Revision 728
Added by bojilova over 23 years ago
| AuthLdap.java | ||
|---|---|---|
| 56 | 56 |
* is authenticated, and whether they are a member of a particular group. |
| 57 | 57 |
*/ |
| 58 | 58 |
public class AuthLdap implements AuthInterface {
|
| 59 |
|
|
| 60 |
private MetaCatUtil util; |
|
| 61 |
private String ldapUrl; |
|
| 62 |
private String ldapBase; |
|
| 59 | 63 |
|
| 64 |
/** |
|
| 65 |
* Construct an AuthLdap |
|
| 66 |
*/ |
|
| 67 |
public AuthLdap() {
|
|
| 68 |
|
|
| 69 |
// Read LDAP URI for directory service information |
|
| 70 |
this.util = new MetaCatUtil(); |
|
| 71 |
this.ldapUrl = util.getOption("ldapurl");
|
|
| 72 |
this.ldapBase = util.getOption("ldapbase");
|
|
| 73 |
|
|
| 74 |
} |
|
| 75 |
|
|
| 60 | 76 |
/** |
| 61 | 77 |
* Determine if a user/password are valid according to the authentication |
| 62 | 78 |
* service. |
| ... | ... | |
| 68 | 84 |
public boolean authenticate(String user, String password) |
| 69 | 85 |
throws ConnectException |
| 70 | 86 |
{
|
| 71 |
MetaCatUtil util = new MetaCatUtil(); |
|
| 72 |
String ldapUrl = util.getOption("ldapurl");
|
|
| 73 |
String ldapBase = util.getOption("ldapbase");
|
|
| 74 |
|
|
| 75 | 87 |
String distName = null; |
| 76 | 88 |
boolean authenticated = false; |
| 77 | 89 |
|
| ... | ... | |
| 125 | 137 |
public String[] getUsers(String user, String password) |
| 126 | 138 |
throws ConnectException |
| 127 | 139 |
{
|
| 128 |
MetaCatUtil util = new MetaCatUtil(); |
|
| 129 |
String ldapUrl = util.getOption("ldapurl");
|
|
| 130 |
String ldapBase = util.getOption("ldapbase");
|
|
| 131 |
|
|
| 132 | 140 |
String[] users = null; |
| 133 | 141 |
|
| 134 | 142 |
// Identify service provider to use |
| ... | ... | |
| 187 | 195 |
} catch (NamingException e) {
|
| 188 | 196 |
System.err.println("Problem getting users in AuthLdap.getUsers:" + e);
|
| 189 | 197 |
throw new ConnectException( |
| 190 |
"Problem getting groups in AuthLdap.getUsers:" + e);
|
|
| 198 |
"Problem getting users in AuthLdap.getUsers:" + e);
|
|
| 191 | 199 |
} |
| 192 | 200 |
|
| 193 | 201 |
return users; |
| ... | ... | |
| 199 | 207 |
public String[] getUsers(String user, String password, String group) |
| 200 | 208 |
throws ConnectException |
| 201 | 209 |
{
|
| 202 |
MetaCatUtil util = new MetaCatUtil(); |
|
| 203 |
String ldapUrl = util.getOption("ldapurl");
|
|
| 204 |
String ldapBase = util.getOption("ldapbase");
|
|
| 205 |
|
|
| 206 | 210 |
String[] users = null; |
| 207 | 211 |
|
| 208 | 212 |
// Identify service provider to use |
| ... | ... | |
| 226 | 230 |
// Specify the ids of the attributes to return |
| 227 | 231 |
String[] attrIDs = {"uniquemember"};
|
| 228 | 232 |
|
| 229 |
// Get the dn for this group |
|
| 230 |
identifier = getIdentifyingName(group); |
|
| 231 |
|
|
| 232 | 233 |
// Specify the attributes to match. |
| 233 | 234 |
// Groups are objects with attribute objectclass=groupofuniquenames. |
| 234 | 235 |
Attributes matchAttrs = new BasicAttributes(true); // ignore case |
| ... | ... | |
| 243 | 244 |
while (enum.hasMore()) {
|
| 244 | 245 |
SearchResult sr = (SearchResult)enum.next(); |
| 245 | 246 |
Attributes attrs = sr.getAttributes(); |
| 246 |
// return all attributes |
|
| 247 |
