Revision 868
Added by berkley about 23 years ago
| src/edu/ucsb/nceas/metacat/AuthLdap.java | ||
|---|---|---|
| 45 | 45 |
import javax.naming.directory.InitialDirContext; |
| 46 | 46 |
import javax.naming.directory.SearchResult; |
| 47 | 47 |
import javax.naming.directory.SearchControls; |
| 48 |
import javax.naming.ReferralException; |
|
| 48 | 49 |
import javax.naming.ldap.*; |
| 49 | 50 |
import java.util.Iterator; |
| 50 | 51 |
import java.util.HashMap; |
| ... | ... | |
| 90 | 91 |
public boolean authenticate(String user, String password) |
| 91 | 92 |
throws ConnectException |
| 92 | 93 |
{
|
| 93 |
//System.out.println("ldap authenticating");
|
|
| 94 |
System.out.println("ldap authenticating");
|
|
| 94 | 95 |
String ldapUrl = this.ldapUrl; |
| 95 | 96 |
String ldapsUrl = this.ldapsUrl; |
| 96 | 97 |
String ldapBase = this.ldapBase; |
| ... | ... | |
| 148 | 149 |
//System.out.println("referral: " + referral);
|
| 149 | 150 |
// Now that we have the dn, we can authenticate, so |
| 150 | 151 |
// authenticate this time when opening the DirContext |
| 152 |
//System.out.println("referral=throw");
|
|
| 151 | 153 |
env.put(Context.REFERRAL, "throw"); |
| 152 | 154 |
/*CB: Note that the above env.put statement does not use the referral |
| 153 | 155 |
variable. it is hard coded to 'throw'. Matt: Is it ok to do this |
| ... | ... | |
| 191 | 193 |
if ( ctx != null ) {
|
| 192 | 194 |
ctx.close(); |
| 193 | 195 |
} |
| 194 |
} catch (javax.naming.InvalidNameException ine) {
|
|
| 196 |
} |
|
| 197 |
catch (javax.naming.InvalidNameException ine) |
|
| 198 |
{
|
|
| 195 | 199 |
System.out.println("An invalid DN was provided!");
|
| 196 |
} catch(javax.naming.ReferralException re) {
|
|
| 197 |
System.out.println("referral to : " + re.getReferralInfo().toString());
|
|
| 198 |
try |
|
| 199 |
{
|
|
| 200 |
/* |
|
| 201 |
Matt, I think this is right but I'm not sure...please check me to make |
|
| 202 |
sure I didn't do something wrong here. |
|
| 203 |
*/ |
|
| 204 |
double refStartTime = System.currentTimeMillis(); |
|
| 205 |
Context refctx = re.getReferralContext(env); |
|
| 206 |
authenticated = true; |
|
| 207 |
refctx.close(); |
|
| 208 |
this.ldapUrl = ldapUrl; |
|
| 209 |
this.ldapBase = ldapBase; |
|
| 210 |
double refStopTime = System.currentTimeMillis(); |
|
| 211 |
System.out.println("total referral time: " +
|
|
| 212 |
(refStopTime - refStartTime)/1000 + " seconds"); |
|
| 213 |
} |
|
| 214 |
catch(Exception e) |
|
| 215 |
{
|
|
| 216 |
System.out.println("Error with referral to : " +
|
|
| 217 |
re.getReferralInfo().toString()); |
|
| 218 |
authenticated = false; |
|
| 219 |
} |
|
| 220 |
|
|
| 221 |
} |
|
| 200 |
} |
|
| 201 |
catch(javax.naming.ReferralException re) |
|
| 202 |
{
|
|
| 203 |
try |
|
| 204 |
{
|
|
| 205 |
Context c = handleReferral(env, re); |
|
| 206 |
authenticated = true; |
|
| 207 |
} |
|
| 208 |
catch(Exception e) |
|
| 209 |
{
|
|
| 210 |
authenticated = false; |
|
| 211 |
} |
|
| 212 |
} |
|
| 222 | 213 |
} else {
|
| 223 | 214 |
util.debugMessage("User not found");
|
| 224 | 215 |
} |
| ... | ... | |
| 227 | 218 |
(totStopTime - totStartTime)/1000 + " seconds"); |
| 228 | 219 |
return authenticated; |
| 229 | 220 |
} |
| 221 |
|
|
| 222 |
/** |
|
| 223 |
* handles a referral exception. this method should be called from |
|
| 224 |
* within the catch statement of a ReferralException |
|
| 225 |
*/ |
|
| 226 |
private Context handleReferral(Hashtable env, ReferralException re) |
|
| 227 |
throws Exception |
|
| 228 |
{
|
|
| 229 |
System.out.println("referral to : " + re.getReferralInfo().toString());
|
|
| 230 |
boolean referralSuccess = false; |
|
| 231 |
while(referralSuccess != true) |
|
| 232 |
{
|
|
| 233 |
try |
|
| 234 |
{
|
|
| 235 |
/* |
|
| 236 |
Matt, I think this is right but I'm not sure...please check me to make |
|
| 237 |
sure I didn't do something wrong here. |
|
| 238 |
*/ |
|
| 239 |
double refStartTime = System.currentTimeMillis(); |
|
| 240 |
Context refctx = re.getReferralContext(env); |
|
| 241 |
referralSuccess = true; |
|
| 242 |
refctx.close(); |
|
| 243 |
this.ldapUrl = ldapUrl; |
|
| 244 |
this.ldapBase = ldapBase; |
|
| 245 |
double refStopTime = System.currentTimeMillis(); |
|
| 246 |
System.out.println("total referral time: " +
|
|
| 247 |
(refStopTime - refStartTime)/1000 + " seconds"); |
|
| 248 |
return refctx; |
|
| 249 |
} |
|
| 250 |
catch(ReferralException e) |
|
| 251 |
{
|
|
| 252 |
System.out.println("Referring to: " +
|
|
| 253 |
re.getReferralInfo().toString()); |
|
| 254 |
} |
|
| 255 |
catch(Exception e) |
|
| 256 |
{
|
|
| 257 |
throw e; |
|
| 258 |
} |
|
| 259 |
} |
|
| 260 |
return null; //this should never get called |
|
| 261 |
} |
|
| 230 | 262 |
|
| 231 | 263 |
/** |
| 232 | 264 |
* Get the identifying name for a given userid or name. This is the name |
| ... | ... | |
| 652 | 684 |
ctx.close(); |
| 653 | 685 |
|
| 654 | 686 |
} catch (NamingException e) {
|
| 655 |
System.err.println("Problem getting groups in AuthLdap.getGroups:" + e);
|
|
| 687 |
System.err.println("Problem getting groups in AuthLdap.getGroups 1:" + e);
|
|
| 656 | 688 |
throw new ConnectException( |
| 657 | 689 |
"Problem getting groups in AuthLdap.getGroups:" + e); |
| 658 | 690 |
} |
| ... | ... | |
| 666 | 698 |
public String[] getGroups(String user, String password, String foruser) |
| 667 | 699 |
throws ConnectException |
| 668 | 700 |
{
|
| 701 |
//System.err.println("GG in get groups 2");
|
|
| 669 | 702 |
String[] groups = null; |
| 670 | 703 |
|
| 671 | 704 |
// Identify service provider to use |
| ... | ... | |
| 673 | 706 |
env.put(Context.INITIAL_CONTEXT_FACTORY, |
| 674 | 707 |
"com.sun.jndi.ldap.LdapCtxFactory"); |
| 675 | 708 |
env.put(Context.REFERRAL, referral); |
| 709 |
//System.out.println("GG server: " + ldapUrl + ldapBase);
|
|
| 676 | 710 |
env.put(Context.PROVIDER_URL, ldapUrl + ldapBase); |
| 677 | 711 |
try {
|
| 678 | 712 |
|
| ... | ... | |
| 683 | 717 |
// Specify the attributes to match. |
| 684 | 718 |
// Groups are objects with attribute objectclass=groupofuniquenames. |
| 685 | 719 |
// and have attribute uniquemember: uid=foruser,ldapbase. |
| 686 |
Attributes matchAttrs = new BasicAttributes(true); // ignore case |
|
| 687 |
matchAttrs.put(new BasicAttribute("objectclass", "groupofuniquenames"));
|
|
| 720 |
Attributes matchAttrs = new BasicAttributes(); // ignore case |
|
| 721 |
matchAttrs.put(new BasicAttribute("objectClass", "groupOfUniqueNames"));
|
|
| 722 |
//System.out.println("GG user: " + user);
|
|
| 723 |
//System.out.println("GG foruser: " + foruser);
|
|
| 688 | 724 |
String dn = user;/*getIdentifyingName(foruser, ldapUrl, ldapBase);*/ |
| 689 |
matchAttrs.put(new BasicAttribute("uniquemember",dn+","+ldapBase));
|
|
| 725 |
//System.out.println("GG dn: " + dn);
|
|
| 726 |
matchAttrs.put(new BasicAttribute("uniqueMember", dn));
|
|
| 690 | 727 |
// Search for objects in the current context |
| 728 |
//System.out.println("GG matchAttrs: " + matchAttrs.toString());
|
|
| 691 | 729 |
NamingEnumeration enum = ctx.search("", matchAttrs, attrIDs);
|
| 692 | 730 |
// Print the users |
| 693 | 731 |
Vector uvec = new Vector(); |
| 694 | 732 |
while (enum.hasMore()) {
|
| 733 |
//System.out.println("GG search result found");
|
|
| 695 | 734 |
SearchResult sr = (SearchResult)enum.next(); |
| 696 | 735 |
Attributes attrs = sr.getAttributes(); |
| 697 | 736 |
NamingEnumeration enum1 = attrs.getAll(); // only "cn" attr |
| ... | ... | |
| 702 | 741 |
} |
| 703 | 742 |
|
| 704 | 743 |
// initialize groups[] and fill it |
| 744 |
//System.out.println("GG getting groups: " + uvec.size());
|
|
| 705 | 745 |
groups = new String[uvec.size()]; |
| 706 | 746 |
for (int i=0; i < uvec.size(); i++) {
|
| 747 |
//System.out.println("GG group: " + groups[i]);
|
|
| 707 | 748 |
groups[i] = (String)uvec.elementAt(i); |
| 708 | 749 |
} |
| 709 | 750 |
|
| ... | ... | |
| 711 | 752 |
ctx.close(); |
| 712 | 753 |
|
| 713 | 754 |
} catch (NamingException e) {
|
| 714 |
System.err.println("Problem getting groups in AuthLdap.getGroups:" + e);
|
|
| 755 |
System.err.println("Problem getting groups in AuthLdap.getGroups 2:" + e);
|
|
| 756 |
e.printStackTrace(System.err); |
|
| 715 | 757 |
throw new ConnectException( |
| 716 | 758 |
"Problem getting groups for a user in AuthLdap.getGroups:" + e); |
| 717 | 759 |
} |
| 718 |
|
|
| 719 | 760 |
return groups; |
| 720 | 761 |
} |
| 721 | 762 |
|
Also available in: Unified diff
fixed referral catching mechanism in authLdap.ldapAuthenticate() so that it will refer through a bunch of linked servers instead of just one....I still haven't figured out why the getGroups method wont work.