Hi,
I'm written a custom authenticator
(org.apache.directory.server.core.authn.Authenticator) and configured it at
"ou=authenticators,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config".
I can see that my class is getting loaded (constructor invoked), however its
authenticate method never gets called.
After digging through the source code I found the following suspicious sequence
of actions:
- The DirectoryService is getting created by createDirectoryService in
ServiceBuilder
- That calls createInterceptors() which creates the AuthenticationInterceptor.
It reads the properties and creates my authenticator class
- It then calls setAuthenticators with the array of authenticators which then
calls register for each one of them
- Register calls init however the directoryService is null (?!?) [1]
at
org.apache.directory.server.core.authn.AuthenticationInterceptor.register(AuthenticationInterceptor.java:276)
at
org.apache.directory.server.core.authn.AuthenticationInterceptor.setAuthenticators(AuthenticationInterceptor.java:240)
at
org.apache.directory.server.config.builder.ServiceBuilder.createInterceptors(ServiceBuilder.java:182)
at
org.apache.directory.server.config.builder.ServiceBuilder.createDirectoryService(ServiceBuilder.java:1380)
at
org.apache.directory.server.ApacheDsService.initDirectoryService(ApacheDsService.java:300)
at org.apache.directory.server.ApacheDsService.start(ApacheDsService.java:179)
at org.apache.directory.server.UberjarMain.start(UberjarMain.java:76)
at org.apache.directory.server.UberjarMain.main(UberjarMain.java:54)
Later, there is a call to DefaultDirectoryService.initialize which calls
Authenticator.init on each Authenticator again. However, my class does not get
invoked.
What happens is that DefaultDirectoryService.initialize eventually gets to
AuthenticationInterceptor, which reads the list of authenticators from the
authenticators field. This field gets populated in setDefaultAuthenticators,
but does not get updated since then. In the end, even though custom
authenticators are initialized, only the default authenticators are registered
with the interceptor [2].
I'm puzzled by the behavior [1] however the most critical one is [2]. Because
of it I can't seem to be able to have my authenticator get invoked during
authentication.
I've done a manual quick fix by adding the update of the
AuthenticationInterceptor.authenticators set during the
AuthenticationInterceptor.register method and it seems to have fixed the issue.
Not sure whether this is the right fix. May be I'm not configuring my
authenticator correctly? The user guide does not seem to talk abut custom
authenticators anymore...
AuthenticationInterceptor:
private void register( Authenticator authenticator, DirectoryService
directoryService ) throws LdapException
{
authenticator.init( directoryService );
Collection<Authenticator> authenticatorList = getAuthenticators(
authenticator.getAuthenticatorType() );
if ( authenticatorList == null )
{
authenticatorList = new ArrayList<Authenticator>();
authenticatorsMapByType.put( authenticator.getAuthenticatorType(),
authenticatorList );
}
authenticatorList.add( authenticator );
+ authenticators.add( authenticator );
}
Should I raise a JIRA issue or could this be a configuration problem?
Thanks.
Denis
