cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm JNDIRealm.java
markt 2005/01/01 03:06:59 Modified:catalina/src/share/org/apache/catalina/realm JNDIRealm.java Log: Correct bugzilla URL Revision ChangesPath 1.21 +2 -2 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java Index: JNDIRealm.java === RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java,v retrieving revision 1.20 retrieving revision 1.21 diff -u -r1.20 -r1.21 --- JNDIRealm.java10 Oct 2004 20:38:08 - 1.20 +++ JNDIRealm.java1 Jan 2005 11:06:58 - 1.21 @@ -141,7 +141,7 @@ * pstrongWARNING/strong - There is a reported bug against the Netscape * provider code (com.netscape.jndi.ldap.LdapContextFactory) with respect to * successfully authenticated a non-existing user. The - * report is here: http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11210 . + * report is here: http://issues.apache.org/bugzilla/show_bug.cgi?id=11210 . * With luck, Netscape has updated their provider code and this is not an * issue. /p * - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm JNDIRealm.java
markt 2004/06/18 16:21:57 Modified:catalina/src/share/org/apache/catalina/realm JNDIRealm.java Log: Fix bug 23572. The alternateURL should be used in more cases than just a naming excetion (eg network error) - Patch provided by Jean-Yves Collot Also fixed some unused imports identified by Eclipse Revision ChangesPath 1.18 +5 -7 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java Index: JNDIRealm.java === RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java,v retrieving revision 1.17 retrieving revision 1.18 diff -u -r1.17 -r1.18 --- JNDIRealm.java6 Feb 2004 01:49:48 - 1.17 +++ JNDIRealm.java18 Jun 2004 23:21:57 - 1.18 @@ -86,8 +86,6 @@ import javax.naming.directory.SearchControls; import javax.naming.directory.SearchResult; import org.apache.catalina.LifecycleException; -import org.apache.catalina.Realm; -import org.apache.catalina.util.StringManager; import org.apache.catalina.util.Base64; @@ -1519,7 +1517,7 @@ // Ensure that we have a directory context available context = new InitialDirContext(getDirectoryContextEnvironment()); -} catch (NamingException e) { +} catch (Exception e) { connectionAttempt = 1; - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm JNDIRealm.java
funkman 2004/02/05 17:49:48 Modified:catalina/src/share/org/apache/catalina/realm JNDIRealm.java Log: Bugzilla 26487 RFC 2254 done on whole string instead of just DN Patch submitted by Jeff Tulley - jtulley A T novell.com Revision ChangesPath 1.17 +5 -6 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java Index: JNDIRealm.java === RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java,v retrieving revision 1.16 retrieving revision 1.17 diff -u -r1.16 -r1.17 --- JNDIRealm.java12 Dec 2003 21:31:56 - 1.16 +++ JNDIRealm.java6 Feb 2004 01:49:48 - 1.17 @@ -1340,8 +1340,7 @@ return (list); // Set up parameters for an appropriate search -String filter = roleFormat.format(new String[] { dn, username }); -filter = doRFC2254Encoding(filter); +String filter = roleFormat.format(new String[] { doRFC2254Encoding(dn), username }); SearchControls controls = new SearchControls(); if (roleSubtree) controls.setSearchScope(SearchControls.SUBTREE_SCOPE); - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm JNDIRealm.java
funkman 2003/08/06 11:43:00 Modified:catalina/src/share/org/apache/catalina/realm JNDIRealm.java Log: Fix bug 14817 - JNDIRealm SHA digest implementation incorrect Add Javadoc note for bug 11210 Revision ChangesPath 1.13 +28 -7 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java Index: JNDIRealm.java === RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java,v retrieving revision 1.12 retrieving revision 1.13 diff -u -r1.12 -r1.13 --- JNDIRealm.java5 Aug 2003 00:54:26 - 1.12 +++ JNDIRealm.java6 Aug 2003 18:43:00 - 1.13 @@ -86,7 +86,7 @@ import org.apache.catalina.LifecycleException; import org.apache.catalina.Realm; import org.apache.catalina.util.StringManager; - +import org.apache.catalina.util.Base64; /** * pImplementation of strongRealm/strong that works with a directory @@ -183,6 +183,13 @@ * format objects) so that codeauthenticate()/code does not have to be * synchronized./p * + * pstrongWARNING/strong - There is a reported bug against the Netscape + * provider code (com.netscape.jndi.ldap.LdapContextFactory) with respect to + * successfully authenticated a non-existing user. The + * report is here: http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11210 . + * With luck, Netscape has updated their provider code and this is not an + * issue. /p + * * @author John Holman * @author Craig R. McClanahan * @version $Revision$ $Date$ @@ -1144,8 +1151,22 @@ boolean validated = false; if (hasMessageDigest()) { -// Hex hashes should be compared case-insensitive -validated = (digest(credentials).equalsIgnoreCase(password)); +// iPlanet support if the values starts with {SHA1} +// The string is in a format compatible with Base64.encode not +// the Hex encoding of the parent class. +if (password.startsWith({SHA})) { +/* sync since super.digest() does this same thing */ +synchronized (this) { +password = password.substring(5); +md.reset(); +md.update(credentials.getBytes()); +String digestedPassword = new String(Base64.encode(md.digest())); +validated = password.equals(digestedPassword); +} +} else { +// Hex hashes should be compared case-insensitive +validated = (digest(credentials).equalsIgnoreCase(password)); +} } else validated = (digest(credentials).equals(password)); return (validated); - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm JNDIRealm.java
funkman 2003/08/08 09:40:13 Modified:catalina/src/share/org/apache/catalina/realm JNDIRealm.java Log: Fix bug 22236. addAttributeValues may return null. This could trigger a NPE if debugging was turned up =2 Also addAttributeValues() returns null if attrId or attrs is null while ignoring the third parameter values. So always return values. I think this behavior is more consistent with the javadocs too. Revision ChangesPath 1.14 +14 -10 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java Index: JNDIRealm.java === RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java,v retrieving revision 1.13 retrieving revision 1.14 diff -u -r1.13 -r1.14 --- JNDIRealm.java6 Aug 2003 18:43:00 - 1.13 +++ JNDIRealm.java8 Aug 2003 16:40:13 - 1.14 @@ -1304,11 +1304,15 @@ list = addAttributeValues(roleName, attrs, list); } -// Return the augmented list of roles + if (debug = 2) { -log( Returning + list.size() + roles); -for (int i=0; ilist.size(); i++) -log(Found role + list.get(i)); +if (list != null) { +log( Returning + list.size() + roles); +for (int i=0; ilist.size(); i++) +log(Found role + list.get(i)); +} else { +log( getRoles about to return null ); +} } return (list); @@ -1366,12 +1370,12 @@ if (debug = 3) log( retrieving values for attribute + attrId); if (attrId == null || attrs == null) -return null; +return values; if (values == null) values = new ArrayList(); Attribute attr = attrs.get(attrId); if (attr == null) -return (null); +return (values); NamingEnumeration e = attr.getAll(); while(e.hasMore()) { String value = (String)e.next(); - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm JNDIRealm.java
funkman 2003/08/04 17:54:26 Modified:catalina/src/share/org/apache/catalina/realm JNDIRealm.java Log: Fix bugs: 18698 - Exception message in JNDI realm is not Socket closed on different ldap implementations 11678 - JNDIRealm times out/prompts for password with BASIC authentication 19864 - JNDIRealm NullPointerException / CommunicationException when Context Closed 20518 - JNDIRealm not retrying primary LDAP server after failed attempt against alternate server Thanks to Bradley M. Handy bhandy aT users dot sf (another dot) net for 20518 For the first 3 bugs: When CommunicationException is thrown, check that message is not null. When CommunicationException is thrown close the connection if - Message is null - Message contains closed (was Socket closed) For the last bug: Put connectionAttempt = 0 in a finally block Other thanks to David DeWolf (david at daviddewolf com) and Jeff Tulley (jtulley at novell com) Committing to 4.1 first since this has a better chance of being tested there first. My text editor strips trailing white space (for seemingly unchanged lines) In reality, about 4 lines of code really changed. Revision ChangesPath 1.12 +103 -95 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java Index: JNDIRealm.java === RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java,v retrieving revision 1.11 retrieving revision 1.12 diff -u -r1.11 -r1.12 --- JNDIRealm.java11 Jan 2003 01:47:13 - 1.11 +++ JNDIRealm.java5 Aug 2003 00:54:26 - 1.12 @@ -107,7 +107,7 @@ * substituting the presented username into a pattern configured by the * codeuserPattern/code property./li * - * liAlternatively, if the codeuserPattern/code property is not + * liAlternatively, if the codeuserPattern/code property is not * specified, a unique element can be located by searching the directory * context. In this case: * ul @@ -122,7 +122,7 @@ * requests a search of only the current level./li */ul * /li - * + * * liThe user may be authenticated by binding to the directory with the * username and password presented. This method is used when the * codeuserPassword/code property is not specified./li @@ -244,19 +244,20 @@ /** - * The protocol that will be used in the communication with the directory server. + * The protocol that will be used in the communication with the + * directory server. */ protected String protocol = null; /** - * How should we handle referrals? Microsoft Active Directory can't handle - * the default case, so an application authenticating against AD must + * How should we handle referrals? Microsoft Active Directory can't handle + * the default case, so an application authenticating against AD must * set referrals to follow. */ protected String referrals = null; - - + + /** * The base element for user searches. */ @@ -292,7 +293,7 @@ /** * The message format used to form the distinguished name of a * user, with {0} marking the spot where the specified username - * goes. + * goes. */ protected String userPattern = null; @@ -342,11 +343,11 @@ */ protected boolean roleSubtree = false; -/** +/** * An alternate URL, to which, we should connect if connectionURL fails. */ -protected String alternateURL; - +protected String alternateURL; + /** * The number of connection attempts. If greater than zero we use the * alternate url. @@ -357,24 +358,24 @@ /** * Return the type of authentication to use. - */ + */ public String getAuthentication() { return authentication; - + } - + /** * Set the type of authentication to use. * * @param authentication The authentication */ public void setAuthentication(String authentication) { - + this.authentication = authentication; - + } - + /** * Return the connection username for this Realm. */ @@ -467,20 +468,20 @@ * Return the protocol to be used. */ public String getProtocol() { - + return protocol; - + } - + /** * Set the protocol for this Realm. * * @param protocol The new protocol. */ public void setProtocol(String protocol) { - + this.protocol = protocol; - + } @@ -493,13
cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm JNDIRealm.java
amyroh 2002/11/18 17:26:38 Modified:catalina/src/share/org/apache/catalina/realm JNDIRealm.java Log: Add to configure how JNDI should handle referrals returned by the server. Submitted by Christopher Taylor [EMAIL PROTECTED]. Revision ChangesPath 1.10 +34 -5 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java Index: JNDIRealm.java === RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- JNDIRealm.java12 Nov 2002 01:13:37 - 1.9 +++ JNDIRealm.java19 Nov 2002 01:26:38 - 1.10 @@ -237,11 +237,21 @@ */ protected static final String name = JNDIRealm; + /** * The protocol that will be used in the communication with the directory server. */ protected String protocol = null; + +/** + * How should we handle referrals? Microsoft Active Directory can't handle + * the default case, so an application authenticating against AD must + * set referrals to follow. + */ +protected String referrals = null; + + /** * The base element for user searches. */ @@ -460,6 +470,23 @@ /** + * Returns the current settings for handling JNDI referrals. + */ +public String getReferrals () { +return referrals; +} + + +/** + * How do we handle JNDI referrals? ignore, follow, or throw + * (see javax.naming.Context.REFERRAL for more information). + */ +public void setReferrals (String referrals) { +this.referrals = referrals; +} + + +/** * Return the base element for user searches. */ public String getUserBase() { @@ -1345,7 +1372,9 @@ if (authentication != null) env.put(Context.SECURITY_AUTHENTICATION, authentication); if (protocol != null) -env.put(Context.SECURITY_PROTOCOL, protocol); +env.put(Context.SECURITY_PROTOCOL, protocol); +if (referrals != null) +env.put(Context.REFERRAL, referrals); context = new InitialDirContext(env); return (context); -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm JNDIRealm.java
