Project

General

Profile

« Previous | Next » 

Revision 787

Added by bojilova over 23 years ago

made use of the new property for ldaps url;
it is used for secure connection to LDAP server listening on second port 636 by default with SSL sockets;
it is used from Metacat for the authetication process only;
all the rest communications with LDAP server are made on the default port 389 with plain sockets

View differences:

src/edu/ucsb/nceas/metacat/AuthLdap.java
33 33

  
34 34
import javax.naming.AuthenticationException;
35 35
import javax.naming.Context;
36
import javax.naming.NamingEnumeration;
37
import javax.naming.NamingException;
36 38
import javax.naming.InitialContext;
37 39
import javax.naming.directory.Attribute;
38 40
import javax.naming.directory.Attributes;
......
42 44
import javax.naming.directory.InitialDirContext;
43 45
import javax.naming.directory.SearchResult;
44 46
import javax.naming.directory.SearchControls;
45
import javax.naming.NamingEnumeration;
46
import javax.naming.NamingException;
47
import javax.naming.ldap.*;
47 48
import java.util.Iterator;
48 49
import java.util.HashMap;
49 50
import java.util.Hashtable;
......
59 60
 */
60 61
public class AuthLdap implements AuthInterface {
61 62
  
62
  private MetaCatUtil util;
63
  private MetaCatUtil util = new MetaCatUtil();
63 64
  private String ldapUrl;
65
  private String ldapsUrl;
64 66
  private String ldapBase;
65 67

  
66 68
  /** 
......
69 71
  public AuthLdap() {
70 72

  
71 73
    // Read LDAP URI for directory service information
72
    this.util = new MetaCatUtil();
73
    this.ldapUrl = util.getOption("ldapurl");
74
    this.ldapBase = util.getOption("ldapbase");
74
    this.ldapUrl = MetaCatUtil.getOption("ldapurl");
75
    this.ldapsUrl = MetaCatUtil.getOption("ldapsurl");
76
    this.ldapBase = MetaCatUtil.getOption("ldapbase");
77
    //this.ldapUrl = "ldap://dev.nceas.ucsb.edu:636/";
78
    //this.ldapBase = "o=NCEAS,dc=ecoinformatics,dc=org";
75 79
  }
76 80

  
77 81
  /**
......
86 90
                    throws ConnectException
87 91
  {
88 92
    String ldapUrl = this.ldapUrl;
93
    String ldapsUrl = this.ldapsUrl;
89 94
    String ldapBase = this.ldapBase;
90 95
    boolean authenticated = false;
91 96
    
......
93 98
    Hashtable env = new Hashtable(11);
94 99
    env.put(Context.INITIAL_CONTEXT_FACTORY, 
95 100
            "com.sun.jndi.ldap.LdapCtxFactory");
96
//    env.put(Context.SECURITY_AUTHENTICATION, "simple");
97
//    env.put(Context.SECURITY_PRINCIPAL, user);
98 101

  
99 102
    try {
100 103

  
......
102 105
       * get all subtrees first in the current dir context 
103 106
       * and then the dn for this uid or cn
104 107
       */
105
      Hashtable subtrees = getSubtrees(user,password,ldapUrl,ldapBase);
108
//      Hashtable subtrees = getSubtrees(user,password,ldapUrl,ldapBase);
106 109
    
107
      Enumeration enum = subtrees.keys();
108
      while ( enum.hasMoreElements() ) {
109
        ldapBase = (String)enum.nextElement();
110
        ldapUrl = (String)subtrees.get(ldapBase);
111
System.out.println(ldapUrl + ldapBase); 
110
//      Enumeration enum = subtrees.keys();
111
//      while ( enum.hasMoreElements() ) {
112
//        ldapBase = (String)enum.nextElement();
113
//        ldapUrl = (String)subtrees.get(ldapBase);
112 114
        String identifier = getIdentifyingName(user,ldapUrl,ldapBase);
113 115

  
114 116
        if (identifier != null && !password.equals("")) {
115 117
          // Now that we have the dn, we can authenticate, so
116 118
          // authenticate this time when opening the DirContext
117
          env.put(Context.PROVIDER_URL, ldapUrl + ldapBase);
118
          //env.put(Context.SECURITY_PROTOCOL, "ssl");
119
System.out.println(ldapsUrl + identifier + "," + ldapBase); 
120
          env.put(Context.PROVIDER_URL, ldapsUrl + ldapBase);
121
          if ( !ldapsUrl.equals(ldapUrl) ) {
122
            // ldap is set on default port 389
123
            // ldaps is set on second port - 636 by default
124
            env.put(Context.SECURITY_PROTOCOL, "ssl");
125
          }
119 126
          env.put(Context.SECURITY_AUTHENTICATION, "simple");
120 127
          env.put(Context.SECURITY_PRINCIPAL, identifier + "," + ldapBase);
121 128
          env.put(Context.SECURITY_CREDENTIALS, password);
122 129
          // If our auth credentials are invalid, an exception will be thrown
123 130
          DirContext ctx = null;
124 131
          try {
132
            double startTime = System.currentTimeMillis();
125 133
            ctx = new InitialDirContext(env);
134
//            // StartTLS support from LDAPv3 with X.509 cert and with JSDKv1.4+
135
//            LdapContext ctx = new InitialLdapContext(env, null);
136
//            StartTlsResponse tls =
137
//              (StartTlsResponse)ctx.extendedOperation(new StartTlsRequest());
138
//            tls.negotiate();
139

