I have a servlet that authenticates a user against LDAP. The servlet
runs perfect as an application, but causes an error when I convert it
to a servlet.
The problem seems to have something to do with DirContex because if I
comment it out, I get no error.
Code snip:
import java.util.Hashtable;
import java.util.Enumeration;
import javax.naming.*;
import javax.naming.directory.*;
import javax.servlet.http.*;
import javax.servlet.*;
import java.io.*;
.
.
.
public void doGet(HttpServletRequest req, HttpServletResponse res)
throws
ServletException, IOException
{
// Set content type and create a stream for output
res.setContentType("text/html");
PrintWriter out = res.getWriter();
// Get an Authorization header
String auth = req.getHeader("Authorization");
try
{
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, INITCTX);
env.put(Context.PROVIDER_URL, MY_HOST);
/*
* Error occurs here.
* If I comment this out -> no error
*/
DirContext ctx = new InitialDirContext(env);
SearchControls constraints = new SearchControls();
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
NamingEnumeration results = ctx.search(MY_SEARCHBASE, MY_FILTER,
constraints);
while ( results != null && results.hasMore() )
{
SearchResult sr = (SearchResult)results.next();
Attributes attrs = sr.getAttributes();
for ( NamingEnumeration ne = attrs.getAll(); ne.hasMoreElements() ;
)
{
Attribute attr = (Attribute)ne.next();
String attrID = attr.getID();
out.println( attrID + ":");
for ( Enumeration vals = attr.getAll(); vals.hasMoreElements() ;
)
{
out.println( "\t" + vals.nextElement() );
}
}
out.println( "\n" );
}
}
catch( Exception e )
{
out.println("Error in Try Method");
e.printStackTrace();
System.exit(1);
}
// Check if user exists in the LDAP database
if (!allowedUser(auth))
{
// Not allowed, so display unauthorized message
out.println("NOT AUTHORIZED!!");
res.sendError(res.SC_UNAUTHORIZED);
res.setHeader("WWW-Authenticate", "BASIC realm=\"users\"");
}
else
{
// User has a valid entry in the database
out.println("<H1>You have been authorized!!...</H1>");
}
} // end doGet
The error I get in the browser is:
Error in Try Method
Error: 500
Location: /servlet/TestLdap
Internal Servlet Error:
java.security.AccessControlException: access denied
(java.lang.RuntimePermission exitVM)
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:272)
at java.security.AccessController.checkPermission(AccessController.java:399)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:545)
at java.lang.SecurityManager.checkExit(SecurityManager.java:765)
at java.lang.Runtime.exit(Runtime.java:91)
at java.lang.System.exit(System.java:701)
at TestLdap.doGet(TestLdap.java:91)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at org.apache.tomcat.core.ServletWrapper.doService(ServletWrapper.java:405)
at org.apache.tomcat.core.Handler.service(Handler.java:287)
at org.apache.tomcat.core.ServletWrapper.service(ServletWrapper.java:372)
at
org.apache.tomcat.core.ContextManager.internalService(ContextManager.java:812)
at org.apache.tomcat.core.ContextManager.service(ContextManager.java:758)
at
org.apache.tomcat.service.connector.Ajp12ConnectionHandler.processConnection(Ajp12ConnectionHandler.java:166)
at org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:416)
at org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java:501)
at java.lang.Thread.run(Thread.java:484)
Notes:
I'm using Tomcat with Apache on Linux.
I have JAVA_HOME & TOMCAT_HOME set properly.
A "Hello World" servlet works fine.
Thanks in advance!
-joe
