[thredds] THREDDS - openDAP - JNDIrealm - LDAP - @ (at) sign

PROBLEM:
TDS files can't be accessed by openDAP clients (cdo, ferret, ncdump, ...) when 
TDS uses JNDIrealm to verify users credentials and the LDAP server 
identifies users by email address.

WHAT HAPPENS:
We know URLs use the @ (at sign) to indicate the server and we also know in 
openDAP username and password must be part of the URL

http://username:password@server:port/thredds/dodsC/mydir/myfile.nc

When the username or the password contain @ (at sign) it must be replaced by a 
%40 not to indicate the server. 
But such %40 are passed unchanged by JNDIrealm to the LDAP server which never 
authenticate anybody since in its database it has the @ sign and not the 
%40 .

SOLUTION: 
Mr. Guillaume Brissebrat gave me a solution to the above problem, and I'm glad 
to share it with the THREDDS community.

1) Create a jar with the following code and put it in TOMCAT/lib

package fr.sedoo.test;
import java.net.URLDecoder;
import java.security.Principal;
import org.apache.catalina.realm.JNDIRealm;
public class TestJNDIRealm extends JNDIRealm {
     @Override
     public Principal authenticate(String username, String password) {
         try{
             username = URLDecoder.decode(username,"UTF-8");
         }catch(Exception e){
             e.printStackTrace();
         }
         return super.authenticate(username, password);
     }
}

2) In server.xml use the new Realm

<Realm className="fr.sedoo.test.TestJNDIRealm"
....
/>


It works very well to me, thus I hope it will help also other people.
Thank again to Guillaume,

Emanuele 




-- 
Emanuele Lombardi
ENEA Casaccia
I-00123 Roma (RM)
tel. +39 0630483366
http://utmea.enea.it/people/lombardi



  • 2014 messages navigation, sorted by:
    1. Thread
    2. Subject
    3. Author
    4. Date
    5. ↑ Table Of Contents
  • Search the thredds archives: