-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Alex,
On 7/19/17 3:53 PM, Alex O'Ree wrote: > The jar file is in /tomcat/lib. The class is super simple > > package org.redacted; public class JNDIRealmExt extends JNDIRealm{ > @Override public String getConnectionPassword(){ return > Utility.decrypt(connectionPassword); } } > > server.xml looks like this > > <Realm className="org.apache.catalina.realm.LockOutRealm"> > > <Realm className="org.redacted.JNDIRealmExt" > connectionName="ldapUser" > connectionPassword="encryptedPasswordHere" > connectionURL="ldap://localhost:389" userBase="..." > userSearch="..." roleBase="..." roleName=".." roleSubtree=".." > roleSearch=".." referrals="follow" > > /> > > > <Realm className="org.apache.catalina.realm.UserDatabaseRealm" > resourceName="UserDatabase"/> </Realm> > > I'm attaching the debugger pretty close to tomcat's startup and > the getConnectionPassword method never fires. I do see tons of logs > in the console for ldap connection failures due to the password > not functioning (pretty much immediately locks the account out at > the ldap server). The stack trace does not included my extended > JNDI class, only the tomcat provided JNDIRealm class. What's the runtime data type of the realm? If you override setConnectionPassword() does that get called by the digester when reading your configuration? - -chris > On Wed, Jul 19, 2017 at 3:03 PM, Christopher Schultz > <ch...@christopherschultz.net> wrote: Alex, > > On 7/19/17 1:53 PM, Alex O'Ree wrote: >>>> On Wed, Jul 19, 2017 at 12:09 PM, Mark Thomas >>>> <ma...@apache.org> wrote: >>>>> On 19/07/17 16:22, Alex O'Ree wrote: >>>>>> Assuming I had access to a reversible encryption >>>>>> mechanism and wanted to store the JNDI binding password >>>>>> in an encrypted form by extending the JNDIRealm class, >>>>>> which method should i override to encrypt the password >>>>>> stored in server.xml on the fly? >>>>> >>>>> You could do this via a custom PropertySource. I wouldn't >>>>> recommend it. >>>>> >>>>> https://wiki.apache.org/tomcat/FAQ/Password >>>> >>>> I tried just extend the JDNI Realm class and overriding >>>> getConnectionPassword but it doesn't appear that my code >>>> ever called, even those my fully qualified classname is >>>> listed in the realm xml element. Any ideas? > > Please post your configuration (without secrets) and as much of > your code as is relevant. > > Also, where did you place your .class file for your JNDIRealm > subclass? > > -chris >> >> --------------------------------------------------------------------- >> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJZb8SHAAoJEBzwKT+lPKRYoHIQAMAnCqAdmY9Bhi5FehVAdkQs M+q7nWSFoxzb+sMnce+IjmQ1uGVq3cAae7Hlc//IPDBaHaCGSlcODSXR2936osZM S8bQZltIxLs/lx+ydjIlrhT6Y/AQsm9e+IV6ZyQGcQAZxtDLWXvUy6KDxDt/+ivr PcuHbrC9TZZRMb7Bjyp40YuNUtMEcc1F5/Iy/Hv81B2IpJjrUpPHVBdkXscCQfOK cdO8jg8Cjk2zJjd5ko/7H/8F2G1QlTq4WhqccwjPfoCObZOgbHXzn9N+woha/b7g AZYSECVClygq/ip2L736Mlx/X3uQR176m3uTxxjuuLuMiRsq+ByCEa+FApyzFCNN FGzhWcOg3NS6wF5hUKvIlndr0lVXojXukV3LAjkbr1VKevWUotfRT51cPi9CvScX Wz8kcelNr2oqlsRn8tfMpdRteqk26njvniRM6H0Dw155Atq1hvgP9kXw91IWuFXx wYANvQtmJDF5kZylaKTPyWLULHxazRBsQyD6hI6mJyDKslK1yn7S1M3bjwPXmeAR 3h8J093qLIJoFmNA0tXoqGPOPWBV58PMeAgl++hNgBkEfjol9Ens8izsDD+mJMl1 voh5nhFMKY2Pue+Hs+xzfZ/lAw4xukr+VHBUNWsxzG1NprFBuFo9NlpMT72XTgKT PK+lfz917/OgpoODhX86 =v0p6 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org