directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From trus...@apache.org
Subject svn commit: r332034 - /directory/protocol-providers/ldap/trunk/src/main/java/org/apache/ldap/server/protocol/LdapProtocolProvider.java
Date Wed, 09 Nov 2005 13:30:28 GMT
Author: trustin
Date: Wed Nov  9 05:30:23 2005
New Revision: 332034

URL: http://svn.apache.org/viewcvs?rev=332034&view=rev
Log:
Changed LdapProtocolHandler to understand SSLFilterMessages

Modified:
    directory/protocol-providers/ldap/trunk/src/main/java/org/apache/ldap/server/protocol/LdapProtocolProvider.java

Modified: directory/protocol-providers/ldap/trunk/src/main/java/org/apache/ldap/server/protocol/LdapProtocolProvider.java
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/ldap/trunk/src/main/java/org/apache/ldap/server/protocol/LdapProtocolProvider.java?rev=332034&r1=332033&r2=332034&view=diff
==============================================================================
--- directory/protocol-providers/ldap/trunk/src/main/java/org/apache/ldap/server/protocol/LdapProtocolProvider.java
(original)
+++ directory/protocol-providers/ldap/trunk/src/main/java/org/apache/ldap/server/protocol/LdapProtocolProvider.java
Wed Nov  9 05:30:23 2005
@@ -65,12 +65,14 @@
 import org.apache.mina.common.IoHandler;
 import org.apache.mina.common.IoSession;
 import org.apache.mina.filter.LoggingFilter;
+import org.apache.mina.filter.SSLFilter;
 import org.apache.mina.filter.codec.ProtocolCodecFactory;
 import org.apache.mina.filter.codec.ProtocolCodecFilter;
 import org.apache.mina.filter.codec.ProtocolDecoder;
 import org.apache.mina.filter.codec.ProtocolEncoder;
 import org.apache.mina.handler.DemuxingIoHandler;
 import org.apache.mina.handler.MessageHandler;
+import org.apache.mina.util.SessionLog;
 
 /**
  * An LDAP protocol provider implementation which dynamically associates
@@ -357,9 +359,42 @@
             SessionRegistry.getSingleton().remove( session );
         }
 
+        public void messageReceived( IoSession session, Object message ) throws Exception
+        {
+            // Translate SSLFilter messages into LDAP extended request
+            // defined in RFC #2830, 'Lightweight Directory Access Protocol (v3):
+            // Extension for Transport Layer Security'.
+            // 
+            // The RFC specifies the payload should be empty, but we use
+            // it to notify the TLS state changes.  This hack should be
+            // OK from the viewpoint of security because StartTLS
+            // handler should react to only SESSION_UNSECURED message
+            // and degrade authentication level to 'anonymous' as specified
+            // in the RFC, and this is no threat.
+            
+            if( message == SSLFilter.SESSION_SECURED )
+            {
+                ExtendedRequest req = new ExtendedRequestImpl( 0 );
+                req.setOid( "1.3.6.1.4.1.1466.20037" );
+                req.setPayload( "SECURED".getBytes( "ISO-8859-1" ) );
+                req.setLocked( true );
+                message = req;
+            }
+            else if( message == SSLFilter.SESSION_UNSECURED )
+            {
+                ExtendedRequest req = new ExtendedRequestImpl( 0 );
+                req.setOid( "1.3.6.1.4.1.1466.20037" );
+                req.setPayload( "UNSECURED".getBytes( "ISO-8859-1" ) );
+                req.setLocked( true );
+                message = req;
+            }
+            
+            super.messageReceived( session, message );
+        }
+        
         public void exceptionCaught( IoSession session, Throwable cause )
         {
-            cause.printStackTrace();
+            SessionLog.warn( session, "Unexpected exception.", cause );
         }
     }
     



Mime
View raw message