56 |
56 |
* is authenticated, and whether they are a member of a particular group.
|
57 |
57 |
*/
|
58 |
58 |
public class AuthLdap implements AuthInterface {
|
|
59 |
|
|
60 |
private MetaCatUtil util;
|
|
61 |
private String ldapUrl;
|
|
62 |
private String ldapBase;
|
59 |
63 |
|
|
64 |
/**
|
|
65 |
* Construct an AuthLdap
|
|
66 |
*/
|
|
67 |
public AuthLdap() {
|
|
68 |
|
|
69 |
// Read LDAP URI for directory service information
|
|
70 |
this.util = new MetaCatUtil();
|
|
71 |
this.ldapUrl = util.getOption("ldapurl");
|
|
72 |
this.ldapBase = util.getOption("ldapbase");
|
|
73 |
|
|
74 |
}
|
|
75 |
|
60 |
76 |
/**
|
61 |
77 |
* Determine if a user/password are valid according to the authentication
|
62 |
78 |
* service.
|
... | ... | |
68 |
84 |
public boolean authenticate(String user, String password)
|
69 |
85 |
throws ConnectException
|
70 |
86 |
{
|
71 |
|
MetaCatUtil util = new MetaCatUtil();
|
72 |
|
String ldapUrl = util.getOption("ldapurl");
|
73 |
|
String ldapBase = util.getOption("ldapbase");
|
74 |
|
|
75 |
87 |
String distName = null;
|
76 |
88 |
boolean authenticated = false;
|
77 |
89 |
|
... | ... | |
125 |
137 |
public String[] getUsers(String user, String password)
|
126 |
138 |
throws ConnectException
|
127 |
139 |
{
|
128 |
|
MetaCatUtil util = new MetaCatUtil();
|
129 |
|
String ldapUrl = util.getOption("ldapurl");
|
130 |
|
String ldapBase = util.getOption("ldapbase");
|
131 |
|
|
132 |
140 |
String[] users = null;
|
133 |
141 |
|
134 |
142 |
// Identify service provider to use
|
... | ... | |
187 |
195 |
} catch (NamingException e) {
|
188 |
196 |
System.err.println("Problem getting users in AuthLdap.getUsers:" + e);
|
189 |
197 |
throw new ConnectException(
|
190 |
|
"Problem getting groups in AuthLdap.getUsers:" + e);
|
|
198 |
"Problem getting users in AuthLdap.getUsers:" + e);
|
191 |
199 |
}
|
192 |
200 |
|
193 |
201 |
return users;
|
... | ... | |
199 |
207 |
public String[] getUsers(String user, String password, String group)
|
200 |
208 |
throws ConnectException
|
201 |
209 |
{
|
202 |
|
MetaCatUtil util = new MetaCatUtil();
|
203 |
|
String ldapUrl = util.getOption("ldapurl");
|
204 |
|
String ldapBase = util.getOption("ldapbase");
|
205 |
|
|
206 |
210 |
String[] users = null;
|
207 |
211 |
|
208 |
212 |
// Identify service provider to use
|
... | ... | |
226 |
230 |
// Specify the ids of the attributes to return
|
227 |
231 |
String[] attrIDs = {"uniquemember"};
|
228 |
232 |
|
229 |
|
// Get the dn for this group
|
230 |
|
identifier = getIdentifyingName(group);
|
231 |
|
|
232 |
233 |
// Specify the attributes to match.
|
233 |
234 |
// Groups are objects with attribute objectclass=groupofuniquenames.
