directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Lecharny" <elecha...@gmail.com>
Subject Re: [ApacheDS] Internal vs. external lookups
Date Wed, 30 May 2007 09:20:00 GMT
Hi Enrique,

another solution would be to add a flag to the OperationContext which
is passed through the interceptors, to tell if the request is internal
or not.

Those contexts have been created for such purposes.

You have a context for each operation (SearchOperationContext,
LookupOperationContext ... in core (
org.apache.directory.server.core.interceptor.context ) ). Even adding
the flag to the inherited class ( AbstractOperationContext ) and
adding a method in the interface -OperationContext - could help (
isInternal() )

Hope it helps.

Emmanuel

On 5/30/07, Enrique Rodriguez <enriquer9@gmail.com> wrote:
> On 5/24/07, Enrique Rodriguez <enriquer9@gmail.com> wrote:
> > Hi, Directory developers,
> > ...
> > Is there any way to tell already if a lookup is internal vs. external?
> >  Is the InternalAuthenticator a viable option?  The implementation
> > would be trivial (I just did the StrongAuthenticator).
>
> I am at a point this week where I need a solution to determining
> whether a search or lookup is coming from internal vs. external to the
> server.  In my working copy I modified SimpleAuthenticator to support
> subclassing.  I now have an InternalAuthenticator, where the
> authenticatorType is "internal" and the resulting LdapPrincipals are
> of type AuthenticationLevel.INTERNAL and this works fine for me.  I
> subclassed SimpleAuthenticator so I could re-use the username/password
> support so internal authentication would not be totally wide-open.  I
> am still binding with the admin DN.
>
> I need to code more on my use case, but if this works for me then I
> would want to commit this and eventually update all the
> protocol-providers to use "internal" authentication.
>
> Does this make sense?
>
> Enrique
>


-- 
Regards,
Cordialement,
Emmanuel L├ęcharny
www.iktek.com

Mime
View raw message