/src/edu/ucsb/nceas/metacat/AuthLdap.java - Annotate - Metacat - Ecoinformatics Redmine

metacat/src/edu/ucsb/nceas/metacat/AuthLdap.java @ 3144

-            bojilova
+/**
  *  '$RCSfile$'
  *    Purpose: An implementation of the AuthInterface interface that
  *             allows Metacat to use the LDAP protocol for
  *             directory services
  *  Copyright: 2000 Regents of the University of California and the
  *             National Center for Ecological Analysis and Synthesis
  *    Authors: Matt Jones
+ *
  *   '$Author$'
  *     '$Date$'
  * '$Revision$'
             jones
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
  * the Free Software Foundation; either version 2 of the License, or
  * (at your option) any later version.
+ *
  * This program is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
+ *
  * You should have received a copy of the GNU General Public License
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-            bojilova
+ */
 package edu.ucsb.nceas.metacat;
 import java.net.ConnectException;
 import javax.naming.AuthenticationException;
 import javax.naming.Context;
-            bojilova
+import javax.naming.NamingEnumeration;
 import javax.naming.NamingException;
-            jones
+import javax.naming.SizeLimitExceededException;
-            bojilova
+import javax.naming.directory.InvalidSearchFilterException;
-            bojilova
+import javax.naming.directory.Attribute;
 import javax.naming.directory.Attributes;
-            jones
+import javax.naming.directory.DirContext;
 import javax.naming.directory.InitialDirContext;
 import javax.naming.directory.SearchResult;
-            bojilova
+import javax.naming.directory.SearchControls;
-            berkley
+import javax.naming.ReferralException;
-            sgarg
+import javax.naming.ldap.InitialLdapContext;
 import javax.naming.ldap.LdapContext;
 import javax.naming.ldap.StartTlsRequest;
 import javax.naming.ldap.StartTlsResponse;
 import javax.net.ssl.SSLSession;
             sgarg
 import org.apache.log4j.Logger;
-            jones
+import java.net.URLDecoder;
-            bojilova
+import java.util.Iterator;
 import java.util.HashMap;
 import java.util.Hashtable;
-            bojilova
+import java.util.Enumeration;
-            bojilova
+import java.util.Set;
 import java.util.Vector;
 /**
  * An implementation of the AuthInterface interface that
  * allows Metacat to use the LDAP protocol for directory services.
-            sgarg
+ * The LDAP authentication service is used to determine if a user
-            bojilova
+ * is authenticated, and whether they are a member of a particular group.
  */
-            sgarg
+public class AuthLdap
     implements AuthInterface, Runnable {
-            bojilova
+  private MetaCatUtil util = new MetaCatUtil();
-            bojilova
+  private String ldapUrl;
-            bojilova
+  private String ldapsUrl;
-            bojilova
+  private String ldapBase;
-            jones
+  private String referral;
-            tao
+  private Context referralContext;
-            berkley
+  Hashtable env = new Hashtable(11);
   private Context rContext;
-            tao
+  private String userName;
   private String userPassword;
-            berkley
+  ReferralException refExc;
             bojilova
-            sgarg
+  private static Logger logMetacat = Logger.getLogger(AuthLdap.class);
-            sgarg
+  /**
-            bojilova
+   * Construct an AuthLdap
    */
   public AuthLdap() {
     // Read LDAP URI for directory service information
-            bojilova
+    this.ldapUrl = MetaCatUtil.getOption("ldapurl");
     this.ldapsUrl = MetaCatUtil.getOption("ldapsurl");
     this.ldapBase = MetaCatUtil.getOption("ldapbase");
-            jones
+    this.referral = MetaCatUtil.getOption("referral");
             bojilova
-            bojilova
+  /**
    * Determine if a user/password are valid according to the authentication
    * service.
+   *
    * @param user the name of the principal to authenticate
    * @param password the password to use for authentication
    * @returns boolean true if authentication successful, false otherwise
    */
             sgarg
-            sgarg
+  public boolean authenticate(String user, String password) throws
       ConnectException {
-            bojilova
+    String ldapUrl = this.ldapUrl;
-            bojilova
+    String ldapsUrl = this.ldapsUrl;
-            bojilova
+    String ldapBase = this.ldapBase;
-            bojilova
+    boolean authenticated = false;
-            bojilova
+    String identifier = user;
             sgarg
-            tao
+    //get uid here.
-            sgarg
+    String uid=user.substring(0, user.indexOf(","));
     user = user.substring(user.indexOf(","), user.length());
             sgarg
-            sgarg
+    logMetacat.debug("identifier: " + identifier);
     logMetacat.debug("uid: " + uid);
     logMetacat.debug("user: " + user);
-            bojilova
+    try {
-            sgarg
+    	// Check the usename as passed in
         logMetacat.info("Calling ldapAuthenticate");
         logMetacat.info("with user as identifier: " + identifier);
         authenticated = ldapAuthenticate(identifier, password,
         		(new Boolean(MetaCatUtil.getOption("onlySecureLDAPConnection"))).booleanValue());
         // if not found, try looking up a valid DN then auth again
         if (!authenticated) {
         	logMetacat.info("Not Authenticated");
         	logMetacat.info("Looking up DN for: " + identifier);
         	identifier = getIdentifyingName(identifier, ldapUrl, ldapBase);
         	if(identifier == null){
-            sgarg
+        		logMetacat.info("No DN found from getIdentifyingName");
-            sgarg
+        		return authenticated;
+        	}
            	logMetacat.info("DN found from getIdentifyingName: " + identifier);
         	String decoded = URLDecoder.decode(identifier);
         	logMetacat.info("DN decoded: " + decoded);
         	identifier = decoded;
         	String refUrl = "";
         	String refBase = "";
         	if (identifier.startsWith("ldap")) {
         		logMetacat.debug("identifier starts with ldap");
         		refUrl = identifier.substring(0, identifier.lastIndexOf("/") + 1);
         		int position = identifier.indexOf(",");
         		int position2 = identifier.indexOf(",", position + 1);
             sgarg
-            sgarg
+        		refBase = identifier.substring(position2 + 1);
         		identifier = identifier.substring(identifier.lastIndexOf("/") + 1);
             sgarg
-            sgarg
+        		logMetacat.info("Calling ldapAuthenticate");
         		logMetacat.info("with user as identifier: " + identifier);
         		logMetacat.info("and refUrl as: " + refUrl);
         		logMetacat.info("and refBase as: " + refBase);
         		authenticated = ldapAuthenticate(identifier, password, refUrl, refBase,
                 		(new Boolean(MetaCatUtil.getOption("onlySecureLDAPReferalsConnection")))
                 			.booleanValue());
         	} else {
         		logMetacat.info("identifier doesnt start with ldap");
-            sgarg
+        		identifier = identifier + "," + ldapBase;
-            sgarg
+        		logMetacat.info("Calling ldapAuthenticate");
         		logMetacat.info("with user as identifier: " + identifier);
             sgarg
-            sgarg
+        		authenticated = ldapAuthenticate(identifier, password,
             		(new Boolean(MetaCatUtil.getOption("onlySecureLDAPConnection"))).booleanValue());
+        	}
             tao
             sgarg
     catch (NullPointerException e) {
-            sgarg
+    	logMetacat.error("NullPointerException while authenticating in " +
-            sgarg
+                        "AuthLdap.authenticate: " + e);
-            sgarg
+    	e.printStackTrace();
     	throw new ConnectException(
-            sgarg
+          "NullPointerException while authenticating in " +
           "AuthLdap.authenticate: " + e);
-            sgarg
+    } catch (NamingException e) {
     	logMetacat.error("Naming exception while authenticating in " +
-            sgarg
+                        "AuthLdap.authenticate: " + e);
-            sgarg
+    	e.printStackTrace();
     } catch (Exception e) {
     	logMetacat.error(e.getMessage());
             sgarg
             sgarg
-            bojilova
+    return authenticated;
+  }
   /**
-            jones
+   * Connect to the LDAP directory and do the authentication using the
    * username and password as passed into the routine.
+   *
    * @param identifier the distinguished name to check against LDAP
    * @param password the password for authentication
    */
-            sgarg
+  private boolean ldapAuthenticate(String identifier, String password,
 		  boolean secureConnectionOnly) throws ConnectException, NamingException,
 		  NullPointerException {
-            sgarg
+    return ldapAuthenticate(identifier, password,
-            sgarg
+                            this.ldapsUrl, this.ldapBase, secureConnectionOnly);
             jones
   /**
    * Connect to the LDAP directory and do the authentication using the
    * username and password as passed into the routine.
+   *
    * @param identifier the distinguished name to check against LDAP
    * @param password the password for authentication
    */
             sgarg
   private boolean ldapAuthenticate(String dn, String password, String rootServer,
 		  String rootBase, boolean secureConnectionOnly){
 	  boolean authenticated = false;
 	  String server = "";
 	  String userDN = "";
 	  logMetacat.info("dn is: " + dn);
             sgarg
-            sgarg
+	  int position = dn.lastIndexOf("/");
       logMetacat.debug("position is: " + position);
 	  if (position == -1) {
 		  server = rootServer;
 		  if(dn.indexOf(userDN) < 0){
 			  userDN = dn + "," + rootBase;
 		  } else {
 			  userDN = dn;
+		  }
 		  logMetacat.info("userDN is: " + userDN);
        } else {
 		  server = dn.substring(0, position+1);
 		  userDN = dn.substring(position+1);
 		  logMetacat.info("server is: " + server);
 		  logMetacat.info("userDN is: " + userDN);
+	   }
 	   logMetacat.warn("Trying to authenticate: " + userDN);
 	   logMetacat.warn("          Using server: " + server);
 	   LdapContext ctx = null;
 	   double startTime;
 	   double stopTime;
 	   try {
 		   Hashtable env = new Hashtable();
 		   env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
 		   env.put(Context.PROVIDER_URL, server);
 		   env.put(Context.REFERRAL, "throw");
 		   try {
 			   startTime = System.currentTimeMillis();
 			   ctx = new InitialLdapContext(env, null);
 			   // Start up TLS here so that we don't pass our jewels in cleartext
 		       StartTlsResponse tls =
 		              (StartTlsResponse)ctx.extendedOperation(new StartTlsRequest());
 		       //tls.setHostnameVerifier(new SampleVerifier());
 		       SSLSession sess = tls.negotiate();
 		       ctx.addToEnvironment(Context.SECURITY_AUTHENTICATION, "simple");
 			   ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, userDN);
 			   ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password);
 			   ctx.reconnect(null);
 			   stopTime = System.currentTimeMillis();
 			   logMetacat.info("Connection time thru " + ldapsUrl + " was: " +
                        	(stopTime - startTime) / 1000 + " seconds.");
 			   authenticated = true;
 		   } catch (java.io.IOException ioe) {
 			   logMetacat.warn("Caught IOException in login while negotiating TLS: "
 	                                 + ioe.getMessage());
 			   if(secureConnectionOnly){
             sgarg
 				   return authenticated;
-            sgarg
+			   } else {
             sgarg
 				   logMetacat.info("Trying to authenticate without TLS");
-            sgarg
+				   env.put(Context.SECURITY_AUTHENTICATION, "simple");
 				   env.put(Context.SECURITY_PRINCIPAL, userDN);
 				   env.put(Context.SECURITY_CREDENTIALS, password);
 				   startTime = System.currentTimeMillis();
 				   ctx = new InitialLdapContext(env, null);
 				   stopTime = System.currentTimeMillis();
 				   logMetacat.info("Connection time thru " + ldapsUrl + " was: " +
 	                       	(stopTime - startTime) / 1000 + " seconds.");
 				   authenticated = true;
+			   }
+		   }
 	   } catch (AuthenticationException ae) {
 		   authenticated = false;
 	   } catch (javax.naming.InvalidNameException ine) {
 	        logMetacat.error("An invalid DN was provided!");
 	   } catch (NamingException e) {
 		   logMetacat.warn("Caught NamingException in login: " + e.getClass().getName());
 		   logMetacat.info(e.toString() + "  " + e.getRootCause());
             sgarg
             tao
-            sgarg
+       return authenticated;
             jones
             sgarg
-            jones
+  /**
-            bojilova
+   * Get the identifying name for a given userid or name.  This is the name
    * that is used in conjunction withthe LDAP BaseDN to create a
    * distinguished name (dn) for the record
+   *
    * @param user the user for which the identifying name is requested
-            sgarg
+   * @returns String the identifying name for the user,
-            bojilova
+   *          or null if not found
    */
-            tao
+  private String getIdentifyingName(String user, String ldapUrl,
-            sgarg
+          String ldapBase) throws NamingException {
       String identifier = null;
       Hashtable env = new Hashtable();
       env.put(Context.INITIAL_CONTEXT_FACTORY,
               "com.sun.jndi.ldap.LdapCtxFactory");
       env.put(Context.REFERRAL, "throw");
       env.put(Context.PROVIDER_URL, ldapUrl + ldapBase);
-            bojilova
+      try {
-            sgarg
+    	  int position = user.indexOf(",");
           String uid = user.substring(user.indexOf("=") + 1, position);
-            sgarg
+          logMetacat.info("uid is: " + uid);
-            sgarg
+          String org = user.substring(user.indexOf("=", position + 1) + 1,
                                         user.indexOf(",", position + 1));
-            sgarg
+          logMetacat.info("org is: " + org);
             sgarg
           DirContext sctx = new InitialDirContext(env);
           SearchControls ctls = new SearchControls();
           ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
           String filter = "(&(uid=" + uid + ")(o=" + org + "))";
-            sgarg
+          logMetacat.warn("Searching for DNs with following filter: " + filter);
             sgarg
           for (boolean moreReferrals = true; moreReferrals;) {
               try {
                   // Perform the search
                   NamingEnumeration answer =
                       sctx.search("", filter, ctls);
             jones
-            sgarg
+                  // Return the answer
                   while (answer.hasMore()) {
                       SearchResult sr = (SearchResult)answer.next();
                       identifier = sr.getName();
                       return identifier;
+                  }
                   // The search completes with no more referrals
                   moreReferrals = false;
               } catch (ReferralException e) {
             	  logMetacat.info("Got referral: " + e.getReferralInfo());
-            sgarg
+            	  // Point to the new context from the referral
-            sgarg
+                  if (moreReferrals) {
                       sctx = (DirContext) e.getReferralContext();
+                  }
+              }
             bojilova
-            sgarg
+      } catch (NamingException e) {
     	     logMetacat.error("Naming exception while getting dn: " + e);
     	      throw new NamingException(
     	          "Naming exception in AuthLdap.getIdentifyingName: " + e);
+    	      }
       return identifier;
             bojilova
             sgarg
-            bojilova
+  /**
-            bojilova
+   * Get all users from the authentication service
             jones
    * @param user the user for authenticating against the service
    * @param password the password for authenticating against the service
    * @returns string array of all of the user names
-            bojilova
+   */
-            sgarg
+  public String[][] getUsers(String user, String password) throws
       ConnectException {
-            sgarg
+    String[][] users = null;
             bojilova
     // Identify service provider to use
     Hashtable env = new Hashtable(11);
-            sgarg
+    env.put(Context.INITIAL_CONTEXT_FACTORY,
-            bojilova
+            "com.sun.jndi.ldap.LdapCtxFactory");
-            jones
+    env.put(Context.REFERRAL, referral);
-            jones
+    env.put(Context.PROVIDER_URL, ldapUrl);
             sgarg
-            bojilova
+    try {
-            sgarg
+      // Create the initial directory context
       DirContext ctx = new InitialDirContext(env);
             bojilova
-            sgarg
+      // Specify the attributes to match.
