geos_one/CASA
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Made changes to allow us to fail-over to a different identity store if

Browse Source 
a communication error is encountered.

Lowered the log level of a couple of logs that were littering the log
files.
This commit is contained in:
Juan Carlos Luciani 2007-03-21 17:51:54 +00:00
parent 3836edc9d7
commit 67485b5388
6 changed files with 345 additions and 190 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/CasaIdentityToken.java
View File

@ -31,6 +31,7 @@ import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.ServiceUnavailableException;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
@ -715,7 +716,23 @@ public final class CasaIdentityToken implements IdentityToken
env.put(Realm.REALM_CONFIG_LOCATION, svcConfig.getSetting(SvcConfig.IdentityAbstractionConfigFile));
env.put(Realm.REALM_SELECTOR, sourceName);
DirContext ctx = new InitialDirContext(env);
while (true)
{
// Instantiate DirContext watching for an exception since it
// would be an indication that we should not retry the
// operation.
DirContext ctx;
try
{
ctx = new InitialDirContext(env);
}
catch (Exception e)
{
m_log.warn("initialize(): Exception caught instantiating DirContext, msg = " + e.getMessage());
// Stop retrying
break;
}
// Setup a string buffer for building the IdentityToken, notice for now
// we are not going to wrap the identity token.
@ -730,6 +747,10 @@ public final class CasaIdentityToken implements IdentityToken
sb.append("<"); sb.append(attributesElementName); sb.append(">\r\n");
// Get the necessary attributes of the specified services in the identity token
// watching for a service unavailable exception as an indication that we should
// retry the operation.
try
{
String[] attributesNeeded = m_idenTokenConfig.getAttributes();
boolean encryptAttributes = "true".equalsIgnoreCase(m_idenTokenConfig.getSetting(IdenTokenConfig.EncryptAttributes));
Attributes attrs = ctx.getAttributes(identityId, attributesNeeded);
@ -775,6 +796,18 @@ public final class CasaIdentityToken implements IdentityToken
m_token = sb.toString();
}
catch (ServiceUnavailableException e)
{
m_log.warn("initialize()- ServiceUnavailable exception caught looking up attributes, msg = " + e.getMessage());
// Retry the operation
continue;
}
// No need to retry
break;
}
}
catch (NamingException e)
{
m_log.error("initialize()- Exception: " + e.getExplanation());

4
CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/EnabledSvcsConfig.java
View File

@ -263,7 +263,7 @@ public final class EnabledSvcsConfig
}
catch (Exception e)
{
m_log.warn("Constructor()- Exception accessing " + serviceFolder + File.separator + m_authTokenSettingsFileName + " Exception=" + e.toString());
m_log.debug("Constructor()- Exception accessing " + serviceFolder + File.separator + m_authTokenSettingsFileName + " Exception=" + e.toString());
}
try
@ -272,7 +272,7 @@ public final class EnabledSvcsConfig
}
catch (Exception e)
{
m_log.warn("Constructor()- Exception accessing " + serviceFolder + File.separator + m_idenTokenSettingsFileName + " Exception=" + e.toString());
m_log.debug("Constructor()- Exception accessing " + serviceFolder + File.separator + m_idenTokenSettingsFileName + " Exception=" + e.toString());
}
// Make sure that we have a policy file

37
CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/Krb5Authenticate.java
View File

@ -30,6 +30,7 @@ import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.ServiceUnavailableException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchResult;
@ -212,11 +213,31 @@ public final class Krb5Authenticate implements AuthMechanism, Serializable
env.put(Realm.REALM_CONFIG_LOCATION, m_svcConfig.getSetting(SvcConfig.IdentityAbstractionConfigFile));
env.put(Realm.REALM_SELECTOR, authReqMsg.getRealm());
DirContext ctx = new InitialDirContext(env);
while (true)
{
// Instantiate DirContext watching for an exception since it
// would be an indication that we should not retry the
// operation.
DirContext ctx;
try
{
ctx = new InitialDirContext(env);
}
catch (Exception e)
{
m_log.warn("invoke(): Exception caught instantiating DirContext, msg = " + e.getMessage());
// Now search for a user with a matching kerberos principal name.
// Stop retrying
break;
}
// Now search for a user with a matching kerberos principal name
// watching for a service unavailable exception as an indication that we
// should retry the operation.
//
// Set up a search control so that the search is scoped to the sub-tree
try
{
SearchControls controls = new SearchControls();
controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
@ -279,6 +300,18 @@ public final class Krb5Authenticate implements AuthMechanism, Serializable
}
}
}
catch (ServiceUnavailableException e)
{
m_log.warn("invoke()- ServiceUnavailable exception caught looking up attributes, msg = " + e.getMessage());
// Retry the operation
continue;
}
// No need to retry
break;
}
}
catch (NamingException e)
{
// Log the error

