Revision 980
Added by berkley about 22 years ago
AuthLdap.java | ||
---|---|---|
66 | 66 |
private String ldapsUrl; |
67 | 67 |
private String ldapBase; |
68 | 68 |
private String referral; |
69 |
private Context referralContext; |
|
69 |
private DirContext referralContext;
|
|
70 | 70 |
Hashtable env = new Hashtable(11); |
71 | 71 |
private Context rContext; |
72 | 72 |
private String userName; |
... | ... | |
466 | 466 |
public String[] getGroups(String user, String password) |
467 | 467 |
throws ConnectException |
468 | 468 |
{ |
469 |
return getGroups(user, password, null);
|
|
469 |
return getGroups(user, password, user);
|
|
470 | 470 |
} |
471 | 471 |
|
472 | 472 |
/** |
... | ... | |
500 | 500 |
SearchControls ctls = new SearchControls(); |
501 | 501 |
ctls.setReturningAttributes(attrIDs); |
502 | 502 |
ctls.setSearchScope(SearchControls.SUBTREE_SCOPE); |
503 |
|
|
504 | 503 |
String filter = null; |
505 | 504 |
String gfilter = "(objectClass=groupOfUniqueNames)"; |
506 | 505 |
if (null == foruser) { |
... | ... | |
508 | 507 |
} else { |
509 | 508 |
filter = "(& " + gfilter + "(uniqueMember=" + foruser + "))"; |
510 | 509 |
} |
511 |
NamingEnumeration enum = ctx.search(ldapBase, filter, ctls); |
|
512 |
|
|
513 |
// Print the groups |
|
510 |
|
|
514 | 511 |
Vector uvec = new Vector(); |
515 |
while (enum.hasMore()) { |
|
516 |
SearchResult sr = (SearchResult)enum.next(); |
|
517 |
uvec.add(sr.getName()+","+ldapBase); |
|
512 |
|
|
513 |
try |
|
514 |
{ |
|
515 |
NamingEnumeration enum = ctx.search(ldapBase, filter, ctls); |
|
516 |
// Print the groups |
|
517 |
while (enum.hasMore()) { |
|
518 |
SearchResult sr = (SearchResult)enum.next(); |
|
519 |
uvec.addElement(sr.getName()+","+ldapBase); |
|
520 |
//System.out.println("result: " + sr.getName() + "," + ldapBase); |
|
521 |
} |
|
518 | 522 |
} |
519 |
|
|
523 |
catch(ReferralException re) |
|
524 |
{ |
|
525 |
boolean moreReferrals = true; |
|
526 |
while(moreReferrals) |
|
527 |
{ |
|
528 |
//System.out.println("Referral: " + re.toString()); |
|
529 |
refExc = re; |
|
530 |
Thread t = new Thread(this); |
|
531 |
//System.out.println("Starting thread..."); |
|
532 |
t.start(); |
|
533 |
//System.out.println("sleeping for 7 seconds."); |
|
534 |
try |
|
535 |
{ |
|
536 |
Thread.sleep(5000); |
|
537 |
} |
|
538 |
catch(java.lang.InterruptedException iee) |
|
539 |
{ |
|
540 |
//System.out.println("Main Program Sleep Interrupted"); |
|
541 |
} |
|
542 |
//this is a manual override of ldap's hideously long time |
|
543 |
//out period. |
|
544 |
//System.out.println("Awake after 5 seconds."); |
|
545 |
if (referralContext == null) |
|
546 |
{ |
|
547 |
t.interrupt(); |
|
548 |
//System.out.println("!!!!!!!!thread interrupted!!!!!!!!!"); |
|
549 |
moreReferrals = false; |
|
550 |
} |
|
551 |
else |
|
552 |
{ |
|
553 |
try |
|
554 |
{ |
|
555 |
//System.out.println("searching..."); |
|
556 |
|
|
557 |
NamingEnumeration enum = referralContext.search(ldapBase, filter, ctls); |
|
558 |
//System.out.println("searching complete."); |
|
559 |
while (enum.hasMore() && enum != null) { |
|
560 |
SearchResult sr = (SearchResult)enum.next(); |
|
561 |
uvec.addElement(sr.getName()+","+ldapBase); |
|
562 |
//System.out.println("result: " + sr.getName() + "," + ldapBase); |
|
563 |
} |
|
564 |
moreReferrals = false; |
|
565 |
} |
|
566 |
catch (ReferralException re2) |
|
567 |
{ |
|
568 |
moreReferrals=true; |
|
569 |
refExc=re2; |
|
570 |
} |
|
571 |
catch (AuthenticationException ae) |
|
572 |
{ |
|
573 |
util.debugMessage("Error running referral handler thread: " + |
|
574 |
ae.getMessage()); |
|
575 |
//check if has another referral |
|
576 |
moreReferrals=refExc.skipReferral(); |
|
577 |
//don't get the context |
|
578 |
referralContext = null; |
|
579 |
} |
|
580 |
catch (NamingException ne) |
|
581 |
{ |
|
582 |
util.debugMessage("Error running referral handler thread: " + |
|
583 |
ne.getMessage()); |
|
584 |
//check if has another referral |
|
585 |
moreReferrals=refExc.skipReferral(); |
|
586 |
//don't get context |
|
587 |
referralContext = null; |
|
588 |
} |
|
589 |
} |
|
590 |
} |
|
591 |
} |
|
520 | 592 |
|
521 | 593 |
// initialize groups[] and fill it |
522 | 594 |
groups = new String[uvec.size()]; |
... | ... | |
526 | 598 |
|
527 | 599 |
// Close the context when we're done |
528 | 600 |
ctx.close(); |
529 |
|
|
530 |
} catch (ReferralException re) { |
|
531 |
try |
|
532 |
{ |
|
533 |
refExc = re; |
|
534 |
Thread t = new Thread(this); |
|
535 |
util.debugMessage("Starting thread..."); |
|
536 |
t.start(); |
|
537 |
util.debugMessage("sleeping for 5 seconds."); |
|
538 |
Thread.sleep(5000); |
|
539 |
//this is a manual override of ldap's hideously long time |
|
540 |
//out period. |
|
541 |
util.debugMessage("Awake after 5 seconds."); |
|
542 |
if (referralContext == null) |
|
543 |
{ |
|
544 |
t.interrupt(); |
|
545 |
return null; |
|
546 |
} |
|
547 |
DirContext dc = (DirContext)referralContext; |
|
548 |
String[] attrIDs = {"cn"}; |
|
549 |
// Specify the attributes to match. |
|
550 |
// Groups are objects with attribute objectclass=groupofuniquenames. |
|
551 |
// and have attribute uniquemember: uid=foruser,ldapbase. |
|
552 |
SearchControls ctls = new SearchControls(); |
|
553 |
ctls.setReturningAttributes(attrIDs); |
|
554 |
ctls.setSearchScope(SearchControls.SUBTREE_SCOPE); |
|
555 |
|
|
556 |
String filter = null; |
|
557 |
String gfilter = "(objectClass=groupOfUniqueNames)"; |
|
558 |
if (null == foruser) { |
|
559 |
filter = gfilter; |
|
560 |
} else { |
|
561 |
filter = "(& " + gfilter + "(uniqueMember=" + foruser + "))"; |
|
562 |
} |
|
563 |
NamingEnumeration enum = dc.search(ldapBase, filter, ctls); |
|
564 |
|
|
565 |
// Print the groups |
|
566 |
Vector uvec = new Vector(); |
|
567 |
while (enum.hasMore()) { |
|
568 |
SearchResult sr = (SearchResult)enum.next(); |
|
569 |
uvec.add(sr.getName()+","+ldapBase); |
|
570 |
} |
|
571 |
|
|
572 |
// initialize groups[] and fill it |
|
573 |
groups = new String[uvec.size()]; |
|
574 |
for (int i=0; i < uvec.size(); i++) { |
|
575 |
groups[i] = (String)uvec.elementAt(i); |
|
576 |
} |
|
577 |
referralContext.close(); |
|
578 |
dc.close(); |
|
579 |
} |
|
580 |
catch (Exception e) |
|
581 |
{ |
|
582 |
return groups; |
|
583 |
} |
|
584 |
} catch (NamingException e) { |
|
601 |
} |
|
602 |
catch (NamingException e) |
|
603 |
{ |
|
585 | 604 |
e.printStackTrace(System.err); |
586 | 605 |
throw new ConnectException( |
587 | 606 |
"Problem getting groups for a user in AuthLdap.getGroups:" + e); |
... | ... | |
817 | 836 |
// Provide a user, such as: "Matt Jones", or "jones" |
818 | 837 |
String user = args[0]; |
819 | 838 |
String password = args[1]; |
839 |
String foruser = null; |
|
840 |
|
|
841 |
if(args.length == 3) |
|
842 |
foruser = args[2]; |
|
820 | 843 |
|
821 | 844 |
AuthLdap authservice = new AuthLdap(); |
822 | 845 |
|
823 | 846 |
|
824 | 847 |
boolean isValid = false; |
825 | 848 |
try { |
849 |
System.out.println("authenticating user " + user); |
|
826 | 850 |
isValid = authservice.authenticate(user, password); |
827 | 851 |
if (isValid) { |
828 |
MetaCatUtil.debugMessage("Authentication successful for: " + user );
|
|
852 |
System.out.println("Authentication successful for: " + user );
|
|
829 | 853 |
} else { |
830 |
MetaCatUtil.debugMessage("Authentication failed for: " + user);
|
|
854 |
System.out.println("Authentication failed for: " + user);
|
|
831 | 855 |
} |
832 | 856 |
|
833 | 857 |
// Get attributes for the user |
834 | 858 |
if (isValid) { |
835 |
MetaCatUtil.debugMessage("\nGetting attributes for user...."); |
|
836 |
HashMap userInfo = authservice.getAttributes(user, password, user); |
|
859 |
System.out.println("\nGetting attributes for user...."); |
|
860 |
HashMap userInfo; |
|
861 |
if(foruser == null) |
|
862 |
{ |
|
863 |
userInfo = authservice.getAttributes(user, password, user); |
|
864 |
} |
|
865 |
else |
|
866 |
{ |
|
867 |
userInfo = authservice.getAttributes(user, password, foruser); |
|
868 |
} |
|
837 | 869 |
// Print all of the attributes |
838 | 870 |
Iterator attList = (Iterator)(((Set)userInfo.keySet()).iterator()); |
839 | 871 |
while (attList.hasNext()) { |
... | ... | |
842 | 874 |
Iterator attvalues = values.iterator(); |
843 | 875 |
while (attvalues.hasNext()) { |
844 | 876 |
String value = (String)attvalues.next(); |
845 |
MetaCatUtil.debugMessage(att + ": " + value);
|
|
877 |
System.out.println(att + ": " + value);
|
|
846 | 878 |
} |
847 | 879 |
} |
848 | 880 |
} |
849 | 881 |
|
850 | 882 |
// get the groups |
851 | 883 |
if (isValid) { |
852 |
MetaCatUtil.debugMessage("\nGetting all groups...."); |
|
853 |
String[] groups = authservice.getGroups(user, password); |
|
854 |
MetaCatUtil.debugMessage("Groups found: " + groups.length); |
|
884 |
System.out.println("\nGetting all groups...."); |
|
885 |
String[] groups; |
|
886 |
if(foruser == null) |
|
887 |
{ |
|
888 |
groups = authservice.getGroups(user, password); |
|
889 |
} |
|
890 |
else |
|
891 |
{ |
|
892 |
groups = authservice.getGroups(user, password, foruser); |
|
893 |
} |
|
894 |
System.out.println("Groups found: " + groups.length); |
|
855 | 895 |
for (int i=0; i < groups.length; i++) { |
856 |
MetaCatUtil.debugMessage("Group " + i + ": " + groups[i]);
|
|
896 |
System.out.println("Group " + i + ": " + groups[i]);
