Revision 787
Added by bojilova over 23 years ago
src/edu/ucsb/nceas/metacat/AuthLdap.java | ||
---|---|---|
33 | 33 |
|
34 | 34 |
import javax.naming.AuthenticationException; |
35 | 35 |
import javax.naming.Context; |
36 |
import javax.naming.NamingEnumeration; |
|
37 |
import javax.naming.NamingException; |
|
36 | 38 |
import javax.naming.InitialContext; |
37 | 39 |
import javax.naming.directory.Attribute; |
38 | 40 |
import javax.naming.directory.Attributes; |
... | ... | |
42 | 44 |
import javax.naming.directory.InitialDirContext; |
43 | 45 |
import javax.naming.directory.SearchResult; |
44 | 46 |
import javax.naming.directory.SearchControls; |
45 |
import javax.naming.NamingEnumeration; |
|
46 |
import javax.naming.NamingException; |
|
47 |
import javax.naming.ldap.*; |
|
47 | 48 |
import java.util.Iterator; |
48 | 49 |
import java.util.HashMap; |
49 | 50 |
import java.util.Hashtable; |
... | ... | |
59 | 60 |
*/ |
60 | 61 |
public class AuthLdap implements AuthInterface { |
61 | 62 |
|
62 |
private MetaCatUtil util; |
|
63 |
private MetaCatUtil util = new MetaCatUtil();
|
|
63 | 64 |
private String ldapUrl; |
65 |
private String ldapsUrl; |
|
64 | 66 |
private String ldapBase; |
65 | 67 |
|
66 | 68 |
/** |
... | ... | |
69 | 71 |
public AuthLdap() { |
70 | 72 |
|
71 | 73 |
// Read LDAP URI for directory service information |
72 |
this.util = new MetaCatUtil(); |
|
73 |
this.ldapUrl = util.getOption("ldapurl"); |
|
74 |
this.ldapBase = util.getOption("ldapbase"); |
|
74 |
this.ldapUrl = MetaCatUtil.getOption("ldapurl"); |
|
75 |
this.ldapsUrl = MetaCatUtil.getOption("ldapsurl"); |
|
76 |
this.ldapBase = MetaCatUtil.getOption("ldapbase"); |
|
77 |
//this.ldapUrl = "ldap://dev.nceas.ucsb.edu:636/"; |
|
78 |
//this.ldapBase = "o=NCEAS,dc=ecoinformatics,dc=org"; |
|
75 | 79 |
} |
76 | 80 |
|
77 | 81 |
/** |
... | ... | |
86 | 90 |
throws ConnectException |
87 | 91 |
{ |
88 | 92 |
String ldapUrl = this.ldapUrl; |
93 |
String ldapsUrl = this.ldapsUrl; |
|
89 | 94 |
String ldapBase = this.ldapBase; |
90 | 95 |
boolean authenticated = false; |
91 | 96 |
|
... | ... | |
93 | 98 |
Hashtable env = new Hashtable(11); |
94 | 99 |
env.put(Context.INITIAL_CONTEXT_FACTORY, |
95 | 100 |
"com.sun.jndi.ldap.LdapCtxFactory"); |
96 |
// env.put(Context.SECURITY_AUTHENTICATION, "simple"); |
|
97 |
// env.put(Context.SECURITY_PRINCIPAL, user); |
|
98 | 101 |
|
99 | 102 |
try { |
100 | 103 |
|
... | ... | |
102 | 105 |
* get all subtrees first in the current dir context |
103 | 106 |
* and then the dn for this uid or cn |
104 | 107 |
*/ |
105 |
Hashtable subtrees = getSubtrees(user,password,ldapUrl,ldapBase); |
|
108 |
// Hashtable subtrees = getSubtrees(user,password,ldapUrl,ldapBase);
|
|
106 | 109 |
|
107 |
Enumeration enum = subtrees.keys(); |
|
108 |
while ( enum.hasMoreElements() ) { |
|
109 |
ldapBase = (String)enum.nextElement(); |
|
110 |
ldapUrl = (String)subtrees.get(ldapBase); |
|
111 |
System.out.println(ldapUrl + ldapBase); |
|
110 |
// Enumeration enum = subtrees.keys(); |
|
111 |
// while ( enum.hasMoreElements() ) { |
|
112 |
// ldapBase = (String)enum.nextElement(); |
|
113 |
// ldapUrl = (String)subtrees.get(ldapBase); |
|
112 | 114 |
String identifier = getIdentifyingName(user,ldapUrl,ldapBase); |
113 | 115 |
|
114 | 116 |
if (identifier != null && !password.equals("")) { |
115 | 117 |
// Now that we have the dn, we can authenticate, so |
116 | 118 |
// authenticate this time when opening the DirContext |
117 |
env.put(Context.PROVIDER_URL, ldapUrl + ldapBase); |
|
118 |
//env.put(Context.SECURITY_PROTOCOL, "ssl"); |
|
119 |
System.out.println(ldapsUrl + identifier + "," + ldapBase); |
|
120 |
env.put(Context.PROVIDER_URL, ldapsUrl + ldapBase); |
|
121 |
if ( !ldapsUrl.equals(ldapUrl) ) { |
|
122 |
// ldap is set on default port 389 |
|
123 |
// ldaps is set on second port - 636 by default |
|
124 |
env.put(Context.SECURITY_PROTOCOL, "ssl"); |
|
125 |
} |
|
119 | 126 |
env.put(Context.SECURITY_AUTHENTICATION, "simple"); |
120 | 127 |
env.put(Context.SECURITY_PRINCIPAL, identifier + "," + ldapBase); |
121 | 128 |
env.put(Context.SECURITY_CREDENTIALS, password); |
122 | 129 |
// If our auth credentials are invalid, an exception will be thrown |
123 | 130 |
DirContext ctx = null; |
124 | 131 |
try { |
132 |
double startTime = System.currentTimeMillis(); |
|
125 | 133 |
ctx = new InitialDirContext(env); |
134 |
// // StartTLS support from LDAPv3 with X.509 cert and with JSDKv1.4+ |
|
135 |
// LdapContext ctx = new InitialLdapContext(env, null); |
|
136 |
// StartTlsResponse tls = |
|
137 |
// (StartTlsResponse)ctx.extendedOperation(new StartTlsRequest()); |
|
138 |
// tls.negotiate(); |
|
139 |
|
|
140 |
double stopTime = System.currentTimeMillis(); |
|
141 |
System.out.println("Connection time thru " + ldapsUrl + " was: " + |
|
142 |
(stopTime-startTime)/1000 + " seconds."); |
|
126 | 143 |
authenticated = true; |
144 |
// tls.close(); |
|
127 | 145 |
ctx.close(); |
128 | 146 |
this.ldapUrl = ldapUrl; |
129 | 147 |
this.ldapBase = ldapBase; |
130 |
break; |
|
148 |
// break;
|
|
131 | 149 |
} catch (AuthenticationException ae) { |
132 | 150 |
authenticated = false; |
151 |
// if ( tls != null ) { |
|
152 |
// tls.close(); |
|
153 |
// } |
|
133 | 154 |
if ( ctx != null ) { |
134 | 155 |
ctx.close(); |
135 | 156 |
} |
136 | 157 |
} |
137 | 158 |
} else { |
138 | 159 |
util.debugMessage("User not found"); |
139 |
//System.out.println("User NOT FOUND"); |
|
140 | 160 |
} |
141 |
} /* while ( enum.hasMore() ) */ |
|
161 |
// } /* while ( enum.hasMore() ) */
|
|
142 | 162 |
|
143 | 163 |
} catch (NullPointerException e) { |
144 | 164 |
util.debugMessage("NullPointerException b' password is null"); |
... | ... | |
150 | 170 |
} catch (NamingException e) { |
151 | 171 |
util.debugMessage("Naming exception while authenticating in " + |
152 | 172 |
"AuthLdap.authenticate: " + e); |
153 |
throw new ConnectException( |
|
154 |
"Naming exception while authenticating in " + |
|
155 |
"AuthLdap.authenticate: " + e); |
|
173 |
//throw new ConnectException( |
|
174 |
//"Naming exception while authenticating in " + |
|
175 |
// "AuthLdap.authenticate: " + e); |
|
176 |
e.printStackTrace(); |
|
156 | 177 |
} catch (Exception e) { |
157 | 178 |
System.out.println(e.getMessage()); |
158 | 179 |
} |
... | ... | |
179 | 200 |
env.put(Context.INITIAL_CONTEXT_FACTORY, |
180 | 201 |
"com.sun.jndi.ldap.LdapCtxFactory"); |
181 | 202 |
env.put(Context.PROVIDER_URL, ldapUrl + ldapBase); |
182 |
// env.put(Context.SECURITY_AUTHENTICATION, "EXTERNAL");
|
|
203 |
// non-secure LDAP context; dn are publicly readable
|
|
183 | 204 |
// env.put(Context.SECURITY_PROTOCOL, "ssl"); |
184 | 205 |
|
185 | 206 |
try { |
... | ... | |
270 | 291 |
|
271 | 292 |
try { |
272 | 293 |
|
273 |
//// Get the dn for this uid or cn |
|
274 |
//String identifier = getIdentifyingName(user); |
|
275 |
//if (identifier != null) { |
|
276 |
// env.put(Context.SECURITY_AUTHENTICATION, "simple"); |
|
277 |
// env.put(Context.SECURITY_PRINCIPAL, identifier + "," + ldapBase); |
|
278 |
// env.put(Context.SECURITY_CREDENTIALS, password); |
|
279 |
|
|
280 | 294 |
// Create the initial directory context |
281 | 295 |
DirContext ctx = new InitialDirContext(env); |
282 | 296 |
|
... | ... | |
311 | 325 |
|
312 | 326 |
// Close the context when we're done |
313 | 327 |
ctx.close(); |
314 |
//} else { |
|
315 |
// util.debugMessage("User not found!"); |
|
316 |
//} |
|
317 | 328 |
|
318 | 329 |
} catch (NamingException e) { |
319 | 330 |
System.err.println("Problem getting users in AuthLdap.getUsers:" + e); |
... | ... | |
340 | 351 |
|
341 | 352 |
try { |
342 | 353 |
|
343 |
//// Get the dn for this uid or cn |
|
344 |
//String identifier = getIdentifyingName(user); |
|
345 |
//if (identifier != null) { |
|
346 |
// env.put(Context.SECURITY_AUTHENTICATION, "simple"); |
|
347 |
// env.put(Context.SECURITY_PRINCIPAL, identifier + "," + ldapBase); |
|
348 |
// env.put(Context.SECURITY_CREDENTIALS, password); |
|
349 |
|
|
350 | 354 |
// Create the initial directory context |
351 | 355 |
DirContext ctx = new InitialDirContext(env); |
352 | 356 |
|
... | ... | |
403 | 407 |
|
404 | 408 |
// Close the context when we're done |
405 | 409 |
ctx.close(); |
406 |
//} else { |
|
407 |
// util.debugMessage("User not found!"); |
|
408 |
//} |
|
409 | 410 |
|
410 | 411 |
} catch (NamingException e) { |
411 | 412 |
System.err.println("Problem getting users for a group in AuthLdap.getUsers:" + e); |
... | ... | |
552 | 553 |
|
553 | 554 |
try { |
554 | 555 |
|
555 |
//// Get the dn for this uid or cn |
|
556 |
//String identifier = getIdentifyingName(user); |
|
557 |
//if (identifier != null) { |
|
558 |
// env.put(Context.SECURITY_AUTHENTICATION, "simple"); |
|
559 |
// env.put(Context.SECURITY_PRINCIPAL, identifier + "," + ldapBase); |
|
560 |
// env.put(Context.SECURITY_CREDENTIALS, password); |
|
561 |
|
|
562 | 556 |
// Create the initial directory context |
563 | 557 |
DirContext ctx = new InitialDirContext(env); |
564 | 558 |
|
... | ... | |
593 | 587 |
|
594 | 588 |
// Close the context when we're done |
595 | 589 |
ctx.close(); |
596 |
//} else { |
|
597 |
// util.debugMessage("User not found!"); |
|
598 |
//} |
|
599 | 590 |
|
600 | 591 |
} catch (NamingException e) { |
601 | 592 |
System.err.println("Problem getting groups in AuthLdap.getGroups:" + e); |
... | ... | |
618 | 609 |
Hashtable env = new Hashtable(11); |
619 | 610 |
env.put(Context.INITIAL_CONTEXT_FACTORY, |
620 | 611 |
"com.sun.jndi.ldap.LdapCtxFactory"); |
621 |
env.put(Context.PROVIDER_URL, ldapUrl + ldapBase);
|
|
612 |
env.put(Context.PROVIDER_URL, "ldap://dev.nceas.ucsb.edu:389/" + ldapBase);
|
|
622 | 613 |
|
623 | 614 |
try { |
624 | 615 |
|
625 |
//// Get the dn for this uid or cn |
|
626 |
//String identifier = getIdentifyingName(user); |
|
627 |
//if (identifier != null) { |
|
628 |
// env.put(Context.SECURITY_AUTHENTICATION, "simple"); |
|
629 |
// env.put(Context.SECURITY_PRINCIPAL, identifier + "," + ldapBase); |
|
630 |
// env.put(Context.SECURITY_CREDENTIALS, password); |
|
631 |
|
|
632 | 616 |
// Create the initial directory context |
633 | 617 |
DirContext ctx = new InitialDirContext(env); |
634 | 618 |
|
... | ... | |
665 | 649 |
|
666 | 650 |
// Close the context when we're done |
667 | 651 |
ctx.close(); |
668 |
//} else { |
|
669 |
// util.debugMessage("User not found!"); |
|
670 |
//} |
|
671 | 652 |
|
672 | 653 |
} catch (NamingException e) { |
673 | 654 |
System.err.println("Problem getting groups in AuthLdap.getGroups:" + e); |
... | ... | |
712 | 693 |
// Authentication information |
713 | 694 |
|
714 | 695 |
try { |
715 |
|
|
716 |
if ((user != null) && (password != null)) { |
|
717 |
String identifier = getIdentifyingName(user,this.ldapUrl,this.ldapBase); |
|
718 |
env.put(Context.SECURITY_AUTHENTICATION, "simple"); |
|
719 |
env.put(Context.SECURITY_PRINCIPAL, identifier + "," + ldapBase); |
|
720 |
env.put(Context.SECURITY_CREDENTIALS, password); |
|
721 |
} |
|
696 |
|
|
697 |
// NO NEED FOR AUTHENTICATION; ALL ATTRIBUTES READABLE EXCEPT userPassword |
|
698 |
//if ((user != null) && (password != null)) { |
|
699 |
// String identifier = getIdentifyingName(user,this.ldapUrl,this.ldapBase); |
|
700 |
// env.put(Context.SECURITY_AUTHENTICATION, "simple"); |
|
701 |
// env.put(Context.SECURITY_PRINCIPAL, identifier + "," + ldapBase); |
|
702 |
// env.put(Context.SECURITY_CREDENTIALS, password); |
|
703 |
//} |
|
722 | 704 |
|
723 | 705 |
// Create the initial directory context |
724 | 706 |
DirContext ctx = new InitialDirContext(env); |
... | ... | |
774 | 756 |
|
775 | 757 |
try { |
776 | 758 |
|
777 |
//if ( this.authenticate(user, password) ) { |
|
778 |
|
|
779 | 759 |
// Create the initial directory context |
780 | 760 |
DirContext ctx = new InitialDirContext(env); |
781 | 761 |
|
... | ... | |
828 | 808 |
|
829 | 809 |
// Close the context when we're done |
830 | 810 |
ctx.close(); |
831 |
//} else { |
|
832 |
// System.out.println("Not authenticated user: " + user + "@" + ldapUrl + ldapBase); |
|
833 |
//} |
|
834 | 811 |
|
835 | 812 |
} catch (NamingException e) { |
836 | 813 |
System.err.println("Problem getting subtrees in AuthLdap.getSubtrees:" + e); |
... | ... | |
948 | 925 |
Iterator attvalues = values.iterator(); |
949 | 926 |
while (attvalues.hasNext()) { |
950 | 927 |
String value = (String)attvalues.next(); |
951 |
// System.out.println(att + ": " + value);
|
|
928 |
System.out.println(att + ": " + value); |
|
952 | 929 |
} |
953 | 930 |
} |
954 | 931 |
|
... | ... | |
975 | 952 |
} |
976 | 953 |
*/ |
977 | 954 |
// get the whole list groups and users in XML format |
955 |
/* |
|
978 | 956 |
if (isValid) { |
979 | 957 |
authservice = new AuthLdap(); |
980 | 958 |
String out = authservice.getPrincipals(user, password); |
... | ... | |
986 | 964 |
buff.close(); |
987 | 965 |
fw.close(); |
988 | 966 |
} |
989 |
|
|
967 |
*/ |
|
990 | 968 |
} catch (ConnectException ce) { |
991 | 969 |
System.err.println(ce.getMessage()); |
992 | 970 |
} catch (java.io.IOException ioe) { |
Also available in: Unified diff
made use of the new property for ldaps url;
it is used for secure connection to LDAP server listening on second port 636 by default with SSL sockets;
it is used from Metacat for the authetication process only;
all the rest communications with LDAP server are made on the default port 389 with plain sockets