Project

General

Profile

« Previous | Next » 

Revision 3155

As a partial fix to http://bugzilla.ecoinformatics.org/show_bug.cgi?id=2747,

I'm applying 3 patches to AuthLdap.java that simplify the code that addresses
timeout issues when connecting and searching referral LDAP databases, fixes the
getGroups() method to correctly get groups in referral LDAP databases, and does
code cleanup.

This first patch introduces 3 new LDAP settings that are derived from
metacat.properties:

1) ldapconnecttimelimit limits the time in milliseconds allowed for
LDAP server connections. This reduces the impact of any single
LDAP directory that may be unreachable (one of the referrals).

2) ldapsearchtimelimit limits the time in milliseconds allowed for
LDAP server searches. Again, servers with massive trees to search
might prove to be problematic, or servers that connect but do not
search correctly.

3) ldapsearchcountlimit limits the number of return entries allowed
for LDAP server searches. This is set pretty high (30000), but may
need to be altered when the KNB goes gold or platinum.

Also, this patch removes the run() method and the private GetGroups class,
and changes the AuthLdap class to not implement the Runnable interface.
These changes are in preparation for the next patch that will re-implement
the getGroups() method, removing the threaded timeout code.

View differences:

src/edu/ucsb/nceas/metacat/AuthLdap.java
64 64
 * The LDAP authentication service is used to determine if a user
65 65
 * is authenticated, and whether they are a member of a particular group.
66 66
 */
67
public class AuthLdap
68
    implements AuthInterface, Runnable {
67
public class AuthLdap implements AuthInterface {
69 68
  private MetaCatUtil util = new MetaCatUtil();
70 69
  private String ldapUrl;
71 70
  private String ldapsUrl;
72 71
  private String ldapBase;
73 72
  private String referral;
73
  private String ldapConnectTimeLimit;
74
  private int ldapSearchTimeLimit;
75
  private int ldapSearchCountLimit;
74 76
  private Context referralContext;
77
  private String currentReferralInfo;
75 78
  Hashtable env = new Hashtable(11);
76 79
  private Context rContext;
77 80
  private String userName;
......
89 92
    this.ldapsUrl = MetaCatUtil.getOption("ldapsurl");
90 93
    this.ldapBase = MetaCatUtil.getOption("ldapbase");
91 94
    this.referral = MetaCatUtil.getOption("referral");
95
    this.ldapConnectTimeLimit = 
96
      MetaCatUtil.getOption("ldapconnecttimelimit");
97
    this.ldapSearchTimeLimit = Integer.parseInt(
98
      MetaCatUtil.getOption("ldapsearchtimelimit"));
99
    this.ldapSearchCountLimit = Integer.parseInt(
100
      MetaCatUtil.getOption("ldapsearchcountlimit"));
101
    
102
    // Store referral info for use in building group DNs in getGroups() 
103
    this.currentReferralInfo = "";
92 104
  }
93 105

  
94 106
  /**
......
1229 1241
   * This method will be called by start a thread.
1230 1242
   * It can handle if a referral exception happend.
1231 1243
   */
1232
  public void run() {
1233
    referralContext = null;
1234
    DirContext refDirContext = null;
1235
    boolean moreReferrals = true;
1236
    String referralInfo = null;
1237
    //set a while loop is because we don't know if a referral excption contains
1238
    //another referral exception
1239
    while (moreReferrals) {
1240
      try {
1241
        //revise environment variable
1242
        referralInfo = (String) refExc.getReferralInfo();
1243
        logMetacat.info("Processing referral (pr0): ");
1244
        logMetacat.info("PROVIDER_URL set to (pr1): " + referralInfo);
1245
        //env.put(Context.PROVIDER_URL,referralInfo);
1246
        //env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
1247
        //env.put(Context.SECURITY_PRINCIPAL, userName);
1248
        //env.put(Context.SECURITY_CREDENTIALS, userPassword);
1249
        //env.put(Context.REFERRAL, "throw");
1250
        //logMetacat.info("Processing referral (pr1.info): " + userName,35);
1251
        //logMetacat.info("Processing referral (pr2)",35);
1252
        //rContext = refExc.getReferralContext(env);
1253
        rContext = refExc.getReferralContext();
1254
        logMetacat.info("Processing referral (pr3)");
1255
        //casting the context to dircontext and it will create a
1256
        //autherntication or naming exception if DN and password is incorrect
1257
        referralContext = rContext;
1258
        refDirContext = (DirContext) rContext;
1259
        refDirContext.close();
1260
        //get context and jump out the while loop
1261
        moreReferrals = false;
1262
        logMetacat.info("Processing referral (pr4)");
1263
      } //try
1264
      //if referral have another referral excption
1265
      catch (ReferralException re) {
1266
        logMetacat.warn("GOT referral exception (re1): " + re.getMessage());
1267
        logMetacat.warn("RE details (re2): " + re.toString(true));
1268
        //keep running in while loop
1269
        moreReferrals = true;
1270
        //assign refExc to new referral exception re
1271
        refExc = re;
1272
      }
1273
      //catch a authentication exception
1274
      catch (AuthenticationException ae) {
1275
        logMetacat.error("Error running referral handler thread (ae1): " +
1276
                          ae.getMessage());
1277
        //check if has another referral
1278
        moreReferrals = refExc.skipReferral();
1279
        //don't get the context
1280
        referralContext = null;
1281
      }
1282
      //catch a naming exception
1283
      catch (NamingException ne) {
1284
        logMetacat.error("Error running referral handler thread (ne1): " +
1285
                          ne.getMessage());
1286
        //check if has another referral
1287
        moreReferrals = refExc.skipReferral();
1288
        //don't get context
1289
        referralContext = null;
1290
      }
1291
    } //while
1292
  } //run()
1293

  
1294
  private class GetGroup
1295
      implements Runnable {
1296
    public void run() {
1297
      referralContext = null;
1298
      logMetacat.info("getting groups context");
1299
      DirContext refDirContext = null;
1300
      boolean moreReferrals = true;
1301
      //set a while loop is because we don't know if a referral excption
1302
      //contains another referral exception
1303
      while (moreReferrals) {
1304
        try {
1305
          //revise environment variable
1306
          String refInfo = null;
1307
          refInfo = (String) refExc.getReferralInfo();
1308
          if (refInfo != null) {
1309
            logMetacat.info("Referral in thread to: " +
1310
                                     refInfo.toString());
1311
          }
1312
          else {
1313
            logMetacat.info("getting refInfo Manually");
1314
            refInfo = (String) refExc.getReferralContext().getEnvironment().
1315
                get(Context.PROVIDER_URL);
1316
          }
1317
          logMetacat.info("refInfo: " + refInfo);
1318

  
1319
          env.put(Context.INITIAL_CONTEXT_FACTORY,
1320
                  "com.sun.jndi.ldap.LdapCtxFactory");
1321
          env.put(Context.REFERRAL, "throw");
1322
          env.put(Context.PROVIDER_URL, refInfo);
1323

  
1324
          logMetacat.info("creating referralContext");
1325
          referralContext = new InitialDirContext(env);
1326
          logMetacat.info("referralContext created");
1327
          //get context and jump out the while loop
1328
          moreReferrals = false;
1329
        } //try
1330
        catch (ReferralException re) {
1331
          //keep running in while loop
1332
          moreReferrals = true;
1333
          //assign refExc to new referral exception re
1334
          refExc = re;
1335
        }
1336
        catch (AuthenticationException ae) {
1337
          logMetacat.error("Error running referral handler thread (ae2): " +
1338
                            ae.getMessage());
1339
          //check if has another referral
1340
          moreReferrals = refExc.skipReferral();
1341
          //don't get the context
1342
          referralContext = null;
1343
        }
1344
        catch (NamingException ne) {
1345
          logMetacat.error("Error running referral handler thread (ne2): " +
1346
                            ne.getMessage());
1347
          //check if has another referral
1348
          moreReferrals = refExc.skipReferral();
1349
          //don't get context
1350
          referralContext = null;
1351
        }
1352
      } //while
1353
    } //run()
1354
  }
1355 1244
}

Also available in: Unified diff