Revision 2679
Added by sgarg over 18 years ago
| src/edu/ucsb/nceas/metacat/AuthInterface.java | ||
|---|---|---|
| 57 | 57 |
throws ConnectException; |
| 58 | 58 |
|
| 59 | 59 |
/** |
| 60 |
* Get information for a user - name, organization and email address. |
|
| 61 |
*/ |
|
| 62 |
public String[] getUserInfo(String user, String password) |
|
| 63 |
throws ConnectException; |
|
| 64 |
|
|
| 65 |
/** |
|
| 60 | 66 |
* Get the users for a particular group from the authentication service |
| 61 | 67 |
*/ |
| 62 | 68 |
public String[] getUsers(String user, String password, String group) |
| src/edu/ucsb/nceas/metacat/AuthLdap.java | ||
|---|---|---|
| 527 | 527 |
return users; |
| 528 | 528 |
} |
| 529 | 529 |
|
| 530 |
|
|
| 530 | 531 |
/** |
| 532 |
* Get all users from the authentication service |
|
| 533 |
* |
|
| 534 |
* @param user the user for authenticating against the service |
|
| 535 |
* @param password the password for authenticating against the service |
|
| 536 |
* @returns string array of all of the user names |
|
| 537 |
*/ |
|
| 538 |
public String[] getUserInfo(String user, String password) throws |
|
| 539 |
ConnectException {
|
|
| 540 |
String[] userinfo = new String[3]; |
|
| 541 |
|
|
| 542 |
// Identify service provider to use |
|
| 543 |
Hashtable env = new Hashtable(11); |
|
| 544 |
env.put(Context.INITIAL_CONTEXT_FACTORY, |
|
| 545 |
"com.sun.jndi.ldap.LdapCtxFactory"); |
|
| 546 |
env.put(Context.REFERRAL, referral); |
|
| 547 |
env.put(Context.PROVIDER_URL, ldapUrl); |
|
| 548 |
|
|
| 549 |
try {
|
|
| 550 |
|
|
| 551 |
// Create the initial directory context |
|
| 552 |
DirContext ctx = new InitialDirContext(env); |
|
| 553 |
// Specify the attributes to match. |
|
| 554 |
// Users are objects that have the attribute objectclass=InetOrgPerson. |
|
| 555 |
SearchControls ctls = new SearchControls(); |
|
| 556 |
String[] attrIDs = {
|
|
| 557 |
"cn", "o", "mail"}; |
|
| 558 |
ctls.setReturningAttributes(attrIDs); |
|
| 559 |
ctls.setSearchScope(SearchControls.SUBTREE_SCOPE); |
|
| 560 |
//ctls.setCountLimit(1000); |
|
| 561 |
String filter = "objectclass=InetOrgPerson"; |
|
| 562 |
NamingEnumeration namingEnum = ctx.search(user, filter, ctls); |
|
| 563 |
|
|
| 564 |
Attributes tempAttr = null; |
|
| 565 |
try {
|
|
| 566 |
while (namingEnum.hasMore()) {
|
|
| 567 |
SearchResult sr = (SearchResult) namingEnum.next(); |
|
| 568 |
tempAttr = sr.getAttributes(); |
|
| 569 |
|
|
| 570 |
if ( (tempAttr.get("cn") + "").startsWith("cn: ")) {
|
|
| 571 |
userinfo[0] = (tempAttr.get("cn") + "").substring(4);
|
|
| 572 |
} |
|
| 573 |
else {
|
|
| 574 |
userinfo[0] = (tempAttr.get("cn") + "");
|
|
| 575 |
} |
|
| 576 |
|
|
| 577 |
if ( (tempAttr.get("o") + "").startsWith("o: ")) {
|
|
| 578 |
userinfo[1] = (tempAttr.get("o") + "").substring(3);
|
|
| 579 |
} |
|
| 580 |
else {
|
|
| 581 |
userinfo[1] = (tempAttr.get("o") + "");
|
|
| 582 |
} |
|
| 583 |
|
|
| 584 |
if ( (tempAttr.get("mail") + "").startsWith("mail: ")) {
|
|
| 585 |
userinfo[2] = (tempAttr.get("mail") + "").substring(6);
|
|
| 586 |
} |
|
| 587 |
else {
|
|
| 588 |
userinfo[2] = (tempAttr.get("mail") + "");
|
|
| 589 |
} |
|
| 590 |
} |
|
| 591 |
} |
|
| 592 |
catch (SizeLimitExceededException slee) {
|
|
| 593 |
logMetacat.error("LDAP Server size limit exceeded. " +
|
|
| 594 |
"Returning incomplete record set."); |
|
| 595 |
} |
|
| 596 |
|
|
| 597 |
// Close the context when we're done |
|
| 598 |
ctx.close(); |
|
| 599 |
|
|
| 600 |
} |
|
| 601 |
catch (NamingException e) {
|
|
| 602 |
logMetacat.error("Problem getting users in AuthLdap.getUsers:" + e);
|
|
| 603 |
//e.printStackTrace(System.err); |
|
| 604 |
throw new ConnectException( |
|
| 605 |
"Problem getting users in AuthLdap.getUsers:" + e); |
|
| 606 |
} |
|
| 607 |
|
|
| 608 |
return userinfo; |
|
| 609 |
} |
|
| 610 |
|
|
| 611 |
/** |
|
| 531 | 612 |
* Get the users for a particular group from the authentication service |
| 532 | 613 |
* |
| 533 | 614 |
* @param user the user for authenticating against the service |
| src/edu/ucsb/nceas/metacat/AuthSession.java | ||
|---|---|---|
| 84 | 84 |
String[][] groupsWithDescription = |
| 85 | 85 |
authService.getGroups(username,password,username); |
| 86 | 86 |
String groups[] = new String[groupsWithDescription.length]; |
| 87 |
|
|
| 87 |
|
|
| 88 | 88 |
for(int i=0; i<groupsWithDescription.length; i++){
|
| 89 | 89 |
groups[i] = groupsWithDescription[i][0]; |
| 90 | 90 |
} |
| ... | ... | |
| 93 | 93 |
{
|
| 94 | 94 |
groups = new String[0]; |
| 95 | 95 |
} |
| 96 |
this.session = createSession(request, username, password, groups); |
|
| 96 |
|
|
| 97 |
String[] userInfo = |
|
| 98 |
authService.getUserInfo(username,password); |
|
| 99 |
|
|
| 100 |
|
|
| 101 |
this.session = createSession(request, username, password, groups, userInfo); |
|
| 97 | 102 |
String sessionId = session.getId(); |
| 98 | 103 |
message = "Authentication successful for user: " + username; |
| 99 |
this.statusMessage = formatOutput("login", message, sessionId);
|
|
| 104 |
this.statusMessage = formatOutput("login", message, sessionId, username, groups, userInfo);
|
|
| 100 | 105 |
return true; |
| 101 | 106 |
} else {
|
| 102 | 107 |
message = "Authentication failed for user: " + username; |
| ... | ... | |
| 117 | 122 |
/** Get new HttpSession and store username & password in it */ |
| 118 | 123 |
private HttpSession createSession(HttpServletRequest request, |
| 119 | 124 |
String username, String password, |
| 120 |
String[] groups) |
|
| 125 |
String[] groups, String[] userInfo)
|
|
| 121 | 126 |
throws IllegalStateException {
|
| 122 | 127 |
|
| 123 | 128 |
// get the current session object, create one if necessary |
| ... | ... | |
| 139 | 144 |
session.setMaxInactiveInterval(-1); |
| 140 | 145 |
session.setAttribute("username", username);
|
| 141 | 146 |
session.setAttribute("password", password);
|
| 147 |
|
|
| 148 |
if ( userInfo!=null & userInfo.length == 3 ) {
|
|
| 149 |
session.setAttribute("name", userInfo[0]);
|
|
| 150 |
session.setAttribute("organization", userInfo[1]);
|
|
| 151 |
session.setAttribute("email", userInfo[2]);
|
|
| 152 |
} |
|
| 153 |
|
|
| 142 | 154 |
if ( groups.length > 0 ) {
|
| 143 | 155 |
session.setAttribute("groupnames", groups);
|
| 144 | 156 |
} |
| ... | ... | |
| 178 | 190 |
*/ |
| 179 | 191 |
private String formatOutput(String tag, String message) |
| 180 | 192 |
{
|
| 181 |
return formatOutput(tag, message, null); |
|
| 193 |
return formatOutput(tag, message, null, null, null, null);
|
|
| 182 | 194 |
} |
| 183 | 195 |
|
| 184 | 196 |
/* |
| ... | ... | |
| 188 | 200 |
* @param message the message content of the root element |
| 189 | 201 |
* @param sessionId the session identifier for a successful login |
| 190 | 202 |
*/ |
| 191 |
private String formatOutput(String tag, String message, String sessionId) |
|
| 203 |
private String formatOutput(String tag, String message, |
|
| 204 |
String sessionId, String username, String[] groups, |
|
| 205 |
String userInfo[]) |
|
| 192 | 206 |
{
|
| 193 | 207 |
StringBuffer out = new StringBuffer(); |
| 194 | 208 |
|
| ... | ... | |
| 197 | 211 |
out.append("\n <message>" + message + "</message>\n");
|
| 198 | 212 |
if (sessionId != null) {
|
| 199 | 213 |
out.append("\n <sessionId>" + sessionId + "</sessionId>\n");
|
| 214 |
|
|
| 215 |
if(userInfo != null && userInfo[0]!=null){
|
|
| 216 |
out.append("\n<name>\n");
|
|
| 217 |
out.append(userInfo[0]); |
|
| 218 |
out.append("\n</name>\n");
|
|
| 219 |
} |
|
| 220 |
if(MetaCatUtil.isAdministrator(username,groups)){
|
|
| 221 |
out.append("\n <isAdministrator></isAdministrator>\n");
|
|
| 222 |
} |
|
| 223 |
|
|
| 224 |
if(MetaCatUtil.isModerator(username,groups)){
|
|
| 225 |
out.append("\n <isModerator></isModerator>\n");
|
|
| 226 |
} |
|
| 200 | 227 |
} |
| 201 | 228 |
out.append("</" + tag + ">");
|
| 202 | 229 |
|
Also available in: Unified diff
Added a new function - getUserInfo to AuthInterface and AuthLdap
The function returns a string array for a given username. the array contains the name, organization name and email address of the user. In case of ldap, it is cn, o and mail attributes for ldapbase=username
Modified AuthSession to use the above function when a user logs into Metacat and store the name of the user in the session. if needed, the organization information can also be stored in the session.