Mailing-List: contact commits-help@directory.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@directory.apache.org
Message-ID: <20060203103149.98740.qmail@minotaur.apache.org>
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r374636 - in
 /directory/sandbox/akarasulu/rc1refactor/apacheds:
 core/src/main/java/org/apache/ldap/server/authn/
 core/src/main/java/org/apache/ldap/server/interceptor/
 core/src/main/java/org/apache/ldap/server/jndi/ core/src/main/java/org/a...
Date: Fri, 03 Feb 2006 10:31:45 -0000
To: commits@directory.apache.org
From: akarasulu@apache.org

Author: akarasulu
Date: Fri Feb  3 02:31:25 2006
New Revision: 374636

URL: http://svn.apache.org/viewcvs?rev=374636&view=rev
Log:
added bind and unbind operations to the interceptor pipeline operations

Added:
    directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/jndi/LdapJndiProperties.java   (with props)
    directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/test/java/org/apache/ldap/server/jndi/LdapJndiPropertiesTest.java   (with props)
Modified:
    directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/authn/AuthenticationService.java
    directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/interceptor/BaseInterceptor.java
    directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/interceptor/Interceptor.java
    directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/interceptor/InterceptorChain.java
    directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/interceptor/NextInterceptor.java
    directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/jndi/ServerContext.java
    directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/jndi/ServerDirContext.java
    directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/jndi/ServerLdapContext.java
    directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/partition/DefaultDirectoryPartitionNexus.java
    directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/partition/DirectoryPartition.java
    directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/partition/DirectoryPartitionNexusProxy.java
    directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/partition/impl/btree/jdbm/JdbmDirectoryPartition.java
    directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/test/java/org/apache/ldap/server/interceptor/InterceptorChainTest.java
    directory/sandbox/akarasulu/rc1refactor/apacheds/protocols/ldap/src/main/java/org/apache/ldap/server/protocol/support/UnbindHandler.java

Modified: directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/authn/AuthenticationService.java
URL: http://svn.apache.org/viewcvs/directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/authn/AuthenticationService.java?rev=374636&r1=374635&r2=374636&view=diff
==============================================================================
--- directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/authn/AuthenticationService.java (original)
+++ directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/authn/AuthenticationService.java Fri Feb  3 02:31:25 2006
@@ -21,6 +21,7 @@
 import java.util.Collection;
 import java.util.HashMap;
 import java.util.Iterator;
+import java.util.List;
 import java.util.Map;
 
 import javax.naming.Context;
@@ -32,11 +33,8 @@
 import javax.naming.directory.SearchControls;
 
 import org.apache.ldap.common.exception.LdapAuthenticationException;
-import org.apache.ldap.common.exception.LdapAuthenticationNotSupportedException;
 import org.apache.ldap.common.filter.ExprNode;
-import org.apache.ldap.common.message.ResultCodeEnum;
 import org.apache.ldap.common.util.AttributeUtils;
-import org.apache.ldap.common.util.StringTools;
 import org.apache.ldap.server.DirectoryServiceConfiguration;
 import org.apache.ldap.server.configuration.AuthenticatorConfiguration;
 import org.apache.ldap.server.configuration.InterceptorConfiguration;
@@ -184,7 +182,7 @@
     		log.debug( "Adding the entry " + AttributeUtils.toString( entry ) + " for DN = '"  + upName + "'" );
     	}
     	
-        authenticate();
+        checkAuthenticated();
         next.add( upName, normName, entry );
     }
 
@@ -196,7 +194,7 @@
     		log.debug( "Deleting name = '" + name.toString() + "'" );
     	}
     	
-        authenticate();
+        checkAuthenticated();
         next.delete( name );
     }
 
@@ -208,7 +206,7 @@
     		log.debug( "Matching name = '" + dn.toString() + "'" );
     	}
 
-    	authenticate();
+    	checkAuthenticated();
         return next.getMatchedName( dn, normalized );
     }
 
@@ -220,7 +218,7 @@
     		log.debug( "Getting root DSE" );
     	}
 
-        authenticate();
+        checkAuthenticated();
         return next.getRootDSE();
     }
 
@@ -232,7 +230,7 @@
     		log.debug( "Getting suffix for name = '" + dn.toString() + "'" );
     	}
 
-        authenticate();
+        checkAuthenticated();
         return next.getSuffix( dn, normalized );
     }
 
@@ -244,7 +242,7 @@
     		log.debug( "Testing if entry name = '" + name.toString() + "' exists");
     	}
 
-        authenticate();
+        checkAuthenticated();
         return next.hasEntry( name );
     }
 
@@ -256,7 +254,7 @@
     		log.debug( "Testing suffix for name = '" + name.toString() + "'" );
     	}
 
-        authenticate();
+        checkAuthenticated();
         return next.isSuffix( name );
     }
 
@@ -268,7 +266,7 @@
     		log.debug( "Listing base = '" + base.toString() + "'" );
     	}
 
-        authenticate();
+        checkAuthenticated();
         return next.list( base );
     }
 
@@ -280,7 +278,7 @@
     		log.debug( "Listing suffixes" );
     	}
 
-        authenticate();
+        checkAuthenticated();
         return next.listSuffixes( normalized );
     }
 
@@ -292,7 +290,7 @@
     		log.debug( "Lookup name = '" + dn.toString() + "', attributes = " + attrIds );
     	}
 
-        authenticate();
+        checkAuthenticated();
         return next.lookup( dn, attrIds );
     }
 
@@ -304,7 +302,7 @@
     		log.debug( "Lookup name = '" + name.toString() + "'" );
     	}
 
-        authenticate();
+        checkAuthenticated();
         return next.lookup( name );
     }
 
@@ -316,7 +314,7 @@
     		log.debug( "Modifying name = '" + name.toString() + "', modifs = " + AttributeUtils.toString( mods ) );
     	}
 
-        authenticate();
+        checkAuthenticated();
         next.modify( name, modOp, mods );
     }
 
@@ -328,7 +326,7 @@
     		log.debug( "Modifying name = '" + name.toString() + "'" );
     	}
 
-        authenticate();
+        checkAuthenticated();
         next.modify( name, mods );
     }
 
