[jira] [Commented] (KARAF-4486) LDAPOptions sets Context.SECURITY_AUTHENTICATION only if username is provided

Mon, 11 Apr 2016 15:59:44 -0700 

    [ 
https://issues.apache.org/jira/browse/KARAF-4486?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15236157#comment-15236157
 ] 

Guillaume Nodet commented on KARAF-4486:
----------------------------------------

I think your PR will break some existing configuration because 
getAuthentication() returns "simple" if it's not set explicitly.
This means that if we don't have the {{connection.username}} and 
{{authentication}} properties, the {{java.naming.security.authentication}} 
property should not be set.

What about something like:
{code}
diff --git 
a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPOptions.java
 
b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPOptions.java
index a173b3e..3342636 100644
--- 
a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPOptions.java
+++ 
b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPOptions.java
@@ -144,9 +144,15 @@ public class LDAPOptions {
         env.put(Context.INITIAL_CONTEXT_FACTORY, getInitialContextFactory());
         env.put(Context.PROVIDER_URL, getConnectionURL());
         if (getConnectionUsername() != null && 
getConnectionUsername().trim().length() > 0) {
-            env.put(Context.SECURITY_AUTHENTICATION, getAuthentication());
+            String auth = getAuthentication();
+            if (auth == null) {
+                auth = DEFAULT_AUTHENTICATION;
+            }
+            env.put(Context.SECURITY_AUTHENTICATION, auth);
             env.put(Context.SECURITY_PRINCIPAL, getConnectionUsername());
             env.put(Context.SECURITY_CREDENTIALS, getConnectionPassword());
+        } else if (getAuthentication() != null) {
+            env.put(Context.SECURITY_AUTHENTICATION, getAuthentication());
         }
         if (getSsl()) {
             setupSsl(env);
@@ -202,11 +208,7 @@ public class LDAPOptions {
     }
 
     public String getAuthentication() {
-        String authentication = (String) options.get(AUTHENTICATION);
-        if (authentication == null) {
-            authentication = DEFAULT_AUTHENTICATION;
-        }
-        return authentication;
+        return (String) options.get(AUTHENTICATION);
     }
 
     public boolean getSsl() {
{code} 

> LDAPOptions sets Context.SECURITY_AUTHENTICATION only if username is provided
> -----------------------------------------------------------------------------
>
>                 Key: KARAF-4486
>                 URL: https://issues.apache.org/jira/browse/KARAF-4486
>             Project: Karaf
>          Issue Type: Bug
>          Components: karaf-security
>    Affects Versions: 4.0.4
>            Reporter: Alexandre Cartapanis
>
> In the LDAPOptions#getEnv, the Context.SECURITY_AUTHENTICATION is sets only 
> if a connectionUsername is provided. This prevent using "no username" 
> authentication like GSSAPI.
> See 
> https://github.com/apache/karaf/blob/master/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPOptions.java#L147



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to