|
|
857 | 897 |
} |
858 | 898 |
} |
859 | 899 |
|
860 | 900 |
// get the groups for the user |
861 | 901 |
String savedGroup = null; |
862 | 902 |
if (isValid) { |
863 |
MetaCatUtil.debugMessage("\nGetting groups for user...."); |
|
864 |
String[] groups = authservice.getGroups(user, password, user); |
|
865 |
MetaCatUtil.debugMessage("Groups found: " + groups.length); |
|
903 |
System.out.println("\nGetting groups for user...."); |
|
904 |
String[] groups; |
|
905 |
if(foruser == null) |
|
906 |
{ |
|
907 |
groups = authservice.getGroups(user, password, user); |
|
908 |
} |
|
909 |
else |
|
910 |
{ |
|
911 |
groups = authservice.getGroups(user, password, foruser); |
|
912 |
} |
|
913 |
System.out.println("Groups found: " + groups.length); |
|
866 | 914 |
for (int i=0; i < groups.length; i++) { |
867 |
MetaCatUtil.debugMessage("Group " + i + ": " + groups[i]);
|
|
915 |
System.out.println("Group " + i + ": " + groups[i]);
|
|
868 | 916 |
savedGroup = groups[i]; |
869 | 917 |
} |
870 | 918 |
} |
871 | 919 |
|
872 | 920 |
// get the users for a group |
873 | 921 |
if (isValid) { |
874 |
MetaCatUtil.debugMessage("\nGetting users for group....");
|
|
875 |
MetaCatUtil.debugMessage("Group: " + savedGroup);
|
|
922 |
System.out.println("\nGetting users for group....");
|
|
923 |
System.out.println("Group: " + savedGroup);
|
|
876 | 924 |
String[] users = authservice.getUsers(user, password, savedGroup); |
877 |
MetaCatUtil.debugMessage("Users found: " + users.length);
|
|
925 |
System.out.println("Users found: " + users.length);
|
|
878 | 926 |
for (int i=0; i < users.length; i++) { |
879 |
MetaCatUtil.debugMessage("User " + i + ": " + users[i]);
|
|
927 |
System.out.println("User " + i + ": " + users[i]);
|
|
880 | 928 |
} |
881 | 929 |
} |
882 | 930 |
|
883 | 931 |
// get all users |
884 | 932 |
if (isValid) { |
885 |
MetaCatUtil.debugMessage("\nGetting all users ....");
|
|
933 |
System.out.println("\nGetting all users ....");
|
|
886 | 934 |
String[] users = authservice.getUsers(user, password); |
887 |
MetaCatUtil.debugMessage("Users found: " + users.length);
|
|
935 |
System.out.println("Users found: " + users.length);
|
|
888 | 936 |
|
889 | 937 |
} |
890 | 938 |
|
891 | 939 |
// get the whole list groups and users in XML format |
892 | 940 |
if (isValid) { |
893 |
MetaCatUtil.debugMessage("\nTrying principals....");
|
|
941 |
System.out.println("\nTrying principals....");
|
|
894 | 942 |
authservice = new AuthLdap(); |
895 | 943 |
String out = authservice.getPrincipals(user, password); |
896 | 944 |
java.io.File f = new java.io.File("principals.xml"); |
... | ... | |
900 | 948 |
buff.flush(); |
901 | 949 |
buff.close(); |
902 | 950 |
fw.close(); |
903 |
MetaCatUtil.debugMessage("\nFinished getting principals.");
|
|
951 |
System.out.println("\nFinished getting principals.");
|
|
904 | 952 |
} |
905 | 953 |
|
906 | 954 |
} catch (ConnectException ce) { |
907 |
MetaCatUtil.debugMessage(ce.getMessage());
|
|
955 |
System.out.println(ce.getMessage());
|
|
908 | 956 |
} catch (java.io.IOException ioe) { |
909 |
