Revision 2666
Added by sgarg over 18 years ago
| src/edu/ucsb/nceas/metacat/AuthLdap.java | ||
|---|---|---|
| 47 | 47 |
import javax.naming.directory.SearchControls; |
| 48 | 48 |
import javax.naming.ReferralException; |
| 49 | 49 |
import javax.naming.ldap.*; |
| 50 |
|
|
| 51 |
import org.apache.log4j.Logger; |
|
| 52 |
|
|
| 50 | 53 |
import java.net.URLDecoder; |
| 51 | 54 |
import java.util.Iterator; |
| 52 | 55 |
import java.util.HashMap; |
| ... | ... | |
| 74 | 77 |
private String userName; |
| 75 | 78 |
private String userPassword; |
| 76 | 79 |
ReferralException refExc; |
| 77 |
//String uid=null; |
|
| 78 | 80 |
|
| 81 |
private static Logger logMetacat = Logger.getLogger(AuthLdap.class); |
|
| 82 |
|
|
| 79 | 83 |
/** |
| 80 | 84 |
* Construct an AuthLdap |
| 81 | 85 |
*/ |
| ... | ... | |
| 110 | 114 |
authenticated = ldapAuthenticate(identifier, password); |
| 111 | 115 |
// if not found, try looking up a valid DN then auth again |
| 112 | 116 |
if (!authenticated) {
|
| 113 |
MetaCatUtil.logMetacat.info("Looking up DN for: " + identifier);
|
|
| 117 |
logMetacat.info("Looking up DN for: " + identifier);
|
|
| 114 | 118 |
identifier = getIdentifyingName(identifier, ldapUrl, ldapBase); |
| 115 |
MetaCatUtil.logMetacat.info("DN found: " + identifier);
|
|
| 119 |
logMetacat.info("DN found: " + identifier);
|
|
| 116 | 120 |
String decoded = URLDecoder.decode(identifier); |
| 117 |
MetaCatUtil.logMetacat.info("DN decoded: " + decoded);
|
|
| 121 |
logMetacat.info("DN decoded: " + decoded);
|
|
| 118 | 122 |
identifier = decoded; |
| 119 | 123 |
String refUrl = ""; |
| 120 | 124 |
String refBase = ""; |
| 121 | 125 |
if (identifier.startsWith("ldap")) {
|
| 122 | 126 |
refUrl = identifier.substring(0, |
| 123 | 127 |
identifier.lastIndexOf("/") + 1);
|
| 124 |
MetaCatUtil.logMetacat.info("Ref ldapUrl: " + refUrl);
|
|
| 128 |
logMetacat.info("Ref ldapUrl: " + refUrl);
|
|
| 125 | 129 |
int position = identifier.indexOf(",");
|
| 126 | 130 |
int position2 = identifier.indexOf(",", position + 1);
|
| 127 | 131 |
refBase = identifier.substring(position2 + 1); |
| 128 |
MetaCatUtil.logMetacat.info("Ref ldapBase: " + refBase);
|
|
| 132 |
logMetacat.info("Ref ldapBase: " + refBase);
|
|
| 129 | 133 |
identifier = identifier.substring( |
| 130 | 134 |
identifier.lastIndexOf("/") + 1);
|
| 131 |
MetaCatUtil.logMetacat.info("Trying: " + identifier);
|
|
| 135 |
logMetacat.info("Trying: " + identifier);
|
|
| 132 | 136 |
authenticated = ldapAuthenticate(identifier, password, |
| 133 | 137 |
refUrl, refBase); |
| 134 | 138 |
} |
| 135 | 139 |
else {
|
| 136 | 140 |
identifier = identifier + "," + ldapBase; |
| 137 |
MetaCatUtil.logMetacat.info("Trying: " + identifier);
|
|
| 141 |
logMetacat.info("Trying: " + identifier);
|
|
| 138 | 142 |
authenticated = ldapAuthenticate(identifier, password); |
| 139 | 143 |
} |
| 140 | 144 |
//authenticated = ldapAuthenticate(identifier, password); |
| ... | ... | |
| 142 | 146 |
|
| 143 | 147 |
} |
| 144 | 148 |
catch (NullPointerException e) {
|
| 145 |
MetaCatUtil.logMetacat.info("NullPointerException b' password is null");
|
|
| 146 |
MetaCatUtil.logMetacat.info("NullPointerException while authenticating in " +
|
|
| 149 |
logMetacat.error("NullPointerException b' password is null");
|
|
| 150 |
logMetacat.error("NullPointerException while authenticating in " +
|
|
| 147 | 151 |
"AuthLdap.authenticate: " + e); |
| 148 | 152 |
throw new ConnectException( |
| 149 | 153 |
"NullPointerException while authenticating in " + |
| 150 | 154 |
"AuthLdap.authenticate: " + e); |
| 151 | 155 |
} |
| 152 | 156 |
catch (NamingException e) {
|
| 153 |
MetaCatUtil.logMetacat.info("Naming exception while authenticating in " +
|
|
| 157 |
logMetacat.error("Naming exception while authenticating in " +
|
|
| 154 | 158 |
"AuthLdap.authenticate: " + e); |
| 155 | 159 |
e.printStackTrace(); |
| 156 | 160 |
} |
| 157 | 161 |
catch (Exception e) {
|
| 158 |
MetaCatUtil.logMetacat.info(e.getMessage());
|
|
| 162 |
logMetacat.error(e.getMessage());
|
|
| 159 | 163 |
} |
| 160 | 164 |
return authenticated; |
| 161 | 165 |
} |
| ... | ... | |
| 196 | 200 |
"com.sun.jndi.ldap.LdapCtxFactory"); |
| 197 | 201 |
env.put(Context.REFERRAL, "throw"); |
| 198 | 202 |
env.put(Context.PROVIDER_URL, directoryUrl + searchBase); |
| 199 |
MetaCatUtil.logMetacat.info("PROVIDER_URL set to: " + directoryUrl + searchBase);
|
|
| 203 |
logMetacat.info("PROVIDER_URL set to: " + directoryUrl + searchBase);
|
|
| 200 | 204 |
if (!ldapsUrl.equals(ldapUrl)) {
|
| 201 | 205 |
// ldap is set on default port 389 |
| 202 | 206 |
// ldaps is set on second port - 636 by default |
| 203 |
//env.put(Context.SECURITY_PROTOCOL, "ssl"); |
|
| 204 |
} |
|
| 207 |
// env.put(Context.SECURITY_PROTOCOL, "ssl");
|
|
| 208 |
}
|
|
| 205 | 209 |
env.put(Context.SECURITY_AUTHENTICATION, "simple"); |
| 206 | 210 |
env.put(Context.SECURITY_PRINCIPAL, identifier); |
| 207 | 211 |
env.put(Context.SECURITY_CREDENTIALS, password); |
| ... | ... | |
| 212 | 216 |
//Here to check the authorization |
| 213 | 217 |
ctx = new InitialDirContext(env); |
| 214 | 218 |
double stopTime = System.currentTimeMillis(); |
| 215 |
MetaCatUtil.logMetacat.info("Connection time thru " + ldapsUrl + " was: " +
|
|
| 219 |
logMetacat.info("Connection time thru " + ldapsUrl + " was: " +
|
|
| 216 | 220 |
(stopTime - startTime) / 1000 + " seconds."); |
| 217 | 221 |
authenticated = true; |
| 218 | 222 |
//tls.close(); |
| ... | ... | |
| 228 | 232 |
} |
| 229 | 233 |
} |
| 230 | 234 |
catch (javax.naming.InvalidNameException ine) {
|
| 231 |
MetaCatUtil.logMetacat.info("An invalid DN was provided!");
|
|
| 235 |
logMetacat.error("An invalid DN was provided!");
|
|
| 232 | 236 |
} |
| 233 | 237 |
catch (javax.naming.ReferralException re) {
|
| 234 |
MetaCatUtil.logMetacat.info("referral during authentication");
|
|
| 235 |
MetaCatUtil.logMetacat.info("Referral information: " + re.getReferralInfo());
|
|
| 238 |
logMetacat.error("referral during authentication");
|
|
| 239 |
logMetacat.error("Referral information: " + re.getReferralInfo());
|
|
| 236 | 240 |
try {
|
| 237 | 241 |
refExc = re; |
| 238 | 242 |
|
| ... | ... | |
| 240 | 244 |
t.start(); |
| 241 | 245 |
Thread.sleep(5000); //this is a manual override of ldap's |
| 242 | 246 |
//hideously long time out period. |
| 243 |
MetaCatUtil.logMetacat.info("Awake after 5 seconds.");
|
|
| 247 |
logMetacat.info("Awake after 5 seconds.");
|
|
| 244 | 248 |
if (referralContext == null) {
|
| 245 | 249 |
t.interrupt(); |
| 246 | 250 |
authenticated = false; |
| ... | ... | |
| 255 | 259 |
} |
| 256 | 260 |
} |
| 257 | 261 |
else {
|
| 258 |
MetaCatUtil.logMetacat.info("User not found");
|
|
| 262 |
logMetacat.info("User not found");
|
|
| 259 | 263 |
} |
| 260 | 264 |
double totStopTime = System.currentTimeMillis(); |
| 261 |
MetaCatUtil.logMetacat.info("total ldap authentication time: " +
|
|
| 265 |
logMetacat.warn("total ldap authentication time: " +
|
|
| 262 | 266 |
(totStopTime - totStartTime) / 1000 + " seconds"); |
| 263 | 267 |
return authenticated; |
| 264 | 268 |
} |
| ... | ... | |
| 279 | 283 |
Hashtable env = new Hashtable(11); |
| 280 | 284 |
env.put(Context.INITIAL_CONTEXT_FACTORY, |
| 281 | 285 |
"com.sun.jndi.ldap.LdapCtxFactory"); |
| 282 |
MetaCatUtil.logMetacat.info("setting referrals to: " + referral);
|
|
| 286 |
logMetacat.info("setting referrals to: " + referral);
|
|
| 283 | 287 |
env.put(Context.REFERRAL, referral); |
| 284 | 288 |
env.put(Context.PROVIDER_URL, ldapUrl + ldapBase); |
| 285 | 289 |
// non-secure LDAP context; dn are publicly readable |
| ... | ... | |
| 300 | 304 |
// This assumes a dn like "uid=x,o=y,dc=someinst,dc=org" |
| 301 | 305 |
int position = user.indexOf(",");
|
| 302 | 306 |
String comp1 = user.substring(0, position); |
| 303 |
MetaCatUtil.logMetacat.info("First comp is: " + comp1);
|
|
| 307 |
logMetacat.info("First comp is: " + comp1);
|
|
| 304 | 308 |
String comp2 = user.substring(position + 1, |
| 305 | 309 |
user.indexOf(",", position + 1));
|
| 306 |
MetaCatUtil.logMetacat.info("Second comp is: " + comp2);
|
|
| 310 |
logMetacat.info("Second comp is: " + comp2);
|
|
| 307 | 311 |
|
| 308 | 312 |
//String filter = "(&(" + comp1 + "))";
|
| 309 | 313 |
String filter = "(&(" + comp1 + ")(" + comp2 + "))";
|
| 310 |
MetaCatUtil.logMetacat.info("Filter is: " + filter);
|
|
| 311 |
MetaCatUtil.logMetacat.info("Provider URL is: " + ldapUrl + ldapBase);
|
|
| 314 |
logMetacat.info("Filter is: " + filter);
|
|
| 315 |
logMetacat.info("Provider URL is: " + ldapUrl + ldapBase);
|
|
| 312 | 316 |
NamingEnumeration answer; |
| 313 | 317 |
try {
|
| 314 |
MetaCatUtil.logMetacat.info("Trying search 1: " + filter);
|
|
| 318 |
logMetacat.info("Trying search 1: " + filter);
|
|
| 315 | 319 |
answer = ctx.search("", filter, ctls);
|
| 316 |
MetaCatUtil.logMetacat.info("Search 1 complete");
|
|
| 320 |
logMetacat.info("Search 1 complete");
|
|
| 317 | 321 |
if (answer == null) {
|
| 318 |
MetaCatUtil.logMetacat.info("Search 1 answer is null.");
|
|
| 322 |
logMetacat.info("Search 1 answer is null.");
|
|
| 319 | 323 |
} |
| 320 | 324 |
if (answer.hasMore()) {
|
| 321 |
MetaCatUtil.logMetacat.info("Search 1 has answers.");
|
|
| 325 |
logMetacat.info("Search 1 has answers.");
|
|
| 322 | 326 |
SearchResult sr = (SearchResult) answer.next(); |
| 323 | 327 |
identifier = sr.getName(); |
| 324 |
MetaCatUtil.logMetacat.info("Originally Found: " + identifier);
|
|
| 328 |
logMetacat.info("Originally Found: " + identifier);
|
|
| 325 | 329 |
return identifier; |
| 326 | 330 |
} |
| 327 | 331 |
} |
| 328 | 332 |
catch (InvalidSearchFilterException e) {
|
| 329 |
MetaCatUtil.logMetacat.info("Invalid Filter exception thrown (if1)");
|
|
| 333 |
logMetacat.error("Invalid Filter exception thrown (if1)");
|
|
| 330 | 334 |
} |
| 331 | 335 |
|
| 332 | 336 |
// That failed, so check if it is just a username |
| 333 | 337 |
filter = "(" + user + ")";
|
| 334 | 338 |
try {
|
| 335 |
MetaCatUtil.logMetacat.info("Trying again: " + filter);
|
|
| 339 |
logMetacat.info("Trying again: " + filter);
|
|
| 336 | 340 |
answer = ctx.search("", filter, ctls);
|
| 337 | 341 |
if (answer.hasMore()) {
|
| 338 | 342 |
SearchResult sr = (SearchResult) answer.next(); |
| ... | ... | |
| 344 | 348 |
identifier = identifier.substring(identifier.lastIndexOf("/") + 1,
|
| 345 | 349 |
identifier.indexOf(","));
|
| 346 | 350 |
} |
| 347 |
MetaCatUtil.logMetacat.info("Found: " + identifier);
|
|
| 351 |
logMetacat.info("Found: " + identifier);
|
|
| 348 | 352 |
return identifier; |
| 349 | 353 |
} |
| 350 | 354 |
} |
| ... | ... | |
| 352 | 356 |
|
| 353 | 357 |
// Maybe its a user id (uid) |
| 354 | 358 |
filter = "(uid=" + user + ")"; |
| 355 |
MetaCatUtil.logMetacat.info("Trying again: " + filter);
|
|
| 359 |
logMetacat.info("Trying again: " + filter);
|
|
| 356 | 360 |
answer = ctx.search("", filter, ctls);
|
| 357 | 361 |
if (answer.hasMore()) {
|
| 358 | 362 |
SearchResult sr = (SearchResult) answer.next(); |
| ... | ... | |
| 364 | 368 |
identifier = identifier.substring(identifier.lastIndexOf("/") + 1,
|
| 365 | 369 |
identifier.indexOf(","));
|
| 366 | 370 |
} |
| 367 |
MetaCatUtil.logMetacat.info("Found: " + identifier);
|
|
| 371 |
logMetacat.info("Found: " + identifier);
|
|
| 368 | 372 |
} |
| 369 | 373 |
else {
|
| 370 | 374 |
|
| 371 | 375 |
// maybe its just a common name |
| 372 | 376 |
filter = "(cn=" + user + ")"; |
| 373 |
MetaCatUtil.logMetacat.info("Trying again: " + filter);
|
|
| 377 |
logMetacat.info("Trying again: " + filter);
|
|
| 374 | 378 |
NamingEnumeration answer2 = ctx.search("", filter, ctls);
|
| 375 | 379 |
if (answer2.hasMore()) {
|
| 376 | 380 |
SearchResult sr = (SearchResult) answer2.next(); |
| ... | ... | |
| 382 | 386 |
identifier = identifier.substring(identifier.lastIndexOf("/") + 1,
|
| 383 | 387 |
identifier.indexOf(","));
|
| 384 | 388 |
} |
| 385 |
MetaCatUtil.logMetacat.info("Found: " + identifier);
|
|
| 389 |
logMetacat.info("Found: " + identifier);
|
|
| 386 | 390 |
} |
| 387 | 391 |
else {
|
| 388 | 392 |
|
| 389 | 393 |
// ok, last resort, is it a surname? |
| 390 | 394 |
filter = "(sn=" + user + ")"; |
| 391 |
MetaCatUtil.logMetacat.info("Trying again: " + filter);
|
|
| 395 |
logMetacat.info("Trying again: " + filter);
|
|
| 392 | 396 |
NamingEnumeration answer3 = ctx.search("", filter, ctls);
|
| 393 | 397 |
if (answer3.hasMore()) {
|
| 394 | 398 |
SearchResult sr = (SearchResult) answer3.next(); |
| ... | ... | |
| 401 | 405 |
identifier = identifier.substring(identifier.lastIndexOf("/") + 1,
|
| 402 | 406 |
identifier.indexOf(","));
|
| 403 | 407 |
} |
| 404 |
MetaCatUtil.logMetacat.info("Found: " + identifier);
|
|
| 408 |
logMetacat.info("Found: " + identifier);
|
|
| 405 | 409 |
} |
| 406 | 410 |
} |
| 407 | 411 |
} |
| ... | ... | |
| 409 | 413 |
ctx.close(); |
| 410 | 414 |
} |
| 411 | 415 |
catch (NamingException e) {
|
| 412 |
MetaCatUtil.logMetacat.info("Naming exception while getting dn: " + e);
|
|
| 416 |
logMetacat.error("Naming exception while getting dn: " + e);
|
|
| 413 | 417 |
throw new NamingException( |
| 414 | 418 |
"Naming exception in AuthLdap.getIdentifyingName: " + e); |
| 415 | 419 |
} |
| 416 |
MetaCatUtil.logMetacat.info("Returning found identifier as: " + identifier);
|
|
| 420 |
logMetacat.error("Returning found identifier as: " + identifier);
|
|
| 417 | 421 |
return identifier; |
| 418 | 422 |
} |
| 419 | 423 |
|
| ... | ... | |
| 495 | 499 |
} |
| 496 | 500 |
} |
| 497 | 501 |
catch (SizeLimitExceededException slee) {
|
| 498 |
MetaCatUtil.logMetacat.info("LDAP Server size limit exceeded. " +
|
|
| 502 |
logMetacat.error("LDAP Server size limit exceeded. " +
|
|
| 499 | 503 |
"Returning incomplete record set."); |
| 500 | 504 |
} |
| 501 | 505 |
|
| ... | ... | |
| 514 | 518 |
|
| 515 | 519 |
} |
| 516 | 520 |
catch (NamingException e) {
|
| 517 |
MetaCatUtil.logMetacat.info("Problem getting users in AuthLdap.getUsers:" + e);
|
|
| 521 |
logMetacat.error("Problem getting users in AuthLdap.getUsers:" + e);
|
|
| 518 | 522 |
//e.printStackTrace(System.err); |
| 519 | 523 |
throw new ConnectException( |
| 520 | 524 |
"Problem getting users in AuthLdap.getUsers:" + e); |
| ... | ... | |
| 566 | 570 |
} |
| 567 | 571 |
} |
| 568 | 572 |
catch (SizeLimitExceededException slee) {
|
| 569 |
MetaCatUtil.logMetacat.info("LDAP Server size limit exceeded. " +
|
|
| 573 |
logMetacat.error("LDAP Server size limit exceeded. " +
|
|
| 570 | 574 |
"Returning incomplete record set."); |
| 571 | 575 |
} |
| 572 | 576 |
|
| ... | ... | |
| 581 | 585 |
|
| 582 | 586 |
} |
| 583 | 587 |
catch (NamingException e) {
|
| 584 |
MetaCatUtil.logMetacat.info("Problem getting users for a group in " +
|
|
| 588 |
logMetacat.error("Problem getting users for a group in " +
|
|
| 585 | 589 |
"AuthLdap.getUsers:" + e); |
| 586 | 590 |
throw new ConnectException( |
| 587 | 591 |
"Problem getting users for a group in AuthLdap.getUsers:" + e); |
| ... | ... | |
| 645 | 649 |
else {
|
| 646 | 650 |
filter = "(& " + gfilter + "(uniqueMember=" + foruser + "))"; |
| 647 | 651 |
} |
| 648 |
MetaCatUtil.logMetacat.info("searching for groups: " + filter);
|
|
| 652 |
logMetacat.info("searching for groups: " + filter);
|
|
| 649 | 653 |
NamingEnumeration namingEnum = ctx.search(ldapBase, filter, ctls); |
| 650 | 654 |
|
| 651 | 655 |
// Print the groups |
| 652 |
MetaCatUtil.logMetacat.info("getting group results.");
|
|
| 656 |
logMetacat.info("getting group results.");
|
|
| 653 | 657 |
while (namingEnum.hasMore()) {
