directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From pamarce...@apache.org
Subject svn commit: r1071709 - in /directory/shared/branches/m1/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api: CramMd5Request.java DigestMd5Request.java GssApiRequest.java LdapNetworkConnection.java SaslRequest.java
Date Thu, 17 Feb 2011 17:21:51 GMT
Author: pamarcelot
Date: Thu Feb 17 17:21:51 2011
New Revision: 1071709

URL: http://svn.apache.org/viewvc?rev=1071709&view=rev
Log:
Fix for DIRAPI-42 (Add additional classes and clean method arguments for SASL binds (CRAM-MD5,
DIGEST-MD5, GSS-API)).
Added support for specifying:
o krb5.conf file path
o a Configuration class for LoginModule

Modified:
    directory/shared/branches/m1/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/CramMd5Request.java
    directory/shared/branches/m1/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/DigestMd5Request.java
    directory/shared/branches/m1/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/GssApiRequest.java
    directory/shared/branches/m1/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java
    directory/shared/branches/m1/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/SaslRequest.java

Modified: directory/shared/branches/m1/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/CramMd5Request.java
URL: http://svn.apache.org/viewvc/directory/shared/branches/m1/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/CramMd5Request.java?rev=1071709&r1=1071708&r2=1071709&view=diff
==============================================================================
--- directory/shared/branches/m1/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/CramMd5Request.java
(original)
+++ directory/shared/branches/m1/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/CramMd5Request.java
Thu Feb 17 17:21:51 2011
@@ -25,14 +25,14 @@ import org.apache.directory.shared.ldap.
 
 
 /**
- * Holds the data required to complete the SASL operation
+ * Holds the data required to complete the CRAM-MD5 SASL operation
  *  
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  */
 public class CramMd5Request extends SaslRequest
-{   
+{
     /**
-     * TODO
+     * Creates a new instance of CramMd5Request.
      */
     public CramMd5Request()
     {

Modified: directory/shared/branches/m1/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/DigestMd5Request.java
URL: http://svn.apache.org/viewvc/directory/shared/branches/m1/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/DigestMd5Request.java?rev=1071709&r1=1071708&r2=1071709&view=diff
==============================================================================
--- directory/shared/branches/m1/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/DigestMd5Request.java
(original)
+++ directory/shared/branches/m1/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/DigestMd5Request.java
Thu Feb 17 17:21:51 2011
@@ -25,14 +25,14 @@ import org.apache.directory.shared.ldap.
 
 
 /**
- * Holds the data required to complete the SASL operation
+ * Holds the data required to complete the DIGEST-MD5 SASL operation
  *  
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  */
 public class DigestMd5Request extends SaslRequest
 {
     /**
-     * TODO
+     * Creates a new instance of DigestMd5Request.
      */
     public DigestMd5Request()
     {

Modified: directory/shared/branches/m1/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/GssApiRequest.java
URL: http://svn.apache.org/viewvc/directory/shared/branches/m1/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/GssApiRequest.java?rev=1071709&r1=1071708&r2=1071709&view=diff
==============================================================================
--- directory/shared/branches/m1/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/GssApiRequest.java
(original)
+++ directory/shared/branches/m1/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/GssApiRequest.java
Thu Feb 17 17:21:51 2011
@@ -21,11 +21,13 @@
 package org.apache.directory.ldap.client.api;
 
 
+import javax.security.auth.login.Configuration;
+
 import org.apache.directory.shared.ldap.model.constants.SupportedSaslMechanisms;
 
 
 /**
- * Holds the data required to complete the SASL operation
+ * Holds the data required to complete the GSS-API SASL operation
  *  
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  */
@@ -35,11 +37,17 @@ public class GssApiRequest extends SaslR
     protected String kdcHost;
 
     /** The KDC port */
-    protected int kdcPort;
+    protected int kdcPort = 0;
+
+    /** The krb5.conf file absolute path */
+    protected String krb5ConfFilePath;
+
+    /** The {@link javax.security.auth.login.Configuration} object for Login Module */
+    protected Configuration loginModuleConfiguration;
 
 
     /**
-     * TODO
+     * Creates a new instance of GssApiRequest.
      */
     public GssApiRequest()
     {
@@ -48,6 +56,17 @@ public class GssApiRequest extends SaslR
 
 
     /**
+     * Gets the {@link javax.security.auth.login.Configuration} object for Login Module.
+     *
+     * @return the {@link javax.security.auth.login.Configuration} object for Login Module
+     */
+    public Configuration getLoginModuleConfiguration()
+    {
+        return loginModuleConfiguration;
+    }
+
+
+    /**
      * Gets the KDC host.
      *
      * @return the KDC host
@@ -70,6 +89,28 @@ public class GssApiRequest extends SaslR
 
 
     /**
+     * Gets the (absolute) path to the 'krb5.conf' file.
+     *
+     * @return the (absolute) path to the 'krb5.conf' file
+     */
+    public String getKrb5ConfFilePath()
+    {
+        return krb5ConfFilePath;
+    }
+
+
+    /**
+     * Sets the {@link javax.security.auth.login.Configuration} object for Login Module.
+     *
+     * @param loginModuleConfiguration the {@link javax.security.auth.login.Configuration}
object for Login Module
+     */
+    public void setLoginModuleConfiguration( Configuration loginModuleConfiguration )
+    {
+        this.loginModuleConfiguration = loginModuleConfiguration;
+    }
+
+
+    /**
      * Sets the KDC host.
      *
      * @param kdcHost the KDC host
@@ -92,6 +133,17 @@ public class GssApiRequest extends SaslR
 