@@ -340,7 +338,7 @@
     		log.debug( "Modifying name = '" + name.toString() + "', new RDN = '" + newRn + "', oldRDN = '" + deleteOldRn + "'" );
     	}
 
-        authenticate();
+        checkAuthenticated();
         next.modifyRn( name, newRn, deleteOldRn );
     }
 
@@ -352,7 +350,7 @@
     		log.debug( "Moving name = '" + oriChildName.toString() + "' to name = '" + newParentName + "', new RDN = '" + newRn + "', oldRDN = '" + deleteOldRn + "'" );
     	}
 
-        authenticate();
+        checkAuthenticated();
         next.move( oriChildName, newParentName, newRn, deleteOldRn );
     }
 
@@ -364,7 +362,7 @@
     		log.debug( "Moving name = '" + oriChildName.toString() + " to name = '" + newParentName + "'" );
     	}
 
-        authenticate();
+        checkAuthenticated();
         next.move( oriChildName, newParentName );
     }
 
@@ -376,17 +374,14 @@
     		log.debug( "Search for base = '" + base.toString() + "'" );
     	}
 
-        authenticate();
+        checkAuthenticated();
         return next.search( base, env, filter, searchCtls );
     }
 
 
-    private void authenticate() throws NamingException
+    private void checkAuthenticated() throws NamingException
     {
-        // check if we are already authenticated and if so we return making
-        // sure first that the credentials are not exposed within context
-        ServerContext ctx =
-            ( ServerContext ) InvocationStack.getInstance().peek().getCaller();
+        ServerContext ctx = ( ServerContext ) InvocationStack.getInstance().peek().getCaller();
 
         if ( ctx.getPrincipal() != null )
         {
@@ -397,36 +392,32 @@
             return;
         }
 
-        String authList = ( String ) ctx.getEnvironment().get( Context.SECURITY_AUTHENTICATION );
+        throw new IllegalStateException( "Attempted operation by unauthenticated caller." );
+    }
+    
+    
+    public void bind( NextInterceptor next, Name bindDn, byte[] credentials, List mechanisms, String saslAuthId ) 
+        throws NamingException
+    {
+        // check if we are already authenticated and if so we return making
+        // sure first that the credentials are not exposed within context
+        ServerContext ctx =
+            ( ServerContext ) InvocationStack.getInstance().peek().getCaller();
 
-        if ( authList == null )
+        if ( ctx.getPrincipal() != null )
         {
             if ( ctx.getEnvironment().containsKey( Context.SECURITY_CREDENTIALS ) )
             {
-                // authentication type is simple here
-
-                authList = "simple";
-            }
-            else
-            {
-                // authentication type is anonymous
-
-                authList = "none";
+                ctx.removeFromEnvironment( Context.SECURITY_CREDENTIALS );
             }
-
+            return;
         }
 
-        authList = StringTools.deepTrim( authList );
-
-        String[] auth = authList.split( " " );
-
-        Collection authenticators = null;
-
         // pick the first matching authenticator type
-
-        for ( int i=0; i<auth.length; i++)
+        Collection authenticators = null;
+        for ( int ii = 0; ii < mechanisms.size(); ii++)
         {
-            authenticators = getAuthenticators( auth[i] );
+            authenticators = getAuthenticators( ( String ) mechanisms.get( ii ) );
 
             if ( authenticators != null )
             {
@@ -436,26 +427,28 @@
 
         if ( authenticators == null )
         {
-            ctx.getEnvironment(); // shut's up idea's yellow light
-
-            ResultCodeEnum rc = ResultCodeEnum.AUTHMETHODNOTSUPPORTED;
-
-            throw new LdapAuthenticationNotSupportedException( rc );
+            log.debug( "No authenticators found, delegating bind to the nexus." );
+            // as a last resort try binding via the nexus
+            next.bind( bindDn, credentials, mechanisms, saslAuthId );
+            log.debug( "Nexus succeeded on bind operation." );
+            // bind succeeded if we got this far 
+            ctx.setPrincipal( new TrustedPrincipalWrapper( 
+                new LdapPrincipal( bindDn, ctx.getLdapJndiProperties().getAuthenticationLevel() ) ) );
+            // remove creds so there is no security risk
+            ctx.removeFromEnvironment( Context.SECURITY_CREDENTIALS );
+            return;
         }
 
         // try each authenticators
         for ( Iterator i = authenticators.iterator(); i.hasNext(); )
         {
             Authenticator authenticator = ( Authenticator ) i.next();
-
             try
             {
                 // perform the authentication
                 LdapPrincipal authorizationId = authenticator.authenticate( ctx );
-
                 // authentication was successful
                 ctx.setPrincipal( new TrustedPrincipalWrapper( authorizationId ) );
-
                 // remove creds so there is no security risk
                 ctx.removeFromEnvironment( Context.SECURITY_CREDENTIALS );
                 return;
@@ -463,11 +456,18 @@
             catch( LdapAuthenticationException e )
             {
                 // authentication failed, try the next authenticator
+                if ( log.isInfoEnabled() )
+                {
+                    log.info( "Authenticator "+authenticator.getClass()+" failed to authenticate " + bindDn );
+                }
             }
             catch( Exception e )
             {
                 // Log other exceptions than LdapAuthenticationException
-                log.warn( "Unexpected exception from " + authenticator.getClass(), e );
+                if ( log.isWarnEnabled() )
+                {
+                    log.warn( "Unexpected exception from " + authenticator.getClass() + " for principal " + bindDn, e );
+                }
             }
         }
 

Modified: directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/interceptor/BaseInterceptor.java
URL: http://svn.apache.org/viewcvs/directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/interceptor/BaseInterceptor.java?rev=374636&r1=374635&r2=374636&view=diff
==============================================================================
--- directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/interceptor/BaseInterceptor.java (original)
+++ directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/interceptor/BaseInterceptor.java Fri Feb  3 02:31:25 2006
@@ -18,6 +18,7 @@
 
 
 import java.util.Iterator;
+import java.util.List;
 import java.util.Map;
 
 import javax.naming.Context;
@@ -208,5 +209,16 @@
     public boolean compare( NextInterceptor next, Name name, String oid, Object value ) throws NamingException
     {
         return next.compare( name, oid, value );
+    }
+    
+    public void bind( NextInterceptor next, Name bindDn, byte[] credentials, List mechanisms, String saslAuthId )
+        throws NamingException
+    {
+        next.bind( bindDn, credentials, mechanisms, saslAuthId );
+    }
+    
+    public void unbind( NextInterceptor next, Name bindDn ) throws NamingException
+    {
+        next.unbind( bindDn );
     }
 }