|
| 654 | 658 |
SearchResult sr = (SearchResult) namingEnum.next(); |
| 655 | 659 |
tempAttr = sr.getAttributes(); |
| ... | ... | |
| 662 | 666 |
} |
| 663 | 667 |
|
| 664 | 668 |
gvec.add(sr.getName() + "," + ldapBase); |
| 665 |
MetaCatUtil.logMetacat.info("group " + sr.getName() +
|
|
| 669 |
logMetacat.info("group " + sr.getName() +
|
|
| 666 | 670 |
" added to Group vector"); |
| 667 | 671 |
} |
| 668 | 672 |
// Close the context when we're done |
| ... | ... | |
| 672 | 676 |
catch (ReferralException re) {
|
| 673 | 677 |
refExc = re; |
| 674 | 678 |
Thread t = new Thread(new GetGroup()); |
| 675 |
MetaCatUtil.logMetacat.info("Starting thread...");
|
|
| 679 |
logMetacat.info("Starting thread...");
|
|
| 676 | 680 |
t.start(); |
| 677 |
MetaCatUtil.logMetacat.info("sleeping for 5 seconds.");
|
|
| 681 |
logMetacat.info("sleeping for 5 seconds.");
|
|
| 678 | 682 |
try {
|
| 679 | 683 |
Thread.sleep(5000); |
| 680 | 684 |
} |
| 681 | 685 |
catch (InterruptedException ie) {
|
| 682 |
MetaCatUtil.logMetacat.info("main thread interrupted: " + ie.getMessage());
|
|
| 686 |
logMetacat.error("main thread interrupted: " + ie.getMessage());
|
|
| 683 | 687 |
} |
| 684 | 688 |
//this is a manual override of jndi's hideously long time |
| 685 | 689 |
//out period. |
| 686 |
MetaCatUtil.logMetacat.info("Awake after 5 seconds.");
|
|
| 690 |
logMetacat.info("Awake after 5 seconds.");
|
|
| 687 | 691 |
if (referralContext == null) {
|
| 688 |
MetaCatUtil.logMetacat.info("thread timed out...returning groups: " +
|
|
| 692 |
logMetacat.info("thread timed out...returning groups: " +
|
|
| 689 | 693 |
gvec.toString()); |
| 690 | 694 |
String groups[][] = new String[gvec.size()][2]; |
| 691 | 695 |
for (int i = 0; i < gvec.size(); i++) {
|
| ... | ... | |
| 735 | 739 |
dc.close(); |
| 736 | 740 |
} |
| 737 | 741 |
catch (NamingException ne) {
|
| 738 |
MetaCatUtil.logMetacat.info("Naming Exception in AuthLdap.getGroups" +
|
|
| 742 |
logMetacat.error("Naming Exception in AuthLdap.getGroups" +
|
|
| 739 | 743 |
ne.getExplanation() + ne.getMessage()); |
| 740 | 744 |
} |
| 741 | 745 |
} |
| ... | ... | |
| 751 | 755 |
"Problem getting groups for a user in AuthLdap.getGroups:" + e);*/ |
| 752 | 756 |
} |
| 753 | 757 |
|
| 754 |
MetaCatUtil.logMetacat.info("The user is in the following groups: " +
|
|
| 758 |
logMetacat.warn("The user is in the following groups: " +
|
|
| 755 | 759 |
gvec.toString()); |
| 756 | 760 |
String groups[][] = new String[gvec.size()][2]; |
| 757 | 761 |
for (int i = 0; i < gvec.size(); i++) {
|
| ... | ... | |
| 820 | 824 |
ctx.close(); |
| 821 | 825 |
} |
| 822 | 826 |
catch (NamingException e) {
|
| 823 |
MetaCatUtil.logMetacat.info("Problem getting attributes in " +
|
|
| 827 |
logMetacat.error("Problem getting attributes in " +
|
|
| 824 | 828 |
"AuthLdap.getAttributes:" + e); |
| 825 | 829 |
throw new ConnectException( |
| 826 | 830 |
"Problem getting attributes in AuthLdap.getAttributes:" + e); |
| ... | ... | |
| 931 | 935 |
|
| 932 | 936 |
} |
| 933 | 937 |
catch (NamingException e) {
|
| 934 |
MetaCatUtil.logMetacat.info("Problem getting subtrees in AuthLdap.getSubtrees:"
|
|
| 938 |
logMetacat.error("Problem getting subtrees in AuthLdap.getSubtrees:"
|
|
| 935 | 939 |
+ e); |
| 936 | 940 |
throw new ConnectException( |
| 937 | 941 |
"Problem getting subtrees in AuthLdap.getSubtrees:" + e); |
| ... | ... | |
| 1080 | 1084 |
String user = args[0]; |
| 1081 | 1085 |
String password = args[1]; |
| 1082 | 1086 |
|
| 1083 |
MetaCatUtil.logMetacat.warn("Creating session...");
|
|
| 1087 |
logMetacat.warn("Creating session...");
|
|
| 1084 | 1088 |
AuthLdap authservice = new AuthLdap(); |
| 1085 |
MetaCatUtil.logMetacat.warn("Session exists...");
|
|
| 1089 |
logMetacat.warn("Session exists...");
|
|
| 1086 | 1090 |
|
| 1087 | 1091 |
boolean isValid = false; |
| 1088 | 1092 |
try {
|
| 1089 |
MetaCatUtil.logMetacat.warn("Authenticating...");
|
|
| 1093 |
logMetacat.warn("Authenticating...");
|
|
| 1090 | 1094 |
isValid = authservice.authenticate(user, password); |
| 1091 | 1095 |
if (isValid) {
|
| 1092 |
MetaCatUtil.logMetacat.warn("Authentication successful for: " + user);
|
|
| 1096 |
logMetacat.warn("Authentication successful for: " + user);
|
|
| 1093 | 1097 |
} |
| 1094 | 1098 |
else {
|
| 1095 |
MetaCatUtil.logMetacat.warn("Authentication failed for: " + user);
|
|
| 1099 |
logMetacat.warn("Authentication failed for: " + user);
|
|
| 1096 | 1100 |
} |
| 1097 | 1101 |
|
| 1098 | 1102 |
// Get attributes for the user |
| 1099 | 1103 |
if (isValid) {
|
| 1100 |
MetaCatUtil.logMetacat.warn("\nGetting attributes for user....");
|
|
| 1104 |
logMetacat.info("\nGetting attributes for user....");
|
|
| 1101 | 1105 |
HashMap userInfo = authservice.getAttributes(user, password, user); |
| 1102 | 1106 |
// Print all of the attributes |
| 1103 | 1107 |
Iterator attList = (Iterator) ( ( (Set) userInfo.keySet()).iterator()); |
| ... | ... | |
| 1107 | 1111 |
Iterator attvalues = values.iterator(); |
| 1108 | 1112 |
while (attvalues.hasNext()) {
|
| 1109 | 1113 |
String value = (String) attvalues.next(); |
| 1110 |
MetaCatUtil.logMetacat.warn(att + ": " + value);
|
|
| 1114 |
logMetacat.warn(att + ": " + value); |
|
| 1111 | 1115 |
} |
| 1112 | 1116 |
} |
| 1113 | 1117 |
} |
| 1114 | 1118 |
|
| 1115 | 1119 |
// get the groups |
| 1116 | 1120 |
if (isValid) {
|
| 1117 |
MetaCatUtil.logMetacat.warn("\nGetting all groups....");
|
|
| 1121 |
logMetacat.warn("\nGetting all groups....");
|
|
| 1118 | 1122 |
String[][] groups = authservice.getGroups(user, password); |
| 1119 |
MetaCatUtil.logMetacat.warn("Groups found: " + groups.length);
|
|
| 1123 |
logMetacat.info("Groups found: " + groups.length);
|
|
| 1120 | 1124 |
for (int i = 0; i < groups.length; i++) {
|
| 1121 |
MetaCatUtil.logMetacat.warn("Group " + i + ": " + groups[i][0]);
|
|
| 1125 |
logMetacat.info("Group " + i + ": " + groups[i][0]);
|
|
| 1122 | 1126 |
} |
| 1123 | 1127 |
} |
| 1124 | 1128 |
|
| 1125 | 1129 |
// get the groups for the user |
| 1126 | 1130 |
String savedGroup = null; |
| 1127 | 1131 |
if (isValid) {
|
| 1128 |
MetaCatUtil.logMetacat.warn("\nGetting groups for user....");
|
|
| 1132 |
logMetacat.warn("\nGetting groups for user....");
|
|
| 1129 | 1133 |
String[][] groups = authservice.getGroups(user, password, user); |
| 1130 |
MetaCatUtil.logMetacat.warn("Groups found: " + groups.length);
|
|
| 1134 |
logMetacat.info("Groups found: " + groups.length);
|
|
| 1131 | 1135 |
for (int i = 0; i < groups.length; i++) {
|
| 1132 |
MetaCatUtil.logMetacat.warn("Group " + i + ": " + groups[i][0]);
|
|
| 1136 |
logMetacat.info("Group " + i + ": " + groups[i][0]);
|
|
| 1133 | 1137 |
savedGroup = groups[i][0]; |
| 1134 | 1138 |
} |
| 1135 | 1139 |
} |
| 1136 | 1140 |
|
| 1137 | 1141 |
// get the users for a group |
| 1138 | 1142 |
if (isValid) {
|
| 1139 |
MetaCatUtil.logMetacat.warn("\nGetting users for group....");
|
|
| 1140 |
MetaCatUtil.logMetacat.warn("Group: " + savedGroup);
|
|
| 1143 |
logMetacat.warn("\nGetting users for group....");
|
|
| 1144 |
logMetacat.info("Group: " + savedGroup);
|
|
| 1141 | 1145 |
String[] users = authservice.getUsers(user, password, savedGroup); |
| 1142 |
MetaCatUtil.logMetacat.warn("Users found: " + users.length);
|
|
| 1146 |
logMetacat.info("Users found: " + users.length);
|
|
| 1143 | 1147 |
for (int i = 0; i < users.length; i++) {
|
| 1144 |
MetaCatUtil.logMetacat.warn("User " + i + ": " + users[i]);
|
|
| 1148 |
logMetacat.warn("User " + i + ": " + users[i]);
|
|
| 1145 | 1149 |
} |
| 1146 | 1150 |
} |
| 1147 | 1151 |
|
| 1148 | 1152 |
// get all users |
| 1149 | 1153 |
if (isValid) {
|
| 1150 |
MetaCatUtil.logMetacat.warn("\nGetting all users ....");
|
|
| 1154 |
logMetacat.warn("\nGetting all users ....");
|
|
| 1151 | 1155 |
String[][] users = authservice.getUsers(user, password); |
| 1152 |
MetaCatUtil.logMetacat.warn("Users found: " + users.length);
|
|
| 1156 |
logMetacat.info("Users found: " + users.length);
|
|
| 1153 | 1157 |
|
| 1154 | 1158 |
} |
| 1155 | 1159 |
|
| 1156 | 1160 |
// get the whole list groups and users in XML format |
| 1157 | 1161 |
if (isValid) {
|
| 1158 |
MetaCatUtil.logMetacat.warn("\nTrying principals....");
|
|
| 1162 |
logMetacat.warn("\nTrying principals....");
|
|
| 1159 | 1163 |
authservice = new AuthLdap(); |
| 1160 | 1164 |
String out = authservice.getPrincipals(user, password); |
| 1161 | 1165 |
java.io.File f = new java.io.File("principals.xml");
|
| ... | ... | |
| 1165 | 1169 |
buff.flush(); |
| 1166 | 1170 |
buff.close(); |
| 1167 | 1171 |
fw.close(); |
| 1168 |
MetaCatUtil.logMetacat.warn("\nFinished getting principals.");
|
|
| 1172 |
logMetacat.warn("\nFinished getting principals.");
|
|
| 1169 | 1173 |
} |
| 1170 | 1174 |
|
| 1171 | 1175 |
} |
| 1172 | 1176 |
catch (ConnectException ce) {
|
| 1173 |
MetaCatUtil.logMetacat.info(ce.getMessage());
|
|
| 1177 |
logMetacat.error(ce.getMessage());
|
|
| 1174 | 1178 |
} |
| 1175 | 1179 |
catch (java.io.IOException ioe) {
|
| 1176 |
MetaCatUtil.logMetacat.info("I/O Error writing to file principals.txt");
|
|
| 1180 |
logMetacat.error("I/O Error writing to file principals.txt");
|
|
| 1177 | 1181 |
} |
| 1178 | 1182 |
} |
| 1179 | 1183 |
|
| ... | ... | |
| 1192 | 1196 |
try {
|
| 1193 | 1197 |
//revise environment variable |
| 1194 | 1198 |
referralInfo = (String) refExc.getReferralInfo(); |
| 1195 |
MetaCatUtil.logMetacat.info("Processing referral (pr0): ");
|
|
| 1196 |
MetaCatUtil.logMetacat.info("PROVIDER_URL set to (pr1): " + referralInfo);
|
|
| 1199 |
logMetacat.info("Processing referral (pr0): ");
|
|
| 1200 |
logMetacat.info("PROVIDER_URL set to (pr1): " + referralInfo);
|
|
| 1197 | 1201 |
//env.put(Context.PROVIDER_URL,referralInfo); |
| 1198 | 1202 |
//env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); |
| 1199 | 1203 |
//env.put(Context.SECURITY_PRINCIPAL, userName); |
| 1200 | 1204 |
//env.put(Context.SECURITY_CREDENTIALS, userPassword); |
| 1201 | 1205 |
//env.put(Context.REFERRAL, "throw"); |
| 1202 |
//MetaCatUtil.logMetacat.info("Processing referral (pr1.info): " + userName,35);
|
|
| 1203 |
//MetaCatUtil.logMetacat.info("Processing referral (pr2)",35);
|
|
| 1206 |
//logMetacat.info("Processing referral (pr1.info): " + userName,35);
|
|
| 1207 |
//logMetacat.info("Processing referral (pr2)",35);
|
|
| 1204 | 1208 |
//rContext = refExc.getReferralContext(env); |
| 1205 | 1209 |
rContext = refExc.getReferralContext(); |
| 1206 |
MetaCatUtil.logMetacat.info("Processing referral (pr3)");
|
|
| 1210 |
logMetacat.info("Processing referral (pr3)");
|
|
| 1207 | 1211 |
//casting the context to dircontext and it will create a |
| 1208 | 1212 |
//autherntication or naming exception if DN and password is incorrect |
| 1209 | 1213 |
referralContext = rContext; |
| ... | ... | |
| 1211 | 1215 |
refDirContext.close(); |
| 1212 | 1216 |
//get context and jump out the while loop |
| 1213 | 1217 |
moreReferrals = false; |
| 1214 |
MetaCatUtil.logMetacat.info("Processing referral (pr4)");
|
|
| 1218 |
logMetacat.info("Processing referral (pr4)");
|
|
| 1215 | 1219 |
} //try |
| 1216 | 1220 |
//if referral have another referral excption |
| 1217 | 1221 |
catch (ReferralException re) {
|
| 1218 |
MetaCatUtil.logMetacat.info("GOT referral exception (re1): " + re.getMessage());
|
|
| 1219 |
MetaCatUtil.logMetacat.info("RE details (re2): " + re.toString(true));
|
|
| 1222 |
logMetacat.warn("GOT referral exception (re1): " + re.getMessage());
|
|
| 1223 |
logMetacat.warn("RE details (re2): " + re.toString(true));
|
|
| 1220 | 1224 |
//keep running in while loop |
| 1221 | 1225 |
moreReferrals = true; |
| 1222 | 1226 |
//assign refExc to new referral exception re |
| ... | ... | |
| 1224 | 1228 |
} |
| 1225 | 1229 |
//catch a authentication exception |
| 1226 | 1230 |
catch (AuthenticationException ae) {
|
| 1227 |
MetaCatUtil.logMetacat.warn("Error running referral handler thread (ae1): " +
|
|
| 1231 |
logMetacat.error("Error running referral handler thread (ae1): " +
|
|
| 1228 | 1232 |
ae.getMessage()); |
| 1229 | 1233 |
//check if has another referral |
| 1230 | 1234 |
moreReferrals = refExc.skipReferral(); |
| ... | ... | |
| 1233 | 1237 |
} |
| 1234 | 1238 |
//catch a naming exception |
| 1235 | 1239 |
catch (NamingException ne) {
|
| 1236 |
MetaCatUtil.logMetacat.warn("Error running referral handler thread (ne1): " +
|
|
| 1240 |
logMetacat.error("Error running referral handler thread (ne1): " +
|
|
| 1237 | 1241 |
ne.getMessage()); |
| 1238 | 1242 |
//check if has another referral |
| 1239 | 1243 |
moreReferrals = refExc.skipReferral(); |
| ... | ... | |
| 1247 | 1251 |
implements Runnable {
|
| 1248 | 1252 |
public void run() {
|
| 1249 | 1253 |
referralContext = null; |
| 1250 |
MetaCatUtil.logMetacat.info("getting groups context");
|
|
| 1254 |
logMetacat.info("getting groups context");
|
|
| 1251 | 1255 |
DirContext refDirContext = null; |
| 1252 | 1256 |
boolean moreReferrals = true; |
| 1253 | 1257 |
//set a while loop is because we don't know if a referral excption |
| ... | ... | |
| 1258 | 1262 |
String refInfo = null; |
| 1259 | 1263 |
refInfo = (String) refExc.getReferralInfo(); |
| 1260 | 1264 |
if (refInfo != null) {
|
| 1261 |
MetaCatUtil.logMetacat.info("Referral in thread to: " +
|
|
| 1265 |
logMetacat.info("Referral in thread to: " +
|
|
| 1262 | 1266 |
refInfo.toString()); |
| 1263 | 1267 |
} |
| 1264 | 1268 |
else {
|
| 1265 |
MetaCatUtil.logMetacat.info("getting refInfo Manually");
|
|
| 1269 |
logMetacat.info("getting refInfo Manually");
|
|
| 1266 | 1270 |
refInfo = (String) refExc.getReferralContext().getEnvironment(). |
| 1267 | 1271 |
get(Context.PROVIDER_URL); |
| 1268 | 1272 |
} |
| 1269 |
MetaCatUtil.logMetacat.info("refInfo: " + refInfo);
|
|
| 1273 |
logMetacat.info("refInfo: " + refInfo);
|
|
| 1270 | 1274 |
|
| 1271 | 1275 |
env.put(Context.INITIAL_CONTEXT_FACTORY, |
| 1272 | 1276 |
"com.sun.jndi.ldap.LdapCtxFactory"); |
| 1273 | 1277 |
env.put(Context.REFERRAL, "throw"); |
| 1274 | 1278 |
env.put(Context.PROVIDER_URL, refInfo); |
| 1275 | 1279 |
|
| 1276 |
MetaCatUtil.logMetacat.info("creating referralContext");
|
|
| 1280 |
logMetacat.info("creating referralContext");
|
|
| 1277 | 1281 |
referralContext = new InitialDirContext(env); |
| 1278 |
MetaCatUtil.logMetacat.info("referralContext created");
|
|
| 1282 |
logMetacat.info("referralContext created");
|
|
| 1279 | 1283 |
//get context and jump out the while loop |
| 1280 | 1284 |
moreReferrals = false; |
| 1281 | 1285 |
} //try |
| ... | ... | |
| 1286 | 1290 |
refExc = re; |
| 1287 | 1291 |
} |
| 1288 | 1292 |
catch (AuthenticationException ae) {
|
| 1289 |
MetaCatUtil.logMetacat.info("Error running referral handler thread (ae2): " +
|
|
| 1293 |
logMetacat.error("Error running referral handler thread (ae2): " +
|
|
| 1290 | 1294 |
ae.getMessage()); |
| 1291 | 1295 |
//check if has another referral |
| 1292 | 1296 |
moreReferrals = refExc.skipReferral(); |
| ... | ... | |
| 1294 | 1298 |
referralContext = null; |
| 1295 | 1299 |
} |
| 1296 | 1300 |
catch (NamingException ne) {
|
| 1297 |
MetaCatUtil.logMetacat.info("Error running referral handler thread (ne2): " +
|
|
| 1301 |
logMetacat.error("Error running referral handler thread (ne2): " +
|
|
| 1298 | 1302 |
ne.getMessage()); |
| 1299 | 1303 |
//check if has another referral |
| 1300 | 1304 |
moreReferrals = refExc.skipReferral(); |
Also available in: Unified diff
Replacing MetaCatUtil.debugMessage or MetaCatUtil.logMetacat call with logMetacat (private Logger object) call