merging in from trunk before swapping out trunk
git-svn-id: https://svn.apache.org/repos/asf/directory/shared/branches/m1@1072787 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java b/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java
index 12f8162..4c27aed 100644
--- a/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java
+++ b/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java
@@ -61,6 +61,15 @@
import org.apache.directory.shared.ldap.codec.api.LdapCodecService;
import org.apache.directory.shared.ldap.codec.api.LdapCodecServiceFactory;
import org.apache.directory.shared.ldap.codec.api.MessageEncoderException;
+import org.apache.directory.shared.ldap.model.message.extended.AddNoDResponse;
+import org.apache.directory.shared.ldap.model.message.extended.BindNoDResponse;
+import org.apache.directory.shared.ldap.model.message.extended.CompareNoDResponse;
+import org.apache.directory.shared.ldap.model.message.extended.DeleteNoDResponse;
+import org.apache.directory.shared.ldap.model.message.extended.ExtendedNoDResponse;
+import org.apache.directory.shared.ldap.model.message.extended.ModifyDnNoDResponse;
+import org.apache.directory.shared.ldap.model.message.extended.ModifyNoDResponse;
+import org.apache.directory.shared.ldap.model.message.extended.NoticeOfDisconnect;
+import org.apache.directory.shared.ldap.model.message.extended.SearchNoDResponse;
import org.apache.directory.shared.ldap.model.constants.SchemaConstants;
import org.apache.directory.shared.ldap.model.cursor.Cursor;
import org.apache.directory.shared.ldap.model.cursor.SearchCursor;
@@ -1383,37 +1392,12 @@
public BindFuture bindAsync( GssApiRequest request )
throws LdapException, IOException
{
- // Krb5.conf file
- if ( request.getKrb5ConfFilePath() != null )
- {
- // Using the krb5.conf file provided by the user
- System.setProperty( "java.security.krb5.conf", request.getKrb5ConfFilePath() );
- }
- else if ( ( request.getRealmName() != null ) && ( request.getKdcHost() != null )
- && ( request.getKdcPort() != 0 ) )
- {
- // Using a custom krb5.conf we create from the settings provided by the user
- String krbConfPath = createKrbConfFile( request.getRealmName(), request.getKdcHost(), request.getKdcPort() );
- System.setProperty( "java.security.krb5.conf", krbConfPath );
- }
- else
- {
- // Using the system Kerberos configuration
- System.clearProperty( "java.security.krb5.conf" );
+ System.clearProperty( "java.security.krb5.conf" );
+ String krbConfPath = createKrbConfFile( request.getRealmName(), request.getKdcHost(), request.getKdcPort() );
+ System.setProperty( "java.security.krb5.conf", krbConfPath );
- }
-
- // Login Module configuration
- if ( request.getLoginModuleConfiguration() != null )
- {
- // Using the configuration provided by the user
- Configuration.setConfiguration( request.getLoginModuleConfiguration() );
- }
- else
- {
- // Using the default configuration
- Configuration.setConfiguration( new Krb5LoginConfiguration() );
- }
+ Configuration.setConfiguration( new Krb5LoginConfiguration() );
+ System.setProperty( "javax.security.auth.useSubjectCredsOnly", "true" );
try
{
@@ -1423,7 +1407,9 @@
loginContext.login();
final GssApiRequest requetFinal = request;
- return ( BindFuture ) Subject.doAs( loginContext.getSubject(), new PrivilegedExceptionAction<Object>()
+
+ return ( BindFuture ) Subject.doAs( loginContext.getSubject(),
+ new PrivilegedExceptionAction<Object>()
{
public Object run() throws Exception
{
@@ -3578,6 +3564,24 @@
/**
+ * perform SASL based bind operation @see {@link #bindSasl(SaslRequest)}
+ */
+ private BindFuture bindSasl( String name, byte[] credentials, String saslMech, String authzId, String realmName,
+ Control... ctrls )
+ throws LdapException, IOException
+ {
+ SaslRequest saslRequest = new SaslRequest( saslMech ); // TODO fix this
+ saslRequest.setUsername( name );
+ saslRequest.setCredentials( credentials );
+ saslRequest.setAuthorizationId( authzId );
+ saslRequest.setRealmName( realmName );
+ saslRequest.addAllControls( ctrls );
+
+ return bindSasl( saslRequest );
+ }
+
+
+ /**
* Process the SASL Bind. It's a dialog with the server, we will send a first BindRequest, receive
* a response and the, if this response is a challenge, continue by sending a new BindRequest with
* the requested informations.
