Re: svn commit: r1542339 - in /tomcat/trunk: java/org/apache/catalina/realm/JNDIRealm.java webapps/docs/config/realm.xml
On Nov 17, 2013, at 2:09 PM, Mark Thomas wrote: > On 15/11/2013 20:09, Konstantin Kolinko wrote: >> Wrong spelling of the property name. >> s/spengo/spnego/ > > Grr. I keep doing that. No idea why. I believe it has a reality distortion field. At least, I always have to remind myself it's not "spegno." signature.asc Description: Message signed with OpenPGP using GPGMail
Re: svn commit: r1542339 - in /tomcat/trunk: java/org/apache/catalina/realm/JNDIRealm.java webapps/docs/config/realm.xml
On 15/11/2013 20:09, Konstantin Kolinko wrote: > Wrong spelling of the property name. > s/spengo/spnego/ Grr. I keep doing that. No idea why. Fixed. Thanks for the review. Mark > > Regarding documentation (realm.xml): > Maybe add a notice on what "QOP" stands for, "Quality of Protection". > (It is not the first result in Google, though). > > http://docs.oracle.com/javase/7/docs/api/javax/security/sasl/Sasl.html#QOP > http://docs.oracle.com/javase/jndi/tutorial/ldap/security/sasl.html#qop > > > 2013/11/15 : >> Author: markt >> Date: Fri Nov 15 17:39:05 2013 >> New Revision: 1542339 >> >> URL: http://svn.apache.org/r1542339 >> Log: >> Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=55778 >> Make value used for javax.security.sasl.qop with SPNEGO configurable. >> >> Modified: >> tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java >> tomcat/trunk/webapps/docs/config/realm.xml >> >> Modified: tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java >> URL: >> http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java?rev=1542339&r1=1542338&r2=1542339&view=diff >> == >> --- tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java (original) >> +++ tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java Fri Nov 15 >> 17:39:05 2013 >> @@ -427,6 +427,14 @@ public class JNDIRealm extends RealmBase >> protected boolean useDelegatedCredential = true; >> >> >> +/** >> + * The QOP that should be used for the connection to the LDAP server >> after >> + * authentication. This value is used to set the >> + * javax.security.sasl.qop environment property for the >> LDAP >> + * connection. >> + */ >> +protected String spengoDelegationQop = "auth-conf"; >> + >> // - >> Properties >> >> /** >> @@ -980,7 +988,6 @@ public class JNDIRealm extends RealmBase >> } >> >> >> - >> public boolean isUseDelegatedCredential() { >> return useDelegatedCredential; >> } >> @@ -990,6 +997,15 @@ public class JNDIRealm extends RealmBase >> } >> >> >> +public String getSpengoDelegationQop() { >> +return spengoDelegationQop; >> +} >> + >> +public void setSpengoDelegationQop(String spengoDelegationQop) { >> +this.spengoDelegationQop = spengoDelegationQop; >> +} >> + >> + >> // -- Realm >> Methods >> >> /** >> @@ -2062,7 +2078,7 @@ public class JNDIRealm extends RealmBase >> context.addToEnvironment( >> "javax.security.sasl.server.authentication", >> "true"); >> context.addToEnvironment( >> -"javax.security.sasl.qop", "auth-conf"); >> +"javax.security.sasl.qop", spengoDelegationQop); >> // Note: Subject already set in SPNEGO authenticator so no >> need >> // for Subject.doAs() here >> } >> >> Modified: tomcat/trunk/webapps/docs/config/realm.xml >> URL: >> http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/realm.xml?rev=1542339&r1=1542338&r2=1542339&view=diff >> == >> --- tomcat/trunk/webapps/docs/config/realm.xml (original) >> +++ tomcat/trunk/webapps/docs/config/realm.xml Fri Nov 15 17:39:05 2013 >> @@ -551,6 +551,17 @@ >> 0 is used which indicates no limit. >> >> >> + >> +When the JNDI Realm is used with the SPNEGO authenticator and >> +useDelegatedCredential is true this >> attribute >> +controls the QOP that should be used for the connection to the LDAP >> +server after authentication. This value is used to set the >> +javax.security.sasl.qop environment property for the >> LDAP >> +connection. This attribute