| 90 |
90 |
public boolean authenticate(String user, String password)
|
| 91 |
91 |
throws ConnectException
|
| 92 |
92 |
{
|
| 93 |
|
System.out.println("ldap authenticating");
|
|
93 |
//System.out.println("ldap authenticating");
|
| 94 |
94 |
String ldapUrl = this.ldapUrl;
|
| 95 |
95 |
String ldapsUrl = this.ldapsUrl;
|
| 96 |
96 |
String ldapBase = this.ldapBase;
|
| ... | ... | |
| 105 |
105 |
// if not found, try looking up a valid DN then auth again
|
| 106 |
106 |
if (!authenticated) {
|
| 107 |
107 |
identifier = getIdentifyingName(identifier,ldapUrl,ldapBase);
|
| 108 |
|
System.out.println(ldapsUrl + identifier + "," + ldapBase);
|
| 109 |
108 |
authenticated = ldapAuthenticate(identifier+","+ldapBase, password);
|
| 110 |
109 |
}
|
| 111 |
110 |
|
| ... | ... | |
| 137 |
136 |
private boolean ldapAuthenticate(String identifier, String password)
|
| 138 |
137 |
throws ConnectException, NamingException, NullPointerException
|
| 139 |
138 |
{
|
|
139 |
double totStartTime = System.currentTimeMillis();
|
| 140 |
140 |
boolean authenticated = false;
|
| 141 |
141 |
if (identifier != null && !password.equals("")) {
|
| 142 |
142 |
|
| ... | ... | |
| 145 |
145 |
env.put(Context.INITIAL_CONTEXT_FACTORY,
|
| 146 |
146 |
"com.sun.jndi.ldap.LdapCtxFactory");
|
| 147 |
147 |
|
| 148 |
|
System.out.println("referral: " + referral);
|
|
148 |
//System.out.println("referral: " + referral);
|
| 149 |
149 |
// Now that we have the dn, we can authenticate, so
|
| 150 |
150 |
// authenticate this time when opening the DirContext
|
| 151 |
151 |
env.put(Context.REFERRAL, "throw");
|
| 152 |
|
System.out.println("ldapsUrl: " + ldapsUrl + " ldapBase: " + ldapBase);
|
|
152 |
/*CB: Note that the above env.put statement does not use the referral
|
|
153 |
variable. it is hard coded to 'throw'. Matt: Is it ok to do this
|
|
154 |
only here and not in every method?
|
|
155 |
*/
|
|
156 |
//System.out.println("ldapsUrl: " + ldapsUrl + " ldapBase: " + ldapBase);
|
| 153 |
157 |
env.put(Context.PROVIDER_URL, ldapsUrl + ldapBase);
|
| 154 |
158 |
if ( !ldapsUrl.equals(ldapUrl) ) {
|
| 155 |
159 |
// ldap is set on default port 389
|
| ... | ... | |
| 158 |
162 |
}
|
| 159 |
163 |
env.put(Context.SECURITY_AUTHENTICATION, "simple");
|
| 160 |
164 |
env.put(Context.SECURITY_PRINCIPAL, identifier);
|
| 161 |
|
System.out.println("Trying DN: " + identifier);
|
|
165 |
//System.out.println("Trying DN: " + identifier);
|
| 162 |
166 |
env.put(Context.SECURITY_CREDENTIALS, password);
|
| 163 |
167 |
// If our auth credentials are invalid, an exception will be thrown
|
| 164 |
168 |
DirContext ctx = null;
|
| ... | ... | |
| 170 |
174 |
// StartTlsResponse tls =
|
| 171 |
175 |
// (StartTlsResponse)ctx.extendedOperation(new StartTlsRequest());
|
| 172 |
176 |
// tls.negotiate();
|
| 173 |
|
|
| 174 |
177 |
double stopTime = System.currentTimeMillis();
|
| 175 |
178 |
System.out.println("Connection time thru " + ldapsUrl + " was: " +
|
| 176 |
179 |
(stopTime-startTime)/1000 + " seconds.");
|
| ... | ... | |
| 191 |
194 |
} catch (javax.naming.InvalidNameException ine) {
|
| 192 |
195 |
System.out.println("An invalid DN was provided!");
|
| 193 |
196 |
} catch(javax.naming.ReferralException re) {
|
| 194 |
|
System.out.println("referral to : " + re.getReferralInfo().toString());
|
|
197 |
System.out.println("referral to : " + re.getReferralInfo().toString());
|
| 195 |
198 |
try
|
| 196 |
199 |
{
|
| 197 |
200 |
/*
|
| 198 |
201 |
Matt, I think this is right but I'm not sure...please check me to make
|
| 199 |
202 |
sure I didn't do something wrong here.
