/src/edu/ucsb/nceas/metacat/AuthLdap.java - Annotate - Metacat - Ecoinformatics Redmine

metacat/src/edu/ucsb/nceas/metacat/AuthLdap.java @ 867

-            bojilova
+/**
  *  '$RCSfile$'
  *    Purpose: An implementation of the AuthInterface interface that
  *             allows Metacat to use the LDAP protocol for
  *             directory services
  *  Copyright: 2000 Regents of the University of California and the
  *             National Center for Ecological Analysis and Synthesis
  *    Authors: Matt Jones
  *    Release: @release@
+ *
  *   '$Author$'
  *     '$Date$'
  * '$Revision$'
             jones
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
  * the Free Software Foundation; either version 2 of the License, or
  * (at your option) any later version.
+ *
  * This program is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
+ *
  * You should have received a copy of the GNU General Public License
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-            bojilova
+ */
 package edu.ucsb.nceas.metacat;
 import java.net.ConnectException;
 import javax.naming.AuthenticationException;
 import javax.naming.Context;
-            bojilova
+import javax.naming.NamingEnumeration;
 import javax.naming.NamingException;
-            bojilova
+import javax.naming.InitialContext;
-            bojilova
+import javax.naming.directory.InvalidSearchFilterException;
-            bojilova
+import javax.naming.directory.Attribute;
 import javax.naming.directory.Attributes;
-            jones
+import javax.naming.directory.BasicAttribute;
 import javax.naming.directory.BasicAttributes;
 import javax.naming.directory.DirContext;
 import javax.naming.directory.InitialDirContext;
 import javax.naming.directory.SearchResult;
-            bojilova
+import javax.naming.directory.SearchControls;
-            bojilova
+import javax.naming.ldap.*;
-            bojilova
+import java.util.Iterator;
 import java.util.HashMap;
 import java.util.Hashtable;
-            bojilova
+import java.util.Enumeration;
-            bojilova
+import java.util.Set;
 import java.util.Vector;
 /**
  * An implementation of the AuthInterface interface that
  * allows Metacat to use the LDAP protocol for directory services.
  * The LDAP authentication service is used to determine if a user
  * is authenticated, and whether they are a member of a particular group.
  */
-            jones
+public class AuthLdap implements AuthInterface {
             bojilova
-            bojilova
+  private MetaCatUtil util = new MetaCatUtil();
-            bojilova
+  private String ldapUrl;
-            bojilova
+  private String ldapsUrl;
-            bojilova
+  private String ldapBase;
-            jones
+  private String referral;
             bojilova
-            bojilova
+  /**
    * Construct an AuthLdap
    */
   public AuthLdap() {
     // Read LDAP URI for directory service information
-            bojilova
+    this.ldapUrl = MetaCatUtil.getOption("ldapurl");
     this.ldapsUrl = MetaCatUtil.getOption("ldapsurl");
     this.ldapBase = MetaCatUtil.getOption("ldapbase");
-            jones
+    this.referral = MetaCatUtil.getOption("referral");
             bojilova
-            bojilova
+  /**
    * Determine if a user/password are valid according to the authentication
    * service.
+   *
    * @param user the name of the principal to authenticate
    * @param password the password to use for authentication
    * @returns boolean true if authentication successful, false otherwise
    */
   public boolean authenticate(String user, String password)
                     throws ConnectException
+  {
-            berkley
+    //System.out.println("ldap authenticating");
-            bojilova
+    String ldapUrl = this.ldapUrl;
-            bojilova
+    String ldapsUrl = this.ldapsUrl;
-            bojilova
+    String ldapBase = this.ldapBase;
-            bojilova
+    boolean authenticated = false;
-            bojilova
+    String identifier = user;
             bojilova
     try {
             bojilova
-            jones
+        // Check the usename as passed in
         authenticated = ldapAuthenticate(identifier, password);
             bojilova
-            jones
+        // if not found, try looking up a valid DN then auth again
         if (!authenticated) {
             identifier = getIdentifyingName(identifier,ldapUrl,ldapBase);
             authenticated = ldapAuthenticate(identifier+","+ldapBase, password);
             bojilova
             jones
-            bojilova
+    } catch (NullPointerException e) {
       util.debugMessage("NullPointerException b' password is null");
       util.debugMessage("NullPointerException while authenticating in " +
                         "AuthLdap.authenticate: " + e);
       throw new ConnectException(
       "NullPointerException while authenticating in " +
                         "AuthLdap.authenticate: " + e);
-            bojilova
+    } catch (NamingException e) {
-            berkley
+      util.debugMessage("Naming exception while authenticating in " +
                         "AuthLdap.authenticate: " + e);
-            jones
+      e.printStackTrace();
-            bojilova
+    } catch (Exception e) {
       System.out.println(e.getMessage());
             bojilova
     return authenticated;
+  }
   /**
-            jones
+   * Connect to the LDAP directory and do the authentication using the
    * username and password as passed into the routine.
