cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm JNDIRealm.java
markt 2005/01/01 03:06:59 Modified:catalina/src/share/org/apache/catalina/realm JNDIRealm.java Log: Correct bugzilla URL Revision ChangesPath 1.21 +2 -2 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java Index: JNDIRealm.java === RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java,v retrieving revision 1.20 retrieving revision 1.21 diff -u -r1.20 -r1.21 --- JNDIRealm.java10 Oct 2004 20:38:08 - 1.20 +++ JNDIRealm.java1 Jan 2005 11:06:58 - 1.21 @@ -141,7 +141,7 @@ * pstrongWARNING/strong - There is a reported bug against the Netscape * provider code (com.netscape.jndi.ldap.LdapContextFactory) with respect to * successfully authenticated a non-existing user. The - * report is here: http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11210 . + * report is here: http://issues.apache.org/bugzilla/show_bug.cgi?id=11210 . * With luck, Netscape has updated their provider code and this is not an * issue. /p * - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm JNDIRealm.java
markt 2004/06/18 16:21:57
Modified:catalina/src/share/org/apache/catalina/realm JNDIRealm.java
Log:
Fix bug 23572. The alternateURL should be used in more cases than just
a naming excetion (eg network error)
- Patch provided by Jean-Yves Collot
Also fixed some unused imports identified by Eclipse
Revision ChangesPath
1.18 +5 -7
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java
Index: JNDIRealm.java
===
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- JNDIRealm.java6 Feb 2004 01:49:48 - 1.17
+++ JNDIRealm.java18 Jun 2004 23:21:57 - 1.18
@@ -86,8 +86,6 @@
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import org.apache.catalina.LifecycleException;
-import org.apache.catalina.Realm;
-import org.apache.catalina.util.StringManager;
import org.apache.catalina.util.Base64;
@@ -1519,7 +1517,7 @@
// Ensure that we have a directory context available
context = new InitialDirContext(getDirectoryContextEnvironment());
-} catch (NamingException e) {
+} catch (Exception e) {
connectionAttempt = 1;
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm JNDIRealm.java
funkman 2004/02/05 17:49:48
Modified:catalina/src/share/org/apache/catalina/realm JNDIRealm.java
Log:
Bugzilla 26487
RFC 2254 done on whole string instead of just DN
Patch submitted by Jeff Tulley - jtulley A T novell.com
Revision ChangesPath
1.17 +5 -6
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java
Index: JNDIRealm.java
===
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- JNDIRealm.java12 Dec 2003 21:31:56 - 1.16
+++ JNDIRealm.java6 Feb 2004 01:49:48 - 1.17
@@ -1340,8 +1340,7 @@
return (list);
// Set up parameters for an appropriate search
-String filter = roleFormat.format(new String[] { dn, username });
-filter = doRFC2254Encoding(filter);
+String filter = roleFormat.format(new String[] { doRFC2254Encoding(dn),
username });
SearchControls controls = new SearchControls();
if (roleSubtree)
controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm JNDIRealm.java
funkman 2003/08/06 11:43:00
Modified:catalina/src/share/org/apache/catalina/realm JNDIRealm.java
Log:
Fix bug 14817 - JNDIRealm SHA digest implementation incorrect
Add Javadoc note for bug 11210
Revision ChangesPath
1.13 +28 -7
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java
Index: JNDIRealm.java
===
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- JNDIRealm.java5 Aug 2003 00:54:26 - 1.12
+++ JNDIRealm.java6 Aug 2003 18:43:00 - 1.13
@@ -86,7 +86,7 @@
import org.apache.catalina.LifecycleException;
import org.apache.catalina.Realm;
import org.apache.catalina.util.StringManager;
-
+import org.apache.catalina.util.Base64;
/**
* pImplementation of strongRealm/strong that works with a directory
@@ -183,6 +183,13 @@
* format objects) so that codeauthenticate()/code does not have to be
* synchronized./p
*
+ * pstrongWARNING/strong - There is a reported bug against the Netscape
+ * provider code (com.netscape.jndi.ldap.LdapContextFactory) with respect to
+ * successfully authenticated a non-existing user. The
+ * report is here: http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11210 .
