Revision 980
Added by berkley about 22 years ago
| AuthLdap.java | ||
|---|---|---|
| 66 | 66 |
private String ldapsUrl; |
| 67 | 67 |
private String ldapBase; |
| 68 | 68 |
private String referral; |
| 69 |
private Context referralContext; |
|
| 69 |
private DirContext referralContext;
|
|
| 70 | 70 |
Hashtable env = new Hashtable(11); |
| 71 | 71 |
private Context rContext; |
| 72 | 72 |
private String userName; |
| ... | ... | |
| 466 | 466 |
public String[] getGroups(String user, String password) |
| 467 | 467 |
throws ConnectException |
| 468 | 468 |
{
|
| 469 |
return getGroups(user, password, null);
|
|
| 469 |
return getGroups(user, password, user);
|
|
| 470 | 470 |
} |
| 471 | 471 |
|
| 472 | 472 |
/** |
| ... | ... | |
| 500 | 500 |
SearchControls ctls = new SearchControls(); |
| 501 | 501 |
ctls.setReturningAttributes(attrIDs); |
| 502 | 502 |
ctls.setSearchScope(SearchControls.SUBTREE_SCOPE); |
| 503 |
|
|
| 504 | 503 |
String filter = null; |
| 505 | 504 |
String gfilter = "(objectClass=groupOfUniqueNames)"; |
| 506 | 505 |
if (null == foruser) {
|
| ... | ... | |
| 508 | 507 |
} else {
|
| 509 | 508 |
filter = "(& " + gfilter + "(uniqueMember=" + foruser + "))"; |
| 510 | 509 |
} |
| 511 |
NamingEnumeration enum = ctx.search(ldapBase, filter, ctls); |
|
| 512 |
|
|
| 513 |
// Print the groups |
|
| 510 |
|
|
| 514 | 511 |
Vector uvec = new Vector(); |
| 515 |
while (enum.hasMore()) {
|
|
| 516 |
SearchResult sr = (SearchResult)enum.next(); |
|
| 517 |
uvec.add(sr.getName()+","+ldapBase); |
|
| 512 |
|
|
| 513 |
try |
|
| 514 |
{
|
|
| 515 |
NamingEnumeration enum = ctx.search(ldapBase, filter, ctls); |
|
| 516 |
// Print the groups |
|
| 517 |
while (enum.hasMore()) {
|
|
| 518 |
SearchResult sr = (SearchResult)enum.next(); |
|
| 519 |
uvec.addElement(sr.getName()+","+ldapBase); |
|
| 520 |
//System.out.println("result: " + sr.getName() + "," + ldapBase);
|
|
| 521 |
} |
|
| 518 | 522 |
} |
| 519 |
|
|
| 523 |
catch(ReferralException re) |
|
| 524 |
{
|
|
| 525 |
boolean moreReferrals = true; |
|
| 526 |
while(moreReferrals) |
|
| 527 |
{
|
|
| 528 |
//System.out.println("Referral: " + re.toString());
|
|
| 529 |
refExc = re; |
|
| 530 |
Thread t = new Thread(this); |
|
| 531 |
//System.out.println("Starting thread...");
|
|
| 532 |
t.start(); |
|
| 533 |
//System.out.println("sleeping for 7 seconds.");
|
|
| 534 |
try |
|
| 535 |
{
|
|
| 536 |
Thread.sleep(5000); |
|
| 537 |
} |
|
| 538 |
catch(java.lang.InterruptedException iee) |
|
| 539 |
{
|
|
| 540 |
//System.out.println("Main Program Sleep Interrupted");
|
|
| 541 |
} |
|
| 542 |
//this is a manual override of ldap's hideously long time |
|
| 543 |
//out period. |
|
| 544 |
//System.out.println("Awake after 5 seconds.");
|
|
| 545 |
if (referralContext == null) |
|
| 546 |
{
|
|
| 547 |
t.interrupt(); |
|
| 548 |
//System.out.println("!!!!!!!!thread interrupted!!!!!!!!!");
|
|
| 549 |
moreReferrals = false; |
|
| 550 |
} |
|
| 551 |
else |
|
| 552 |
{
|
|
| 553 |
try |
|
| 554 |
{
|
|
| 555 |
//System.out.println("searching...");
|
|
| 556 |
|
|
| 557 |
NamingEnumeration enum = referralContext.search(ldapBase, filter, ctls); |
|
| 558 |
//System.out.println("searching complete.");
|
|
| 559 |
while (enum.hasMore() && enum != null) {
