diff --git a/CASA-auth-token/server-java/Svc/README b/CASA-auth-token/server-java/Svc/README
index d4acb2d1..2876d66e 100644
--- a/CASA-auth-token/server-java/Svc/README
+++ b/CASA-auth-token/server-java/Svc/README
@@ -184,12 +184,12 @@ The following is an example auth.policy file:
CorpTree
Krb5Authenticate
- host/tokenserver.company.novell.com@KRB_REALM
+ SVC_PRINCIPAL=host/tokenserver.company.novell.com@KRB_REALM
CorpTree
PwdAuthenticate
-
+ REALM_CREDENTIALS_ONLY=true
@@ -212,10 +212,16 @@ Note the following about the sample auth.policy file:
- The name of the Krb5 Authentication mechanism is "Krb5Authenticate". This mechanism
defaults the service principal name to host/hostname@KERBEROS_REALM. You can use a
- different service principal name under the mechanism_info key.
+ different service principal name by setting the SVC_PRINCIPAL setting equal to it
+ under the mechanism_info key. Notice that mechanism info settings for this mechanism
+ are separated using a semicolon and no-white space is allowed.
- The name of the username/password authentication mechanism is "PwdAuthenticate" and
- it does not require any information to be included under the mechanism_info key.
+ it does not require any information to be included under the mechanism_info key. You
+ can specify to the client to only utilize credentials for the specified realm by
+ setting the mechanism info setting REALM_CREDENTIALS_ONLY equal to "true". Notice that
+ mechanism info settings for this mechanism are separated using a semicolon and no-white
+ space is allowed.
The authtoken.settings file contains settings that should be applied to authentication
tokens issued to authenticate to the service.
diff --git a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/CasaIdentityToken.java b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/CasaIdentityToken.java
index d509030d..007843b0 100644
--- a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/CasaIdentityToken.java
+++ b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/CasaIdentityToken.java
@@ -42,7 +42,6 @@ import org.xml.sax.SAXException;
import org.xml.sax.XMLReader;
import org.xml.sax.helpers.XMLReaderFactory;
-import org.bandit.ia.IAContext;
import org.bandit.util.config.Realm;
import org.apache.log4j.Logger;
@@ -716,7 +715,8 @@ public final class CasaIdentityToken implements IdentityToken
env.put(Realm.REALM_CONFIG_LOCATION, svcConfig.getSetting(SvcConfig.IdentityAbstractionConfigFile));
env.put(Realm.REALM_SELECTOR, sourceName);
- while (true)
+ int retries = 3;
+ while (retries != 0)
{
// Instantiate DirContext watching for an exception since it
// would be an indication that we should not retry the
@@ -801,6 +801,7 @@ public final class CasaIdentityToken implements IdentityToken
m_log.warn("initialize()- ServiceUnavailable exception caught looking up attributes, msg = " + e.getMessage());
// Retry the operation
+ retries --;
continue;
}
diff --git a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/Krb5Authenticate.java b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/Krb5Authenticate.java
index 28082215..2f04f733 100644
--- a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/Krb5Authenticate.java
+++ b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/Krb5Authenticate.java
@@ -43,7 +43,6 @@ import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;
-import org.bandit.ia.IAContext;
import org.bandit.util.config.Realm;
import org.apache.log4j.Logger;
@@ -213,7 +212,8 @@ public final class Krb5Authenticate implements AuthMechanism, Serializable
env.put(Realm.REALM_CONFIG_LOCATION, m_svcConfig.getSetting(SvcConfig.IdentityAbstractionConfigFile));
env.put(Realm.REALM_SELECTOR, authReqMsg.getRealm());
- while (true)
+ int retries = 3;
+ while (retries != 0)
{
// Instantiate DirContext watching for an exception since it
// would be an indication that we should not retry the
@@ -305,6 +305,7 @@ public final class Krb5Authenticate implements AuthMechanism, Serializable
m_log.warn("invoke()- ServiceUnavailable exception caught looking up attributes, msg = " + e.getMessage());
// Retry the operation
+ retries --;
continue;
}
diff --git a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/PwdAuthenticate.java b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/PwdAuthenticate.java
index 516a0e5b..d7da27a3 100644
--- a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/PwdAuthenticate.java
+++ b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/PwdAuthenticate.java
@@ -39,7 +39,6 @@ import javax.naming.directory.SearchControls;
import javax.naming.NamingException;
import javax.naming.ServiceUnavailableException;
-import org.bandit.ia.IAContext;
import org.bandit.util.config.Realm;
import org.apache.log4j.Logger;
@@ -188,7 +187,8 @@ public final class PwdAuthenticate implements AuthMechanism, Serializable
env.put(Realm.REALM_CONFIG_LOCATION, m_svcConfig.getSetting(SvcConfig.IdentityAbstractionConfigFile));
env.put(Realm.REALM_SELECTOR, authReqMsg.getRealm());
- while (true)
+ int retries = 3;
+ while (retries != 0)
{
// Instantiate DirContext watching for an exception since it
// would be an indication that we should not retry the
@@ -300,6 +300,7 @@ public final class PwdAuthenticate implements AuthMechanism, Serializable
m_log.warn("invoke()- ServiceUnavailable exception caught looking up attributes, msg = " + e.getMessage());
// Retry the operation
+ retries --;
continue;
}
diff --git a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/RealmsInfo.java b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/RealmsInfo.java
index 1e9d7ca8..3c5430f2 100644
--- a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/RealmsInfo.java
+++ b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/RealmsInfo.java
@@ -28,13 +28,11 @@ import org.bandit.util.config.gen.*;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
-import javax.naming.CommunicationException;
import javax.naming.ServiceUnavailableException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.Attributes;
-import org.bandit.ia.IAContext;
import org.bandit.util.config.Realm;
import org.apache.log4j.Logger;
@@ -137,7 +135,7 @@ public class RealmsInfo
else if (env[iii].getProp().equalsIgnoreCase("com.novell.casa.authtoksvc.directory_type"))
{
// We are dealing with a directory type, decode it and record the result.
- String realmDirectoryType = env[iii].getValue();;
+ String realmDirectoryType = env[iii].getValue();
if (realmDirectoryType.equalsIgnoreCase("eDir"))
{
realmInfo.m_keyValueMap.put(RealmType, eDirectoryRealm);
@@ -184,7 +182,8 @@ public class RealmsInfo
env.put(Realm.REALM_CONFIG_LOCATION, realmConfigFilePath);
env.put(Realm.REALM_SELECTOR, realm.getId());
- while (true)
+ int retries = 3;
+ while (retries != 0)
{
// Instantiate DirContext watching for an exception since it
// would be an indication that we should not retry the
@@ -224,6 +223,7 @@ public class RealmsInfo
m_log.warn("Constructor()- ServiceUnavailable exception caught looking up attributes, msg = " + e.getMessage());
// Retry the operation
+ retries --;
continue;
}
catch (Exception e)