directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Lecharny" <>
Subject Interceptors optimizations
Date Wed, 04 Apr 2007 16:26:47 GMT

just a few questions while I'm browsing the code :

1) Bind Operation :
when we do a Bind, we call the ServerContext() constructor, where the code
looks like :
    protected ServerContext(DirectoryService service, Hashtable env) throws
        this.service = service;

        // set references to cloned env and the proxy
        this.nexusProxy = new PartitionNexusProxy( this, service );

        DirectoryServiceConfiguration cfg = service.getConfiguration();
        this.env = ( Hashtable ) cfg.getEnvironment().clone();
        this.env.putAll( env );
        LdapJndiProperties props = LdapJndiProperties.getLdapJndiProperties(
this.env );
        dn = props.getProviderDn();

        // need to issue a bind operation here
        this.nexusProxy.bind( dn );

        if ( ! nexusProxy.hasEntry( dn ) )
            throw new NameNotFoundException( dn + " does not exist" );

        if ( dn.size() == 0 )

The last test is totally useless, but I also think that the previous one is
not needed : if we successfully bound, then the dn must exist in the server.
My guess is that the check is just because we didn't updated the Authent
cache after a modification, leading to pb when binding on a modified user.
Am I wrong ?

2) In SimpleAuthenticator (and it might be true in all the authenticators),
we call the lookupPassword method, to grab the password from the backend.
This is correct, but why don't we simply avoid going through all the
interceptors? We are still passing through referralService and
exceptionService, and I think this is not necessary. Is there something I'm
missing ?

3) In ExceptionService, lookup operation, we  have this code :
       // check if entry to lookup exists
        String msg = "Attempt to lookup non-existant entry: ";
        assertHasEntry( nextInterceptor, msg, ctx.getDn() );

        return nextInterceptor.lookup( lookupContext );

Is there a reason why we simply don't catch the exception from the last line
to generate a LdapNameNotFoundException (the assertHasEntry is throwing this
exception if the entry does not exist)

More generally, for internal calls, like lookup( password ), why don't we
just directly send them to the backend ? Am I missing something ?

Emmanuel L├ęcharny

View raw message