I was aware of your PR and it's good news. Our Principal implementation differs from the PR: - attribute values are strings and some specific conversion are performed (e.g. converting objectGUID to canonical UUID) - has other fields/methods we use for OAuth (JASPIC) authentication
I think that some refactoring could make it easier to subclass Tomcat realms to return a custom Principal. -----Messaggio originale----- Da: Carsten Klein <c.kl...@datagis.com> Inviato: lunedì 21 giugno 2021 19:37 A: users@tomcat.apache.org Oggetto: Re: Subclassing JNDIRealm to return a custom Principal Roberto, On 21.06.2021 18:31, Roberto Benedetti wrote: > Hello, > in our product we subclassed JNDIRealm to return a custom Principal with > attributes retrieved from Active Directory (bug 65391 is going to add support > for that). > We overrode authenticate(DirContext, String, String) to retrieve the > attributes and return the custom Principal. > In Tomcat 9.0.39 the method has changed to authenticate(JNDIConnection, > String, String) and we cannot override it to retrieve the attributes because > JNDIConnection.context is not visible to subclasses. > Is there a work-around for that? Couldn't that new feature be an alternative for running your own implementation of the JNDIRealm? https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Ftomcat%2Fpull%2F428&data=04%7C01%7Croberto.benedetti%40dedalus.eu%7C75de31b2d3dd4e0ef4ff08d934db3436%7C9ffff5c3bdfa4a9db595ff68329945ef%7C0%7C0%7C637598938341356824%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=GivsLeZtrxqqEAdzokvlOrppKRvAam%2BoXYrCKlfHYB4%3D&reserved=0 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