       // Users are objects that have the attribute objectclass=InetOrgPerson.
       SearchControls ctls = new SearchControls();
       String[] attrIDs = {
-            sgarg
+          "dn", "cn", "o", "ou", "mail"};
-            sgarg
+      ctls.setReturningAttributes(attrIDs);
       ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
       //ctls.setCountLimit(1000);
       String filter = "(objectClass=inetOrgPerson)";
-            sgarg
+      NamingEnumeration namingEnum = ctx.search(ldapBase, filter, ctls);
             sgarg
-            sgarg
+      // Store the users in a vector
       Vector uvec = new Vector();
       Vector uname = new Vector();
       Vector uorg = new Vector();
-            sgarg
+      Vector uou = new Vector();
-            sgarg
+      Vector umail = new Vector();
       Attributes tempAttr = null;
       try {
-            sgarg
+        while (namingEnum.hasMore()) {
           SearchResult sr = (SearchResult) namingEnum.next();
-            sgarg
+          tempAttr = sr.getAttributes();
             sgarg
-            sgarg
+          if ( (tempAttr.get("cn") + "").startsWith("cn: ")) {
             uname.add( (tempAttr.get("cn") + "").substring(4));
+          }
           else {
             uname.add(tempAttr.get("cn") + "");
+          }
             sgarg
-            sgarg
+          if ( (tempAttr.get("o") + "").startsWith("o: ")) {
             uorg.add( (tempAttr.get("o") + "").substring(3));
+          }
           else {
             uorg.add(tempAttr.get("o") + "");
+          }
             sgarg
-            sgarg
+          if ( (tempAttr.get("ou") + "").startsWith("ou: ")) {
             uou.add( (tempAttr.get("ou") + "").substring(4));
+          }
           else {
             uou.add(tempAttr.get("ou") + "");
+          }
-            sgarg
+          if ( (tempAttr.get("mail") + "").startsWith("mail: ")) {
             umail.add( (tempAttr.get("mail") + "").substring(6));
+          }
           else {
             umail.add(tempAttr.get("mail") + "");
+          }
             sgarg
-            sgarg
+          uvec.add(sr.getName() + "," + ldapBase);
             bojilova
             sgarg
       catch (SizeLimitExceededException slee) {
-            sgarg
+        logMetacat.error("LDAP Server size limit exceeded. " +
-            sgarg
+                          "Returning incomplete record set.");
             sgarg
             bojilova
-            sgarg
+      // initialize users[]; fill users[]
-            sgarg
+      users = new String[uvec.size()][5];
-            sgarg
+      for (int i = 0; i < uvec.size(); i++) {
         users[i][0] = (String) uvec.elementAt(i);
         users[i][1] = (String) uname.elementAt(i);
         users[i][2] = (String) uorg.elementAt(i);
-            sgarg
+        users[i][3] = (String) uorg.elementAt(i);
         users[i][4] = (String) umail.elementAt(i);
             sgarg
             bojilova
-            sgarg
+      // Close the context when we're done
       ctx.close();
             bojilova
             sgarg
     catch (NamingException e) {
-            sgarg
+      logMetacat.error("Problem getting users in AuthLdap.getUsers:" + e);
-            tao
+      //e.printStackTrace(System.err);
-            bojilova
+      throw new ConnectException(
-            sgarg
+          "Problem getting users in AuthLdap.getUsers:" + e);
             bojilova
     return users;
             bojilova
             sgarg
-            bojilova
+  /**
-            sgarg
+   * Get all users from the authentication service
+   *
    * @param user the user for authenticating against the service
    * @param password the password for authenticating against the service
    * @returns string array of all of the user names
    */
   public String[] getUserInfo(String user, String password) throws
       ConnectException {
     String[] userinfo = new String[3];
     // Identify service provider to use
     Hashtable env = new Hashtable(11);
     env.put(Context.INITIAL_CONTEXT_FACTORY,
             "com.sun.jndi.ldap.LdapCtxFactory");
     env.put(Context.REFERRAL, referral);
     env.put(Context.PROVIDER_URL, ldapUrl);
     try {
             sgarg
-            sgarg
+      // Create the initial directory context
       DirContext ctx = new InitialDirContext(env);
       // Specify the attributes to match.
       // Users are objects that have the attribute objectclass=InetOrgPerson.