|
|
| 560 |
SearchResult sr = (SearchResult)enum.next(); |
|
| 561 |
uvec.addElement(sr.getName()+","+ldapBase); |
|
| 562 |
//System.out.println("result: " + sr.getName() + "," + ldapBase);
|
|
| 563 |
} |
|
| 564 |
moreReferrals = false; |
|
| 565 |
} |
|
| 566 |
catch (ReferralException re2) |
|
| 567 |
{
|
|
| 568 |
moreReferrals=true; |
|
| 569 |
refExc=re2; |
|
| 570 |
} |
|
| 571 |
catch (AuthenticationException ae) |
|
| 572 |
{
|
|
| 573 |
util.debugMessage("Error running referral handler thread: " +
|
|
| 574 |
ae.getMessage()); |
|
| 575 |
//check if has another referral |
|
| 576 |
moreReferrals=refExc.skipReferral(); |
|
| 577 |
//don't get the context |
|
| 578 |
referralContext = null; |
|
| 579 |
} |
|
| 580 |
catch (NamingException ne) |
|
| 581 |
{
|
|
| 582 |
util.debugMessage("Error running referral handler thread: " +
|
|
| 583 |
ne.getMessage()); |
|
| 584 |
//check if has another referral |
|
| 585 |
moreReferrals=refExc.skipReferral(); |
|
| 586 |
//don't get context |
|
| 587 |
referralContext = null; |
|
| 588 |
} |
|
| 589 |
} |
|
| 590 |
} |
|
| 591 |
} |
|
| 520 | 592 |
|
| 521 | 593 |
// initialize groups[] and fill it |
| 522 | 594 |
groups = new String[uvec.size()]; |
| ... | ... | |
| 526 | 598 |
|
| 527 | 599 |
// Close the context when we're done |
| 528 | 600 |
ctx.close(); |
| 529 |
|
|
| 530 |
} catch (ReferralException re) {
|
|
| 531 |
try |
|
| 532 |
{
|
|
| 533 |
refExc = re; |
|
| 534 |
Thread t = new Thread(this); |
|
| 535 |
util.debugMessage("Starting thread...");
|
|
| 536 |
t.start(); |
|
| 537 |
util.debugMessage("sleeping for 5 seconds.");
|
|
| 538 |
Thread.sleep(5000); |
|
| 539 |
//this is a manual override of ldap's hideously long time |
|
| 540 |
//out period. |
|
| 541 |
util.debugMessage("Awake after 5 seconds.");
|
|
| 542 |
if (referralContext == null) |
|
| 543 |
{
|
|
| 544 |
t.interrupt(); |
|
| 545 |
return null; |
|
| 546 |
} |
|
| 547 |
DirContext dc = (DirContext)referralContext; |
|
| 548 |
String[] attrIDs = {"cn"};
|
|
| 549 |
// Specify the attributes to match. |
|
| 550 |
// Groups are objects with attribute objectclass=groupofuniquenames. |
|
| 551 |
// and have attribute uniquemember: uid=foruser,ldapbase. |
|
| 552 |
SearchControls ctls = new SearchControls(); |
|
| 553 |
ctls.setReturningAttributes(attrIDs); |
|
| 554 |
ctls.setSearchScope(SearchControls.SUBTREE_SCOPE); |
|
| 555 |
|
|
| 556 |
String filter = null; |
|
| 557 |
String gfilter = "(objectClass=groupOfUniqueNames)"; |
|
| 558 |
if (null == foruser) {
|
|
| 559 |
filter = gfilter; |
|
| 560 |
} else {
|
|
| 561 |
filter = "(& " + gfilter + "(uniqueMember=" + foruser + "))"; |
|
| 562 |
} |
|
| 563 |
NamingEnumeration enum = dc.search(ldapBase, filter, ctls); |
|
| 564 |
|
|
| 565 |
// Print the groups |
|
| 566 |
Vector uvec = new Vector(); |
|
| 567 |
while (enum.hasMore()) {
|
|
| 568 |
SearchResult sr = (SearchResult)enum.next(); |
|
| 569 |
uvec.add(sr.getName()+","+ldapBase); |
|
| 570 |
} |
|
| 571 |
|
|
| 572 |
// initialize groups[] and fill it |
|
| 573 |
groups = new String[uvec.size()]; |
|
| 574 |
for (int i=0; i < uvec.size(); i++) {
|
|
| 575 |
groups[i] = (String)uvec.elementAt(i); |
|
| 576 |
} |
|
| 577 |
referralContext.close(); |
|
| 578 |
dc.close(); |
|
| 579 |
} |
|
| 580 |
catch (Exception e) |
|
| 581 |
{
|
|
| 582 |
return groups; |
|
| 583 |
} |
|
| 584 |
} catch (NamingException e) {
|
|
| 601 |
} |
|
| 602 |
catch (NamingException e) |
|
| 603 |
{
|
|
| 585 | 604 |
e.printStackTrace(System.err); |
| 586 | 605 |
throw new ConnectException( |
| 587 | 606 |
"Problem getting groups for a user in AuthLdap.getGroups:" + e); |
| ... | ... | |
| 817 | 836 |
// Provide a user, such as: "Matt Jones", or "jones" |
| 818 | 837 |
String user = args[0]; |
| 819 | 838 |
String password = args[1]; |
| 839 |
String foruser = null; |
|
| 840 |
|
|
| 841 |
if(args.length == 3) |
|
| 842 |
foruser = args[2]; |
|
| 820 | 843 |
|
| 821 | 844 |
AuthLdap authservice = new AuthLdap(); |
| 822 | 845 |
|
| 823 | 846 |
|
| 824 | 847 |
boolean isValid = false; |
| 825 | 848 |
try {
|
| 849 |
System.out.println("authenticating user " + user);
|
|
| 826 | 850 |
isValid = authservice.authenticate(user, password); |
| 827 | 851 |
if (isValid) {
|
| 828 |
MetaCatUtil.debugMessage("Authentication successful for: " + user );
|
|
| 852 |
System.out.println("Authentication successful for: " + user );
|
|
| 829 | 853 |
} else {
|
| 830 |
MetaCatUtil.debugMessage("Authentication failed for: " + user);
|
|
| 854 |
System.out.println("Authentication failed for: " + user);
|
|
| 831 | 855 |
} |
| 832 | 856 |
|
| 833 | 857 |
// Get attributes for the user |
| 834 | 858 |
if (isValid) {
|
| 835 |
MetaCatUtil.debugMessage("\nGetting attributes for user....");
|
|
| 836 |
HashMap userInfo = authservice.getAttributes(user, password, user); |
|
| 859 |
System.out.println("\nGetting attributes for user....");
|
|
| 860 |
HashMap userInfo; |
|
| 861 |
if(foruser == null) |
|
| 862 |
{
|
|
| 863 |
userInfo = authservice.getAttributes(user, password, user); |
|
| 864 |
} |
|
| 865 |
else |
|
| 866 |
{
|
|
| 867 |
userInfo = authservice.getAttributes(user, password, foruser); |
|
| 868 |
} |
|
| 837 | 869 |
// Print all of the attributes |
| 838 | 870 |
Iterator attList = (Iterator)(((Set)userInfo.keySet()).iterator()); |
| 839 | 871 |
while (attList.hasNext()) {
|
| ... | ... | |
| 842 | 874 |
Iterator attvalues = values.iterator(); |
| 843 | 875 |
while (attvalues.hasNext()) {
|
| 844 | 876 |
String value = (String)attvalues.next(); |
| 845 |
MetaCatUtil.debugMessage(att + ": " + value);
|
|
| 877 |
System.out.println(att + ": " + value);
|
|
| 846 | 878 |
} |
| 847 | 879 |
} |
| 848 | 880 |
} |
| 849 | 881 |
|
| 850 | 882 |
// get the groups |
| 851 | 883 |
if (isValid) {
|
| 852 |
MetaCatUtil.debugMessage("\nGetting all groups....");
|
|
| 853 |
String[] groups = authservice.getGroups(user, password); |
|
| 854 |
MetaCatUtil.debugMessage("Groups found: " + groups.length);
|
|
| 884 |
System.out.println("\nGetting all groups....");
|
|
| 885 |
String[] groups; |
|
| 886 |
if(foruser == null) |
|
| 887 |
{
|
|
| 888 |
groups = authservice.getGroups(user, password); |
|
| 889 |
} |
|
| 890 |
else |
|
| 891 |
{
|
|
| 892 |
groups = authservice.getGroups(user, password, foruser); |
|
| 893 |
} |
|
| 894 |
System.out.println("Groups found: " + groups.length);
|
|
| 855 | 895 |
for (int i=0; i < groups.length; i++) {
|
| 856 |
MetaCatUtil.debugMessage("Group " + i + ": " + groups[i]);
|
|
| 896 |
System.out.println("Group " + i + ": " + groups[i]);
|
|
| 857 | 897 |
} |
| 858 | 898 |
} |
| 859 | 899 |
|
| 860 | 900 |
// get the groups for the user |
| 861 | 901 |
String savedGroup = null; |
| 862 | 902 |
if (isValid) {
|
| 863 |
MetaCatUtil.debugMessage("\nGetting groups for user....");
|
|
| 864 |
String[] groups = authservice.getGroups(user, password, user); |
|
| 865 |
MetaCatUtil.debugMessage("Groups found: " + groups.length);
|
|
| 903 |
System.out.println("\nGetting groups for user....");
|
|
| 904 |
String[] groups; |
|
| 905 |
if(foruser == null) |
|
| 906 |
{
|
|
| 907 |
groups = authservice.getGroups(user, password, user); |
|
| 908 |
} |
|
| 909 |
else |
|
| 910 |
{
|
|
| 911 |
groups = authservice.getGroups(user, password, foruser); |
|
| 912 |
} |
|
| 913 |
System.out.println("Groups found: " + groups.length);
|
|
| 866 | 914 |
for (int i=0; i < groups.length; i++) {
|
| 867 |
MetaCatUtil.debugMessage("Group " + i + ": " + groups[i]);
|
|
| 915 |
System.out.println("Group " + i + ": " + groups[i]);
|
|
| 868 | 916 |
savedGroup = groups[i]; |
| 869 | 917 |
} |
| 870 | 918 |
} |
| 871 | 919 |
|
| 872 | 920 |
// get the users for a group |
| 873 | 921 |
if (isValid) {
|
| 874 |
MetaCatUtil.debugMessage("\nGetting users for group....");
|
|
| 875 |
MetaCatUtil.debugMessage("Group: " + savedGroup);
|
|
| 922 |
System.out.println("\nGetting users for group....");
|
|
| 923 |
System.out.println("Group: " + savedGroup);
|
|
| 876 | 924 |
String[] users = authservice.getUsers(user, password, savedGroup); |
| 877 |
MetaCatUtil.debugMessage("Users found: " + users.length);
|
|
| 925 |
System.out.println("Users found: " + users.length);
|
|
| 878 | 926 |
for (int i=0; i < users.length; i++) {
|
| 879 |
MetaCatUtil.debugMessage("User " + i + ": " + users[i]);
|
|
| 927 |
System.out.println("User " + i + ": " + users[i]);
|
|
| 880 | 928 |
} |
| 881 | 929 |
} |
| 882 | 930 |
|
| 883 | 931 |
// get all users |
| 884 | 932 |
if (isValid) {
|
| 885 |
MetaCatUtil.debugMessage("\nGetting all users ....");
|
|
| 933 |
System.out.println("\nGetting all users ....");
|
|
| 886 | 934 |
String[] users = authservice.getUsers(user, password); |
| 887 |
MetaCatUtil.debugMessage("Users found: " + users.length);
|
|
| 935 |
System.out.println("Users found: " + users.length);
|
|
| 888 | 936 |
|
| 889 | 937 |
} |
| 890 | 938 |
|
| 891 | 939 |
// get the whole list groups and users in XML format |
| 892 | 940 |
if (isValid) {
|
| 893 |
MetaCatUtil.debugMessage("\nTrying principals....");
|
|
| 941 |
System.out.println("\nTrying principals....");
|
|
| 894 | 942 |
authservice = new AuthLdap(); |
| 895 | 943 |
String out = authservice.getPrincipals(user, password); |
| 896 | 944 |
java.io.File f = new java.io.File("principals.xml");
|
| ... | ... | |
| 900 | 948 |
buff.flush(); |
| 901 | 949 |
buff.close(); |
| 902 | 950 |
fw.close(); |
| 903 |
MetaCatUtil.debugMessage("\nFinished getting principals.");
|
|
| 951 |
System.out.println("\nFinished getting principals.");
|
|
| 904 | 952 |
} |
| 905 | 953 |
|
| 906 | 954 |
} catch (ConnectException ce) {
|
| 907 |
MetaCatUtil.debugMessage(ce.getMessage());
|
|
| 955 |
System.out.println(ce.getMessage());
|
|
| 908 | 956 |
} catch (java.io.IOException ioe) {
|
| 909 |
MetaCatUtil.debugMessage("I/O Error writing to file principals.txt");
|
|
| 957 |
System.out.println("I/O Error writing to file principals.txt");
|
|
| 910 | 958 |
} |
| 911 | 959 |
} |
| 912 | 960 |
|
| ... | ... | |
| 926 | 974 |
try |
| 927 | 975 |
{
|
| 928 | 976 |
//revise environment variable |
| 929 |
env.put(Context.PROVIDER_URL, refExc.getReferralInfo()); |
|
| 977 |
String refInfo = null; |
|
| 978 |
refInfo = (String)refExc.getReferralInfo(); |
|
| 979 |
//refInfo = (String)refExc.getReferralContext().getEnvironment().get(Context.PROVIDER_URL); |
|
| 980 |
//System.out.println("refInfo: " + refInfo);
|
|
| 981 |
if(refInfo != null) |
|
| 982 |
{
|
|
| 983 |
//System.out.println("Referral in thread to: " +
|
|
| 984 |
// refInfo.toString()); |
|
| 985 |
} |
|
| 986 |
else |
|
| 987 |
{
|
|
| 988 |
refInfo = (String)refExc.getReferralContext().getEnvironment().get(Context.PROVIDER_URL); |
|
| 989 |
} |
|
| 990 |
|
|
| 991 |
/*env.put(Context.PROVIDER_URL, refExc.getReferralInfo()); |
|
| 930 | 992 |
env.put(Context.INITIAL_CONTEXT_FACTORY, |
| 931 | 993 |
"com.sun.jndi.ldap.LdapCtxFactory"); |
| 932 | 994 |
env.put(Context.SECURITY_PRINCIPAL, userName); |
| 933 | 995 |
env.put(Context.SECURITY_CREDENTIALS, userPassword); |
| 996 |
env.put(Context.REFERRAL, "throw");*/ |
|
| 997 |
|
|
| 998 |
//get a context object for referral in the new envriment |
|
| 999 |
//rContext = refExc.getReferralContext(); |
|
| 1000 |
|
|
| 1001 |
env.put(Context.INITIAL_CONTEXT_FACTORY, |
|
| 1002 |
"com.sun.jndi.ldap.LdapCtxFactory"); |
|
| 934 | 1003 |
env.put(Context.REFERRAL, "throw"); |
| 935 |
//get a context object for referral in the new envriment |
|
| 936 |
rContext = refExc.getReferralContext(env); |
|
| 1004 |
env.put(Context.PROVIDER_URL, refInfo); |
|
| 1005 |
|
|
| 1006 |
referralContext = new InitialDirContext(env); |
|
| 937 | 1007 |
//casting the context to dircontext and it will create a |
| 938 | 1008 |
//autherntication or naming exception if DN and password is incorrect |
| 939 |
referralContext=rContext; |
|
| 940 |
refDirContext=(DirContext)rContext; |
|
| 941 |
refDirContext.close(); |
|
| 1009 |
//referralContext=rContext;
|
|
| 1010 |
//refDirContext=(DirContext)rContext;
|
|
| 1011 |
//refDirContext.close();
|
|
| 942 | 1012 |
//get context and jump out the while loop |
| 943 | 1013 |
moreReferrals=false; |
| 944 | 1014 |
}//try |
| 945 |
//if referral have another referral excption |
|
| 946 | 1015 |
catch (ReferralException re) |
| 947 | 1016 |
{
|
| 948 | 1017 |
//keep running in while loop |
| ... | ... | |
| 950 | 1019 |
//assign refExc to new referral exception re |
| 951 | 1020 |
refExc=re; |
| 952 | 1021 |
} |
| 953 |
//catch a authentication exception |
|
| 954 | 1022 |
catch (AuthenticationException ae) |
| 955 | 1023 |
{
|
| 956 | 1024 |
util.debugMessage("Error running referral handler thread: " +
|
| ... | ... | |
| 960 | 1028 |
//don't get the context |
| 961 | 1029 |
referralContext = null; |
| 962 | 1030 |
} |
| 963 |
//catch a naming exception |
|
| 964 | 1031 |
catch (NamingException ne) |
| 965 | 1032 |
{
|
| 966 | 1033 |
util.debugMessage("Error running referral handler thread: " +
|
Also available in: Unified diff
updated authldap to get the groups to work (king of)