amyroh 2002/11/11 17:13:37 Modified:catalina/src/share/org/apache/catalina/realm JNDIRealm.java Log: Add the possibility to use SSL with the JNDIRealm. This patch allows two more parameters to be set for the JNDIRealm. If they are not explicitly set the JNDIRealm will behave in the same way as before. Submitted by Fredrik Westermarck Jonathan Eric Miller. Revision ChangesPath 1.9 +58 -6 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java Index: JNDIRealm.java === RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- JNDIRealm.java11 Jun 2002 15:32:28 - 1.8 +++ JNDIRealm.java12 Nov 2002 01:13:37 - 1.9 -188,6 +188,10 // - Instance Variables +/** + * The type of authentication to use + */ +protected String authentication = null; /** * The connection username for the server we will contact. -233,6 +237,10 */ protected static final String name = JNDIRealm; +/** + * The protocol that will be used in the communication with the directory server. + */ +protected String protocol = null; /** * The base element for user searches. -320,10 +328,28 protected boolean roleSubtree = false; - // - Properties +/** + * Return the type of authentication to use. + */ +public String getAuthentication() { +return authentication; + +} + +/** + * Set the type of authentication to use. + * + * param authentication The authentication + */ +public void setAuthentication(String authentication) { + +this.authentication = authentication; + +} + /** * Return the connection username for this Realm. */ -411,6 +437,28 } + +/** + * Return the protocol to be used. + */ +public String getProtocol() { + +return protocol; + +} + +/** + * Set the protocol for this Realm. + * + * param protocol The new protocol. + */ +public void setProtocol(String protocol) { + +this.protocol = protocol; + +} + + /** * Return the base element for user searches. */ -1294,6 +1342,11 env.put(Context.SECURITY_CREDENTIALS, connectionPassword); if (connectionURL != null) env.put(Context.PROVIDER_URL, connectionURL); +if (authentication != null) +env.put(Context.SECURITY_AUTHENTICATION, authentication); +if (protocol != null) +env.put(Context.SECURITY_PROTOCOL, protocol); + context = new InitialDirContext(env); return (context); -1378,4 +1431,3 } } - -- To unsubscribe, e-mail: mailto:tomcat-dev-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-dev-help;jakarta.apache.org
Re: cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm JNDIRealm.java
I don't use SSL with JNDIRealm so I didn't test this out. However, the patch seems ok and has been ignored long enough (with a few complaints). ;-) Let me know if there're any issues. Thanks, Amy - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, November 11, 2002 5:13 PM Subject: cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm JNDIRealm.java amyroh 2002/11/11 17:13:37 Modified:catalina/src/share/org/apache/catalina/realm JNDIRealm.java Log: Add the possibility to use SSL with the JNDIRealm. This patch allows two more parameters to be set for the JNDIRealm. If they are not explicitly set the JNDIRealm will behave in the same way as before. Submitted by Fredrik Westermarck Jonathan Eric Miller. Revision ChangesPath 1.9 +58 -6 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JNDIRealm.ja va Index: JNDIRealm.java === RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JN DIRealm.java,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- JNDIRealm.java 11 Jun 2002 15:32:28 - 1.8 +++ JNDIRealm.java 12 Nov 2002 01:13:37 - 1.9 @@ -188,6 +188,10 @@ // - Instance Variables +/** + * The type of authentication to use + */ +protected String authentication = null; /** * The connection username for the server we will contact. @@ -233,6 +237,10 @@ */ protected static final String name = JNDIRealm; +/** + * The protocol that will be used in the communication with the directory server. + */ +protected String protocol = null; /** * The base element for user searches. @@ -320,10 +328,28 @@ protected boolean roleSubtree = false; - // - Properties +/** + * Return the type of authentication to use. + */ +public String getAuthentication() { +return authentication; + +} + +/** + * Set the type of authentication to use. + * + * @param authentication The authentication + */ +public void setAuthentication(String authentication) { + +this.authentication = authentication; + +} + /** * Return the connection username for this Realm. */ @@ -411,6 +437,28 @@ } + +/** + * Return the protocol to be used. + */ +public String getProtocol() { + +return protocol; + +} + +/** + * Set the protocol for this Realm. + * + * @param protocol The new protocol. + */ +public void setProtocol(String protocol) { + +this.protocol = protocol; + +} + + /** * Return the base element for user searches. */ @@ -1294,6 +1342,11 @@ env.put(Context.SECURITY_CREDENTIALS, connectionPassword); if (connectionURL != null) env.put(Context.PROVIDER_URL, connectionURL); +if (authentication != null) +env.put(Context.SECURITY_AUTHENTICATION, authentication); +if (protocol != null) +env.put(Context.SECURITY_PROTOCOL, protocol); + context = new InitialDirContext(env); return (context); @@ -1378,4 +1431,3 @@ } } - -- To unsubscribe, e-mail: mailto:tomcat-dev-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-dev-help;jakarta.apache.org -- To unsubscribe, e-mail: mailto:tomcat-dev-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-dev-help;jakarta.apache.org
cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm JNDIRealm.java
remm2002/06/11 08:32:28 Modified:catalina/src/share/org/apache/catalina/realm JNDIRealm.java Log: - Fix a security problem with the JNDI realm, where blank passwords could be used to authenticate. - As a result, blank passwords are not allowed with the JNDI realm anymore. - Bugzilla 9700. - The fix will be in 4.1.5. - Patch submitted by jemiller at uchicago.edu and John Holman mailto:j.g.holman at qmul.ac.uk Revision ChangesPath 1.8 +6 -5 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java Index: JNDIRealm.java === RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- JNDIRealm.java9 Jun 2002 02:19:43 - 1.7 +++ JNDIRealm.java11 Jun 2002 15:32:28 - 1.8 @@ -716,7 +716,8 @@ String credentials) throws NamingException { -if (username == null || credentials == null) +if (username == null || username.equals() +|| credentials == null || credentials.equals()) return (null); // Retrieve user information -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm JNDIRealm.java
I don't anything about this fix, but shouldn't you include a trim() before checking for a blank username/credential also? Regards. - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, June 11, 2002 4:32 PM Subject: cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm JNDIRealm.java remm2002/06/11 08:32:28 Modified:catalina/src/share/org/apache/catalina/realm JNDIRealm.java Log: - Fix a security problem with the JNDI realm, where blank passwords could be used to authenticate. - As a result, blank passwords are not allowed with the JNDI realm anymore. - Bugzilla 9700. - The fix will be in 4.1.5. - Patch submitted by jemiller at uchicago.edu and John Holman mailto:j.g.holman at qmul.ac.uk Revision ChangesPath 1.8 +6 -5 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JNDIRealm.ja va Index: JNDIRealm.java === RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JN DIRealm.java,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- JNDIRealm.java 9 Jun 2002 02:19:43 - 1.7 +++ JNDIRealm.java 11 Jun 2002 15:32:28 - 1.8 @@ -716,7 +716,8 @@ String credentials) throws NamingException { -if (username == null || credentials == null) +if (username == null || username.equals() +|| credentials == null || credentials.equals()) return (null); // Retrieve user information -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm JNDIRealm.java
I thought about that too, I'm pretty sure that the strings get trimmed elsewhere in the code. I tested it with usernames and passwords that contained nothing but spaces and they were trimmed. Jon - Original Message - From: Arshad Mahmood [EMAIL PROTECTED] To: Tomcat Developers List [EMAIL PROTECTED] Sent: Tuesday, June 11, 2002 10:51 AM Subject: Re: cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm JNDIRealm.java I don't anything about this fix, but shouldn't you include a trim() before checking for a blank username/credential also? Regards. - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, June 11, 2002 4:32 PM Subject: cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm JNDIRealm.java remm2002/06/11 08:32:28 Modified:catalina/src/share/org/apache/catalina/realm JNDIRealm.java Log: - Fix a security problem with the JNDI realm, where blank passwords could be used to authenticate. - As a result, blank passwords are not allowed with the JNDI realm anymore. - Bugzilla 9700. - The fix will be in 4.1.5. - Patch submitted by jemiller at uchicago.edu and John Holman mailto:j.g.holman at qmul.ac.uk Revision ChangesPath 1.8 +6 -5 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JNDIRealm.ja va Index: JNDIRealm.java === RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JN DIRealm.java,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- JNDIRealm.java 9 Jun 2002 02:19:43 - 1.7 +++ JNDIRealm.java 11 Jun 2002 15:32:28 - 1.8 @@ -716,7 +716,8 @@ String credentials) throws NamingException { -if (username == null || credentials == null) +if (username == null || username.equals() +|| credentials == null || credentials.equals()) return (null); // Retrieve user information -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm JNDIRealm.java LocalStrings.properties