Modified: directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/interceptor/Interceptor.java
URL: http://svn.apache.org/viewcvs/directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/interceptor/Interceptor.java?rev=374636&r1=374635&r2=374636&view=diff
==============================================================================
--- directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/interceptor/Interceptor.java (original)
+++ directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/interceptor/Interceptor.java Fri Feb  3 02:31:25 2006
@@ -18,6 +18,7 @@
 
 
 import java.util.Iterator;
+import java.util.List;
 import java.util.Map;
 
 import javax.naming.Name;
@@ -212,4 +213,15 @@
      */
     void move( NextInterceptor next, Name oldName, Name newParentName, String newRn,
                boolean deleteOldRn ) throws NamingException;
+
+    /**
+     * Filters {@link DirectoryPartition#bind(Name, byte[], List, String)} call.
+     */
+    void bind( NextInterceptor next, Name bindDn, byte[] credentials, List mechanisms, String saslAuthId )
+        throws NamingException;
+
+    /**
+     * Filters {@link DirectoryPartition#unbind(Name)} call.
+     */
+    void unbind( NextInterceptor next, Name bindDn ) throws NamingException;
 }

Modified: directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/interceptor/InterceptorChain.java
URL: http://svn.apache.org/viewcvs/directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/interceptor/InterceptorChain.java?rev=374636&r1=374635&r2=374636&view=diff
==============================================================================
--- directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/interceptor/InterceptorChain.java (original)
+++ directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/interceptor/InterceptorChain.java Fri Feb  3 02:31:25 2006
@@ -184,6 +184,18 @@
         {
             nexus.removeContextPartition( suffix );
         }
+
+
+        public void bind( NextInterceptor next, Name bindDn, byte[] credentials, List mechanisms, String saslAuthId ) throws NamingException
+        {
+            nexus.bind( bindDn, credentials, mechanisms, saslAuthId );
+        }
+
+
+        public void unbind( NextInterceptor next, Name bindDn ) throws NamingException
+        {
+            nexus.unbind( bindDn );
+        }
     };
 
     private final Map name2entry = new HashMap();
@@ -681,6 +693,46 @@
     }
 
 
+    public void bind( Name bindDn, byte[] credentials, List mechanisms, String saslAuthId ) throws NamingException
+    {
+        Entry node = getStartingEntry();
+        Interceptor head = node.configuration.getInterceptor();
+        NextInterceptor next = node.nextInterceptor;
+        try
+        {
+            head.bind( next, bindDn, credentials, mechanisms, saslAuthId );
+        }
+        catch ( NamingException ne )
+        {
+            throw ne;
+        }
+        catch ( Throwable e )
+        {
+            throwInterceptorException( head, e );
+        }
+    }
+
+    
+    public void unbind( Name bindDn ) throws NamingException
+    {
+        Entry node = getStartingEntry();
+        Interceptor head = node.configuration.getInterceptor();
+        NextInterceptor next = node.nextInterceptor;
+        try
+        {
+            head.unbind( next, bindDn );
+        }
+        catch ( NamingException ne )
+        {
+            throw ne;
+        }
+        catch ( Throwable e )
+        {
+            throwInterceptorException( head, e );
+        }
+    }
+
+    
     public void modify( Name name, int modOp, Attributes mods ) throws NamingException
     {
         Entry entry = getStartingEntry();
@@ -1314,6 +1366,45 @@
                     try
                     {
                         interceptor.move( next.nextInterceptor, oriChildName, newParentName, newRn, deleteOldRn );
+                    }
+                    catch ( NamingException ne )
+                    {
+                        throw ne;
+                    }
+                    catch ( Throwable e )
+                    {
+                        throwInterceptorException( interceptor, e );
+                    }
+                }
+
+
+                public void bind( Name bindDn, byte[] credentials, List mechanisms, String saslAuthId ) throws NamingException
+                {
+                    Entry next = getNextEntry();
+                    Interceptor interceptor = next.configuration.getInterceptor();
+
+                    try
+                    {
+                        interceptor.bind( next.nextInterceptor, bindDn, credentials, mechanisms, saslAuthId );
+                    }
+                    catch ( NamingException ne )
+                    {
+                        throw ne;
+                    }
+                    catch ( Throwable e )
+                    {
+                        throwInterceptorException( interceptor, e );
+                    }
+                }
+
+                public void unbind( Name bindDn ) throws NamingException
+                {
+                    Entry next = getNextEntry();
+                    Interceptor interceptor = next.configuration.getInterceptor();
+
+                    try
+                    {
+                        interceptor.unbind( next.nextInterceptor, bindDn );
                     }
                     catch ( NamingException ne )
                     {

Modified: directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/interceptor/NextInterceptor.java
URL: http://svn.apache.org/viewcvs/directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/interceptor/NextInterceptor.java?rev=374636&r1=374635&r2=374636&view=diff
==============================================================================
--- directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/interceptor/NextInterceptor.java (original)
+++ directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/interceptor/NextInterceptor.java Fri Feb  3 02:31:25 2006
@@ -18,6 +18,7 @@
 
 
 import java.util.Iterator;
+import java.util.List;
 import java.util.Map;
 
 import javax.naming.Name;
@@ -125,4 +126,12 @@
      */
     void move( Name oldName, Name newParentName, String newRn,
                boolean deleteOldRn ) throws NamingException;
+    /**
+     * Calls the next interceptor's {@link Interceptor#bind(NextInterceptor, Name, byte[], List, String)
+     */
+    void bind( Name bindDn, byte[] credentials, List mechanisms, String saslAuthId ) throws NamingException;
+    /**
+     * Calls the next interceptor's {@link Interceptor#unbind(NextInterceptor, Name)
+     */
+    void unbind( Name bindDn ) throws NamingException;
 }

