Revision 1477
Added by Jing Tao almost 22 years ago
src/edu/ucsb/nceas/metacat/AuthLdap.java | ||
---|---|---|
109 | 109 |
authenticated = ldapAuthenticate(identifier, password); |
110 | 110 |
// if not found, try looking up a valid DN then auth again |
111 | 111 |
if (!authenticated) { |
112 |
MetaCatUtil.debugMessage("Looking up DN for: " + identifier); |
|
112 |
MetaCatUtil.debugMessage("Looking up DN for: " + identifier, 35);
|
|
113 | 113 |
identifier = getIdentifyingName(identifier,ldapUrl,ldapBase); |
114 | 114 |
//System.out.println("identifier: "+identifier); |
115 | 115 |
String refUrl = ""; |
... | ... | |
124 | 124 |
MetaCatUtil.debugMessage("Ref ldapBase: " + refBase); |
125 | 125 |
identifier = identifier.substring( |
126 | 126 |
identifier.lastIndexOf("/")+1); |
127 |
MetaCatUtil.debugMessage("Trying: " + identifier); |
|
127 |
MetaCatUtil.debugMessage("Trying: " + identifier, 35);
|
|
128 | 128 |
authenticated = ldapAuthenticate(identifier, password, |
129 | 129 |
refUrl, refBase); |
130 | 130 |
} else { |
... | ... | |
136 | 136 |
} |
137 | 137 |
|
138 | 138 |
} catch (NullPointerException e) { |
139 |
util.debugMessage("NullPointerException b' password is null"); |
|
139 |
util.debugMessage("NullPointerException b' password is null", 30);
|
|
140 | 140 |
util.debugMessage("NullPointerException while authenticating in " + |
141 |
"AuthLdap.authenticate: " + e); |
|
141 |
"AuthLdap.authenticate: " + e, 30);
|
|
142 | 142 |
throw new ConnectException( |
143 | 143 |
"NullPointerException while authenticating in " + |
144 | 144 |
"AuthLdap.authenticate: " + e); |
145 | 145 |
} catch (NamingException e) { |
146 | 146 |
util.debugMessage("Naming exception while authenticating in " + |
147 |
"AuthLdap.authenticate: " + e); |
|
147 |
"AuthLdap.authenticate: " + e, 30);
|
|
148 | 148 |
e.printStackTrace(); |
149 | 149 |
} catch (Exception e) { |
150 |
util.debugMessage(e.getMessage()); |
|
150 |
util.debugMessage(e.getMessage(), 30);
|
|
151 | 151 |
} |
152 | 152 |
return authenticated; |
153 | 153 |
} |
... | ... | |
227 | 227 |
} |
228 | 228 |
catch (javax.naming.InvalidNameException ine) |
229 | 229 |
{ |
230 |
util.debugMessage("An invalid DN was provided!"); |
|
230 |
util.debugMessage("An invalid DN was provided!", 30);
|
|
231 | 231 |
} |
232 | 232 |
catch (javax.naming.ReferralException re) |
233 | 233 |
{ |
234 |
util.debugMessage("referral during authentication"); |
|
235 |
util.debugMessage("Referral information: "+re.getReferralInfo()); |
|
234 |
util.debugMessage("referral during authentication", 30);
|
|
235 |
util.debugMessage("Referral information: "+re.getReferralInfo(), 30);
|
|
236 | 236 |
try |
237 | 237 |
{ |
238 | 238 |
refExc = re; |
... | ... | |
261 | 261 |
} |
262 | 262 |
else |
263 | 263 |
{ |
264 |
util.debugMessage("User not found"); |
|
264 |
util.debugMessage("User not found", 30);
|
|
265 | 265 |
} |
266 | 266 |
double totStopTime = System.currentTimeMillis(); |
267 | 267 |
util.debugMessage("total ldap authentication time: " + |
268 |
(totStopTime - totStartTime)/1000 + " seconds"); |
|
268 |
(totStopTime - totStartTime)/1000 + " seconds", 35);
|
|
269 | 269 |
return authenticated; |
270 | 270 |
} |
271 | 271 |
|
... | ... | |
288 | 288 |
Hashtable env = new Hashtable(11); |
289 | 289 |
env.put(Context.INITIAL_CONTEXT_FACTORY, |
290 | 290 |
"com.sun.jndi.ldap.LdapCtxFactory"); |
291 |
util.debugMessage("setting referrals to: " + referral); |
|
291 |
util.debugMessage("setting referrals to: " + referral, 35);
|
|
292 | 292 |
env.put(Context.REFERRAL, referral); |
293 | 293 |
env.put(Context.PROVIDER_URL, ldapUrl + ldapBase); |
294 | 294 |
// non-secure LDAP context; dn are publicly readable |
... | ... | |
309 | 309 |
// This assumes a dn like "uid=x,o=y,dc=someinst,dc=org" |
310 | 310 |
int position = user.indexOf(","); |
311 | 311 |
String comp1 = user.substring(0, position); |
312 |
MetaCatUtil.debugMessage("First comp is: " + comp1); |
|
312 |
MetaCatUtil.debugMessage("First comp is: " + comp1, 35);
|
|
313 | 313 |
String comp2 = user.substring(position+1, |
314 | 314 |
user.indexOf(",", position+1)); |
315 |
MetaCatUtil.debugMessage("Second comp is: " + comp2); |
|
315 |
MetaCatUtil.debugMessage("Second comp is: " + comp2, 35);
|
|
316 | 316 |
|
317 | 317 |
String filter = "(&(" + comp1 + ")(" + comp2 + "))"; |
318 |
MetaCatUtil.debugMessage("Filter is: " + filter); |
|
319 |
MetaCatUtil.debugMessage("Provider URL is: " + ldapUrl + ldapBase); |
|
318 |
MetaCatUtil.debugMessage("Filter is: " + filter, 35);
|
|
319 |
MetaCatUtil.debugMessage("Provider URL is: " + ldapUrl + ldapBase, 35);
|
|
320 | 320 |
NamingEnumeration answer; |
321 | 321 |
try { |
322 | 322 |
answer = ctx.search("", filter, ctls); |
323 | 323 |
if (answer.hasMore()) { |
324 | 324 |
SearchResult sr = (SearchResult)answer.next(); |
325 | 325 |
identifier = sr.getName(); |
326 |
util.debugMessage("Originally Found: " + identifier); |
|
326 |
util.debugMessage("Originally Found: " + identifier, 35);
|
|
327 | 327 |
return identifier; |
328 | 328 |
} |
329 | 329 |
} catch (InvalidSearchFilterException e) {} |
... | ... | |
342 | 342 |
identifier = identifier.substring(identifier.lastIndexOf("/")+1, |
343 | 343 |
identifier.indexOf(",")); |
344 | 344 |
} |
345 |
util.debugMessage("Found: " + identifier); |
|
345 |
util.debugMessage("Found: " + identifier, 35);
|
|
346 | 346 |
return identifier; |
347 | 347 |
} |
348 | 348 |
} catch (InvalidSearchFilterException e) {} |
... | ... | |
359 | 359 |
identifier = identifier.substring(identifier.lastIndexOf("/")+1, |
360 | 360 |
identifier.indexOf(",")); |
361 | 361 |
} |
362 |
util.debugMessage("Found: " + identifier); |
|
362 |
util.debugMessage("Found: " + identifier, 35);
|
|
363 | 363 |
} else { |
364 | 364 |
|
365 | 365 |
// maybe its just a common name |
... | ... | |
375 | 375 |
identifier = identifier.substring(identifier.lastIndexOf("/")+1, |
376 | 376 |
identifier.indexOf(",")); |
377 | 377 |
} |
378 |
util.debugMessage("Found: " + identifier); |
|
378 |
util.debugMessage("Found: " + identifier, 35);
|
|
379 | 379 |
} else { |
380 | 380 |
|
381 | 381 |
// ok, last resort, is it a surname? |
... | ... | |
391 | 391 |
identifier = identifier.substring(identifier.lastIndexOf("/")+1, |
392 | 392 |
identifier.indexOf(",")); |
393 | 393 |
} |
394 |
util.debugMessage("Found: " + identifier); |
|
394 |
util.debugMessage("Found: " + identifier, 35);
|
|
395 | 395 |
} |
396 | 396 |
} |
397 | 397 |
} |
398 | 398 |
// Close the context when we're done the initial search |
399 | 399 |
ctx.close(); |
400 | 400 |
} catch (NamingException e) { |
401 |
util.debugMessage("Naming exception while getting dn: " + e); |
|
401 |
util.debugMessage("Naming exception while getting dn: " + e, 35);
|
|
402 | 402 |
throw new NamingException( |
403 | 403 |
"Naming exception in AuthLdap.getIdentifyingName: " + e); |
404 | 404 |
} |
... | ... | |
448 | 448 |
} |
449 | 449 |
} catch (SizeLimitExceededException slee) { |
450 | 450 |
util.debugMessage("LDAP Server size limit exceeded. " + |
451 |
"Returning incomplete record set."); |
|
451 |
"Returning incomplete record set.", 35);
|
|
452 | 452 |
} |
453 | 453 |
|
454 | 454 |
// initialize users[]; fill users[] |
... | ... | |
461 | 461 |
ctx.close(); |
462 | 462 |
|
463 | 463 |
} catch (NamingException e) { |
464 |
util.debugMessage("Problem getting users in AuthLdap.getUsers:" + e); |
|
465 |
e.printStackTrace(System.err); |
|
464 |
util.debugMessage("Problem getting users in AuthLdap.getUsers:" + e, 35);
|
|
465 |
//e.printStackTrace(System.err);
|
|
466 | 466 |
throw new ConnectException( |
467 | 467 |
"Problem getting users in AuthLdap.getUsers:" + e); |
468 | 468 |
} |
... | ... | |
511 | 511 |
} |
512 | 512 |
} catch (SizeLimitExceededException slee) { |
513 | 513 |
util.debugMessage("LDAP Server size limit exceeded. " + |
514 |
"Returning incomplete record set."); |
|
514 |
"Returning incomplete record set.", 35);
|
|
515 | 515 |
} |
516 | 516 |
|
517 | 517 |
// initialize users[]; fill users[] |
... | ... | |
525 | 525 |
|
526 | 526 |
} catch (NamingException e) { |
527 | 527 |
util.debugMessage("Problem getting users for a group in " + |
528 |
"AuthLdap.getUsers:" + e); |
|
528 |
"AuthLdap.getUsers:" + e, 30);
|
|
529 | 529 |
throw new ConnectException( |
530 | 530 |
"Problem getting users for a group in AuthLdap.getUsers:" + e); |
531 | 531 |
} |
... | ... | |
585 | 585 |
} else { |
586 | 586 |
filter = "(& " + gfilter + "(uniqueMember=" + foruser + "))"; |
587 | 587 |
} |
588 |
MetaCatUtil.debug("searching for groups: " + filter);
|
|
588 |
MetaCatUtil.debugMessage("searching for groups: " + filter, 35);
|
|
589 | 589 |
NamingEnumeration enum = ctx.search(ldapBase, filter, ctls); |
590 | 590 |
|
591 | 591 |
// Print the groups |
592 |
MetaCatUtil.debug("getting group results."); |
|
592 |
MetaCatUtil.debugMessage("getting group results.");
|
|
593 | 593 |
while (enum.hasMore()) { |
594 | 594 |
SearchResult sr = (SearchResult)enum.next(); |
595 | 595 |
uvec.add(sr.getName()+","+ldapBase); |
596 |
MetaCatUtil.debug("group " + sr.getName() + " added to Group vector"); |
|
596 |
MetaCatUtil.debugMessage("group " + sr.getName() + |
|
597 |
" added to Group vector", 35); |
|
597 | 598 |
} |
598 | 599 |
// Close the context when we're done |
599 | 600 |
ctx.close(); |
... | ... | |
612 | 613 |
} |
613 | 614 |
catch(InterruptedException ie) |
