/src/edu/ucsb/nceas/metacat/AuthLdap.java - Annotate - Metacat - Ecoinformatics Redmine

metacat/src/edu/ucsb/nceas/metacat/AuthLdap.java @ 527

-            bojilova
+/**
  *  '$RCSfile$'
  *    Purpose: An implementation of the AuthInterface interface that
  *             allows Metacat to use the LDAP protocol for
  *             directory services
  *  Copyright: 2000 Regents of the University of California and the
  *             National Center for Ecological Analysis and Synthesis
  *    Authors: Matt Jones
  *    Release: @release@
+ *
  *   '$Author$'
  *     '$Date$'
  * '$Revision$'
  */
 package edu.ucsb.nceas.metacat;
 import java.net.ConnectException;
 import javax.naming.AuthenticationException;
 import javax.naming.Context;
 import javax.naming.directory.Attribute;
 import javax.naming.directory.Attributes;
-            jones
+import javax.naming.directory.BasicAttribute;
 import javax.naming.directory.BasicAttributes;
 import javax.naming.directory.DirContext;
 import javax.naming.directory.InitialDirContext;
 import javax.naming.directory.SearchResult;
-            bojilova
+import javax.naming.NamingEnumeration;
 import javax.naming.NamingException;
 import java.util.Iterator;
 import java.util.HashMap;
 import java.util.Hashtable;
 import java.util.Set;
 import java.util.Vector;
 /**
  * An implementation of the AuthInterface interface that
  * allows Metacat to use the LDAP protocol for directory services.
  * The LDAP authentication service is used to determine if a user
  * is authenticated, and whether they are a member of a particular group.
  */
-            jones
+public class AuthLdap implements AuthInterface {
             bojilova
   /**
    * Determine if a user/password are valid according to the authentication
    * service.
+   *
    * @param user the name of the principal to authenticate
    * @param password the password to use for authentication
    * @returns boolean true if authentication successful, false otherwise
    */
   public boolean authenticate(String user, String password)
                     throws ConnectException
+  {
     MetaCatUtil util = new MetaCatUtil();
     String ldapUrl = util.getOption("ldapurl");
     String ldapBase = util.getOption("ldapbase");
-            jones
+    String distName = null;
-            bojilova
+    boolean authenticated = false;
     // Identify service provider to use
     Hashtable env = new Hashtable(11);
     env.put(Context.INITIAL_CONTEXT_FACTORY,
             "com.sun.jndi.ldap.LdapCtxFactory");
     env.put(Context.PROVIDER_URL, ldapUrl + ldapBase);
     try {
-            jones
+      // Get the dn for this uid or cn
       String identifier = getIdentifyingName(user);
       if (identifier != null) {
         distName = identifier + "," + ldapBase;
         // Now that we have the dn, we can authenticate, so
         // authenticate this time when opening the DirContext
         env.put(Context.SECURITY_AUTHENTICATION, "simple");
         env.put(Context.SECURITY_PRINCIPAL, distName);
         env.put(Context.SECURITY_CREDENTIALS, password);
         // If our auth credentials are invalid, an exception will be thrown
         DirContext ctx = new InitialDirContext(env);
             bojilova
-            jones
+        // If no exception is thrown then authentication succeeded
         authenticated = true;
         // Close the context when we're done
         ctx.close();
       } else {
         util.debugMessage("User not found!");
+      }
-            bojilova
+    } catch (AuthenticationException ae) {
       util.debugMessage("Error authenticating: " + ae);
       // NEED TO THROW THE RIGHT EXCEPTION HERE
       return false;
     } catch (NamingException e) {
       util.debugMessage("Naming exception while authenticating: " + e);
       // NEED TO THROW THE RIGHT EXCEPTION HERE
       return false;
+    }
     return authenticated;
+  }
   /**
    * Get all users from the authentication service
    */
-            jones
+  public String[] getUsers(String user, String password)
          throws ConnectException
             bojilova
     // NOT IMPLEMENTED YET
     return null;
+  }
   /**
    * Get the users for a particular group from the authentication service
    */
-            jones
+  public String[] getUsers(String user, String password, String group)
          throws ConnectException
             bojilova
     // NOT IMPLEMENTED YET
     return null;
+  }
   /**
    * Get all groups from the authentication service
    */
-            jones
+  public String[] getGroups(String user, String password)
          throws ConnectException
             bojilova
     // NOT IMPLEMENTED YET
     return null;
+  }
   /**
    * Get the groups for a particular user from the authentication service
    */
-            jones
+  public String[] getGroups(String user, String password, String foruser)
          throws ConnectException
             bojilova
     // NOT IMPLEMENTED YET
     return null;
+  }
   /**
    * Get attributes describing a user or group
+   *
    * @param user the user for which the attribute list is requested
    * @returns HashMap a map of attribute name to a Vector of values
    */
-            jones
+  public HashMap getAttributes(String foruser)
-            bojilova
+         throws ConnectException
+  {
-            jones
+    return getAttributes(null, null, foruser);
             bojilova
   /**
    * Get attributes describing a user or group
+   *
    * @param user the user for which the attribute list is requested
    * @param authuser the user for authenticating against the service
    * @param password the password for authenticating against the service
    * @returns HashMap a map of attribute name to a Vector of values
    */
-            jones
+  public HashMap getAttributes(String user, String password, String foruser)
-            bojilova
+         throws ConnectException
+  {
     MetaCatUtil util = new MetaCatUtil();
     String ldapUrl = util.getOption("ldapurl");
     String ldapBase = util.getOption("ldapbase");