  
140
            double stopTime = System.currentTimeMillis();
141
            System.out.println("Connection time thru " + ldapsUrl + " was: " +
142
                               (stopTime-startTime)/1000 + " seconds.");
126 143
            authenticated = true;
144
//            tls.close();
127 145
            ctx.close();
128 146
            this.ldapUrl = ldapUrl;
129 147
            this.ldapBase = ldapBase;
130
            break;
148
         //   break;
131 149
          } catch (AuthenticationException ae) {
132 150
            authenticated = false;
151
//            if ( tls != null ) {
152
//              tls.close();
153
//            }
133 154
            if ( ctx != null ) {
134 155
              ctx.close();
135 156
            }
136 157
          }
137 158
        } else { 
138 159
          util.debugMessage("User not found");
139
//System.out.println("User NOT FOUND");
140 160
        }
141
      } /* while ( enum.hasMore() ) */
161
//      } /* while ( enum.hasMore() ) */
142 162

  
143 163
    } catch (NullPointerException e) {
144 164
      util.debugMessage("NullPointerException b' password is null");
......
150 170
    } catch (NamingException e) {
151 171
      util.debugMessage("Naming exception while authenticating in " + 
152 172
                        "AuthLdap.authenticate: " + e);
153
      throw new ConnectException(
154
      "Naming exception while authenticating in " + 
155
                        "AuthLdap.authenticate: " + e);
173
      //throw new ConnectException(
174
      //"Naming exception while authenticating in " + 
175
      //                  "AuthLdap.authenticate: " + e);
176
       e.printStackTrace();
156 177
    } catch (Exception e) {
157 178
      System.out.println(e.getMessage());
158 179
    }
......
179 200
    env.put(Context.INITIAL_CONTEXT_FACTORY,
180 201
            "com.sun.jndi.ldap.LdapCtxFactory");
181 202
    env.put(Context.PROVIDER_URL, ldapUrl + ldapBase);
182
//    env.put(Context.SECURITY_AUTHENTICATION, "EXTERNAL");
203
//    non-secure LDAP context; dn are publicly readable
183 204
//    env.put(Context.SECURITY_PROTOCOL, "ssl");
184 205

  
185 206
    try {
......
270 291

  
271 292
    try {
272 293

  
273
      //// Get the dn for this uid or cn 
274
      //String identifier = getIdentifyingName(user);
275
      //if (identifier != null) {
276
      //  env.put(Context.SECURITY_AUTHENTICATION, "simple");
277
      //  env.put(Context.SECURITY_PRINCIPAL, identifier + "," + ldapBase);
278
      //  env.put(Context.SECURITY_CREDENTIALS, password);
279

  
280 294
        // Create the initial directory context
281 295
        DirContext ctx = new InitialDirContext(env);
282 296

  
......
311 325

  
312 326
        // Close the context when we're done
313 327
        ctx.close();
314
      //} else {
315
      //  util.debugMessage("User not found!");
316
      //}
317 328

  
318 329
    } catch (NamingException e) {
319 330
      System.err.println("Problem getting users in AuthLdap.getUsers:" + e);
......
340 351

  
341 352
    try {
342 353

  
343
      //// Get the dn for this uid or cn 
344
      //String identifier = getIdentifyingName(user);
345
      //if (identifier != null) {
346
      //  env.put(Context.SECURITY_AUTHENTICATION, "simple");
347
      //  env.put(Context.SECURITY_PRINCIPAL, identifier + "," + ldapBase);
348
      //  env.put(Context.SECURITY_CREDENTIALS, password);
349

  
350 354
        // Create the initial directory context
351 355
        DirContext ctx = new InitialDirContext(env);
352 356

  
......
403 407

  
404 408
        // Close the context when we're done
405 409
        ctx.close();
406
      //} else {
407
      //  util.debugMessage("User not found!");
408
      //}
409 410

  
410 411
    } catch (NamingException e) {
411 412
      System.err.println("Problem getting users for a group in AuthLdap.getUsers:" + e);
......
552 553

