Project

General

Profile

« Previous | Next » 

Revision 1988

Added by Matt Jones about 20 years ago

Modified LDAP authentication to support a lookup for the NRS system. If
the auth on the provided string fails as a DN, try to look up a new
DN based on the UID. If we get a match, use that DN for auth and see
if that works. This allows us to use a referral within the
dc=ecoinformatics,dc=org tree to point at distinguished names that are
rooted in another tree (such as ou=People,o=ucnrs.org).

View differences:

src/edu/ucsb/nceas/metacat/AuthLdap.java
47 47
import javax.naming.directory.SearchControls;
48 48
import javax.naming.ReferralException;
49 49
import javax.naming.ldap.*;
50
import java.net.URLDecoder;
50 51
import java.util.Iterator;
51 52
import java.util.HashMap;
52 53
import java.util.Hashtable;
......
72 73
  private String userName;
73 74
  private String userPassword;
74 75
  ReferralException refExc;
75
  String uid=null;
76
  //String uid=null;
76 77

  
77 78
  /** 
78 79
   * Construct an AuthLdap
......
102 103
    boolean authenticated = false;
103 104
    String identifier = user;
104 105
    //get uid here.
105
    uid=user.substring(0, user.indexOf(","));
106
    //uid=user.substring(0, user.indexOf(","));
106 107
  
107 108
    try {
108 109
        // Check the usename as passed in
......
111 112
        if (!authenticated) {
112 113
            MetaCatUtil.debugMessage("Looking up DN for: " + identifier, 35);
113 114
            identifier = getIdentifyingName(identifier,ldapUrl,ldapBase);
114
            //System.out.println("identifier: "+identifier);
115
            MetaCatUtil.debugMessage("DN found: " + identifier, 35);
116
            String decoded = URLDecoder.decode(identifier);
117
            MetaCatUtil.debugMessage("DN decoded: " + decoded, 35);
118
            identifier = decoded;
115 119
            String refUrl = "";
116 120
            String refBase = "";
117 121
            if (identifier.startsWith("ldap")) {
......
179 183
  {
180 184
    double totStartTime = System.currentTimeMillis();
181 185
    boolean authenticated = false;
182
    if (identifier != null && !password.equals("")) 
183
    {
186
    if (identifier != null && !password.equals("")) {
184 187
    
185 188
        //Pass the username and password to run() method
186 189
        userName=identifier;
......
191 194
              "com.sun.jndi.ldap.LdapCtxFactory");
192 195
        env.put(Context.REFERRAL, "throw");
193 196
        env.put(Context.PROVIDER_URL, directoryUrl + searchBase);
194
        if ( !ldapsUrl.equals(ldapUrl) ) 
195
        {
197
        util.debugMessage("PROVIDER_URL set to: " + directoryUrl + searchBase, 35);
198
        if ( !ldapsUrl.equals(ldapUrl) ) {
196 199
          // ldap is set on default port 389
197 200
          // ldaps is set on second port - 636 by default
198 201
          //env.put(Context.SECURITY_PROTOCOL, "ssl");
......
202 205
        env.put(Context.SECURITY_CREDENTIALS, password);
203 206
        // If our auth credentials are invalid, an exception will be thrown
204 207
        DirContext ctx = null;
205
        try 
206
        {
208
        try {
207 209
          double startTime = System.currentTimeMillis();
208
          //Here to check the autheration
210
          //Here to check the authorization
209 211
          ctx = new InitialDirContext(env);
210 212
          double stopTime = System.currentTimeMillis();
211 213
          util.debugMessage("Connection time thru " + ldapsUrl + " was: " +
......
216 218
          this.ldapUrl = ldapUrl;
217 219
          this.ldapBase = ldapBase;
218 220
          //break;
219
        } 
220
        catch (AuthenticationException ae) 
221
        {
221
        } catch (AuthenticationException ae) {
222 222
          authenticated = false;
223
          if ( ctx != null ) 
224
          {
223
          if ( ctx != null ) {
225 224
            ctx.close();
226 225
          }
227
        } 
228
        catch (javax.naming.InvalidNameException ine) 
229
        {
226
        } catch (javax.naming.InvalidNameException ine) {
230 227
            util.debugMessage("An invalid DN was provided!", 30);
231
        } 
232
        catch (javax.naming.ReferralException re) 
233
        {
228
        } catch (javax.naming.ReferralException re) {
234 229
          util.debugMessage("referral during authentication", 30);
235 230
          util.debugMessage("Referral information: "+re.getReferralInfo(), 30);
236
          try
237
          {
231
          try {
238 232
            refExc = re;
239 233

  
240 234
            Thread t = new Thread(this);
......
242 236
            Thread.sleep(5000); //this is a manual override of ldap's 
243 237
                                //hideously long time out period.
244 238
            util.debugMessage("Awake after 5 seconds.", 35);
245
            if (referralContext == null)
246
            {
239
            if (referralContext == null) {
247 240
              t.interrupt();
248 241
              authenticated = false;
249
            }
250
            else
251
            {
242
            } else {
252 243
              authenticated = true;
253

  
254 244
            }
255
          }
256
          catch (Exception e)
257
          {
245
          } catch (Exception e) {
258 246
            authenticated = false;
259 247
          }
260 248
        }
261
    } 
262
    else 
263
    { 
249
    } else { 
264 250
        util.debugMessage("User not found", 30);
265 251
    }
266 252
    double totStopTime = System.currentTimeMillis();
......
314 300
                                    user.indexOf(",", position+1));
315 301
      MetaCatUtil.debugMessage("Second comp is: " + comp2, 35);
316 302

  
317
      String filter = "(&(" + comp1 + ")(" + comp2 + "))";
303
      String filter = "(&(" + comp1 + "))";
304
      //String filter = "(&(" + comp1 + ")(" + comp2 + "))";
318 305
      MetaCatUtil.debugMessage("Filter is: " + filter, 35);
319 306
      MetaCatUtil.debugMessage("Provider URL is: " + ldapUrl + ldapBase, 35);
320 307
      NamingEnumeration answer;
321 308
      try {
309
        util.debugMessage("Trying search 1: " + filter, 35);
322 310
        answer = ctx.search("", filter, ctls);
311
        util.debugMessage("Search 1 complete", 35);
312
        if (answer == null) {
313
            util.debugMessage("Search 1 answer is null.", 35);
314
        }
323 315
        if (answer.hasMore()) {
316
          util.debugMessage("Search 1 has answers.", 35);
324 317
          SearchResult sr = (SearchResult)answer.next();
325 318
          identifier = sr.getName();
326 319
          util.debugMessage("Originally Found: " + identifier, 35);
327 320
          return identifier;
328 321
        }
329
      } catch (InvalidSearchFilterException e) {}
322
      } catch (InvalidSearchFilterException e) {
323
          util.debugMessage("Invalid Filter exception thrown (if1)", 35);
324
      }
330 325

  
331 326
      // That failed, so check if it is just a username
332 327
      filter = "(" + user + ")";
333 328
      try {
329
        MetaCatUtil.debugMessage("Trying again: " + filter, 35);
334 330
        answer = ctx.search("", filter, ctls);
335 331
        if (answer.hasMore()) {
336 332
          SearchResult sr = (SearchResult)answer.next();
......
349 345

  
350 346
      // Maybe its a user id (uid)
351 347
      filter = "(uid=" + user + ")";
348
      MetaCatUtil.debugMessage("Trying again: " + filter, 35);
352 349
      answer = ctx.search("", filter, ctls);
353 350
      if (answer.hasMore()) {
354 351
        SearchResult sr = (SearchResult)answer.next();
......
364 361

  
365 362
        // maybe its just a common name
366 363
        filter = "(cn=" + user + ")";
364
        MetaCatUtil.debugMessage("Trying again: " + filter, 35);
367 365
        NamingEnumeration answer2 = ctx.search("", filter, ctls);
368 366
        if (answer2.hasMore()) {
369 367
          SearchResult sr = (SearchResult)answer2.next();
......
380 378

  
381 379
          // ok, last resort, is it a surname?
382 380
          filter = "(sn=" + user + ")";
381
          MetaCatUtil.debugMessage("Trying again: " + filter, 35);
383 382
          NamingEnumeration answer3 = ctx.search("", filter, ctls);
384 383
          if (answer3.hasMore()) {
385 384
            SearchResult sr = (SearchResult)answer3.next();
......
402 401
      throw new NamingException(
403 402
      "Naming exception in AuthLdap.getIdentifyingName: " + e);
404 403
    }
404
    MetaCatUtil.debugMessage("Returning found identifier as: " + identifier, 35);
405 405
    return identifier;
406 406
  }
407 407

  
......
1025 1025
      {  
1026 1026
        //revise environment variable
1027 1027
        referralInfo=(String)refExc.getReferralInfo();
1028
        env.put(Context.PROVIDER_URL,refExc.getReferralInfo());
1029
        //System.out.println("referral info: "+referralInfo);
1030
        //if (referralInfo.indexOf("piscoweb")!=-1)
1031
        //{
1032
          //userName=uid+",o=PISCO,dc=piscoweb,dc=org";
1033
        //}
1034
        env.put(Context.INITIAL_CONTEXT_FACTORY, 
1035
                "com.sun.jndi.ldap.LdapCtxFactory");
1036
        //System.out.println("principal: "+userName);
1037
        env.put(Context.SECURITY_PRINCIPAL, userName);
1038
        env.put(Context.SECURITY_CREDENTIALS, userPassword);
1039
        env.put(Context.REFERRAL, "throw");
1040
        //get a context object for referral in the new envriment
1041
        rContext = refExc.getReferralContext(env);
1028
        util.debugMessage("Processing referral (pr0): ", 35);
1029
        util.debugMessage("PROVIDER_URL set to (pr1): " + referralInfo, 35);
1030
        //env.put(Context.PROVIDER_URL,referralInfo);
1031
        //env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
1032
        //env.put(Context.SECURITY_PRINCIPAL, userName);
1033
        //env.put(Context.SECURITY_CREDENTIALS, userPassword);
1034
        //env.put(Context.REFERRAL, "throw");
1035
        //util.debugMessage("Processing referral (pr1.info): " + userName,35);
1036
        //util.debugMessage("Processing referral (pr2)",35);
1037
        //rContext = refExc.getReferralContext(env);
1038
        rContext = refExc.getReferralContext();
1039
        util.debugMessage("Processing referral (pr3)",35);
1042 1040
        //casting the context to dircontext and it will create a
1043 1041
        //autherntication or naming exception if DN and password is incorrect
1044 1042
        referralContext=rContext;
......
1046 1044
        refDirContext.close();
1047 1045
        //get context and jump out the while loop
1048 1046
        moreReferrals=false;
1047
        util.debugMessage("Processing referral (pr4)",35);
1049 1048
      }//try
1050 1049
      //if referral have another referral excption
1051 1050
      catch (ReferralException re)
1052 1051
      {
1052
        util.debugMessage("GOT referral exception (re1): " + re.getMessage(),35);
1053
        util.debugMessage("RE details (re2): " + re.toString(true),35);
1053 1054
        //keep running in while loop
1054 1055
        moreReferrals=true;
1055 1056
        //assign refExc to new referral exception re
......
1058 1059
      //catch a authentication exception
1059 1060
      catch (AuthenticationException ae)
1060 1061
      {
1061
        util.debugMessage("Error running referral handler thread: " + 
1062
        util.debugMessage("Error running referral handler thread (ae1): " + 
1062 1063
                          ae.getMessage(), 20);
1063 1064
        //check if has another referral
1064 1065
        moreReferrals=refExc.skipReferral();
......
1068 1069
      //catch a naming exception
1069 1070
      catch (NamingException ne)
1070 1071
      {
1071
        util.debugMessage("Error running referral handler thread: " + 
1072
        util.debugMessage("Error running referral handler thread (ne1): " + 
1072 1073
                          ne.getMessage(), 20);
1073 1074
        //check if has another referral
1074 1075
        moreReferrals=refExc.skipReferral();
......
1128 1129
        }
1129 1130
        catch (AuthenticationException ae)
1130 1131
        {
1131
          util.debugMessage("Error running referral handler thread: " + 
1132
          util.debugMessage("Error running referral handler thread (ae2): " + 
1132 1133
                          ae.getMessage(), 50);
1133 1134
          //check if has another referral
1134 1135
          moreReferrals=refExc.skipReferral();
......
1137 1138
        }
1138 1139
        catch (NamingException ne)
1139 1140
        {
1140
          util.debugMessage("Error running referral handler thread: " + 
1141
          util.debugMessage("Error running referral handler thread (ne2): " + 
1141 1142
                          ne.getMessage(), 50);
1142 1143
          //check if has another referral
1143 1144
          moreReferrals=refExc.skipReferral();

Also available in: Unified diff