       SearchControls ctls = new SearchControls();
       String[] attrIDs = {
           "cn", "o", "mail"};
       ctls.setReturningAttributes(attrIDs);
       ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
       //ctls.setCountLimit(1000);
-            sgarg
+      // create the filter based on the uid
       String filter = null;
       if(user.indexOf("o=")>0){
     	  String tempStr = user.substring(user.indexOf("o="));
     	  filter = "(&(" + user.substring(0, user.indexOf(","))
 			+ ")(" + tempStr.substring(0, tempStr.indexOf(","))
 			+ "))";
       } else{
     	  filter = "(&(" + user.substring(0, user.indexOf(","))
 			+ "))";
+      }
    	  filter = "(&(" + user.substring(0, user.indexOf(","))
 		+ "))";
-            sgarg
+      NamingEnumeration namingEnum = ctx.search(user, filter, ctls);
             sgarg
-            sgarg
+      Attributes tempAttr = null;
       try {
         while (namingEnum.hasMore()) {
           SearchResult sr = (SearchResult) namingEnum.next();
           tempAttr = sr.getAttributes();
           if ( (tempAttr.get("cn") + "").startsWith("cn: ")) {
         	  userinfo[0] = (tempAttr.get("cn") + "").substring(4);
+          }
           else {
         	  userinfo[0] = (tempAttr.get("cn") + "");
+          }
           if ( (tempAttr.get("o") + "").startsWith("o: ")) {
         	  userinfo[1] = (tempAttr.get("o") + "").substring(3);
+          }
           else {
         	  userinfo[1] = (tempAttr.get("o") + "");
+          }
           if ( (tempAttr.get("mail") + "").startsWith("mail: ")) {
         	  userinfo[2] =  (tempAttr.get("mail") + "").substring(6);
+          }
           else {
         	  userinfo[2] = (tempAttr.get("mail") + "");
+          }
+        }
+      }
       catch (SizeLimitExceededException slee) {
         logMetacat.error("LDAP Server size limit exceeded. " +
                           "Returning incomplete record set.");
+      }
       // Close the context when we're done
       ctx.close();
+    }
     catch (NamingException e) {
       logMetacat.error("Problem getting users in AuthLdap.getUsers:" + e);
       //e.printStackTrace(System.err);
       throw new ConnectException(
           "Problem getting users in AuthLdap.getUsers:" + e);
+    }
     return userinfo;
+  }
   /**
-            bojilova
+   * Get the users for a particular group from the authentication service
             jones
    * @param user the user for authenticating against the service
    * @param password the password for authenticating against the service
    * @param group the group whose user list should be returned
    * @returns string array of the user names belonging to the group
-            bojilova
+   */
-            sgarg
+  public String[] getUsers(String user, String password, String group) throws
       ConnectException {
-            bojilova
+    String[] users = null;
     // Identify service provider to use
     Hashtable env = new Hashtable(11);
-            sgarg
+    env.put(Context.INITIAL_CONTEXT_FACTORY,
-            bojilova
+            "com.sun.jndi.ldap.LdapCtxFactory");
-            jones
+    env.put(Context.REFERRAL, referral);
-            jones
+    env.put(Context.PROVIDER_URL, ldapUrl);
             bojilova
     try {
-            sgarg
+      // Create the initial directory context
       DirContext ctx = new InitialDirContext(env);
             bojilova
-            sgarg
+      // Specify the ids of the attributes to return
       String[] attrIDs = {
           "uniqueMember"};
             bojilova
-            sgarg
+      Attributes answer = ctx.getAttributes(group, attrIDs);
             bojilova
-            sgarg
+      Vector uvec = new Vector();
       try {
         for (NamingEnumeration ae = answer.getAll(); ae.hasMore(); ) {
           Attribute attr = (Attribute) ae.next();
           for (NamingEnumeration e = attr.getAll();
                e.hasMore();
                uvec.add(e.next())
                ) {
+            ;
+          }
             bojilova
             sgarg
       catch (SizeLimitExceededException slee) {
-            sgarg
+        logMetacat.error("LDAP Server size limit exceeded. " +
-            sgarg
+                          "Returning incomplete record set.");
             sgarg
             bojilova
-            sgarg
+      // initialize users[]; fill users[]
       users = new String[uvec.size()];
       for (int i = 0; i < uvec.size(); i++) {
         users[i] = (String) uvec.elementAt(i);
+      }
             bojilova
-            sgarg
+      // Close the context when we're done
       ctx.close();
             bojilova
             sgarg
     catch (NamingException e) {
-            sgarg
+      logMetacat.error("Problem getting users for a group in " +
-            sgarg
+                        "AuthLdap.getUsers:" + e);
-            bojilova
+      throw new ConnectException(
-            sgarg
+          "Problem getting users for a group in AuthLdap.getUsers:" + e);
             bojilova
     return users;
             bojilova
   /**
    * Get all groups from the authentication service
             jones
    * @param user the user for authenticating against the service
    * @param password the password for authenticating against the service
    * @returns string array of the group names
-            bojilova
+   */
-            sgarg
+  public String[][] getGroups(String user, String password) throws
       ConnectException {
     return getGroups(user, password, null);
             bojilova
   /**
    * Get the groups for a particular user from the authentication service
             jones
    * @param user the user for authenticating against the service
    * @param password the password for authenticating against the service
    * @param foruser the user whose group list should be returned
    * @returns string array of the group names
-            bojilova
+   */
-            sgarg
+  public String[][] getGroups(String user, String password, String foruser) throws
       ConnectException {
-            sgarg
+    Vector gvec = new Vector();
-            sgarg
+    Vector desc = new Vector();
     Attributes tempAttr = null;
-            tao
+    //Pass the username and password to run() method
-            sgarg
+    userName = user;
     userPassword = password;
-            bojilova
+    // Identify service provider to use
-            sgarg
+    env.put(Context.INITIAL_CONTEXT_FACTORY,
-            bojilova
+            "com.sun.jndi.ldap.LdapCtxFactory");
-            berkley
+    env.put(Context.REFERRAL, "throw");
-            jones
+    env.put(Context.PROVIDER_URL, ldapUrl);
-            bojilova
+    try {
-            sgarg
+      // Create the initial directory context
       DirContext ctx = new InitialDirContext(env);
       // Specify the ids of the attributes to return
       String[] attrIDs = {
           "cn", "o", "description"};
       // Specify the attributes to match.
       // Groups are objects with attribute objectclass=groupofuniquenames.
       // and have attribute uniquemember: uid=foruser,ldapbase.
       SearchControls ctls = new SearchControls();
       ctls.setReturningAttributes(attrIDs);
       ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
             sgarg
-            sgarg
+      String filter = null;
       String gfilter = "(objectClass=groupOfUniqueNames)";
       if (null == foruser) {
         filter = gfilter;
+      }
       else {
         filter = "(& " + gfilter + "(uniqueMember=" + foruser + "))";
+      }
-            sgarg
+      logMetacat.info("searching for groups: " + filter);
-            sgarg
+      NamingEnumeration namingEnum = ctx.search(ldapBase, filter, ctls);
             tao
-            sgarg
+      // Print the groups
-            sgarg
+      logMetacat.info("getting group results.");
-            sgarg
+      while (namingEnum.hasMore()) {
         SearchResult sr = (SearchResult) namingEnum.next();
-            sgarg
+        tempAttr = sr.getAttributes();
             sgarg
-            sgarg
+        if ( (tempAttr.get("description") + "").startsWith("description: ")) {
           desc.add( (tempAttr.get("description") + "").substring(13));
             bojilova
-            sgarg
+        else {
           desc.add(tempAttr.get("description") + "");
+        }
             tao
-            sgarg
+        gvec.add(sr.getName() + "," + ldapBase);
-            sgarg
+        logMetacat.info("group " + sr.getName() +
-            sgarg
+                                 " added to Group vector");
             sgarg
       // Close the context when we're done
       ctx.close();
             sgarg
-            sgarg
+    catch (ReferralException re) {
-            berkley
+      refExc = re;
       Thread t = new Thread(new GetGroup());
-            sgarg
+      logMetacat.info("Starting thread...");
-            berkley
+      t.start();
-            sgarg
+      logMetacat.info("sleeping for 5 seconds.");
-            sgarg
+      try {
-            berkley
+        Thread.sleep(5000);
+      }
-            sgarg
+      catch (InterruptedException ie) {
-            sgarg
+        logMetacat.error("main thread interrupted: " + ie.getMessage());
             berkley
       //this is a manual override of jndi's hideously long time
       //out period.