Added: directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/jndi/LdapJndiProperties.java
URL: http://svn.apache.org/viewcvs/directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/jndi/LdapJndiProperties.java?rev=374636&view=auto
==============================================================================
--- directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/jndi/LdapJndiProperties.java (added)
+++ directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/jndi/LdapJndiProperties.java Fri Feb  3 02:31:25 2006
@@ -0,0 +1,260 @@
+package org.apache.ldap.server.jndi;
+
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Hashtable;
+import java.util.List;
+
+import javax.naming.Context;
+import javax.naming.NamingException;
+
+import org.apache.ldap.common.aci.AuthenticationLevel;
+import org.apache.ldap.common.exception.LdapConfigurationException;
+import org.apache.ldap.common.name.LdapName;
+import org.apache.ldap.common.util.StringTools;
+
+
+/**
+ * A wrapper around a JNDI environment which checks for correct LDAP specific 
+ * environment settings.
+ */
+public class LdapJndiProperties
+{
+    private static final String SASL_AUTHID = "java.naming.security.sasl.authorizationId";
+    
+    private LdapName providerDn;
+    private LdapName bindDn;
+    private String saslAuthId;
+    private AuthenticationLevel level;
+    private List mechanisms = new ArrayList();
+    private byte[] credentials;
+    private final Hashtable env;
+    
+    
+    public LdapJndiProperties( Hashtable env ) throws NamingException
+    {
+        if ( env == null )
+        {
+            throw new LdapConfigurationException( "Non-null environment expected." );
+        }
+        this.env = env;
+        init();
+    }
+
+
+    private void init() throws NamingException
+    {
+        Object principal = env.get( Context.SECURITY_PRINCIPAL );
+        Object credobj = env.get( Context.SECURITY_CREDENTIALS );
+        Object authentication = env.get( Context.SECURITY_AUTHENTICATION );
+        
+        // -------------------------------------------------------------------
+        // check for the provider URL property 
+        // -------------------------------------------------------------------
+
+        if ( ! env.containsKey( Context.PROVIDER_URL ) )
+        {
+            String msg = "Expected property " + Context.PROVIDER_URL;
+            msg += " but could not find it in env!";
+            throw new LdapConfigurationException( msg );
+        }
+
+        String url = ( String ) env.get( Context.PROVIDER_URL );
+        if ( url == null )
+        {
+            String msg = "Expected value for property " + Context.PROVIDER_URL;
+            msg += " but it was set to null in env!";
+            throw new LdapConfigurationException( msg );
+        }
+
+        if ( url.trim().equals( "" ) )
+        {
+            providerDn = LdapName.EMPTY_LDAP_NAME;
+        }
+        else
+        {
+            providerDn = new LdapName( url );
+        }
+
+        // -------------------------------------------------------------------
+        // Figure out and set the authentication level and mechanisms
+        // -------------------------------------------------------------------
+
+        if ( authentication == null )
+        {
+            // if the property is not set but Context.SECURITY_CREDENTIALS is then SIMPLE
+            if ( credobj == null )
+            {
+                level = AuthenticationLevel.NONE;
+                mechanisms.add( "none" );
+            }
+            else
+            {
+                level = AuthenticationLevel.SIMPLE;
+                mechanisms.add( "simple" );
+            }
+        }
+        else if ( ! ( authentication instanceof String ) ) 
+        {
+            throw new LdapConfigurationException( "Don't know how to interpret " + authentication.getClass()
+                + " objects for environment property " + Context.SECURITY_AUTHENTICATION );
+        }
+        else 
+        {
+            if ( "none".equals( authentication ) )
+            {
+                level = AuthenticationLevel.NONE;
+                mechanisms.add( "none" );
+            }
+            else if ( "simple".equals( authentication ) )
+            {
+                level = AuthenticationLevel.SIMPLE;
+                mechanisms.add( "simple" );
+            }
+            else
+            {
+                level = AuthenticationLevel.STRONG;
+                String[] mechList = ( ( String ) authentication ).trim().split( " " );
+                for ( int ii = 0; ii < mechList.length; ii++ )
+                {
+                    if ( ! mechList[ii].trim().equals( "" ) )
+                    {
+                        mechanisms.add( mechList[ii] );
+                    }
+                }
+            }
+        }
+
+        // -------------------------------------------------------------------
+        // Figure out and set the security principal bindDn and saslAuthId
+        // -------------------------------------------------------------------
+
+        if ( principal == null )
+        {
+            throw new LdapConfigurationException( Context.SECURITY_PRINCIPAL + " cannot be null." );
+        }
+
+        if ( ! ( principal instanceof String ) )
+        {
+            throw new LdapConfigurationException( "Don't know how to interpret " + principal.getClass()
+                + " objects for environment property " + Context.SECURITY_PRINCIPAL );
+        }
+        
+        
+        if ( ( ( String ) principal ).trim().equals( "" ) )
+        {
+            bindDn = LdapName.EMPTY_LDAP_NAME;
+        }
+        else
+        {
+            bindDn = new LdapName( ( String ) principal );
+        }
+        
+        if ( env.get( SASL_AUTHID ) != null && level == AuthenticationLevel.STRONG )
+        {
+            Object obj = env.get( SASL_AUTHID );
+            if ( obj instanceof String )
+            {
+                saslAuthId = ( String ) obj;
+            }
+            else 
+            {
+                throw new LdapConfigurationException( "Don't know how to interpret " + obj.getClass()
+                    + " objects for environment property " + SASL_AUTHID );
+            }
+            saslAuthId = ( String ) principal;
+        }
+        
+        // -------------------------------------------------------------------
+        // Figure out the credentials
+        // -------------------------------------------------------------------
+
+        if ( level == AuthenticationLevel.SIMPLE && credobj == null )
+        {
+            throw new LdapConfigurationException( "cannot specify simple authentication with supplying credentials" );
+        }
+        else if ( credobj != null )
+        {
+            if ( credobj instanceof String )
+            {
+                credentials = StringTools.getBytesUtf8( ( String ) credobj );
+            }
+            else if ( credobj instanceof byte[] )
+            {
+                credentials = ( byte[] ) credobj;
+            }
+            else
+            {
+                throw new LdapConfigurationException( "Don't know how to interpret " + credobj.getClass()
+                    + " objects for environment property " + Context.SECURITY_CREDENTIALS );
+            }
+        }
+    }
+
+    
+    public Object get( Object key )
+    {
+        return env.get( key );
+    }
+    
+    
+    public Object put( Object key, Object val )
+    {
+        return env.put( key, val );
+    }
+    
+    
+    public LdapName getBindDn()
+    {
+        return bindDn;
+    }
+
+    
+    public LdapName getProviderDn()
+    {
+        return providerDn;
+    }
+    
+
+    public String getSaslAuthId()
+    {
+        return saslAuthId;
+    }
+
+
+    public AuthenticationLevel getAuthenticationLevel()
+    {
+        return level;
+    }
+    
+    
+    public List getAuthenticationMechanisms()
+    {
+        return Collections.unmodifiableList( mechanisms );
+    }
+    
+    
+    public byte[] getCredentials()
+    {
+        return credentials;
+    }
+    
+    
+    public Hashtable getEnvironment()
+    {
+        return this.env;
+    }
+
+
+    public Object remove( String propName )
+    {
+        return env.remove( propName );
+    }
+
+
+    public void putAll( Hashtable env )
+    {
+        this.env.putAll( env );
+    }
+}