|
234 |
235 |
Attributes matchAttrs = new BasicAttributes(true); // ignore case
|
... | ... | |
243 |
244 |
while (enum.hasMore()) {
|
244 |
245 |
SearchResult sr = (SearchResult)enum.next();
|
245 |
246 |
Attributes attrs = sr.getAttributes();
|
246 |
|
// return all attributes
|
247 |
|
NamingEnumeration enum1 = attrs.getAll(); // only "uniquemember" attr
|
|
247 |
// return all attributes (only "uniquemember" attr)
|
|
248 |
NamingEnumeration enum1 = attrs.getAll();
|
248 |
249 |
while (enum1.hasMore()) {
|
249 |
250 |
Attribute attr = (Attribute)enum1.next();
|
250 |
251 |
// return all values of that attribute
|
251 |
252 |
NamingEnumeration enum2 = attr.getAll();
|
252 |
253 |
while (enum2.hasMore()) {
|
253 |
|
uvec.add((String)enum2.next());
|
|
254 |
// get DN of a member
|
|
255 |
String memberDN = (String)enum2.next();
|
|
256 |
try {
|
|
257 |
// we actually need RDN of the member
|
|
258 |
// try to get RDN (UID) of the member in case of a user
|
|
259 |
String memberID = getUserID(memberDN);
|
|
260 |
if ( memberID != null ) {
|
|
261 |
uvec.add(memberID);
|
|
262 |
// CURRENTLY WE DON'T SUPPORT SUBGROUPING, THUS
|
|
263 |
// IGNORE SUBGROUPS AS MEMBERS OF THE GROUP
|
|
264 |
// // this is a group, not user
|
|
265 |
// // try to get RDN (CN) of the group
|
|
266 |
// } else {
|
|
267 |
// memberID = getGroupID(memberDN);
|
|
268 |
// uvec.add(memberID);
|
|
269 |
}
|
|
270 |
} catch (NamingException ne) {}
|
254 |
271 |
}
|
255 |
272 |
}
|
256 |
273 |
}
|
... | ... | |
268 |
285 |
}
|
269 |
286 |
|
270 |
287 |
} catch (NamingException e) {
|
271 |
|
System.err.println("Problem getting users in AuthLdap.getUsers:" + e);
|
|
288 |
System.err.println("Problem getting users for a group in AuthLdap.getUsers:" + e);
|
272 |
289 |
throw new ConnectException(
|
273 |
|
"Problem getting groups in AuthLdap.getUsers:" + e);
|
|
290 |
"Problem getting users for a group in AuthLdap.getUsers:" + e);
|
274 |
291 |
}
|
275 |
292 |
|
276 |
293 |
return users;
|
277 |
294 |
}
|
278 |
295 |
|
279 |
296 |
/**
|
|
297 |
* Get UID by DN of a member
|
|
298 |
*/
|
|
299 |
private String getUserID(String dn)
|
|
300 |
throws NamingException
|
|
301 |
{
|
|
302 |
String[] users = null;
|
|
303 |
|
|
304 |
// Identify service provider to use
|
|
305 |
Hashtable env = new Hashtable(11);
|
|
306 |
env.put(Context.INITIAL_CONTEXT_FACTORY,
|
|
307 |
"com.sun.jndi.ldap.LdapCtxFactory");
|
|
308 |
env.put(Context.PROVIDER_URL, ldapUrl); // + ldapBase);
|
|
309 |
|
|
310 |
try {
|
|
311 |
|
|
312 |
// Create the initial directory context
|
|
313 |
DirContext ctx = new InitialDirContext(env);
|
|
314 |
|
|
315 |
// Specify the ids of the attributes to return
|
|
316 |
String[] attrIDs = {"uid"};
|
|
317 |
|
|
318 |
// Ask for "uid" attributes of the user
|
|
319 |
Attributes attrs = ctx.getAttributes(dn, attrIDs);
|
|
320 |
|
|
321 |
// Print all of the attributes (only "uid" attr)
|
|
322 |
Vector uvec = new Vector();
|
|
323 |
NamingEnumeration en = attrs.getAll();
|
|
324 |
while (en.hasMore()) {
|
|
325 |
Attribute att = (Attribute)en.next();
|
|
326 |
Vector values = new Vector();
|
|
327 |
String attName = att.getID();
|
|
328 |
NamingEnumeration attvalues = att.getAll();
|
|
329 |
while (attvalues.hasMore()) {
|
|
330 |
String value = (String)attvalues.next();
|
|
331 |
values.add(value);
|
|
332 |
}
|
|
333 |
uvec.add(values.elementAt(0));
|
|
334 |
}
|
|
335 |
|
|
336 |
// initialize users[]; fill users[]
|
|
337 |
users = new String[uvec.size()];
|
|
338 |
for (int i=0; i < uvec.size(); i++) {
|
|
339 |
users[i] = (String)uvec.elementAt(i);
|
|
340 |
}
|
|
341 |
|
|
342 |
// Close the context when we're done
|
|
343 |
ctx.close();
|
|
344 |
|
|
345 |
} catch (NamingException ne) {
|
|
346 |
System.err.println("Problem getting userID by \"dn\" in AuthLdap.getUserID:" + ne);
|
|
347 |
throw ne;
|
|
348 |
//throw new ConnectException(
|
|
349 |
//"Problem getting userID searching by \"dn\" in AuthLdap.getUserID:" + e);
|
|
350 |
//return null;
|
|
351 |
}
|
|
352 |
|
|
353 |
if ( users.length > 0 ) {
|
|
354 |
return users[0];
|
|
355 |
}
|
|
356 |
return null;
|
|
357 |
}
|
|
358 |
|
|
359 |
/**
|
|
360 |
* Get CN by DN of a member
|
|
361 |
*/
|
|
362 |
private String getGroupID(String dn)
|
|
363 |
throws NamingException
|
|
364 |
{
|
|
365 |
String[] groups = null;
|
|
366 |
|
|
367 |
// Identify service provider to use
|
|
368 |
Hashtable env = new Hashtable(11);
|
|
369 |
env.put(Context.INITIAL_CONTEXT_FACTORY,
|
|
370 |
"com.sun.jndi.ldap.LdapCtxFactory");
|
|
371 |
env.put(Context.PROVIDER_URL, ldapUrl); // + ldapBase);
|
|
372 |
|
|
373 |
try {
|
|
374 |
|
|
375 |
// Create the initial directory context
|
|
376 |
DirContext ctx = new InitialDirContext(env);
|
|
377 |
|
|
378 |
// Specify the ids of the attributes to return
|
|
379 |
String[] attrIDs = {"cn"};
|
|
380 |
|
|
381 |
// Ask for "uid" attributes of the user
|
|
382 |
Attributes attrs = ctx.getAttributes(dn, attrIDs);
|
|
383 |
|
|
384 |
// Print all of the attributes (only "cn" attr)
|
|
385 |
Vector uvec = new Vector();
|
|
386 |
NamingEnumeration en = attrs.getAll();
|
|
387 |
while (en.hasMore()) {
|
|
388 |
Attribute att = (Attribute)en.next();
|
|
389 |
Vector values = new Vector();
|
|
390 |
String attName = att.getID();
|
|
391 |
NamingEnumeration attvalues = att.getAll();
|
|
392 |
while (attvalues.hasMore()) {
|
|
393 |
String value = (String)attvalues.next();
|
|
394 |
values.add(value);
|
|
395 |
}
|
|
396 |
uvec.add(values.elementAt(0));
|
|
397 |
}
|
|
398 |
|
|
399 |
// initialize users[]; fill users[]
|
|
400 |
groups = new String[uvec.size()];
|
|
401 |
for (int i=0; i < uvec.size(); i++) {
|
|
402 |
groups[i] = (String)uvec.elementAt(i);
|
|
403 |
}
|
|
404 |
|
|
405 |
// Close the context when we're done
|
|
406 |
ctx.close();
|
|
407 |
|
|
408 |
} catch (NamingException ne) {
|
|
409 |
System.err.println("Problem getting groupID by \"dn\" in AuthLdap.getGroupID:" + ne);
|
|
410 |
throw ne;
|
|
411 |
//throw new ConnectException(
|
|
412 |
//"Problem getting groupID searching by \"dn\" in AuthLdap.getGroupID:" + e);
|
|
413 |
//return null;
|
|
414 |
}
|
|
415 |
|
|
416 |
if ( groups.length > 0 ) {
|
|
417 |
return groups[0];
|
|
418 |
}
|
|
419 |
return null;
|
|
420 |
}
|
|
421 |
|
|
422 |
/**
|
280 |
423 |
* Get all groups from the authentication service
|
281 |
424 |
*/
|
282 |
425 |
public String[] getGroups(String user, String password)
|
283 |
426 |
throws ConnectException
|
284 |
427 |
{
|
285 |
|
MetaCatUtil util = new MetaCatUtil();
|
286 |
|
String ldapUrl = util.getOption("ldapurl");
|
287 |
|
String ldapBase = util.getOption("ldapbase");
|
288 |
|
|
289 |
428 |
String[] groups = null;
|
290 |
429 |
|
291 |
430 |
// Identify service provider to use
|
... | ... | |
356 |
495 |
public String[] getGroups(String user, String password, String foruser)
|
357 |
496 |
throws ConnectException
|
358 |
497 |
{
|
359 |
|
MetaCatUtil util = new MetaCatUtil();
|
360 |
|
String ldapUrl = util.getOption("ldapurl");
|
361 |
|
String ldapBase = util.getOption("ldapbase");
|
362 |
|
|
363 |
498 |
String[] groups = null;
|
364 |
499 |
|
365 |
500 |
// Identify service provider to use
|
... | ... | |
398 |
533 |
while (enum.hasMore()) {
|
399 |
534 |
SearchResult sr = (SearchResult)enum.next();
|
400 |
535 |
Attributes attrs = sr.getAttributes();
|
401 |
|
NamingEnumeration enum1 = attrs.getAll(); // only "gid" attr
|
|
536 |
NamingEnumeration enum1 = attrs.getAll(); // only "cn" attr
|
402 |
537 |
while (enum1.hasMore()) {
|
403 |
538 |
Attribute attr = (Attribute)enum1.next();
|
404 |
539 |
uvec.add(attr.get());
|
... | ... | |
420 |
555 |
} catch (NamingException e) {
|
421 |
556 |
System.err.println("Problem getting groups in AuthLdap.getGroups:" + e);
|
422 |
557 |
throw new ConnectException(
|
423 |
|
"Problem getting groups in AuthLdap.getGroups:" + e);
|
|
558 |
"Problem getting groups for a user in AuthLdap.getGroups:" + e);
|
424 |
559 |
}
|
425 |
560 |
|
426 |
561 |
return groups;
|
... | ... | |
449 |
584 |
public HashMap getAttributes(String user, String password, String foruser)
|
450 |
585 |
throws ConnectException
|
451 |
586 |
{
|
452 |
|
MetaCatUtil util = new MetaCatUtil();
|
453 |
|
String ldapUrl = util.getOption("ldapurl");
|
454 |
|
String ldapBase = util.getOption("ldapbase");
|
455 |
|
|
456 |
587 |
HashMap attributes = new HashMap();
|
457 |
588 |
|
458 |
589 |
// Identify service provider to use
|
... | ... | |
519 |
650 |
private String getIdentifyingName(String user)
|
520 |
651 |
throws NamingException
|
521 |
652 |
{
|
522 |
|
MetaCatUtil util = new MetaCatUtil();
|
523 |
|
String ldapUrl = util.getOption("ldapurl");
|
524 |
|
String ldapBase = util.getOption("ldapbase");
|
525 |
|
|
526 |
653 |
String identifier = null;
|
527 |
654 |
|
528 |
655 |
// Identify service provider to use
|
... | ... | |
590 |
717 |
Vector usersIn = new Vector();
|
591 |
718 |
|
592 |
719 |
out.append("<?xml version=\"1.0\"?>\n");
|
593 |
|
out.append("<principals>\n");
|
|
720 |
out.append("<principals authSystemURI=\"" + ldapUrl + ldapBase + "\">\n");
|
594 |
721 |
|
595 |
722 |
// for the groups and users that belong to them
|
596 |
723 |
if ( groups.length > 0 ) {
|
... | ... | |
638 |
765 |
if (isValid) {
|
639 |
766 |
System.out.println("Authentication successful for: " + user );
|
640 |
767 |
System.out.println(" ");
|
|
768 |
|
641 |
769 |
} else {
|
642 |
770 |
System.out.println("Authentication failed for: " + user);
|
643 |
771 |
}
|
fixes on getting information from LDAP services