tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject svn commit: r374199 - in /tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/realm: JNDIRealm.java RealmBase.java
Date Wed, 01 Feb 2006 22:49:54 GMT
Author: markt
Date: Wed Feb  1 14:49:51 2006
New Revision: 374199

URL: http://svn.apache.org/viewcvs?rev=374199&view=rev
Log:
Port changes for CLIENT-CERT in JNDIRealm from TC5.
Addresses bug 7831

Modified:
    tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java
    tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/realm/RealmBase.java

Modified: tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java
URL: http://svn.apache.org/viewcvs/tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java?rev=374199&r1=374198&r2=374199&view=diff
==============================================================================
--- tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java
(original)
+++ tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java
Wed Feb  1 14:49:51 2006
@@ -998,10 +998,6 @@
             log("  dn=" + dn);
         }
 
-        // Return if no attributes to retrieve
-        if (attrIds == null || attrIds.length == 0)
-            return new User(username, dn, null, null);
-
         // Get required attributes from user entry
         Attributes attrs = null;
         try {
@@ -1474,10 +1470,74 @@
      */
     protected Principal getPrincipal(String username) {
 
-        return (null);
+        DirContext context = null;
+        Principal principal = null;
+
+        try {
+
+            // Ensure that we have a directory context available
+            context = open();
+
+            // Occassionally the directory context will timeout.  Try one more
+            // time before giving up.
+            try {
+
+                // Authenticate the specified username if possible
+                principal = getPrincipal(context, username);
+
+            } catch (CommunicationException e) {
+
+                // log the exception so we know it's there.
+                log(sm.getString("jndiRealm.exception"), e);
+
+                // close the connection so we know it will be reopened.
+                if (context != null)
+                    close(context);
+
+                // open a new directory context.
+                context = open();
+
+                // Try the authentication again.
+                principal = getPrincipal(context, username);
+
+            }
+
+
+            // Release this context
+            release(context);
+
+            // Return the authenticated Principal (if any)
+            return (principal);
+
+        } catch (NamingException e) {
+
+            // Log the problem for posterity
+            log(sm.getString("jndiRealm.exception"), e);
+
+            // Close the connection so that it gets reopened next time
+            if (context != null)
+                close(context);
+
+            // Return "not authenticated" for this request
+            return (null);
+
+        }
 
     }
 
+
+    /**
+     * Return the Principal associated with the given user name.
+     */
+    protected synchronized Principal getPrincipal(DirContext context,
+                                                  String username)
+        throws NamingException {
+        
+        User user = getUser(context, username);
+        
+        return new GenericPrincipal(this, user.username, user.password ,
+                getRoles(context, user));
+    }
 
 
     /**

Modified: tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/realm/RealmBase.java
URL: http://svn.apache.org/viewcvs/tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/realm/RealmBase.java?rev=374199&r1=374198&r2=374199&view=diff
==============================================================================
--- tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/realm/RealmBase.java
(original)
+++ tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/realm/RealmBase.java
Wed Feb  1 14:49:51 2006
@@ -413,7 +413,7 @@
         }
 
         // Check the existence of the client Principal in our database
-        return (getPrincipal(certs[0].getSubjectDN().getName()));
+        return (getPrincipal(certs[0]));
 
     }
 
@@ -673,6 +673,13 @@
     protected abstract Principal getPrincipal(String username);
 
 
+    /**
+     * Return the Principal associated with the given certificate.
+     */
+    protected Principal getPrincipal(X509Certificate usercert) {
+        return(getPrincipal(usercert.getSubjectDN().getName()));
+    }
+    
     /**
      * Log a message on the Logger associated with our Container (if any)
      *



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message