  
553 554
    try {
554 555

  
555
      //// Get the dn for this uid or cn 
556
      //String identifier = getIdentifyingName(user);
557
      //if (identifier != null) {
558
      //  env.put(Context.SECURITY_AUTHENTICATION, "simple");
559
      //  env.put(Context.SECURITY_PRINCIPAL, identifier + "," + ldapBase);
560
      //  env.put(Context.SECURITY_CREDENTIALS, password);
561

  
562 556
        // Create the initial directory context
563 557
        DirContext ctx = new InitialDirContext(env);
564 558

  
......
593 587

  
594 588
        // Close the context when we're done
595 589
        ctx.close();
596
      //} else {
597
      //  util.debugMessage("User not found!");
598
      //}
599 590

  
600 591
    } catch (NamingException e) {
601 592
      System.err.println("Problem getting groups in AuthLdap.getGroups:" + e);
......
618 609
    Hashtable env = new Hashtable(11);
619 610
    env.put(Context.INITIAL_CONTEXT_FACTORY, 
620 611
            "com.sun.jndi.ldap.LdapCtxFactory");
621
    env.put(Context.PROVIDER_URL, ldapUrl + ldapBase);
612
    env.put(Context.PROVIDER_URL, "ldap://dev.nceas.ucsb.edu:389/" + ldapBase);
622 613

  
623 614
    try {
624 615

  
625
      //// Get the dn for this uid or cn 
626
      //String identifier = getIdentifyingName(user);
627
      //if (identifier != null) {
628
      //  env.put(Context.SECURITY_AUTHENTICATION, "simple");
629
      //  env.put(Context.SECURITY_PRINCIPAL, identifier + "," + ldapBase);
630
      //  env.put(Context.SECURITY_CREDENTIALS, password);
631

  
632 616
        // Create the initial directory context
633 617
        DirContext ctx = new InitialDirContext(env);
634 618

  
......
665 649

  
666 650
        // Close the context when we're done
667 651
        ctx.close();
668
      //} else {
669
      //  util.debugMessage("User not found!");
670
      //}
671 652

  
672 653
    } catch (NamingException e) {
673 654
      System.err.println("Problem getting groups in AuthLdap.getGroups:" + e);
......
712 693
    // Authentication information
713 694
 
714 695
    try {
715
  
716
      if ((user != null) && (password != null)) {
717
        String identifier = getIdentifyingName(user,this.ldapUrl,this.ldapBase);
718
        env.put(Context.SECURITY_AUTHENTICATION, "simple");
719
        env.put(Context.SECURITY_PRINCIPAL, identifier + "," + ldapBase);
720
        env.put(Context.SECURITY_CREDENTIALS, password);
721
      }
696
      
697
      // NO NEED FOR AUTHENTICATION; ALL ATTRIBUTES READABLE EXCEPT userPassword
698
      //if ((user != null) && (password != null)) {
699
      //  String identifier = getIdentifyingName(user,this.ldapUrl,this.ldapBase);
700
      //  env.put(Context.SECURITY_AUTHENTICATION, "simple");
701
      //  env.put(Context.SECURITY_PRINCIPAL, identifier + "," + ldapBase);
702
      //  env.put(Context.SECURITY_CREDENTIALS, password);
703
      //}
722 704

  
723 705
      // Create the initial directory context
724 706
      DirContext ctx = new InitialDirContext(env);
......
774 756

  
775 757
    try {
776 758

  
777
      //if ( this.authenticate(user, password) ) {
778

  
779 759
        // Create the initial directory context
780 760
        DirContext ctx = new InitialDirContext(env);
781 761

  
......
828 808

  
829 809
        // Close the context when we're done
830 810
        ctx.close();
831
      //} else {
832
      //  System.out.println("Not authenticated user: " + user + "@" + ldapUrl + ldapBase);
833
      //}
834 811

  
835 812
    } catch (NamingException e) {
836 813
      System.err.println("Problem getting subtrees in AuthLdap.getSubtrees:" + e);
......
948 925
          Iterator attvalues = values.iterator();
949 926
          while (attvalues.hasNext()) {
950 927
            String value = (String)attvalues.next();
951
          //  System.out.println(att + ": " + value);
928
            System.out.println(att + ": " + value);
952 929
          }
953 930
        }
954 931

  
......
975 952
      }
976 953
*/
977 954
      // get the whole list groups and users in XML format
955
/*
978 956
      if (isValid) {
979 957
        authservice = new AuthLdap();
980 958
        String out = authservice.getPrincipals(user, password);
......
986 964
        buff.close();
987 965
        fw.close();
988 966
      }
989

  
967
*/
990 968
    } catch (ConnectException ce) {
991 969
      System.err.println(ce.getMessage());
992 970
    } catch (java.io.IOException ioe) {

Also available in: Unified diff