Revision 8461
Added by Jing Tao almost 11 years ago
| src/edu/ucsb/nceas/metacat/AuthLdap.java | ||
|---|---|---|
| 280 | 280 |
|
| 281 | 281 |
try {
|
| 282 | 282 |
authenticated = authenticateTLS(env, userDN, password); |
| 283 |
} catch (AuthenticationException ee) {
|
|
| 284 |
logMetacat.info("AuthLdap.ldapAuthenticate - failed to login : "+ee.getMessage());
|
|
| 285 |
String aliasedDn = null; |
|
| 286 |
try {
|
|
| 287 |
aliasedDn = getAliasedDnTLS(userDN, env); |
|
| 288 |
if(aliasedDn != null) {
|
|
| 289 |
logMetacat.warn("AuthLdap.ldapAuthenticate - an aliased object " + aliasedDn + " was found for the DN "+userDN+". We will try to authenticate this new DN "+aliasedDn+".");
|
|
| 290 |
authenticated = authenticateTLS(env, aliasedDn, password); |
|
| 291 |
} |
|
| 292 |
} catch (NamingException e) {
|
|
| 293 |
logMetacat.error("AuthLdap.ldapAuthenticate - NamingException "+e.getMessage()+" happend when the ldap server authenticated the aliased object "+aliasedDn);
|
|
| 294 |
} catch (IOException e) {
|
|
| 295 |
logMetacat.error("AuthLdap.ldapAuthenticate - IOException "+e.getMessage()+" happend when the ldap server authenticated the aliased object "+aliasedDn);
|
|
| 296 |
} catch (AuthTLSException e) {
|
|
| 297 |
logMetacat.error("AuthLdap.ldapAuthenticate - AuthTLSException "+e.getMessage()+" happend when the ldap server authenticated the aliased object "+aliasedDn);
|
|
| 298 |
} |
|
| 283 | 299 |
} catch (AuthTLSException ate) {
|
| 284 | 300 |
logMetacat.info("AuthLdap.ldapAuthenticate - error while negotiating TLS: "
|
| 285 | 301 |
+ ate.getMessage()); |
| 286 |
|
|
| 287 | 302 |
if (secureConnectionOnly) {
|
| 288 | 303 |
return authenticated; |
| 304 |
} else {
|
|
| 305 |
try {
|
|
| 306 |
authenticated = authenticateNonTLS(env, userDN, password); |
|
| 307 |
} catch (AuthenticationException ae) {
|
|
| 308 |
logMetacat.warn("Authentication exception for (nonTLS): " + ae.getMessage());
|
|
| 309 |
String aliasedDn = null; |
|
| 310 |
try {
|
|
| 311 |
aliasedDn = getAliasedDnNonTLS(userDN, env); |
|
| 312 |
if(aliasedDn != null) {
|
|
| 313 |
logMetacat.warn("AuthLdap.ldapAuthenticate(NonTLS) - an aliased object " + aliasedDn + " was found for the DN "+userDN+". We will try to authenticate this new DN "+aliasedDn+" again.");
|
|
| 314 |
authenticated = authenticateNonTLS(env, aliasedDn, password); |
|
| 315 |
} |
|
| 316 |
|
|
| 317 |
} catch (NamingException e) {
|
|
| 318 |
logMetacat.error("AuthLdap.ldapAuthenticate(NonTLS) - NamingException "+e.getMessage()+" happend when the ldap server authenticated the aliased object "+aliasedDn);
|
|
| 319 |
} catch (IOException e) {
|
|
| 320 |
logMetacat.error("AuthLdap.ldapAuthenticate(NonTLS) - IOException "+e.getMessage()+" happend when the ldap server authenticated the aliased object "+aliasedDn);
|
|
| 321 |
} |
|
| 322 |
} |
|
| 289 | 323 |
|
| 290 |
} else {
|
|
| 291 |
authenticated = authenticateNonTLS(env, userDN, password); |
|
| 292 | 324 |
} |
| 293 | 325 |
} |
| 294 | 326 |
} catch (AuthenticationException ae) {
|
| ... | ... | |
| 324 | 356 |
/* |
| 325 | 357 |
* Get the aliasedDN (the real DN) for a specified an alias name |
| 326 | 358 |
*/ |
| 327 |
public String getAliasedDn(String alias, Hashtable<String, String> env, boolean useTLS) throws NamingException, IOException {
|
|
| 359 |
private String getAliasedDn(String alias, Hashtable<String, String> env, boolean useTLS) throws NamingException, IOException {
|
|
| 328 | 360 |
String aliasedDn = null; |
| 329 | 361 |
LdapContext sctx = new InitialLdapContext(env, null); |
| 330 | 362 |
StartTlsResponse tls = null; |
| ... | ... | |
| 355 | 387 |
} |
| 356 | 388 |
|
| 357 | 389 |
private boolean authenticateTLS(Hashtable<String, String> env, String userDN, String password) |
| 358 |
throws AuthTLSException{
|
|
| 390 |
throws AuthTLSException, AuthenticationException{
|
|
| 359 | 391 |
logMetacat.info("AuthLdap.authenticateTLS - Trying to authenticate with TLS");
|
| 360 | 392 |
try {
|
| 361 | 393 |
LdapContext ctx = null; |
| ... | ... | |
| 376 | 408 |
stopTime = System.currentTimeMillis(); |
| 377 | 409 |
logMetacat.info("AuthLdap.authenticateTLS - Connection time thru "
|
| 378 | 410 |
+ ldapsUrl + " was: " + (stopTime - startTime) / 1000 + " seconds."); |
| 411 |
} catch (AuthenticationException ae) {
|
|
| 412 |
logMetacat.warn("AuthLdap.authenticateTLS - Authentication exception: " + ae.getMessage());
|
|
| 413 |
throw ae; |
|
| 414 |
|
|
| 379 | 415 |
} catch (NamingException ne) {
|
| 380 | 416 |
throw new AuthTLSException("AuthLdap.authenticateTLS - Naming error when athenticating via TLS: " + ne.getMessage());
|
| 381 | 417 |
} catch (IOException ioe) {
|
Also available in: Unified diff
Add the code to handle the login action if it is an alias.