Revision 867
Added by berkley over 22 years ago
AuthLdap.java | ||
---|---|---|
90 | 90 |
public boolean authenticate(String user, String password) |
91 | 91 |
throws ConnectException |
92 | 92 |
{ |
93 |
System.out.println("ldap authenticating"); |
|
93 |
//System.out.println("ldap authenticating");
|
|
94 | 94 |
String ldapUrl = this.ldapUrl; |
95 | 95 |
String ldapsUrl = this.ldapsUrl; |
96 | 96 |
String ldapBase = this.ldapBase; |
... | ... | |
105 | 105 |
// if not found, try looking up a valid DN then auth again |
106 | 106 |
if (!authenticated) { |
107 | 107 |
identifier = getIdentifyingName(identifier,ldapUrl,ldapBase); |
108 |
System.out.println(ldapsUrl + identifier + "," + ldapBase); |
|
109 | 108 |
authenticated = ldapAuthenticate(identifier+","+ldapBase, password); |
110 | 109 |
} |
111 | 110 |
|
... | ... | |
137 | 136 |
private boolean ldapAuthenticate(String identifier, String password) |
138 | 137 |
throws ConnectException, NamingException, NullPointerException |
139 | 138 |
{ |
139 |
double totStartTime = System.currentTimeMillis(); |
|
140 | 140 |
boolean authenticated = false; |
141 | 141 |
if (identifier != null && !password.equals("")) { |
142 | 142 |
|
... | ... | |
145 | 145 |
env.put(Context.INITIAL_CONTEXT_FACTORY, |
146 | 146 |
"com.sun.jndi.ldap.LdapCtxFactory"); |
147 | 147 |
|
148 |
System.out.println("referral: " + referral); |
|
148 |
//System.out.println("referral: " + referral);
|
|
149 | 149 |
// Now that we have the dn, we can authenticate, so |
150 | 150 |
// authenticate this time when opening the DirContext |
151 | 151 |
env.put(Context.REFERRAL, "throw"); |
152 |
System.out.println("ldapsUrl: " + ldapsUrl + " ldapBase: " + ldapBase); |
|
152 |
/*CB: Note that the above env.put statement does not use the referral |
|
153 |
variable. it is hard coded to 'throw'. Matt: Is it ok to do this |
|
154 |
only here and not in every method? |
|
155 |
*/ |
|
156 |
//System.out.println("ldapsUrl: " + ldapsUrl + " ldapBase: " + ldapBase); |
|
153 | 157 |
env.put(Context.PROVIDER_URL, ldapsUrl + ldapBase); |
154 | 158 |
if ( !ldapsUrl.equals(ldapUrl) ) { |
155 | 159 |
// ldap is set on default port 389 |
... | ... | |
158 | 162 |
} |
159 | 163 |
env.put(Context.SECURITY_AUTHENTICATION, "simple"); |
160 | 164 |
env.put(Context.SECURITY_PRINCIPAL, identifier); |
161 |
System.out.println("Trying DN: " + identifier); |
|
165 |
//System.out.println("Trying DN: " + identifier);
|
|
162 | 166 |
env.put(Context.SECURITY_CREDENTIALS, password); |
163 | 167 |
// If our auth credentials are invalid, an exception will be thrown |
164 | 168 |
DirContext ctx = null; |
... | ... | |
170 | 174 |
// StartTlsResponse tls = |
171 | 175 |
// (StartTlsResponse)ctx.extendedOperation(new StartTlsRequest()); |
172 | 176 |
// tls.negotiate(); |
173 |
|
|
174 | 177 |
double stopTime = System.currentTimeMillis(); |
175 | 178 |
System.out.println("Connection time thru " + ldapsUrl + " was: " + |
176 | 179 |
(stopTime-startTime)/1000 + " seconds."); |
... | ... | |
191 | 194 |
} catch (javax.naming.InvalidNameException ine) { |
192 | 195 |
System.out.println("An invalid DN was provided!"); |
193 | 196 |
} catch(javax.naming.ReferralException re) { |
194 |
System.out.println("referral to : " + re.getReferralInfo().toString()); |
|
197 |
System.out.println("referral to : " + re.getReferralInfo().toString());
|
|
195 | 198 |
try |
196 | 199 |
{ |
197 | 200 |
/* |
198 | 201 |
Matt, I think this is right but I'm not sure...please check me to make |
