DO NOT REPLY [Bug 9702] - JNDIRealm StartTLS/SSL support request

Fri, 14 Jun 2002 16:08:26 -0700 

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9702>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9702

JNDIRealm StartTLS/SSL support request





------- Additional Comments From [EMAIL PROTECTED]  2002-06-14 23:27 -------
I think I have a fix for this. I have the SSL part at least (not StartTLS). 
Basically, it just adds a "secure" attribute. It defaults to false. If it is 
set to true, it enables SSL (modelled after the way the HTTPConnector works).

<Realm className="org.apache.catalina.realm.JNDIRealm"
        debug="99"
        connectionURL="ldap://myldapserver:636";
        secure="true"
        userPattern="uid={0}, ou=People, dc=mydc"
        userRoleName="objectClass"/>

Here's the diff for it. I could probably add in StartTLS support as well. The 
only thing that I'm unsure of is what to name the attribute so that it's clear 
to users. Maybe I could have it check a "protocol" attribute like the 
HTTPConnector does and if it's set to "tls" use StartTLS, and if it's set 
to "ssl" use SSL? Currently, the StartTLS implementation in JSSE has a hang 
bug that occurs with most LDAP servers, so, it may be better to wait on 
putting that in.

If this looks OK, can someone put these changes in for me?

Index: JNDIRealm.java
===================================================================
RCS file: /home/cvspublic/jakarta-tomcat-
4.0/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java,v
retrieving revision 1.8
diff -r1.8 JNDIRealm.java
322a323,326
>       /**
>        * The secure connection flag.
>        */
>       protected boolean secure = false;
422a427,437
>       /**
>        * Set the secure connection flag.
>        *
>        * @param secure The new secure connection flag
>        */
>       public void setSecure(boolean secure) 
>       {
> 
>               this.secure = secure;
> 
>       }
741c756,766
<     /**
---
>       /**
>        * Return the secure connection flag.  Default value is "false".
>        */
>       public boolean getSecure() 
>       {
> 
>               return (this.secure);
> 
>       }
> 
>       /**
1296a1322,1323
>               if (secure == true)
>                       env.put(Context.SECURITY_PROTOCOL, "ssl");

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Reply via email to