directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steven Brendtro" <steven.brend...@gmail.com>
Subject Re: Custom Authenticator and Attributes
Date Fri, 14 Dec 2007 23:22:23 GMT
I just checked svn, and for all versions (1.0.1, 1.0.2, 1.5.0, and 1.5.1) of
ServerContext.java has only two overloads:

public Object lookup( String name )
public Object lookup( Name name )

The first version just converts the name to an LdapDN and calls the second.


Any other way around this?

Steve

On Dec 14, 2007 4:56 PM, Alex Karasulu <akarasulu@apache.org> wrote:

> Basically the nexus proxy makes calls to the nexus after these calls are
> intercepted by each interceptor in the InterceptorChain.  Hence why we call
> it the NexusProxy.  You stumbled on a particular problem: you're not
> authenticated yet obviously, but you're trying to go through the chain again
> and are encountering the authentication interceptor.  You're lucky you got
> this exception otherwise you would have infinite recursion followed by as
> nasty OoME.
>
> I don't remember clearly but this version of the server might have bypass
> instructions for the proxy.  See if there is a method overload for lookup
> that takes a String[] in addition to the bindDn.  If you put the FQCN of an
> interceptor into this String array (the second argument) you will bypass
> that interceptor.  So you probably want to bypass a few of them.
>
> Alex
>
>
> On Dec 14, 2007 5:21 PM, Steven Brendtro <steven.brendtro@gmail.com>
> wrote:
>
> > Thanks for the suggestion.  It got me a bit farther, but I hit another
> > wall.
> >
> > In my authenticator's implementation of authenticate(), I can't call
> > ServerContext.getNexusProxy() as it is protected.  I did try:
> >
> >                 PartitionNexus nexusProxy = (PartitionNexus)
> > serverContext.lookup( bindDn );
> >                 Attributes attributeList = nexusProxy.lookup( bindDn );
> >
> > But got a nasty exception:
> > org.apache.directory.server.core.interceptor.InterceptorException:
> > Unexpected exception. [Root exception is java.lang.IllegalStateException:
> > Attempted operation by unauthenticated caller.]
> >
> > In the middle of the stack trace was an an error pointing at the first
> > line of these two.  I assume it has something to do with how I am casting
> > the Object returned from the ServerContext.lookup call.  Any ideas on
> > the right way to do this?
> >
> > Thanks,
> > Steve
> >
> >
> > On Dec 14, 2007 12:10 PM, Alex Karasulu <akarasulu@apache.org> wrote:
> >
> > > For 1.0 your best option is to grab a handle to the nexus on
> > > initialization of your authenticator.  Use the nexus to lookup the
> > > attributes of the user (the entry for the principalDn).  Then you can
> > > perform what logic you need to interogate the attributes of the user.
> > >
> > > HTH,
> > > Alex
> > > On Dec 14, 2007 10:18 AM, Steven Brendtro <steven.brendtro@gmail.com>
> > > wrote:
> > >
> > > > Oh, I forgot to mention... this is for 1.0.x (specifically 1.0.1).
> > > >
> > > > Thanks
> > > >
> > > >
> > > > On Dec 14, 2007 8:59 AM, Steven Brendtro <steven.brendtro@gmail.com
>
> > > > wrote:
> > > >
> > > > > I am coding a custom Authenticator Interface for doing some extra
> > > > > checking before authenticating the DN.  Basically before I authenticate,
I
> > > > > want to check that the user (not sure what else to call it) has certain
> > > > > attributes set to specific values.  I've been looking through the
API for
> > > > > the past few days and don't understand how to accomplish this.  If
possible,
> > > > > I want to get a set of Attributes back to iterate through.
> > > > >
> > > > > Any suggestions would be most helpful.
> > > > >
> > > > > Thanks in advance.
> > > > >
> > > >
> > > >
> > >
> >
>

Mime
View raw message