-            sgarg
+      logMetacat.info("Awake after 5 seconds.");
-            sgarg
+      if (referralContext == null) {
-            sgarg
+        logMetacat.info("thread timed out...returning groups: " +
-            sgarg
+                          gvec.toString());
-            sgarg
+        String groups[][] = new String[gvec.size()][2];
-            sgarg
+        for (int i = 0; i < gvec.size(); i++) {
           groups[i][0] = (String) gvec.elementAt(i);
           groups[i][1] = (String) desc.elementAt(i);
             tao
-            berkley
+        t.interrupt();
         return groups;
+      }
-            sgarg
+      DirContext dc = (DirContext) referralContext;
       String[] attrIDs = {
           "cn", "o", "description"};
-            berkley
+      // Specify the attributes to match.
       // Groups are objects with attribute objectclass=groupofuniquenames.
       // and have attribute uniquemember: uid=foruser,ldapbase.
       SearchControls ctls = new SearchControls();
       ctls.setReturningAttributes(attrIDs);
       ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
             sgarg
-            berkley
+      String filter = null;
       String gfilter = "(objectClass=groupOfUniqueNames)";
       if (null == foruser) {
-            sgarg
+        filter = gfilter;
             berkley
-            sgarg
+      else {
         filter = "(& " + gfilter + "(uniqueMember=" + foruser + "))";
+      }
             sgarg
-            sgarg
+      try {
-            sgarg
+        NamingEnumeration namingEnum = dc.search(ldapBase, filter, ctls);
-            tao
+        // Print the groups
-            sgarg
+        while (namingEnum.hasMore()) {
           SearchResult sr = (SearchResult) namingEnum.next();
-            sgarg
+          tempAttr = sr.getAttributes();
-            sgarg
+          if ( (tempAttr.get("description") + "").startsWith("description: ")) {
-            sgarg
+            desc.add( (tempAttr.get("description") + "").substring(13));
+          }
-            sgarg
+          else {
             desc.add(tempAttr.get("description") + "");
+          }
             sgarg
-            sgarg
+          gvec.add(sr.getName() + "," + ldapBase);
             tao
             sgarg
-            tao
+        referralContext.close();
         dc.close();
+      }
-            sgarg
+      catch (NamingException ne) {
-            sgarg
+        logMetacat.info("Naming Exception in AuthLdap.getGroups for referals" +
-            sgarg
+                                 ne.getExplanation() + ne.getMessage());
             tao
             sgarg
     catch (NamingException e) {
-            berkley
+      e.printStackTrace(System.err);
-            sgarg
+      String groups[][] = new String[gvec.size()][2];
-            sgarg
+      for (int i = 0; i < gvec.size(); i++) {
         groups[i][0] = (String) gvec.elementAt(i);
         groups[i][1] = (String) desc.elementAt(i);
             tao
       return groups;
-            sgarg
+      /*throw new ConnectException(
              "Problem getting groups for a user in AuthLdap.getGroups:" + e);*/
             sgarg
-            sgarg
+    logMetacat.warn("The user is in the following groups: " +
-            sgarg
+                             gvec.toString());
-            sgarg
+    String groups[][] = new String[gvec.size()][2];
-            sgarg
+    for (int i = 0; i < gvec.size(); i++) {
       groups[i][0] = (String) gvec.elementAt(i);
       groups[i][1] = (String) desc.elementAt(i);
             berkley
-            bojilova
+    return groups;
             bojilova
   /**
    * Get attributes describing a user or group
+   *
-            jones
+   * @param foruser the user for which the attribute list is requested
-            bojilova
+   * @returns HashMap a map of attribute name to a Vector of values
    */
-            sgarg
+  public HashMap getAttributes(String foruser) throws ConnectException {
-            jones
+    return getAttributes(null, null, foruser);
             bojilova
   /**
    * Get attributes describing a user or group
+   *
-            jones
+   * @param user the user for authenticating against the service
-            bojilova
+   * @param password the password for authenticating against the service
-            jones
+   * @param foruser the user whose attributes should be returned
-            bojilova
+   * @returns HashMap a map of attribute name to a Vector of values
    */
-            sgarg
+  public HashMap getAttributes(String user, String password, String foruser) throws
       ConnectException {
-            bojilova
+    HashMap attributes = new HashMap();
-            bojilova
+    String ldapUrl = this.ldapUrl;
     String ldapBase = this.ldapBase;
     String userident = foruser;
             sgarg
-            bojilova
+    // Identify service provider to use
     Hashtable env = new Hashtable(11);
-            sgarg
+    env.put(Context.INITIAL_CONTEXT_FACTORY,
-            sgarg
+            "com.sun.jndi.ldap.LdapCtxFactory");
-            jones
+    env.put(Context.REFERRAL, referral);
-            jones
+    env.put(Context.PROVIDER_URL, ldapUrl);
             bojilova
     try {
             sgarg
-            bojilova
+      // Create the initial directory context
       DirContext ctx = new InitialDirContext(env);
             sgarg
       // Ask for all attributes of the user
-            jones
+      //Attributes attrs = ctx.getAttributes(userident);
       Attributes attrs = ctx.getAttributes(foruser);
             sgarg
-            bojilova
+      // Print all of the attributes
       NamingEnumeration en = attrs.getAll();
       while (en.hasMore()) {
-            sgarg
+        Attribute att = (Attribute) en.next();
-            bojilova
+        Vector values = new Vector();
         String attName = att.getID();
         NamingEnumeration attvalues = att.getAll();
         while (attvalues.hasMore()) {
-            sgarg
+          String value = (String) attvalues.next();
-            bojilova
+          values.add(value);
+        }
         attributes.put(attName, values);
+      }
             sgarg
-            bojilova
+      // Close the context when we're done
       ctx.close();
             sgarg
     catch (NamingException e) {
-            sgarg
+      logMetacat.error("Problem getting attributes in " +
-            sgarg
+                        "AuthLdap.getAttributes:" + e);
-            bojilova
+      throw new ConnectException(
-            sgarg
+          "Problem getting attributes in AuthLdap.getAttributes:" + e);
             bojilova
     return attributes;
+  }
   /**
-            bojilova
+   * Get list of all subtrees holding Metacat's groups and users
-            sgarg
+   * starting from the Metacat LDAP root,
-            bojilova
+   * i.e. ldap://dev.nceas.ucsb.edu/dc=ecoinformatics,dc=org
-            jones
+   */
-            bojilova
+  private Hashtable getSubtrees(String user, String password,
-            sgarg
+                                String ldapUrl, String ldapBase) throws
       ConnectException {
-            bojilova
+    Hashtable trees = new Hashtable();
             jones
     // Identify service provider to use
     Hashtable env = new Hashtable(11);
-            sgarg
+    env.put(Context.INITIAL_CONTEXT_FACTORY,
-            jones
+            "com.sun.jndi.ldap.LdapCtxFactory");
-            sgarg
+    // env.put(Context.REFERRAL, referral);
     // Using 'ignore' here instead of 'follow' as 'ignore' seems
     // to do the job better. 'follow' was not bringing up the UCNRS
     // and PISCO tree whereas 'ignore' brings up the tree.