Propchange: directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/jndi/LdapJndiProperties.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/jndi/ServerContext.java
URL: http://svn.apache.org/viewcvs/directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/jndi/ServerContext.java?rev=374636&r1=374635&r2=374636&view=diff
==============================================================================
--- directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/jndi/ServerContext.java (original)
+++ directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/jndi/ServerContext.java Fri Feb  3 02:31:25 2006
@@ -23,7 +23,6 @@
 import java.util.Iterator;
 import java.util.Set;
 
-import javax.naming.ConfigurationException;
 import javax.naming.Context;
 import javax.naming.InvalidNameException;
 import javax.naming.Name;
@@ -76,7 +75,7 @@
     private final DirectoryPartitionNexus nexusProxy;
 
     /** The cloned environment used by this Context */
-    private final Hashtable env;
+    private final LdapJndiProperties ldapEnv;
 
     /** The distinguished name of this Context */
     private final LdapName dn;
@@ -115,33 +114,15 @@
         
         DirectoryServiceConfiguration cfg = service.getConfiguration();
         
-        this.env = ( Hashtable ) cfg.getEnvironment().clone();
-        this.env.putAll( env );
-
-        /* --------------------------------------------------------------------
-         * check for the provider URL property and make sure it exists
-         * as a valid value or else we need to throw a configuration error
-         * ------------------------------------------------------------------ */
-        if ( ! env.containsKey( Context.PROVIDER_URL ) )
-        {
-            String msg = "Expected property " + Context.PROVIDER_URL;
-            msg += " but could not find it in env!";
-
-            throw new ConfigurationException( msg );
-        }
-
-        String url = ( String ) env.get( Context.PROVIDER_URL );
-
-        if ( url == null )
-        {
-            String msg = "Expected value for property " + Context.PROVIDER_URL;
-            msg += " but it was set to null in env!";
-
-            throw new ConfigurationException( msg );
-        }
-
-        dn = new LdapName( url );
+        this.ldapEnv = new LdapJndiProperties( ( Hashtable ) cfg.getEnvironment().clone() );
+        this.ldapEnv.putAll( env );
+        dn = ldapEnv.getProviderDn();
+
+        // need to issue a bind operation here
+        this.nexusProxy.bind( ldapEnv.getBindDn(), ldapEnv.getCredentials(), 
+            ldapEnv.getAuthenticationMechanisms(), ldapEnv.getSaslAuthId() );
 
+        if ( dn.size() == 0 ) return;
         if ( ! nexusProxy.hasEntry( dn ) )
         {
             throw new NameNotFoundException( dn + " does not exist" );
@@ -159,12 +140,14 @@
      * @param env the environment properties used by this context
      * @param dn the distinguished name of this context
      */
-    protected ServerContext( DirectoryService service, LdapPrincipal principal, Name dn )
+    protected ServerContext( DirectoryService service, LdapPrincipal principal, Name dn ) throws NamingException
     {
         this.service = service;
         this.dn = ( LdapName ) dn.clone();
-        this.env = ( Hashtable ) service.getConfiguration().getEnvironment();
-        this.env.put( PROVIDER_URL, dn.toString() );
+
+        Hashtable tmp = ( Hashtable ) service.getConfiguration().getEnvironment().clone();
+        tmp.put( PROVIDER_URL, dn.toString() );
+        this.ldapEnv = new LdapJndiProperties( tmp );
         this.nexusProxy = new DirectoryPartitionNexusProxy( this, service );;
         this.principal = principal;
     }
@@ -174,6 +157,16 @@
     // New Impl Specific Public Methods
     // ------------------------------------------------------------------------
 
+    
+    /**
+     * The JNDI properties wrapped with convenience methods.
+     */
+    public LdapJndiProperties getLdapJndiProperties()
+    {
+        return ldapEnv;
+    }
+    
+    
     /**
      * Returns the {@link DirectoryService} which manages this context.
      */
@@ -264,7 +257,7 @@
      */
     public Hashtable getEnvironment()
     {
-        return env;
+        return ldapEnv.getEnvironment();
     }
 
 
@@ -274,7 +267,7 @@
      */
     public Object addToEnvironment( String propName, Object propVal ) throws NamingException
     {
-        return env.put( propName, propVal );
+        return ldapEnv.put( propName, propVal );
     }
 
 
@@ -283,7 +276,7 @@
      */
     public Object removeFromEnvironment( String propName ) throws NamingException
     {
-        return env.remove( propName );
+        return ldapEnv.remove( propName );
     }
 
