Return-Path:
Delivered-To: apmail-jakarta-tomcat-dev-archive@apache.org
Received: (qmail 12783 invoked from network); 11 Jan 2003 01:57:50 -0000
Received: from exchange.sun.com (192.18.33.10)
by daedalus.apache.org with SMTP; 11 Jan 2003 01:57:50 -0000
Received: (qmail 1557 invoked by uid 97); 11 Jan 2003 01:59:12 -0000
Delivered-To: qmlist-jakarta-archive-tomcat-dev@jakarta.apache.org
Received: (qmail 1507 invoked by uid 97); 11 Jan 2003 01:59:11 -0000
Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
List-Unsubscribe:
List-Subscribe:
List-Help:
List-Post:
List-Id: "Tomcat Developers List"
Reply-To: "Tomcat Developers List"
Delivered-To: mailing list tomcat-dev@jakarta.apache.org
Received: (qmail 1467 invoked by uid 97); 11 Jan 2003 01:59:10 -0000
X-Antivirus: nagoya (v4218 created Aug 14 2002)
Date: 11 Jan 2003 01:57:40 -0000
Message-ID: <20030111015740.5067.qmail@icarus.apache.org>
From: glenn@apache.org
To: jakarta-tomcat-catalina-cvs@apache.org
Subject: cvs commit: jakarta-tomcat-catalina/webapps/docs realm-howto.xml
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N
glenn 2003/01/10 17:57:39
Modified: catalina/src/share/org/apache/catalina/realm JNDIRealm.java
webapps/docs realm-howto.xml
Log:
Port JNDIRealm alternateURL patch to Tomcat 5
Revision Changes Path
1.4 +122 -30 jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java
Index: JNDIRealm.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- JNDIRealm.java 19 Nov 2002 01:27:59 -0000 1.3
+++ JNDIRealm.java 11 Jan 2003 01:57:39 -0000 1.4
@@ -70,6 +70,7 @@
import java.util.Hashtable;
import java.util.List;
import javax.naming.Context;
+import javax.naming.CommunicationException;
import javax.naming.NameNotFoundException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
@@ -98,6 +99,10 @@
* element in the top level DirContext
that is accessed
* via the connectionURL
property.
*
+ * If a socket connection can not be made to the connectURL
+ * an attempt will be made to use the alternateURL
if it
+ * exists.
+ *
* Each user element has a distinguished name that can be formed by
* substituting the presented username into a pattern configured by the
* userPattern
property.
@@ -188,13 +193,11 @@
// ----------------------------------------------------- Instance Variables
-
/**
* The type of authentication to use
*/
protected String authentication = null;
-
/**
* The connection username for the server we will contact.
*/
@@ -244,15 +247,15 @@
* The protocol that will be used in the communication with the directory server.
*/
protected String protocol = null;
-
-
+
+
/**
* How should we handle referrals? Microsoft Active Directory can't handle
* the default case, so an application authenticating against AD must
* set referrals to "follow".
*/
protected String referrals = null;
-
+
/**
* The base element for user searches.
@@ -339,11 +342,19 @@
*/
protected boolean roleSubtree = false;
-
+ /**
+ * An alternate URL, to which, we should connect if connectionURL fails.
+ */
+ protected String alternateURL;
+
+ /**
+ * The number of connection attempts. If greater than zero we use the
+ * alternate url.
+ */
+ protected int connectionAttempt = 0;
// ------------------------------------------------------------- Properties
-
/**
* Return the type of authentication to use.
*/
@@ -353,7 +364,6 @@
}
-
/**
* Set the type of authentication to use.
*
@@ -364,8 +374,7 @@
this.authentication = authentication;
}
-
-
+
/**
* Return the connection username for this Realm.
*/
@@ -463,7 +472,6 @@
}
-
/**
* Set the protocol for this Realm.
*
@@ -491,7 +499,7 @@
public void setReferrals (String referrals) {
this.referrals = referrals;
}
-
+
/**
* Return the base element for user searches.
@@ -723,6 +731,28 @@
}
+ /**
+ * Getter for property alternateURL.
+ *
+ * @return Value of property alternateURL.
+ */
+ public String getAlternateURL() {
+
+ return this.alternateURL;
+
+ }
+
+ /**
+ * Setter for property alternateURL.
+ *
+ * @param alternateURL New value of property alternateURL.
