cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm JNDIRealm.java
markt 2005/01/01 03:08:15 Modified:catalina/src/share/org/apache/catalina/realm JNDIRealm.java Log: Correct bugzilla URL Revision ChangesPath 1.17 +2 -2 jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java Index: JNDIRealm.java === RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java,v retrieving revision 1.16 retrieving revision 1.17 diff -u -r1.16 -r1.17 --- JNDIRealm.java19 Nov 2004 15:07:39 - 1.16 +++ JNDIRealm.java1 Jan 2005 11:08:15 - 1.17 @@ -144,7 +144,7 @@ * pstrongWARNING/strong - There is a reported bug against the Netscape * provider code (com.netscape.jndi.ldap.LdapContextFactory) with respect to * successfully authenticated a non-existing user. The - * report is here: http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11210 . + * report is here: http://issues.apache.org/bugzilla/show_bug.cgi?id=11210 . * With luck, Netscape has updated their provider code and this is not an * issue. /p * - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm JNDIRealm.java
markt 2004/06/18 16:22:31 Modified:catalina/src/share/org/apache/catalina/realm JNDIRealm.java Log: Fix bug 23572. The alternateURL should be used in more cases than just a naming excetion (eg network error) - Patch provided by Jean-Yves Collot - Ported from TC4 Revision ChangesPath 1.13 +2 -2 jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java Index: JNDIRealm.java === RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java,v retrieving revision 1.12 retrieving revision 1.13 diff -u -r1.12 -r1.13 --- JNDIRealm.java26 May 2004 15:51:14 - 1.12 +++ JNDIRealm.java18 Jun 2004 23:22:31 - 1.13 @@ -1473,7 +1473,7 @@ // Ensure that we have a directory context available context = new InitialDirContext(getDirectoryContextEnvironment()); -} catch (NamingException e) { +} catch (Exception e) { connectionAttempt = 1; - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm JNDIRealm.java
yoavs 2004/05/26 08:51:14 Modified:catalina/src/share/org/apache/catalina/realm JNDIRealm.java Log: Minor JavaDoc fixes (Bugzilla 28335) Revision ChangesPath 1.12 +3 -3 jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java Index: JNDIRealm.java === RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java,v retrieving revision 1.11 retrieving revision 1.12 diff -u -r1.11 -r1.12 --- JNDIRealm.java27 Feb 2004 14:58:45 - 1.11 +++ JNDIRealm.java26 May 2004 15:51:14 - 1.12 @@ -1143,7 +1143,7 @@ * retrieved from the directory. * * @param context The directory context - * @param user The User to be authenticated + * @param info The User to be authenticated * @param credentials Authentication credentials * * @exception NamingException if a directory server error occurs @@ -1640,7 +1640,7 @@ * \ - \5c * \0 - \00 * @param inString string to escape according to RFC 2254 guidelines - * @return + * @return String the escaped/encoded result */ protected String doRFC2254Encoding(String inString) { StringBuffer buf = new StringBuffer(inString.length()); - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm JNDIRealm.java
funkman 2004/02/05 17:50:02 Modified:catalina/src/share/org/apache/catalina/realm JNDIRealm.java Log: Bugzilla 26487 RFC 2254 done on whole string instead of just DN Patch submitted by Jeff Tulley - jtulley A T novell.com Revision ChangesPath 1.10 +5 -6 jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java Index: JNDIRealm.java === RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- JNDIRealm.java26 Jan 2004 19:47:16 - 1.9 +++ JNDIRealm.java6 Feb 2004 01:50:02 - 1.10 @@ -1340,8 +1340,7 @@ return (list); // Set up parameters for an appropriate search -String filter = roleFormat.format(new String[] { dn, username }); -filter = doRFC2254Encoding(filter); +String filter = roleFormat.format(new String[] { doRFC2254Encoding(dn), username }); SearchControls controls = new SearchControls(); if (roleSubtree) controls.setSearchScope(SearchControls.SUBTREE_SCOPE); - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm JNDIRealm.java
