous bind is being attempted.
-     *
-     * @return true if bind is anonymous, false otherwise
-     */
-    private static boolean isAnonymous( Hashtable env )
-    {
-
-        if ( env.containsKey( TYPE ) && env.get( TYPE ) != null )
-        {
-            if ( env.get( TYPE ).equals( "none" ) )
-            {
-                return true;
-            }
-
-            return false;
-        }
-
-        if ( env.containsKey( CREDS ) )
-        {
-            return false;
-        }
-
-        return true;
     }
 }



Mime
View raw message