MetaCatUtil.debugMessage("I/O Error writing to file principals.txt");
|
|
957 |
System.out.println("I/O Error writing to file principals.txt");
|
|
910 | 958 |
} |
911 | 959 |
} |
912 | 960 |
|
... | ... | |
926 | 974 |
try |
927 | 975 |
{ |
928 | 976 |
//revise environment variable |
929 |
env.put(Context.PROVIDER_URL, refExc.getReferralInfo()); |
|
977 |
String refInfo = null; |
|
978 |
refInfo = (String)refExc.getReferralInfo(); |
|
979 |
//refInfo = (String)refExc.getReferralContext().getEnvironment().get(Context.PROVIDER_URL); |
|
980 |
//System.out.println("refInfo: " + refInfo); |
|
981 |
if(refInfo != null) |
|
982 |
{ |
|
983 |
//System.out.println("Referral in thread to: " + |
|
984 |
// refInfo.toString()); |
|
985 |
} |
|
986 |
else |
|
987 |
{ |
|
988 |
refInfo = (String)refExc.getReferralContext().getEnvironment().get(Context.PROVIDER_URL); |
|
989 |
} |
|
990 |
|
|
991 |
/*env.put(Context.PROVIDER_URL, refExc.getReferralInfo()); |
|
930 | 992 |
env.put(Context.INITIAL_CONTEXT_FACTORY, |
931 | 993 |
"com.sun.jndi.ldap.LdapCtxFactory"); |
932 | 994 |
env.put(Context.SECURITY_PRINCIPAL, userName); |
933 | 995 |
env.put(Context.SECURITY_CREDENTIALS, userPassword); |
996 |
env.put(Context.REFERRAL, "throw");*/ |
|
997 |
|
|
998 |
//get a context object for referral in the new envriment |
|
999 |
//rContext = refExc.getReferralContext(); |
|
1000 |
|
|
1001 |
env.put(Context.INITIAL_CONTEXT_FACTORY, |
|
1002 |
"com.sun.jndi.ldap.LdapCtxFactory"); |
|
934 | 1003 |
env.put(Context.REFERRAL, "throw"); |
935 |
//get a context object for referral in the new envriment |
|
936 |
rContext = refExc.getReferralContext(env); |
|
1004 |
env.put(Context.PROVIDER_URL, refInfo); |
|
1005 |
|
|
1006 |
referralContext = new InitialDirContext(env); |
|
937 | 1007 |
//casting the context to dircontext and it will create a |
938 | 1008 |
//autherntication or naming exception if DN and password is incorrect |
939 |
referralContext=rContext; |
|
940 |
refDirContext=(DirContext)rContext; |
|
941 |
refDirContext.close(); |
|
1009 |
//referralContext=rContext;
|
|
1010 |
//refDirContext=(DirContext)rContext;
|
|
1011 |
//refDirContext.close();
|
|
942 | 1012 |
//get context and jump out the while loop |
943 | 1013 |
moreReferrals=false; |
944 | 1014 |
}//try |
945 |
//if referral have another referral excption |
|
946 | 1015 |
catch (ReferralException re) |
947 | 1016 |
{ |
948 | 1017 |
//keep running in while loop |
... | ... | |
950 | 1019 |
//assign refExc to new referral exception re |
951 | 1020 |
refExc=re; |
952 | 1021 |
} |
953 |
//catch a authentication exception |
|
954 | 1022 |
catch (AuthenticationException ae) |
955 | 1023 |
{ |
956 | 1024 |
util.debugMessage("Error running referral handler thread: " + |
... | ... | |
960 | 1028 |
//don't get the context |
961 | 1029 |
referralContext = null; |
962 | 1030 |
} |
963 |
//catch a naming exception |
|
964 | 1031 |
catch (NamingException ne) |
965 | 1032 |
{ |
966 | 1033 |
util.debugMessage("Error running referral handler thread: " + |
Also available in: Unified diff
updated authldap to get the groups to work (king of)