Author: markt Date: Fri Jan 27 15:27:16 2006 New Revision: 373029 URL: http://svn.apache.org/viewcvs?rev=373029&view=rev Log: Bug 7831 Add basic support for CLIENT-CERT authentication in JNDIRealm It is likely that users will have to extend JNDIRealm and override getPrincipal(X509Certificate) for their particular configuration.
Modified: tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java Modified: tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java URL: http://svn.apache.org/viewcvs/tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java?rev=373029&r1=373028&r2=373029&view=diff ============================================================================== --- tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java (original) +++ tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java Fri Jan 27 15:27:16 2006 @@ -986,10 +986,6 @@ // Form the dn from the user pattern String dn = userPatternFormatArray[curUserPattern].format(new String[] { username }); - // Return if no attributes to retrieve - if (attrIds == null || attrIds.length == 0) - return new User(username, dn, null, null); - // Get required attributes from user entry Attributes attrs = null; try { @@ -1485,17 +1481,80 @@ } - /** * Return the Principal associated with the given user name. */ protected Principal getPrincipal(String username) { - return (null); + DirContext context = null; + Principal principal = null; + + try { + + // Ensure that we have a directory context available + context = open(); + + // Occassionally the directory context will timeout. Try one more + // time before giving up. + try { + + // Authenticate the specified username if possible + principal = getPrincipal(context, username); + + } catch (CommunicationException e) { + + // log the exception so we know it's there. + containerLog.warn(sm.getString("jndiRealm.exception"), e); + + // close the connection so we know it will be reopened. + if (context != null) + close(context); + + // open a new directory context. + context = open(); + + // Try the authentication again. + principal = getPrincipal(context, username); + + } + + + // Release this context + release(context); + + // Return the authenticated Principal (if any) + return (principal); + + } catch (NamingException e) { + + // Log the problem for posterity + containerLog.error(sm.getString("jndiRealm.exception"), e); + + // Close the connection so that it gets reopened next time + if (context != null) + close(context); + + // Return "not authenticated" for this request + return (null); + + } + } + /** + * Return the Principal associated with the given user name. + */ + protected synchronized Principal getPrincipal(DirContext context, + String username) + throws NamingException { + + User user = getUser(context, username); + + return new GenericPrincipal(this, user.username, user.password , + getRoles(context, user)); + } /** * Open (if necessary) and return a connection to the configured --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]