R: Subclassing JNDIRealm to return a custom Principal
I was aware of your PR and it's good news. Our Principal implementation differs from the PR: - attribute values are strings and some specific conversion are performed (e.g. converting objectGUID to canonical UUID) - has other fields/methods we use for OAuth (JASPIC) authentication I think that some refactoring could make it easier to subclass Tomcat realms to return a custom Principal. -Messaggio originale- Da: Carsten Klein Inviato: lunedì 21 giugno 2021 19:37 A: users@tomcat.apache.org Oggetto: Re: Subclassing JNDIRealm to return a custom Principal Roberto, On 21.06.2021 18:31, Roberto Benedetti wrote: > Hello, > in our product we subclassed JNDIRealm to return a custom Principal with > attributes retrieved from Active Directory (bug 65391 is going to add support > for that). > We overrode authenticate(DirContext, String, String) to retrieve the > attributes and return the custom Principal. > In Tomcat 9.0.39 the method has changed to authenticate(JNDIConnection, > String, String) and we cannot override it to retrieve the attributes because > JNDIConnection.context is not visible to subclasses. > Is there a work-around for that? Couldn't that new feature be an alternative for running your own implementation of the JNDIRealm? https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Ftomcat%2Fpull%2F428data=04%7C01%7Croberto.benedetti%40dedalus.eu%7C75de31b2d3dd4e0ef4ff08d934db3436%7C95c3bdfa4a9db595ff68329945ef%7C0%7C0%7C637598938341356824%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=GivsLeZtrxqqEAdzokvlOrppKRvAam%2BoXYrCKlfHYB4%3Dreserved=0 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Subclassing JNDIRealm to return a custom Principal
Roberto, On 21.06.2021 18:31, Roberto Benedetti wrote: Hello, in our product we subclassed JNDIRealm to return a custom Principal with attributes retrieved from Active Directory (bug 65391 is going to add support for that). We overrode authenticate(DirContext, String, String) to retrieve the attributes and return the custom Principal. In Tomcat 9.0.39 the method has changed to authenticate(JNDIConnection, String, String) and we cannot override it to retrieve the attributes because JNDIConnection.context is not visible to subclasses. Is there a work-around for that? Couldn't that new feature be an alternative for running your own implementation of the JNDIRealm? https://github.com/apache/tomcat/pull/428 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Subclassing JNDIRealm to return a custom Principal
On 21/06/2021 17:31, Roberto Benedetti wrote: Hello, in our product we subclassed JNDIRealm to return a custom Principal with attributes retrieved from Active Directory (bug 65391 is going to add support for that). We overrode authenticate(DirContext, String, String) to retrieve the attributes and return the custom Principal. In Tomcat 9.0.39 the method has changed to authenticate(JNDIConnection, String, String) and we cannot override it to retrieve the attributes because JNDIConnection.context is not visible to subclasses. Is there a work-around for that? Not a simple one. I'll make those fields public. And probably final too. The fix will be in the next release. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Subclassing JNDIRealm to return a custom Principal
Hello, in our product we subclassed JNDIRealm to return a custom Principal with attributes retrieved from Active Directory (bug 65391 is going to add support for that). We overrode authenticate(DirContext, String, String) to retrieve the attributes and return the custom Principal. In Tomcat 9.0.39 the method has changed to authenticate(JNDIConnection, String, String) and we cannot override it to retrieve the attributes because JNDIConnection.context is not visible to subclasses. Is there a work-around for that? Thanks, Roberto - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org