Author: markt
Date: Wed Feb 1 14:49:51 2006
New Revision: 374199
URL: http://svn.apache.org/viewcvs?rev=374199&view=rev
Log:
Port changes for CLIENT-CERT in JNDIRealm from TC5.
Addresses bug 7831
Modified:
tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java
tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/realm/RealmBase.java
Modified:
tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java
URL:
http://svn.apache.org/viewcvs/tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java?rev=374199&r1=374198&r2=374199&view=diff
==============================================================================
---
tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java
(original)
+++
tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java
Wed Feb 1 14:49:51 2006
@@ -998,10 +998,6 @@
log(" dn=" + dn);
}
- // Return if no attributes to retrieve
- if (attrIds == null || attrIds.length == 0)
- return new User(username, dn, null, null);
-
// Get required attributes from user entry
Attributes attrs = null;
try {
@@ -1474,10 +1470,74 @@
*/
protected Principal getPrincipal(String username) {
- return (null);
+ DirContext context = null;
+ Principal principal = null;
+
+ try {
+
+ // Ensure that we have a directory context available
+ context = open();
+
+ // Occassionally the directory context will timeout. Try one more
+ // time before giving up.
+ try {
+
+ // Authenticate the specified username if possible
+ principal = getPrincipal(context, username);
+
+ } catch (CommunicationException e) {
+
+ // log the exception so we know it's there.
+ log(sm.getString("jndiRealm.exception"), e);
+
+ // close the connection so we know it will be reopened.
+ if (context != null)
+ close(context);
+
+ // open a new directory context.
+ context = open();
+
+ // Try the authentication again.
+ principal = getPrincipal(context, username);
+
+ }
+
+
+ // Release this context
+ release(context);
+
+ // Return the authenticated Principal (if any)
+ return (principal);
+
+ } catch (NamingException e) {
+
+ // Log the problem for posterity
+ log(sm.getString("jndiRealm.exception"), e);
+
+ // Close the connection so that it gets reopened next time
+ if (context != null)
+ close(context);
+
+ // Return "not authenticated" for this request
+ return (null);
+
+ }
}
+
+ /**
+ * Return the Principal associated with the given user name.
+ */
+ protected synchronized Principal getPrincipal(DirContext context,
+ String username)
+ throws NamingException {
+
+ User user = getUser(context, username);
+
+ return new GenericPrincipal(this, user.username, user.password ,
+ getRoles(context, user));
+ }
/**
Modified:
tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/realm/RealmBase.java
URL:
http://svn.apache.org/viewcvs/tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/realm/RealmBase.java?rev=374199&r1=374198&r2=374199&view=diff
==============================================================================
---
tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/realm/RealmBase.java
(original)
+++
tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/realm/RealmBase.java
Wed Feb 1 14:49:51 2006
@@ -413,7 +413,7 @@
}
// Check the existence of the client Principal in our database
- return (getPrincipal(certs[0].getSubjectDN().getName()));
+ return (getPrincipal(certs[0]));
}
@@ -673,6 +673,13 @@
protected abstract Principal getPrincipal(String username);
+ /**
+ * Return the Principal associated with the given certificate.
+ */
+ protected Principal getPrincipal(X509Certificate usercert) {
+ return(getPrincipal(usercert.getSubjectDN().getName()));
+ }
+
/**
* Log a message on the Logger associated with our Container (if any)
*
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
