Basically the nexus proxy makes calls to the nexus after these calls are intercepted by each interceptor in the InterceptorChain.  Hence why we call it the NexusProxy.  You stumbled on a particular problem: you're not authenticated yet obviously, but you're trying to go through the chain again and are encountering the authentication interceptor.  You're lucky you got this exception otherwise you would have infinite recursion followed by as nasty OoME. 

I don't remember clearly but this version of the server might have bypass instructions for the proxy.  See if there is a method overload for lookup that takes a String[] in addition to the bindDn.  If you put the FQCN of an interceptor into this String array (the second argument) you will bypass that interceptor.  So you probably want to bypass a few of them.


On Dec 14, 2007 5:21 PM, Steven Brendtro <> wrote:
Thanks for the suggestion.  It got me a bit farther, but I hit another wall.

In my authenticator's implementation of authenticate(), I can't call ServerContext.getNexusProxy() as it is protected.  I did try:

                PartitionNexus nexusProxy = (PartitionNexus) serverContext.lookup( bindDn );
                Attributes attributeList = nexusProxy.lookup( bindDn );

But got a nasty exception: Unexpected exception. [Root exception is java.lang.IllegalStateException: Attempted operation by unauthenticated caller.]

In the middle of the stack trace was an an error pointing at the first line of these two.  I assume it has something to do with how I am casting the Object returned from the ServerContext.lookup call.  Any ideas on the right way to do this?


On Dec 14, 2007 12:10 PM, Alex Karasulu <> wrote:
For 1.0 your best option is to grab a handle to the nexus on initialization of your authenticator.  Use the nexus to lookup the attributes of the user (the entry for the principalDn).  Then you can perform what logic you need to interogate the attributes of the user.
On Dec 14, 2007 10:18 AM, Steven Brendtro <> wrote:
Oh, I forgot to mention... this is for 1.0.x (specifically 1.0.1).


On Dec 14, 2007 8:59 AM, Steven Brendtro < > wrote:
I am coding a custom Authenticator Interface for doing some extra checking before authenticating the DN.  Basically before I authenticate, I want to check that the user (not sure what else to call it) has certain attributes set to specific values.  I've been looking through the API for the past few days and don't understand how to accomplish this.  If possible, I want to get a set of Attributes back to iterate through.

Any suggestions would be most helpful.

Thanks in advance.