614 | 615 |
{ |
615 |
MetaCatUtil.debug("main thread interrupted: " + ie.getMessage());
|
|
616 |
MetaCatUtil.debugMessage("main thread interrupted: " + ie.getMessage(), 30);
|
|
616 | 617 |
} |
617 | 618 |
//this is a manual override of jndi's hideously long time |
618 | 619 |
//out period. |
619 | 620 |
util.debugMessage("Awake after 5 seconds."); |
620 | 621 |
if (referralContext == null) |
621 | 622 |
{ |
622 |
util.debug("thread timed out...returning groups: " + uvec.toString());
|
|
623 |
util.debugMessage("thread timed out...returning groups: " + uvec.toString(), 35);
|
|
623 | 624 |
String groups[] = new String[uvec.size()]; |
624 | 625 |
for(int i=0; i<uvec.size(); i++) |
625 | 626 |
{ |
... | ... | |
659 | 660 |
} |
660 | 661 |
catch(NamingException ne) |
661 | 662 |
{ |
662 |
MetaCatUtil.debug("Naming Exception in AuthLdap.getGroups");
|
|
663 |
MetaCatUtil.debugMessage("Naming Exception in AuthLdap.getGroups", 30);
|
|
663 | 664 |
} |
664 | 665 |
} catch (NamingException e) { |
665 | 666 |
e.printStackTrace(System.err); |
... | ... | |
673 | 674 |
"Problem getting groups for a user in AuthLdap.getGroups:" + e);*/ |
674 | 675 |
} |
675 | 676 |
|
676 |
MetaCatUtil.debug("The user is in the following groups: " + uvec.toString()); |
|
677 |
MetaCatUtil.debugMessage("The user is in the following groups: " + |
|
678 |
uvec.toString(), 35); |
|
677 | 679 |
String groups[] = new String[uvec.size()]; |
678 | 680 |
for(int i=0; i<uvec.size(); i++) |
679 | 681 |
{ |
... | ... | |
744 | 746 |
ctx.close(); |
745 | 747 |
} catch (NamingException e) { |
746 | 748 |
util.debugMessage("Problem getting attributes in " + |
747 |
"AuthLdap.getAttributes:" + e); |
|
749 |
"AuthLdap.getAttributes:" + e, 35);
|
|
748 | 750 |
throw new ConnectException( |
749 | 751 |
"Problem getting attributes in AuthLdap.getAttributes:" + e); |
750 | 752 |
} |
... | ... | |
825 | 827 |
|
826 | 828 |
} catch (NamingException e) { |
827 | 829 |
util.debugMessage("Problem getting subtrees in AuthLdap.getSubtrees:" |
828 |
+ e); |
|
830 |
+ e, 30);
|
|
829 | 831 |
throw new ConnectException( |
830 | 832 |
"Problem getting subtrees in AuthLdap.getSubtrees:" + e); |
831 | 833 |
} |
... | ... | |
911 | 913 |
String user = args[0]; |
912 | 914 |
String password = args[1]; |
913 | 915 |
|
914 |
MetaCatUtil.debugMessage("Creating session..."); |
|
916 |
MetaCatUtil.debugMessage("Creating session...", 20);
|
|
915 | 917 |
AuthLdap authservice = new AuthLdap(); |
916 |
MetaCatUtil.debugMessage("Session exists..."); |
|
918 |
MetaCatUtil.debugMessage("Session exists...", 20);
|
|
917 | 919 |
|
918 | 920 |
boolean isValid = false; |
919 | 921 |
try { |
920 |
MetaCatUtil.debugMessage("Authenticating..."); |
|
922 |
MetaCatUtil.debugMessage("Authenticating...", 20);
|
|
921 | 923 |
isValid = authservice.authenticate(user, password); |
922 | 924 |
if (isValid) { |
923 |
MetaCatUtil.debugMessage("Authentication successful for: " + user ); |
|
925 |
MetaCatUtil.debugMessage("Authentication successful for: " + user, 20 );
|
|
924 | 926 |
} else { |
925 |
MetaCatUtil.debugMessage("Authentication failed for: " + user); |
|
927 |
MetaCatUtil.debugMessage("Authentication failed for: " + user, 20);
|
|
926 | 928 |
} |
927 | 929 |
|
928 | 930 |
// Get attributes for the user |
929 | 931 |
if (isValid) { |
930 |
MetaCatUtil.debugMessage("\nGetting attributes for user...."); |
|
932 |
MetaCatUtil.debugMessage("\nGetting attributes for user....", 20);
|
|
931 | 933 |
HashMap userInfo = authservice.getAttributes(user, password, user); |
932 | 934 |
// Print all of the attributes |
933 | 935 |
Iterator attList = (Iterator)(((Set)userInfo.keySet()).iterator()); |
... | ... | |
937 | 939 |
Iterator attvalues = values.iterator(); |
938 | 940 |
while (attvalues.hasNext()) { |
939 | 941 |
String value = (String)attvalues.next(); |
940 |
MetaCatUtil.debugMessage(att + ": " + value); |
|
942 |
MetaCatUtil.debugMessage(att + ": " + value, 20);
|
|
941 | 943 |
} |
942 | 944 |
} |
943 | 945 |
} |
944 | 946 |
|
945 | 947 |
// get the groups |
946 | 948 |
if (isValid) { |
947 |
MetaCatUtil.debugMessage("\nGetting all groups...."); |
|
949 |
MetaCatUtil.debugMessage("\nGetting all groups....", 20);
|
|
948 | 950 |
String[] groups = authservice.getGroups(user, password); |
949 |
MetaCatUtil.debugMessage("Groups found: " + groups.length); |
|
951 |
MetaCatUtil.debugMessage("Groups found: " + groups.length, 20);
|
|
950 | 952 |
for (int i=0; i < groups.length; i++) { |
951 |
MetaCatUtil.debugMessage("Group " + i + ": " + groups[i]); |
|
953 |
MetaCatUtil.debugMessage("Group " + i + ": " + groups[i], 20);
|
|
952 | 954 |
} |
953 | 955 |
} |
954 | 956 |
|
955 | 957 |
// get the groups for the user |
956 | 958 |
String savedGroup = null; |
957 | 959 |
if (isValid) { |
958 |
MetaCatUtil.debugMessage("\nGetting groups for user...."); |
|
960 |
MetaCatUtil.debugMessage("\nGetting groups for user....", 20);
|
|
959 | 961 |
String[] groups = authservice.getGroups(user, password, user); |
960 |
MetaCatUtil.debugMessage("Groups found: " + groups.length); |
|
962 |
MetaCatUtil.debugMessage("Groups found: " + groups.length, 20);
|
|
961 | 963 |
for (int i=0; i < groups.length; i++) { |
962 |
MetaCatUtil.debugMessage("Group " + i + ": " + groups[i]); |
|
964 |
MetaCatUtil.debugMessage("Group " + i + ": " + groups[i], 20);
|
|
963 | 965 |
savedGroup = groups[i]; |
964 | 966 |
} |
965 | 967 |
} |
966 | 968 |
|
967 | 969 |
// get the users for a group |
968 | 970 |
if (isValid) { |
969 |
MetaCatUtil.debugMessage("\nGetting users for group...."); |
|
970 |
MetaCatUtil.debugMessage("Group: " + savedGroup); |
|
971 |
MetaCatUtil.debugMessage("\nGetting users for group....", 20);
|
|
972 |
MetaCatUtil.debugMessage("Group: " + savedGroup, 20);
|
|
971 | 973 |
String[] users = authservice.getUsers(user, password, savedGroup); |
972 |
MetaCatUtil.debugMessage("Users found: " + users.length); |
|
974 |
MetaCatUtil.debugMessage("Users found: " + users.length, 20);
|
|
973 | 975 |
for (int i=0; i < users.length; i++) { |
974 |
MetaCatUtil.debugMessage("User " + i + ": " + users[i]); |
|
976 |
MetaCatUtil.debugMessage("User " + i + ": " + users[i], 20);
|
|
975 | 977 |
} |
976 | 978 |
} |
977 | 979 |
|
Also available in: Unified diff
Change the debug message.