Implementing a simple interceptor
The following is for developers who plan to implement their own interceptors in order to extend or modify the functionality of Apache Directory Server. It contains a simple example as a starting point.
What exactly is an interceptor?
An interceptor filters method calls performed on on the DefaultPartitionNexus just like Servlet filters do. The ApacheDS configuration contains a chain of filters performing several tasks. In order to illustrate this, here is the list of interceptors from the default server configuration of ApacheDS 1.5.5
Interceptors should usually pass the control of current invocation to the next interceptor by calling an appropriate method on NextInterceptor. The flow control is returned when the next interceptor's filter method returns. You can therefore implement pre-, post-, around- invocation handler by how you place the statement.
Interceptors are a powerful way to extend and modify the server behavior. But be warned. A mistakenly written interceptor may lead to a dis-functional or corrupt server.
Password hash. A simple interceptor
In order to demonstrate how to write an interceptor, here is a simple but realistic example. The following requirement should be fulfilled by an interceptor.
- no user passwords should be stored in clear text in the directory
- If a userpassword is set by an LDAP client in clear text, a message digest algorithm should be applied to the value, and the one-way encrypted value should be stored
- the algorithm should be applied if new entries are created or existing entries are modified (hence modify and add operations will be intercepted)
- If the value given by the client is already provided in hashed form, nothing happens
Currently, the sources are checked in here
In order to build it, simply check it out and type "mvn install".
Implementing the class PasswordHashInterceptor
The following UML class diagram depicts the structure of the little example.
Using the interceptor
Adding it to a server.xml file