|
| 200 |
203 |
*/
|
|
204 |
double refStartTime = System.currentTimeMillis();
|
| 201 |
205 |
Context refctx = re.getReferralContext(env);
|
| 202 |
206 |
authenticated = true;
|
|
207 |
refctx.close();
|
|
208 |
this.ldapUrl = ldapUrl;
|
|
209 |
this.ldapBase = ldapBase;
|
|
210 |
double refStopTime = System.currentTimeMillis();
|
|
211 |
System.out.println("total referral time: " +
|
|
212 |
(refStopTime - refStartTime)/1000 + " seconds");
|
| 203 |
213 |
}
|
| 204 |
214 |
catch(Exception e)
|
| 205 |
215 |
{
|
| 206 |
|
System.out.println("Error with referral to : " + re.getReferralInfo().toString());
|
|
216 |
System.out.println("Error with referral to : " +
|
|
217 |
re.getReferralInfo().toString());
|
|
218 |
authenticated = false;
|
| 207 |
219 |
}
|
| 208 |
220 |
|
| 209 |
221 |
}
|
| 210 |
222 |
} else {
|
| 211 |
223 |
util.debugMessage("User not found");
|
| 212 |
224 |
}
|
|
225 |
double totStopTime = System.currentTimeMillis();
|
|
226 |
System.out.println("total ldap authentication time: " +
|
|
227 |
(totStopTime - totStartTime)/1000 + " seconds");
|
| 213 |
228 |
return authenticated;
|
| 214 |
229 |
}
|
| 215 |
230 |
|
| ... | ... | |
| 234 |
249 |
util.debugMessage("setting referrals to: " + referral);
|
| 235 |
250 |
env.put(Context.REFERRAL, referral);
|
| 236 |
251 |
env.put(Context.PROVIDER_URL, ldapUrl + ldapBase);
|
| 237 |
|
// non-secure LDAP context; dn are publicly readable
|
| 238 |
|
// env.put(Context.SECURITY_PROTOCOL, "ssl");
|
| 239 |
|
|
|
252 |
// non-secure LDAP context; dn are publicly readable
|
|
253 |
// env.put(Context.SECURITY_PROTOCOL, "ssl");
|
| 240 |
254 |
try {
|
| 241 |
|
|
|
255 |
|
| 242 |
256 |
// Bind to the LDAP server, in order to search for the right
|
| 243 |
257 |
// distinguished name (dn) based on userid (uid) or common name (cn)
|
| 244 |
258 |
DirContext ctx = new InitialDirContext(env);
|
| 245 |
|
|
| 246 |
259 |
SearchControls ctls = new SearchControls();
|
| 247 |
260 |
ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
|
| 248 |
|
|
| 249 |
261 |
// Search for the user id or name using the uid, then cn and sn attributes
|
| 250 |
262 |
// If we find a record, determine the dn for the record
|
| 251 |
|
util.debugMessage("\nStarting search phase...\n");
|
|
263 |
//System.out.println("Starting search phase...");
|
| 252 |
264 |
|
| 253 |
265 |
String filter = "(" + user + ")";
|
| 254 |
266 |
NamingEnumeration answer;
|
| ... | ... | |
| 267 |
279 |
return identifier;
|
| 268 |
280 |
}
|
| 269 |
281 |
} catch (InvalidSearchFilterException e) {}
|
| 270 |
|
|
| 271 |
282 |
filter = "(uid=" + user + ")";
|
| 272 |
283 |
answer = ctx.search("", filter, ctls);
|
| 273 |
284 |
if (answer.hasMore()) {
|
| ... | ... | |
| 322 |
333 |
throw new NamingException(
|
| 323 |
334 |
"Naming exception in AuthLdap.getIdentifyingName: " + e);
|
| 324 |
335 |
}
|
| 325 |
|
|
| 326 |
|
//System.out.println("context: " + identifier);
|
| 327 |
336 |
return identifier;
|
| 328 |
337 |
}
|
| 329 |
338 |
|
| ... | ... | |
| 609 |
618 |
env.put(Context.PROVIDER_URL, ldapUrl + ldapBase);
|
| 610 |
619 |
|
| 611 |
620 |
try {
|
| 612 |
|
|
| 613 |
621 |
// Create the initial directory context
|
| 614 |
622 |
DirContext ctx = new InitialDirContext(env);
|
| 615 |
|
|
| 616 |
623 |
// Specify the ids of the attributes to return
|
| 617 |
624 |
String[] attrIDs = {"cn"};
|
| 618 |
625 |
|
| ... | ... | |
| 620 |
627 |
// Groups are objects with attribute objectclass=groupofuniquenames.
|
| 621 |
628 |
Attributes matchAttrs = new BasicAttributes(true); // ignore case
|
| 622 |
629 |
matchAttrs.put(new BasicAttribute("objectclass", "groupofuniquenames"));
|
| 623 |
|
|
| 624 |
630 |
// Search for objects in the current context
|
| 625 |
631 |
NamingEnumeration enum = ctx.search("", matchAttrs, attrIDs);
|
| 626 |
632 |
|
| ... | ... | |
| 668 |
674 |
"com.sun.jndi.ldap.LdapCtxFactory");
|
| 669 |
675 |
env.put(Context.REFERRAL, referral);
|
| 670 |
676 |
env.put(Context.PROVIDER_URL, ldapUrl + ldapBase);
|
| 671 |
|
|
| 672 |
677 |
try {
|
| 673 |
678 |
|
| 674 |
679 |
// Create the initial directory context
|
| 675 |
680 |
DirContext ctx = new InitialDirContext(env);
|
| 676 |
|
|
| 677 |
681 |
// Specify the ids of the attributes to return
|
| 678 |
682 |
String[] attrIDs = {"cn"};
|
| 679 |
|
|
| 680 |
683 |
// Specify the attributes to match.
|
| 681 |
684 |
// Groups are objects with attribute objectclass=groupofuniquenames.
|
| 682 |
685 |
// and have attribute uniquemember: uid=foruser,ldapbase.
|
| 683 |
686 |
Attributes matchAttrs = new BasicAttributes(true); // ignore case
|
| 684 |
687 |
matchAttrs.put(new BasicAttribute("objectclass", "groupofuniquenames"));
|
| 685 |
|
String dn = getIdentifyingName(foruser, ldapUrl, ldapBase);
|
| 686 |
|
// System.out.println("Identifying Name: " + dn);
|
|
688 |
String dn = user;/*getIdentifyingName(foruser, ldapUrl, ldapBase);*/
|
| 687 |
689 |
matchAttrs.put(new BasicAttribute("uniquemember",dn+","+ldapBase));
|
| 688 |
690 |
// Search for objects in the current context
|
| 689 |
691 |
NamingEnumeration enum = ctx.search("", matchAttrs, attrIDs);
|
| 690 |
|
|
| 691 |
692 |
// Print the users
|
| 692 |
693 |
Vector uvec = new Vector();
|
| 693 |
694 |
while (enum.hasMore()) {
|
| ... | ... | |
| 841 |
842 |
Attribute attr = (Attribute)enum1.next();
|
| 842 |
843 |
String attrValue = (String)attr.get();
|
| 843 |
844 |
String attrName = (String)attr.getID();
|
| 844 |
|
System.out.println(attrName + "=" + attrValue);
|
|
845 |
//System.out.println(attrName + "=" + attrValue);
|
| 845 |
846 |
if ( enum1.hasMore() ) {
|
| 846 |
847 |
attr = (Attribute)enum1.next();
|
| 847 |
848 |
String refValue = (String)attr.get();
|
| 848 |
849 |
String refName = (String)attr.getID();
|
| 849 |
|
System.out.println(refName + "=" + refValue);
|
|
850 |
//System.out.println(refName + "=" + refValue);
|
| 850 |
851 |
if ( ldapBase.startsWith(refName + "=" + refValue) ) {
|
| 851 |
852 |
trees.put(ldapBase,
|
| 852 |
853 |
attrValue.substring(0,attrValue.lastIndexOf("/")+1) );
|
| ... | ... | |
| 854 |
855 |
trees.put(refName + "=" + refValue + "," + ldapBase,
|
| 855 |
856 |
attrValue.substring(0,attrValue.lastIndexOf("/")+1) );
|
| 856 |
857 |
}
|
| 857 |
|
System.out.println("REFERRAL:" + attrValue);
|
|
858 |
//System.out.println("REFERRAL:" + attrValue);
|
| 858 |
859 |
} else if ( ldapBase.startsWith(attrName + "=" + attrValue) ) {
|
| 859 |
860 |
trees.put(ldapBase, ldapUrl);
|
| 860 |
861 |
} else {
|
| 861 |
862 |
trees.put(attrName + "=" + attrValue + "," + ldapBase, ldapUrl);
|
| 862 |
|
System.out.println(ldapUrl + attrName + "=" + attrValue + "," + ldapBase);
|
|
863 |
//System.out.println(ldapUrl + attrName + "=" + attrValue + "," + ldapBase);
|
| 863 |
864 |
}
|
| 864 |
865 |
}
|
| 865 |
866 |
}
|
| ... | ... | |
| 873 |
874 |
"Problem getting subtrees in AuthLdap.getSubtrees:" + e);
|
| 874 |
875 |
}
|
| 875 |
876 |
|
| 876 |
|
System.out.println("number of subtrees:" + trees.size());
|
|
877 |
//System.out.println("number of subtrees:" + trees.size());
|
| 877 |
878 |
return trees;
|
| 878 |
879 |
}
|
| 879 |
880 |
|
fixed the error where the ldap authenticate took 15 seconds to execute