directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Karasulu" <akaras...@apache.org>
Subject Re: Custom Authenticator and Attributes
Date Fri, 14 Dec 2007 23:40:23 GMT
Wrong class; try on NexusProxy.

Alex

On Dec 14, 2007 6:22 PM, Steven Brendtro <steven.brendtro@gmail.com> wrote:

> I just checked svn, and for all versions (1.0.1, 1.0.2, 1.5.0, and 1.5.1)
> of ServerContext.java has only two overloads:
>
> public Object lookup( String name )
> public Object lookup( Name name )
>
> The first version just converts the name to an LdapDN and calls the
> second.
>
> Any other way around this?
>
> Steve
>
>
> On Dec 14, 2007 4:56 PM, Alex Karasulu <akarasulu@apache.org> wrote:
>
> > Basically the nexus proxy makes calls to the nexus after these calls are
> > intercepted by each interceptor in the InterceptorChain.  Hence why we call
> > it the NexusProxy.  You stumbled on a particular problem: you're not
> > authenticated yet obviously, but you're trying to go through the chain again
> > and are encountering the authentication interceptor.  You're lucky you got
> > this exception otherwise you would have infinite recursion followed by as
> > nasty OoME.
> >
> > I don't remember clearly but this version of the server might have
> > bypass instructions for the proxy.  See if there is a method overload for
> > lookup that takes a String[] in addition to the bindDn.  If you put the FQCN
> > of an interceptor into this String array (the second argument) you will
> > bypass that interceptor.  So you probably want to bypass a few of them.
> >
> > Alex
> >
> >
> > On Dec 14, 2007 5:21 PM, Steven Brendtro <steven.brendtro@gmail.com >
> > wrote:
> >
> > > Thanks for the suggestion.  It got me a bit farther, but I hit another
> > > wall.
> > >
> > > In my authenticator's implementation of authenticate(), I can't call
> > > ServerContext.getNexusProxy() as it is protected.  I did try:
> > >
> > >                 PartitionNexus nexusProxy = (PartitionNexus)
> > > serverContext.lookup( bindDn );
> > >                 Attributes attributeList = nexusProxy.lookup( bindDn
> > > );
> > >
> > > But got a nasty exception:
> > > org.apache.directory.server.core.interceptor.InterceptorException:
> > > Unexpected exception. [Root exception is
> > > java.lang.IllegalStateException: Attempted operation by
> > > unauthenticated caller.]
> > >
> > > In the middle of the stack trace was an an error pointing at the first
> > > line of these two.  I assume it has something to do with how I am casting
> > > the Object returned from the ServerContext.lookup call.  Any ideas on
> > > the right way to do this?
> > >
> > > Thanks,
> > > Steve
> > >
> > >
> > > On Dec 14, 2007 12:10 PM, Alex Karasulu <akarasulu@apache.org> wrote:
> > >
> > > > For 1.0 your best option is to grab a handle to the nexus on
> > > > initialization of your authenticator.  Use the nexus to lookup the
> > > > attributes of the user (the entry for the principalDn).  Then you can
> > > > perform what logic you need to interogate the attributes of the user.
> > > >
> > > > HTH,
> > > > Alex
> > > > On Dec 14, 2007 10:18 AM, Steven Brendtro <steven.brendtro@gmail.com>
> > > > wrote:
> > > >
> > > > > Oh, I forgot to mention... this is for 1.0.x (specifically 1.0.1).
> > > > >
> > > > > Thanks
> > > > >
> > > > >
> > > > > On Dec 14, 2007 8:59 AM, Steven Brendtro <steven.brendtro@gmail.com
> > > > > > wrote:
> > > > >
> > > > > > I am coding a custom Authenticator Interface for doing some
> > > > > > extra checking before authenticating the DN.  Basically before
I
> > > > > > authenticate, I want to check that the user (not sure what else
to call it)
> > > > > > has certain attributes set to specific values.  I've been looking
through
> > > > > > the API for the past few days and don't understand how to accomplish
this.
> > > > > > If possible, I want to get a set of Attributes back to iterate
through.
> > > > > >
> > > > > > Any suggestions would be most helpful.
> > > > > >
> > > > > > Thanks in advance.
> > > > > >
> > > > >
> > > > >
> > > >
> > >
> >
>

Mime
View raw message