NamingEnumeration enum1 = attrs.getAll(); // only "uniquemember" attr
|
|
| 247 |
// return all attributes (only "uniquemember" attr)
|
|
| 248 |
NamingEnumeration enum1 = attrs.getAll(); |
|
| 248 | 249 |
while (enum1.hasMore()) {
|
| 249 | 250 |
Attribute attr = (Attribute)enum1.next(); |
| 250 | 251 |
// return all values of that attribute |
| 251 | 252 |
NamingEnumeration enum2 = attr.getAll(); |
| 252 | 253 |
while (enum2.hasMore()) {
|
| 253 |
uvec.add((String)enum2.next()); |
|
| 254 |
// get DN of a member |
|
| 255 |
String memberDN = (String)enum2.next(); |
|
| 256 |
try {
|
|
| 257 |
// we actually need RDN of the member |
|
| 258 |
// try to get RDN (UID) of the member in case of a user |
|
| 259 |
String memberID = getUserID(memberDN); |
|
| 260 |
if ( memberID != null ) {
|
|
| 261 |
uvec.add(memberID); |
|
| 262 |
// CURRENTLY WE DON'T SUPPORT SUBGROUPING, THUS |
|
| 263 |
// IGNORE SUBGROUPS AS MEMBERS OF THE GROUP |
|
| 264 |
// // this is a group, not user |
|
| 265 |
// // try to get RDN (CN) of the group |
|
| 266 |
// } else {
|
|
| 267 |
// memberID = getGroupID(memberDN); |
|
| 268 |
// uvec.add(memberID); |
|
| 269 |
} |
|
| 270 |
} catch (NamingException ne) {}
|
|
| 254 | 271 |
} |
| 255 | 272 |
} |
| 256 | 273 |
} |
| ... | ... | |
| 268 | 285 |
} |
| 269 | 286 |
|
| 270 | 287 |
} catch (NamingException e) {
|
| 271 |
System.err.println("Problem getting users in AuthLdap.getUsers:" + e);
|
|
| 288 |
System.err.println("Problem getting users for a group in AuthLdap.getUsers:" + e);
|
|
| 272 | 289 |
throw new ConnectException( |
| 273 |
"Problem getting groups in AuthLdap.getUsers:" + e);
|
|
| 290 |
"Problem getting users for a group in AuthLdap.getUsers:" + e);
|
|
| 274 | 291 |
} |
| 275 | 292 |
|
| 276 | 293 |
return users; |
| 277 | 294 |
} |
| 278 | 295 |
|
| 279 | 296 |
/** |
| 297 |
* Get UID by DN of a member |
|
| 298 |
*/ |
|
| 299 |
private String getUserID(String dn) |
|
| 300 |
throws NamingException |
|
| 301 |
{
|
|
| 302 |
String[] users = null; |
|
| 303 |
|
|
| 304 |
// Identify service provider to use |
|
| 305 |
Hashtable env = new Hashtable(11); |
|
| 306 |
env.put(Context.INITIAL_CONTEXT_FACTORY, |
|
| 307 |
"com.sun.jndi.ldap.LdapCtxFactory"); |
|
| 308 |
env.put(Context.PROVIDER_URL, ldapUrl); // + ldapBase); |
|
| 309 |
|
|
| 310 |
try {
|
|
| 311 |
|
|
| 312 |
// Create the initial directory context |
|
| 313 |
DirContext ctx = new InitialDirContext(env); |
|
| 314 |
|
|
| 315 |
// Specify the ids of the attributes to return |
|
| 316 |
String[] attrIDs = {"uid"};
|
|
| 317 |
|
|
| 318 |
// Ask for "uid" attributes of the user |
|
| 319 |
Attributes attrs = ctx.getAttributes(dn, attrIDs); |
|
| 320 |
|
|
| 321 |
// Print all of the attributes (only "uid" attr) |
|
| 322 |
Vector uvec = new Vector(); |
|
| 323 |
NamingEnumeration en = attrs.getAll(); |
|
| 324 |
while (en.hasMore()) {
|
|
| 325 |
Attribute att = (Attribute)en.next(); |
|
| 326 |
Vector values = new Vector(); |
|
| 327 |
String attName = att.getID(); |
|
| 328 |
NamingEnumeration attvalues = att.getAll(); |
|
| 329 |
while (attvalues.hasMore()) {
|
|
| 330 |
String value = (String)attvalues.next(); |
|
| 331 |
values.add(value); |
|
| 332 |
} |
|
| 333 |
uvec.add(values.elementAt(0)); |
|
| 334 |
} |
|
| 335 |
|
|
| 336 |
// initialize users[]; fill users[] |
|
| 337 |
users = new String[uvec.size()]; |
|
| 338 |
for (int i=0; i < uvec.size(); i++) {
|
|
| 339 |
users[i] = (String)uvec.elementAt(i); |
|
| 340 |
} |
|
| 341 |
|
|
| 342 |
// Close the context when we're done |
|
| 343 |
ctx.close(); |
|
| 344 |
|
|
| 345 |
} catch (NamingException ne) {
|
|
| 346 |
System.err.println("Problem getting userID by \"dn\" in AuthLdap.getUserID:" + ne);
|
|
| 347 |
throw ne; |
|
| 348 |
//throw new ConnectException( |
|
| 349 |
//"Problem getting userID searching by \"dn\" in AuthLdap.getUserID:" + e); |
|
| 350 |
//return null; |
|
| 351 |
} |
|
| 352 |
|
|
| 353 |
if ( users.length > 0 ) {
|
|
| 354 |
return users[0]; |
|
| 355 |
} |
|
| 356 |
return null; |
|
| 357 |
} |
|
| 358 |
|
|
| 359 |
/** |
|
| 360 |
* Get CN by DN of a member |
|
| 361 |
*/ |
|
| 362 |
private String getGroupID(String dn) |
|
| 363 |
throws NamingException |
|
| 364 |
{
|
|
| 365 |
String[] groups = null; |
|
| 366 |
|
|
| 367 |
// Identify service provider to use |
|
| 368 |
Hashtable env = new Hashtable(11); |
|
| 369 |
env.put(Context.INITIAL_CONTEXT_FACTORY, |
|
| 370 |
"com.sun.jndi.ldap.LdapCtxFactory"); |
|
| 371 |
env.put(Context.PROVIDER_URL, ldapUrl); // + ldapBase); |
|
| 372 |
|
|
| 373 |
try {
|
|
| 374 |
|
|
| 375 |
// Create the initial directory context |
|
| 376 |
DirContext ctx = new InitialDirContext(env); |
|
| 377 |
|
|
| 378 |
// Specify the ids of the attributes to return |
|
| 379 |
String[] attrIDs = {"cn"};
|
|
| 380 |
|
|
| 381 |
// Ask for "uid" attributes of the user |
|
| 382 |
Attributes attrs = ctx.getAttributes(dn, attrIDs); |
|
| 383 |
|
|
| 384 |
// Print all of the attributes (only "cn" attr) |
|
| 385 |
Vector uvec = new Vector(); |
|
| 386 |
NamingEnumeration en = attrs.getAll(); |
|
| 387 |
while (en.hasMore()) {
|
|
| 388 |
Attribute att = (Attribute)en.next(); |
|
| 389 |
Vector values = new Vector(); |
|
| 390 |
String attName = att.getID(); |
|
| 391 |
NamingEnumeration attvalues = att.getAll(); |
|
| 392 |
while (attvalues.hasMore()) {
|
|
| 393 |
String value = (String)attvalues.next(); |
|
| 394 |
values.add(value); |
|
| 395 |
} |
|
| 396 |
uvec.add(values.elementAt(0)); |
|
| 397 |
} |
|
| 398 |
|
|
| 399 |
// initialize users[]; fill users[] |
|
| 400 |
groups = new String[uvec.size()]; |
|
| 401 |
for (int i=0; i < uvec.size(); i++) {
|
|
| 402 |
groups[i] = (String)uvec.elementAt(i); |
|
| 403 |
} |
|
| 404 |
|
|
| 405 |
// Close the context when we're done |
|
| 406 |
ctx.close(); |
|
| 407 |
|
|
| 408 |
} catch (NamingException ne) {
|
|
| 409 |
System.err.println("Problem getting groupID by \"dn\" in AuthLdap.getGroupID:" + ne);
|
|
| 410 |
throw ne; |
|
| 411 |
//throw new ConnectException( |
|
| 412 |
//"Problem getting groupID searching by \"dn\" in AuthLdap.getGroupID:" + e); |
|
| 413 |
//return null; |
|
| 414 |
} |
|
| 415 |
|
|
| 416 |
if ( groups.length > 0 ) {
|
|
| 417 |
return groups[0]; |
|
| 418 |
} |
|
| 419 |
return null; |
|
| 420 |
} |
|
| 421 |
|
|
| 422 |
/** |
|
| 280 | 423 |
* Get all groups from the authentication service |
| 281 | 424 |
*/ |
| 282 | 425 |
public String[] getGroups(String user, String password) |
| 283 | 426 |
throws ConnectException |
| 284 | 427 |
{
|
| 285 |
MetaCatUtil util = new MetaCatUtil(); |
|
| 286 |
String ldapUrl = util.getOption("ldapurl");
|
|
| 287 |
String ldapBase = util.getOption("ldapbase");
|
|
| 288 |
|
|
| 289 | 428 |
String[] groups = null; |
| 290 | 429 |
|
| 291 | 430 |
// Identify service provider to use |
| ... | ... | |
| 356 | 495 |
public String[] getGroups(String user, String password, String foruser) |
| 357 | 496 |
throws ConnectException |
| 358 | 497 |
{
|
| 359 |
MetaCatUtil util = new MetaCatUtil(); |
|
| 360 |
String ldapUrl = util.getOption("ldapurl");
|
|
| 361 |
String ldapBase = util.getOption("ldapbase");
|
|
| 362 |
|
|
| 363 | 498 |
String[] groups = null; |
| 364 | 499 |
|
| 365 | 500 |
// Identify service provider to use |
| ... | ... | |
| 398 | 533 |
while (enum.hasMore()) {
|
| 399 | 534 |
SearchResult sr = (SearchResult)enum.next(); |
| 400 | 535 |
Attributes attrs = sr.getAttributes(); |
| 401 |
NamingEnumeration enum1 = attrs.getAll(); // only "gid" attr
|
|
| 536 |
NamingEnumeration enum1 = attrs.getAll(); // only "cn" attr
|
|
| 402 | 537 |
while (enum1.hasMore()) {
|
| 403 | 538 |
Attribute attr = (Attribute)enum1.next(); |
| 404 | 539 |
uvec.add(attr.get()); |
| ... | ... | |
| 420 | 555 |
} catch (NamingException e) {
|
| 421 | 556 |
System.err.println("Problem getting groups in AuthLdap.getGroups:" + e);
|
| 422 | 557 |
throw new ConnectException( |
| 423 |
"Problem getting groups in AuthLdap.getGroups:" + e); |
|
| 558 |
"Problem getting groups for a user in AuthLdap.getGroups:" + e);
|
|
| 424 | 559 |
} |
| 425 | 560 |
|
| 426 | 561 |
return groups; |
| ... | ... | |
| 449 | 584 |
public HashMap getAttributes(String user, String password, String foruser) |
| 450 | 585 |
throws ConnectException |
| 451 | 586 |
{
|
| 452 |
MetaCatUtil util = new MetaCatUtil(); |
|
| 453 |
String ldapUrl = util.getOption("ldapurl");
|
|
| 454 |
String ldapBase = util.getOption("ldapbase");
|
|
| 455 |
|
|
| 456 | 587 |
HashMap attributes = new HashMap(); |
| 457 | 588 |
|
| 458 | 589 |
// Identify service provider to use |
| ... | ... | |
| 519 | 650 |
private String getIdentifyingName(String user) |
| 520 | 651 |
throws NamingException |
| 521 | 652 |
{
|
| 522 |
MetaCatUtil util = new MetaCatUtil(); |
|
| 523 |
String ldapUrl = util.getOption("ldapurl");
|
|
| 524 |
String ldapBase = util.getOption("ldapbase");
|
|
| 525 |
|
|
| 526 | 653 |
String identifier = null; |
| 527 | 654 |
|
| 528 | 655 |
// Identify service provider to use |
| ... | ... | |
| 590 | 717 |
Vector usersIn = new Vector(); |
| 591 | 718 |
|
| 592 | 719 |
out.append("<?xml version=\"1.0\"?>\n");
|
| 593 |
out.append("<principals>\n");
|
|
| 720 |
out.append("<principals authSystemURI=\"" + ldapUrl + ldapBase + "\">\n");
|
|
| 594 | 721 |
|
| 595 | 722 |
// for the groups and users that belong to them |
| 596 | 723 |
if ( groups.length > 0 ) {
|
| ... | ... | |
| 638 | 765 |
if (isValid) {
|
| 639 | 766 |
System.out.println("Authentication successful for: " + user );
|
| 640 | 767 |
System.out.println(" ");
|
| 768 |
|
|
| 641 | 769 |
} else {
|
| 642 | 770 |
System.out.println("Authentication failed for: " + user);
|
| 643 | 771 |
} |
Also available in: Unified diff
fixes on getting information from LDAP services