 
     /**
+     * Sets the (absolute) path to the 'krb5.conf' file.
+     *
+     * @param krb5ConfFilePath the (absolute) path to the 'krb5.conf' file
+     */
+    public void setKrb5ConfFilePath( String krb5ConfFilePath )
+    {
+        this.krb5ConfFilePath = krb5ConfFilePath;
+    }
+
+
+    /**
      * {@inheritDoc}
      */
     // Overriding the visibility of the method to public

Modified: directory/shared/branches/m1/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java
URL: http://svn.apache.org/viewvc/directory/shared/branches/m1/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java?rev=1071709&r1=1071708&r2=1071709&view=diff
==============================================================================
--- directory/shared/branches/m1/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java
(original)
+++ directory/shared/branches/m1/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java
Thu Feb 17 17:21:51 2011
@@ -61,8 +61,6 @@ import org.apache.directory.shared.asn1.
 import org.apache.directory.shared.ldap.codec.api.LdapCodecService;
 import org.apache.directory.shared.ldap.codec.api.LdapCodecServiceFactory;
 import org.apache.directory.shared.ldap.codec.api.MessageEncoderException;
-import org.apache.directory.shared.ldap.model.constants.SaslQoP;
-import org.apache.directory.shared.ldap.model.constants.SaslSecurityStrength;
 import org.apache.directory.shared.ldap.model.constants.SchemaConstants;
 import org.apache.directory.shared.ldap.model.cursor.Cursor;
 import org.apache.directory.shared.ldap.model.cursor.SearchCursor;
@@ -1385,23 +1383,47 @@ public class LdapNetworkConnection exten
     public BindFuture bindAsync( GssApiRequest request )
         throws LdapException, IOException
     {
-        System.clearProperty( "java.security.krb5.conf" );
-        String krbConfPath = createKrbConfFile( request.getRealmName(), request.getKdcHost(),
request.getKdcPort() );
-        System.setProperty( "java.security.krb5.conf", krbConfPath );
+        // Krb5.conf file
+        if ( request.getKrb5ConfFilePath() != null )
+        {
+            // Using the krb5.conf file provided by the user
+            System.setProperty( "java.security.krb5.conf", request.getKrb5ConfFilePath()
);
+        }
+        else if ( ( request.getRealmName() != null ) && ( request.getKdcHost() !=
null )
+            && ( request.getKdcPort() != 0 ) )
+        {
+            // Using a custom krb5.conf we create from the settings provided by the user
+            String krbConfPath = createKrbConfFile( request.getRealmName(), request.getKdcHost(),
request.getKdcPort() );
+            System.setProperty( "java.security.krb5.conf", krbConfPath );
+        }
+        else
+        {
+            // Using the system Kerberos configuration
+            System.clearProperty( "java.security.krb5.conf" );
+
+        }
 
-        Configuration.setConfiguration( new Krb5LoginConfiguration() );
-        System.setProperty( "javax.security.auth.useSubjectCredsOnly", "true" );
+        // Login Module configuration
+        if ( request.getLoginModuleConfiguration() != null )
+        {
+            // Using the configuration provided by the user
+            Configuration.setConfiguration( request.getLoginModuleConfiguration() );
+        }
+        else
+        {
+            // Using the default configuration
+            Configuration.setConfiguration( new Krb5LoginConfiguration() );
+        }
 
         try
         {
+            System.setProperty( "javax.security.auth.useSubjectCredsOnly", "true" );
             LoginContext loginContext = new LoginContext( "ldapnetworkconnection",
                         new SaslCallbackHandler( request ) );
             loginContext.login();
 
             final GssApiRequest requetFinal = request;
-
-            return ( BindFuture ) Subject.doAs( loginContext.getSubject(),
-                        new PrivilegedExceptionAction<Object>()
+            return ( BindFuture ) Subject.doAs( loginContext.getSubject(), new PrivilegedExceptionAction<Object>()
                     {
                         public Object run() throws Exception
                         {
@@ -3392,7 +3414,6 @@ public class LdapNetworkConnection exten
         {
             for ( Control cc : controls.values() )
             {
-                // FIXME why the cc is coming as null!?
                 if ( cc == null )
                 {
                     continue;

Modified: directory/shared/branches/m1/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/SaslRequest.java
URL: http://svn.apache.org/viewvc/directory/shared/branches/m1/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/SaslRequest.java?rev=1071709&r1=1071708&r2=1071709&view=diff
==============================================================================
--- directory/shared/branches/m1/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/SaslRequest.java
(original)
+++ directory/shared/branches/m1/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/SaslRequest.java
Thu Feb 17 17:21:51 2011
@@ -62,7 +62,7 @@ public abstract class SaslRequest
 
     /** The security strength */
     protected SaslSecurityStrength securityStrength;
-    
+
     /** Require mutual authentication */
     protected boolean mutualAuthentication = false;
 



Mime
View raw message