Revision 893
Added by berkley over 22 years ago
| src/edu/ucsb/nceas/metacat/AuthLdap.java | ||
|---|---|---|
| 61 | 61 |
* The LDAP authentication service is used to determine if a user |
| 62 | 62 |
* is authenticated, and whether they are a member of a particular group. |
| 63 | 63 |
*/ |
| 64 |
public class AuthLdap implements AuthInterface {
|
|
| 64 |
public class AuthLdap implements AuthInterface, Runnable {
|
|
| 65 | 65 |
|
| 66 | 66 |
private MetaCatUtil util = new MetaCatUtil(); |
| 67 | 67 |
private String ldapUrl; |
| 68 | 68 |
private String ldapsUrl; |
| 69 | 69 |
private String ldapBase; |
| 70 | 70 |
private String referral; |
| 71 |
private Context referralContext; |
|
| 72 |
Hashtable env = new Hashtable(11); |
|
| 73 |
private Context rContext; |
|
| 74 |
ReferralException refExc; |
|
| 71 | 75 |
|
| 72 | 76 |
/** |
| 73 | 77 |
* Construct an AuthLdap |
| ... | ... | |
| 203 | 207 |
} |
| 204 | 208 |
catch(javax.naming.ReferralException re) |
| 205 | 209 |
{
|
| 206 |
try |
|
| 210 |
System.out.println("referral during authentication");
|
|
| 211 |
try |
|
| 207 | 212 |
{
|
| 208 |
Context c = handleReferral(env, re); |
|
| 209 |
authenticated = true; |
|
| 213 |
refExc = re; |
|
| 214 |
Thread t = new Thread(this); |
|
| 215 |
System.out.println("Starting thread...");
|
|
| 216 |
t.start(); |
|
| 217 |
System.out.println("sleeping for 5 seconds.");
|
|
| 218 |
Thread.sleep(5000); //this is a manual override of ldap's hideously long time |
|
| 219 |
//out period. |
|
| 220 |
System.out.println("Awake after 5 seconds.");
|
|
| 221 |
if(referralContext == null) |
|
| 222 |
{
|
|
| 223 |
System.out.println("killing thread....not authenticated.");
|
|
| 224 |
t.interrupt(); |
|
| 225 |
System.out.println("thread killed.");
|
|
| 226 |
authenticated = false; |
|
| 227 |
} |
|
| 228 |
else |
|
| 229 |
{
|
|
| 230 |
//Context c = handleReferral(env, re.getReferralContext(env)); |
|
| 231 |
authenticated = true; |
|
| 232 |
} |
|
| 210 | 233 |
} |
| 211 | 234 |
catch(Exception e) |
| 212 | 235 |
{
|
| ... | ... | |
| 226 | 249 |
* handles a referral exception. this method should be called from |
| 227 | 250 |
* within the catch statement of a ReferralException |
| 228 | 251 |
*/ |
| 229 |
private Context handleReferral(Hashtable env, ReferralException re)
|
|
| 230 |
throws Exception
|
|
| 252 |
private Context handleReferral(Hashtable env, Context rContext) throws
|
|
| 253 |
Exception
|
|
| 231 | 254 |
{
|
| 232 |
System.out.println("referral to : " + re.getReferralInfo().toString());
|
|
| 255 |
System.out.println("referral to : " + rContext.toString());
|
|
| 233 | 256 |
boolean referralSuccess = false; |
| 234 | 257 |
while(referralSuccess != true) |
| 235 | 258 |
{
|
| ... | ... | |
| 240 | 263 |
sure I didn't do something wrong here. |
| 241 | 264 |
*/ |
| 242 | 265 |
double refStartTime = System.currentTimeMillis(); |
| 243 |
Context refctx = re.getReferralContext(env);
|
|
| 266 |
Context refctx = rContext;
|
|
| 244 | 267 |
referralSuccess = true; |
| 245 | 268 |
refctx.close(); |
| 246 | 269 |
this.ldapUrl = ldapUrl; |
| 247 | 270 |
this.ldapBase = ldapBase; |
| 248 | 271 |
double refStopTime = System.currentTimeMillis(); |
| 249 | 272 |
System.out.println("total referral time: " +
|
| 250 |
(refStopTime - refStartTime)/1000 + " seconds");
|
|
| 273 |
(refStopTime - refStartTime)/1000 + "seconds"); |
|
| 251 | 274 |
return refctx; |
| 252 | 275 |
} |
| 253 | 276 |
catch(ReferralException e) |
| 254 | 277 |
{
|
| 255 | 278 |
System.out.println("Referring to: " +
|
| 256 |
re.getReferralInfo().toString());
|
|
| 279 |
rContext.toString());
|
|
| 257 | 280 |
} |
| 258 | 281 |
catch(Exception e) |
| 259 | 282 |
{
|
| ... | ... | |
| 528 | 551 |
String[] groups = null; |
| 529 | 552 |
|
| 530 | 553 |
// Identify service provider to use |
| 531 |
Hashtable env = new Hashtable(11); |
|
| 532 | 554 |
env.put(Context.INITIAL_CONTEXT_FACTORY, |
| 533 | 555 |
"com.sun.jndi.ldap.LdapCtxFactory"); |
| 534 | 556 |
env.put(Context.REFERRAL, "throw"); |
| 535 | 557 |
env.put(Context.PROVIDER_URL, ldapUrl); |
| 536 | 558 |
try {
|
| 537 |
|
|
| 538 | 559 |
// Create the initial directory context |
| 539 | 560 |
DirContext ctx = new InitialDirContext(env); |
| 540 | 561 |
// Specify the ids of the attributes to return |
| ... | ... | |
| 576 | 597 |
System.out.println("caught a referral to " + re.toString());
|
| 577 | 598 |
try |
| 578 | 599 |
{
|
| 579 |
Context c = handleReferral(env, re); |
|
| 580 |
DirContext dc = (DirContext)c; |
|
| 600 |
refExc = re; |
|
| 601 |
Thread t = new Thread(this); |
|
| 602 |
System.out.println("Starting thread...");
|
|
| 603 |
t.start(); |
|
| 604 |
System.out.println("sleeping for 5 seconds.");
|
|
| 605 |
Thread.sleep(5000); //this is a manual override of ldap's hideously long time |
|
| 606 |
//out period. |
|
| 607 |
System.out.println("Awake after 5 seconds.");
|
|
| 608 |
if(referralContext == null) |
|
| 609 |
{
|
|
| 610 |
System.out.println("killing thread....returning null.");
|
|
| 611 |
t.interrupt(); |
|
| 612 |
System.out.println("thread killed.");
|
|
| 613 |
return null; |
|
| 614 |
} |
|
| 615 |
DirContext dc = (DirContext)referralContext; |
|
| 581 | 616 |
String[] attrIDs = {"cn"};
|
| 582 | 617 |
// Specify the attributes to match. |
| 583 | 618 |
// Groups are objects with attribute objectclass=groupofuniquenames. |
| ... | ... | |
| 607 | 642 |
for (int i=0; i < uvec.size(); i++) {
|
| 608 | 643 |
groups[i] = (String)uvec.elementAt(i); |
| 609 | 644 |
} |
| 610 |
c.close();
|
|
| 645 |
referralContext.close();
|
|
| 611 | 646 |
dc.close(); |
| 612 | 647 |
} |
| 613 | 648 |
catch(Exception e) |
| ... | ... | |
| 974 | 1009 |
System.err.println("I/O Error writing to file principals.txt");
|
| 975 | 1010 |
} |
| 976 | 1011 |
} |
| 1012 |
|
|
| 1013 |
public void run() |
|
| 1014 |
{
|
|
| 1015 |
referralContext = null; |
|
| 1016 |
try |
|
| 1017 |
{
|
|
| 1018 |
System.out.println("running thread....");
|
|
| 1019 |
rContext = refExc.getReferralContext(env); |
|
| 1020 |
referralContext = handleReferral(env, rContext); |
|
| 1021 |
System.out.println("exiting thread...");
|
|
| 1022 |
} |
|
| 1023 |
catch(Exception e) |
|
| 1024 |
{
|
|
| 1025 |
System.out.println("Error running referral handler thread: " +
|
|
| 1026 |
e.getMessage()); |
|
| 1027 |
e.printStackTrace(); |
|
| 1028 |
referralContext = null; |
|
| 1029 |
} |
|
| 1030 |
} |
|
| 977 | 1031 |
} |
Also available in: Unified diff
added a manual timeout to counteract the hideously long ldap time out that is encountered when a referred ldap server is down.