+   *
    * @param identifier the distinguished name to check against LDAP
    * @param password the password for authentication
    */
   private boolean ldapAuthenticate(String identifier, String password)
             throws ConnectException, NamingException, NullPointerException
+  {
-            berkley
+    double totStartTime = System.currentTimeMillis();
-            jones
+    boolean authenticated = false;
     if (identifier != null && !password.equals("")) {
         // Identify service provider to use
         Hashtable env = new Hashtable(11);
         env.put(Context.INITIAL_CONTEXT_FACTORY,
             "com.sun.jndi.ldap.LdapCtxFactory");
-            berkley
+        //System.out.println("referral: " + referral);
-            jones
+        // Now that we have the dn, we can authenticate, so
         // authenticate this time when opening the DirContext
-            berkley
+        env.put(Context.REFERRAL, "throw");
-            berkley
+        /*CB:  Note that the above env.put statement does not use the referral
           variable.  it is hard coded to 'throw'.  Matt: Is it ok to do this
           only here and not in every method?
         */
         //System.out.println("ldapsUrl: " + ldapsUrl + " ldapBase: " + ldapBase);
-            jones
+        env.put(Context.PROVIDER_URL, ldapsUrl + ldapBase);
         if ( !ldapsUrl.equals(ldapUrl) ) {
           // ldap is set on default port 389
           // ldaps is set on second port - 636 by default
           env.put(Context.SECURITY_PROTOCOL, "ssl");
+        }
         env.put(Context.SECURITY_AUTHENTICATION, "simple");
         env.put(Context.SECURITY_PRINCIPAL, identifier);
-            berkley
+        //System.out.println("Trying DN: " + identifier);
-            jones
+        env.put(Context.SECURITY_CREDENTIALS, password);
         // If our auth credentials are invalid, an exception will be thrown
         DirContext ctx = null;
         try {
           double startTime = System.currentTimeMillis();
           ctx = new InitialDirContext(env);
 //          // StartTLS support from LDAPv3 with X.509 cert and with JSDKv1.4+
 //          LdapContext ctx = new InitialLdapContext(env, null);
 //          StartTlsResponse tls =
 //            (StartTlsResponse)ctx.extendedOperation(new StartTlsRequest());
 //          tls.negotiate();
           double stopTime = System.currentTimeMillis();
           System.out.println("Connection time thru " + ldapsUrl + " was: " +
                              (stopTime-startTime)/1000 + " seconds.");
           authenticated = true;
           //tls.close();
           ctx.close();
           this.ldapUrl = ldapUrl;
           this.ldapBase = ldapBase;
           //break;
         } catch (AuthenticationException ae) {
           authenticated = false;
 //          if ( tls != null ) {
 //            tls.close();
 //          }
           if ( ctx != null ) {
             ctx.close();
+          }
         } catch (javax.naming.InvalidNameException ine) {
             System.out.println("An invalid DN was provided!");
-            berkley
+        } catch(javax.naming.ReferralException re) {
-            berkley
+	        System.out.println("referral to : " + re.getReferralInfo().toString());
-            berkley
+            try
+            {
               /*
                Matt, I think this is right but I'm not sure...please check me to make
                sure I didn't do something wrong here.
               */
-            berkley
+              double refStartTime = System.currentTimeMillis();
-            berkley
+              Context refctx = re.getReferralContext(env);
               authenticated = true;
-            berkley
+              refctx.close();
               this.ldapUrl = ldapUrl;
               this.ldapBase = ldapBase;
               double refStopTime = System.currentTimeMillis();
               System.out.println("total referral time: " +
                                 (refStopTime - refStartTime)/1000 + " seconds");
             berkley
             catch(Exception e)
+            {
-            berkley
+                System.out.println("Error with referral to : " +
                                    re.getReferralInfo().toString());
                 authenticated = false;
             berkley
+	}
-            jones
+    } else {
         util.debugMessage("User not found");
+    }
-            berkley
+    double totStopTime = System.currentTimeMillis();
     System.out.println("total ldap authentication time: " +
                       (totStopTime - totStartTime)/1000 + " seconds");
-            jones
+    return authenticated;
+  }
   /**
-            bojilova
+   * Get the identifying name for a given userid or name.  This is the name
    * that is used in conjunction withthe LDAP BaseDN to create a
    * distinguished name (dn) for the record
+   *
    * @param user the user for which the identifying name is requested
    * @returns String the identifying name for the user,
    *          or null if not found
    */
   private String getIdentifyingName(String user, String ldapUrl, String ldapBase)
          throws NamingException
+  {
     String identifier = null;
     // Identify service provider to use
     Hashtable env = new Hashtable(11);
     env.put(Context.INITIAL_CONTEXT_FACTORY,
             "com.sun.jndi.ldap.LdapCtxFactory");
-            berkley
+    util.debugMessage("setting referrals to: " + referral);
-            jones
+    env.put(Context.REFERRAL, referral);
-            bojilova
+    env.put(Context.PROVIDER_URL, ldapUrl + ldapBase);
-            berkley
+    //    non-secure LDAP context; dn are publicly readable
     //    env.put(Context.SECURITY_PROTOCOL, "ssl");
-            bojilova
+    try {
             berkley
-            bojilova
+      // Bind to the LDAP server, in order to search for the right
       // distinguished name (dn) based on userid (uid) or common name (cn)
       DirContext ctx = new InitialDirContext(env);
       SearchControls ctls = new SearchControls();
       ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
       // Search for the user id or name using the uid, then cn and sn attributes
       // If we find a record, determine the dn for the record
-            berkley
+      //System.out.println("Starting search phase...");
             bojilova
-            bojilova
+      String filter = "(" + user + ")";
       NamingEnumeration answer;
       try {
         answer = ctx.search("", filter, ctls);
         if (answer.hasMore()) {
           SearchResult sr = (SearchResult)answer.next();
           identifier = sr.getName();
           if ( !sr.isRelative() ) {
             this.ldapUrl = identifier.substring(0,identifier.lastIndexOf("/")+1);
             this.ldapBase = identifier.substring(identifier.indexOf(",")+1);
             identifier = identifier.substring(identifier.lastIndexOf("/")+1,
                                               identifier.indexOf(","));
+          }
           util.debugMessage("Found: " + identifier);
           return identifier;
+        }
       } catch (InvalidSearchFilterException e) {}
       filter = "(uid=" + user + ")";
       answer = ctx.search("", filter, ctls);
-            bojilova
+      if (answer.hasMore()) {
         SearchResult sr = (SearchResult)answer.next();
         identifier = sr.getName();
         if ( !sr.isRelative() ) {
           this.ldapUrl = identifier.substring(0,identifier.lastIndexOf("/")+1);
           this.ldapBase = identifier.substring(identifier.indexOf(",")+1);
           identifier = identifier.substring(identifier.lastIndexOf("/")+1,
                                             identifier.indexOf(","));
+        }
         util.debugMessage("Found: " + identifier);
       } else {
         //Attributes matchAttrs2 = new BasicAttributes(true);
         //matchAttrs2.put(new BasicAttribute("cn", user));
         //NamingEnumeration answer2 = ctx.search("", matchAttrs2);
         filter = "(cn=" + user + ")";
         NamingEnumeration answer2 = ctx.search("", filter, ctls);
         if (answer2.hasMore()) {
           SearchResult sr = (SearchResult)answer2.next();
           identifier = sr.getName();
           if ( !sr.isRelative() ) {
             this.ldapUrl = identifier.substring(0,identifier.lastIndexOf("/")+1);
             this.ldapBase = identifier.substring(identifier.indexOf(",")+1);
             identifier = identifier.substring(identifier.lastIndexOf("/")+1,
                                               identifier.indexOf(","));
+          }
           util.debugMessage("Found: " + identifier);
         } else {
           //Attributes matchAttrs3 = new BasicAttributes(true);
           //matchAttrs3.put(new BasicAttribute("sn", user));
           //NamingEnumeration answer3 = ctx.search("", matchAttrs3);
           filter = "(sn=" + user + ")";
           NamingEnumeration answer3 = ctx.search("", filter, ctls);
           if (answer3.hasMore()) {
             SearchResult sr = (SearchResult)answer3.next();
             identifier = sr.getName();
             if ( !sr.isRelative() ) {
               this.ldapUrl = identifier.substring(0,identifier.lastIndexOf("/")+1);
               this.ldapBase = identifier.substring(identifier.indexOf(",")+1);
               identifier = identifier.substring(identifier.lastIndexOf("/")+1,
                                                 identifier.indexOf(","));
+            }
             util.debugMessage("Found: " + identifier);
+          }
+        }
+      }
       // Close the context when we're done the initial search
       ctx.close();
     } catch (NamingException e) {
       util.debugMessage("Naming exception while getting dn: " + e);
       throw new NamingException(
       "Naming exception in AuthLdap.getIdentifyingName: " + e);
+    }
     return identifier;
+  }
   /**
-            bojilova
+   * Get all users from the authentication service
    */
-            jones
+  public String[] getUsers(String user, String password)
          throws ConnectException
             bojilova
-            bojilova
+    String[] users = null;
     // Identify service provider to use
     Hashtable env = new Hashtable(11);
     env.put(Context.INITIAL_CONTEXT_FACTORY,
             "com.sun.jndi.ldap.LdapCtxFactory");
-            jones
+    env.put(Context.REFERRAL, referral);
-            bojilova
+    env.put(Context.PROVIDER_URL, ldapUrl + ldapBase);
     try {
         // Create the initial directory context
         DirContext ctx = new InitialDirContext(env);
         // Specify the ids of the attributes to return
         String[] attrIDs = {"uid"};
-            bojilova
+        // Specify the attributes to match.
         // Users are objects that have the attribute objectclass=InetOrgPerson.
         Attributes matchAttrs = new BasicAttributes(true); // ignore case
         matchAttrs.put(new BasicAttribute("objectclass", "inetOrgPerson"));
-            bojilova
+        // Search for objects in the current context
-            bojilova
+        NamingEnumeration enum = ctx.search("", matchAttrs, attrIDs);
             bojilova
         // Print the users
         Vector uvec = new Vector();
         while (enum.hasMore()) {
           SearchResult sr = (SearchResult)enum.next();
           Attributes attrs = sr.getAttributes();
           NamingEnumeration enum1 = attrs.getAll(); // only "uid" attr
           while (enum1.hasMore()) {
             Attribute attr = (Attribute)enum1.next();
             uvec.add(attr.get());
+          }
+        }
         // initialize users[]; fill users[]
         users = new String[uvec.size()];
         for (int i=0; i < uvec.size(); i++) {
           users[i] = (String)uvec.elementAt(i);
+        }
         // Close the context when we're done
         ctx.close();
     } catch (NamingException e) {
       System.err.println("Problem getting users in AuthLdap.getUsers:" + e);
       throw new ConnectException(
-            bojilova
+      "Problem getting users in AuthLdap.getUsers:" + e);
             bojilova
     return users;
             bojilova
   /**
    * Get the users for a particular group from the authentication service
    */
-            jones
+  public String[] getUsers(String user, String password, String group)
          throws ConnectException
             bojilova
-            bojilova
+    String[] users = null;
     // Identify service provider to use
     Hashtable env = new Hashtable(11);
     env.put(Context.INITIAL_CONTEXT_FACTORY,
             "com.sun.jndi.ldap.LdapCtxFactory");
-            jones
+    env.put(Context.REFERRAL, referral);
-            bojilova
+    env.put(Context.PROVIDER_URL, ldapUrl + ldapBase);
     try {
         // Create the initial directory context
         DirContext ctx = new InitialDirContext(env);
         // Specify the ids of the attributes to return
-            bojilova
+        String[] attrIDs = {"uniquemember"};
             bojilova
         // Specify the attributes to match.
-            bojilova
+        // Groups are objects with attribute objectclass=groupofuniquenames.
-            bojilova
+        Attributes matchAttrs = new BasicAttributes(true); // ignore case
-            bojilova
+        matchAttrs.put(new BasicAttribute("objectclass", "groupofuniquenames"));
         matchAttrs.put(new BasicAttribute("cn", group));
             bojilova
         // Search for objects in the current context
         NamingEnumeration enum = ctx.search("", matchAttrs, attrIDs);
         // Print the users
         Vector uvec = new Vector();
         while (enum.hasMore()) {
           SearchResult sr = (SearchResult)enum.next();
           Attributes attrs = sr.getAttributes();
-            bojilova
+          // return all attributes (only "uniquemember" attr)
           NamingEnumeration enum1 = attrs.getAll();
-            bojilova
+          while (enum1.hasMore()) {
             Attribute attr = (Attribute)enum1.next();
-            bojilova
+            // return all values of that attribute
             NamingEnumeration enum2 = attr.getAll();
             while (enum2.hasMore()) {
-            bojilova
+              // get DN of a member
               String memberDN = (String)enum2.next();
               try {
                 // we actually need RDN of the member
                 // try to get RDN (UID) of the member in case of a user
                 String memberID = getUserID(memberDN);
                 if ( memberID != null ) {
                   uvec.add(memberID);
                 // CURRENTLY WE DON'T SUPPORT SUBGROUPING, THUS
                 // IGNORE SUBGROUPS AS MEMBERS OF THE GROUP
                 // // this is a group, not user
                 // // try to get RDN (CN) of the group
                 // } else {
                 //   memberID = getGroupID(memberDN);
                 //   uvec.add(memberID);
+                }
               } catch (NamingException ne) {}
             bojilova
             bojilova
+        }
         // initialize users[]; fill users[]
         users = new String[uvec.size()];
         for (int i=0; i < uvec.size(); i++) {
           users[i] = (String)uvec.elementAt(i);
+        }
         // Close the context when we're done
         ctx.close();
     } catch (NamingException e) {
-            bojilova
+      System.err.println("Problem getting users for a group in AuthLdap.getUsers:" + e);
-            bojilova
+      throw new ConnectException(
-            bojilova
+      "Problem getting users for a group in AuthLdap.getUsers:" + e);
             bojilova
     return users;
             bojilova
   /**
-            bojilova
+   * Get UID by DN of a member
    */
   private String getUserID(String dn)
          throws NamingException
+  {
     String[] users = null;
     // Identify service provider to use
     Hashtable env = new Hashtable(11);
     env.put(Context.INITIAL_CONTEXT_FACTORY,
             "com.sun.jndi.ldap.LdapCtxFactory");
-            jones
+    env.put(Context.REFERRAL, referral);
-            bojilova
+    env.put(Context.PROVIDER_URL, ldapUrl); // + ldapBase);
     try {
         // Create the initial directory context
         DirContext ctx = new InitialDirContext(env);
         // Specify the ids of the attributes to return
         String[] attrIDs = {"uid"};
         // Ask for "uid" attributes of the user
         Attributes attrs = ctx.getAttributes(dn, attrIDs);
         // Print all of the attributes (only "uid" attr)
         Vector uvec = new Vector();
         NamingEnumeration en = attrs.getAll();
         while (en.hasMore()) {
           Attribute att = (Attribute)en.next();
           Vector values = new Vector();
           String attName = att.getID();
           NamingEnumeration attvalues = att.getAll();
           while (attvalues.hasMore()) {
             String value = (String)attvalues.next();
             values.add(value);
+          }
           uvec.add(values.elementAt(0));
+        }
         // initialize users[]; fill users[]
         users = new String[uvec.size()];
         for (int i=0; i < uvec.size(); i++) {
           users[i] = (String)uvec.elementAt(i);
+        }
         // Close the context when we're done
         ctx.close();
     } catch (NamingException ne) {
       System.err.println("Problem getting userID by \"dn\" in AuthLdap.getUserID:" + ne);
       throw ne;
+    }
     if ( users.length > 0 ) {
       return users[0];
+    }
     return null;
+  }
   /**
    * Get CN by DN of a member
    */
   private String getGroupID(String dn)
          throws NamingException
+  {
     String[] groups = null;
     // Identify service provider to use
     Hashtable env = new Hashtable(11);
     env.put(Context.INITIAL_CONTEXT_FACTORY,
             "com.sun.jndi.ldap.LdapCtxFactory");
-            jones
+    env.put(Context.REFERRAL, referral);
-            bojilova
+    env.put(Context.PROVIDER_URL, ldapUrl); // + ldapBase);
     try {
         // Create the initial directory context
         DirContext ctx = new InitialDirContext(env);
         // Specify the ids of the attributes to return
         String[] attrIDs = {"cn"};
         // Ask for "uid" attributes of the user
         Attributes attrs = ctx.getAttributes(dn, attrIDs);
         // Print all of the attributes (only "cn" attr)
         Vector uvec = new Vector();
         NamingEnumeration en = attrs.getAll();
         while (en.hasMore()) {
           Attribute att = (Attribute)en.next();
           Vector values = new Vector();
           String attName = att.getID();
           NamingEnumeration attvalues = att.getAll();
           while (attvalues.hasMore()) {
             String value = (String)attvalues.next();
             values.add(value);
+          }
           uvec.add(values.elementAt(0));
+        }
         // initialize users[]; fill users[]
         groups = new String[uvec.size()];
         for (int i=0; i < uvec.size(); i++) {
           groups[i] = (String)uvec.elementAt(i);
+        }
         // Close the context when we're done
         ctx.close();
     } catch (NamingException ne) {
       System.err.println("Problem getting groupID by \"dn\" in AuthLdap.getGroupID:" + ne);
       throw ne;
+    }
     if ( groups.length > 0 ) {
       return groups[0];
+    }
     return null;
+  }
   /**
-            bojilova
+   * Get all groups from the authentication service
    */
-            jones
+  public String[] getGroups(String user, String password)
          throws ConnectException
             bojilova
-            bojilova
+    String[] groups = null;
     // Identify service provider to use
     Hashtable env = new Hashtable(11);
     env.put(Context.INITIAL_CONTEXT_FACTORY,
             "com.sun.jndi.ldap.LdapCtxFactory");
-            jones
+    env.put(Context.REFERRAL, referral);
-            bojilova
+    env.put(Context.PROVIDER_URL, ldapUrl + ldapBase);
     try {
         // Create the initial directory context
         DirContext ctx = new InitialDirContext(env);
         // Specify the ids of the attributes to return
-            bojilova
+        String[] attrIDs = {"cn"};
             bojilova
-            bojilova
+        // Specify the attributes to match.
         // Groups are objects with attribute objectclass=groupofuniquenames.
         Attributes matchAttrs = new BasicAttributes(true); // ignore case
         matchAttrs.put(new BasicAttribute("objectclass", "groupofuniquenames"));
-            bojilova
+        // Search for objects in the current context
-            bojilova
+        NamingEnumeration enum = ctx.search("", matchAttrs, attrIDs);
             bojilova
         // Print the users
         Vector uvec = new Vector();
         while (enum.hasMore()) {
           SearchResult sr = (SearchResult)enum.next();
           Attributes attrs = sr.getAttributes();
-            bojilova
+          NamingEnumeration enum1 = attrs.getAll(); // only "cn" attr
-            bojilova
+          while (enum1.hasMore()) {
             Attribute attr = (Attribute)enum1.next();
             uvec.add(attr.get());
+          }
+        }
         // initialize groups[] and fill it
         groups = new String[uvec.size()];
         for (int i=0; i < uvec.size(); i++) {
           groups[i] = (String)uvec.elementAt(i);
+        }
         // Close the context when we're done
         ctx.close();
     } catch (NamingException e) {
       System.err.println("Problem getting groups in AuthLdap.getGroups:" + e);
       throw new ConnectException(
       "Problem getting groups in AuthLdap.getGroups:" + e);
+    }
     return groups;
             bojilova
   /**
    * Get the groups for a particular user from the authentication service
    */
-            jones
+  public String[] getGroups(String user, String password, String foruser)
          throws ConnectException
             bojilova
-            bojilova
+    String[] groups = null;
     // Identify service provider to use
     Hashtable env = new Hashtable(11);
     env.put(Context.INITIAL_CONTEXT_FACTORY,
             "com.sun.jndi.ldap.LdapCtxFactory");
-            jones
+    env.put(Context.REFERRAL, referral);
-            bojilova
+    env.put(Context.PROVIDER_URL, ldapUrl + ldapBase);
-            bojilova
+    try {
         // Create the initial directory context
         DirContext ctx = new InitialDirContext(env);
         // Specify the ids of the attributes to return
-            bojilova
+        String[] attrIDs = {"cn"};
-            bojilova
+        // Specify the attributes to match.
-            bojilova
+        // Groups are objects with attribute objectclass=groupofuniquenames.
-            bojilova
+        // and have attribute uniquemember: uid=foruser,ldapbase.
-            bojilova
+        Attributes matchAttrs = new BasicAttributes(true); // ignore case
-            bojilova
+        matchAttrs.put(new BasicAttribute("objectclass", "groupofuniquenames"));
-            berkley
+        String dn = user;/*getIdentifyingName(foruser, ldapUrl, ldapBase);*/
-            bojilova
+        matchAttrs.put(new BasicAttribute("uniquemember",dn+","+ldapBase));
-            bojilova
+        // Search for objects in the current context
         NamingEnumeration enum = ctx.search("", matchAttrs, attrIDs);
         // Print the users
         Vector uvec = new Vector();
         while (enum.hasMore()) {
           SearchResult sr = (SearchResult)enum.next();
           Attributes attrs = sr.getAttributes();
-            bojilova
+          NamingEnumeration enum1 = attrs.getAll(); // only "cn" attr
-            bojilova
+          while (enum1.hasMore()) {
             Attribute attr = (Attribute)enum1.next();
             uvec.add(attr.get());
+          }
+        }
         // initialize groups[] and fill it
         groups = new String[uvec.size()];
         for (int i=0; i < uvec.size(); i++) {
           groups[i] = (String)uvec.elementAt(i);
+        }
         // Close the context when we're done
         ctx.close();
     } catch (NamingException e) {
       System.err.println("Problem getting groups in AuthLdap.getGroups:" + e);
       throw new ConnectException(
-            bojilova
+      "Problem getting groups for a user in AuthLdap.getGroups:" + e);
             bojilova
     return groups;
             bojilova
   /**
    * Get attributes describing a user or group
+   *
    * @param user the user for which the attribute list is requested
    * @returns HashMap a map of attribute name to a Vector of values
    */
-            jones
+  public HashMap getAttributes(String foruser)
-            bojilova
+         throws ConnectException
+  {
-            jones
+    return getAttributes(null, null, foruser);
             bojilova
   /**
    * Get attributes describing a user or group
+   *
    * @param user the user for which the attribute list is requested
    * @param authuser the user for authenticating against the service
    * @param password the password for authenticating against the service
    * @returns HashMap a map of attribute name to a Vector of values
    */
-            jones
+  public HashMap getAttributes(String user, String password, String foruser)
-            bojilova
+         throws ConnectException
+  {
     HashMap attributes = new HashMap();
-            bojilova
+    String ldapUrl = this.ldapUrl;
     String ldapBase = this.ldapBase;
     String userident = foruser;
     try {
       this.ldapBase = userident.substring(userident.indexOf(",")+1);
       userident = userident.substring(0,userident.indexOf(","));
     } catch (StringIndexOutOfBoundsException e) {}
             bojilova
     // Identify service provider to use
     Hashtable env = new Hashtable(11);
     env.put(Context.INITIAL_CONTEXT_FACTORY,
         "com.sun.jndi.ldap.LdapCtxFactory");
-            jones
+    env.put(Context.REFERRAL, referral);
-            bojilova
+    env.put(Context.PROVIDER_URL, ldapUrl + ldapBase);
     try {
             bojilova
-            bojilova
+      // Create the initial directory context
       DirContext ctx = new InitialDirContext(env);
-            bojilova
+      // Find out the identifying attribute for the user
-            bojilova
+      userident = getIdentifyingName(userident,ldapUrl,ldapBase);
             bojilova
-            jones
+      // Ask for all attributes of the user
       Attributes attrs = ctx.getAttributes(userident);
             bojilova
-            bojilova
+      // Print all of the attributes
       NamingEnumeration en = attrs.getAll();
       while (en.hasMore()) {
         Attribute att = (Attribute)en.next();
         Vector values = new Vector();
         String attName = att.getID();
         NamingEnumeration attvalues = att.getAll();
         while (attvalues.hasMore()) {
           String value = (String)attvalues.next();
           values.add(value);
+        }
         attributes.put(attName, values);
+      }
       // Close the context when we're done
       ctx.close();
     } catch (NamingException e) {
-            berkley
+      System.err.println("Problem getting attributes in AuthLdap.getAttributes:"
                           + e);
-            bojilova
+      throw new ConnectException(
       "Problem getting attributes in AuthLdap.getAttributes:" + e);
             bojilova
     return attributes;
+  }
   /**
-            bojilova
+   * Get list of all subtrees holding Metacat's groups and users
    * starting from the Metacat LDAP root,
    * i.e. ldap://dev.nceas.ucsb.edu/dc=ecoinformatics,dc=org
-            jones
+   */
-            bojilova
+  private Hashtable getSubtrees(String user, String password,
                                 String ldapUrl, String ldapBase)
                 throws ConnectException
             jones
-            bojilova
+    Hashtable trees = new Hashtable();
             jones
     // Identify service provider to use
     Hashtable env = new Hashtable(11);
-            bojilova
+    env.put(Context.INITIAL_CONTEXT_FACTORY,
-            jones
+            "com.sun.jndi.ldap.LdapCtxFactory");
-            jones
+    env.put(Context.REFERRAL, referral);
-            jones
+    env.put(Context.PROVIDER_URL, ldapUrl + ldapBase);
     try {
-            bojilova
+        // Create the initial directory context
         DirContext ctx = new InitialDirContext(env);
         // Specify the ids of the attributes to return
         String[] attrIDs = {"o","ref"};
         SearchControls ctls = new SearchControls();
         ctls.setReturningAttributes(attrIDs);
         ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
         // Specify the attributes to match.
         // Subtrees from the main server are found as objects with attribute
         // objectclass=organization or objectclass=referral to the subtree
         // resided on other server.
         String filter = "(|(objectclass=organization)(objectclass=referral))";
         // Search for objects in the current context
         NamingEnumeration enum = ctx.search("", filter, ctls);
         // Print the subtrees' <ldapURL, baseDN>
         while (enum.hasMore()) {
           SearchResult sr = (SearchResult)enum.next();
           Attributes attrs = sr.getAttributes();
           NamingEnumeration enum1 = attrs.getAll(); // "dc" and "ref" attrs
           if (enum1.hasMore()) {
             Attribute attr = (Attribute)enum1.next();
             String attrValue = (String)attr.get();
             String attrName = (String)attr.getID();
-            berkley
+            //System.out.println(attrName + "=" + attrValue);
-            bojilova
+            if ( enum1.hasMore() ) {
               attr = (Attribute)enum1.next();
               String refValue = (String)attr.get();
               String refName = (String)attr.getID();
-            berkley
+              //System.out.println(refName + "=" + refValue);
-            bojilova
+              if ( ldapBase.startsWith(refName + "=" + refValue) ) {
                 trees.put(ldapBase,
                           attrValue.substring(0,attrValue.lastIndexOf("/")+1) );
               } else {
                 trees.put(refName + "=" + refValue + "," + ldapBase,
                           attrValue.substring(0,attrValue.lastIndexOf("/")+1) );
+              }
-            berkley
+              //System.out.println("REFERRAL:" + attrValue);
-            bojilova
+            } else if ( ldapBase.startsWith(attrName + "=" + attrValue) ) {
                 trees.put(ldapBase, ldapUrl);
             } else {
                 trees.put(attrName + "=" + attrValue + "," + ldapBase, ldapUrl);
-            berkley
+                //System.out.println(ldapUrl + attrName + "=" + attrValue + "," + ldapBase);
             bojilova
             jones
+        }
             bojilova
         // Close the context when we're done
         ctx.close();
-            jones
+    } catch (NamingException e) {
-            bojilova
+      System.err.println("Problem getting subtrees in AuthLdap.getSubtrees:" + e);
       throw new ConnectException(
       "Problem getting subtrees in AuthLdap.getSubtrees:" + e);
             jones
-            berkley
+    //System.out.println("number of subtrees:" + trees.size());
-            bojilova
+    return trees;
             jones
   /**
-            bojilova
+   * Get all groups and users from authentication scheme.
-            bojilova
+   * The output is formatted in XML.
-            bojilova
+   * @param user the user which requests the information
    * @param password the user's password
-            bojilova
+   */
-            bojilova
+  public String getPrincipals(String user, String password)
-            bojilova
+                throws ConnectException
+  {
     StringBuffer out = new StringBuffer();
-            bojilova
+    Vector usersIn = new Vector();
             bojilova
     out.append("<?xml version=\"1.0\"?>\n");
-            bojilova
+    out.append("<principals>\n");
             bojilova
-            bojilova
+    /*
      * get all subtrees first in the current dir context
      * and then the Metacat users under them
      */
     Hashtable subtrees = getSubtrees(user,password,this.ldapUrl,this.ldapBase);
     Enumeration enum = subtrees.keys();
     while ( enum.hasMoreElements() ) {
       this.ldapBase = (String)enum.nextElement();
       this.ldapUrl = (String)subtrees.get(ldapBase);
       out.append("  <authSystem URI=\"" +
                  this.ldapUrl + this.ldapBase + "\">\n");
       // get all groups for directory context
       String[] groups = getGroups(user, password);
       // for the groups and users that belong to them
       if ( groups.length > 0 ) {
         for (int i=0; i < groups.length; i++ ) {
           out.append("    <group>\n");
-            bojilova
+          out.append("      <groupname>" + groups[i] + "</groupname>\n");
-            bojilova
+          String[] usersForGroup = getUsers(user,password,groups[i]);
           for (int j=0; j < usersForGroup.length; j++ ) {
             usersIn.addElement(usersForGroup[j]);
             out.append("      <user>\n");
-            bojilova
+            out.append("        <username>" + usersForGroup[j] + "</username>\n");
-            bojilova
+            out.append("      </user>\n");
+          }
           out.append("    </group>\n");
+        }
+      }
       // for the users not belonging to any group
       String[] users = getUsers(user, password);
       for (int j=0; j < users.length; j++ ) {
         if ( !usersIn.contains(users[j]) ) {
-            bojilova
+          out.append("    <user>\n");
-            bojilova
+          out.append("      <username>" + users[j] + "</username>\n");
-            bojilova
+          out.append("    </user>\n");
+        }
+      }
             bojilova
       out.append("  </authSystem>\n");
       if ( !usersIn.isEmpty() ) {
         usersIn.removeAllElements();
         usersIn.trimToSize();
             bojilova
             bojilova
             bojilova
     out.append("</principals>");
     return out.toString();
+  }
   /**
-            bojilova
+   * Test method for the class
    */
   public static void main(String[] args) {
-            jones
+    // Provide a user, such as: "Matt Jones", or "jones"
-            bojilova
+    String user = args[0];
     String password = args[1];
     AuthLdap authservice = new AuthLdap();
     boolean isValid = false;
     try {
       isValid = authservice.authenticate(user, password);
       if (isValid) {
         System.out.println("Authentication successful for: " + user );
         System.out.println(" ");
             bojilova
-            bojilova
+      } else {
         System.out.println("Authentication failed for: " + user);
+      }
             bojilova
-            bojilova
+      if (isValid) {
-            bojilova
+        //String group = args[2];
-            bojilova
+        HashMap userInfo = authservice.getAttributes(user, password, "knb");
-            bojilova
+        // Print all of the attributes
         Iterator attList = (Iterator)(((Set)userInfo.keySet()).iterator());
         while (attList.hasNext()) {
           String att = (String)attList.next();
           Vector values = (Vector)userInfo.get(att);
           Iterator attvalues = values.iterator();
           while (attvalues.hasNext()) {
             String value = (String)attvalues.next();
-            bojilova
+            System.out.println(att + ": " + value);
             bojilova
+        }
             bojilova
             bojilova
             bojilova
-            bojilova
+      // get the whole list groups and users in XML format
-            bojilova
+      if (isValid) {
-            bojilova
+        authservice = new AuthLdap();
-            bojilova
+        String out = authservice.getPrincipals(user, password);
-            bojilova
+        java.io.File f = new java.io.File("principals.xml");
-            bojilova
+        java.io.FileWriter fw = new java.io.FileWriter(f);
         java.io.BufferedWriter buff = new java.io.BufferedWriter(fw);
         buff.write(out);
         buff.flush();
         buff.close();
         fw.close();
+      }
             bojilova
-            bojilova
+    } catch (ConnectException ce) {
-            bojilova
+      System.err.println(ce.getMessage());
-            bojilova
+    } catch (java.io.IOException ioe) {
       System.err.println("I/O Error writing to file principals.txt");
             bojilova
+  }
+}

Project

General

Profile

Metacat