Implementing my own realm
I could really use some help. So I have created my own realm that extends the
JNDIRealm, you can see that class further down. I also created the LDAPMessageFormat
class. So I put these classes into a jar, which I put into server/lib folder in
tomcat. In my server.xml instead of using the className for the
org.apacheJNDIRealm, I put in the name of my realm. When I startup tomcat, I get
this error,
ServerLifecycleLister: Can't create mbean for realm [EMAIL PROTECTED]
Does anyone know how to fix this problem? I would greatly appreciate any help. In
case you are wondering, all the realm should do in addition to the JNDIRealm is to fix
the bug, http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16541. Many thanks in
advance!
Jessica
public class StrykerJNDIRealm extends JNDIRealm {
/**
* Set the message format pattern for selecting users in this Realm.
*
* @param userSearch The new user search pattern
*/
public void setUserSearch(String userSearch) {
System.out.println(in StrykerJNDI realm);
this.userSearch = userSearch;
if (userSearch == null)
userSearchFormat = null;
else
userSearchFormat = new LDAPMessageFormat(userSearch);
}
}
public class LDAPMessageFormat extends MessageFormat {
/**
* @param pattern
*/
public LDAPMessageFormat(String pattern) {
super(pattern);
}
public String format(String[] pattern) {
String format = format((Object)pattern);
return filterEncode(format);
}
/**
* Put the codefilter/code into the proper form. LDAP servers require a
',' within an attribute
* to be encoded by a '\'. It further requires a '\' to encode a '\' when
using a search filter.
*
* @param String filter The codefilter/code to be encoded
*/
public String filterEncode(String filter) {
int backslash = filter.indexOf('\\');
int nextSlash = 1;
int equal = 0;
int comma = 0;
boolean firstTime = true;
String charAfterBack = filter.substring(backslash + 1, backslash + 2);
while (nextSlash 0 backslash 0) {
// Section 4 of http://rfc.sunsite.dk/rfc/rfc2253.html states
//
// Implementations MUST allow a value to be surrounded by quote (''
// ASCII 34) characters, which are not part of the value. Inside the
// quoted value, the following characters can occur without any
// escaping:
// ',', '=', '+', '', '', '#' and ';'
//
// So if none of these characters are currently being escaped return
original filter
if ((charAfterBack.compareTo(,)) != 0
(charAfterBack.compareTo(=)) != 0
(charAfterBack.compareTo(+)) != 0
(charAfterBack.compareTo()) != 0
(charAfterBack.compareTo()) != 0
(charAfterBack.compareTo(#)) != 0
(charAfterBack.compareTo(+)) != 0
(charAfterBack.compareTo(;)) != 0)
return filter;
/*String before = filter.substring(0, backslash + 1);
String after = filter.substring(backslash + 1);
nextSlash = after.indexOf('\\');
backslash = backslash + nextSlash + 1;
filter = before + \\ + after;*/
// remove the backslash that is escaping
String before = filter.substring(0, backslash);
String after = filter.substring(backslash + 1);
nextSlash = after.indexOf('\\');
backslash = backslash + nextSlash + 1;
//find where to put the quotes around
//beginning of quotes after the objectname = attribute = ...,
attribute=...,
if (firstTime) {
equal = before.indexOf('=');
equal = (before.substring(equal + 1)).indexOf('=') + equal + 1;
firstTime = false;
} else
equal = before.indexOf('=');
//end of quotes before comma separating attributes
//making sure not to grab the comma that is being escaped
comma = (after.substring(1)).indexOf(',');
if (comma 0 equal 0)
filter =
before.substring(0, equal + 1)
+ \
+ before.substring(equal + 1)
+ after.substring(0, comma + 1)
+ \
+ after.substring(comma + 1);
}
return filter;
}
}
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: Implementing my own realm
I've edited the mbeans-descriptors.xml and solve that problem at least.
-Original Message-
From: Gross, Jessica
Sent: Wednesday, July 30, 2003 10:55 AM
To: [EMAIL PROTECTED]
Subject: Implementing my own realm
I could really use some help. So I have created my own realm that extends the
JNDIRealm, you can see that class further down. I also created the LDAPMessageFormat
class. So I put these classes into a jar, which I put into server/lib folder in
tomcat. In my server.xml instead of using the className for the
org.apacheJNDIRealm, I put in the name of my realm. When I startup tomcat, I get
this error,
ServerLifecycleLister: Can't create mbean for realm [EMAIL PROTECTED]
Does anyone know how to fix this problem? I would greatly appreciate any help. In
case you are wondering, all the realm should do in addition to the JNDIRealm is to fix
the bug, http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16541. Many thanks in
advance!
Jessica
public class StrykerJNDIRealm extends JNDIRealm {
/**
* Set the message format pattern for selecting users in this Realm.
*
* @param userSearch The new user search pattern
*/
public void setUserSearch(String userSearch) {
System.out.println(in StrykerJNDI realm);
this.userSearch = userSearch;
if (userSearch == null)
userSearchFormat = null;
else
userSearchFormat = new LDAPMessageFormat(userSearch);
}
}
public class LDAPMessageFormat extends MessageFormat {
/**
* @param pattern
*/
public LDAPMessageFormat(String pattern) {
super(pattern);
}
public String format(String[] pattern) {
String format = format((Object)pattern);
return filterEncode(format);
}
/**
* Put the codefilter/code into the proper form. LDAP servers require a
',' within an attribute
* to be encoded by a '\'. It further requires a '\' to encode a '\' when
using a search filter.
*
* @param String filter The codefilter/code to be encoded
*/
public String filterEncode(String filter) {
int backslash = filter.indexOf('\\');
int nextSlash = 1;
int equal = 0;
int comma = 0;
boolean firstTime = true;
String charAfterBack = filter.substring(backslash + 1, backslash + 2);
while (nextSlash 0 backslash 0) {
// Section 4 of http://rfc.sunsite.dk/rfc/rfc2253.html states
//
// Implementations MUST allow a value to be surrounded by quote (''
// ASCII 34) characters, which are not part of the value. Inside the
// quoted value, the following characters can occur without any
// escaping:
// ',', '=', '+', '', '', '#' and ';'
//
// So if none of these characters are currently being escaped return
original filter
if ((charAfterBack.compareTo(,)) != 0
(charAfterBack.compareTo(=)) != 0
(charAfterBack.compareTo(+)) != 0
(charAfterBack.compareTo()) != 0
(charAfterBack.compareTo()) != 0
(charAfterBack.compareTo(#)) != 0
(charAfterBack.compareTo(+)) != 0
(charAfterBack.compareTo(;)) != 0)
return filter;
/*String before = filter.substring(0, backslash + 1);
String after = filter.substring(backslash + 1);
nextSlash = after.indexOf('\\');
backslash = backslash + nextSlash + 1;
filter = before + \\ + after;*/
// remove the backslash that is escaping
String before = filter.substring(0, backslash);
String after = filter.substring(backslash + 1);
nextSlash = after.indexOf('\\');
backslash = backslash + nextSlash + 1;
//find where to put the quotes around
//beginning of quotes after the objectname = attribute = ...,
attribute=...,
if (firstTime) {
equal = before.indexOf('=');
equal = (before.substring(equal + 1)).indexOf('=') + equal + 1;
firstTime = false;
} else
equal = before.indexOf('=');
//end of quotes before comma separating attributes
//making sure not to grab the comma that is being escaped
comma = (after.substring(1)).indexOf(',');
if (comma 0 equal 0)
filter =
before.substring(0, equal + 1)
+ \
+ before.substring(equal + 1)
+ after.substring(0, comma + 1)
+ \
+ after.substring(comma + 1);
}
return filter;
}
}
-
To unsubscribe, e
Working on patch (need feedback)
While using Tomcat and Active Directory, I found a small bug. Normally in LDAP, you escape certain special characters, one of which being the comma. This is done by DN=CN=Doe\, Jane, OU=unit, OU=People However, when I instructed Tomcat to search for roles by inserting the distinguished name, no results were found. This is because I found in Active Directory in an object filter you must put member=CN=Doe\\, Jane, OU=unit, OU=People or member=CN=Doe, Jane, OU=unit, OU=People I have written a patch that at the moment can implement either of those two fixes by encoding the filter. I have tried to find the answer at the LDAP specifications at http://rfc.sunsite.dk/rfc/rfc2253.html. Is this just Active Directory messing up? Does my fix seem reasonable? What is the best method to fix my problems and stay within LDAP specifications? Any feedback or suggestions are welcomed. Thanks, Jessica - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Working on patch (need feedback)
In LDAP, different attributes are separated by a comma, so you must distinguish when you use a comma in the middle of the attribute. This means a comma in the middle of the attribute must be escaped. Sorry for the confusion. Hope this clears it up. Jessica -Original Message- From: Shapira, Yoav [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 24, 2003 1:44 PM To: Tomcat Developers List Subject: RE: Working on patch (need feedback) Howdy, What about the other commas? I'm not that familiar with LDAP specs, so this may be a stupid question, but why are you escaping only the first comma? Yoav Shapira Millennium ChemInformatics -Original Message- From: Gross, Jessica [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 24, 2003 12:08 PM To: [EMAIL PROTECTED] Subject: Working on patch (need feedback) While using Tomcat and Active Directory, I found a small bug. Normally in LDAP, you escape certain special characters, one of which being the comma. This is done by DN=CN=Doe\, Jane, OU=unit, OU=People However, when I instructed Tomcat to search for roles by inserting the distinguished name, no results were found. This is because I found in Active Directory in an object filter you must put member=CN=Doe\\, Jane, OU=unit, OU=People or member=CN=Doe, Jane, OU=unit, OU=People I have written a patch that at the moment can implement either of those two fixes by encoding the filter. I have tried to find the answer at the LDAP specifications at http://rfc.sunsite.dk/rfc/rfc2253.html. Is this just Active Directory messing up? Does my fix seem reasonable? What is the best method to fix my problems and stay within LDAP specifications? Any feedback or suggestions are welcomed. Thanks, Jessica - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
