directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <kayyag...@apache.org>
Subject Re: Configuring custom authenticator for ApacheDS 2.0.0-M11
Date Mon, 01 Apr 2013 17:24:02 GMT
On Mon, Apr 1, 2013 at 4:47 PM, Denis Mikhalkin <denismo@yahoo.com> wrote:

> Hi,
>
> I'm written a custom authenticator
> (org.apache.directory.server.core.authn.Authenticator) and configured it at
> "ou=authenticators,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config".
> I can see that my class is getting loaded (constructor invoked), however
> its authenticate method never gets called.
>
> After digging through the source code I found the following suspicious
> sequence of actions:
> - The DirectoryService is getting created by createDirectoryService in
> ServiceBuilder
> - That calls createInterceptors() which creates the
> AuthenticationInterceptor. It reads the properties and creates my
> authenticator class
> - It then calls setAuthenticators with the array of authenticators which
> then calls register for each one of them
> - Register calls init however the directoryService is null (?!?) [1]
>
>   at
> org.apache.directory.server.core.authn.AuthenticationInterceptor.register(AuthenticationInterceptor.java:276)
>   at
> org.apache.directory.server.core.authn.AuthenticationInterceptor.setAuthenticators(AuthenticationInterceptor.java:240)
>   at
> org.apache.directory.server.config.builder.ServiceBuilder.createInterceptors(ServiceBuilder.java:182)
>   at
> org.apache.directory.server.config.builder.ServiceBuilder.createDirectoryService(ServiceBuilder.java:1380)
>   at
> org.apache.directory.server.ApacheDsService.initDirectoryService(ApacheDsService.java:300)
>   at
> org.apache.directory.server.ApacheDsService.start(ApacheDsService.java:179)
>   at org.apache.directory.server.UberjarMain.start(UberjarMain.java:76)
>   at org.apache.directory.server.UberjarMain.main(UberjarMain.java:54)
>
> Later, there is a call to DefaultDirectoryService.initialize which calls
> Authenticator.init on each Authenticator again. However, my class does not
> get invoked.
>
> What happens is that DefaultDirectoryService.initialize eventually gets to
> AuthenticationInterceptor, which reads the list of authenticators from
> the authenticators field. This field gets populated
> in setDefaultAuthenticators, but does not get updated since then. In the
> end, even though custom authenticators are initialized, only the default
> authenticators are registered with the interceptor [2].
>
> I'm puzzled by the behavior [1] however the most critical one is [2].
> Because of it I can't seem to be able to have my authenticator get invoked
> during authentication.
>
> I've done a manual quick fix by adding the update of
> the AuthenticationInterceptor.authenticators set during
> the AuthenticationInterceptor.register method and it seems to have fixed
> the issue. Not sure whether this is the right fix. May be I'm not
> configuring my authenticator correctly? The user guide does not seem to
> talk abut custom authenticators anymore...
>
> AuthenticationInterceptor:
>
>     private void register( Authenticator authenticator, DirectoryService
> directoryService ) throws LdapException
>     {
>         authenticator.init( directoryService );
>
>         Collection<Authenticator> authenticatorList = getAuthenticators(
> authenticator.getAuthenticatorType() );
>
>         if ( authenticatorList == null )
>         {
>             authenticatorList = new ArrayList<Authenticator>();
>             authenticatorsMapByType.put(
> authenticator.getAuthenticatorType(), authenticatorList );
>         }
>
>         authenticatorList.add( authenticator );
> +        authenticators.add( authenticator );
>     }
>
> Should I raise a JIRA issue or could this be a configuration problem?
>
> please file a bug, tracking will be easier, thank you for taking time to
report

> Thanks.
>
> Denis




-- 
Kiran Ayyagari
http://keydap.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message