should be a comma-separated list of >> values >> +selected from auth-conf, auth-int and >> +auth. The default value is auth-conf. >> + >> + >> >> When processing users authenticated via the GSS-API, this >> attribute >> controls if any "@..." is removed from the end of the user >> @@ -565,7 +576,7 @@ >> >> >> >> -When the JNIRealm is used with the SPNEGO authenticator, >> delegated >> +When the JNDIRealm is used with the SPNEGO authenticator, >> delegated >> credentials for the user may be available. If such credentials are >> present, this attribute controls whether are not they are used to >> connect to the directory. If not specified, the default value of >> >> >> >> - >> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: dev-h...@t
Re: svn commit: r1542339 - in /tomcat/trunk: java/org/apache/catalina/realm/JNDIRealm.java webapps/docs/config/realm.xml
Wrong spelling of the property name. s/spengo/spnego/ Regarding documentation (realm.xml): Maybe add a notice on what "QOP" stands for, "Quality of Protection". (It is not the first result in Google, though). http://docs.oracle.com/javase/7/docs/api/javax/security/sasl/Sasl.html#QOP http://docs.oracle.com/javase/jndi/tutorial/ldap/security/sasl.html#qop 2013/11/15 : > Author: markt > Date: Fri Nov 15 17:39:05 2013 > New Revision: 1542339 > > URL: http://svn.apache.org/r1542339 > Log: > Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=55778 > Make value used for javax.security.sasl.qop with SPNEGO configurable. > > Modified: > tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java > tomcat/trunk/webapps/docs/config/realm.xml > > Modified: tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java > URL: > http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java?rev=1542339&r1=1542338&r2=1542339&view=diff > == > --- tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java (original) > +++ tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java Fri Nov 15 > 17:39:05 2013 > @@ -427,6 +427,14 @@ public class JNDIRealm extends RealmBase > protected boolean useDelegatedCredential = true; > > > +/** > + * The QOP that should be used for the connection to the LDAP server > after > + * authentication. This value is used to set the > + * javax.security.sasl.qop environment property for the LDAP > + * connection. > + */ > +protected String spengoDelegationQop = "auth-conf"; > + > // - > Properties > > /** > @@ -980,7 +988,6 @@ public class JNDIRealm extends RealmBase > } > > > - > public boolean isUseDelegatedCredential() { > return useDelegatedCredential; > } > @@ -990,6 +997,15 @@ public class JNDIRealm extends RealmBase > } > > > +public String getSpengoDelegationQop() { > +return spengoDelegationQop; > +} > + > +public void setSpengoDelegationQop(String spengoDelegationQop) { > +this.spengoDelegationQop = spengoDelegationQop; > +} > + > + > // -- Realm > Methods > > /** > @@ -2062,7 +2078,7 @@ public class JNDIRealm extends RealmBase > context.addToEnvironment( > "javax.security.sasl.server.authentication", "true"); > context.addToEnvironment( > -"javax.security.sasl.qop", "auth-conf"); > +"javax.security.sasl.qop", spengoDelegationQop); > // Note: Subject already set in SPNEGO authenticator so no > need > // for Subject.doAs() here > } > > Modified: tomcat/trunk/webapps/docs/config/realm.xml > URL: > http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/realm.xml?rev=1542339&r1=1542338&r2=1542339&view=diff > == > --- tomcat/trunk/webapps/docs/config/realm.xml (original) > +++ tomcat/trunk/webapps/docs/config/realm.xml Fri Nov 15 17:39:05 2013 > @@ -551,6 +551,17 @@ > 0 is used which indicates no limit. > > > + > +When the JNDI Realm is used with the SPNEGO authenticator and > +useDelegatedCredential is true this > attribute > +controls the QOP that should be used for the connection to the LDAP > +server after authentication. This value is used to set the > +javax.security.sasl.qop environment property for the > LDAP > +connection. This attribute should be a comma-separated list of values > +selected from auth-conf, auth-int and > +auth. The default value is auth-conf. > + > + > > When processing users authenticated via the GSS-API, this > attribute > controls if any "@..." is removed from the end of the user > @@ -565,7 +576,7 @@ > > > > -When the JNIRealm is used with the SPNEGO authenticator, delegated > +When the JNDIRealm is used with the SPNEGO authenticator, > delegated > credentials for the user may be available. If such credentials are > present, this attribute controls whether are not they are used to > connect to the directory. If not specified, the default value of > > > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1542339 - in /tomcat/trunk: java/org/apache/catalina/realm/JNDIRealm.java webapps/docs/config/realm.xml
Author: markt Date: Fri Nov 15 17:39:05 2013 New Revision: 1542339 URL: http://svn.apache.org/r1542339 Log: Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=55778 Make value used for javax.security.sasl.qop with SPNEGO configurable. Modified: tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java tomcat/trunk/webapps/docs/config/realm.xml Modified: tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java?rev=1542339&r1=1542338&r2=1542339&view=diff == --- tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java (original) +++ tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java Fri Nov 15 17:39:05 2013 @@ -427,6 +427,14 @@ public class JNDIRealm extends RealmBase protected boolean useDelegatedCredential = true; +/** + * The QOP that should be used for the connection to the LDAP server after + * authentication. This value is used to set the + * javax.security.sasl.qop environment property for the LDAP + * connection. + */ +protected String spengoDelegationQop = "auth-conf"; + // - Properties /** @@ -980,7 +988,6 @@ public class JNDIRealm extends RealmBase } - public boolean isUseDelegatedCredential() { return useDelegatedCredential; } @@ -990,6 +997,15 @@ public class JNDIRealm extends RealmBase } +public String getSpengoDelegationQop() { +return spengoDelegationQop; +} + +public void setSpengoDelegationQop(String spengoDelegationQop) { +this.spengoDelegationQop = spengoDelegationQop; +} + + // -- Realm Methods /** @@ -2062,7 +2078,7 @@ public class JNDIRealm extends RealmBase context.addToEnvironment( "javax.security.sasl.server.authentication", "true"); context.addToEnvironment( -"javax.security.sasl.qop", "auth-conf"); +"javax.security.sasl.qop", spengoDelegationQop); // Note: Subject already set in SPNEGO authenticator so no need // for Subject.doAs() here } Modified: tomcat/trunk/webapps/docs/config/realm.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/realm.xml?rev=1542339&r1=1542338&r2=1542339&view=diff == --- tomcat/trunk/webapps/docs/config/realm.xml (original) +++ tomcat/trunk/webapps/docs/config/realm.xml Fri Nov 15 17:39:05 2013 @@ -551,6 +551,17 @@ 0 is used which indicates no limit. + +When the JNDI Realm is used with the SPNEGO authenticator and +useDelegatedCredential is true this attribute +controls the QOP that should be used for the connection to the LDAP +server after authentication. This value is used to set the +javax.security.sasl.qop environment property for the LDAP +connection. This attribute should be a comma-separated list of values +selected from auth-conf, auth-int and +auth. The default value is auth-conf. + + When processing users authenticated via the GSS-API, this attribute controls if any "@..." is removed from the end of the user @@ -565,7 +576,7 @@ -When the JNIRealm is used with the SPNEGO authenticator, delegated +When the JNDIRealm is used with the SPNEGO authenticator, delegated credentials for the user may be available. If such credentials are present, this attribute controls whether are not they are used to connect to the directory. If not specified, the default value of - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org