36
CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/PwdAuthenticate.java
View File

@ -37,6 +37,7 @@ import javax.naming.directory.DirContext;
import javax.naming.directory.SearchResult;
import javax.naming.directory.SearchControls;
import javax.naming.NamingException;
import javax.naming.ServiceUnavailableException;
import org.bandit.ia.IAContext;
import org.bandit.util.config.Realm;
@ -187,9 +188,26 @@ public final class PwdAuthenticate implements AuthMechanism, Serializable
env.put(Realm.REALM_CONFIG_LOCATION, m_svcConfig.getSetting(SvcConfig.IdentityAbstractionConfigFile));
env.put(Realm.REALM_SELECTOR, authReqMsg.getRealm());
DirContext ctx = new InitialDirContext(env);
while (true)
{
// Instantiate DirContext watching for an exception since it
// would be an indication that we should not retry the
// operation.
DirContext ctx;
try
{
ctx = new InitialDirContext(env);
}
catch (Exception e)
{
m_log.warn("invoke(): Exception caught instantiating DirContext, msg = " + e.getMessage());
// Now search for a user with a matching surname.
// Stop retrying
break;
}
// Now search for a user with a matching surname watching for a service
// unavailable exception as an indication that we should retry the operation.
//
// Set up a search control so that the search is scoped to the sub-tree
SearchControls controls = new SearchControls();
@ -229,6 +247,8 @@ public final class PwdAuthenticate implements AuthMechanism, Serializable
}
}
try
{
// Go through the search roots stopping if the identity is resolved.
for (int i = 0; i < searchRoots.length && identId == null; i++)
{
@ -274,6 +294,18 @@ public final class PwdAuthenticate implements AuthMechanism, Serializable
}
}
}
}
catch (ServiceUnavailableException e)
{
m_log.warn("invoke()- ServiceUnavailable exception caught looking up attributes, msg = " + e.getMessage());
// Retry the operation
continue;
}
// No need to retry
break;
}
// Check if we did not resolve the identity
if (identId == null)

43
CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/RealmsInfo.java
View File

@ -28,6 +28,8 @@ import org.bandit.util.config.gen.*;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.CommunicationException;
import javax.naming.ServiceUnavailableException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.Attributes;
@ -147,7 +149,7 @@ public class RealmsInfo
else
{
// Ignore parameter
m_log.debug("Constructor(): Unknown directory type");
m_log.debug("Constructor()- Unknown directory type");
}
}
else if (env[iii].getProp().equalsIgnoreCase("com.novell.casa.authtoksvc.contextless_search_string"))
@ -182,7 +184,28 @@ public class RealmsInfo
env.put(Realm.REALM_CONFIG_LOCATION, realmConfigFilePath);
env.put(Realm.REALM_SELECTOR, realm.getId());
DirContext ctx = new InitialDirContext(env);
while (true)
{
// Instantiate DirContext watching for an exception since it
// would be an indication that we should not retry the
// operation.
DirContext ctx;
try
{
ctx = new InitialDirContext(env);
}
catch (Exception e)
{
m_log.warn("Constructor()- Exception caught instantiating DirContext, msg = " + e.getMessage());
// Stop retrying
break;
}
// Now do the attribute lookup watching for a service unavailable
// exception as an indication that we should retry the operation.
try
{
String[] attributesNeeded = new String[1];
attributesNeeded[0] = "sAMAccountName";
Attributes attributes = ctx.getAttributes(principalName, attributesNeeded);
@ -196,6 +219,22 @@ public class RealmsInfo
realmInfo.m_keyValueMap.put(RealmType, eDirectoryRealm);
}
}
catch (ServiceUnavailableException e)
{
m_log.warn("Constructor()- ServiceUnavailable exception caught looking up attributes, msg = " + e.getMessage());
// Retry the operation
continue;
}
catch (Exception e)
{
m_log.warn("Constructor()- Exception caught looking up attributes, msg = " + e.getMessage());
}
// No need to retry
break;
}
}
else
{
// The principal name was not configured, default to eDir.

18
CASA-auth-token/server-java/package/linux/CASA_auth_token_svc.changes
View File

@ -1,3 +1,21 @@
-------------------------------------------------------------------
Mon Mar 19 10:41:50 MDT 2007 - jluciani@novell.com
- Fixed BUG242969 by removing the log files that get created by
the Windows install of the ATS.
- Fixed BUG251942 by updating the Windows install file responsible
for setting up the log4j.properties file so that it properly
escapes the path characters.
- Fixed BUG250413 by lowering the priority of the messages being
logged and by increasing the log level priority to "warn" in
the log4j.properties file.
- Fixed BUG243339 by codding directly to the classes provided by
xmlsec and taking care of building SOAP messages with the
necessary WS-Security headers.
-------------------------------------------------------------------
Mon Mar 5 11:32:37 MST 2007 - jluciani@novell.com