|
|||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.apache.directory.server.core.authn.AuthenticationService.TrustedPrincipalWrapper
FIXME This doesn't secure anything actually. Created this wrapper to pass to ctx.setPrincipal() which is public for added security. This adds more security because an instance of this class is not easily accessible whereas LdapPrincipals can be accessed easily from a context althought they cannot be instantiated outside of the authn package. Malicious code may not be able to set the principal to what they would like but they could switch existing principals using the now public ServerContext.setPrincipal() method. To avoid this we make sure that this metho takes a TrustedPrincipalWrapper as opposed to the LdapPrincipal. Only this service can create and call setPrincipal with a TrustedPrincipalWrapper.
Method Summary | |
LdapPrincipal |
getPrincipal()
Gets the LdapPrincipal this TrustedPrincipalWrapper wraps. |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Method Detail |
public LdapPrincipal getPrincipal()
|
|||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |