On Sun, 15 Aug 2010 21:33:09 +0000 (UTC), Igor Galić
<i.ga...@brainsware.org> wrote:
> ----- "Felix Schumacher" <felix.schumac...@internetallee.de> wrote:
>
>> Ok, my patch will not work, since new InitialDirContext(env) will not
>> create a LdapContext, but a DirContext. You could try to change new
>> InitialDirContext(env) into InitalLdapContext(env, null) as used in
>> the
>> sun startssl example.
I have implemented a InitialContextFactory which does startTLS internally.
That factory can be used with the standard JNDIRealm implementation. Just
extend your original Realm with
<Realm
...
contextFactory="dummy.LdapTlsContextFactory"
...
/>
You should change dummy to a package you like and replace the package
statement in
attached LdapTlsContextFactory.java to that name. Obviously the class has
to be compiled
and placed into a place, where JNDIRealm can find it. $CATALINA_HOME/lib
would be such an
place.
>
> I applied the suggested code change, and came to the same results.
> Then I added
>
> authentication="EXTERNAL"
the EXTERNAL mode is for client cert authentication. Do you have an client
cert? I don't think so,
since you specified a password in your original realm. Have you tried to
remove authentication="..."
altogether, or tried other valid values, such as "none", "simple" or
"strong"?
Bye
Felix
>
> to the Realm, as Mark suggested, and, again came to the same results as
> before (see
> http://www.mail-archive.com/users@tomcat.apache.org/msg80677.html )
>
> I'm attaching the capture I took on the server, it might help the
> debugging, after all, it says:
>
> LDAP bindRequest(1) "<ROOT>" [Malformed Packet]
>
>
> (I've censored the uid and password)
>
>> I will test it tomorrow.
>>
>> But it may be easier to allow ssl with your ldap config :)
>
> pffft.. waaay too easy ;)
>
> Also, from what I gather, it doesn't actually work in
> the Zimbra ways to have both, StartTLS and SSL at the same time.
> I'd have to investigate
>
>> Bye
>> Felix
> i
package dummy;
import java.io.IOException;
import java.lang.reflect.InvocationHandler;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.lang.reflect.Proxy;
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import javax.naming.ldap.StartTlsRequest;
import javax.naming.ldap.StartTlsResponse;
import javax.naming.spi.InitialContextFactory;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLSession;
import com.sun.jndi.ldap.LdapCtxFactory;
public class LdapTlsContextFactory implements InitialContextFactory {
private static final class ProxyLdapContext implements
InvocationHandler {
private final LdapContext delegate;
private final StartTlsResponse tls;
@SuppressWarnings("unchecked")
private ProxyLdapContext(Hashtable env) throws NamingException {
delegate = new InitialLdapContext(env, null);
tls = (StartTlsResponse) delegate
.extendedOperation(new
StartTlsRequest());
try {
tls.setHostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String arg0,
SSLSession arg1) {
return true;
}
});
tls.negotiate();
} catch (IOException e) {
throw new NamingException(e.getMessage());
}
}
@Override
public Object invoke(Object proxy, Method method,
Object[] args) throws Throwable {
if ("close".equals(method.getName())) {
return doClose(delegate);
}
return method.invoke(delegate, args);
}
private Object doClose(LdapContext delegate)
throws IOException, IllegalAccessException,
InvocationTargetException {
try {
if (tls != null) {
try {
tls.close();
} catch (IOException e) {
throw new
InvocationTargetException(e);
}
}
} finally {
try {
if (delegate != null) {
delegate.close();
}
} catch (NamingException e) {
throw new InvocationTargetException(e);
}
}
return null;
}
}
public static final String REAL_INITIAL_CONTEXT_FACTORY =
"REAL_INITIAL_CONTEXT_FACTORY";
@SuppressWarnings("unchecked")
@Override
public Context getInitialContext(final Hashtable environment)
throws NamingException {
final Hashtable proxyEnv = new Hashtable(environment);
Object realFactory;
if (environment.contains(REAL_INITIAL_CONTEXT_FACTORY)) {
realFactory =
environment.get(REAL_INITIAL_CONTEXT_FACTORY);
} else {
realFactory = LdapCtxFactory.class.getCanonicalName();
}
proxyEnv.put(Context.INITIAL_CONTEXT_FACTORY, realFactory);
proxyEnv.put("com.sun.jndi.ldap.connect.pool", "false");
return (Context) Proxy.newProxyInstance(this.getClass()
.getClassLoader(), new Class<?>[] {
DirContext.class },
new ProxyLdapContext(proxyEnv));
}
}
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import dummy.LdapTlsContextFactory;
public class TlsTest {
/**
* @param args
* @throws NamingException
*/
public static void main(String[] args) throws NamingException {
Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.INITIAL_CONTEXT_FACTORY,
LdapTlsContextFactory.class.getCanonicalName());
env.put(Context.PROVIDER_URL, "ldap://SERVICENAME:PORT";);
InitialDirContext context = new InitialDirContext(env);
SearchControls cons = new SearchControls();
cons.setSearchScope(SearchControls.SUBTREE_SCOPE);
context.addToEnvironment(Context.SECURITY_PRINCIPAL,
"uid=admin,ou=system");
context.addToEnvironment(Context.SECURITY_CREDENTIALS,
"secret");
NamingEnumeration<SearchResult> search =
context.search("o=sevenSeas", "cn=*", cons );
while (search.hasMore()) {
SearchResult next = search.next();
System.out.println("Found: " + next.getName());
}
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
