directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Karasulu" <akaras...@apache.org>
Subject Re: [ApacheDS] Internal vs. external lookups
Date Wed, 30 May 2007 17:09:49 GMT
Sorry will respond to this thread in a little bit.  Processing backlog now.

On 5/30/07, Emmanuel Lecharny <elecharny@gmail.com> wrote:
>
> Hi Enrique,
>
> another solution would be to add a flag to the OperationContext which
> is passed through the interceptors, to tell if the request is internal
> or not.
>
> Those contexts have been created for such purposes.
>
> You have a context for each operation (SearchOperationContext,
> LookupOperationContext ... in core (
> org.apache.directory.server.core.interceptor.context ) ). Even adding
> the flag to the inherited class ( AbstractOperationContext ) and
> adding a method in the interface -OperationContext - could help (
> isInternal() )
>
> Hope it helps.
>
> Emmanuel
>
> On 5/30/07, Enrique Rodriguez <enriquer9@gmail.com> wrote:
> > On 5/24/07, Enrique Rodriguez <enriquer9@gmail.com> wrote:
> > > Hi, Directory developers,
> > > ...
> > > Is there any way to tell already if a lookup is internal vs. external?
> > >  Is the InternalAuthenticator a viable option?  The implementation
> > > would be trivial (I just did the StrongAuthenticator).
> >
> > I am at a point this week where I need a solution to determining
> > whether a search or lookup is coming from internal vs. external to the
> > server.  In my working copy I modified SimpleAuthenticator to support
> > subclassing.  I now have an InternalAuthenticator, where the
> > authenticatorType is "internal" and the resulting LdapPrincipals are
> > of type AuthenticationLevel.INTERNAL and this works fine for me.  I
> > subclassed SimpleAuthenticator so I could re-use the username/password
> > support so internal authentication would not be totally wide-open.  I
> > am still binding with the admin DN.
> >
> > I need to code more on my use case, but if this works for me then I
> > would want to commit this and eventually update all the
> > protocol-providers to use "internal" authentication.
> >
> > Does this make sense?
> >
> > Enrique
> >
>
>
> --
> Regards,
> Cordialement,
> Emmanuel L├ęcharny
> www.iktek.com
>

Mime
View raw message