+ */
+ public void setAlternateURL(String alternateURL) {
+
+ this.alternateURL = alternateURL;
+
+ }
+
// ---------------------------------------------------------- Realm Methods
@@ -743,15 +773,41 @@
public Principal authenticate(String username, String credentials) {
DirContext context = null;
+ Principal principal = null;
try {
// Ensure that we have a directory context available
context = open();
-
- // Authenticate the specified username if possible
- Principal principal = authenticate(context,
- username, credentials);
+
+ // Occassionally the directory context will timeout. Try one more
+ // time before giving up.
+ try {
+
+ // Authenticate the specified username if possible
+ principal = authenticate(context, username, credentials);
+
+ } catch (CommunicationException e) {
+
+ // If not a "Socket closed." error then rethrow.
+ if (e.getMessage().indexOf("Socket closed") < 0)
+ throw(e);
+
+ // log the exception so we know it's there.
+ log(sm.getString("jndiRealm.exception"), e);
+
+ // close the connection so we know it will be reopened.
+ if (context != null)
+ close(context);
+
+ // open a new directory context.
+ context = open();
+
+ // Try the authentication again.
+ principal = authenticate(context, username, credentials);
+
+ }
+
// Release this context
release(context);
@@ -1365,27 +1421,63 @@
if (context != null)
return (context);
- // Establish a connection and retrieve the initial context
- if (debug >= 1)
- log("Connecting to URL " + connectionURL);
+ try {
+
+ // Ensure that we have a directory context available
+ context = new InitialDirContext(getDirectoryContextEnvironment());
+
+ } catch (NamingException e) {
+
+ connectionAttempt = 1;
+
+ // log the first exception.
+ log(sm.getString("jndiRealm.exception"), e);
+
+ // Try connecting to the alternate url.
+ context = new InitialDirContext(getDirectoryContextEnvironment());
+
+ // reset it in case the connection times out.
+ // the primary may come back.
+ connectionAttempt = 0;
+
+ }
+
+ return (context);
+
+ }
+
+ /**
+ * Create our directory context configuration.
+ *
+ * @return java.util.Hashtable the configuration for the directory context.
+ */
+ protected Hashtable getDirectoryContextEnvironment() {
+
Hashtable env = new Hashtable();
+
+ // Configure our directory context environment.
+ if (debug >= 1 && connectionAttempt == 0)
+ log("Connecting to URL " + connectionURL);
+ else if (debug >= 1 && connectionAttempt > 0)
+ log("Connecting to URL " + alternateURL);
env.put(Context.INITIAL_CONTEXT_FACTORY, contextFactory);
if (connectionName != null)
env.put(Context.SECURITY_PRINCIPAL, connectionName);
if (connectionPassword != null)
env.put(Context.SECURITY_CREDENTIALS, connectionPassword);
- if (connectionURL != null)
+ if (connectionURL != null && connectionAttempt == 0)
env.put(Context.PROVIDER_URL, connectionURL);
+ else if (alternateURL != null && connectionAttempt > 0)
+ env.put(Context.PROVIDER_URL, alternateURL);
if (authentication != null)
env.put(Context.SECURITY_AUTHENTICATION, authentication);
if (protocol != null)
- env.put(Context.SECURITY_PROTOCOL, protocol);
+ env.put(Context.SECURITY_PROTOCOL, protocol);
if (referrals != null)
env.put(Context.REFERRAL, referrals);
-
- context = new InitialDirContext(env);
- return (context);
-
+
+ return env;
+
}
@@ -1440,7 +1532,7 @@
close(this.context);
}
-
+
}
1.5 +5 -0 jakarta-tomcat-catalina/webapps/docs/realm-howto.xml
Index: realm-howto.xml
===================================================================
RCS file: /home/cvs/jakarta-tomcat-catalina/webapps/docs/realm-howto.xml,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- realm-howto.xml 28 Dec 2002 02:05:39 -0000 1.4
+++ realm-howto.xml 11 Jan 2003 01:57:39 -0000 1.5
@@ -507,6 +507,11 @@
to, and optionally the port number and distinguished name (DN) of the
required root naming context.
+If you have more than one provider you can configure an
+alternateURL. If a socket connection can not be
+made to the provider at the connectionURL an
+attempt will be made to use the alternateURL.
+
When making a connection in order to search the directory and
retrieve user and role information, the realm authenticates itself to
the directory with the username and password specified by the
--
To unsubscribe, e-mail:
For additional commands, e-mail: