Revision 1477
Added by Jing Tao about 21 years ago
| src/edu/ucsb/nceas/metacat/AuthLdap.java | ||
|---|---|---|
| 109 | 109 |
authenticated = ldapAuthenticate(identifier, password); |
| 110 | 110 |
// if not found, try looking up a valid DN then auth again |
| 111 | 111 |
if (!authenticated) {
|
| 112 |
MetaCatUtil.debugMessage("Looking up DN for: " + identifier);
|
|
| 112 |
MetaCatUtil.debugMessage("Looking up DN for: " + identifier, 35);
|
|
| 113 | 113 |
identifier = getIdentifyingName(identifier,ldapUrl,ldapBase); |
| 114 | 114 |
//System.out.println("identifier: "+identifier);
|
| 115 | 115 |
String refUrl = ""; |
| ... | ... | |
| 124 | 124 |
MetaCatUtil.debugMessage("Ref ldapBase: " + refBase);
|
| 125 | 125 |
identifier = identifier.substring( |
| 126 | 126 |
identifier.lastIndexOf("/")+1);
|
| 127 |
MetaCatUtil.debugMessage("Trying: " + identifier);
|
|
| 127 |
MetaCatUtil.debugMessage("Trying: " + identifier, 35);
|
|
| 128 | 128 |
authenticated = ldapAuthenticate(identifier, password, |
| 129 | 129 |
refUrl, refBase); |
| 130 | 130 |
} else {
|
| ... | ... | |
| 136 | 136 |
} |
| 137 | 137 |
|
| 138 | 138 |
} catch (NullPointerException e) {
|
| 139 |
util.debugMessage("NullPointerException b' password is null");
|
|
| 139 |
util.debugMessage("NullPointerException b' password is null", 30);
|
|
| 140 | 140 |
util.debugMessage("NullPointerException while authenticating in " +
|
| 141 |
"AuthLdap.authenticate: " + e); |
|
| 141 |
"AuthLdap.authenticate: " + e, 30);
|
|
| 142 | 142 |
throw new ConnectException( |
| 143 | 143 |
"NullPointerException while authenticating in " + |
| 144 | 144 |
"AuthLdap.authenticate: " + e); |
| 145 | 145 |
} catch (NamingException e) {
|
| 146 | 146 |
util.debugMessage("Naming exception while authenticating in " +
|
| 147 |
"AuthLdap.authenticate: " + e); |
|
| 147 |
"AuthLdap.authenticate: " + e, 30);
|
|
| 148 | 148 |
e.printStackTrace(); |
| 149 | 149 |
} catch (Exception e) {
|
| 150 |
util.debugMessage(e.getMessage()); |
|
| 150 |
util.debugMessage(e.getMessage(), 30);
|
|
| 151 | 151 |
} |
| 152 | 152 |
return authenticated; |
| 153 | 153 |
} |
| ... | ... | |
| 227 | 227 |
} |
| 228 | 228 |
catch (javax.naming.InvalidNameException ine) |
| 229 | 229 |
{
|
| 230 |
util.debugMessage("An invalid DN was provided!");
|
|
| 230 |
util.debugMessage("An invalid DN was provided!", 30);
|
|
| 231 | 231 |
} |
| 232 | 232 |
catch (javax.naming.ReferralException re) |
| 233 | 233 |
{
|
| 234 |
util.debugMessage("referral during authentication");
|
|
| 235 |
util.debugMessage("Referral information: "+re.getReferralInfo());
|
|
| 234 |
util.debugMessage("referral during authentication", 30);
|
|
| 235 |
util.debugMessage("Referral information: "+re.getReferralInfo(), 30);
|
|
| 236 | 236 |
try |
| 237 | 237 |
{
|
| 238 | 238 |
refExc = re; |
| ... | ... | |
| 261 | 261 |
} |
| 262 | 262 |
else |
| 263 | 263 |
{
|
| 264 |
util.debugMessage("User not found");
|
|
| 264 |
util.debugMessage("User not found", 30);
|
|
| 265 | 265 |
} |
| 266 | 266 |
double totStopTime = System.currentTimeMillis(); |
| 267 | 267 |
util.debugMessage("total ldap authentication time: " +
|
| 268 |
(totStopTime - totStartTime)/1000 + " seconds"); |
|
| 268 |
(totStopTime - totStartTime)/1000 + " seconds", 35);
|
|
| 269 | 269 |
return authenticated; |
| 270 | 270 |
} |
| 271 | 271 |
|
| ... | ... | |
| 288 | 288 |
Hashtable env = new Hashtable(11); |
| 289 | 289 |
env.put(Context.INITIAL_CONTEXT_FACTORY, |
| 290 | 290 |
"com.sun.jndi.ldap.LdapCtxFactory"); |
| 291 |
util.debugMessage("setting referrals to: " + referral);
|
|
| 291 |
util.debugMessage("setting referrals to: " + referral, 35);
|
|
| 292 | 292 |
env.put(Context.REFERRAL, referral); |
| 293 | 293 |
env.put(Context.PROVIDER_URL, ldapUrl + ldapBase); |
| 294 | 294 |
// non-secure LDAP context; dn are publicly readable |
| ... | ... | |
| 309 | 309 |
// This assumes a dn like "uid=x,o=y,dc=someinst,dc=org" |
| 310 | 310 |
int position = user.indexOf(",");
|
| 311 | 311 |
String comp1 = user.substring(0, position); |
| 312 |
MetaCatUtil.debugMessage("First comp is: " + comp1);
|
|
| 312 |
MetaCatUtil.debugMessage("First comp is: " + comp1, 35);
|
|
| 313 | 313 |
String comp2 = user.substring(position+1, |
| 314 | 314 |
user.indexOf(",", position+1));
|
| 315 |
MetaCatUtil.debugMessage("Second comp is: " + comp2);
|
|
| 315 |
MetaCatUtil.debugMessage("Second comp is: " + comp2, 35);
|
|
| 316 | 316 |
|
| 317 | 317 |
String filter = "(&(" + comp1 + ")(" + comp2 + "))";
|
| 318 |
MetaCatUtil.debugMessage("Filter is: " + filter);
|
|
| 319 |
MetaCatUtil.debugMessage("Provider URL is: " + ldapUrl + ldapBase);
|
|
| 318 |
MetaCatUtil.debugMessage("Filter is: " + filter, 35);
|
|
| 319 |
MetaCatUtil.debugMessage("Provider URL is: " + ldapUrl + ldapBase, 35);
|
|
| 320 | 320 |
NamingEnumeration answer; |
| 321 | 321 |
try {
|
| 322 | 322 |
answer = ctx.search("", filter, ctls);
|
| 323 | 323 |
if (answer.hasMore()) {
|
| 324 | 324 |
SearchResult sr = (SearchResult)answer.next(); |
| 325 | 325 |
identifier = sr.getName(); |
| 326 |
util.debugMessage("Originally Found: " + identifier);
|
|
| 326 |
util.debugMessage("Originally Found: " + identifier, 35);
|
|
| 327 | 327 |
return identifier; |
| 328 | 328 |
} |
| 329 | 329 |
} catch (InvalidSearchFilterException e) {}
|
| ... | ... | |
| 342 | 342 |
identifier = identifier.substring(identifier.lastIndexOf("/")+1,
|
| 343 | 343 |
identifier.indexOf(","));
|
| 344 | 344 |
} |
| 345 |
util.debugMessage("Found: " + identifier);
|
|
| 345 |
util.debugMessage("Found: " + identifier, 35);
|
|
| 346 | 346 |
return identifier; |
| 347 | 347 |
} |
| 348 | 348 |
} catch (InvalidSearchFilterException e) {}
|
| ... | ... | |
| 359 | 359 |
identifier = identifier.substring(identifier.lastIndexOf("/")+1,
|
| 360 | 360 |
identifier.indexOf(","));
|
| 361 | 361 |
} |
| 362 |
util.debugMessage("Found: " + identifier);
|
|
| 362 |
util.debugMessage("Found: " + identifier, 35);
|
|
| 363 | 363 |
} else {
|
| 364 | 364 |
|
| 365 | 365 |
// maybe its just a common name |
| ... | ... | |
| 375 | 375 |
identifier = identifier.substring(identifier.lastIndexOf("/")+1,
|
| 376 | 376 |
identifier.indexOf(","));
|
| 377 | 377 |
} |
| 378 |
util.debugMessage("Found: " + identifier);
|
|
| 378 |
util.debugMessage("Found: " + identifier, 35);
|
|
| 379 | 379 |
} else {
|
| 380 | 380 |
|
| 381 | 381 |
// ok, last resort, is it a surname? |
| ... | ... | |
| 391 | 391 |
identifier = identifier.substring(identifier.lastIndexOf("/")+1,
|
| 392 | 392 |
identifier.indexOf(","));
|
| 393 | 393 |
} |
| 394 |
util.debugMessage("Found: " + identifier);
|
|
| 394 |
util.debugMessage("Found: " + identifier, 35);
|
|
| 395 | 395 |
} |
| 396 | 396 |
} |
| 397 | 397 |
} |
| 398 | 398 |
// Close the context when we're done the initial search |
| 399 | 399 |
ctx.close(); |
| 400 | 400 |
} catch (NamingException e) {
|
| 401 |
util.debugMessage("Naming exception while getting dn: " + e);
|
|
| 401 |
util.debugMessage("Naming exception while getting dn: " + e, 35);
|
|
| 402 | 402 |
throw new NamingException( |
| 403 | 403 |
"Naming exception in AuthLdap.getIdentifyingName: " + e); |
| 404 | 404 |
} |
| ... | ... | |
| 448 | 448 |
} |
| 449 | 449 |
} catch (SizeLimitExceededException slee) {
|
| 450 | 450 |
util.debugMessage("LDAP Server size limit exceeded. " +
|
| 451 |
"Returning incomplete record set."); |
|
| 451 |
"Returning incomplete record set.", 35);
|
|
| 452 | 452 |
} |
| 453 | 453 |
|
| 454 | 454 |
// initialize users[]; fill users[] |
| ... | ... | |
| 461 | 461 |
ctx.close(); |
| 462 | 462 |
|
| 463 | 463 |
} catch (NamingException e) {
|
| 464 |
util.debugMessage("Problem getting users in AuthLdap.getUsers:" + e);
|
|
| 465 |
e.printStackTrace(System.err); |
|
| 464 |
util.debugMessage("Problem getting users in AuthLdap.getUsers:" + e, 35);
|
|
| 465 |
//e.printStackTrace(System.err);
|
|
| 466 | 466 |
throw new ConnectException( |
| 467 | 467 |
"Problem getting users in AuthLdap.getUsers:" + e); |
| 468 | 468 |
} |
| ... | ... | |
| 511 | 511 |
} |
| 512 | 512 |
} catch (SizeLimitExceededException slee) {
|
| 513 | 513 |
util.debugMessage("LDAP Server size limit exceeded. " +
|
| 514 |
"Returning incomplete record set."); |
|
| 514 |
"Returning incomplete record set.", 35);
|
|
| 515 | 515 |
} |
| 516 | 516 |
|
| 517 | 517 |
// initialize users[]; fill users[] |
| ... | ... | |
| 525 | 525 |
|
| 526 | 526 |
} catch (NamingException e) {
|
| 527 | 527 |
util.debugMessage("Problem getting users for a group in " +
|
| 528 |
"AuthLdap.getUsers:" + e); |
|
| 528 |
"AuthLdap.getUsers:" + e, 30);
|
|
| 529 | 529 |
throw new ConnectException( |
| 530 | 530 |
"Problem getting users for a group in AuthLdap.getUsers:" + e); |
| 531 | 531 |
} |
| ... | ... | |
| 585 | 585 |
} else {
|
| 586 | 586 |
filter = "(& " + gfilter + "(uniqueMember=" + foruser + "))"; |
| 587 | 587 |
} |
| 588 |
MetaCatUtil.debug("searching for groups: " + filter);
|
|
| 588 |
MetaCatUtil.debugMessage("searching for groups: " + filter, 35);
|
|
| 589 | 589 |
NamingEnumeration enum = ctx.search(ldapBase, filter, ctls); |
| 590 | 590 |
|
| 591 | 591 |
// Print the groups |
| 592 |
MetaCatUtil.debug("getting group results.");
|
|
| 592 |
MetaCatUtil.debugMessage("getting group results.");
|
|
| 593 | 593 |
while (enum.hasMore()) {
|
| 594 | 594 |
SearchResult sr = (SearchResult)enum.next(); |
| 595 | 595 |
uvec.add(sr.getName()+","+ldapBase); |
| 596 |
MetaCatUtil.debug("group " + sr.getName() + " added to Group vector");
|
|
| 596 |
MetaCatUtil.debugMessage("group " + sr.getName() +
|
|
| 597 |
" added to Group vector", 35); |
|
| 597 | 598 |
} |
| 598 | 599 |
// Close the context when we're done |
| 599 | 600 |
ctx.close(); |
| ... | ... | |
| 612 | 613 |
} |
| 613 | 614 |
catch(InterruptedException ie) |
| 614 | 615 |
{
|
| 615 |
MetaCatUtil.debug("main thread interrupted: " + ie.getMessage());
|
|
| 616 |
MetaCatUtil.debugMessage("main thread interrupted: " + ie.getMessage(), 30);
|
|
| 616 | 617 |
} |
| 617 | 618 |
//this is a manual override of jndi's hideously long time |
| 618 | 619 |
//out period. |
| 619 | 620 |
util.debugMessage("Awake after 5 seconds.");
|
| 620 | 621 |
if (referralContext == null) |
| 621 | 622 |
{
|
| 622 |
util.debug("thread timed out...returning groups: " + uvec.toString());
|
|
| 623 |
util.debugMessage("thread timed out...returning groups: " + uvec.toString(), 35);
|
|
| 623 | 624 |
String groups[] = new String[uvec.size()]; |
| 624 | 625 |
for(int i=0; i<uvec.size(); i++) |
| 625 | 626 |
{
|
| ... | ... | |
| 659 | 660 |
} |
| 660 | 661 |
catch(NamingException ne) |
| 661 | 662 |
{
|
| 662 |
MetaCatUtil.debug("Naming Exception in AuthLdap.getGroups");
|
|
| 663 |
MetaCatUtil.debugMessage("Naming Exception in AuthLdap.getGroups", 30);
|
|
| 663 | 664 |
} |
| 664 | 665 |
} catch (NamingException e) {
|
| 665 | 666 |
e.printStackTrace(System.err); |
| ... | ... | |
| 673 | 674 |
"Problem getting groups for a user in AuthLdap.getGroups:" + e);*/ |
| 674 | 675 |
} |
| 675 | 676 |
|
| 676 |
MetaCatUtil.debug("The user is in the following groups: " + uvec.toString());
|
|
| 677 |
MetaCatUtil.debugMessage("The user is in the following groups: " +
|
|
| 678 |
uvec.toString(), 35); |
|
| 677 | 679 |
String groups[] = new String[uvec.size()]; |
| 678 | 680 |
for(int i=0; i<uvec.size(); i++) |
| 679 | 681 |
{
|
| ... | ... | |
| 744 | 746 |
ctx.close(); |
| 745 | 747 |
} catch (NamingException e) {
|
| 746 | 748 |
util.debugMessage("Problem getting attributes in " +
|
| 747 |
"AuthLdap.getAttributes:" + e); |
|
| 749 |
"AuthLdap.getAttributes:" + e, 35);
|
|
| 748 | 750 |
throw new ConnectException( |
| 749 | 751 |
"Problem getting attributes in AuthLdap.getAttributes:" + e); |
| 750 | 752 |
} |
| ... | ... | |
| 825 | 827 |
|
| 826 | 828 |
} catch (NamingException e) {
|
| 827 | 829 |
util.debugMessage("Problem getting subtrees in AuthLdap.getSubtrees:"
|
| 828 |
+ e); |
|
| 830 |
+ e, 30);
|
|
| 829 | 831 |
throw new ConnectException( |
| 830 | 832 |
"Problem getting subtrees in AuthLdap.getSubtrees:" + e); |
| 831 | 833 |
} |
| ... | ... | |
| 911 | 913 |
String user = args[0]; |
| 912 | 914 |
String password = args[1]; |
| 913 | 915 |
|
| 914 |
MetaCatUtil.debugMessage("Creating session...");
|
|
| 916 |
MetaCatUtil.debugMessage("Creating session...", 20);
|
|
| 915 | 917 |
AuthLdap authservice = new AuthLdap(); |
| 916 |
MetaCatUtil.debugMessage("Session exists...");
|
|
| 918 |
MetaCatUtil.debugMessage("Session exists...", 20);
|
|
| 917 | 919 |
|
| 918 | 920 |
boolean isValid = false; |
| 919 | 921 |
try {
|
| 920 |
MetaCatUtil.debugMessage("Authenticating...");
|
|
| 922 |
MetaCatUtil.debugMessage("Authenticating...", 20);
|
|
| 921 | 923 |
isValid = authservice.authenticate(user, password); |
| 922 | 924 |
if (isValid) {
|
| 923 |
MetaCatUtil.debugMessage("Authentication successful for: " + user );
|
|
| 925 |
MetaCatUtil.debugMessage("Authentication successful for: " + user, 20 );
|
|
| 924 | 926 |
} else {
|
| 925 |
MetaCatUtil.debugMessage("Authentication failed for: " + user);
|
|
| 927 |
MetaCatUtil.debugMessage("Authentication failed for: " + user, 20);
|
|
| 926 | 928 |
} |
| 927 | 929 |
|
| 928 | 930 |
// Get attributes for the user |
| 929 | 931 |
if (isValid) {
|
| 930 |
MetaCatUtil.debugMessage("\nGetting attributes for user....");
|
|
| 932 |
MetaCatUtil.debugMessage("\nGetting attributes for user....", 20);
|
|
| 931 | 933 |
HashMap userInfo = authservice.getAttributes(user, password, user); |
| 932 | 934 |
// Print all of the attributes |
| 933 | 935 |
Iterator attList = (Iterator)(((Set)userInfo.keySet()).iterator()); |
| ... | ... | |
| 937 | 939 |
Iterator attvalues = values.iterator(); |
| 938 | 940 |
while (attvalues.hasNext()) {
|
| 939 | 941 |
String value = (String)attvalues.next(); |
| 940 |
MetaCatUtil.debugMessage(att + ": " + value); |
|
| 942 |
MetaCatUtil.debugMessage(att + ": " + value, 20);
|
|
| 941 | 943 |
} |
| 942 | 944 |
} |
| 943 | 945 |
} |
| 944 | 946 |
|
| 945 | 947 |
// get the groups |
| 946 | 948 |
if (isValid) {
|
| 947 |
MetaCatUtil.debugMessage("\nGetting all groups....");
|
|
| 949 |
MetaCatUtil.debugMessage("\nGetting all groups....", 20);
|
|
| 948 | 950 |
String[] groups = authservice.getGroups(user, password); |
| 949 |
MetaCatUtil.debugMessage("Groups found: " + groups.length);
|
|
| 951 |
MetaCatUtil.debugMessage("Groups found: " + groups.length, 20);
|
|
| 950 | 952 |
for (int i=0; i < groups.length; i++) {
|
| 951 |
MetaCatUtil.debugMessage("Group " + i + ": " + groups[i]);
|
|
| 953 |
MetaCatUtil.debugMessage("Group " + i + ": " + groups[i], 20);
|
|
| 952 | 954 |
} |
| 953 | 955 |
} |
| 954 | 956 |
|
| 955 | 957 |
// get the groups for the user |
| 956 | 958 |
String savedGroup = null; |
| 957 | 959 |
if (isValid) {
|
| 958 |
MetaCatUtil.debugMessage("\nGetting groups for user....");
|
|
| 960 |
MetaCatUtil.debugMessage("\nGetting groups for user....", 20);
|
|
| 959 | 961 |
String[] groups = authservice.getGroups(user, password, user); |
| 960 |
MetaCatUtil.debugMessage("Groups found: " + groups.length);
|
|
| 962 |
MetaCatUtil.debugMessage("Groups found: " + groups.length, 20);
|
|
| 961 | 963 |
for (int i=0; i < groups.length; i++) {
|
| 962 |
MetaCatUtil.debugMessage("Group " + i + ": " + groups[i]);
|
|
| 964 |
MetaCatUtil.debugMessage("Group " + i + ": " + groups[i], 20);
|
|
| 963 | 965 |
savedGroup = groups[i]; |
| 964 | 966 |
} |
| 965 | 967 |
} |
| 966 | 968 |
|
| 967 | 969 |
// get the users for a group |
| 968 | 970 |
if (isValid) {
|
| 969 |
MetaCatUtil.debugMessage("\nGetting users for group....");
|
|
| 970 |
MetaCatUtil.debugMessage("Group: " + savedGroup);
|
|
| 971 |
MetaCatUtil.debugMessage("\nGetting users for group....", 20);
|
|
| 972 |
MetaCatUtil.debugMessage("Group: " + savedGroup, 20);
|
|
| 971 | 973 |
String[] users = authservice.getUsers(user, password, savedGroup); |
| 972 |
MetaCatUtil.debugMessage("Users found: " + users.length);
|
|
| 974 |
MetaCatUtil.debugMessage("Users found: " + users.length, 20);
|
|
| 973 | 975 |
for (int i=0; i < users.length; i++) {
|
| 974 |
MetaCatUtil.debugMessage("User " + i + ": " + users[i]);
|
|
| 976 |
MetaCatUtil.debugMessage("User " + i + ": " + users[i], 20);
|
|
| 975 | 977 |
} |
| 976 | 978 |
} |
| 977 | 979 |
|
Also available in: Unified diff
Change the debug message.