+ * With luck, Netscape has updated their provider code and this is not an
+ * issue. /p
+ *
* @author John Holman
* @author Craig R. McClanahan
* @version $Revision$ $Date$
@@ -1144,8 +1151,22 @@
boolean validated = false;
if (hasMessageDigest()) {
-// Hex hashes should be compared case-insensitive
-validated = (digest(credentials).equalsIgnoreCase(password));
+// iPlanet support if the values starts with {SHA1}
+// The string is in a format compatible with Base64.encode not
+// the Hex encoding of the parent class.
+if (password.startsWith({SHA})) {
+/* sync since super.digest() does this same thing */
+synchronized (this) {
+password = password.substring(5);
+md.reset();
+md.update(credentials.getBytes());
+String digestedPassword = new
String(Base64.encode(md.digest()));
+validated = password.equals(digestedPassword);
+}
+} else {
+// Hex hashes should be compared case-insensitive
+validated = (digest(credentials).equalsIgnoreCase(password));
+}
} else
validated = (digest(credentials).equals(password));
return (validated);
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm JNDIRealm.java
funkman 2003/08/08 09:40:13
Modified:catalina/src/share/org/apache/catalina/realm JNDIRealm.java
Log:
Fix bug 22236.
addAttributeValues may return null. This could trigger a NPE
if debugging was turned up =2
Also addAttributeValues() returns null if attrId or attrs is null while
ignoring the third parameter values. So always return
values. I think this behavior is more consistent with the javadocs too.
Revision ChangesPath
1.14 +14 -10
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java
Index: JNDIRealm.java
===
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- JNDIRealm.java6 Aug 2003 18:43:00 - 1.13
+++ JNDIRealm.java8 Aug 2003 16:40:13 - 1.14
@@ -1304,11 +1304,15 @@
list = addAttributeValues(roleName, attrs, list);
}
-// Return the augmented list of roles
+
if (debug = 2) {
-log( Returning + list.size() + roles);
-for (int i=0; ilist.size(); i++)
-log(Found role + list.get(i));
+if (list != null) {
+log( Returning + list.size() + roles);
+for (int i=0; ilist.size(); i++)
+log(Found role + list.get(i));
+} else {
+log( getRoles about to return null );
+}
}
return (list);
@@ -1366,12 +1370,12 @@
if (debug = 3)
log( retrieving values for attribute + attrId);
if (attrId == null || attrs == null)
-return null;
+return values;
if (values == null)
values = new ArrayList();
Attribute attr = attrs.get(attrId);
if (attr == null)
-return (null);
+return (values);
NamingEnumeration e = attr.getAll();
while(e.hasMore()) {
String value = (String)e.next();
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm JNDIRealm.java
funkman 2003/08/04 17:54:26
Modified:catalina/src/share/org/apache/catalina/realm JNDIRealm.java
Log:
Fix bugs:
18698 - Exception message in JNDI realm is not Socket closed on different ldap
implementations
11678 - JNDIRealm times out/prompts for password with BASIC authentication
19864 - JNDIRealm NullPointerException / CommunicationException when Context Closed
20518 - JNDIRealm not retrying primary LDAP server after failed attempt against
alternate server
Thanks to Bradley M. Handy bhandy aT users dot sf (another dot) net for 20518
For the first 3 bugs:
When CommunicationException is thrown, check that message is not null.
When CommunicationException is thrown close the connection if
- Message is null
- Message contains closed (was Socket closed)
For the last bug:
Put connectionAttempt = 0 in a finally block
Other thanks to David DeWolf (david at daviddewolf com) and
Jeff Tulley (jtulley at novell com)
Committing to 4.1 first since this has a better chance of being tested there first.
My text editor strips trailing white space (for seemingly unchanged lines)
In reality, about 4 lines of code really changed.
Revision ChangesPath
1.12 +103 -95
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java
Index: JNDIRealm.java
===
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- JNDIRealm.java11 Jan 2003 01:47:13 - 1.11
+++ JNDIRealm.java5 Aug 2003 00:54:26 - 1.12
@@ -107,7 +107,7 @@
* substituting the presented username into a pattern configured by the
* codeuserPattern/code property./li
*
- * liAlternatively, if the codeuserPattern/code property is not
+ * liAlternatively, if the codeuserPattern/code property is not
* specified, a unique element can be located by searching the directory
* context. In this case:
* ul
@@ -122,7 +122,7 @@
* requests a search of only the current level./li
*/ul
* /li
- *
+ *
* liThe user may be authenticated by binding to the directory with the
* username and password presented. This method is used when the
* codeuserPassword/code property is not specified./li
@@ -244,19 +244,20 @@
/**
- * The protocol that will be used in the communication with the directory
server.
+ * The protocol that will be used in the communication with the
+ * directory server.
*/
protected String protocol = null;
/**
- * How should we handle referrals? Microsoft Active Directory can't handle
- * the default case, so an application authenticating against AD must
+ * How should we handle referrals? Microsoft Active Directory can't handle
+ * the default case, so an application authenticating against AD must
* set referrals to follow.
*/
protected String referrals = null;
-
-
+
+
/**
* The base element for user searches.
*/
@@ -292,7 +293,7 @@
/**
* The message format used to form the distinguished name of a
* user, with {0} marking the spot where the specified username
- * goes.
+ * goes.
*/
protected String userPattern = null;
@@ -342,11 +343,11 @@
*/
protected boolean roleSubtree = false;
-/**
+/**
* An alternate URL, to which, we should connect if connectionURL fails.
*/
-protected String alternateURL;
-
+protected String alternateURL;
+
/**
* The number of connection attempts. If greater than zero we use the
* alternate url.
@@ -357,24 +358,24 @@
/**
* Return the type of authentication to use.
- */
+ */
public String getAuthentication() {
return authentication;
-
+
}
-
+
/**
* Set the type of authentication to use.
*
* @param authentication The authentication
*/
public void setAuthentication(String authentication) {
-
+
this.authentication = authentication;
-
+
}
-
+
/**
* Return the connection username for this Realm.
*/
@@ -467,20 +468,20 @@
* Return the protocol to be used.
*/
public String getProtocol() {
-
+
return protocol;
-
+
}
-
+
/**
* Set the protocol for this Realm.
*
* @param protocol The new protocol.
*/
public void setProtocol(String protocol) {
-
+
this.protocol = protocol;
-
+
}
@@ -493,13
cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm JNDIRealm.java
amyroh 2002/11/18 17:26:38
Modified:catalina/src/share/org/apache/catalina/realm JNDIRealm.java
Log:
Add to configure how JNDI should handle referrals returned by the server.
Submitted by Christopher Taylor [EMAIL PROTECTED].
Revision ChangesPath
1.10 +34 -5
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java
Index: JNDIRealm.java
===
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- JNDIRealm.java12 Nov 2002 01:13:37 - 1.9
+++ JNDIRealm.java19 Nov 2002 01:26:38 - 1.10
@@ -237,11 +237,21 @@
*/
protected static final String name = JNDIRealm;
+
/**
* The protocol that will be used in the communication with the directory
server.
*/
protected String protocol = null;
+
+/**
+ * How should we handle referrals? Microsoft Active Directory can't handle
+ * the default case, so an application authenticating against AD must
+ * set referrals to follow.
+ */
+protected String referrals = null;
+
+
/**
* The base element for user searches.
*/
@@ -460,6 +470,23 @@
/**
+ * Returns the current settings for handling JNDI referrals.
+ */
+public String getReferrals () {
+return referrals;
+}
+
+
+/**
+ * How do we handle JNDI referrals? ignore, follow, or throw
+ * (see javax.naming.Context.REFERRAL for more information).
+ */
+public void setReferrals (String referrals) {
+this.referrals = referrals;
+}
+
+
+/**
* Return the base element for user searches.
*/
public String getUserBase() {
@@ -1345,7 +1372,9 @@
if (authentication != null)
env.put(Context.SECURITY_AUTHENTICATION, authentication);
if (protocol != null)
-env.put(Context.SECURITY_PROTOCOL, protocol);
+env.put(Context.SECURITY_PROTOCOL, protocol);
+if (referrals != null)
+env.put(Context.REFERRAL, referrals);
context = new InitialDirContext(env);
return (context);
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm JNDIRealm.java
amyroh 2002/11/11 17:13:37
Modified:catalina/src/share/org/apache/catalina/realm JNDIRealm.java
Log:
Add the possibility to use SSL with the JNDIRealm.
This patch allows two more parameters to be set for the JNDIRealm.
If they are not explicitly set the JNDIRealm will behave in the same way as before.
Submitted by Fredrik Westermarck Jonathan Eric Miller.
Revision ChangesPath
1.9 +58 -6
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java
Index: JNDIRealm.java
===
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- JNDIRealm.java11 Jun 2002 15:32:28 - 1.8
+++ JNDIRealm.java12 Nov 2002 01:13:37 - 1.9
-188,6 +188,10
// - Instance Variables
+/**
+ * The type of authentication to use
+ */
+protected String authentication = null;
/**
* The connection username for the server we will contact.
-233,6 +237,10
*/
protected static final String name = JNDIRealm;
+/**
+ * The protocol that will be used in the communication with the directory
server.
+ */
+protected String protocol = null;
/**
* The base element for user searches.
-320,10 +328,28
protected boolean roleSubtree = false;
-
// - Properties
+/**
+ * Return the type of authentication to use.
+ */
+public String getAuthentication() {
+return authentication;
+
+}
+
+/**
+ * Set the type of authentication to use.
+ *
+ * param authentication The authentication
+ */
+public void setAuthentication(String authentication) {
+
+this.authentication = authentication;
+
+}
+
/**
* Return the connection username for this Realm.
*/
-411,6 +437,28
}
+
+/**
+ * Return the protocol to be used.
+ */
+public String getProtocol() {
+
+return protocol;
+
+}
+
+/**
+ * Set the protocol for this Realm.
+ *
+ * param protocol The new protocol.
+ */
+public void setProtocol(String protocol) {
+
+this.protocol = protocol;
+
+}
+
+
/**
* Return the base element for user searches.
*/
-1294,6 +1342,11
env.put(Context.SECURITY_CREDENTIALS, connectionPassword);
if (connectionURL != null)
env.put(Context.PROVIDER_URL, connectionURL);
+if (authentication != null)
+env.put(Context.SECURITY_AUTHENTICATION, authentication);
+if (protocol != null)
+env.put(Context.SECURITY_PROTOCOL, protocol);
+
context = new InitialDirContext(env);
return (context);
-1378,4 +1431,3
}
}
-
--
To unsubscribe, e-mail: mailto:tomcat-dev-unsubscribe;jakarta.apache.org
For additional commands, e-mail: mailto:tomcat-dev-help;jakarta.apache.org
Re: cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm JNDIRealm.java
I don't use SSL with JNDIRealm so I didn't test this out. However, the
patch seems ok and has been ignored long enough (with a few complaints).
;-) Let me know if there're any issues.
Thanks,
Amy
- Original Message -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, November 11, 2002 5:13 PM
Subject: cvs commit:
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm
JNDIRealm.java
amyroh 2002/11/11 17:13:37
Modified:catalina/src/share/org/apache/catalina/realm JNDIRealm.java
Log:
Add the possibility to use SSL with the JNDIRealm.
This patch allows two more parameters to be set for the JNDIRealm.
If they are not explicitly set the JNDIRealm will behave in the same way
as before.
Submitted by Fredrik Westermarck Jonathan Eric Miller.
Revision ChangesPath
1.9 +58 -6
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JNDIRealm.ja
va
Index: JNDIRealm.java
===
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JN
DIRealm.java,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- JNDIRealm.java 11 Jun 2002 15:32:28 - 1.8
+++ JNDIRealm.java 12 Nov 2002 01:13:37 - 1.9
@@ -188,6 +188,10 @@
// - Instance
Variables
+/**
+ * The type of authentication to use
+ */
+protected String authentication = null;
/**
* The connection username for the server we will contact.
@@ -233,6 +237,10 @@
*/
protected static final String name = JNDIRealm;
+/**
+ * The protocol that will be used in the communication with the
directory server.
+ */
+protected String protocol = null;
/**
* The base element for user searches.
@@ -320,10 +328,28 @@
protected boolean roleSubtree = false;
-
// -
Properties
+/**
+ * Return the type of authentication to use.
+ */
+public String getAuthentication() {
+return authentication;
+
+}
+
+/**
+ * Set the type of authentication to use.
+ *
+ * @param authentication The authentication
+ */
+public void setAuthentication(String authentication) {
+
+this.authentication = authentication;
+
+}
+
/**
* Return the connection username for this Realm.
*/
@@ -411,6 +437,28 @@
}
+
+/**
+ * Return the protocol to be used.
+ */
+public String getProtocol() {
+
+return protocol;
+
+}
+
+/**
+ * Set the protocol for this Realm.
+ *
+ * @param protocol The new protocol.
+ */
+public void setProtocol(String protocol) {
+
+this.protocol = protocol;
+
+}
+
+
/**
* Return the base element for user searches.
*/
@@ -1294,6 +1342,11 @@
env.put(Context.SECURITY_CREDENTIALS, connectionPassword);
if (connectionURL != null)
env.put(Context.PROVIDER_URL, connectionURL);
+if (authentication != null)
+env.put(Context.SECURITY_AUTHENTICATION, authentication);
+if (protocol != null)
+env.put(Context.SECURITY_PROTOCOL, protocol);
+
context = new InitialDirContext(env);
return (context);
@@ -1378,4 +1431,3 @@
}
}
-
--
To unsubscribe, e-mail:
mailto:tomcat-dev-unsubscribe;jakarta.apache.org
For additional commands, e-mail:
mailto:tomcat-dev-help;jakarta.apache.org
--
To unsubscribe, e-mail: mailto:tomcat-dev-unsubscribe;jakarta.apache.org
For additional commands, e-mail: mailto:tomcat-dev-help;jakarta.apache.org
cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm JNDIRealm.java
remm2002/06/11 08:32:28
Modified:catalina/src/share/org/apache/catalina/realm JNDIRealm.java
Log:
- Fix a security problem with the JNDI realm, where blank passwords could be
used to authenticate.
- As a result, blank passwords are not allowed with the JNDI realm anymore.
- Bugzilla 9700.
- The fix will be in 4.1.5.
- Patch submitted by jemiller at uchicago.edu
and John Holman mailto:j.g.holman at qmul.ac.uk
Revision ChangesPath
1.8 +6 -5
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java
Index: JNDIRealm.java
===
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- JNDIRealm.java9 Jun 2002 02:19:43 - 1.7
+++ JNDIRealm.java11 Jun 2002 15:32:28 - 1.8
@@ -716,7 +716,8 @@
String credentials)
throws NamingException {
-if (username == null || credentials == null)
+if (username == null || username.equals()
+|| credentials == null || credentials.equals())
return (null);
// Retrieve user information
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm JNDIRealm.java
I don't anything about this fix, but shouldn't you include a trim() before
checking for a blank username/credential also?
Regards.
- Original Message -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, June 11, 2002 4:32 PM
Subject: cvs commit:
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm
JNDIRealm.java
remm2002/06/11 08:32:28
Modified:catalina/src/share/org/apache/catalina/realm JNDIRealm.java
Log:
- Fix a security problem with the JNDI realm, where blank passwords
could be
used to authenticate.
- As a result, blank passwords are not allowed with the JNDI realm
anymore.
- Bugzilla 9700.
- The fix will be in 4.1.5.
- Patch submitted by jemiller at uchicago.edu
and John Holman mailto:j.g.holman at qmul.ac.uk
Revision ChangesPath
1.8 +6 -5
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JNDIRealm.ja
va
Index: JNDIRealm.java
===
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JN
DIRealm.java,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- JNDIRealm.java 9 Jun 2002 02:19:43 - 1.7
+++ JNDIRealm.java 11 Jun 2002 15:32:28 - 1.8
@@ -716,7 +716,8 @@
String credentials)
throws NamingException {
-if (username == null || credentials == null)
+if (username == null || username.equals()
+|| credentials == null || credentials.equals())
return (null);
// Retrieve user information
--
To unsubscribe, e-mail:
mailto:[EMAIL PROTECTED]
For additional commands, e-mail:
mailto:[EMAIL PROTECTED]
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm JNDIRealm.java
I thought about that too, I'm pretty sure that the strings get trimmed
elsewhere in the code. I tested it with usernames and passwords that
contained nothing but spaces and they were trimmed.
Jon
- Original Message -
From: Arshad Mahmood [EMAIL PROTECTED]
To: Tomcat Developers List [EMAIL PROTECTED]
Sent: Tuesday, June 11, 2002 10:51 AM
Subject: Re: cvs commit:
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm
JNDIRealm.java
I don't anything about this fix, but shouldn't you include a trim() before
checking for a blank username/credential also?
Regards.
- Original Message -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, June 11, 2002 4:32 PM
Subject: cvs commit:
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm
JNDIRealm.java
remm2002/06/11 08:32:28
Modified:catalina/src/share/org/apache/catalina/realm
JNDIRealm.java
Log:
- Fix a security problem with the JNDI realm, where blank passwords
could be
used to authenticate.
- As a result, blank passwords are not allowed with the JNDI realm
anymore.
- Bugzilla 9700.
- The fix will be in 4.1.5.
- Patch submitted by jemiller at uchicago.edu
and John Holman mailto:j.g.holman at qmul.ac.uk
Revision ChangesPath
1.8 +6 -5
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JNDIRealm.ja
va
Index: JNDIRealm.java
===
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JN
DIRealm.java,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- JNDIRealm.java 9 Jun 2002 02:19:43 - 1.7
+++ JNDIRealm.java 11 Jun 2002 15:32:28 - 1.8
@@ -716,7 +716,8 @@
String credentials)
throws NamingException {
-if (username == null || credentials == null)
+if (username == null || username.equals()
+|| credentials == null || credentials.equals())
return (null);
// Retrieve user information
--
To unsubscribe, e-mail:
mailto:[EMAIL PROTECTED]
For additional commands, e-mail:
mailto:[EMAIL PROTECTED]
--
To unsubscribe, e-mail:
mailto:[EMAIL PROTECTED]
For additional commands, e-mail:
mailto:[EMAIL PROTECTED]
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm JNDIRealm.java LocalStrings.properties
craigmcc01/04/13 14:18:43
Modified:catalina/src/share/org/apache/catalina/realm
LocalStrings.properties
Added: catalina/src/share/org/apache/catalina/realm JNDIRealm.java
Log:
Initial version of a Realm implementation for Tomcat 4.0 that utilizes a
directory server (accessed via JNDI) to perform user authentication and
access control for container-managed security. This code is based in
large part on the proposed code (on TOMCAT-DEV) by John Holman, with some
additions and refactoring by me.
Use of this realm would be configured in "conf/server.xml" by an entry
like this to connect to an LDAP server on the same host that Tomcat is
running on:
Realm className="org.apache.catalina.realm.JNDIRealm"
connectionName="admin-username"
connectionPassword="admin-password"
connectionURL="ldap://localhost:389"
userPattern="cn={0},dc=mycompany,dc=com"
userPassword="userPassword"
roleBase="dc=groups,dc=mycompany,dc=com"
roleName="cn"
roleSearch="(|(uniqueMember={0})(member={0}))"
roleSubtree="false"
/
TODO: Update the configuration documentation to describe the above.
TODO: Support an operational mode where the Realm attempts to bind to the
directory server using the user's username and password (instead of a
system administrator username and password). This is a different enough
style that it probably should be a separate implementation class.
TODO: Support connection pooling (for both this and JDBCRealm) so that
the authenticate() method does not have to be synchronized.
Revision ChangesPath
1.4 +6 -1
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/LocalStrings.properties
Index: LocalStrings.properties
===
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/LocalStrings.properties,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- LocalStrings.properties 2001/04/11 01:46:09 1.3
+++ LocalStrings.properties 2001/04/13 21:18:42 1.4
@@ -1,4 +1,4 @@
-# $Id: LocalStrings.properties,v 1.3 2001/04/11 01:46:09 craigmcc Exp $
+# $Id: LocalStrings.properties,v 1.4 2001/04/13 21:18:42 craigmcc Exp $
# language
@@ -9,6 +9,11 @@
jdbcRealm.close=Exception closing database connection
jdbcRealm.exception=Exception performing authentication
jdbcRealm.open=Exception opening database connection
+jndiRealm.authenticateFailure=Username {0} NOT successfully authenticated
+jndiRealm.authenticateSuccess=Username {0} successfully authenticated
+jndiRealm.close=Exception closing directory server connection
+jndiRealm.exception=Exception performing authentication
+jndiRealm.open=Exception opening directory server connection
memoryRealm.authenticateFailure=Username {0} NOT successfully authenticated
memoryRealm.authenticateSuccess=Username {0} successfully authenticated
memoryRealm.loadExist=Memory database file {0} cannot be read
1.1
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java
Index: JNDIRealm.java
===
/*
* The Apache Software License, Version 1.1
*
* Copyright (c) 1999 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
*notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
*notice, this list of conditions and the following disclaimer in
*the documentation and/or other materials provided with the
*distribution.
*
* 3. The end-user documentation included with the redistribution, if
*any, must include the following acknowlegement:
* "This product includes software developed by the
*Apache Software Foundation (http://www.apache.org/)."
*Alternately, this acknowlegement may appear in the software itself,
*if and wherever such third-party acknowlegements normally appear.
*
* 4. The names "The Jakarta Project", "Tomcat", and "Apache Software
*Foundation" must not be used to endorse or promote products derived
*from this software without prior written permission. For written
*permission, please contact [EMAIL PROTECTED]
*
* 5. Products derived from this software may not be called "Apache"
*nor may "Apache" appear in their names without prior written
*permission of the Apache Group.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED
