Due to the current gap in continued funding from the U.S. National Science Foundation (NSF), the NSF Unidata Program Center has temporarily paused most operations. See NSF Unidata Pause in Most Operations for details.
Due to the current gap in continued funding from the U.S. National Science Foundation (NSF), the NSF Unidata Program Center has temporarily paused most operations. See NSF Unidata Pause in Most Operations for details.
PROBLEM: TDS files can't be accessed by openDAP clients (cdo, ferret, ncdump, ...) when TDS uses JNDIrealm to verify users credentials and the LDAP server identifies users by email address. WHAT HAPPENS: We know URLs use the @ (at sign) to indicate the server and we also know in openDAP username and password must be part of the URL http://username:password@server:port/thredds/dodsC/mydir/myfile.nc When the username or the password contain @ (at sign) it must be replaced by a %40 not to indicate the server. But such %40 are passed unchanged by JNDIrealm to the LDAP server which never authenticate anybody since in its database it has the @ sign and not the %40 . SOLUTION: Mr. Guillaume Brissebrat gave me a solution to the above problem, and I'm glad to share it with the THREDDS community. 1) Create a jar with the following code and put it in TOMCAT/lib package fr.sedoo.test; import java.net.URLDecoder; import java.security.Principal; import org.apache.catalina.realm.JNDIRealm; public class TestJNDIRealm extends JNDIRealm { @Override public Principal authenticate(String username, String password) { try{ username = URLDecoder.decode(username,"UTF-8"); }catch(Exception e){ e.printStackTrace(); } return super.authenticate(username, password); } } 2) In server.xml use the new Realm <Realm className="fr.sedoo.test.TestJNDIRealm" .... /> It works very well to me, thus I hope it will help also other people. Thank again to Guillaume, Emanuele -- Emanuele Lombardi ENEA Casaccia I-00123 Roma (RM) tel. +39 0630483366 http://utmea.enea.it/people/lombardi
thredds archives: