Metacat

/**

 * An implementation of the AuthInterface interface that

 * allows Metacat to use the LDAP protocol for directory services.

 * is authenticated, and whether they are a member of a particular group.

 */

public class AuthLdap implements AuthInterface, Runnable {

  ReferralException refExc;

  //String uid=null;

   * Construct an AuthLdap

   */

  public AuthLdap() {

    String identifier = user;

    //get uid here.

    //uid=user.substring(0, user.indexOf(","));

    try {

        // Check the usename as passed in

        authenticated = ldapAuthenticate(identifier, password);

            }

            //authenticated = ldapAuthenticate(identifier, password);

        }

    } catch (NullPointerException e) {

      util.debugMessage("NullPointerException b' password is null", 30);

                        "AuthLdap.authenticate: " + e, 30);

      throw new ConnectException(

                        "AuthLdap.authenticate: " + e);

    } catch (NamingException e) {

                        "AuthLdap.authenticate: " + e, 30);

      e.printStackTrace();

    } catch (Exception e) {

  private boolean ldapAuthenticate(String identifier, String password)

            throws ConnectException, NamingException, NullPointerException

  {

                              this.ldapsUrl, this.ldapBase);

  }

    double totStartTime = System.currentTimeMillis();

    boolean authenticated = false;

    if (identifier != null && !password.equals("")) {

        //Pass the username and password to run() method

        userName=identifier;

        userPassword=password;

        // Identify service provider to use

        Hashtable env = new Hashtable(11);

              "com.sun.jndi.ldap.LdapCtxFactory");

        env.put(Context.REFERRAL, "throw");

        env.put(Context.PROVIDER_URL, directoryUrl + searchBase);

            Thread t = new Thread(this);

            t.start();

                                //hideously long time out period.

            util.debugMessage("Awake after 5 seconds.", 35);

            if (referralContext == null) {

            authenticated = false;

          }

        }

        util.debugMessage("User not found", 30);

    }

    double totStopTime = System.currentTimeMillis();

                      (totStopTime - totStartTime)/1000 + " seconds", 35);

    return authenticated;

  }

  /**

   * Get the identifying name for a given userid or name.  This is the name

   * that is used in conjunction withthe LDAP BaseDN to create a

   * distinguished name (dn) for the record

   *

   * @param user the user for which the identifying name is requested

   *          or null if not found

   */

  private String getIdentifyingName(String user, String ldapUrl,

    env.put(Context.PROVIDER_URL, ldapUrl + ldapBase);

    //    non-secure LDAP context; dn are publicly readable

    try {

      // Bind to the LDAP server, in order to search for the right

      // distinguished name (dn) based on userid (uid) or common name (cn)

      DirContext ctx = new InitialDirContext(env);

      SearchControls ctls = new SearchControls();

      ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);

      //attributes

      // If we find a record, determine the dn for the record

      // The following blocks need to be refactored into a subroutine

      int position = user.indexOf(",");

      String comp1 = user.substring(0, position);

      MetaCatUtil.debugMessage("First comp is: " + comp1, 35);

                                    user.indexOf(",", position+1));

      MetaCatUtil.debugMessage("Second comp is: " + comp2, 35);

        if (answer.hasMore()) {

          SearchResult sr = (SearchResult)answer.next();

          identifier = sr.getName();

            this.ldapUrl = identifier.substring(0,

                                                identifier.lastIndexOf("/")+1);

            this.ldapBase = identifier.substring(identifier.indexOf(",")+1);

      if (answer.hasMore()) {

        SearchResult sr = (SearchResult)answer.next();

        identifier = sr.getName();

          this.ldapUrl = identifier.substring(0,identifier.lastIndexOf("/")+1);

          this.ldapBase = identifier.substring(identifier.indexOf(",")+1);

          identifier = identifier.substring(identifier.lastIndexOf("/")+1,

        if (answer2.hasMore()) {

          SearchResult sr = (SearchResult)answer2.next();

          identifier = sr.getName();

            this.ldapUrl = identifier.substring(0,

                                                identifier.lastIndexOf("/")+1);

            this.ldapBase = identifier.substring(identifier.indexOf(",")+1);

          if (answer3.hasMore()) {

            SearchResult sr = (SearchResult)answer3.next();

            identifier = sr.getName();

              this.ldapUrl = identifier.substring(0,

                                                identifier.lastIndexOf("/")+1);

              this.ldapBase = identifier.substring(identifier.indexOf(",")+1);