 
@@ -363,7 +356,7 @@
     public void bind( Name name, Object obj ) throws NamingException
     {
         // First, use state factories to do a transformation
-        DirStateFactory.Result res = DirectoryManager.getStateToBind( obj, name, this, env, null );
+        DirStateFactory.Result res = DirectoryManager.getStateToBind( obj, name, this, ldapEnv.getEnvironment(), null );
         Attributes outAttrs = res.getAttributes();
 
         if ( outAttrs != null )
@@ -458,9 +451,9 @@
          * Attempt to use the java.naming.ldap.deleteRDN environment property
          * to get an override for the deleteOldRdn option to modifyRdn.  
          */
-        if ( null != env.get( DELETE_OLD_RDN_PROP ) )
+        if ( null != ldapEnv.get( DELETE_OLD_RDN_PROP ) )
         {
-            String delOldRdnStr = ( String ) env.get( DELETE_OLD_RDN_PROP );
+            String delOldRdnStr = ( String ) ldapEnv.get( DELETE_OLD_RDN_PROP );
             delOldRdn = ! delOldRdnStr.equals( "false" );
             delOldRdn = delOldRdn || delOldRdnStr.equals( "no" );
             delOldRdn = delOldRdn || delOldRdnStr.equals( "0" );
@@ -561,7 +554,7 @@
 
         try
         {
-            obj = DirectoryManager.getObjectInstance( null, name, this, env, attributes );
+            obj = DirectoryManager.getObjectInstance( null, name, this, ldapEnv.getEnvironment(), attributes );
         }
         catch ( Exception e )
         {

Modified: directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/jndi/ServerDirContext.java
URL: http://svn.apache.org/viewcvs/directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/jndi/ServerDirContext.java?rev=374636&r1=374635&r2=374636&view=diff
==============================================================================
--- directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/jndi/ServerDirContext.java (original)
+++ directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/jndi/ServerDirContext.java Fri Feb  3 02:31:25 2006
@@ -86,7 +86,7 @@
      * @param env the environment properties used by this context
      * @param dn the distinguished name of this context
      */
-    protected ServerDirContext( DirectoryService service, LdapPrincipal principal, Name dn )
+    protected ServerDirContext( DirectoryService service, LdapPrincipal principal, Name dn ) throws NamingException
     {
         super( service, principal, dn );
     }

Modified: directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/jndi/ServerLdapContext.java
URL: http://svn.apache.org/viewcvs/directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/jndi/ServerLdapContext.java?rev=374636&r1=374635&r2=374636&view=diff
==============================================================================
--- directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/jndi/ServerLdapContext.java (original)
+++ directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/jndi/ServerLdapContext.java Fri Feb  3 02:31:25 2006
@@ -68,7 +68,7 @@
      * @param env the environment properties used by this context
      * @param dn the distinguished name of this context
      */
-    ServerLdapContext( DirectoryService service, LdapPrincipal principal, Name dn )
+    ServerLdapContext( DirectoryService service, LdapPrincipal principal, Name dn ) throws NamingException
     {
         super( service, principal, dn );
     }
@@ -164,6 +164,20 @@
     public boolean compare( Name name, String oid, Object value ) throws NamingException
     {
        return super.getNexusProxy().compare( name, oid, value );
+    }
+    
+    
+    /**
+     * Calling this method tunnels an unbind call down into the partition holding 
+     * the bindDn.  The bind() counter part is not exposed because it is automatically
+     * called when you create a new initial context for a new connection (on wire) or 
+     * (programatic) caller.
+     * 
+     * @throws NamingException
+     */
+    public void ldapUnbind() throws NamingException
+    {
+        super.getNexusProxy().unbind( getLdapJndiProperties().getBindDn() );
     }
     
     

Modified: directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/partition/DefaultDirectoryPartitionNexus.java
URL: http://svn.apache.org/viewcvs/directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/partition/DefaultDirectoryPartitionNexus.java?rev=374636&r1=374635&r2=374636&view=diff
==============================================================================
--- directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/partition/DefaultDirectoryPartitionNexus.java (original)
+++ directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/partition/DefaultDirectoryPartitionNexus.java Fri Feb  3 02:31:25 2006
@@ -539,9 +539,23 @@
 
 
     // ------------------------------------------------------------------------
-    // Backend Interface Method Implementations
+    // DirectoryPartition Interface Method Implementations
     // ------------------------------------------------------------------------
     
+    
+    public void bind( Name bindDn, byte[] credentials, List mechanisms, String saslAuthId ) throws NamingException
+    {
+        DirectoryPartition partition = getBackend( bindDn );
+        partition.bind( bindDn, credentials, mechanisms, saslAuthId );
+    }
+
+
+    public void unbind( Name bindDn ) throws NamingException
+    {
+        DirectoryPartition partition = getBackend( bindDn );
+        partition.unbind( bindDn );
+    }
+
     
     /**
      * @see DirectoryPartition#delete(javax.naming.Name)

Modified: directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/partition/DirectoryPartition.java
URL: http://svn.apache.org/viewcvs/directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/partition/DirectoryPartition.java?rev=374636&r1=374635&r2=374636&view=diff
==============================================================================
--- directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/partition/DirectoryPartition.java (original)
+++ directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/partition/DirectoryPartition.java Fri Feb  3 02:31:25 2006
@@ -17,6 +17,7 @@
 package org.apache.ldap.server.partition;
 
 
+import java.util.List;
 import java.util.Map;
 
 import javax.naming.Context;
@@ -261,4 +262,28 @@
      */
     void move( Name oldName, Name newParentName, String newRn,
                boolean deleteOldRn ) throws NamingException;
+    
+    /**
+     * Represents a bind operation issued to authenticate a client.  Partitions
+     * need not support this operation.  This operation is here to enable those
+     * interested in implementing virtual directories with ApacheDS.
+     * 
+     * @param bindDn the normalized dn of the principal 
+     * @param credentials the credentials of the principal
+     * @param mechanisms the mechanisms requested by the JNDI caller or a single
+     * mechanism representing the SASL bind mechanism used by a networked client (Strings)
+     * @param saslAuthId the SASL authentication (may be null)
+     * @throws NamingException if something goes wrong
+     */
+    void bind( Name bindDn, byte[] credentials, List mechanisms, String saslAuthId ) throws NamingException;
+
+    /**
+     * Represents an unbind operation issued by an authenticated client.  Partitions
+     * need not support this operation.  This operation is here to enable those
+     * interested in implementing virtual directories with ApacheDS.
+     * 
+     * @param bindDn the normalized dn of the principal attempting to unbind
+     * @throws NamingException if something goes wrong
+     */
+    void unbind( Name bindDn ) throws NamingException;
 }

