Revision 728
Added by bojilova over 23 years ago
AuthLdap.java | ||
---|---|---|
56 | 56 |
* is authenticated, and whether they are a member of a particular group. |
57 | 57 |
*/ |
58 | 58 |
public class AuthLdap implements AuthInterface { |
59 |
|
|
60 |
private MetaCatUtil util; |
|
61 |
private String ldapUrl; |
|
62 |
private String ldapBase; |
|
59 | 63 |
|
64 |
/** |
|
65 |
* Construct an AuthLdap |
|
66 |
*/ |
|
67 |
public AuthLdap() { |
|
68 |
|
|
69 |
// Read LDAP URI for directory service information |
|
70 |
this.util = new MetaCatUtil(); |
|
71 |
this.ldapUrl = util.getOption("ldapurl"); |
|
72 |
this.ldapBase = util.getOption("ldapbase"); |
|
73 |
|
|
74 |
} |
|
75 |
|
|
60 | 76 |
/** |
61 | 77 |
* Determine if a user/password are valid according to the authentication |
62 | 78 |
* service. |
... | ... | |
68 | 84 |
public boolean authenticate(String user, String password) |
69 | 85 |
throws ConnectException |
70 | 86 |
{ |
71 |
MetaCatUtil util = new MetaCatUtil(); |
|
72 |
String ldapUrl = util.getOption("ldapurl"); |
|
73 |
String ldapBase = util.getOption("ldapbase"); |
|
74 |
|
|
75 | 87 |
String distName = null; |
76 | 88 |
boolean authenticated = false; |
77 | 89 |
|
... | ... | |
125 | 137 |
public String[] getUsers(String user, String password) |
126 | 138 |
throws ConnectException |
127 | 139 |
{ |
128 |
MetaCatUtil util = new MetaCatUtil(); |
|
129 |
String ldapUrl = util.getOption("ldapurl"); |
|
130 |
String ldapBase = util.getOption("ldapbase"); |
|
131 |
|
|
132 | 140 |
String[] users = null; |
133 | 141 |
|
134 | 142 |
// Identify service provider to use |
... | ... | |
187 | 195 |
} catch (NamingException e) { |
188 | 196 |
System.err.println("Problem getting users in AuthLdap.getUsers:" + e); |
189 | 197 |
throw new ConnectException( |
190 |
"Problem getting groups in AuthLdap.getUsers:" + e);
|
|
198 |
"Problem getting users in AuthLdap.getUsers:" + e);
|
|
191 | 199 |
} |
192 | 200 |
|
193 | 201 |
return users; |
... | ... | |
199 | 207 |
public String[] getUsers(String user, String password, String group) |
200 | 208 |
throws ConnectException |
201 | 209 |
{ |
202 |
MetaCatUtil util = new MetaCatUtil(); |
|
203 |
String ldapUrl = util.getOption("ldapurl"); |
|
204 |
String ldapBase = util.getOption("ldapbase"); |
|
205 |
|
|
206 | 210 |
String[] users = null; |
207 | 211 |
|
208 | 212 |
// Identify service provider to use |
... | ... | |
226 | 230 |
// Specify the ids of the attributes to return |
227 | 231 |
String[] attrIDs = {"uniquemember"}; |
228 | 232 |
|
229 |
// Get the dn for this group |
|
230 |
identifier = getIdentifyingName(group); |
|
231 |
|
|
232 | 233 |
// Specify the attributes to match. |
233 | 234 |
// Groups are objects with attribute objectclass=groupofuniquenames. |
234 | 235 |
Attributes matchAttrs = new BasicAttributes(true); // ignore case |
... | ... | |
243 | 244 |
while (enum.hasMore()) { |
244 | 245 |
SearchResult sr = (SearchResult)enum.next(); |
245 | 246 |
Attributes attrs = sr.getAttributes(); |
246 |
// return all attributes |
|
247 |
NamingEnumeration enum1 = attrs.getAll(); // only "uniquemember" attr
|
|
247 |
// return all attributes (only "uniquemember" attr)
|
|
248 |
NamingEnumeration enum1 = attrs.getAll(); |
|
248 | 249 |
while (enum1.hasMore()) { |
249 | 250 |
Attribute attr = (Attribute)enum1.next(); |
250 | 251 |
// return all values of that attribute |
251 | 252 |
NamingEnumeration enum2 = attr.getAll(); |
252 | 253 |
while (enum2.hasMore()) { |
253 |
uvec.add((String)enum2.next()); |
|
254 |
// get DN of a member |
|
255 |
String memberDN = (String)enum2.next(); |
|
256 |
try { |
|
257 |
// we actually need RDN of the member |
|
258 |
// try to get RDN (UID) of the member in case of a user |
|
259 |
String memberID = getUserID(memberDN); |
|
260 |
if ( memberID != null ) { |
|
261 |
uvec.add(memberID); |
|
262 |
// CURRENTLY WE DON'T SUPPORT SUBGROUPING, THUS |
|
263 |
// IGNORE SUBGROUPS AS MEMBERS OF THE GROUP |
|
264 |
// // this is a group, not user |
|
265 |
// // try to get RDN (CN) of the group |
|
266 |
// } else { |
|
267 |
// memberID = getGroupID(memberDN); |
|
268 |
// uvec.add(memberID); |
|
269 |
} |
|
270 |
} catch (NamingException ne) {} |
|
254 | 271 |
} |
255 | 272 |
} |
256 | 273 |
} |
... | ... | |
268 | 285 |
} |
269 | 286 |
|
270 | 287 |
} catch (NamingException e) { |
271 |
System.err.println("Problem getting users in AuthLdap.getUsers:" + e); |
|
288 |
System.err.println("Problem getting users for a group in AuthLdap.getUsers:" + e);
|
|
272 | 289 |
throw new ConnectException( |
273 |
"Problem getting groups in AuthLdap.getUsers:" + e);
|
|
290 |
"Problem getting users for a group in AuthLdap.getUsers:" + e);
|
|
274 | 291 |
} |
275 | 292 |
|
276 | 293 |
return users; |
277 | 294 |
} |
278 | 295 |
|
279 | 296 |
/** |
297 |
* Get UID by DN of a member |
|
298 |
*/ |
|
299 |
private String getUserID(String dn) |
|
300 |
throws NamingException |
|
301 |
{ |
|
302 |
String[] users = null; |
|
303 |
|
|
304 |
// Identify service provider to use |
|
305 |
Hashtable env = new Hashtable(11); |
|
306 |
env.put(Context.INITIAL_CONTEXT_FACTORY, |
|
307 |
"com.sun.jndi.ldap.LdapCtxFactory"); |
|
308 |
env.put(Context.PROVIDER_URL, ldapUrl); // + ldapBase); |
|
309 |
|
|
310 |
try { |
|
311 |
|
|
312 |
// Create the initial directory context |
|
313 |
DirContext ctx = new InitialDirContext(env); |
|
314 |
|
|
315 |
// Specify the ids of the attributes to return |
|
316 |
String[] attrIDs = {"uid"}; |
|
317 |
|
|
318 |
// Ask for "uid" attributes of the user |
|
319 |
Attributes attrs = ctx.getAttributes(dn, attrIDs); |
|
320 |
|
|
321 |
// Print all of the attributes (only "uid" attr) |
|
322 |
Vector uvec = new Vector(); |
|
323 |
NamingEnumeration en = attrs.getAll(); |
|
324 |
while (en.hasMore()) { |
|
325 |
Attribute att = (Attribute)en.next(); |
|
326 |
Vector values = new Vector(); |
|
327 |
String attName = att.getID(); |
|
328 |
NamingEnumeration attvalues = att.getAll(); |
|
329 |
while (attvalues.hasMore()) { |
|
330 |
String value = (String)attvalues.next(); |
|
331 |
values.add(value); |
|
332 |
} |
|
333 |
uvec.add(values.elementAt(0)); |
|
334 |
} |
|
