The jar file is in /tomcat/lib. The class is super simple package org.redacted; public class JNDIRealmExt extends JNDIRealm{ @Override public String getConnectionPassword(){ return Utility.decrypt(connectionPassword); } }
server.xml looks like this <Realm className="org.apache.catalina.realm.LockOutRealm"> <Realm className="org.redacted.JNDIRealmExt" connectionName="ldapUser" connectionPassword="encryptedPasswordHere" connectionURL="ldap://localhost:389" userBase="..." userSearch="..." roleBase="..." roleName=".." roleSubtree=".." roleSearch=".." referrals="follow" /> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/> </Realm> I'm attaching the debugger pretty close to tomcat's startup and the getConnectionPassword method never fires. I do see tons of logs in the console for ldap connection failures due to the password not functioning (pretty much immediately locks the account out at the ldap server). The stack trace does not included my extended JNDI class, only the tomcat provided JNDIRealm class. On Wed, Jul 19, 2017 at 3:03 PM, Christopher Schultz <ch...@christopherschultz.net> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Alex, > > On 7/19/17 1:53 PM, Alex O'Ree wrote: >> On Wed, Jul 19, 2017 at 12:09 PM, Mark Thomas <ma...@apache.org> >> wrote: >>> On 19/07/17 16:22, Alex O'Ree wrote: >>>> Assuming I had access to a reversible encryption mechanism and >>>> wanted to store the JNDI binding password in an encrypted form >>>> by extending the JNDIRealm class, which method should i >>>> override to encrypt the password stored in server.xml on the >>>> fly? >>> >>> You could do this via a custom PropertySource. I wouldn't >>> recommend it. >>> >>> https://wiki.apache.org/tomcat/FAQ/Password >> >> I tried just extend the JDNI Realm class and overriding >> getConnectionPassword but it doesn't appear that my code ever >> called, even those my fully qualified classname is listed in the >> realm xml element. Any ideas? > > Please post your configuration (without secrets) and as much of your > code as is relevant. > > Also, where did you place your .class file for your JNDIRealm subclass? > > - -chris > -----BEGIN PGP SIGNATURE----- > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQIcBAEBCAAGBQJZb60bAAoJEBzwKT+lPKRYgGkP/25fnw6EVElSQCmXVgINsCBX > rBb/77kSxNGnnBO1KBmGszjyUUXmW0aKDfwLM+fR+poGYyI3IOyzwZ7iZlXiQ2+2 > iqNfoqv8J/OjFezV9fRMKSk3Iws5CGJcuV13wUgmgAKgquUOvR21hKI8j3BbQvq8 > S0Z1hXxLdCNGLWesQiXJEg4wYzNSDjlruOHaAFH7sQ6pyfCYKKEpOs73no3QVeTd > Rl/xIP70wu36IYIGPedUrufARij5bQOVd8mqi4VAyOxj8f3ENsbT/qFHA5xAb8Qi > m8TofIkYYXOC11rBHsr17zobPawiZurh/ocUC4/8GN3O1FWYwd4jrAiJXlVPe8pQ > SuLLTygXu2NTa5F6atjFbKeBDSasBFNSAuEE1OaW7qYIYW3oc+4vNRegcK3SAnRK > R+2GonQLMUB51H5AHuU/pXcuZXZWbxxE1Fu1xMMULtVpI6iIxLLxKvw6y+MV2S2w > AVcWJASMdAXmBq8NgiYVj/yjn/jlXdDMvJSs1mUzKE8egMHxZkGkbyEDcwjGjTod > b3SgvDRD/DcjwubzsanNPFwDmsdFTRrvhOHmtbFkZ+Rod/QWlRkgDN0kC2SyltmY > Dp5zcTlJW33RTQl9T9Hzg3rkH4OFOpchw4ObmhLwgrPPl25SPCq9sn8JHMvZrbii > 4z8GSeBeaXCf9UVubrrR > =9o3d > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org