hazza/DSpace
1
0
Fork 0
mirror of https://github.com/DSpace/DSpace.git synced 2025-10-10 03:23:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix whitespace in LDAPAuthentication.java

Browse Source
This commit is contained in:
Ivan Masár
2012-09-17 10:39:29 +02:00
parent 8c4341357b
commit 03f0ed903e
1 changed files with 288 additions and 288 deletions
Download Patch File Download Diff File Expand all files Collapse all files

576
dspace-api/src/main/java/org/dspace/authenticate/LDAPAuthentication.java
View File

@@ -46,7 +46,7 @@ public class LDAPAuthentication
/** log4j category */ /** log4j category */
private static Logger log = Logger.getLogger(LDAPAuthentication.class); private static Logger log = Logger.getLogger(LDAPAuthentication.class);
/** /**
* Let a real auth method return true if it wants. * Let a real auth method return true if it wants.
*/ */
public boolean canSelfRegister(Context context, public boolean canSelfRegister(Context context,
@@ -95,34 +95,34 @@ public class LDAPAuthentication
*/ */
public int[] getSpecialGroups(Context context, HttpServletRequest request) public int[] getSpecialGroups(Context context, HttpServletRequest request)
{ {
// Prevents anonymous users from being added to this group, and the second check // Prevents anonymous users from being added to this group, and the second check
// ensures they are LDAP users // ensures they are LDAP users
try try
{ {
if (!context.getCurrentUser().getNetid().equals("")) if (!context.getCurrentUser().getNetid().equals(""))
{ {
String groupName = ConfigurationManager.getProperty("authentication-ldap", "login.specialgroup"); String groupName = ConfigurationManager.getProperty("authentication-ldap", "login.specialgroup");
if ((groupName != null) && (!groupName.trim().equals(""))) if ((groupName != null) && (!groupName.trim().equals("")))
{ {
Group ldapGroup = Group.findByName(context, groupName); Group ldapGroup = Group.findByName(context, groupName);
if (ldapGroup == null) if (ldapGroup == null)
{ {
// Oops - the group isn't there. // Oops - the group isn't there.
log.warn(LogManager.getHeader(context, log.warn(LogManager.getHeader(context,
"ldap_specialgroup", "ldap_specialgroup",
"Group defined in login.specialgroup does not exist")); "Group defined in login.specialgroup does not exist"));
return new int[0]; return new int[0];
} else } else
{ {
return new int[] { ldapGroup.getID() }; return new int[] { ldapGroup.getID() };
} }
} }
} }
} }
catch (Exception npe) { catch (Exception npe) {
// The user is not an LDAP user, so we don't need to worry about them // The user is not an LDAP user, so we don't need to worry about them
} }
return new int[0]; return new int[0];
} }
/* /*
@@ -177,40 +177,40 @@ public class LDAPAuthentication
EPerson eperson = null; EPerson eperson = null;
try try
{ {
eperson = EPerson.findByNetid(context, netid.toLowerCase()); eperson = EPerson.findByNetid(context, netid.toLowerCase());
} }
catch (SQLException e) catch (SQLException e)
{ {
} }
SpeakerToLDAP ldap = new SpeakerToLDAP(log); SpeakerToLDAP ldap = new SpeakerToLDAP(log);
// Get the DN of the user // Get the DN of the user
boolean anonymousSearch = ConfigurationManager.getBooleanProperty("authentication-ldap", "search.anonymous"); boolean anonymousSearch = ConfigurationManager.getBooleanProperty("authentication-ldap", "search.anonymous");
String adminUser = ConfigurationManager.getProperty("authentication-ldap", "search.user"); String adminUser = ConfigurationManager.getProperty("authentication-ldap", "search.user");
String adminPassword = ConfigurationManager.getProperty("authentication-ldap", "search.password"); String adminPassword = ConfigurationManager.getProperty("authentication-ldap", "search.password");
String objectContext = ConfigurationManager.getProperty("authentication-ldap", "object_context"); String objectContext = ConfigurationManager.getProperty("authentication-ldap", "object_context");
String idField = ConfigurationManager.getProperty("authentication-ldap", "id_field"); String idField = ConfigurationManager.getProperty("authentication-ldap", "id_field");
String dn = ""; String dn = "";
// If adminUser is blank and anonymous search is not allowed, then we can't search so construct the DN instead of searching it // If adminUser is blank and anonymous search is not allowed, then we can't search so construct the DN instead of searching it
if ((StringUtils.isBlank(adminUser) || StringUtils.isBlank(adminPassword)) && !anonymousSearch) if ((StringUtils.isBlank(adminUser) || StringUtils.isBlank(adminPassword)) && !anonymousSearch)
{ {
dn = idField + "=" + netid + "," + objectContext; dn = idField + "=" + netid + "," + objectContext;
