Revision 4628
Added by daigle about 16 years ago
src/edu/ucsb/nceas/metacat/util/AuthUtil.java | ||
---|---|---|
29 | 29 |
import java.util.Calendar; |
30 | 30 |
import java.util.Vector; |
31 | 31 |
|
32 |
import javax.naming.AuthenticationException; |
|
33 |
import javax.naming.NamingException; |
|
34 | 32 |
import javax.servlet.http.HttpServletRequest; |
35 | 33 |
import javax.servlet.http.HttpSession; |
36 | 34 |
|
37 |
import edu.ucsb.nceas.metacat.AuthLdap; |
|
38 | 35 |
import edu.ucsb.nceas.metacat.AuthSession; |
39 | 36 |
import edu.ucsb.nceas.metacat.service.PropertyService; |
40 | 37 |
import edu.ucsb.nceas.metacat.service.SessionService; |
... | ... | |
167 | 164 |
moderators = StringUtil.toVector(moderatorString, ':'); |
168 | 165 |
} |
169 | 166 |
|
170 |
// /** |
|
171 |
// * Validate connectivity to the ldap server. This does not test user |
|
172 |
// * authentication. Validation methods return a string error message if there |
|
173 |
// * is an issue. This allows the calling code to run several validations and |
|
174 |
// * compile the errors into a list that can be displayed on a web page if |
|
175 |
// * desired. |
|
176 |
// * |
|
177 |
// * @param ldapurl |
|
178 |
// * the url of the ldap server |
|
179 |
// * @param ldapbase |
|
180 |
// * the ldap base value to test |
|
181 |
// * @return a string holding error message if validation fails. |
|
182 |
// */ |
|
183 |
// public static String validateLDAPConnectivity(String ldapurl, |
|
184 |
// String ldapbase) { |
|
185 |
// try { |
|
186 |
// AuthLdap authLdap = new AuthLdap(); |
|
187 |
// authLdap.testCredentials( |
|
188 |
// "uid=bogusname,o=NCEAS,dc=ecoinformatics,dc=org", |
|
189 |
// "boguspassword", ldapurl, ldapbase); |
|
190 |
// } catch (AuthenticationException ae) { |
|
191 |
// // Do nothing here. We are using dummy uid and password, so we |
|
192 |
// // expect authentication exceptions |
|
193 |
// } catch (javax.naming.InvalidNameException ine) { |
|
194 |
// return "An invalid domain name was provided: " + ine.getMessage(); |
|
195 |
// } catch (NamingException ne) { |
|
196 |
// return "An invalid ldap name was provided: " + ne.getMessage(); |
|
197 |
// } catch (InstantiationException ie) { |
|
198 |
// return "Could not instantiate AuthLdap: " + ie.getMessage(); |
|
199 |
// } |
|
200 |
// |
|
201 |
// return null; |
|
202 |
// } |
|
203 |
|
|
204 | 167 |
/** |
205 | 168 |
* log the user in against ldap. If the login is successful, add |
206 | 169 |
* the session information to the session list in SessionUtil. |
... | ... | |
212 | 175 |
|
213 | 176 |
// make sure we have username and password. |
214 | 177 |
if (userName == null || password == null) { |
215 |
throw new UtilException("null username, password, or dn list when logging user in");
|
|
178 |
throw new UtilException("null username or password when logging user in");
|
|
216 | 179 |
} |
217 | 180 |
|
218 |
// put the login credentials into an LDAP string |
|
219 |
// String ldapString = createLDAPString(userName, organization, dnList); |
|
220 |
|
|
221 | 181 |
// Create auth session |
222 | 182 |
try { |
223 | 183 |
authSession = new AuthSession(); |
... | ... | |
226 | 186 |
+ e.getMessage()); |
227 | 187 |
} |
228 | 188 |
// authenticate user against ldap |
229 |
boolean isValid = authSession.authenticate(request, userName, |
|
230 |
password); |
|
189 |
if(!authSession.authenticate(request, userName,password)) { |
|
190 |
throw new UtilException(authSession.getMessage()); |
|
191 |
} |
|
231 | 192 |
|
232 |
// if login was successful, add the session information to the
|
|
193 |
// if login was successful, add the session information to the |
|
233 | 194 |
// global session list. |
234 |
if (isValid) { |
|
235 |
HttpSession session = authSession.getSessions(); |
|
236 |
String sessionId = session.getId(); |
|
237 |
SessionService.registerSession(sessionId, |
|
238 |
(String) session.getAttribute("username"), |
|
239 |
(String[]) session.getAttribute("groupnames"), |
|
240 |
(String) session.getAttribute("password")); |
|
241 |
} |
|
195 |
HttpSession session = authSession.getSessions(); |
|
196 |
String sessionId = session.getId(); |
|
197 |
SessionService.registerSession(sessionId, |
|
198 |
(String) session.getAttribute("username"), |
|
199 |
(String[]) session.getAttribute("groupnames"), |
|
200 |
(String) session.getAttribute("password")); |
|
242 | 201 |
|
243 |
return isValid;
|
|
202 |
return true;
|
|
244 | 203 |
} |
245 | 204 |
|
246 | 205 |
/** |
src/edu/ucsb/nceas/metacat/AuthLdap.java | ||
---|---|---|
34 | 34 |
import javax.naming.NamingEnumeration; |
35 | 35 |
import javax.naming.NamingException; |
36 | 36 |
import javax.naming.SizeLimitExceededException; |
37 |
import javax.naming.directory.InvalidSearchFilterException; |
|
38 | 37 |
import javax.naming.directory.Attribute; |
39 | 38 |
import javax.naming.directory.Attributes; |
40 | 39 |
import javax.naming.directory.DirContext; |
... | ... | |
76 | 75 |
private String ldapConnectTimeLimit; |
77 | 76 |
private int ldapSearchTimeLimit; |
78 | 77 |
private int ldapSearchCountLimit; |
79 |
private Context referralContext; |
|
80 | 78 |
private String currentReferralInfo; |
81 | 79 |
Hashtable env = new Hashtable(11); |
82 | 80 |
private Context rContext; |
... | ... | |
130 | 128 |
* @returns boolean true if authentication successful, false otherwise |
131 | 129 |
*/ |
132 | 130 |
|
133 |
public boolean authenticate(String user, String password) throws |
|
134 |
ConnectException { |
|
131 |
public boolean authenticate(String user, String password) throws ConnectException { |
|
135 | 132 |
String ldapUrl = this.ldapUrl; |
136 | 133 |
String ldapsUrl = this.ldapsUrl; |
137 | 134 |
String ldapBase = this.ldapBase; |
... | ... | |
139 | 136 |
String identifier = user; |
140 | 137 |
|
141 | 138 |
//get uid here. |
139 |
if (user.indexOf(",") == -1) { |
|
140 |
throw new ConnectException("Invalid LDAP user credential: " + user + ". Missing ','"); |
|
141 |
} |
|
142 | 142 |
String uid=user.substring(0, user.indexOf(",")); |
143 | 143 |
user = user.substring(user.indexOf(","), user.length()); |
144 | 144 |
|
src/edu/ucsb/nceas/metacat/admin/LoginAdmin.java | ||
---|---|---|
101 | 101 |
Vector<String> processingErrors = new Vector<String>(); |
102 | 102 |
Vector<String> validationErrors = new Vector<String>(); |
103 | 103 |
|
104 |
// String loginString = null; |
|
105 | 104 |
Boolean isLoggedIn = false; |
106 | 105 |
String userName = ""; |
107 | 106 |
|
108 |
try { |
|
109 | 107 |
userName = request.getParameter("username"); |
110 |
// String organization = request.getParameter("organization"); |
|
111 | 108 |
String password = request.getParameter("password"); |
112 | 109 |
|
113 | 110 |
// Validate that the options provided are legitimate. Note that |
... | ... | |
117 | 114 |
validationErrors.addAll(validateOptions(request)); |
118 | 115 |
|
119 | 116 |
if (validationErrors.size() == 0) { |
120 |
// Vector<String> dnList = OrganizationUtil.getOrgDNs(organization); |
|
121 |
isLoggedIn = AuthUtil.logUserIn(request, userName, password); |
|
122 |
// loginString = LDAPUtil.createLDAPString(userName, organization, dnList); |
|
117 |
try { |
|
118 |
isLoggedIn = AuthUtil.logUserIn(request, userName, password); |
|
119 |
} catch (UtilException ue) { |
|
120 |
String errorMessage = "Could not log in as: " + userName |
|
121 |
+ " : " + ue.getMessage() + ". Please try again"; |
|
122 |
processingErrors.add(errorMessage); |
|
123 |
logMetacat.error(errorMessage); |
|
124 |
} |
|
123 | 125 |
} |
124 |
|
|
125 |
if (!isLoggedIn) { |
|
126 |
String errorMessage = "Could not log in as: " + userName |
|
127 |
+ " .Please try again"; |
|
128 |
processingErrors.add(errorMessage); |
|
129 |
} |
|
130 |
} catch (UtilException ue) { |
|
131 |
String errorMessage = "Problem in utility while " |
|
132 |
+ "processing entication page: " + ue.getMessage(); |
|
133 |
processingErrors.add(errorMessage); |
|
134 |
logMetacat.error(errorMessage); |
|
135 |
} |
|
136 | 126 |
|
137 | 127 |
try { |
138 | 128 |
if (validationErrors.size() > 0 || processingErrors.size() > 0) { |
Also available in: Unified diff
Catch login errors and report the details via an exception.