335 |
|
|
336 |
// initialize users[]; fill users[] |
|
337 |
users = new String[uvec.size()]; |
|
338 |
for (int i=0; i < uvec.size(); i++) { |
|
339 |
users[i] = (String)uvec.elementAt(i); |
|
340 |
} |
|
341 |
|
|
342 |
// Close the context when we're done |
|
343 |
ctx.close(); |
|
344 |
|
|
345 |
} catch (NamingException ne) { |
|
346 |
System.err.println("Problem getting userID by \"dn\" in AuthLdap.getUserID:" + ne); |
|
347 |
throw ne; |
|
348 |
//throw new ConnectException( |
|
349 |
//"Problem getting userID searching by \"dn\" in AuthLdap.getUserID:" + e); |
|
350 |
//return null; |
|
351 |
} |
|
352 |
|
|
353 |
if ( users.length > 0 ) { |
|
354 |
return users[0]; |
|
355 |
} |
|
356 |
return null; |
|
357 |
} |
|
358 |
|
|
359 |
/** |
|
360 |
* Get CN by DN of a member |
|
361 |
*/ |
|
362 |
private String getGroupID(String dn) |
|
363 |
throws NamingException |
|
364 |
{ |
|
365 |
String[] groups = null; |
|
366 |
|
|
367 |
// Identify service provider to use |
|
368 |
Hashtable env = new Hashtable(11); |
|
369 |
env.put(Context.INITIAL_CONTEXT_FACTORY, |
|
370 |
"com.sun.jndi.ldap.LdapCtxFactory"); |
|
371 |
env.put(Context.PROVIDER_URL, ldapUrl); // + ldapBase); |
|
372 |
|
|
373 |
try { |
|
374 |
|
|
375 |
// Create the initial directory context |
|
376 |
DirContext ctx = new InitialDirContext(env); |
|
377 |
|
|
378 |
// Specify the ids of the attributes to return |
|
379 |
String[] attrIDs = {"cn"}; |
|
380 |
|
|
381 |
// Ask for "uid" attributes of the user |
|
382 |
Attributes attrs = ctx.getAttributes(dn, attrIDs); |
|
383 |
|
|
384 |
// Print all of the attributes (only "cn" attr) |
|
385 |
Vector uvec = new Vector(); |
|
386 |
NamingEnumeration en = attrs.getAll(); |
|
387 |
while (en.hasMore()) { |
|
388 |
Attribute att = (Attribute)en.next(); |
|
389 |
Vector values = new Vector(); |
|
390 |
String attName = att.getID(); |
|
391 |
NamingEnumeration attvalues = att.getAll(); |
|
392 |
while (attvalues.hasMore()) { |
|
393 |
String value = (String)attvalues.next(); |
|
394 |
values.add(value); |
|
395 |
} |
|
396 |
uvec.add(values.elementAt(0)); |
|
397 |
} |
|
398 |
|
|
399 |
// initialize users[]; fill users[] |
|
400 |
groups = new String[uvec.size()]; |
|
401 |
for (int i=0; i < uvec.size(); i++) { |
|
402 |
groups[i] = (String)uvec.elementAt(i); |
|
403 |
} |
|
404 |
|
|
405 |
// Close the context when we're done |
|
406 |
ctx.close(); |
|
407 |
|
|
408 |
} catch (NamingException ne) { |
|
409 |
System.err.println("Problem getting groupID by \"dn\" in AuthLdap.getGroupID:" + ne); |
|
410 |
throw ne; |
|
411 |
//throw new ConnectException( |
|
412 |
//"Problem getting groupID searching by \"dn\" in AuthLdap.getGroupID:" + e); |
|
413 |
//return null; |
|
414 |
} |
|
415 |
|
|
416 |
if ( groups.length > 0 ) { |
|
417 |
return groups[0]; |
|
418 |
} |
|
419 |
return null; |
|
420 |
} |
|
421 |
|
|
422 |
/** |
|
280 | 423 |
* Get all groups from the authentication service |
281 | 424 |
*/ |
282 | 425 |
public String[] getGroups(String user, String password) |
283 | 426 |
throws ConnectException |
284 | 427 |
{ |
285 |
MetaCatUtil util = new MetaCatUtil(); |
|
286 |
String ldapUrl = util.getOption("ldapurl"); |
|
287 |
String ldapBase = util.getOption("ldapbase"); |
|
288 |
|
|
289 | 428 |
String[] groups = null; |
290 | 429 |
|
291 | 430 |
// Identify service provider to use |
... | ... | |
356 | 495 |
public String[] getGroups(String user, String password, String foruser) |
357 | 496 |
throws ConnectException |
358 | 497 |
{ |
359 |
MetaCatUtil util = new MetaCatUtil(); |
|
360 |
String ldapUrl = util.getOption("ldapurl"); |
|
361 |
String ldapBase = util.getOption("ldapbase"); |
|
362 |
|
|
363 | 498 |
String[] groups = null; |
364 | 499 |
|
365 | 500 |
// Identify service provider to use |
... | ... | |
398 | 533 |
while (enum.hasMore()) { |
399 | 534 |
SearchResult sr = (SearchResult)enum.next(); |
400 | 535 |
Attributes attrs = sr.getAttributes(); |
401 |
NamingEnumeration enum1 = attrs.getAll(); // only "gid" attr
|
|
536 |
NamingEnumeration enum1 = attrs.getAll(); // only "cn" attr
|
|
402 | 537 |
while (enum1.hasMore()) { |
403 | 538 |
Attribute attr = (Attribute)enum1.next(); |
404 | 539 |
uvec.add(attr.get()); |
... | ... | |
420 | 555 |
} catch (NamingException e) { |
421 | 556 |
System.err.println("Problem getting groups in AuthLdap.getGroups:" + e); |
422 | 557 |
throw new ConnectException( |
423 |
"Problem getting groups in AuthLdap.getGroups:" + e); |
|
558 |
"Problem getting groups for a user in AuthLdap.getGroups:" + e);
|
|
424 | 559 |
} |
425 | 560 |
|
426 | 561 |
return groups; |
... | ... | |
449 | 584 |
public HashMap getAttributes(String user, String password, String foruser) |
450 | 585 |
throws ConnectException |
451 | 586 |
{ |
452 |
MetaCatUtil util = new MetaCatUtil(); |
|
453 |
String ldapUrl = util.getOption("ldapurl"); |
|
454 |
String ldapBase = util.getOption("ldapbase"); |
|
455 |
|
|
456 | 587 |
HashMap attributes = new HashMap(); |
457 | 588 |
|
458 | 589 |
// Identify service provider to use |
... | ... | |
519 | 650 |
private String getIdentifyingName(String user) |
520 | 651 |
throws NamingException |
521 | 652 |
{ |
522 |
MetaCatUtil util = new MetaCatUtil(); |
|
523 |
String ldapUrl = util.getOption("ldapurl"); |
|
524 |
String ldapBase = util.getOption("ldapbase"); |
|
525 |
|
|
526 | 653 |
String identifier = null; |
527 | 654 |
|
528 | 655 |
// Identify service provider to use |
... | ... | |
590 | 717 |
Vector usersIn = new Vector(); |
591 | 718 |
|
592 | 719 |
out.append("<?xml version=\"1.0\"?>\n"); |
593 |
out.append("<principals>\n"); |
|
720 |
out.append("<principals authSystemURI=\"" + ldapUrl + ldapBase + "\">\n");
|
|
594 | 721 |
|
595 | 722 |
// for the groups and users that belong to them |
596 | 723 |
if ( groups.length > 0 ) { |
... | ... | |
638 | 765 |
if (isValid) { |
639 | 766 |
System.out.println("Authentication successful for: " + user ); |
640 | 767 |
System.out.println(" "); |
768 |
|
|
641 | 769 |
} else { |
642 | 770 |
System.out.println("Authentication failed for: " + user); |
643 | 771 |
} |
Also available in: Unified diff
fixes on getting information from LDAP services