Modified: directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/partition/DirectoryPartitionNexusProxy.java
URL: http://svn.apache.org/viewcvs/directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/partition/DirectoryPartitionNexusProxy.java?rev=374636&r1=374635&r2=374636&view=diff
==============================================================================
--- directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/partition/DirectoryPartitionNexusProxy.java (original)
+++ directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/partition/DirectoryPartitionNexusProxy.java Fri Feb  3 02:31:25 2006
@@ -615,6 +615,53 @@
     }
 
 
+    public void bind( Name bindDn, byte[] credentials, List mechanisms, String saslAuthId, Collection bypass ) 
+        throws NamingException
+    {
+        ensureStarted();
+        InvocationStack stack = InvocationStack.getInstance();
+        Object[] args = new Object[] { bindDn, credentials, mechanisms, saslAuthId };
+        stack.push( new Invocation( this, caller, "bind", args, bypass ) );
+        try
+        {
+            this.configuration.getInterceptorChain().bind( bindDn, credentials, mechanisms, saslAuthId );
+        }
+        finally
+        {
+            stack.pop();
+        }
+    }
+
+
+    public void unbind( Name bindDn, Collection bypass ) throws NamingException
+    {
+        ensureStarted();
+        InvocationStack stack = InvocationStack.getInstance();
+        Object[] args = new Object[] { bindDn };
+        stack.push( new Invocation( this, caller, "unbind", args, bypass ) );
+        try
+        {
+            this.configuration.getInterceptorChain().unbind( bindDn );
+        }
+        finally
+        {
+            stack.pop();
+        }
+    }
+
+    
+    public void bind( Name bindDn, byte[] credentials, List mechanisms, String saslAuthId ) throws NamingException
+    {
+        bind( bindDn, credentials, mechanisms, saslAuthId, null );
+    }
+
+
+    public void unbind( Name bindDn ) throws NamingException
+    {
+        unbind( bindDn, null );
+    }
+
+    
     public Attributes getRootDSE() throws NamingException
     {
         return getRootDSE( null );

Modified: directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/partition/impl/btree/jdbm/JdbmDirectoryPartition.java
URL: http://svn.apache.org/viewcvs/directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/partition/impl/btree/jdbm/JdbmDirectoryPartition.java?rev=374636&r1=374635&r2=374636&view=diff
==============================================================================
--- directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/partition/impl/btree/jdbm/JdbmDirectoryPartition.java (original)
+++ directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/main/java/org/apache/ldap/server/partition/impl/btree/jdbm/JdbmDirectoryPartition.java Fri Feb  3 02:31:25 2006
@@ -23,6 +23,7 @@
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.Iterator;
+import java.util.List;
 import java.util.Map;
 
 import javax.naming.Name;
@@ -38,6 +39,7 @@
 import jdbm.recman.BaseRecordManager;
 import jdbm.recman.CacheRecordManager;
 
+import org.apache.ldap.common.exception.LdapAuthenticationNotSupportedException;
 import org.apache.ldap.common.exception.LdapNameNotFoundException;
 import org.apache.ldap.common.exception.LdapSchemaViolationException;
 import org.apache.ldap.common.message.LockableAttributeImpl;
@@ -1566,6 +1568,22 @@
             
             subAliasIdx.drop( ancestorId, targetId );
         }    
+    }
+
+    
+    public void bind( Name bindDn, byte[] credentials, List mechanisms, String saslAuthId ) throws NamingException
+    {
+        // does nothing
+        throw new LdapAuthenticationNotSupportedException( 
+            "Bind requests only tunnel down into partitions if there are no authenticators to handle the mechanism.\n" +
+            "Check to see if you have correctly configured authenticators for the server.",
+            ResultCodeEnum.AUTHMETHODNOTSUPPORTED );
+    }
+
+    
+    public void unbind( Name bindDn ) throws NamingException
+    {
+        // does nothing
     }
 }
 

Modified: directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/test/java/org/apache/ldap/server/interceptor/InterceptorChainTest.java
URL: http://svn.apache.org/viewcvs/directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/test/java/org/apache/ldap/server/interceptor/InterceptorChainTest.java?rev=374636&r1=374635&r2=374636&view=diff
==============================================================================
--- directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/test/java/org/apache/ldap/server/interceptor/InterceptorChainTest.java (original)
+++ directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/test/java/org/apache/ldap/server/interceptor/InterceptorChainTest.java Fri Feb  3 02:31:25 2006
@@ -416,6 +416,20 @@
             interceptors.add( this );
             next.move( oldName, newParentName, newRn, deleteOldRn );
         }
+
+
+        public void bind( NextInterceptor next, Name bindDn, byte[] credentials, List mechanisms, String saslAuthId ) throws NamingException
+        {
+            interceptors.add( this );
+            next.bind( bindDn, credentials, mechanisms, saslAuthId );
+        }
+
+
+        public void unbind( NextInterceptor next, Name bindDn ) throws NamingException
+        {
+            interceptors.add( this );
+            next.unbind( bindDn );
+        }
     }
 
 

