Made changes to allow us to fail-over to a different identity store if

a communication error is encountered.

Lowered the log level of a couple of logs that were littering the log
files.

CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/CasaIdentityToken.java

@@ -31,6 +31,7 @@ import java.util.Hashtable;
 import javax.naming.Context;
 import javax.naming.NamingEnumeration;
 import javax.naming.NamingException;
+import javax.naming.ServiceUnavailableException;
 import javax.naming.directory.Attributes;
 import javax.naming.directory.DirContext;
 import javax.naming.directory.InitialDirContext;
@@ -715,7 +716,23 @@ public final class CasaIdentityToken implements IdentityToken
          env.put(Realm.REALM_CONFIG_LOCATION, svcConfig.getSetting(SvcConfig.IdentityAbstractionConfigFile));
          env.put(Realm.REALM_SELECTOR, sourceName);
 
-         DirContext ctx = new InitialDirContext(env);
+         while (true)
+         {
+            // Instantiate DirContext watching for an exception since it
+            // would be an indication that we should not retry the
+            // operation.
+            DirContext ctx;
+            try
+            {
+               ctx = new InitialDirContext(env);
+            }
+            catch (Exception e)
+            {
+               m_log.warn("initialize(): Exception caught instantiating DirContext, msg = " + e.getMessage());
+
+               // Stop retrying
+               break;
+            }
 
             // Setup a string buffer for building the IdentityToken, notice for now
             // we are not going to wrap the identity token.
@@ -730,6 +747,10 @@ public final class CasaIdentityToken implements IdentityToken
             sb.append("<"); sb.append(attributesElementName); sb.append(">\r\n");
 
             // Get the necessary attributes of the specified services in the identity token
+            // watching for a service unavailable exception as an indication that we should
+            // retry the operation.
+            try
+            {
                String[] attributesNeeded  = m_idenTokenConfig.getAttributes();
                boolean encryptAttributes = "true".equalsIgnoreCase(m_idenTokenConfig.getSetting(IdenTokenConfig.EncryptAttributes));
                Attributes attrs = ctx.getAttributes(identityId, attributesNeeded);
@@ -775,6 +796,18 @@ public final class CasaIdentityToken implements IdentityToken
 
                m_token = sb.toString();
             }
+            catch (ServiceUnavailableException e)
+            {
+               m_log.warn("initialize()- ServiceUnavailable exception caught looking up attributes, msg = " + e.getMessage());
+
+               // Retry the operation
+               continue;
+            }
+
+            // No need to retry
+            break;
+         }
+      }
       catch (NamingException e)
       {
          m_log.error("initialize()- Exception: " + e.getExplanation());

CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/EnabledSvcsConfig.java

@@ -263,7 +263,7 @@ public final class EnabledSvcsConfig
                                     }
                                     catch (Exception e)
                                     {
-                                       m_log.warn("Constructor()- Exception accessing " + serviceFolder + File.separator + m_authTokenSettingsFileName + " Exception=" + e.toString());
+                                       m_log.debug("Constructor()- Exception accessing " + serviceFolder + File.separator + m_authTokenSettingsFileName + " Exception=" + e.toString());
                                     }
 
                                     try
@@ -272,7 +272,7 @@ public final class EnabledSvcsConfig
                                     }
                                     catch (Exception e)
                                     {
-                                       m_log.warn("Constructor()- Exception accessing " + serviceFolder + File.separator + m_idenTokenSettingsFileName + " Exception=" + e.toString());
+                                       m_log.debug("Constructor()- Exception accessing " + serviceFolder + File.separator + m_idenTokenSettingsFileName + " Exception=" + e.toString());
                                     }
 
                                     // Make sure that we have a policy file

CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/Krb5Authenticate.java

@@ -30,6 +30,7 @@ import java.util.Hashtable;
 import javax.naming.Context;
 import javax.naming.NamingEnumeration;
 import javax.naming.NamingException;
+import javax.naming.ServiceUnavailableException;
 import javax.naming.directory.DirContext;
 import javax.naming.directory.InitialDirContext;
 import javax.naming.directory.SearchResult;
@@ -212,11 +213,31 @@ public final class Krb5Authenticate implements AuthMechanism, Serializable
          env.put(Realm.REALM_CONFIG_LOCATION, m_svcConfig.getSetting(SvcConfig.IdentityAbstractionConfigFile));
          env.put(Realm.REALM_SELECTOR, authReqMsg.getRealm());
 
-         DirContext ctx = new InitialDirContext(env);
+         while (true)
+         {
+            // Instantiate DirContext watching for an exception since it
+            // would be an indication that we should not retry the
+            // operation.
+            DirContext ctx;
+            try
+            {
+               ctx = new InitialDirContext(env);
+            }
+            catch (Exception e)
+            {
+               m_log.warn("invoke(): Exception caught instantiating DirContext, msg = " + e.getMessage());
 
-         // Now search for a user with a matching  kerberos principal name.
+               // Stop retrying
+               break;
+            }
+
+            // Now search for a user with a matching  kerberos principal name
+            // watching for a service unavailable exception as an indication that we
+            // should retry the operation.
             //
             // Set up a search control so that the search is scoped to the sub-tree
+            try
+            {
                SearchControls controls = new SearchControls();
                controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
 
@@ -279,6 +300,18 @@ public final class Krb5Authenticate implements AuthMechanism, Serializable
                   }
                }
             }
+            catch (ServiceUnavailableException e)
+            {
+               m_log.warn("invoke()- ServiceUnavailable exception caught looking up attributes, msg = " + e.getMessage());
+
+               // Retry the operation
+               continue;
+            }
+
+            // No need to retry
+            break;
+         }
+      }
       catch (NamingException e)
       {
          // Log the error

CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/PwdAuthenticate.java

@@ -37,6 +37,7 @@ import javax.naming.directory.DirContext;
 import javax.naming.directory.SearchResult;
 import javax.naming.directory.SearchControls;
 import javax.naming.NamingException;
+import javax.naming.ServiceUnavailableException;
 
 import org.bandit.ia.IAContext;
 import org.bandit.util.config.Realm;
@@ -187,9 +188,26 @@ public final class PwdAuthenticate implements AuthMechanism, Serializable
          env.put(Realm.REALM_CONFIG_LOCATION, m_svcConfig.getSetting(SvcConfig.IdentityAbstractionConfigFile));
          env.put(Realm.REALM_SELECTOR, authReqMsg.getRealm());
 
-         DirContext ctx = new InitialDirContext(env);
+         while (true)
+         {
+            // Instantiate DirContext watching for an exception since it
+            // would be an indication that we should not retry the
+            // operation.
+            DirContext ctx;
+            try
+            {
+               ctx = new InitialDirContext(env);
+            }
+            catch (Exception e)
+            {
+               m_log.warn("invoke(): Exception caught instantiating DirContext, msg = " + e.getMessage());
 
-         // Now search for a user with a matching surname.
+               // Stop retrying
+               break;
+            }
+
+            // Now search for a user with a matching surname watching for a service
+            // unavailable exception as an indication that we should retry the operation.
             //
             // Set up a search control so that the search is scoped to the sub-tree
             SearchControls controls = new SearchControls();
@@ -229,6 +247,8 @@ public final class PwdAuthenticate implements AuthMechanism, Serializable
                }
             }
 
+            try
+            {
                // Go through the search roots stopping if the identity is resolved.
                for (int i = 0; i < searchRoots.length && identId == null; i++)
                {
@@ -274,6 +294,18 @@ public final class PwdAuthenticate implements AuthMechanism, Serializable
                      }
                   }
                }
+            }
+            catch (ServiceUnavailableException e)
+            {
+               m_log.warn("invoke()- ServiceUnavailable exception caught looking up attributes, msg = " + e.getMessage());
+
+               // Retry the operation
+               continue;
+            }
+
+            // No need to retry
+            break;
+         }
 
          // Check if we did not resolve the identity
          if (identId == null)

CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/RealmsInfo.java

@@ -28,6 +28,8 @@ import org.bandit.util.config.gen.*;
 
 import javax.naming.Context;
 import javax.naming.NamingEnumeration;
+import javax.naming.CommunicationException;
+import javax.naming.ServiceUnavailableException;
 import javax.naming.directory.DirContext;
 import javax.naming.directory.InitialDirContext;
 import javax.naming.directory.Attributes;
@@ -147,7 +149,7 @@ public class RealmsInfo
                            else
                            {
                               // Ignore parameter
-                              m_log.debug("Constructor(): Unknown directory type");
+                              m_log.debug("Constructor()- Unknown directory type");
                            }
                         }
                         else if (env[iii].getProp().equalsIgnoreCase("com.novell.casa.authtoksvc.contextless_search_string"))
@@ -182,7 +184,28 @@ public class RealmsInfo
                   env.put(Realm.REALM_CONFIG_LOCATION, realmConfigFilePath);
                   env.put(Realm.REALM_SELECTOR, realm.getId());
 
-                  DirContext ctx = new InitialDirContext(env);
+                  while (true)                             
+                  {
+                     // Instantiate DirContext watching for an exception since it
+                     // would be an indication that we should not retry the
+                     // operation.
+                     DirContext ctx;
+                     try
+                     {
+                        ctx = new InitialDirContext(env);
+                     }
+                     catch (Exception e)
+                     {
+                        m_log.warn("Constructor()- Exception caught instantiating DirContext, msg = " + e.getMessage());
+
+                        // Stop retrying
+                        break;
+                     }
+
+                     // Now do the attribute lookup watching for a service unavailable
+                     // exception as an indication that we should retry the operation.
+                     try
+                     {
                         String[] attributesNeeded  = new String[1];
                         attributesNeeded[0] = "sAMAccountName";
                         Attributes attributes = ctx.getAttributes(principalName, attributesNeeded);
@@ -196,6 +219,22 @@ public class RealmsInfo
                            realmInfo.m_keyValueMap.put(RealmType, eDirectoryRealm);
                         }
                      }
+                     catch (ServiceUnavailableException e)
+                     {
+                        m_log.warn("Constructor()- ServiceUnavailable exception caught looking up attributes, msg = " + e.getMessage());
+
+                        // Retry the operation
+                        continue;
+                     }
+                     catch (Exception e)
+                     {
+                        m_log.warn("Constructor()- Exception caught looking up attributes, msg = " + e.getMessage());
+                     }
+
+                     // No need to retry
+                     break;
+                  }
+               }
                else
                {
                   // The principal name was not configured, default to eDir.

CASA-auth-token/server-java/package/linux/CASA_auth_token_svc.changes

@@ -1,3 +1,21 @@
+-------------------------------------------------------------------
+Mon Mar 19 10:41:50 MDT 2007 - jluciani@novell.com
+
+- Fixed BUG242969 by removing the log files that get created by
+  the Windows install of the ATS.
+
+- Fixed BUG251942 by updating the Windows install file responsible
+  for setting up the log4j.properties file so that it properly
+  escapes the path characters.
+
+- Fixed BUG250413 by lowering the priority of the messages being
+  logged and by increasing the log level priority to "warn" in
+  the log4j.properties file.
+
+- Fixed BUG243339 by codding directly to the classes provided by
+  xmlsec and taking care of building SOAP messages with the
+  necessary WS-Security headers.
+
 -------------------------------------------------------------------
 Mon Mar  5 11:32:37 MST 2007 - jluciani@novell.com