funkman 2003/12/12 13:43:26 Modified:catalina/src/share/org/apache/catalina/realm JNDIRealm.java Log: Resync with 4.1 fixes, in particular - they include: BZ 23190 16541 And Allow Multiple user patterns per http://marc.theaimsgroup.com/?l=tomcat-devm=106254937722504w=2 Revision ChangesPath 1.8 +185 -37 jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java Index: JNDIRealm.java === RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- JNDIRealm.java2 Sep 2003 21:22:05 - 1.7 +++ JNDIRealm.java12 Dec 2003 21:43:26 - 1.8 @@ -61,6 +61,8 @@ */ + + package org.apache.catalina.realm; @@ -70,24 +72,25 @@ import java.util.Hashtable; import java.util.List; -import javax.naming.AuthenticationException; -import javax.naming.CommunicationException; import javax.naming.Context; -import javax.naming.Name; +import javax.naming.CommunicationException; +import javax.naming.InvalidNameException; import javax.naming.NameNotFoundException; -import javax.naming.NameParser; import javax.naming.NamingEnumeration; import javax.naming.NamingException; +import javax.naming.NameParser; +import javax.naming.Name; +import javax.naming.AuthenticationException; import javax.naming.directory.Attribute; import javax.naming.directory.Attributes; import javax.naming.directory.DirContext; import javax.naming.directory.InitialDirContext; import javax.naming.directory.SearchControls; import javax.naming.directory.SearchResult; - import org.apache.catalina.LifecycleException; import org.apache.catalina.util.Base64; + /** * pImplementation of strongRealm/strong that works with a directory * server accessed via the Java Naming and Directory Interface (JNDI) APIs. @@ -298,6 +301,17 @@ /** + * A string of LDAP user patterns or paths, :-separated + * These will be used to form the distinguished name of a + * user, with {0} marking the spot where the specified username + * goes. + * This is similar to userPattern, but allows for multiple searches + * for a user. + */ +protected String[] userPatternArray = null; + + +/** * The message format used to form the distinguished name of a * user, with {0} marking the spot where the specified username * goes. @@ -306,10 +320,10 @@ /** - * The MessageFormat object associated with the current - * codeuserPattern/code. + * An array of MessageFormat objects associated with the current + * codeuserPatternArray/code. */ -protected MessageFormat userPatternFormat = null; +protected MessageFormat[] userPatternFormatArray = null; /** @@ -361,6 +375,11 @@ */ protected int connectionAttempt = 0; +/** + * The current user pattern to be used for lookup and binding of a user. + */ +protected int curUserPattern = 0; + // - Properties /** @@ -726,6 +745,11 @@ /** * Set the message format pattern for selecting users in this Realm. + * This may be one simple pattern, or multiple patterns to be tried, + * separated by parentheses. (for example, either cn={0}, or + * (cn={0})(cn={0},o=myorg) Full LDAP search strings are also supported, + * but only the OR, | syntax, so (|(cn={0})(cn={0},o=myorg)) is + * also valid. Complex search strings with , etc are NOT supported. * * @param userPattern The new user pattern */ @@ -733,12 +757,19 @@ this.userPattern = userPattern; if (userPattern == null) -userPatternFormat = null; -else -userPatternFormat = new MessageFormat(userPattern); - +userPatternArray = null; +else { +userPatternArray = parseUserPatternString(userPattern); +int len = this.userPatternArray.length; +userPatternFormatArray = new MessageFormat[len]; +for (int i=0; i len; i++) { +userPatternFormatArray[i] = +new MessageFormat(userPatternArray[i]); +} +} } + /** * Getter for property alternateURL. * @@ -750,6 +781,7 @@ } + /** * Setter for property alternateURL. * @@ -870,21 +902,50 @@ || credentials == null || credentials.equals()) return (null); -// Retrieve user information -User user =
cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm JNDIRealm.java
