Endi Sukma Dewata wrote:
>Alex Karasulu wrote:
>
>
>
>>Hmmmm. So to create an LdapPrincipal all you need to do is extend it.
>>I should have made it final. This sounds like the same security
>>problem. But you are right we do need something temporary. Making the
>>constructor public is the same thing. WDYT should I do this just for now?
>>
>>
>
>Actually what I meant is add the method in the AbstractAuthenticator.
>
> protected LdapPrincipal createLdapPrincipal( String dn ) {
> LdapName principalDn = new LdapName( dn );
> return new LdapPrincipal( principalDn );
> }
>
>This method would only be available to the subclasses of
>AbstractAuthenticator, i.e. the custom Authenticators.
>
>
This is perfect! Keeps things safe. Good tip.
>See the sample program for custom Authenticator:
>http://directory.apache.org/subprojects/apacheds/users/authentication.html
>
>The authenticate() method now can be implemented this way:
>
> public LdapPrincipal authenticate( ServerContext ctx ) {
> ...
> return createLdapPrincipal( dn );
> }
>
>This way you can keep LdapPrincipal final and private to the package, but
>the custom Authenticators can still use it.
>
>
Excellent I will add this right now.
Alex
|