directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steven Brendtro" <steven.brend...@gmail.com>
Subject Re: Custom Authenticator and Attributes
Date Sat, 15 Dec 2007 05:50:40 GMT
Since ServerContext.getNexusProxy() is protected, I assume I need to create
a PartitionNexusProxy from scratch, correct?  Something like this?

       PartitionNexusProxy nexusProxy = new PartitionNexusProxy(
serverContext, serverContext.getService() );
       String[] attrIds = new String[4];
       attrIds[0] = "myAttribute1";
       attrIds[1] = "myAttribute2";
       attrIds[2] = "org.apache.directory.server.core.interceptor.???";
       attrIds[3] = "org.apache.directory.server.core.interceptor.???";
       Attributes myAttributes = nexusProxy.lookup( binDn, attrIds );

How do I know what interceptors will need to be listed?  Sorry, I'm new to
the concept of interceptors, and only 1 week into the ApacheDS code.

Thanks again for your help.

Steve


On Dec 14, 2007 5:40 PM, Alex Karasulu <akarasulu@apache.org> wrote:

> Wrong class; try on NexusProxy.
>
> Alex
>
>
> On Dec 14, 2007 6:22 PM, Steven Brendtro <steven.brendtro@gmail.com>
> wrote:
>
> > I just checked svn, and for all versions (1.0.1, 1.0.2, 1.5.0, and 1.5.1)
> > of ServerContext.java has only two overloads:
> >
> > public Object lookup( String name )
> > public Object lookup( Name name )
> >
> > The first version just converts the name to an LdapDN and calls the
> > second.
> >
> > Any other way around this?
> >
> > Steve
> >
> >
> > On Dec 14, 2007 4:56 PM, Alex Karasulu <akarasulu@apache.org> wrote:
> >
> > > Basically the nexus proxy makes calls to the nexus after these calls
> > > are intercepted by each interceptor in the InterceptorChain.  Hence why we
> > > call it the NexusProxy.  You stumbled on a particular problem: you're not
> > > authenticated yet obviously, but you're trying to go through the chain again
> > > and are encountering the authentication interceptor.  You're lucky you got
> > > this exception otherwise you would have infinite recursion followed by as
> > > nasty OoME.
> > >
> > > I don't remember clearly but this version of the server might have
> > > bypass instructions for the proxy.  See if there is a method overload for
> > > lookup that takes a String[] in addition to the bindDn.  If you put the FQCN
> > > of an interceptor into this String array (the second argument) you will
> > > bypass that interceptor.  So you probably want to bypass a few of them.
> > >
> > > Alex
> > >
> > >
> > > On Dec 14, 2007 5:21 PM, Steven Brendtro <steven.brendtro@gmail.com >
> > > wrote:
> > >
> > > > Thanks for the suggestion.  It got me a bit farther, but I hit
> > > > another wall.
> > > >
> > > > In my authenticator's implementation of authenticate(), I can't call
> > > > ServerContext.getNexusProxy() as it is protected.  I did try:
> > > >
> > > >                 PartitionNexus nexusProxy = (PartitionNexus)
> > > > serverContext.lookup( bindDn );
> > > >                 Attributes attributeList = nexusProxy.lookup( bindDn
> > > > );
> > > >
> > > > But got a nasty exception:
> > > > org.apache.directory.server.core.interceptor.InterceptorException:
> > > > Unexpected exception. [Root exception is
> > > > java.lang.IllegalStateException: Attempted operation by
> > > > unauthenticated caller.]
> > > >
> > > > In the middle of the stack trace was an an error pointing at the
> > > > first line of these two.  I assume it has something to do with how I am
> > > > casting the Object returned from the ServerContext.lookup call.  Any
> > > > ideas on the right way to do this?
> > > >
> > > > Thanks,
> > > > Steve
> > > >
> > > >
> > > > On Dec 14, 2007 12:10 PM, Alex Karasulu <akarasulu@apache.org>
> > > > wrote:
> > > >
> > > > > For 1.0 your best option is to grab a handle to the nexus on
> > > > > initialization of your authenticator.  Use the nexus to lookup the
> > > > > attributes of the user (the entry for the principalDn).  Then you
can
> > > > > perform what logic you need to interogate the attributes of the user.
> > > > >
> > > > > HTH,
> > > > > Alex
> > > > > On Dec 14, 2007 10:18 AM, Steven Brendtro <
> > > > > steven.brendtro@gmail.com> wrote:
> > > > >
> > > > > > Oh, I forgot to mention... this is for 1.0.x (specifically 1.0.1
> > > > > > ).
> > > > > >
> > > > > > Thanks
> > > > > >
> > > > > >
> > > > > > On Dec 14, 2007 8:59 AM, Steven Brendtro <steven.brendtro@gmail.com
> > > > > > > wrote:
> > > > > >
> > > > > > > I am coding a custom Authenticator Interface for doing
some
> > > > > > > extra checking before authenticating the DN.  Basically
before I
> > > > > > > authenticate, I want to check that the user (not sure what
else to call it)
> > > > > > > has certain attributes set to specific values.  I've been
looking through
> > > > > > > the API for the past few days and don't understand how
to accomplish this.
> > > > > > > If possible, I want to get a set of Attributes back to
iterate through.
> > > > > > >
> > > > > > > Any suggestions would be most helpful.
> > > > > > >
> > > > > > > Thanks in advance.
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>

Mime
View raw message