funkman 2003/08/08 09:39:54 Modified:catalina/src/share/org/apache/catalina/realm JNDIRealm.java Log: Fix bug 22236. addAttributeValues may return null. This could trigger a NPE if debugging was turned up =2 Also addAttributeValues() returns null if attrId or attrs is null while ignoring the third parameter values. So always return values. I think this behavior is more consistent with the javadocs too. Revision ChangesPath 1.6 +14 -10 jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java Index: JNDIRealm.java === RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- JNDIRealm.java6 Aug 2003 18:51:27 - 1.5 +++ JNDIRealm.java8 Aug 2003 16:39:54 - 1.6 @@ -1304,11 +1304,15 @@ list = addAttributeValues(roleName, attrs, list); } -// Return the augmented list of roles + if (debug = 2) { -log( Returning + list.size() + roles); -for (int i=0; ilist.size(); i++) -log(Found role + list.get(i)); +if (list != null) { +log( Returning + list.size() + roles); +for (int i=0; ilist.size(); i++) +log(Found role + list.get(i)); +} else { +log( getRoles about to return null ); +} } return (list); @@ -1366,12 +1370,12 @@ if (debug = 3) log( retrieving values for attribute + attrId); if (attrId == null || attrs == null) -return null; +return values; if (values == null) values = new ArrayList(); Attribute attr = attrs.get(attrId); if (attr == null) -return (null); +return (values); NamingEnumeration e = attr.getAll(); while(e.hasMore()) { String value = (String)e.next(); - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm JNDIRealm.java
funkman 2003/08/06 11:51:27 Modified:catalina/src/share/org/apache/catalina/realm JNDIRealm.java Log: Resync with 4.1 for the many bug fixes for JNDIRealm Revision ChangesPath 1.5 +127 -98 jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java Index: JNDIRealm.java === RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- JNDIRealm.java11 Jan 2003 01:57:39 - 1.4 +++ JNDIRealm.java6 Aug 2003 18:51:27 - 1.5 @@ -86,7 +86,7 @@ import org.apache.catalina.LifecycleException; import org.apache.catalina.Realm; import org.apache.catalina.util.StringManager; - +import org.apache.catalina.util.Base64; /** * pImplementation of strongRealm/strong that works with a directory @@ -107,7 +107,7 @@ * substituting the presented username into a pattern configured by the * codeuserPattern/code property./li * - * liAlternatively, if the codeuserPattern/code property is not + * liAlternatively, if the codeuserPattern/code property is not * specified, a unique element can be located by searching the directory * context. In this case: * ul @@ -122,7 +122,7 @@ * requests a search of only the current level./li */ul * /li - * + * * liThe user may be authenticated by binding to the directory with the * username and password presented. This method is used when the * codeuserPassword/code property is not specified./li @@ -183,6 +183,13 @@ * format objects) so that codeauthenticate()/code does not have to be * synchronized./p * + * pstrongWARNING/strong - There is a reported bug against the Netscape + * provider code (com.netscape.jndi.ldap.LdapContextFactory) with respect to + * successfully authenticated a non-existing user. The + * report is here: http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11210 . + * With luck, Netscape has updated their provider code and this is not an + * issue. /p + * * @author John Holman * @author Craig R. McClanahan * @version $Revision$ $Date$ @@ -244,19 +251,20 @@ /** - * The protocol that will be used in the communication with the directory server. + * The protocol that will be used in the communication with the + * directory server. */ protected String protocol = null; /** - * How should we handle referrals? Microsoft Active Directory can't handle - * the default case, so an application authenticating against AD must + * How should we handle referrals? Microsoft Active Directory can't handle + * the default case, so an application authenticating against AD must * set referrals to follow. */ protected String referrals = null; - - + + /** * The base element for user searches. */ @@ -292,7 +300,7 @@ /** * The message format used to form the distinguished name of a * user, with {0} marking the spot where the specified username - * goes. + * goes. */ protected String userPattern = null; @@ -342,11 +350,11 @@ */ protected boolean roleSubtree = false; -/** +/** * An alternate URL, to which, we should connect if connectionURL fails. */ -protected String alternateURL; - +protected String alternateURL; + /** * The number of connection attempts. If greater than zero we use the * alternate url. @@ -357,24 +365,24 @@ /** * Return the type of authentication to use. - */ + */ public String getAuthentication() { return authentication; - + } - + /** * Set the type of authentication to use. * * @param authentication The authentication */ public void setAuthentication(String authentication) { - + this.authentication = authentication; - + } - + /** * Return the connection username for this Realm. */ @@ -467,20 +475,20 @@ * Return the protocol to be used. */ public String getProtocol() { - + return protocol; - + } - + /** * Set the protocol for this Realm. * * @param protocol The new protocol. */ public void setProtocol(String protocol) { - + this.protocol = protocol; - + } @@ -493,13 +501,13 @@ /** - * How do we handle JNDI referrals? ignore, follow, or throw + * How do we handle JNDI
cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm JNDIRealm.java
amyroh 2002/11/18 17:27:59 Modified:catalina/src/share/org/apache/catalina/realm JNDIRealm.java Log: Port change to configure how JNDI should handle referrals returned by the server. Revision ChangesPath 1.3 +31 -4 jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java Index: JNDIRealm.java === RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- JNDIRealm.java12 Nov 2002 20:09:29 - 1.2 +++ JNDIRealm.java19 Nov 2002 01:27:59 - 1.3 @@ -247,6 +247,14 @@ /** + * How should we handle referrals? Microsoft Active Directory can't handle + * the default case, so an application authenticating against AD must + * set referrals to follow. + */ +protected String referrals = null; + + +/** * The base element for user searches. */ protected String userBase = ; @@ -469,6 +477,23 @@ /** + * Returns the current settings for handling JNDI referrals. + */ +public String getReferrals () { +return referrals; +} + + +/** + * How do we handle JNDI referrals? ignore, follow, or throw + * (see javax.naming.Context.REFERRAL for more information). + */ +public void setReferrals (String referrals) { +this.referrals = referrals; +} + + +/** * Return the base element for user searches. */ public String getUserBase() { @@ -1355,6 +1380,8 @@ env.put(Context.SECURITY_AUTHENTICATION, authentication); if (protocol != null) env.put(Context.SECURITY_PROTOCOL, protocol); +if (referrals != null) +env.put(Context.REFERRAL, referrals); context = new InitialDirContext(env); return (context); -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm JNDIRealm.java
amyroh 2002/11/12 12:09:30 Modified:catalina/src/share/org/apache/catalina/realm JNDIRealm.java Log: Port SSL support for JNDIRealm. Revision ChangesPath 1.2 +66 -5 jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java Index: JNDIRealm.java === RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- JNDIRealm.java18 Jul 2002 16:47:55 - 1.1 +++ JNDIRealm.java12 Nov 2002 20:09:29 - 1.2 -190,6 +190,12 /** + * The type of authentication to use + */ +protected String authentication = null; + + +/** * The connection username for the server we will contact. */ protected String connectionName = null; -235,6 +241,12 /** + * The protocol that will be used in the communication with the directory server. + */ +protected String protocol = null; + + +/** * The base element for user searches. */ protected String userBase = ; -325,6 +337,28 /** + * Return the type of authentication to use. + */ +public String getAuthentication() { + +return authentication; + +} + + +/** + * Set the type of authentication to use. + * + * param authentication The authentication + */ +public void setAuthentication(String authentication) { + +this.authentication = authentication; + +} + + +/** * Return the connection username for this Realm. */ public String getConnectionName() { -411,6 +445,29 } + +/** + * Return the protocol to be used. + */ +public String getProtocol() { + +return protocol; + +} + + +/** + * Set the protocol for this Realm. + * + * param protocol The new protocol. + */ +public void setProtocol(String protocol) { + +this.protocol = protocol; + +} + + /** * Return the base element for user searches. */ -1294,6 +1351,11 env.put(Context.SECURITY_CREDENTIALS, connectionPassword); if (connectionURL != null) env.put(Context.PROVIDER_URL, connectionURL); +if (authentication != null) +env.put(Context.SECURITY_AUTHENTICATION, authentication); +if (protocol != null) +env.put(Context.SECURITY_PROTOCOL, protocol); + context = new InitialDirContext(env); return (context); -1378,4 +1440,3 } } - -- To unsubscribe, e-mail: mailto:tomcat-dev-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-dev-help;jakarta.apache.org