craigmcc01/04/13 14:18:43 Modified:catalina/src/share/org/apache/catalina/realm LocalStrings.properties Added: catalina/src/share/org/apache/catalina/realm JNDIRealm.java Log: Initial version of a Realm implementation for Tomcat 4.0 that utilizes a directory server (accessed via JNDI) to perform user authentication and access control for container-managed security. This code is based in large part on the proposed code (on TOMCAT-DEV) by John Holman, with some additions and refactoring by me. Use of this realm would be configured in "conf/server.xml" by an entry like this to connect to an LDAP server on the same host that Tomcat is running on: Realm className="org.apache.catalina.realm.JNDIRealm" connectionName="admin-username" connectionPassword="admin-password" connectionURL="ldap://localhost:389" userPattern="cn={0},dc=mycompany,dc=com" userPassword="userPassword" roleBase="dc=groups,dc=mycompany,dc=com" roleName="cn" roleSearch="(|(uniqueMember={0})(member={0}))" roleSubtree="false" / TODO: Update the configuration documentation to describe the above. TODO: Support an operational mode where the Realm attempts to bind to the directory server using the user's username and password (instead of a system administrator username and password). This is a different enough style that it probably should be a separate implementation class. TODO: Support connection pooling (for both this and JDBCRealm) so that the authenticate() method does not have to be synchronized. Revision ChangesPath 1.4 +6 -1 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/LocalStrings.properties Index: LocalStrings.properties === RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/LocalStrings.properties,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- LocalStrings.properties 2001/04/11 01:46:09 1.3 +++ LocalStrings.properties 2001/04/13 21:18:42 1.4 @@ -1,4 +1,4 @@ -# $Id: LocalStrings.properties,v 1.3 2001/04/11 01:46:09 craigmcc Exp $ +# $Id: LocalStrings.properties,v 1.4 2001/04/13 21:18:42 craigmcc Exp $ # language @@ -9,6 +9,11 @@ jdbcRealm.close=Exception closing database connection jdbcRealm.exception=Exception performing authentication jdbcRealm.open=Exception opening database connection +jndiRealm.authenticateFailure=Username {0} NOT successfully authenticated +jndiRealm.authenticateSuccess=Username {0} successfully authenticated +jndiRealm.close=Exception closing directory server connection +jndiRealm.exception=Exception performing authentication +jndiRealm.open=Exception opening directory server connection memoryRealm.authenticateFailure=Username {0} NOT successfully authenticated memoryRealm.authenticateSuccess=Username {0} successfully authenticated memoryRealm.loadExist=Memory database file {0} cannot be read 1.1 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java Index: JNDIRealm.java === /* * The Apache Software License, Version 1.1 * * Copyright (c) 1999 The Apache Software Foundation. All rights * reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright *notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright *notice, this list of conditions and the following disclaimer in *the documentation and/or other materials provided with the *distribution. * * 3. The end-user documentation included with the redistribution, if *any, must include the following acknowlegement: * "This product includes software developed by the *Apache Software Foundation (http://www.apache.org/)." *Alternately, this acknowlegement may appear in the software itself, *if and wherever such third-party acknowlegements normally appear. * * 4. The names "The Jakarta Project", "Tomcat", and "Apache Software *Foundation" must not be used to endorse or promote products derived *from this software without prior written permission. For written *permission, please contact [EMAIL PROTECTED] * * 5. Products derived from this software may not be called "Apache" *nor may "Apache" appear in their names without prior written *permission of the Apache Group. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED