| 75 |
75 |
this.ldapUrl = MetaCatUtil.getOption("ldapurl");
|
| 76 |
76 |
this.ldapsUrl = MetaCatUtil.getOption("ldapsurl");
|
| 77 |
77 |
this.ldapBase = MetaCatUtil.getOption("ldapbase");
|
| 78 |
|
//this.ldapUrl = "ldap://dev.nceas.ucsb.edu:636/";
|
| 79 |
|
//this.ldapBase = "o=NCEAS,dc=ecoinformatics,dc=org";
|
| 80 |
78 |
}
|
| 81 |
79 |
|
| 82 |
80 |
/**
|
| ... | ... | |
| 95 |
93 |
String ldapBase = this.ldapBase;
|
| 96 |
94 |
boolean authenticated = false;
|
| 97 |
95 |
String identifier = user;
|
| 98 |
|
|
| 99 |
|
// Identify service provider to use
|
| 100 |
|
Hashtable env = new Hashtable(11);
|
| 101 |
|
env.put(Context.INITIAL_CONTEXT_FACTORY,
|
| 102 |
|
"com.sun.jndi.ldap.LdapCtxFactory");
|
| 103 |
96 |
|
| 104 |
97 |
try {
|
| 105 |
98 |
|
| 106 |
|
try {
|
| 107 |
|
this.ldapBase = identifier.substring(identifier.indexOf(",")+1);
|
| 108 |
|
identifier = identifier.substring(0,identifier.indexOf(","));
|
| 109 |
|
} catch (StringIndexOutOfBoundsException e) {}
|
|
99 |
// Check the usename as passed in
|
|
100 |
authenticated = ldapAuthenticate(identifier, password);
|
| 110 |
101 |
|
| 111 |
|
/*
|
| 112 |
|
* get all subtrees first in the current dir context
|
| 113 |
|
* and then the dn for this uid or cn
|
| 114 |
|
*/
|
| 115 |
|
// Hashtable subtrees = getSubtrees(user,password,ldapUrl,ldapBase);
|
| 116 |
|
|
| 117 |
|
// Enumeration enum = subtrees.keys();
|
| 118 |
|
// while ( enum.hasMoreElements() ) {
|
| 119 |
|
// ldapBase = (String)enum.nextElement();
|
| 120 |
|
// ldapUrl = (String)subtrees.get(ldapBase);
|
| 121 |
|
identifier = getIdentifyingName(identifier,ldapUrl,ldapBase);
|
| 122 |
|
System.out.println(ldapsUrl + identifier + "," + ldapBase);
|
| 123 |
|
|
| 124 |
|
if (identifier != null && !password.equals("")) {
|
| 125 |
|
// Now that we have the dn, we can authenticate, so
|
| 126 |
|
// authenticate this time when opening the DirContext
|
| 127 |
|
env.put(Context.PROVIDER_URL, ldapsUrl + ldapBase);
|
| 128 |
|
if ( !ldapsUrl.equals(ldapUrl) ) {
|
| 129 |
|
// ldap is set on default port 389
|
| 130 |
|
// ldaps is set on second port - 636 by default
|
| 131 |
|
env.put(Context.SECURITY_PROTOCOL, "ssl");
|
| 132 |
|
}
|
| 133 |
|
env.put(Context.SECURITY_AUTHENTICATION, "simple");
|
| 134 |
|
env.put(Context.SECURITY_PRINCIPAL, identifier + "," + ldapBase);
|
| 135 |
|
env.put(Context.SECURITY_CREDENTIALS, password);
|
| 136 |
|
// If our auth credentials are invalid, an exception will be thrown
|
| 137 |
|
DirContext ctx = null;
|
| 138 |
|
try {
|
| 139 |
|
double startTime = System.currentTimeMillis();
|
| 140 |
|
ctx = new InitialDirContext(env);
|
| 141 |
|
// // StartTLS support from LDAPv3 with X.509 cert and with JSDKv1.4+
|
| 142 |
|
// LdapContext ctx = new InitialLdapContext(env, null);
|
| 143 |
|
// StartTlsResponse tls =
|
| 144 |
|
// (StartTlsResponse)ctx.extendedOperation(new StartTlsRequest());
|
| 145 |
|
// tls.negotiate();
|
| 146 |
|
|
| 147 |
|
double stopTime = System.currentTimeMillis();
|
| 148 |
|
System.out.println("Connection time thru " + ldapsUrl + " was: " +
|
| 149 |
|
(stopTime-startTime)/1000 + " seconds.");
|
| 150 |
|
authenticated = true;
|
| 151 |
|
// tls.close();
|
| 152 |
|
ctx.close();
|
| 153 |
|
this.ldapUrl = ldapUrl;
|
| 154 |
|
this.ldapBase = ldapBase;
|
| 155 |
|
// break;
|
| 156 |
|
} catch (AuthenticationException ae) {
|
| 157 |
|
authenticated = false;
|
| 158 |
|
// if ( tls != null ) {
|
| 159 |
|
// tls.close();
|
| 160 |
|
// }
|
| 161 |
|
if ( ctx != null ) {
|
| 162 |
|
ctx.close();
|
| 163 |
|
}
|
| 164 |
|
}
|
| 165 |
|
} else {
|
| 166 |
|
util.debugMessage("User not found");
|
|
102 |
// if not found, try looking up a valid DN then auth again
|
|
103 |
if (!authenticated) {
|
|
104 |
identifier = getIdentifyingName(identifier,ldapUrl,ldapBase);
|
|
105 |
System.out.println(ldapsUrl + identifier + "," + ldapBase);
|
|
106 |
authenticated = ldapAuthenticate(identifier+","+ldapBase, password);
|
| 167 |
107 |
}
|
| 168 |
|
// } /* while ( enum.hasMore() ) */
|
| 169 |
108 |
|
| 170 |
109 |
} catch (NullPointerException e) {
|
| 171 |
110 |
util.debugMessage("NullPointerException b' password is null");
|
| ... | ... | |
| 177 |
116 |
} catch (NamingException e) {
|
| 178 |
117 |
util.debugMessage("Naming exception while authenticating in " +
|
| 179 |
118 |
"AuthLdap.authenticate: " + e);
|
| 180 |
|
//throw new ConnectException(
|
| 181 |
|
//"Naming exception while authenticating in " +
|
| 182 |
|
// "AuthLdap.authenticate: " + e);
|
| 183 |
|
e.printStackTrace();
|
|
119 |
e.printStackTrace();
|
| 184 |
120 |
} catch (Exception e) {
|
| 185 |
121 |
System.out.println(e.getMessage());
|
| 186 |
122 |
}
|
| ... | ... | |
| 189 |
125 |
}
|
| 190 |
126 |
|
| 191 |
127 |
/**
|
|
128 |
* Connect to the LDAP directory and do the authentication using the
|
|
129 |
* username and password as passed into the routine.
|
|
130 |
*
|
|
131 |
* @param identifier the distinguished name to check against LDAP
|
|
132 |
* @param password the password for authentication
|
|
133 |
*/
|
|
134 |
private boolean ldapAuthenticate(String identifier, String password)
|
|
135 |
throws ConnectException, NamingException, NullPointerException
|
|
136 |
{
|
|
137 |
boolean authenticated = false;
|
|
138 |
if (identifier != null && !password.equals("")) {
|
|
139 |
|
|
140 |
// Identify service provider to use
|
|
141 |
Hashtable env = new Hashtable(11);
|
|
142 |
env.put(Context.INITIAL_CONTEXT_FACTORY,
|
|
143 |
"com.sun.jndi.ldap.LdapCtxFactory");
|
|
144 |
|
|
145 |
// Now that we have the dn, we can authenticate, so
|
|
146 |
// authenticate this time when opening the DirContext
|
|
147 |
env.put(Context.PROVIDER_URL, ldapsUrl + ldapBase);
|
|
148 |
if ( !ldapsUrl.equals(ldapUrl) ) {
|
|
149 |
// ldap is set on default port 389
|
|
150 |
// ldaps is set on second port - 636 by default
|
|
151 |
env.put(Context.SECURITY_PROTOCOL, "ssl");
|
|
152 |
}
|
|
153 |
env.put(Context.SECURITY_AUTHENTICATION, "simple");
|
|
154 |
env.put(Context.SECURITY_PRINCIPAL, identifier);
|
|
155 |
System.out.println("Trying DN: " + identifier);
|
|
156 |
env.put(Context.SECURITY_CREDENTIALS, password);
|
|
157 |
// If our auth credentials are invalid, an exception will be thrown
|
|
158 |
DirContext ctx = null;
|
|
159 |
try {
|
|
160 |
double startTime = System.currentTimeMillis();
|
|
161 |
ctx = new InitialDirContext(env);
|
|
162 |
// // StartTLS support from LDAPv3 with X.509 cert and with JSDKv1.4+
|
|
163 |
// LdapContext ctx = new InitialLdapContext(env, null);
|
|
164 |
// StartTlsResponse tls =
|
|
165 |
// (StartTlsResponse)ctx.extendedOperation(new StartTlsRequest());
|
|
166 |
// tls.negotiate();
|
|
167 |
|
|
168 |
double stopTime = System.currentTimeMillis();
|
|
169 |
System.out.println("Connection time thru " + ldapsUrl + " was: " +
|
|
170 |
(stopTime-startTime)/1000 + " seconds.");
|
|
171 |
authenticated = true;
|
|
172 |
//tls.close();
|
|
173 |
ctx.close();
|
|
174 |
this.ldapUrl = ldapUrl;
|
|
175 |
this.ldapBase = ldapBase;
|
|
176 |
//break;
|
|
177 |
} catch (AuthenticationException ae) {
|
|
178 |
authenticated = false;
|
|
179 |
// if ( tls != null ) {
|
|
180 |
// tls.close();
|
|
181 |
// }
|
|
182 |
if ( ctx != null ) {
|
|
183 |
ctx.close();
|
|
184 |
}
|
|
185 |
} catch (javax.naming.InvalidNameException ine) {
|
|
186 |
System.out.println("An invalid DN was provided!");
|
|
187 |
}
|
|
188 |
} else {
|
|
189 |
util.debugMessage("User not found");
|
|
190 |
}
|
|
191 |
return authenticated;
|
|
192 |
}
|
|
193 |
|
|
194 |
/**
|
| 192 |
195 |
* Get the identifying name for a given userid or name. This is the name
|
| 193 |
196 |
* that is used in conjunction withthe LDAP BaseDN to create a
|
| 194 |
197 |
* distinguished name (dn) for the record
|
Updated metacat login semantics. Now, metacat assumes the username passed
in is the 'full' distinguished name of the user. If that fails, then
instead it tries looking up the string and seeing if it can determine
what the DN is, then uses it. The preferred method of logging in via
a client is to send the FULL DN as the username parameter to login.