PROBLEM:
TDS files can't be accessed by openDAP clients (cdo, ferret, ncdump, ...) when
TDS uses JNDIrealm to verify users credentials and the LDAP server
identifies users by email address.
WHAT HAPPENS:
We know URLs use the @ (at sign) to indicate the server and we also know in
openDAP username and password must be part of the URL
http://username:password@server:port/thredds/dodsC/mydir/myfile.nc
When the username or the password contain @ (at sign) it must be replaced by a
%40 not to indicate the server.
But such %40 are passed unchanged by JNDIrealm to the LDAP server which never
authenticate anybody since in its database it has the @ sign and not the
%40 .
SOLUTION:
Mr. Guillaume Brissebrat gave me a solution to the above problem, and I'm glad
to share it with the THREDDS community.
1) Create a jar with the following code and put it in TOMCAT/lib
package fr.sedoo.test;
import java.net.URLDecoder;
import java.security.Principal;
import org.apache.catalina.realm.JNDIRealm;
public class TestJNDIRealm extends JNDIRealm {
@Override
public Principal authenticate(String username, String password) {
try{
username = URLDecoder.decode(username,"UTF-8");
}catch(Exception e){
e.printStackTrace();
}
return super.authenticate(username, password);
}
}
2) In server.xml use the new Realm
<Realm className="fr.sedoo.test.TestJNDIRealm"
....
/>
It works very well to me, thus I hope it will help also other people.
Thank again to Guillaume,
Emanuele
--
Emanuele Lombardi
ENEA Casaccia
I-00123 Roma (RM)
tel. +39 0630483366
http://utmea.enea.it/people/lombardi
