#24 LDAP, JNDI, and Servlet Filter issues

closed-works-for-me
nobody
None
5
2007-08-13
2007-06-05
bill niebel
No

ISSUES

1. A bug. Confused usage of local (method) variable and instance field with the same name "authenticated".

2. Unexpected / strange response from JNDI. Again, this is a non-existent user with no password provided. In the case seen in the log, JNDI does not throw an exception. I haven't seen any documentation on what to expect in this case, and certainly didn't expect this behavior for the specific case of no password provided. In local testing, I've seen exceptions thrown always on no password provided. The difference could be due to the directory server used, I guess. I've changed the code defensively, but need to test before sending the patch. I will also both
(a) trap the lack of password in the Fedora code itself, so that it's an error to Fedora before JNDI is called; and
(b) treat empty results returned from the results as non-authentication.
Both of these will be configurable, which will allow further testing if we want/need to tease this out (i.e., ferret out when exceptions are unexpectedly not thrown).

3. A bug. The cached authentication value is not reset before the re-authentication attempt. A re-authentication attempt with exception thrown then results in using the existing cached value. This is puzzling especially when the the cached value is --incorrectly-- set to true, as set in the second login attempt with no password and no exception thrown by JNDI. That is, case 3 (or 4) is the result of both this bug --and-- case (2) having incorrectly cached a true authentication value. Strange case and inadequate testing.

Discussion

  • bill niebel

    bill niebel - 2007-06-05

    Logged In: YES
    user_id=1705824
    Originator: YES

    I've committed bug fixes for 1 and 3 to maintenance-2.2 (@ 6010) and to trunk (@ 6011). Item 2 will be committed separately.

     
  • bill niebel

    bill niebel - 2007-06-06

    Logged In: YES
    user_id=1705824
    Originator: YES

    I've committed defensive programming for 2 to maintenance-2.2 (@ 6012) and to
    trunk (@ 6013). I'll send email re how I tested this.

     
  • bill niebel

    bill niebel - 2007-06-06

    Logged In: YES
    user_id=1705824
    Originator: YES

    We should add better init protection against inconsistent parms.

     
  • bill niebel

    bill niebel - 2007-06-18

    how to apply the patch

     
    Attachments
  • bill niebel

    bill niebel - 2007-06-18

    Logged In: YES
    user_id=1705824
    Originator: YES

    File Added: readme.txt

     
  • bill niebel

    bill niebel - 2007-06-18

    Logged In: YES
    user_id=1705824
    Originator: YES

    File Added: debugging-readme.txt

     
  • bill niebel

    bill niebel - 2007-06-18

    how to debug a problem ldap directory config

     
    Attachments
  • bill niebel

    bill niebel - 2007-06-18

    classes, source, readme files for patch

     
    Attachments
  • bill niebel

    bill niebel - 2007-06-18

    Logged In: YES
    user_id=1705824
    Originator: YES

    File Added: fedora-2.2.6012.zip

     
  • bill niebel

    bill niebel - 2007-06-18

    Logged In: YES
    user_id=1705824
    Originator: YES

    uploaded readme text and zip file for patch 6012 (also incorporates issue 1721620).
    also included a separate debugging readme, for dealing with ldap server behaving
    differently in field from what's seen in development.

     
  • bill niebel

    bill niebel - 2007-06-18
    • status: open --> pending-works-for-me
     
  • SourceForge Robot

    Logged In: YES
    user_id=1312539
    Originator: NO

    This Tracker item was closed automatically by the system. It was
    previously set to a Pending status, and the original submitter
    did not respond within 14 days (the time period specified by
    the administrator of this Tracker).

     
  • SourceForge Robot

    • status: pending-works-for-me --> closed-works-for-me
     
  • Chris Wilper

    Chris Wilper - 2007-08-13
    • summary: ldap servlet filter -- fix bugs revealed at hull --> LDAP, JNDI, and Servlet Filter issues
     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks