/src/edu/ucsb/nceas/metacat/AuthLdap.java - Annotate - Metacat - Ecoinformatics Redmine

metacat/src/edu/ucsb/nceas/metacat/AuthLdap.java @ 764

-            bojilova
+/**
  *  '$RCSfile$'
  *    Purpose: An implementation of the AuthInterface interface that
  *             allows Metacat to use the LDAP protocol for
  *             directory services
  *  Copyright: 2000 Regents of the University of California and the
  *             National Center for Ecological Analysis and Synthesis
  *    Authors: Matt Jones
  *    Release: @release@
+ *
  *   '$Author$'
  *     '$Date$'
  * '$Revision$'
             jones
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
  * the Free Software Foundation; either version 2 of the License, or
  * (at your option) any later version.
+ *
  * This program is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
+ *
  * You should have received a copy of the GNU General Public License
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-            bojilova
+ */
 package edu.ucsb.nceas.metacat;
 import java.net.ConnectException;
 import javax.naming.AuthenticationException;
 import javax.naming.Context;
-            bojilova
+import javax.naming.InitialContext;
-            bojilova
+import javax.naming.directory.Attribute;
 import javax.naming.directory.Attributes;
-            jones
+import javax.naming.directory.BasicAttribute;
 import javax.naming.directory.BasicAttributes;
 import javax.naming.directory.DirContext;
 import javax.naming.directory.InitialDirContext;
 import javax.naming.directory.SearchResult;
-            bojilova
+import javax.naming.directory.SearchControls;
-            bojilova
+import javax.naming.NamingEnumeration;
 import javax.naming.NamingException;
 import java.util.Iterator;
 import java.util.HashMap;
 import java.util.Hashtable;
-            bojilova
+import java.util.Enumeration;
-            bojilova
+import java.util.Set;
 import java.util.Vector;
 /**
  * An implementation of the AuthInterface interface that
  * allows Metacat to use the LDAP protocol for directory services.
  * The LDAP authentication service is used to determine if a user
  * is authenticated, and whether they are a member of a particular group.
  */
-            jones
+public class AuthLdap implements AuthInterface {
             bojilova
   private MetaCatUtil util;
   private String ldapUrl;
   private String ldapBase;
             bojilova
-            bojilova
+  /**
    * Construct an AuthLdap
    */
   public AuthLdap() {
     // Read LDAP URI for directory service information
     this.util = new MetaCatUtil();
     this.ldapUrl = util.getOption("ldapurl");
     this.ldapBase = util.getOption("ldapbase");
+  }
-            bojilova
+  /**
    * Determine if a user/password are valid according to the authentication
    * service.
+   *
    * @param user the name of the principal to authenticate
    * @param password the password to use for authentication
    * @returns boolean true if authentication successful, false otherwise
    */
   public boolean authenticate(String user, String password)
                     throws ConnectException
+  {
-            bojilova
+    String ldapUrl = this.ldapUrl;
     String ldapBase = this.ldapBase;
-            bojilova
+    boolean authenticated = false;
             bojilova
-            bojilova
+    // Identify service provider to use
     Hashtable env = new Hashtable(11);
     env.put(Context.INITIAL_CONTEXT_FACTORY,
             "com.sun.jndi.ldap.LdapCtxFactory");
-            bojilova
+//    env.put(Context.SECURITY_AUTHENTICATION, "simple");
 //    env.put(Context.SECURITY_PRINCIPAL, user);
             bojilova
     try {
-            bojilova
+      /*
        * get all subtrees first in the current dir context
        * and then the dn for this uid or cn
        */
       Hashtable subtrees = getSubtrees(user,password,ldapUrl,ldapBase);
       Enumeration enum = subtrees.keys();
       while ( enum.hasMoreElements() ) {
         ldapBase = (String)enum.nextElement();
         ldapUrl = (String)subtrees.get(ldapBase);
 System.out.println(ldapUrl + ldapBase);
         String identifier = getIdentifyingName(user,ldapUrl,ldapBase);
             bojilova
-            bojilova
+        if (identifier != null && !password.equals("")) {
-            bojilova
+          // Now that we have the dn, we can authenticate, so
           // authenticate this time when opening the DirContext
           env.put(Context.PROVIDER_URL, ldapUrl + ldapBase);
-            bojilova
+          //env.put(Context.SECURITY_PROTOCOL, "ssl");
-            bojilova
+          env.put(Context.SECURITY_AUTHENTICATION, "simple");
           env.put(Context.SECURITY_PRINCIPAL, identifier + "," + ldapBase);
           env.put(Context.SECURITY_CREDENTIALS, password);
           // If our auth credentials are invalid, an exception will be thrown
           DirContext ctx = null;
           try {
             ctx = new InitialDirContext(env);
             authenticated = true;
             ctx.close();
             this.ldapUrl = ldapUrl;
             this.ldapBase = ldapBase;
             break;
           } catch (AuthenticationException ae) {
             authenticated = false;
             if ( ctx != null ) {
               ctx.close();
+            }
+          }
         } else {
           util.debugMessage("User not found");
-            bojilova
+//System.out.println("User NOT FOUND");
             bojilova
       } /* while ( enum.hasMore() ) */
             jones
-            bojilova
+    } catch (NullPointerException e) {
       util.debugMessage("NullPointerException b' password is null");
       util.debugMessage("NullPointerException while authenticating in " +
                         "AuthLdap.authenticate: " + e);
       throw new ConnectException(
       "NullPointerException while authenticating in " +
                         "AuthLdap.authenticate: " + e);
-            bojilova
+    } catch (NamingException e) {
-            berkley
+      util.debugMessage("Naming exception while authenticating in " +
                         "AuthLdap.authenticate: " + e);
-            bojilova
+      throw new ConnectException(
       "Naming exception while authenticating in " +
                         "AuthLdap.authenticate: " + e);
-            bojilova
+    } catch (Exception e) {
       System.out.println(e.getMessage());
             bojilova
     return authenticated;
+  }
   /**
-            bojilova
+   * Get the identifying name for a given userid or name.  This is the name
    * that is used in conjunction withthe LDAP BaseDN to create a
    * distinguished name (dn) for the record
+   *
    * @param user the user for which the identifying name is requested
    * @returns String the identifying name for the user,
    *          or null if not found
    */
   private String getIdentifyingName(String user, String ldapUrl, String ldapBase)
          throws NamingException
+  {
     String identifier = null;
     // Identify service provider to use
     Hashtable env = new Hashtable(11);
     env.put(Context.INITIAL_CONTEXT_FACTORY,
             "com.sun.jndi.ldap.LdapCtxFactory");
     env.put(Context.PROVIDER_URL, ldapUrl + ldapBase);
 //    env.put(Context.SECURITY_AUTHENTICATION, "EXTERNAL");
 //    env.put(Context.SECURITY_PROTOCOL, "ssl");
     try {
       // Bind to the LDAP server, in order to search for the right
       // distinguished name (dn) based on userid (uid) or common name (cn)
       DirContext ctx = new InitialDirContext(env);
       SearchControls ctls = new SearchControls();
       ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
       // Search for the user id or name using the uid, then cn and sn attributes
       // If we find a record, determine the dn for the record
       util.debugMessage("\nStarting search phase...\n");
       String filter = "(uid=" + user + ")";
       NamingEnumeration answer = ctx.search("", filter, ctls);
       if (answer.hasMore()) {
         SearchResult sr = (SearchResult)answer.next();
         identifier = sr.getName();
         if ( !sr.isRelative() ) {
           this.ldapUrl = identifier.substring(0,identifier.lastIndexOf("/")+1);
           this.ldapBase = identifier.substring(identifier.indexOf(",")+1);
           identifier = identifier.substring(identifier.lastIndexOf("/")+1,
                                             identifier.indexOf(","));
+        }
         util.debugMessage("Found: " + identifier);
       } else {
         //Attributes matchAttrs2 = new BasicAttributes(true);
         //matchAttrs2.put(new BasicAttribute("cn", user));
         //NamingEnumeration answer2 = ctx.search("", matchAttrs2);
         filter = "(cn=" + user + ")";
         NamingEnumeration answer2 = ctx.search("", filter, ctls);
         if (answer2.hasMore()) {
           SearchResult sr = (SearchResult)answer2.next();
           identifier = sr.getName();
           if ( !sr.isRelative() ) {
             this.ldapUrl = identifier.substring(0,identifier.lastIndexOf("/")+1);
             this.ldapBase = identifier.substring(identifier.indexOf(",")+1);
             identifier = identifier.substring(identifier.lastIndexOf("/")+1,
                                               identifier.indexOf(","));
+          }
           util.debugMessage("Found: " + identifier);
         } else {
           //Attributes matchAttrs3 = new BasicAttributes(true);
           //matchAttrs3.put(new BasicAttribute("sn", user));
           //NamingEnumeration answer3 = ctx.search("", matchAttrs3);
           filter = "(sn=" + user + ")";
           NamingEnumeration answer3 = ctx.search("", filter, ctls);
           if (answer3.hasMore()) {
             SearchResult sr = (SearchResult)answer3.next();
             identifier = sr.getName();
             if ( !sr.isRelative() ) {
               this.ldapUrl = identifier.substring(0,identifier.lastIndexOf("/")+1);
               this.ldapBase = identifier.substring(identifier.indexOf(",")+1);
               identifier = identifier.substring(identifier.lastIndexOf("/")+1,
                                                 identifier.indexOf(","));
+            }
             util.debugMessage("Found: " + identifier);
+          }
+        }
+      }
       // Close the context when we're done the initial search
       ctx.close();
     } catch (NamingException e) {
       util.debugMessage("Naming exception while getting dn: " + e);
       throw new NamingException(
       "Naming exception in AuthLdap.getIdentifyingName: " + e);
+    }
 //System.out.println("context: " + identifier);
     return identifier;
+  }
   /**
-            bojilova
+   * Get all users from the authentication service
    */
-            jones
+  public String[] getUsers(String user, String password)
          throws ConnectException
             bojilova
-            bojilova
+    String[] users = null;
     // Identify service provider to use
     Hashtable env = new Hashtable(11);
     env.put(Context.INITIAL_CONTEXT_FACTORY,
             "com.sun.jndi.ldap.LdapCtxFactory");
     env.put(Context.PROVIDER_URL, ldapUrl + ldapBase);
     try {
-            bojilova
+      //// Get the dn for this uid or cn
       //String identifier = getIdentifyingName(user);
       //if (identifier != null) {
       //  env.put(Context.SECURITY_AUTHENTICATION, "simple");
       //  env.put(Context.SECURITY_PRINCIPAL, identifier + "," + ldapBase);
       //  env.put(Context.SECURITY_CREDENTIALS, password);
             bojilova
         // Create the initial directory context
         DirContext ctx = new InitialDirContext(env);
         // Specify the ids of the attributes to return
         String[] attrIDs = {"uid"};
-            bojilova
+        // Specify the attributes to match.
         // Users are objects that have the attribute objectclass=InetOrgPerson.
         Attributes matchAttrs = new BasicAttributes(true); // ignore case
         matchAttrs.put(new BasicAttribute("objectclass", "inetOrgPerson"));
-            bojilova
+        // Search for objects in the current context
-            bojilova
+        NamingEnumeration enum = ctx.search("", matchAttrs, attrIDs);
             bojilova
         // Print the users
         Vector uvec = new Vector();
         while (enum.hasMore()) {
           SearchResult sr = (SearchResult)enum.next();
           Attributes attrs = sr.getAttributes();
           NamingEnumeration enum1 = attrs.getAll(); // only "uid" attr
           while (enum1.hasMore()) {
             Attribute attr = (Attribute)enum1.next();
             uvec.add(attr.get());
+          }
+        }
         // initialize users[]; fill users[]
         users = new String[uvec.size()];
         for (int i=0; i < uvec.size(); i++) {
           users[i] = (String)uvec.elementAt(i);
+        }
         // Close the context when we're done
         ctx.close();
-            bojilova
+      //} else {
       //  util.debugMessage("User not found!");
       //}
             bojilova
     } catch (NamingException e) {
       System.err.println("Problem getting users in AuthLdap.getUsers:" + e);
       throw new ConnectException(
-            bojilova
+      "Problem getting users in AuthLdap.getUsers:" + e);
             bojilova
     return users;
             bojilova
   /**
    * Get the users for a particular group from the authentication service
    */
-            jones
+  public String[] getUsers(String user, String password, String group)
          throws ConnectException
             bojilova
-            bojilova
+    String[] users = null;
     // Identify service provider to use
     Hashtable env = new Hashtable(11);
     env.put(Context.INITIAL_CONTEXT_FACTORY,
             "com.sun.jndi.ldap.LdapCtxFactory");
     env.put(Context.PROVIDER_URL, ldapUrl + ldapBase);
     try {
-            bojilova
+      //// Get the dn for this uid or cn
       //String identifier = getIdentifyingName(user);
       //if (identifier != null) {
       //  env.put(Context.SECURITY_AUTHENTICATION, "simple");
       //  env.put(Context.SECURITY_PRINCIPAL, identifier + "," + ldapBase);
       //  env.put(Context.SECURITY_CREDENTIALS, password);
             bojilova
         // Create the initial directory context
         DirContext ctx = new InitialDirContext(env);
         // Specify the ids of the attributes to return
-            bojilova
+        String[] attrIDs = {"uniquemember"};
             bojilova
         // Specify the attributes to match.
-            bojilova
+        // Groups are objects with attribute objectclass=groupofuniquenames.
-            bojilova
+        Attributes matchAttrs = new BasicAttributes(true); // ignore case
-            bojilova
+        matchAttrs.put(new BasicAttribute("objectclass", "groupofuniquenames"));
         matchAttrs.put(new BasicAttribute("cn", group));
             bojilova
         // Search for objects in the current context
         NamingEnumeration enum = ctx.search("", matchAttrs, attrIDs);
         // Print the users
         Vector uvec = new Vector();
         while (enum.hasMore()) {
           SearchResult sr = (SearchResult)enum.next();
           Attributes attrs = sr.getAttributes();
-            bojilova
+          // return all attributes (only "uniquemember" attr)
           NamingEnumeration enum1 = attrs.getAll();
-            bojilova
+          while (enum1.hasMore()) {
             Attribute attr = (Attribute)enum1.next();
-            bojilova
+            // return all values of that attribute
             NamingEnumeration enum2 = attr.getAll();
             while (enum2.hasMore()) {
-            bojilova
+              // get DN of a member
               String memberDN = (String)enum2.next();
               try {
                 // we actually need RDN of the member
                 // try to get RDN (UID) of the member in case of a user
                 String memberID = getUserID(memberDN);
                 if ( memberID != null ) {
                   uvec.add(memberID);
                 // CURRENTLY WE DON'T SUPPORT SUBGROUPING, THUS
                 // IGNORE SUBGROUPS AS MEMBERS OF THE GROUP
                 // // this is a group, not user
                 // // try to get RDN (CN) of the group
                 // } else {
                 //   memberID = getGroupID(memberDN);
                 //   uvec.add(memberID);
+                }
               } catch (NamingException ne) {}
             bojilova
             bojilova
+        }
         // initialize users[]; fill users[]
         users = new String[uvec.size()];
         for (int i=0; i < uvec.size(); i++) {
           users[i] = (String)uvec.elementAt(i);
+        }
         // Close the context when we're done
         ctx.close();
-            bojilova
+      //} else {
       //  util.debugMessage("User not found!");
       //}
             bojilova
     } catch (NamingException e) {
-            bojilova
+      System.err.println("Problem getting users for a group in AuthLdap.getUsers:" + e);
-            bojilova
+      throw new ConnectException(
-            bojilova
+      "Problem getting users for a group in AuthLdap.getUsers:" + e);
             bojilova
     return users;
             bojilova
   /**
-            bojilova
+   * Get UID by DN of a member
    */
   private String getUserID(String dn)
          throws NamingException
+  {
     String[] users = null;
     // Identify service provider to use
     Hashtable env = new Hashtable(11);
     env.put(Context.INITIAL_CONTEXT_FACTORY,
             "com.sun.jndi.ldap.LdapCtxFactory");
     env.put(Context.PROVIDER_URL, ldapUrl); // + ldapBase);
     try {
         // Create the initial directory context
         DirContext ctx = new InitialDirContext(env);
         // Specify the ids of the attributes to return
         String[] attrIDs = {"uid"};
         // Ask for "uid" attributes of the user
         Attributes attrs = ctx.getAttributes(dn, attrIDs);
         // Print all of the attributes (only "uid" attr)
         Vector uvec = new Vector();
         NamingEnumeration en = attrs.getAll();
         while (en.hasMore()) {
           Attribute att = (Attribute)en.next();
           Vector values = new Vector();
           String attName = att.getID();
           NamingEnumeration attvalues = att.getAll();
           while (attvalues.hasMore()) {
             String value = (String)attvalues.next();
             values.add(value);
+          }
           uvec.add(values.elementAt(0));
+        }
         // initialize users[]; fill users[]
         users = new String[uvec.size()];
         for (int i=0; i < uvec.size(); i++) {
           users[i] = (String)uvec.elementAt(i);
+        }
         // Close the context when we're done
         ctx.close();
     } catch (NamingException ne) {
       System.err.println("Problem getting userID by \"dn\" in AuthLdap.getUserID:" + ne);
       throw ne;
+    }
     if ( users.length > 0 ) {
       return users[0];
+    }
     return null;
+  }
   /**
    * Get CN by DN of a member
    */
   private String getGroupID(String dn)
          throws NamingException
+  {
     String[] groups = null;
     // Identify service provider to use
     Hashtable env = new Hashtable(11);
     env.put(Context.INITIAL_CONTEXT_FACTORY,
             "com.sun.jndi.ldap.LdapCtxFactory");
     env.put(Context.PROVIDER_URL, ldapUrl); // + ldapBase);
     try {
         // Create the initial directory context
         DirContext ctx = new InitialDirContext(env);
         // Specify the ids of the attributes to return
         String[] attrIDs = {"cn"};
         // Ask for "uid" attributes of the user
         Attributes attrs = ctx.getAttributes(dn, attrIDs);
         // Print all of the attributes (only "cn" attr)
         Vector uvec = new Vector();
         NamingEnumeration en = attrs.getAll();
         while (en.hasMore()) {
           Attribute att = (Attribute)en.next();
           Vector values = new Vector();
           String attName = att.getID();
           NamingEnumeration attvalues = att.getAll();
           while (attvalues.hasMore()) {
             String value = (String)attvalues.next();
             values.add(value);
+          }
           uvec.add(values.elementAt(0));
+        }
         // initialize users[]; fill users[]
         groups = new String[uvec.size()];
         for (int i=0; i < uvec.size(); i++) {
           groups[i] = (String)uvec.elementAt(i);
+        }
         // Close the context when we're done
         ctx.close();
     } catch (NamingException ne) {
       System.err.println("Problem getting groupID by \"dn\" in AuthLdap.getGroupID:" + ne);
       throw ne;
+    }
     if ( groups.length > 0 ) {
       return groups[0];
+    }
     return null;
+  }
   /**
-            bojilova
+   * Get all groups from the authentication service
    */
-            jones
+  public String[] getGroups(String user, String password)
          throws ConnectException
             bojilova
-            bojilova
+    String[] groups = null;
     // Identify service provider to use
     Hashtable env = new Hashtable(11);
     env.put(Context.INITIAL_CONTEXT_FACTORY,
             "com.sun.jndi.ldap.LdapCtxFactory");
     env.put(Context.PROVIDER_URL, ldapUrl + ldapBase);
     try {
-            bojilova
+      //// Get the dn for this uid or cn
       //String identifier = getIdentifyingName(user);
       //if (identifier != null) {
       //  env.put(Context.SECURITY_AUTHENTICATION, "simple");
       //  env.put(Context.SECURITY_PRINCIPAL, identifier + "," + ldapBase);
       //  env.put(Context.SECURITY_CREDENTIALS, password);
             bojilova
         // Create the initial directory context
         DirContext ctx = new InitialDirContext(env);
         // Specify the ids of the attributes to return
-            bojilova
+        String[] attrIDs = {"cn"};
             bojilova
-            bojilova
+        // Specify the attributes to match.
         // Groups are objects with attribute objectclass=groupofuniquenames.
         Attributes matchAttrs = new BasicAttributes(true); // ignore case
         matchAttrs.put(new BasicAttribute("objectclass", "groupofuniquenames"));
-            bojilova
+        // Search for objects in the current context
-            bojilova
+        NamingEnumeration enum = ctx.search("", matchAttrs, attrIDs);
             bojilova
         // Print the users
         Vector uvec = new Vector();
         while (enum.hasMore()) {
           SearchResult sr = (SearchResult)enum.next();
           Attributes attrs = sr.getAttributes();
-            bojilova
+          NamingEnumeration enum1 = attrs.getAll(); // only "cn" attr
-            bojilova
+          while (enum1.hasMore()) {
             Attribute attr = (Attribute)enum1.next();
             uvec.add(attr.get());
+          }
+        }
         // initialize groups[] and fill it
         groups = new String[uvec.size()];
         for (int i=0; i < uvec.size(); i++) {
           groups[i] = (String)uvec.elementAt(i);
+        }
         // Close the context when we're done
         ctx.close();
-            bojilova
+      //} else {
       //  util.debugMessage("User not found!");
       //}
             bojilova
     } catch (NamingException e) {
       System.err.println("Problem getting groups in AuthLdap.getGroups:" + e);
       throw new ConnectException(
       "Problem getting groups in AuthLdap.getGroups:" + e);
+    }
     return groups;
             bojilova
   /**
    * Get the groups for a particular user from the authentication service
    */
-            jones
+  public String[] getGroups(String user, String password, String foruser)
          throws ConnectException
             bojilova
-            bojilova
+    String[] groups = null;
     // Identify service provider to use
     Hashtable env = new Hashtable(11);
     env.put(Context.INITIAL_CONTEXT_FACTORY,
             "com.sun.jndi.ldap.LdapCtxFactory");
     env.put(Context.PROVIDER_URL, ldapUrl + ldapBase);
     try {
-            bojilova
+      //// Get the dn for this uid or cn
       //String identifier = getIdentifyingName(user);
       //if (identifier != null) {
       //  env.put(Context.SECURITY_AUTHENTICATION, "simple");
       //  env.put(Context.SECURITY_PRINCIPAL, identifier + "," + ldapBase);
       //  env.put(Context.SECURITY_CREDENTIALS, password);
             bojilova
         // Create the initial directory context
         DirContext ctx = new InitialDirContext(env);
         // Specify the ids of the attributes to return
-            bojilova
+        String[] attrIDs = {"cn"};
             bojilova
         // Specify the attributes to match.
-            bojilova
+        // Groups are objects with attribute objectclass=groupofuniquenames.
         // and have attribute uniquemember=foruser,ldapbase.
-            bojilova
+        Attributes matchAttrs = new BasicAttributes(true); // ignore case
-            bojilova
+        matchAttrs.put(new BasicAttribute("objectclass", "groupofuniquenames"));
         matchAttrs.put(new BasicAttribute("uniquemember",foruser+","+ldapBase));
             bojilova
         // Search for objects in the current context
         NamingEnumeration enum = ctx.search("", matchAttrs, attrIDs);
         // Print the users
         Vector uvec = new Vector();
         while (enum.hasMore()) {
           SearchResult sr = (SearchResult)enum.next();
           Attributes attrs = sr.getAttributes();
-            bojilova
+          NamingEnumeration enum1 = attrs.getAll(); // only "cn" attr
-            bojilova
+          while (enum1.hasMore()) {
             Attribute attr = (Attribute)enum1.next();
             uvec.add(attr.get());
+          }
+        }
         // initialize groups[] and fill it
         groups = new String[uvec.size()];
         for (int i=0; i < uvec.size(); i++) {
           groups[i] = (String)uvec.elementAt(i);
+        }
         // Close the context when we're done
         ctx.close();
-            bojilova
+      //} else {
       //  util.debugMessage("User not found!");
       //}
             bojilova
     } catch (NamingException e) {
       System.err.println("Problem getting groups in AuthLdap.getGroups:" + e);
       throw new ConnectException(
-            bojilova
+      "Problem getting groups for a user in AuthLdap.getGroups:" + e);
             bojilova
     return groups;
             bojilova
   /**
    * Get attributes describing a user or group
+   *
    * @param user the user for which the attribute list is requested
    * @returns HashMap a map of attribute name to a Vector of values
    */
-            jones
+  public HashMap getAttributes(String foruser)
-            bojilova
+         throws ConnectException
+  {
-            jones
+    return getAttributes(null, null, foruser);
             bojilova
   /**
    * Get attributes describing a user or group
+   *
    * @param user the user for which the attribute list is requested
    * @param authuser the user for authenticating against the service
    * @param password the password for authenticating against the service
    * @returns HashMap a map of attribute name to a Vector of values
    */
-            jones
+  public HashMap getAttributes(String user, String password, String foruser)
-            bojilova
+         throws ConnectException
+  {
     HashMap attributes = new HashMap();
     // Identify service provider to use
     Hashtable env = new Hashtable(11);
     env.put(Context.INITIAL_CONTEXT_FACTORY,
         "com.sun.jndi.ldap.LdapCtxFactory");
     env.put(Context.PROVIDER_URL, ldapUrl + ldapBase);
     // Authentication information
     try {
-            bojilova
+      if ((user != null) && (password != null)) {
-            bojilova
+        String identifier = getIdentifyingName(user,this.ldapUrl,this.ldapBase);
-            bojilova
+        env.put(Context.SECURITY_AUTHENTICATION, "simple");
         env.put(Context.SECURITY_PRINCIPAL, identifier + "," + ldapBase);
         env.put(Context.SECURITY_CREDENTIALS, password);
+      }
             jones
-            bojilova
+      // Create the initial directory context
       DirContext ctx = new InitialDirContext(env);
-            bojilova
+      // Find out the identifying attribute for the user
-            bojilova
+      String userident = getIdentifyingName(foruser,this.ldapUrl,this.ldapBase);
             bojilova
-            jones
+      // Ask for all attributes of the user
       Attributes attrs = ctx.getAttributes(userident);
             bojilova
-            bojilova
+      // Print all of the attributes
       NamingEnumeration en = attrs.getAll();
       while (en.hasMore()) {
         Attribute att = (Attribute)en.next();
         Vector values = new Vector();
         String attName = att.getID();
         NamingEnumeration attvalues = att.getAll();
         while (attvalues.hasMore()) {
           String value = (String)attvalues.next();
           values.add(value);
+        }
         attributes.put(attName, values);
+      }
       // Close the context when we're done
       ctx.close();
     } catch (NamingException e) {
-            berkley
+      System.err.println("Problem getting attributes in AuthLdap.getAttributes:"
                           + e);
-            bojilova
+      throw new ConnectException(
       "Problem getting attributes in AuthLdap.getAttributes:" + e);
             bojilova
     return attributes;
+  }
   /**
-            bojilova
+   * Get list of all subtrees holding Metacat's groups and users
    * starting from the Metacat LDAP root,
    * i.e. ldap://dev.nceas.ucsb.edu/dc=ecoinformatics,dc=org
-            jones
+   */
-            bojilova
+  private Hashtable getSubtrees(String user, String password,
                                 String ldapUrl, String ldapBase)
                 throws ConnectException
             jones
-            bojilova
+    Hashtable trees = new Hashtable();
             jones
     // Identify service provider to use
     Hashtable env = new Hashtable(11);
-            bojilova
+    env.put(Context.INITIAL_CONTEXT_FACTORY,
-            jones
+            "com.sun.jndi.ldap.LdapCtxFactory");
     env.put(Context.PROVIDER_URL, ldapUrl + ldapBase);
     try {
-            bojilova
+      //if ( this.authenticate(user, password) ) {
             jones
-            bojilova
+        // Create the initial directory context
         DirContext ctx = new InitialDirContext(env);
         // Specify the ids of the attributes to return
         String[] attrIDs = {"o","ref"};
         SearchControls ctls = new SearchControls();
         ctls.setReturningAttributes(attrIDs);
         ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
         // Specify the attributes to match.
         // Subtrees from the main server are found as objects with attribute
         // objectclass=organization or objectclass=referral to the subtree
         // resided on other server.
         String filter = "(|(objectclass=organization)(objectclass=referral))";
         // Search for objects in the current context
         NamingEnumeration enum = ctx.search("", filter, ctls);
         // Print the subtrees' <ldapURL, baseDN>
         while (enum.hasMore()) {
           SearchResult sr = (SearchResult)enum.next();
           Attributes attrs = sr.getAttributes();
           NamingEnumeration enum1 = attrs.getAll(); // "dc" and "ref" attrs
           if (enum1.hasMore()) {
             Attribute attr = (Attribute)enum1.next();
             String attrValue = (String)attr.get();
             String attrName = (String)attr.getID();
  //System.out.println(attrName + "=" + attrValue);
             if ( enum1.hasMore() ) {
               attr = (Attribute)enum1.next();
               String refValue = (String)attr.get();
               String refName = (String)attr.getID();
  //System.out.println(refName + "=" + refValue);
               if ( ldapBase.startsWith(refName + "=" + refValue) ) {
                 trees.put(ldapBase,
                           attrValue.substring(0,attrValue.lastIndexOf("/")+1) );
               } else {
                 trees.put(refName + "=" + refValue + "," + ldapBase,
                           attrValue.substring(0,attrValue.lastIndexOf("/")+1) );
+              }
  //System.out.println("REFERRAL:" + attrValue);
             } else if ( ldapBase.startsWith(attrName + "=" + attrValue) ) {
                 trees.put(ldapBase, ldapUrl);
             } else {
                 trees.put(attrName + "=" + attrValue + "," + ldapBase, ldapUrl);
  //System.out.println(ldapUrl + attrName + "=" + attrValue + "," + ldapBase);
+            }
             jones
+        }
             bojilova
         // Close the context when we're done
         ctx.close();
       //} else {
       //  System.out.println("Not authenticated user: " + user + "@" + ldapUrl + ldapBase);
       //}
-            jones
+    } catch (NamingException e) {
-            bojilova
+      System.err.println("Problem getting subtrees in AuthLdap.getSubtrees:" + e);
       throw new ConnectException(
       "Problem getting subtrees in AuthLdap.getSubtrees:" + e);
             jones
-            bojilova
+//System.out.println("number of subtrees:" + trees.size());
     return trees;
             jones
   /**
-            bojilova
+   * Get all groups and users from authentication scheme.
-            bojilova
+   * The output is formatted in XML.
-            bojilova
+   * @param user the user which requests the information
    * @param password the user's password
-            bojilova
+   */
-            bojilova
+  public String getPrincipals(String user, String password)
-            bojilova
+                throws ConnectException
+  {
     StringBuffer out = new StringBuffer();
-            bojilova
+    Vector usersIn = new Vector();
             bojilova
-            bojilova
+    //String ldapUrl = "ldap://dev.nceas.ucsb.edu/";
     //String ldapBase = "dc=ecoinformatics,dc=org";
     //String ldapUrl = "ldap://ldap.nceas.ucsb.edu/";
     //String ldapBase = "o=NCEAS,c=US";
-            bojilova
+    out.append("<?xml version=\"1.0\"?>\n");
-            bojilova
+    out.append("<principals>\n");
             bojilova
-            bojilova
+    /*
      * get all subtrees first in the current dir context
      * and then the Metacat users under them
      */
     Hashtable subtrees = getSubtrees(user,password,this.ldapUrl,this.ldapBase);
     Enumeration enum = subtrees.keys();
     while ( enum.hasMoreElements() ) {
       this.ldapBase = (String)enum.nextElement();
       this.ldapUrl = (String)subtrees.get(ldapBase);
       out.append("  <authSystem URI=\"" +
                  this.ldapUrl + this.ldapBase + "\">\n");
       // get all groups for directory context
       String[] groups = getGroups(user, password);
       // for the groups and users that belong to them
       if ( groups.length > 0 ) {
         for (int i=0; i < groups.length; i++ ) {
           out.append("    <group>\n");
           out.append("      <groupname>" + groups[i] + "<groupname>\n");
           String[] usersForGroup = getUsers(user,password,groups[i]);
           for (int j=0; j < usersForGroup.length; j++ ) {
             usersIn.addElement(usersForGroup[j]);
             out.append("      <user>\n");
             out.append("        <username>" + usersForGroup[j] + "<username>\n");
             out.append("      </user>\n");
+          }
           out.append("    </group>\n");
+        }
+      }
       // for the users not belonging to any group
       String[] users = getUsers(user, password);
       for (int j=0; j < users.length; j++ ) {
         if ( !usersIn.contains(users[j]) ) {
-            bojilova
+          out.append("    <user>\n");
-            bojilova
+          out.append("      <username>" + users[j] + "<username>\n");
-            bojilova
+          out.append("    </user>\n");
+        }
+      }
             bojilova
       out.append("  </authSystem>\n");
       if ( !usersIn.isEmpty() ) {
         usersIn.removeAllElements();
         usersIn.trimToSize();
             bojilova
             bojilova
             bojilova
     out.append("</principals>");
     return out.toString();
+  }
   /**
-            bojilova
+   * Test method for the class
    */
   public static void main(String[] args) {
-            jones
+    // Provide a user, such as: "Matt Jones", or "jones"
-            bojilova
+    String user = args[0];
     String password = args[1];
     AuthLdap authservice = new AuthLdap();
     boolean isValid = false;
     try {
       isValid = authservice.authenticate(user, password);
       if (isValid) {
         System.out.println("Authentication successful for: " + user );
         System.out.println(" ");
             bojilova
-            bojilova
+      } else {
         System.out.println("Authentication failed for: " + user);
+      }
             bojilova
-            bojilova
+      if (isValid) {
-            bojilova
+        //String group = args[2];
-            jones
+        HashMap userInfo = authservice.getAttributes(user, password, user);
-            bojilova
+        // Print all of the attributes
         Iterator attList = (Iterator)(((Set)userInfo.keySet()).iterator());
         while (attList.hasNext()) {
           String att = (String)attList.next();
           Vector values = (Vector)userInfo.get(att);
           Iterator attvalues = values.iterator();
           while (attvalues.hasNext()) {
             String value = (String)attvalues.next();
-            bojilova
+          //  System.out.println(att + ": " + value);
             bojilova
+        }
             bojilova
             bojilova
             bojilova
 /*
-            bojilova
+      // get the whole list of users
       if (isValid) {
         String[] users = authservice.getUsers(user, password);
         for (int i=0; i < users.length; i++) {
           System.out.println(users[i]);
+        }
-            bojilova
+        System.out.println("Total " + users.length + " users.");
             bojilova
-            bojilova
+*/
-            bojilova
+/*
       // get the whole list of users for a group
       if (isValid) {
         String group = args[2];
         String[] users = authservice.getUsers(user, password, group);
         for (int i=0; i < users.length; i++) {
           System.out.println(users[i]);
+        }
+      }
 */
-            bojilova
+      // get the whole list groups and users in XML format
-            bojilova
+      if (isValid) {
-            bojilova
+        authservice = new AuthLdap();
-            bojilova
+        String out = authservice.getPrincipals(user, password);
         java.io.File f = new java.io.File("principals.txt");
         java.io.FileWriter fw = new java.io.FileWriter(f);
         java.io.BufferedWriter buff = new java.io.BufferedWriter(fw);
         buff.write(out);
         buff.flush();
         buff.close();
         fw.close();
+      }
             bojilova
-            bojilova
+    } catch (ConnectException ce) {
-            bojilova
+      System.err.println(ce.getMessage());
-            bojilova
+    } catch (java.io.IOException ioe) {
       System.err.println("I/O Error writing to file principals.txt");
             bojilova
+  }
+}

Project

General

Profile

Metacat