199 | 202 |
sure I didn't do something wrong here. |
200 | 203 |
*/ |
204 |
double refStartTime = System.currentTimeMillis(); |
|
201 | 205 |
Context refctx = re.getReferralContext(env); |
202 | 206 |
authenticated = true; |
207 |
refctx.close(); |
|
208 |
this.ldapUrl = ldapUrl; |
|
209 |
this.ldapBase = ldapBase; |
|
210 |
double refStopTime = System.currentTimeMillis(); |
|
211 |
System.out.println("total referral time: " + |
|
212 |
(refStopTime - refStartTime)/1000 + " seconds"); |
|
203 | 213 |
} |
204 | 214 |
catch(Exception e) |
205 | 215 |
{ |
206 |
System.out.println("Error with referral to : " + re.getReferralInfo().toString()); |
|
216 |
System.out.println("Error with referral to : " + |
|
217 |
re.getReferralInfo().toString()); |
|
218 |
authenticated = false; |
|
207 | 219 |
} |
208 | 220 |
|
209 | 221 |
} |
210 | 222 |
} else { |
211 | 223 |
util.debugMessage("User not found"); |
212 | 224 |
} |
225 |
double totStopTime = System.currentTimeMillis(); |
|
226 |
System.out.println("total ldap authentication time: " + |
|
227 |
(totStopTime - totStartTime)/1000 + " seconds"); |
|
213 | 228 |
return authenticated; |
214 | 229 |
} |
215 | 230 |
|
... | ... | |
234 | 249 |
util.debugMessage("setting referrals to: " + referral); |
235 | 250 |
env.put(Context.REFERRAL, referral); |
236 | 251 |
env.put(Context.PROVIDER_URL, ldapUrl + ldapBase); |
237 |
// non-secure LDAP context; dn are publicly readable |
|
238 |
// env.put(Context.SECURITY_PROTOCOL, "ssl"); |
|
239 |
|
|
252 |
// non-secure LDAP context; dn are publicly readable |
|
253 |
// env.put(Context.SECURITY_PROTOCOL, "ssl"); |
|
240 | 254 |
try { |
241 |
|
|
255 |
|
|
242 | 256 |
// Bind to the LDAP server, in order to search for the right |
243 | 257 |
// distinguished name (dn) based on userid (uid) or common name (cn) |
244 | 258 |
DirContext ctx = new InitialDirContext(env); |
245 |
|
|
246 | 259 |
SearchControls ctls = new SearchControls(); |
247 | 260 |
ctls.setSearchScope(SearchControls.SUBTREE_SCOPE); |
248 |
|
|
249 | 261 |
// Search for the user id or name using the uid, then cn and sn attributes |
250 | 262 |
// If we find a record, determine the dn for the record |
251 |
util.debugMessage("\nStarting search phase...\n");
|
|
263 |
//System.out.println("Starting search phase...");
|
|
252 | 264 |
|
253 | 265 |
String filter = "(" + user + ")"; |
254 | 266 |
NamingEnumeration answer; |
... | ... | |
267 | 279 |
return identifier; |
268 | 280 |
} |
269 | 281 |
} catch (InvalidSearchFilterException e) {} |
270 |
|
|
271 | 282 |
filter = "(uid=" + user + ")"; |
272 | 283 |
answer = ctx.search("", filter, ctls); |
273 | 284 |
if (answer.hasMore()) { |
... | ... | |
322 | 333 |
throw new NamingException( |
323 | 334 |
"Naming exception in AuthLdap.getIdentifyingName: " + e); |
324 | 335 |
} |
325 |
|
|
326 |
//System.out.println("context: " + identifier); |
|
327 | 336 |
return identifier; |
328 | 337 |
} |
329 | 338 |
|
... | ... | |
609 | 618 |
env.put(Context.PROVIDER_URL, ldapUrl + ldapBase); |
610 | 619 |
|
611 | 620 |
try { |
612 |
|
|
613 | 621 |
// Create the initial directory context |
614 | 622 |
DirContext ctx = new InitialDirContext(env); |
615 |
|
|
616 | 623 |
// Specify the ids of the attributes to return |
617 | 624 |
String[] attrIDs = {"cn"}; |
618 | 625 |
|
... | ... | |
620 | 627 |
// Groups are objects with attribute objectclass=groupofuniquenames. |
621 | 628 |
Attributes matchAttrs = new BasicAttributes(true); // ignore case |
622 | 629 |
matchAttrs.put(new BasicAttribute("objectclass", "groupofuniquenames")); |
623 |
|
|
624 | 630 |
// Search for objects in the current context |
625 | 631 |
NamingEnumeration enum = ctx.search("", matchAttrs, attrIDs); |
626 | 632 |
|
... | ... | |
668 | 674 |
"com.sun.jndi.ldap.LdapCtxFactory"); |
669 | 675 |
env.put(Context.REFERRAL, referral); |
670 | 676 |
env.put(Context.PROVIDER_URL, ldapUrl + ldapBase); |
671 |
|
|
672 | 677 |
try { |
673 | 678 |
|
674 | 679 |
// Create the initial directory context |
675 | 680 |
DirContext ctx = new InitialDirContext(env); |
676 |
|
|
677 | 681 |
// Specify the ids of the attributes to return |
678 | 682 |
String[] attrIDs = {"cn"}; |
679 |
|
|
680 | 683 |
// Specify the attributes to match. |
681 | 684 |
// Groups are objects with attribute objectclass=groupofuniquenames. |
682 | 685 |
// and have attribute uniquemember: uid=foruser,ldapbase. |
683 | 686 |
Attributes matchAttrs = new BasicAttributes(true); // ignore case |
684 | 687 |
matchAttrs.put(new BasicAttribute("objectclass", "groupofuniquenames")); |
685 |
String dn = getIdentifyingName(foruser, ldapUrl, ldapBase); |
|
686 |
// System.out.println("Identifying Name: " + dn); |
|
688 |
String dn = user;/*getIdentifyingName(foruser, ldapUrl, ldapBase);*/ |
|
687 | 689 |
matchAttrs.put(new BasicAttribute("uniquemember",dn+","+ldapBase)); |
688 | 690 |
// Search for objects in the current context |
689 | 691 |
NamingEnumeration enum = ctx.search("", matchAttrs, attrIDs); |
690 |
|
|
691 | 692 |
// Print the users |
692 | 693 |
Vector uvec = new Vector(); |
693 | 694 |
while (enum.hasMore()) { |
... | ... | |
841 | 842 |
Attribute attr = (Attribute)enum1.next(); |
842 | 843 |
String attrValue = (String)attr.get(); |
843 | 844 |
String attrName = (String)attr.getID(); |
844 |
System.out.println(attrName + "=" + attrValue); |
|
845 |
//System.out.println(attrName + "=" + attrValue);
|
|
845 | 846 |
if ( enum1.hasMore() ) { |
846 | 847 |
attr = (Attribute)enum1.next(); |
847 | 848 |
String refValue = (String)attr.get(); |
848 | 849 |
String refName = (String)attr.getID(); |
849 |
System.out.println(refName + "=" + refValue); |
|
850 |
//System.out.println(refName + "=" + refValue);
|
|
850 | 851 |
if ( ldapBase.startsWith(refName + "=" + refValue) ) { |
851 | 852 |
trees.put(ldapBase, |
852 | 853 |
attrValue.substring(0,attrValue.lastIndexOf("/")+1) ); |
... | ... | |
854 | 855 |
trees.put(refName + "=" + refValue + "," + ldapBase, |
855 | 856 |
attrValue.substring(0,attrValue.lastIndexOf("/")+1) ); |
856 | 857 |
} |
857 |
System.out.println("REFERRAL:" + attrValue); |
|
858 |
//System.out.println("REFERRAL:" + attrValue);
|
|
858 | 859 |
} else if ( ldapBase.startsWith(attrName + "=" + attrValue) ) { |
859 | 860 |
trees.put(ldapBase, ldapUrl); |
860 | 861 |
} else { |
861 | 862 |
trees.put(attrName + "=" + attrValue + "," + ldapBase, ldapUrl); |
862 |
System.out.println(ldapUrl + attrName + "=" + attrValue + "," + ldapBase); |
|
863 |
//System.out.println(ldapUrl + attrName + "=" + attrValue + "," + ldapBase);
|
|
863 | 864 |
} |
864 | 865 |
} |
865 | 866 |
} |
... | ... | |
873 | 874 |
"Problem getting subtrees in AuthLdap.getSubtrees:" + e); |
874 | 875 |
} |
875 | 876 |
|
876 |
System.out.println("number of subtrees:" + trees.size()); |
|
877 |
//System.out.println("number of subtrees:" + trees.size());
|
|
877 | 878 |
return trees; |
878 | 879 |
} |
879 | 880 |
|
Also available in: Unified diff
fixed the error where the ldap authenticate took 15 seconds to execute