Metacat

/**

 *  '$RCSfile$'

 *    Purpose: An implementation of the AuthInterface interface that

 *             allows Metacat to use the LDAP protocol for

 *             directory services

 *  Copyright: 2000 Regents of the University of California and the

 *             National Center for Ecological Analysis and Synthesis

 *    Authors: Matt Jones

 *    Release: @release@

 *

 *   '$Author$'

 *     '$Date$'

 * '$Revision$'

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License as published by

 * the Free Software Foundation; either version 2 of the License, or

 * (at your option) any later version.

 *

 * This program is distributed in the hope that it will be useful,

 * but WITHOUT ANY WARRANTY; without even the implied warranty of

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 * GNU General Public License for more details.

 *

 * You should have received a copy of the GNU General Public License

 * along with this program; if not, write to the Free Software

 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

package edu.ucsb.nceas.metacat;

import java.net.ConnectException;

import javax.naming.AuthenticationException;

import javax.naming.Context;

import javax.naming.directory.Attribute;

import javax.naming.directory.Attributes;

import javax.naming.directory.BasicAttributes;

import javax.naming.directory.DirContext;

import javax.naming.directory.InitialDirContext;

import javax.naming.directory.SearchResult;

import javax.naming.NamingException;

import java.util.Iterator;

import java.util.HashMap;

import java.util.Hashtable;

import java.util.Set;

import java.util.Vector;

/**

 * An implementation of the AuthInterface interface that

 * allows Metacat to use the LDAP protocol for directory services.

 * The LDAP authentication service is used to determine if a user

 * is authenticated, and whether they are a member of a particular group.

 */

  /**

   * Determine if a user/password are valid according to the authentication

   * service.

   *

   * @param user the name of the principal to authenticate

   * @param password the password to use for authentication

   * @returns boolean true if authentication successful, false otherwise

   */

  public boolean authenticate(String user, String password)

                    throws ConnectException

  {

    MetaCatUtil util = new MetaCatUtil();

    String ldapUrl = util.getOption("ldapurl");

    String ldapBase = util.getOption("ldapbase");

    // Identify service provider to use

    Hashtable env = new Hashtable(11);

    env.put(Context.INITIAL_CONTEXT_FACTORY,

            "com.sun.jndi.ldap.LdapCtxFactory");

    env.put(Context.PROVIDER_URL, ldapUrl + ldapBase);

    try {

      String identifier = getIdentifyingName(user);

      if (identifier != null) {

        distName = identifier + "," + ldapBase;

        // Now that we have the dn, we can authenticate, so

        // authenticate this time when opening the DirContext

        env.put(Context.SECURITY_AUTHENTICATION, "simple");

        env.put(Context.SECURITY_PRINCIPAL, distName);

        env.put(Context.SECURITY_CREDENTIALS, password);

        // If our auth credentials are invalid, an exception will be thrown

        DirContext ctx = new InitialDirContext(env);

        authenticated = true;

        // Close the context when we're done

        ctx.close();

      } else {

        util.debugMessage("User not found!");

      }

      util.debugMessage("Error authenticating: " + ae);

      // NEED TO THROW THE RIGHT EXCEPTION HERE

      return false;

    } catch (NamingException e) {

      util.debugMessage("Naming exception while authenticating: " + e);

      // NEED TO THROW THE RIGHT EXCEPTION HERE

      return false;

    }

    return authenticated;

  }

  /**

   * Get all users from the authentication service

   */

         throws ConnectException

    // NOT IMPLEMENTED YET

    return null;

  }

  /**

   * Get the users for a particular group from the authentication service

   */

         throws ConnectException

    // NOT IMPLEMENTED YET

    return null;

  }

  /**

   * Get all groups from the authentication service

   */

         throws ConnectException

    // NOT IMPLEMENTED YET

    return null;

  }

  /**

   * Get the groups for a particular user from the authentication service

   */

         throws ConnectException

    // NOT IMPLEMENTED YET

    return null;

  }

  /**

   * Get attributes describing a user or group

   *

   * @param user the user for which the attribute list is requested

   * @returns HashMap a map of attribute name to a Vector of values

   */

  {

  /**

   * Get attributes describing a user or group

   *

   * @param user the user for which the attribute list is requested

   * @param authuser the user for authenticating against the service

   * @param password the password for authenticating against the service

   * @returns HashMap a map of attribute name to a Vector of values

   */

  {

    MetaCatUtil util = new MetaCatUtil();

    String ldapUrl = util.getOption("ldapurl");

    String ldapBase = util.getOption("ldapbase");

    HashMap attributes = new HashMap();

    // Identify service provider to use

    Hashtable env = new Hashtable(11);

    env.put(Context.INITIAL_CONTEXT_FACTORY,

        "com.sun.jndi.ldap.LdapCtxFactory");

    env.put(Context.PROVIDER_URL, ldapUrl + ldapBase);

    // Authentication information

      String identifier = getIdentifyingName(user);

    }

    try {

      DirContext ctx = new InitialDirContext(env);

      Attributes attrs = ctx.getAttributes(userident);

      // Print all of the attributes

      NamingEnumeration en = attrs.getAll();

      while (en.hasMore()) {

        Attribute att = (Attribute)en.next();

        Vector values = new Vector();

        String attName = att.getID();

        NamingEnumeration attvalues = att.getAll();

        while (attvalues.hasMore()) {

          String value = (String)attvalues.next();

          values.add(value);

        }

        attributes.put(attName, values);

      }

      // Close the context when we're done

      ctx.close();

    } catch (NamingException e) {

      System.err.println("Problem getting attributes: " + e);

      // NEED TO THROW THE RIGHT EXCEPTION HERE

    }

    return attributes;

  }

  /**

   * that is used in conjunction withthe LDAP BaseDN to create a

   * distinguished name (dn) for the record

   *

   * @param user the user for which the identifying name is requested

   * @returns String the identifying name for the user,

   *          or null if not found

   */

  private String getIdentifyingName(String user)

         throws ConnectException

  {

    MetaCatUtil util = new MetaCatUtil();

    String ldapUrl = util.getOption("ldapurl");

    String ldapBase = util.getOption("ldapbase");

    String identifier = null;

    // Identify service provider to use

    Hashtable env = new Hashtable(11);

    env.put(Context.INITIAL_CONTEXT_FACTORY,

            "com.sun.jndi.ldap.LdapCtxFactory");

    env.put(Context.PROVIDER_URL, ldapUrl + ldapBase);

    try {

      // Bind to the LDAP server, in order to search for the right

      // distinguished name (dn) based on userid (uid) or common name (cn)

      DirContext ctx = new InitialDirContext(env);

      // Search for the user id or name using the uid, then cn and sn attributes

      // If we find a record, determine the dn for the record

      util.debugMessage("\nStarting search phase...\n");

      Attributes matchAttrs = new BasicAttributes(true);

      matchAttrs.put(new BasicAttribute("uid", user));

      NamingEnumeration answer = ctx.search("", matchAttrs);

      if (answer.hasMore()) {

        SearchResult sr = (SearchResult)answer.next();

        identifier = sr.getName();

        util.debugMessage("Found: " + identifier);

      } else {

        Attributes matchAttrs2 = new BasicAttributes(true);

        matchAttrs2.put(new BasicAttribute("cn", user));

        NamingEnumeration answer2 = ctx.search("", matchAttrs2);

        if (answer2.hasMore()) {

          SearchResult sr = (SearchResult)answer2.next();

          identifier = sr.getName();

          util.debugMessage("Found: " + identifier);

        } else {

          Attributes matchAttrs3 = new BasicAttributes(true);

          matchAttrs3.put(new BasicAttribute("sn", user));

          NamingEnumeration answer3 = ctx.search("", matchAttrs3);

          if (answer3.hasMore()) {

            SearchResult sr = (SearchResult)answer3.next();

            identifier = sr.getName();

            util.debugMessage("Found: " + identifier);

          }

        }

      }

      // Close the context when we're done the initial search

      ctx.close();

    } catch (NamingException e) {

      util.debugMessage("Naming exception while getting dn: " + e);

      // NEED TO THROW THE RIGHT EXCEPTION HERE

      return null;

    }

    return identifier;

  }

  /**

   */

  public static void main(String[] args) {

    String password = args[1];

    AuthLdap authservice = new AuthLdap();

    boolean isValid = false;

    try {

      isValid = authservice.authenticate(user, password);

      if (isValid) {

        System.out.println("Authentication successful for: " + user );

        System.out.println(" ");

      } else {

        System.out.println("Authentication failed for: " + user);

      }

      if (isValid) {

        // Print all of the attributes

        Iterator attList = (Iterator)(((Set)userInfo.keySet()).iterator());

        while (attList.hasNext()) {

          String att = (String)attList.next();

          Vector values = (Vector)userInfo.get(att);

          Iterator attvalues = values.iterator();

          while (attvalues.hasNext()) {

            String value = (String)attvalues.next();

        }

      }

    } catch (ConnectException ce) {

      System.err.println("Error connecting to LDAP server.");

    }

  }

}