Return-Path: Delivered-To: apmail-directory-commits-archive@www.apache.org Received: (qmail 93533 invoked from network); 13 Jun 2005 06:09:51 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 13 Jun 2005 06:09:51 -0000 Received: (qmail 39890 invoked by uid 500); 13 Jun 2005 06:09:51 -0000 Delivered-To: apmail-directory-commits-archive@directory.apache.org Received: (qmail 39866 invoked by uid 500); 13 Jun 2005 06:09:51 -0000 Mailing-List: contact commits-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@directory.apache.org Delivered-To: mailing list commits@directory.apache.org Received: (qmail 39852 invoked by uid 99); 13 Jun 2005 06:09:51 -0000 X-ASF-Spam-Status: No, hits=-9.8 required=10.0 tests=ALL_TRUSTED,NO_REAL_NAME X-Spam-Check-By: apache.org Received: from minotaur.apache.org (HELO minotaur.apache.org) (209.237.227.194) by apache.org (qpsmtpd/0.28) with SMTP; Sun, 12 Jun 2005 23:09:46 -0700 Received: (qmail 93406 invoked by uid 65534); 13 Jun 2005 06:09:35 -0000 Message-ID: <20050613060935.93405.qmail@minotaur.apache.org> Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Subject: svn commit: r190357 - in /directory/apacheds/branches/direve-158/core/src/main/java/org/apache/ldap/server: SystemPartition.java jndi/DefaultContextFactoryContext.java Date: Mon, 13 Jun 2005 06:09:35 -0000 To: commits@directory.apache.org From: trustin@apache.org X-Mailer: svnmailer-1.0.0-dev X-Virus-Checked: Checked X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N Author: trustin Date: Sun Jun 12 23:09:33 2005 New Revision: 190357 URL: http://svn.apache.org/viewcvs?rev=3D190357&view=3Drev Log: Fixed: problems with anonymous access Modified: directory/apacheds/branches/direve-158/core/src/main/java/org/apache/ld= ap/server/SystemPartition.java directory/apacheds/branches/direve-158/core/src/main/java/org/apache/ld= ap/server/jndi/DefaultContextFactoryContext.java Modified: directory/apacheds/branches/direve-158/core/src/main/java/org/apa= che/ldap/server/SystemPartition.java URL: http://svn.apache.org/viewcvs/directory/apacheds/branches/direve-158/c= ore/src/main/java/org/apache/ldap/server/SystemPartition.java?rev=3D190357&= r1=3D190356&r2=3D190357&view=3Ddiff =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D --- directory/apacheds/branches/direve-158/core/src/main/java/org/apache/ld= ap/server/SystemPartition.java (original) +++ directory/apacheds/branches/direve-158/core/src/main/java/org/apache/ld= ap/server/SystemPartition.java Sun Jun 12 23:09:33 2005 @@ -42,6 +42,8 @@ { /** the default user principal or DN */ public final static String ADMIN_PRINCIPAL =3D "uid=3Dadmin,ou=3Dsyste= m"; + /** the DN of the default user principal */ + public final static Name ADMIN_PRINCIPAL_NAME =3D getAdminDn(); /** the admin super user uid */ public final static String ADMIN_UID =3D "admin"; /** the initial admin passwd set on startup */ @@ -134,8 +136,6 @@ } catch ( NamingException e ) { - e.printStackTrace(); - // should never really happen since names are correct } =20 return adminDn; Modified: directory/apacheds/branches/direve-158/core/src/main/java/org/apa= che/ldap/server/jndi/DefaultContextFactoryContext.java URL: http://svn.apache.org/viewcvs/directory/apacheds/branches/direve-158/c= ore/src/main/java/org/apache/ldap/server/jndi/DefaultContextFactoryContext.= java?rev=3D190357&r1=3D190356&r2=3D190357&view=3Ddiff =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D --- directory/apacheds/branches/direve-158/core/src/main/java/org/apache/ld= ap/server/jndi/DefaultContextFactoryContext.java (original) +++ directory/apacheds/branches/direve-158/core/src/main/java/org/apache/ld= ap/server/jndi/DefaultContextFactoryContext.java Sun Jun 12 23:09:33 2005 @@ -72,21 +72,6 @@ */ class DefaultContextFactoryContext implements ContextFactoryContext { - /** shorthand reference to the authentication type property */ - private static final String TYPE =3D Context.SECURITY_AUTHENTICATION; - - /** shorthand reference to the authentication credentials property */ - private static final String CREDS =3D Context.SECURITY_CREDENTIALS; - - /** shorthand reference to the authentication principal property */ - private static final String PRINCIPAL =3D Context.SECURITY_PRINCIPAL; - - /** shorthand reference to the admin principal name */ - private static final String ADMIN =3D SystemPartition.ADMIN_PRINCIPAL; - - /** shorthand reference to the admin principal distinguished name */ - private static final Name ADMIN_NAME =3D SystemPartition.getAdminDn(); - private AbstractContextFactory factory; =20 /** the initial context environment that fired up the backend subsyste= m */ @@ -171,6 +156,11 @@ environment.put( Context.SECURITY_CREDENTIALS, credential ); } =20 + if( authentication !