     HashMap attributes = new HashMap();
     // Identify service provider to use
     Hashtable env = new Hashtable(11);
     env.put(Context.INITIAL_CONTEXT_FACTORY,
         "com.sun.jndi.ldap.LdapCtxFactory");
     env.put(Context.PROVIDER_URL, ldapUrl + ldapBase);
     // Authentication information
-            jones
+    if ((user != null) && (password != null)) {
       String identifier = getIdentifyingName(user);
-            bojilova
+      env.put(Context.SECURITY_AUTHENTICATION, "simple");
-            jones
+      env.put(Context.SECURITY_PRINCIPAL, identifier + "," + ldapBase);
-            bojilova
+      env.put(Context.SECURITY_CREDENTIALS, password);
+    }
     try {
-            jones
+      // Find out the identifying attribute for the user
-            jones
+      String userident = getIdentifyingName(foruser);
             jones
-            bojilova
+      // Create the initial directory context
       DirContext ctx = new InitialDirContext(env);
-            jones
+      // Ask for all attributes of the user
       Attributes attrs = ctx.getAttributes(userident);
             bojilova
       // Print all of the attributes
       NamingEnumeration en = attrs.getAll();
       while (en.hasMore()) {
         Attribute att = (Attribute)en.next();
         Vector values = new Vector();
         String attName = att.getID();
         NamingEnumeration attvalues = att.getAll();
         while (attvalues.hasMore()) {
           String value = (String)attvalues.next();
           values.add(value);
+        }
         attributes.put(attName, values);
+      }
       // Close the context when we're done
       ctx.close();
     } catch (NamingException e) {
       System.err.println("Problem getting attributes: " + e);
       // NEED TO THROW THE RIGHT EXCEPTION HERE
+    }
     return attributes;
+  }
   /**
-            jones
+   * Get the identifying name for a given userid or name.  This is the name
    * that is used in conjunction withthe LDAP BaseDN to create a
    * distinguished name (dn) for the record
+   *
    * @param user the user for which the identifying name is requested
    * @returns String the identifying name for the user,
    *          or null if not found
    */
   private String getIdentifyingName(String user)
          throws ConnectException
+  {
     MetaCatUtil util = new MetaCatUtil();
     String ldapUrl = util.getOption("ldapurl");
     String ldapBase = util.getOption("ldapbase");
     String identifier = null;
     // Identify service provider to use
     Hashtable env = new Hashtable(11);
     env.put(Context.INITIAL_CONTEXT_FACTORY,
             "com.sun.jndi.ldap.LdapCtxFactory");
     env.put(Context.PROVIDER_URL, ldapUrl + ldapBase);
     try {
       // Bind to the LDAP server, in order to search for the right
       // distinguished name (dn) based on userid (uid) or common name (cn)
       DirContext ctx = new InitialDirContext(env);
       // Search for the user id or name using the uid, then cn and sn attributes
       // If we find a record, determine the dn for the record
       util.debugMessage("\nStarting search phase...\n");
       Attributes matchAttrs = new BasicAttributes(true);
       matchAttrs.put(new BasicAttribute("uid", user));
       NamingEnumeration answer = ctx.search("", matchAttrs);
       if (answer.hasMore()) {
         SearchResult sr = (SearchResult)answer.next();
         identifier = sr.getName();
         util.debugMessage("Found: " + identifier);
       } else {
         Attributes matchAttrs2 = new BasicAttributes(true);
         matchAttrs2.put(new BasicAttribute("cn", user));
         NamingEnumeration answer2 = ctx.search("", matchAttrs2);
         if (answer2.hasMore()) {
           SearchResult sr = (SearchResult)answer2.next();
           identifier = sr.getName();
           util.debugMessage("Found: " + identifier);
         } else {
           Attributes matchAttrs3 = new BasicAttributes(true);
           matchAttrs3.put(new BasicAttribute("sn", user));
           NamingEnumeration answer3 = ctx.search("", matchAttrs3);
           if (answer3.hasMore()) {
             SearchResult sr = (SearchResult)answer3.next();
             identifier = sr.getName();
             util.debugMessage("Found: " + identifier);
+          }
+        }
+      }
       // Close the context when we're done the initial search
       ctx.close();
     } catch (NamingException e) {
       util.debugMessage("Naming exception while getting dn: " + e);
       // NEED TO THROW THE RIGHT EXCEPTION HERE
       return null;
+    }
     return identifier;
+  }
   /**
-            bojilova
+   * Test method for the class
    */
   public static void main(String[] args) {
-            jones
+    // Provide a user, such as: "Matt Jones", or "jones"
-            bojilova
+    String user = args[0];
     String password = args[1];
     AuthLdap authservice = new AuthLdap();
     boolean isValid = false;
     try {
       isValid = authservice.authenticate(user, password);
       if (isValid) {
         System.out.println("Authentication successful for: " + user );
         System.out.println(" ");
       } else {
         System.out.println("Authentication failed for: " + user);
+      }
       if (isValid) {
-            jones
+        HashMap userInfo = authservice.getAttributes(user, password, user);
             bojilova
         // Print all of the attributes
         Iterator attList = (Iterator)(((Set)userInfo.keySet()).iterator());
         while (attList.hasNext()) {
           String att = (String)attList.next();
           Vector values = (Vector)userInfo.get(att);
           Iterator attvalues = values.iterator();
           while (attvalues.hasNext()) {
             String value = (String)attvalues.next();
-            jones
+            System.out.println(att + ": " + value);
             bojilova
+        }
+      }
     } catch (ConnectException ce) {
       System.err.println("Error connecting to LDAP server.");
+    }
+  }
+}

Project

General

Profile

Metacat