NOTICE: This version of the NSF Unidata web site (archive.unidata.ucar.edu) is no longer being updated.
Current content can be found at unidata.ucar.edu.
To learn about what's going on, see About the Archive Site.
NOTICE: This version of the NSF Unidata web site (archive.unidata.ucar.edu) is no longer being updated.
Current content can be found at unidata.ucar.edu.
To learn about what's going on, see About the Archive Site.
PROBLEM: TDS files can't be accessed by openDAP clients (cdo, ferret, ncdump, ...) when TDS uses JNDIrealm to verify users credentials and the LDAP server identifies users by email address. WHAT HAPPENS: We know URLs use the @ (at sign) to indicate the server and we also know in openDAP username and password must be part of the URL http://username:password@server:port/thredds/dodsC/mydir/myfile.nc When the username or the password contain @ (at sign) it must be replaced by a %40 not to indicate the server. But such %40 are passed unchanged by JNDIrealm to the LDAP server which never authenticate anybody since in its database it has the @ sign and not the %40 . SOLUTION: Mr. Guillaume Brissebrat gave me a solution to the above problem, and I'm glad to share it with the THREDDS community. 1) Create a jar with the following code and put it in TOMCAT/lib package fr.sedoo.test; import java.net.URLDecoder; import java.security.Principal; import org.apache.catalina.realm.JNDIRealm; public class TestJNDIRealm extends JNDIRealm { @Override public Principal authenticate(String username, String password) { try{ username = URLDecoder.decode(username,"UTF-8"); }catch(Exception e){ e.printStackTrace(); } return super.authenticate(username, password); } } 2) In server.xml use the new Realm <Realm className="fr.sedoo.test.TestJNDIRealm" .... /> It works very well to me, thus I hope it will help also other people. Thank again to Guillaume, Emanuele -- Emanuele Lombardi ENEA Casaccia I-00123 Roma (RM) tel. +39 0630483366 http://utmea.enea.it/people/lombardi
thredds archives: