karaf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Guillaume Nodet (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (KARAF-4486) LDAPOptions sets Context.SECURITY_AUTHENTICATION only if username is provided
Date Mon, 11 Apr 2016 22:59:25 GMT

    [ https://issues.apache.org/jira/browse/KARAF-4486?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15236157#comment-15236157
] 

Guillaume Nodet commented on KARAF-4486:
----------------------------------------

I think your PR will break some existing configuration because getAuthentication() returns
"simple" if it's not set explicitly.
This means that if we don't have the {{connection.username}} and {{authentication}} properties,
the {{java.naming.security.authentication}} property should not be set.

What about something like:
{code}
diff --git a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPOptions.java
b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPOptions.java
index a173b3e..3342636 100644
--- a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPOptions.java
+++ b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPOptions.java
@@ -144,9 +144,15 @@ public class LDAPOptions {
         env.put(Context.INITIAL_CONTEXT_FACTORY, getInitialContextFactory());
         env.put(Context.PROVIDER_URL, getConnectionURL());
         if (getConnectionUsername() != null && getConnectionUsername().trim().length()
> 0) {
-            env.put(Context.SECURITY_AUTHENTICATION, getAuthentication());
+            String auth = getAuthentication();
+            if (auth == null) {
+                auth = DEFAULT_AUTHENTICATION;
+            }
+            env.put(Context.SECURITY_AUTHENTICATION, auth);
             env.put(Context.SECURITY_PRINCIPAL, getConnectionUsername());
             env.put(Context.SECURITY_CREDENTIALS, getConnectionPassword());
+        } else if (getAuthentication() != null) {
+            env.put(Context.SECURITY_AUTHENTICATION, getAuthentication());
         }
         if (getSsl()) {
             setupSsl(env);
@@ -202,11 +208,7 @@ public class LDAPOptions {
     }
 
     public String getAuthentication() {
-        String authentication = (String) options.get(AUTHENTICATION);
-        if (authentication == null) {
-            authentication = DEFAULT_AUTHENTICATION;
-        }
-        return authentication;
+        return (String) options.get(AUTHENTICATION);
     }
 
     public boolean getSsl() {
{code} 

> LDAPOptions sets Context.SECURITY_AUTHENTICATION only if username is provided
> -----------------------------------------------------------------------------
>
>                 Key: KARAF-4486
>                 URL: https://issues.apache.org/jira/browse/KARAF-4486
>             Project: Karaf
>          Issue Type: Bug
>          Components: karaf-security
>    Affects Versions: 4.0.4
>            Reporter: Alexandre Cartapanis
>
> In the LDAPOptions#getEnv, the Context.SECURITY_AUTHENTICATION is sets only if a connectionUsername
is provided. This prevent using "no username" authentication like GSSAPI.
> See https://github.com/apache/karaf/blob/master/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPOptions.java#L147



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message