Return-Path: 
 <dev-return-5725-apmail-directory-dev-archive=directory.apache.org@directory.apache.org>
Delivered-To: apmail-directory-dev-archive@www.apache.org
Received: (qmail 16706 invoked from network); 3 May 2005 17:13:52 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199)
  by minotaur.apache.org with SMTP; 3 May 2005 17:13:52 -0000
Received: (qmail 39203 invoked by uid 500); 3 May 2005 16:28:32 -0000
Delivered-To: apmail-directory-dev-archive@directory.apache.org
Received: (qmail 39108 invoked by uid 500); 3 May 2005 16:28:31 -0000
Mailing-List: contact dev-help@directory.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@directory.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@directory.apache.org>
List-Post: <mailto:dev@directory.apache.org>
List-Id: <dev.directory.apache.org>
Reply-To: "Apache Directory Developers List" <dev@directory.apache.org>
Delivered-To: mailing list dev@directory.apache.org
Received: (qmail 39075 invoked by uid 99); 3 May 2005 16:28:30 -0000
X-ASF-Spam-Status: No, hits=0.0 required=10.0
	tests=
X-Spam-Check-By: apache.org
Received-SPF: pass (hermes.apache.org: local policy)
Received: from mail.vergenet.com (HELO mail.vergenet.com) (216.140.187.25)
  by apache.org (qpsmtpd/0.28) with ESMTP; Tue, 03 May 2005 09:28:30 -0700
Received: from endi (unknown [192.168.0.51])
	by mail.vergenet.com (Postfix) with ESMTP id 9A50013FF4
	for <dev@directory.apache.org>; Tue,  3 May 2005 11:06:49 -0500 (CDT)
From: "Endi Sukma Dewata" <endisd@vergenet.com>
To: "'Apache Directory Developers List'" <dev@directory.apache.org>
Subject: RE: Access to LdapPrincipal constructor
Date: Tue, 3 May 2005 11:26:33 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
In-Reply-To: <42778748.60006@bellsouth.net>
Thread-Index: AcVP7Df7yDCb1viUTzKmq28x0rSRzQADrLwQ
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.181
Message-Id: <20050503160649.9A50013FF4@mail.vergenet.com>
X-Virus-Checked: Checked
X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N


Alex Karasulu wrote:

> Hmmmm.  So to create an LdapPrincipal all you need to do is extend it.
> I should have made it final.  This sounds like the same security
> problem.  But you are right we do need something temporary.  Making the
> constructor public is the same thing.  WDYT should I do this just for now?

Actually what I meant is add the method in the AbstractAuthenticator.

    protected LdapPrincipal createLdapPrincipal( String dn ) {
        LdapName principalDn = new LdapName( dn );
        return new LdapPrincipal( principalDn );
    }

This method would only be available to the subclasses of
AbstractAuthenticator, i.e. the custom Authenticators.

See the sample program for custom Authenticator:
http://directory.apache.org/subprojects/apacheds/users/authentication.html

The authenticate() method now can be implemented this way:

    public LdapPrincipal authenticate( ServerContext ctx ) {
        ...
        return createLdapPrincipal( dn );
    }

This way you can keep LdapPrincipal final and private to the package, but
the custom Authenticators can still use it.

--
Endi S. Dewata