I posted this to tomcat-user but got no replies.
Perhaps tomcat-dev is more appropriate, as it is a programming problem. Can
anyone help?
Although I've been using tomacat for sometime, I'm now needeing to start on
some work to match up the authentication and authorisation within catalina
to our enviroment. To do this I'm putting together a LDAPRealm. I have a
rudimentary LDAPRealm that works fine on its own (outside catalina), but
when I run it within catalina I'm getting a cannot instantiate class
exception from within my code. Could someone give me a guide into what I'm
doing worong. It's probably pretty basic, but I'm new to this.
What I did:
created a org.apache.catalina.realm.MyRealm class that contains an
authenticate() method that connects to the LDAP server as follows
public Principal authenticate(String username, String credentials) {
MyRealmPrincipal principal = new MyRealmPrincipal(username);
Hashtable env = new Hashtable(11);
env.put(Context.PROVIDER_URL,
"ldap://localhost:389/dc=britbio,dc=co,dc=uk");
env.put(Context.SECURITY_PRINCIPAL, principal.getDistinguishedName());
env.put(Context.SECURITY_CREDENTIALS, credentials);
try {
// Create the initial directory context
DirContext ctx = new InitialDirContext(env);
// if we get here then we've bound OK
System.out.println("Authenticated for " +
principal.getDistinguishedName());
// get the groups from the JNDI context and define them as roles
getRoles(ctx, principal);
// unbind
ctx.close();
return(principal);
} catch (NamingException e) {
// could not bind - wrong password?
System.err.println("Failed to bind to directory for " + username);
e.printStackTrace();
return(null);
}
this code works fine on its own (outside catalina). However when I try to
run it within catalina (jar'd up the clases, put them in
$CATLINA_ROOT/server), my code gets called, but the bind to the LDAP server
fails with the following exception
Failed to bind to directory for tom
javax.naming.NoInitialContextException: Cannot instantiate class:
com.sun.jndi.ldap.LdapCtxFactory. Root exception is
java.lang.ClassCastException: com.sun.jndi.ldap.LdapCtxFactory
at
javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:659)
at
javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:250)
at javax.naming.InitialContext.init(InitialContext.java:226)
at javax.naming.InitialContext.<init>(InitialContext.java:202)
at
javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:87)
at
org.apache.catalina.realm.TimsRealm.authenticate(TimsRealm.java:109)
at
org.apache.catalina.authenticator.BasicAuthenticator.findPrincipal(BasicAuth
enticator.java:214)
at
org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthe
nticator.java:160)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase
.java:481)
at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:975)
at
org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2041)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:161
)
at
org.apache.catalina.valves.ValveBase.invokeNext(ValveBase.java:242)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:414)
at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:975)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java
:159)
at
org.apache.catalina.valves.ValveBase.invokeNext(ValveBase.java:242)
at
org.apache.catalina.valves.RequestDumperValve.invoke(RequestDumperValve.java
:215)
at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:975)
at
org.apache.catalina.connector.http.HttpProcessor.process(HttpProcessor.java:
818)
at
org.apache.catalina.connector.http.HttpProcessor.run(HttpProcessor.java:897)
at java.lang.Thread.run(Thread.java:484)
Any ideas as to why this runs outside catalina and not inside it. The JVM,
and everything else I can think of is the same. My setup:
Tomcat-4.0-b1
JDK1.3
Linux
many thanks
Tim
---------------------------------------------
Tim Dudgeon
[EMAIL PROTECTED]
--------------------------------------------------
DISCLAIMER: This message contains proprietary
information some or all of which may be
confidential and/or legally privileged. It is for
the intended recipient only who may use and apply
the information only for the intended purpose.
Internet communications are not secure and
therefore the British Biotech group does not
accept legal responsibility for the contents of
this message. Any views or opinions presented are
only those of the author and not those of the
British Biotech group. If you are not the intended
recipient please delete this e-mail and notify the
author immediately by calling ++44 (0)1865 748747;
do not use, disclose, distribute, copy, print or
rely on this e-mail.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