     env.put(Context.REFERRAL, "ignore");
-            jones
+    env.put(Context.PROVIDER_URL, ldapUrl + ldapBase);
     try {
-            sgarg
+      // Create the initial directory context
       DirContext ctx = new InitialDirContext(env);
             bojilova
-            sgarg
+      // Specify the ids of the attributes to return
       String[] attrIDs = {
           "o", "ref"};
       SearchControls ctls = new SearchControls();
       ctls.setReturningAttributes(attrIDs);
       ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
             sgarg
-            sgarg
+      // Specify the attributes to match.
       // Subtrees from the main server are found as objects with attribute
       // objectclass=organization or objectclass=referral to the subtree
       // resided on other server.
       String filter = "(|(objectclass=organization)(objectclass=referral))";
             bojilova
-            sgarg
+      // Search for objects in the current context
-            sgarg
+      NamingEnumeration namingEnum = ctx.search("", filter, ctls);
             bojilova
-            sgarg
+      // Print the subtrees' <ldapURL, baseDN>
-            sgarg
+      while (namingEnum.hasMore()) {
             sgarg
-            sgarg
+        SearchResult sr = (SearchResult) namingEnum.next();
             sgarg
         Attributes attrs = sr.getAttributes();
         NamingEnumeration enum1 = attrs.getAll(); // "dc" and "ref" attrs
         if (enum1.hasMore()) {
           Attribute attr = (Attribute) enum1.next();
           String attrValue = (String) attr.get();
           String attrName = (String) attr.getID();
-            bojilova
+          if (enum1.hasMore()) {
-            sgarg
+            attr = (Attribute) enum1.next();
             String refValue = (String) attr.get();
             String refName = (String) attr.getID();
             if (ldapBase.startsWith(refName + "=" + refValue)) {
               trees.put(ldapBase,
                         attrValue.substring(0, attrValue.lastIndexOf("/") + 1));
+            }
             else {
-            sgarg
+              // this is a referral - so organization name is appended in
               // front of the ldapbase.... later it is stripped out
               // in getPrincipals
               trees.put("[" + refName + "=" + refValue + "]" +
                         attrValue.substring(attrValue.lastIndexOf("/") + 1,
                                             attrValue.length()),
-            sgarg
+                        attrValue.substring(0, attrValue.lastIndexOf("/") + 1));
             sgarg
               // trees.put(refName + "=" + refValue + "," + ldapBase,
               //           attrValue.substring(0, attrValue.lastIndexOf("/") + 1));
             sgarg
             sgarg
             sgarg
           else if (ldapBase.startsWith(attrName + "=" + attrValue)) {
             trees.put(ldapBase, ldapUrl);
+          }
           else {
-            sgarg
+            if (sr.isRelative()) {
-            sgarg
+              trees.put(attrName + "=" + attrValue + "," + ldapBase, ldapUrl);
             sgarg
             else {
-            sgarg
+              String referenceURL = sr.getName();
-            sgarg
+              referenceURL = referenceURL.substring(0,
                   referenceURL.lastIndexOf("/") + 1);
               trees.put(attrName + "=" + attrValue + "," + ldapBase,
                         referenceURL);
             bojilova
             sgarg
             jones
+        }
             sgarg
             bojilova
-            sgarg
+      // Close the context when we're done
       ctx.close();
             bojilova
             sgarg
     catch (NamingException e) {
-            sgarg
+      logMetacat.error("Problem getting subtrees in AuthLdap.getSubtrees:"
-            sgarg
+                        + e);
-            bojilova
+      throw new ConnectException(
-            sgarg
+          "Problem getting subtrees in AuthLdap.getSubtrees:" + e);
             jones
-            bojilova
+    return trees;
             jones
   /**
-            bojilova
+   * Get all groups and users from authentication scheme.
-            bojilova
+   * The output is formatted in XML.
-            bojilova
+   * @param user the user which requests the information
    * @param password the user's password
-            bojilova
+   */
-            sgarg
+  public String getPrincipals(String user, String password) throws
       ConnectException {
-            bojilova
+    StringBuffer out = new StringBuffer();
             sgarg
-            sgarg
+    out.append("<?xml version=\"1.0\" encoding=\"US-ASCII\"?>\n");
-            bojilova
+    out.append("<principals>\n");
             sgarg
-            bojilova
+    /*
-            sgarg
+     * get all subtrees first in the current dir context
-            bojilova
+     * and then the Metacat users under them
      */
-            sgarg
+    Hashtable subtrees = getSubtrees(user, password, this.ldapUrl,
                                      this.ldapBase);
             sgarg
-            sgarg
+    Enumeration keyEnum = subtrees.keys();
     while (keyEnum.hasMoreElements()) {
       this.ldapBase = (String) keyEnum.nextElement();
-            sgarg
+      this.ldapUrl = (String) subtrees.get(ldapBase);
             sgarg
-            sgarg
+      /*
        * code to get the organization name from ldapBase
        */
-            sgarg
+      String orgName = this.ldapBase;
-            sgarg
+      if (orgName.startsWith("[")) {
-            sgarg
+        // if orgName starts with [ then it is a referral URL...
         // (see code in getSubtress)
         // hence orgName can be retrieved  by getting the string between
         // 'o=' and ']'
         // also the string between [ and ] needs to be striped out from
         // this.ldapBase
         this.ldapBase = orgName.substring(orgName.indexOf("]") + 1);
         if (orgName != null && orgName.indexOf("o=") > -1) {
           orgName = orgName.substring(orgName.indexOf("o=") + 2);
           orgName = orgName.substring(0, orgName.indexOf("]"));
+        }
             sgarg
       else {
-            sgarg
+        // else it is not referral
         // hence orgName can be retrieved  by getting the string between
         // 'o=' and ','
         if (orgName != null && orgName.indexOf("o=") > -1) {
           orgName = orgName.substring(orgName.indexOf("o=") + 2);
           if (orgName.indexOf(",") > -1) {
             orgName = orgName.substring(0, orgName.indexOf(","));
+          }
+        }
             sgarg
-            sgarg
+      out.append("  <authSystem URI=\"" +
-            sgarg
+                 this.ldapUrl + this.ldapBase + "\" organization=\"" + orgName +
                  "\">\n");
             bojilova
       // get all groups for directory context
-            sgarg
+      String[][] groups = getGroups(user, password);
       String[][] users = getUsers(user, password);
       int userIndex = 0;
             bojilova
       // for the groups and users that belong to them
-            sgarg
+      if (groups != null && groups.length > 0) {
         for (int i = 0; i < groups.length; i++) {
-            bojilova
+          out.append("    <group>\n");
-            sgarg
+          out.append("      <groupname>" + groups[i][0] + "</groupname>\n");
           out.append("      <description>" + groups[i][1] + "</description>\n");
-            sgarg
+          String[] usersForGroup = getUsers(user, password, groups[i][0]);
           for (int j = 0; j < usersForGroup.length; j++) {
             sgarg
-            sgarg
+            userIndex = searchUser(usersForGroup[j], users);
-            bojilova
+            out.append("      <user>\n");
             sgarg
-            sgarg
+            if (userIndex < 0) {
-            sgarg
+              out.append("        <username>" + usersForGroup[j] +
                          "</username>\n");
             sgarg
             else {
-            sgarg
+              out.append("        <username>" + users[userIndex][0] +
-            sgarg
+                         "</username>\n");
-            sgarg
+              out.append("        <name>" + users[userIndex][1] + "</name>\n");
               out.append("        <organization>" + users[userIndex][2] +
-            sgarg
+                         "</organization>\n");
-            sgarg
+              if (users[userIndex][3].compareTo("null") != 0) {
                 out.append("      <organizationUnitName>" + users[userIndex][3] +
                            "</organizationUnitName>\n");
+              }
               out.append("        <email>" + users[userIndex][4] + "</email>\n");
             sgarg
-            bojilova
+            out.append("      </user>\n");
+          }
           out.append("    </group>\n");
+        }
+      }
             sgarg
-            sgarg
+      // for the users not belonging to any grou8p
-            sgarg
+      for (int j = 0; j < users.length; j++) {
-            bojilova
+          out.append("    <user>\n");
-            sgarg
+          out.append("      <username>" + users[j][0] + "</username>\n");
           out.append("      <name>" + users[j][1] + "</name>\n");
-            sgarg
+          out.append("      <organization>" + users[j][2] +
                      "</organization>\n");
           if (users[j][3].compareTo("null") != 0) {
             out.append("      <organizationUnitName>" + users[j][3] +
                        "</organizationUnitName>\n");
+          }
           out.append("      <email>" + users[j][4] + "</email>\n");
-            bojilova
+          out.append("    </user>\n");
+      }
             sgarg
-            bojilova
+      out.append("  </authSystem>\n");
             bojilova
     out.append("</principals>");
     return out.toString();
+  }
   /**
-            sgarg
+   * Method for getting index of user DN in User info array
    */
-            sgarg
+  int searchUser(String user, String userGroup[][]) {
     for (int j = 0; j < userGroup.length; j++) {
       if (user.compareTo(userGroup[j][0]) == 0) {
-            sgarg
+        return j;
+      }
+    }
     return -1;
+  }
   /**
-            bojilova
+   * Test method for the class
    */
   public static void main(String[] args) {
-            jones
+    // Provide a user, such as: "Matt Jones", or "jones"
-            bojilova
+    String user = args[0];
     String password = args[1];
-            sgarg
+    logMetacat.warn("Creating session...");
-            bojilova
+    AuthLdap authservice = new AuthLdap();
-            sgarg
+    logMetacat.warn("Session exists...");
             sgarg
-            bojilova
+    boolean isValid = false;
     try {
-            sgarg
+      logMetacat.warn("Authenticating...");
-            bojilova
+      isValid = authservice.authenticate(user, password);
       if (isValid) {
-            sgarg
+    	  logMetacat.warn("Authentication successful for: " + user);
             sgarg
       else {
-            sgarg
+        logMetacat.warn("Authentication failed for: " + user);
             bojilova
             bojilova
-            jones
+      // Get attributes for the user
-            bojilova
+      if (isValid) {
-            sgarg
+        logMetacat.info("\nGetting attributes for user....");
-            tao
+        HashMap userInfo = authservice.getAttributes(user, password, user);
-            bojilova
+        // Print all of the attributes
-            sgarg
+        Iterator attList = (Iterator) ( ( (Set) userInfo.keySet()).iterator());
-            bojilova
+        while (attList.hasNext()) {
-            sgarg
+          String att = (String) attList.next();
           Vector values = (Vector) userInfo.get(att);
-            bojilova
+          Iterator attvalues = values.iterator();
           while (attvalues.hasNext()) {
-            sgarg
+            String value = (String) attvalues.next();
-            sgarg
+            logMetacat.warn(att + ": " + value);
             bojilova
+        }
             jones
             bojilova
-            jones
+      // get the groups
       if (isValid) {
-            sgarg
+        logMetacat.warn("\nGetting all groups....");
-            sgarg
+        String[][] groups = authservice.getGroups(user, password);
-            sgarg
+        logMetacat.info("Groups found: " + groups.length);
-            sgarg
+        for (int i = 0; i < groups.length; i++) {
-            sgarg
+          logMetacat.info("Group " + i + ": " + groups[i][0]);
             jones
             bojilova
             bojilova
-            jones
+      // get the groups for the user
       String savedGroup = null;
       if (isValid) {
-            sgarg
+        logMetacat.warn("\nGetting groups for user....");
-            sgarg
+        String[][] groups = authservice.getGroups(user, password, user);
-            sgarg
+        logMetacat.info("Groups found: " + groups.length);
-            sgarg
+        for (int i = 0; i < groups.length; i++) {
-            sgarg
+          logMetacat.info("Group " + i + ": " + groups[i][0]);
-            sgarg
+          savedGroup = groups[i][0];
             jones
+      }
       // get the users for a group
       if (isValid) {
-            sgarg
+        logMetacat.warn("\nGetting users for group....");
         logMetacat.info("Group: " + savedGroup);
-            jones
+        String[] users = authservice.getUsers(user, password, savedGroup);
-            sgarg
+        logMetacat.info("Users found: " + users.length);
-            sgarg
+        for (int i = 0; i < users.length; i++) {
-            sgarg
+          logMetacat.warn("User " + i + ": " + users[i]);
             jones
+      }
       // get all users
       if (isValid) {
-            sgarg
+        logMetacat.warn("\nGetting all users ....");
-            sgarg
+        String[][] users = authservice.getUsers(user, password);
-            sgarg
+        logMetacat.info("Users found: " + users.length);
             sgarg
             jones
             jones
-            bojilova
+      // get the whole list groups and users in XML format
-            bojilova
+      if (isValid) {
-            sgarg
+        logMetacat.warn("\nTrying principals....");
-            bojilova
+        authservice = new AuthLdap();
-            bojilova
+        String out = authservice.getPrincipals(user, password);
-            bojilova
+        java.io.File f = new java.io.File("principals.xml");
-            bojilova
+        java.io.FileWriter fw = new java.io.FileWriter(f);
         java.io.BufferedWriter buff = new java.io.BufferedWriter(fw);
         buff.write(out);
         buff.flush();
         buff.close();
         fw.close();
-            sgarg
+        logMetacat.warn("\nFinished getting principals.");
             bojilova
             jones
             sgarg
     catch (ConnectException ce) {
-            sgarg
+      logMetacat.error(ce.getMessage());
             sgarg
     catch (java.io.IOException ioe) {
-            sgarg
+      logMetacat.error("I/O Error writing to file principals.txt");
             bojilova
+  }
             sgarg
-            tao
+  /**
    * This method will be called by start a thread.
    * It can handle if a referral exception happend.
-            sgarg
+   */
-            sgarg
+  public void run() {
-            berkley
+    referralContext = null;
-            sgarg
+    DirContext refDirContext = null;
     boolean moreReferrals = true;
     String referralInfo = null;
-            tao
+    //set a while loop is because we don't know if a referral excption contains
     //another referral exception
-            sgarg
+    while (moreReferrals) {
       try {
-            tao
+        //revise environment variable
-            sgarg
+        referralInfo = (String) refExc.getReferralInfo();
-            sgarg
+        logMetacat.info("Processing referral (pr0): ");
         logMetacat.info("PROVIDER_URL set to (pr1): " + referralInfo);
-            jones
+        //env.put(Context.PROVIDER_URL,referralInfo);
         //env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
         //env.put(Context.SECURITY_PRINCIPAL, userName);
         //env.put(Context.SECURITY_CREDENTIALS, userPassword);
         //env.put(Context.REFERRAL, "throw");
-            sgarg
+        //logMetacat.info("Processing referral (pr1.info): " + userName,35);
         //logMetacat.info("Processing referral (pr2)",35);
-            jones
+        //rContext = refExc.getReferralContext(env);
         rContext = refExc.getReferralContext();
-            sgarg
+        logMetacat.info("Processing referral (pr3)");
-            tao
+        //casting the context to dircontext and it will create a
         //autherntication or naming exception if DN and password is incorrect
-            sgarg
+        referralContext = rContext;
         refDirContext = (DirContext) rContext;
-            tao
+        refDirContext.close();
-            tao
+        //get context and jump out the while loop
-            sgarg
+        moreReferrals = false;
-            sgarg
+        logMetacat.info("Processing referral (pr4)");
-            sgarg
+      } //try
-            tao
+      //if referral have another referral excption
-            sgarg
+      catch (ReferralException re) {
-            sgarg
+        logMetacat.warn("GOT referral exception (re1): " + re.getMessage());
         logMetacat.warn("RE details (re2): " + re.toString(true));
-            tao
+        //keep running in while loop
-            sgarg
+        moreReferrals = true;
-            tao
+        //assign refExc to new referral exception re
-            sgarg
+        refExc = re;
             tao
-            tao
+      //catch a authentication exception
-            sgarg
+      catch (AuthenticationException ae) {
-            sgarg
+        logMetacat.error("Error running referral handler thread (ae1): " +
-            sgarg
+                          ae.getMessage());
-            tao
+        //check if has another referral
-            sgarg
+        moreReferrals = refExc.skipReferral();
-            tao
+        //don't get the context
         referralContext = null;
+      }
-            tao
+      //catch a naming exception
-            sgarg
+      catch (NamingException ne) {
-            sgarg
+        logMetacat.error("Error running referral handler thread (ne1): " +
-            sgarg
+                          ne.getMessage());
-            tao
+        //check if has another referral
-            sgarg
+        moreReferrals = refExc.skipReferral();
-            tao
+        //don't get context
-            sgarg
+        referralContext = null;
             tao
-            sgarg
+    } //while
   } //run()
             sgarg
-            sgarg
+  private class GetGroup
       implements Runnable {
     public void run() {
-            tao
+      referralContext = null;
-            sgarg
+      logMetacat.info("getting groups context");
-            sgarg
+      DirContext refDirContext = null;
       boolean moreReferrals = true;
-            sgarg
+      //set a while loop is because we don't know if a referral excption
-            tao
+      //contains another referral exception
-            sgarg
+      while (moreReferrals) {
         try {
-            tao
+          //revise environment variable
           String refInfo = null;
-            sgarg
+          refInfo = (String) refExc.getReferralInfo();
           if (refInfo != null) {
-            sgarg
+            logMetacat.info("Referral in thread to: " +
-            sgarg
+                                     refInfo.toString());
             tao
-            sgarg
+          else {
-            sgarg
+            logMetacat.info("getting refInfo Manually");
-            sgarg
+            refInfo = (String) refExc.getReferralContext().getEnvironment().
                 get(Context.PROVIDER_URL);
             tao
-            sgarg
+          logMetacat.info("refInfo: " + refInfo);
             sgarg
           env.put(Context.INITIAL_CONTEXT_FACTORY,
-            sgarg
+                  "com.sun.jndi.ldap.LdapCtxFactory");
-            tao
+          env.put(Context.REFERRAL, "throw");
           env.put(Context.PROVIDER_URL, refInfo);
             sgarg
-            sgarg
+          logMetacat.info("creating referralContext");
-            tao
+          referralContext = new InitialDirContext(env);
-            sgarg
+          logMetacat.info("referralContext created");
-            tao
+          //get context and jump out the while loop
-            sgarg
+          moreReferrals = false;
         } //try
         catch (ReferralException re) {
-            tao
+          //keep running in while loop
-            sgarg
+          moreReferrals = true;
-            tao
+          //assign refExc to new referral exception re
-            sgarg
+          refExc = re;
             tao
-            sgarg
+        catch (AuthenticationException ae) {
-            sgarg
+          logMetacat.error("Error running referral handler thread (ae2): " +
-            sgarg
+                            ae.getMessage());
-            tao
+          //check if has another referral
-            sgarg
+          moreReferrals = refExc.skipReferral();
-            tao
+          //don't get the context
           referralContext = null;
+        }
-            sgarg
+        catch (NamingException ne) {
-            sgarg
+          logMetacat.error("Error running referral handler thread (ne2): " +
-            sgarg
+                            ne.getMessage());
-            tao
+          //check if has another referral
-            sgarg
+          moreReferrals = refExc.skipReferral();
-            tao
+          //don't get context
-            sgarg
+          referralContext = null;
             tao
-            sgarg
+      } //while
     } //run()
+  }
             bojilova

Project

General

Profile

Metacat