directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Karasulu" <akaras...@apache.org>
Subject Re: Custom Authenticator and Attributes
Date Fri, 14 Dec 2007 22:56:43 GMT
Basically the nexus proxy makes calls to the nexus after these calls are
intercepted by each interceptor in the InterceptorChain.  Hence why we call
it the NexusProxy.  You stumbled on a particular problem: you're not
authenticated yet obviously, but you're trying to go through the chain again
and are encountering the authentication interceptor.  You're lucky you got
this exception otherwise you would have infinite recursion followed by as
nasty OoME.

I don't remember clearly but this version of the server might have bypass
instructions for the proxy.  See if there is a method overload for lookup
that takes a String[] in addition to the bindDn.  If you put the FQCN of an
interceptor into this String array (the second argument) you will bypass
that interceptor.  So you probably want to bypass a few of them.

Alex

On Dec 14, 2007 5:21 PM, Steven Brendtro <steven.brendtro@gmail.com> wrote:

> Thanks for the suggestion.  It got me a bit farther, but I hit another
> wall.
>
> In my authenticator's implementation of authenticate(), I can't call
> ServerContext.getNexusProxy() as it is protected.  I did try:
>
>                 PartitionNexus nexusProxy = (PartitionNexus)
> serverContext.lookup( bindDn );
>                 Attributes attributeList = nexusProxy.lookup( bindDn );
>
> But got a nasty exception:
> org.apache.directory.server.core.interceptor.InterceptorException:
> Unexpected exception. [Root exception is java.lang.IllegalStateException:
> Attempted operation by unauthenticated caller.]
>
> In the middle of the stack trace was an an error pointing at the first
> line of these two.  I assume it has something to do with how I am casting
> the Object returned from the ServerContext.lookup call.  Any ideas on the
> right way to do this?
>
> Thanks,
> Steve
>
>
> On Dec 14, 2007 12:10 PM, Alex Karasulu <akarasulu@apache.org> wrote:
>
> > For 1.0 your best option is to grab a handle to the nexus on
> > initialization of your authenticator.  Use the nexus to lookup the
> > attributes of the user (the entry for the principalDn).  Then you can
> > perform what logic you need to interogate the attributes of the user.
> >
> > HTH,
> > Alex
> > On Dec 14, 2007 10:18 AM, Steven Brendtro <steven.brendtro@gmail.com>
> > wrote:
> >
> > > Oh, I forgot to mention... this is for 1.0.x (specifically 1.0.1).
> > >
> > > Thanks
> > >
> > >
> > > On Dec 14, 2007 8:59 AM, Steven Brendtro <steven.brendtro@gmail.com >
> > > wrote:
> > >
> > > > I am coding a custom Authenticator Interface for doing some extra
> > > > checking before authenticating the DN.  Basically before I authenticate,
I
> > > > want to check that the user (not sure what else to call it) has certain
> > > > attributes set to specific values.  I've been looking through the API
for
> > > > the past few days and don't understand how to accomplish this.  If possible,
> > > > I want to get a set of Attributes back to iterate through.
> > > >
> > > > Any suggestions would be most helpful.
> > > >
> > > > Thanks in advance.
> > > >
> > >
> > >
> >
>

Mime
View raw message