   * @param password the password for authenticating against the service

   * @returns string array of all of the user names

   */

         throws ConnectException

  {

    // Identify service provider to use

    Hashtable env = new Hashtable(11);

            "com.sun.jndi.ldap.LdapCtxFactory");

    env.put(Context.REFERRAL, referral);

    env.put(Context.PROVIDER_URL, ldapUrl);

    try {

        // Create the initial directory context

        // Specify the attributes to match.

        // Users are objects that have the attribute objectclass=InetOrgPerson.

        SearchControls ctls = new SearchControls();

        ctls.setReturningAttributes(attrIDs);

        ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);

        //ctls.setCountLimit(1000);

        String filter = "(objectClass=inetOrgPerson)";

        NamingEnumeration enum = ctx.search(ldapBase, filter, ctls);

        // Store the users in a vector

        Vector uvec = new Vector();

        try {

            while (enum.hasMore()) {

                SearchResult sr = (SearchResult)enum.next();

                uvec.add(sr.getName()+","+ldapBase);

            }

        } catch (SizeLimitExceededException slee) {

        }

        // initialize users[]; fill users[]

        for (int i=0; i < uvec.size(); i++) {

        }

        // Close the context when we're done

   * @param group the group whose user list should be returned

   * @returns string array of the user names belonging to the group

   */

         throws ConnectException

  {

    String[] users = null;

    // Identify service provider to use

    Hashtable env = new Hashtable(11);

            "com.sun.jndi.ldap.LdapCtxFactory");

    env.put(Context.REFERRAL, referral);

    env.put(Context.PROVIDER_URL, ldapUrl);

        try {

            for (NamingEnumeration ae = answer.getAll(); ae.hasMore();) {

                Attribute attr = (Attribute)ae.next();

                     e.hasMore();

                    );

            }

        } catch (SizeLimitExceededException slee) {

        // initialize users[]; fill users[]

        users = new String[uvec.size()];

        for (int i=0; i < uvec.size(); i++) {

        }

        // Close the context when we're done

   * @param password the password for authenticating against the service

   * @returns string array of the group names

   */

         throws ConnectException

  {

      return getGroups(user, password, null);

   * @param foruser the user whose group list should be returned

   * @returns string array of the group names

   */

         throws ConnectException

  {

    Vector uvec = new Vector();

    //Pass the username and password to run() method

    userName=user;

    userPassword=password;

    // Identify service provider to use

            "com.sun.jndi.ldap.LdapCtxFactory");

    env.put(Context.REFERRAL, "throw");

    env.put(Context.PROVIDER_URL, ldapUrl);

        // Create the initial directory context

        DirContext ctx = new InitialDirContext(env);

        // Specify the ids of the attributes to return

        // Specify the attributes to match.

        // Groups are objects with attribute objectclass=groupofuniquenames.

        // and have attribute uniquemember: uid=foruser,ldapbase.

        SearchControls ctls = new SearchControls();

        ctls.setReturningAttributes(attrIDs);

        ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);

        String filter = null;

        String gfilter = "(objectClass=groupOfUniqueNames)";

        if (null == foruser) {

        // Print the groups

        MetaCatUtil.debugMessage("getting group results.", 50);

        while (enum.hasMore()) {

          uvec.add(sr.getName()+","+ldapBase);

                                  " added to Group vector", 35);

        }

        // Close the context when we're done

        ctx.close();

    {

      refExc = re;

      Thread t = new Thread(new GetGroup());

      if (referralContext == null)

      {

        util.debugMessage("thread timed out...returning groups: " + uvec.toString(), 35);

        for(int i=0; i<uvec.size(); i++)

        {

        }

        t.interrupt();

        return groups;

      }

      DirContext dc = (DirContext)referralContext;

      // Specify the attributes to match.

      // Groups are objects with attribute objectclass=groupofuniquenames.

      // and have attribute uniquemember: uid=foruser,ldapbase.

      SearchControls ctls = new SearchControls();

      ctls.setReturningAttributes(attrIDs);

      ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);

      String filter = null;

      String gfilter = "(objectClass=groupOfUniqueNames)";

      if (null == foruser) {

      } else {

          filter = "(& " + gfilter + "(uniqueMember=" + foruser + "))";

      }

      try

      {

        NamingEnumeration enum = dc.search(ldapBase, filter, ctls);

        // Print the groups

        while (enum.hasMore()) {

          SearchResult sr = (SearchResult)enum.next();

          uvec.add(sr.getName()+","+ldapBase);

        }

        referralContext.close();

        dc.close();

      }

      catch(NamingException ne)

      {

      }

    } catch (NamingException e) {

      e.printStackTrace(System.err);

      for(int i=0; i<uvec.size(); i++)

      {

      }

      return groups;

       /*throw new ConnectException(

      "Problem getting groups for a user in AuthLdap.getGroups:" + e);*/

                              uvec.toString(), 35);

    for(int i=0; i<uvec.size(); i++)

    {

    }

    return groups;

  }

   * @param foruser the user for which the attribute list is requested

   * @returns HashMap a map of attribute name to a Vector of values

   */

         throws ConnectException

  {

    return getAttributes(null, null, foruser);

   * @param foruser the user whose attributes should be returned

   * @returns HashMap a map of attribute name to a Vector of values

   */

         throws ConnectException

  {

    HashMap attributes = new HashMap();

    String ldapUrl = this.ldapUrl;

    String ldapBase = this.ldapBase;

    String userident = foruser;

    // Identify service provider to use

    Hashtable env = new Hashtable(11);

        "com.sun.jndi.ldap.LdapCtxFactory");

    env.put(Context.REFERRAL, referral);

    env.put(Context.PROVIDER_URL, ldapUrl);

    try {

      // Create the initial directory context

      DirContext ctx = new InitialDirContext(env);

      //Attributes attrs = ctx.getAttributes(userident);

      Attributes attrs = ctx.getAttributes(foruser);

      // Print all of the attributes

      NamingEnumeration en = attrs.getAll();

      while (en.hasMore()) {

        }

        attributes.put(attName, values);

      }

      // Close the context when we're done

      ctx.close();

    } catch (NamingException e) {

              "AuthLdap.getAttributes:" + e, 35);

      throw new ConnectException(

      "Problem getting attributes in AuthLdap.getAttributes:" + e);

  /**

   * Get list of all subtrees holding Metacat's groups and users

   * i.e. ldap://dev.nceas.ucsb.edu/dc=ecoinformatics,dc=org

   */

  private Hashtable getSubtrees(String user, String password,

    // Identify service provider to use

    Hashtable env = new Hashtable(11);

            "com.sun.jndi.ldap.LdapCtxFactory");

    env.put(Context.REFERRAL, referral);

    env.put(Context.PROVIDER_URL, ldapUrl + ldapBase);

        SearchControls ctls = new SearchControls();

        ctls.setReturningAttributes(attrIDs);

        ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);

        // Specify the attributes to match.

        // Subtrees from the main server are found as objects with attribute

        // objectclass=organization or objectclass=referral to the subtree

            Attribute attr = (Attribute)enum1.next();

            String attrValue = (String)attr.get();

            String attrName = (String)attr.getID();

            if ( enum1.hasMore() ) {

              attr = (Attribute)enum1.next();

              String refValue = (String)attr.get();

                trees.put(refName + "=" + refValue + "," + ldapBase,

                         attrValue.substring(0,attrValue.lastIndexOf("/")+1) );

              }

            } else if ( ldapBase.startsWith(attrName + "=" + attrValue) ) {

                trees.put(ldapBase, ldapUrl);

            }

          }

        }

        ctx.close();

    } catch (NamingException e) {

                        + e, 30);

      throw new ConnectException(

      "Problem getting subtrees in AuthLdap.getSubtrees:" + e);

  {

    StringBuffer out = new StringBuffer();

    Vector usersIn = new Vector();

    out.append("<principals>\n");

    /*

     * and then the Metacat users under them

     */

    Hashtable subtrees = getSubtrees(user,password,this.ldapUrl,this.ldapBase);

    Enumeration enum = subtrees.keys();

    while ( enum.hasMoreElements() ) {

      this.ldapBase = (String)enum.nextElement();

      this.ldapUrl = (String)subtrees.get(ldapBase);

                 this.ldapUrl + this.ldapBase + "\">\n");

      // get all groups for directory context

      // for the groups and users that belong to them

      if ( groups!=null && groups.length > 0 ) {

        for (int i=0; i < groups.length; i++ ) {

          out.append("    <group>\n");

          for (int j=0; j < usersForGroup.length; j++ ) {

            usersIn.addElement(usersForGroup[j]);

            out.append("      <user>\n");

            out.append("      </user>\n");

          }

          out.append("    </group>\n");

        }

      }

      // for the users not belonging to any group

      for (int j=0; j < users.length; j++ ) {

          out.append("    <user>\n");

          out.append("    </user>\n");

        }

      }

      out.append("  </authSystem>\n");

      if ( !usersIn.isEmpty() ) {

        usersIn.removeAllElements();

        usersIn.trimToSize();

      }

    }

    out.append("</principals>");

    return out.toString();

  }

  /**

   * Test method for the class

   */

  public static void main(String[] args) {

    MetaCatUtil.debugMessage("Creating session...", 20);

    AuthLdap authservice = new AuthLdap();

    MetaCatUtil.debugMessage("Session exists...", 20);

    boolean isValid = false;

    try {

      MetaCatUtil.debugMessage("Authenticating...", 20);

      // get the groups

      if (isValid) {

        MetaCatUtil.debugMessage("\nGetting all groups....", 20);

        MetaCatUtil.debugMessage("Groups found: " + groups.length, 20);

        for (int i=0; i < groups.length; i++) {

        }

      }

      String savedGroup = null;

      if (isValid) {

        MetaCatUtil.debugMessage("\nGetting groups for user....", 20);

        MetaCatUtil.debugMessage("Groups found: " + groups.length, 20);

        for (int i=0; i < groups.length; i++) {

        }

      }

      // get all users

      if (isValid) {

        MetaCatUtil.debugMessage("\nGetting all users ....", 20);

        MetaCatUtil.debugMessage("Users found: " + users.length, 20);

      }

      // get the whole list groups and users in XML format

      MetaCatUtil.debugMessage("I/O Error writing to file principals.txt", 20);

    }

  }

  /**

   * This method will be called by start a thread.

   * It can handle if a referral exception happend.

  public void run()

  {

    referralContext = null;

    while (moreReferrals)

    {

      try

        //revise environment variable

        referralInfo=(String)refExc.getReferralInfo();

        util.debugMessage("Processing referral (pr0): ", 35);

      //catch a authentication exception

      catch (AuthenticationException ae)

      {

                          ae.getMessage(), 20);

        //check if has another referral

        moreReferrals=refExc.skipReferral();

      //catch a naming exception

      catch (NamingException ne)

      {

                          ne.getMessage(), 20);

        //check if has another referral

        moreReferrals=refExc.skipReferral();

        //don't get context

      }

    }//while

  }//run()

  private class GetGroup implements Runnable

  {

    public void run()

      MetaCatUtil.debugMessage("getting groups context", 50);

      DirContext refDirContext=null;

      boolean moreReferrals=true;

      //contains another referral exception

      while (moreReferrals)

      {

          refInfo = (String)refExc.getReferralInfo();

          if(refInfo != null)

          {

                              refInfo.toString(), 40);

          }

          else

                                                  get(Context.PROVIDER_URL);

          }

          MetaCatUtil.debugMessage("refInfo: " + refInfo, 40);

              "com.sun.jndi.ldap.LdapCtxFactory");

          env.put(Context.REFERRAL, "throw");

          env.put(Context.PROVIDER_URL, refInfo);

          MetaCatUtil.debugMessage("creating referralContext", 40);

          referralContext = new InitialDirContext(env);

          MetaCatUtil.debugMessage("referralContext created", 40);

        }

        catch (AuthenticationException ae)

        {

                          ae.getMessage(), 50);

          //check if has another referral

          moreReferrals=refExc.skipReferral();

        }

        catch (NamingException ne)

        {

                          ne.getMessage(), 50);

          //check if has another referral

          moreReferrals=refExc.skipReferral();

          //don't get context

        }

      }//while

    }//run()

  private HttpSession session = null;

  private AuthInterface authService = null;

  private String statusMessage = null;

   * Construct an AuthSession

   */

  public AuthSession() throws Exception {

    this.authClass = util.getOption("authclass");

    this.authService = (AuthInterface)createObject(authClass);

  }

  /**

   * Get the new session

   */

    return this.session;

  }

   * authenticating them using the authService configured for this session.

   *

   * @param request the request made from the client

   * @param username the username entered when login

   * @param password the password entered when login

   */

    String message = null;

      if ( authService.authenticate(username, password) ) {

        if(groups == null)

        {

          groups = new String[0];

        message = "Authentication successful for user: " + username;

        this.statusMessage = formatOutput("login", message, sessionId);

        return true;

        message = "Authentication failed for user: " + username;

        this.statusMessage = formatOutput("unauth_login", message);

        return false;

    } catch ( ConnectException ce ) {

      message = "Connection to the authentication service failed in " +

                "AuthSession.authenticate: " + ce.getMessage();

    } catch ( IllegalStateException ise ) {

      message = ise.getMessage();

    }

    this.statusMessage = formatOutput("error_login", message);

    return false;

  }

  /** Get new HttpSession and store username & password in it */

                                 String username, String password,

                      throws IllegalStateException {

    // get the current session object, create one if necessary

   * Get the message associated with authenticating this session. The

   * message is formatted in XML.

   */

  {

    return this.statusMessage;

  }

    return authService.getPrincipals(user, password);

  }

   * format the output in xml for processing from client applications

   *

   * @param tag the root element tag for the message (error or success)

   * @param message the message content of the root element

   */

  {

      return formatOutput(tag, message, null);

  }

   * format the output in xml for processing from client applications

   *

   * @param tag the root element tag for the message (error or success)

   * @param message the message content of the root element

   * @param sessionId the session identifier for a successful login

   */

  {

    StringBuffer out = new StringBuffer();

    out.append("<?xml version=\"1.0\"?>\n");

    out.append("<" + tag + ">");

    out.append("\n  <message>" + message + "</message>\n");

        out.append("\n  <sessionId>" + sessionId + "</sessionId>\n");

    }

    out.append("</" + tag + ">");

    return out.toString();

  }

   * @param className the fully qualified name of the class to instantiate

   */

  private static Object createObject(String className) throws Exception {

    Object object = null;

    try {

      Class classDefinition = Class.forName(className);

/**

 *  '$RCSfile$'

 *             implemented by an authentication service

 *  Copyright: 2000 Regents of the University of California and the

 *             National Center for Ecological Analysis and Synthesis

import java.util.HashMap;

/**

 * implemented by an authentication service.  The authentication service is

 * of a particular group.

 */

public interface AuthInterface {

  /**

   * Get all users from the authentication service

   */

         throws ConnectException;

  /**

  /**

   * Get all groups from the authentication service

   */

         throws ConnectException;

  /**

   * Get the groups for a particular user from the authentication service

   */

         throws ConnectException;

  /**

   * @param user the user for which the attribute list is requested

   * @returns HashMap a map of attribute name to a Vector of values

   */

         throws ConnectException;

  /**

   * @param password the password for authenticating against the service

   * @returns HashMap a map of attribute name to a Vector of values

   */

         throws ConnectException;

  /**