@@ -3615,28 +3619,6 @@
byte[] response = null;
ResultCodeEnum result = null;
- // Creating a map for SASL properties
- Map<String, Object> properties = new HashMap<String, Object>();
-
- // Quality of Protection SASL property
- if ( saslRequest.getQualityOfProtection() != null )
- {
-
- properties.put( Sasl.QOP, saslRequest.getQualityOfProtection().getValue() );
- }
-
- // Security Strength SASL property
- if ( saslRequest.getSecurityStrength() != null )
- {
- properties.put( Sasl.STRENGTH, saslRequest.getSecurityStrength().getValue() );
- }
-
- // Mutual Authentication SASL property
- if ( saslRequest.isMutualAuthentication() )
- {
- properties.put( Sasl.SERVER_AUTH, "true" );
- }
-
// Creating a SASL Client
SaslClient sc = Sasl.createSaslClient(
new String[]
@@ -3644,7 +3626,7 @@
saslRequest.getAuthorizationId(),
"ldap",
config.getLdapHost(),
- properties,
+ null,
new SaslCallbackHandler( saslRequest ) );
// If the SaslClient wasn't created, that means we can't create the SASL client
diff --git a/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/SaslRequest.java b/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/SaslRequest.java
index 5efcbfe..7b24bd6 100644
--- a/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/SaslRequest.java
+++ b/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/SaslRequest.java
@@ -37,7 +37,8 @@
*
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
*/
-public abstract class SaslRequest
+// TODO make this class abstract
+public class SaslRequest
{
/** The mechanism used to decode user identity */
protected String saslMechanism;
@@ -57,15 +58,6 @@
/** The authorization ID of the entity */
protected String authorizationId;
- /** The quality of protection */
- protected SaslQoP qualityOfProtection;
-
- /** The security strength */
- protected SaslSecurityStrength securityStrength;
-
- /** Require mutual authentication */
- protected boolean mutualAuthentication = false;
-
/**
* Creates a new instance of SaslRequest.
@@ -142,17 +134,6 @@
/**
- * Gets the quality of protection.
- *
- * @return the quality of protection
- */
- public SaslQoP getQualityOfProtection()
- {
- return qualityOfProtection;
- }
-
-
- /**
* Gets realm name.
*
* @return the realm name
@@ -175,17 +156,6 @@
/**
- * Gets the security strength.
- *
- * @return the security strength
- */
- public SaslSecurityStrength getSecurityStrength()
- {
- return securityStrength;
- }
-
-
- /**
* Gets the username.
*
* @return the username
@@ -197,17 +167,6 @@
/**
- * Indicates if mutual authentication is required.
- *
- * @return the flag indicating if mutual authentication is required
- */
- public boolean isMutualAuthentication()
- {
- return mutualAuthentication;
- }
-
-
- /**
* Sets the Authorization ID
*
* @param authorizationId The authorization ID
@@ -241,28 +200,6 @@
/**
- * Sets the flag indicating if mutual authentication is required.
- *
- * @param mutualAuthentication the flag indicating if mutual authentication is required
- */
- public void setMutualAuthentication( boolean mutualAuthentication )
- {
- this.mutualAuthentication = mutualAuthentication;
- }
-
-
- /**
- * Sets the quality of protection.
- *
- * @param qualityOfProtection the quality of protection
- */
- public void setQualityOfProtection( SaslQoP qualityOfProtection )
- {
- this.qualityOfProtection = qualityOfProtection;
- }
-
-
- /**
* Sets the realm name.
*
* @param realmName The realm name
@@ -285,17 +222,6 @@
/**
- * Sets the security strength.
- *
- * @param securityStrength the security strength
- */
- public void setSecurityStrength( SaslSecurityStrength securityStrength )
- {
- this.securityStrength = securityStrength;
- }
-
-
- /**
* Sets the username.
*
* @param username the username