[Patch] JNDIRealm - SocketFactory support

Wed, 19 Mar 2008 08:21:58 -0700 

Hi devs,
I've added support to the JNDIRealm so that a custom javax.net.SocketFactory can be specified for the JNDI connection. This is necessary so that you can perform customized SSL negotiation on the connection. For instance, it allows you to connect to an SSL server with an invalid, expired, self-signed, or otherwise untrusted certificate. To do this, you just need to write a javax.net.ssl.SSLSocketFactory that does not perform the normal certificate validation during the SSL handshake and then specify the classname on the new setSocketFactory() call added by this patch. 


The patch was made against trunk of Tomcat 6.0.X. If you have any 
questions, please feel free to contact me. Thanks!


Seth Leger
Sr. Software Developer
Raritan, Inc.

Index: JNDIRealm.java
===================================================================
--- JNDIRealm.java      (revision 638858)
+++ JNDIRealm.java      (working copy)
@@ -228,6 +228,13 @@
 
 
     /**
+     * The [EMAIL PROTECTED] javax.net.SocketFactory} that will be used
+     * for connections to the directory server.
+     */
+    protected String socketFactory = null;
+
+
+    /**
      * How should we handle referrals?  Microsoft Active Directory can't handle
      * the default case, so an application authenticating against AD must
      * set referrals to "follow".
@@ -492,6 +499,25 @@
 
     }
 
+    /**
+     * Return the SocketFactory to be used.
+     */
+    public String getSocketFactory() {
+
+        return socketFactory;
+
+    }
+
+    /**
+     * Set the SocketFactory for this Realm.
+     *
+     * @param socketFactory The new SocketFactory.
+     */
+    public void setSocketFactory(String socketFactory) {
+
+        this.socketFactory = socketFactory;
+
+    }
 
     /**
      * Returns the current settings for handling JNDI referrals.
@@ -1674,6 +1700,11 @@
             env.put(Context.REFERRAL, referrals);
         if (derefAliases != null)
             env.put(JNDIRealm.DEREF_ALIASES, derefAliases);
+        // This directory context parameter is documented at:
+        // 
http://java.sun.com/j2se/1.5.0/docs/guide/jndi/jndi-ldap-gl.html#socket
+        if (socketFactory != null)
+            env.put("java.naming.ldap.factory.socket", socketFactory);
+
 
         return env;
 

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





















					Reply via email to