=3D null ) + { + environment.put( Context.SECURITY_AUTHENTICATION, authenticati= on ); + } + =20 if( rootDN =3D=3D null ) { rootDN =3D ""; @@ -189,21 +179,8 @@ =20 StartupConfiguration cfg =3D ( StartupConfiguration ) Configuratio= n=2EtoConfiguration( env ); =20 - if ( isAnonymous( env ) ) - { - env.put( PRINCIPAL, "" ); - } - =20 env.put( Context.PROVIDER_URL, "" ); =20 - // we need to check this here instead of in AuthenticationService - // because otherwise we are going to start up the system incorrect= ly - if ( isAnonymous( env ) && !cfg.isAllowAnonymousAccess() ) - { - throw new LdapNoPermissionException( - "ApacheDS is configured to disallow anonymous access" = ); - } - cfg.validate(); this.environment =3D env; this.configuration =3D cfg; @@ -333,13 +310,13 @@ if ( credential =3D=3D null ) { throw new LdapConfigurationException( "missing required " - + CREDS + " property for simple authentication" ); + + Context.SECURITY_CREDENTIALS + " property for si= mple authentication" ); } =20 if ( principal =3D=3D null ) { throw new LdapConfigurationException( "missing required " - + PRINCIPAL + " property for simple authentication= " ); + + Context.SECURITY_PRINCIPAL + " property for simp= le authentication" ); } } /* @@ -352,13 +329,18 @@ { throw new LdapConfigurationException( "ambiguous bind " + "settings encountered where bind is anonymous ye= t " - + CREDS + " property is set" ); + + Context.SECURITY_CREDENTIALS + " property is set= " ); } if ( principal !=3D null ) { throw new LdapConfigurationException( "ambiguous bind " + "settings encountered where bind is anonymous ye= t " - + PRINCIPAL + " property is set" ); + + Context.SECURITY_PRINCIPAL + " property is set" = ); + } + =20 + if( configuration.isAllowAnonymousAccess() ) + { + throw new LdapNoPermissionException( "Anonymous access dis= abled." ); } } else @@ -390,7 +372,7 @@ /* * If the admin entry is there, then the database was already crea= ted */ - if ( !rootNexus.hasEntry( ADMIN_NAME ) ) + if ( !rootNexus.hasEntry( SystemPartition.ADMIN_PRINCIPAL_NAME ) ) { firstStart =3D true; =20 @@ -402,11 +384,11 @@ attributes.put( "uid", SystemPartition.ADMIN_UID ); attributes.put( "userPassword", SystemPartition.ADMIN_PW ); attributes.put( "displayName", "Directory Superuser" ); - attributes.put( "creatorsName", ADMIN ); + attributes.put( "creatorsName", SystemPartition.ADMIN_PRINCIPA= L ); attributes.put( "createTimestamp", DateUtils.getGeneralizedTim= e() ); attributes.put( "displayName", "Directory Superuser" ); =20 - rootNexus.add( ADMIN, ADMIN_NAME, attributes ); + rootNexus.add( SystemPartition.ADMIN_PRINCIPAL, SystemPartitio= n=2EADMIN_PRINCIPAL_NAME, attributes ); } =20 // ---------------------------------------------------------------= ---- @@ -421,7 +403,7 @@ attributes.put( "objectClass", "top" ); attributes.put( "objectClass", "organizationalUnit" ); attributes.put( "ou", "users" ); - attributes.put( "creatorsName", ADMIN ); + attributes.put( "creatorsName", SystemPartition.ADMIN_PRINCIPA= L ); attributes.put( "createTimestamp", DateUtils.getGeneralizedTim= e() ); =20 rootNexus.add( "ou=3Dusers,ou=3Dsystem", new LdapName( "ou=3Du= sers,ou=3Dsystem" ), attributes ); @@ -439,7 +421,7 @@ attributes.put( "objectClass", "top" ); attributes.put( "objectClass", "organizationalUnit" ); attributes.put( "ou", "groups" ); - attributes.put( "creatorsName", ADMIN ); + attributes.put( "creatorsName", SystemPartition.ADMIN_PRINCIPA= L ); attributes.put( "createTimestamp", DateUtils.getGeneralizedTim= e() ); =20 rootNexus.add( "ou=3Dgroups,ou=3Dsystem", new LdapName( "ou=3D= groups,ou=3Dsystem" ), attributes ); @@ -458,7 +440,7 @@ attributes.put( "objectClass", "prefNode" ); attributes.put( "objectClass", "extensibleObject" ); attributes.put( "prefNodeName", "sysPrefRoot" ); - attributes.put( "creatorsName", ADMIN ); + attributes.put( "creatorsName", SystemPartition.ADMIN_PRINCIPA= L ); attributes.put( "createTimestamp", DateUtils.getGeneralizedTim= e() ); =20 LdapName dn =3D new LdapName( "prefNodeName=3DsysPrefRoot,ou= =3Dsystem" ); @@ -482,7 +464,7 @@ while( i.hasNext() ) { Attributes entry =3D ( Attributes ) i.next(); - entry.put( "creatorsName", ADMIN ); + entry.put( "creatorsName", SystemPartition.ADMIN_PRINCIPAL ); entry.put( "createTimestamp", DateUtils.getGeneralizedTime() ); =20 Attribute dn =3D entry.remove( "dn" ); @@ -664,32 +646,5 @@ =20 partition.add( cfg.getSuffix(), normSuffix, cfg.getContextEntr= y() ); } - } - - - /** - * Checks to see if an anonymous bind is being attempted. - * - * @return true if bind is anonymous, false otherwise - */ - private static boolean isAnonymous( Hashtable env ) - { - - if ( env.containsKey( TYPE ) && env.get( TYPE ) !=3D null ) - { - if ( env.get( TYPE ).equals( "none" ) ) - { - return true; - } - - return false; - } - - if ( env.containsKey( CREDS ) ) - { - return false; - } - - return true; } }