Added: directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/test/java/org/apache/ldap/server/jndi/LdapJndiPropertiesTest.java
URL: http://svn.apache.org/viewcvs/directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/test/java/org/apache/ldap/server/jndi/LdapJndiPropertiesTest.java?rev=374636&view=auto
==============================================================================
--- directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/test/java/org/apache/ldap/server/jndi/LdapJndiPropertiesTest.java (added)
+++ directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/test/java/org/apache/ldap/server/jndi/LdapJndiPropertiesTest.java Fri Feb  3 02:31:25 2006
@@ -0,0 +1,115 @@
+package org.apache.ldap.server.jndi;
+
+import java.util.Hashtable;
+
+import javax.naming.Context;
+
+import org.apache.commons.lang.ArrayUtils;
+import org.apache.ldap.common.aci.AuthenticationLevel;
+import org.apache.ldap.common.exception.LdapConfigurationException;
+import org.apache.ldap.common.util.StringTools;
+
+import junit.framework.TestCase;
+
+
+public class LdapJndiPropertiesTest extends TestCase
+{
+    public void testEmptyEnv() throws Exception
+    {
+        try
+        {
+            new LdapJndiProperties( new Hashtable() );
+            fail( "should never get here" );
+        }
+        catch ( LdapConfigurationException e )
+        {
+        }
+    }
+
+    
+    public void testNullEnv() throws Exception
+    {
+        try
+        {
+            new LdapJndiProperties( null );
+            fail( "should never get here" );
+        }
+        catch ( LdapConfigurationException e )
+        {
+        }
+    }
+
+
+    public void testNoAuthWithCredsEnv() throws Exception
+    {
+        Hashtable env = new Hashtable();
+        env.put( Context.SECURITY_PRINCIPAL, "uid=admin,ou=system" );
+        env.put( Context.SECURITY_CREDENTIALS, "asdf" );
+        env.put( Context.PROVIDER_URL, "" );
+        LdapJndiProperties props = new LdapJndiProperties( env );
+        assertEquals( AuthenticationLevel.SIMPLE, props.getAuthenticationLevel() );
+        assertEquals( 1, props.getAuthenticationMechanisms().size() );
+        assertEquals( "simple", props.getAuthenticationMechanisms().get( 0 ) );
+        assertTrue( ArrayUtils.isEquals( StringTools.getBytesUtf8( "asdf" ), props.getCredentials() ) );
+    }
+
+
+    public void testNoAuthWithNoCredsEnv() throws Exception
+    {
+        Hashtable env = new Hashtable();
+        env.put( Context.SECURITY_PRINCIPAL, "" );
+        env.put( Context.PROVIDER_URL, "" );
+        LdapJndiProperties props = new LdapJndiProperties( env );
+        assertEquals( AuthenticationLevel.NONE, props.getAuthenticationLevel() );
+        assertEquals( 1, props.getAuthenticationMechanisms().size() );
+        assertEquals( "none", props.getAuthenticationMechanisms().get( 0 ) );
+        assertTrue( props.getCredentials() == null );
+    }
+
+
+    public void testAuthWithNoCredsEnv() throws Exception
+    {
+        Hashtable env = new Hashtable();
+        env.put( Context.SECURITY_PRINCIPAL, "" );
+        env.put( Context.SECURITY_AUTHENTICATION, "simple" );
+        try
+        {
+            new LdapJndiProperties( env );
+            fail( "should never get here" );
+        }
+        catch ( LdapConfigurationException e )
+        {
+        }
+    }
+
+
+    public void testAuthWithNoCredsStrong() throws Exception
+    {
+        Hashtable env = new Hashtable();
+        env.put( Context.SECURITY_PRINCIPAL, "" );
+        env.put( Context.SECURITY_AUTHENTICATION, "DIGEST-MD5 CRAM-MD5" );
+        env.put( Context.PROVIDER_URL, "" );
+        LdapJndiProperties props = new LdapJndiProperties( env );
+        assertEquals( AuthenticationLevel.STRONG, props.getAuthenticationLevel() );
+        assertEquals( 2, props.getAuthenticationMechanisms().size() );
+        assertEquals( "DIGEST-MD5", props.getAuthenticationMechanisms().get( 0 ) );
+        assertEquals( "CRAM-MD5", props.getAuthenticationMechanisms().get( 1 ) );
+        assertTrue( props.getCredentials() == null );
+    }
+
+
+    public void testAuthWithCredsStrong() throws Exception
+    {
+        Hashtable env = new Hashtable();
+        env.put( Context.SECURITY_PRINCIPAL, "" );
+        env.put( Context.SECURITY_CREDENTIALS, "asdf" );
+        env.put( Context.SECURITY_AUTHENTICATION, "DIGEST-MD5 CRAM-MD5" );
+        env.put( Context.PROVIDER_URL, "" );
+        LdapJndiProperties props = new LdapJndiProperties( env );
+        assertEquals( AuthenticationLevel.STRONG, props.getAuthenticationLevel() );
+        assertEquals( 2, props.getAuthenticationMechanisms().size() );
+        assertEquals( "DIGEST-MD5", props.getAuthenticationMechanisms().get( 0 ) );
+        assertEquals( "CRAM-MD5", props.getAuthenticationMechanisms().get( 1 ) );
+        assertTrue( ArrayUtils.isEquals( StringTools.getBytesUtf8( "asdf" ), props.getCredentials() ) );
+    }
+}

Propchange: directory/sandbox/akarasulu/rc1refactor/apacheds/core/src/test/java/org/apache/ldap/server/jndi/LdapJndiPropertiesTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: directory/sandbox/akarasulu/rc1refactor/apacheds/protocols/ldap/src/main/java/org/apache/ldap/server/protocol/support/UnbindHandler.java
URL: http://svn.apache.org/viewcvs/directory/sandbox/akarasulu/rc1refactor/apacheds/protocols/ldap/src/main/java/org/apache/ldap/server/protocol/support/UnbindHandler.java?rev=374636&r1=374635&r2=374636&view=diff
==============================================================================
--- directory/sandbox/akarasulu/rc1refactor/apacheds/protocols/ldap/src/main/java/org/apache/ldap/server/protocol/support/UnbindHandler.java (original)
+++ directory/sandbox/akarasulu/rc1refactor/apacheds/protocols/ldap/src/main/java/org/apache/ldap/server/protocol/support/UnbindHandler.java Fri Feb  3 02:31:25 2006
@@ -20,6 +20,7 @@
 import javax.naming.NamingException;
 import javax.naming.ldap.LdapContext;
 
+import org.apache.ldap.server.jndi.ServerLdapContext;
 import org.apache.ldap.server.protocol.SessionRegistry;
 import org.apache.mina.common.IoSession;
 import org.apache.mina.handler.demux.MessageHandler;
@@ -46,9 +47,20 @@
 
         try
         {
-            LdapContext ctx = SessionRegistry.getSingleton().getLdapContext( session, null, false );
+            ServerLdapContext ctx = null;
+            LdapContext ldapCtx = ( ServerLdapContext ) SessionRegistry.getSingleton().getLdapContext( session, null, false );
+            if ( ! ( ldapCtx instanceof ServerLdapContext ) )
+            {
+                ctx = ( ServerLdapContext ) ldapCtx.lookup( "" );
+            }
+            else
+            {
+                ctx = ( ServerLdapContext ) ldapCtx;
+            }
+            
             if ( ctx != null )
             {
+                ctx.ldapUnbind();
                 ctx.close();
             }
             registry.terminateSession( session );