} }
else else
{ {
dn = ldap.getDNOfUser(adminUser, adminPassword, context, netid); dn = ldap.getDNOfUser(adminUser, adminPassword, context, netid);
} }
// Check a DN was found // Check a DN was found
if ((dn == null) || (dn.trim().equals(""))) if ((dn == null) || (dn.trim().equals("")))
{ {
log.info(LogManager log.info(LogManager
.getHeader(context, "failed_login", "no DN found for user " + netid)); .getHeader(context, "failed_login", "no DN found for user " + netid));
return BAD_CREDENTIALS; return BAD_CREDENTIALS;
} }
// if they entered a netid that matches an eperson // if they entered a netid that matches an eperson
if (eperson != null) if (eperson != null)
{ {
// e-mail address corresponds to active account // e-mail address corresponds to active account
@@ -239,19 +239,19 @@ public class LDAPAuthentication
return BAD_CREDENTIALS; return BAD_CREDENTIALS;
} }
} }
// the user does not already exist so try and authenticate them
// with ldap and create an eperson for them
else else
{ {
// the user does not already exist so try and authenticate them
// with ldap and create an eperson for them
if (ldap.ldapAuthenticate(dn, password, context)) if (ldap.ldapAuthenticate(dn, password, context))
{ {
// Register the new user automatically // Register the new user automatically
log.info(LogManager.getHeader(context, log.info(LogManager.getHeader(context,
"autoregister", "netid=" + netid)); "autoregister", "netid=" + netid));
// If there is no email and the email domain is set, add it to the netid // If there is no email and the email domain is set, add it to the netid
String email = ldap.ldapEmail; String email = ldap.ldapEmail;
if (((email == null) || ("".equals(email))) && if (((email == null) || ("".equals(email))) &&
(!"".equals(ConfigurationManager.getProperty("authentication-ldap", "netid_email_domain")))) (!"".equals(ConfigurationManager.getProperty("authentication-ldap", "netid_email_domain"))))
{ {
@@ -259,93 +259,93 @@ public class LDAPAuthentication
} }
if ((email != null) && (!"".equals(email))) if ((email != null) && (!"".equals(email)))
{ {
try try
{ {
eperson = EPerson.findByEmail(context, email); eperson = EPerson.findByEmail(context, email);
if (eperson!=null) if (eperson!=null)
{ {
log.info(LogManager.getHeader(context, log.info(LogManager.getHeader(context,
"type=ldap-login", "type=ldap_but_already_email")); "type=ldap-login", "type=ldap_but_already_email"));
context.setIgnoreAuthorization(true); context.setIgnoreAuthorization(true);
eperson.setNetid(netid.toLowerCase()); eperson.setNetid(netid.toLowerCase());
eperson.update(); eperson.update();
context.commit(); context.commit();
context.setIgnoreAuthorization(false); context.setIgnoreAuthorization(false);
context.setCurrentUser(eperson); context.setCurrentUser(eperson);
// assign user to groups based on ldap dn // assign user to groups based on ldap dn
assignGroupsBasedOnLdapDn(dn, context); assignGroupsBasedOnLdapDn(dn, context);
return SUCCESS; return SUCCESS;
} }
else else
{ {
if (canSelfRegister(context, request, netid)) if (canSelfRegister(context, request, netid))
{ {
// TEMPORARILY turn off authorisation // TEMPORARILY turn off authorisation
try try
{ {
context.setIgnoreAuthorization(true); context.setIgnoreAuthorization(true);
eperson = EPerson.create(context); eperson = EPerson.create(context);
if ((email != null) && (!"".equals(email))) if ((email != null) && (!"".equals(email)))
{ {
eperson.setEmail(email); eperson.setEmail(email);
} }
if ((ldap.ldapGivenName!=null) && (!ldap.ldapGivenName.equals(""))) if ((ldap.ldapGivenName!=null) && (!ldap.ldapGivenName.equals("")))
{ {
eperson.setFirstName(ldap.ldapGivenName); eperson.setFirstName(ldap.ldapGivenName);
} }
if ((ldap.ldapSurname!=null) && (!ldap.ldapSurname.equals(""))) if ((ldap.ldapSurname!=null) && (!ldap.ldapSurname.equals("")))
{ {
eperson.setLastName(ldap.ldapSurname); eperson.setLastName(ldap.ldapSurname);
} }
if ((ldap.ldapPhone!=null)&&(!ldap.ldapPhone.equals(""))) if ((ldap.ldapPhone!=null)&&(!ldap.ldapPhone.equals("")))
{ {
eperson.setMetadata("phone", ldap.ldapPhone); eperson.setMetadata("phone", ldap.ldapPhone);
} }
eperson.setNetid(netid.toLowerCase()); eperson.setNetid(netid.toLowerCase());
eperson.setCanLogIn(true); eperson.setCanLogIn(true);
AuthenticationManager.initEPerson(context, request, eperson); AuthenticationManager.initEPerson(context, request, eperson);
eperson.update(); eperson.update();
context.commit(); context.commit();
context.setCurrentUser(eperson); context.setCurrentUser(eperson);
// assign user to groups based on ldap dn // assign user to groups based on ldap dn
assignGroupsBasedOnLdapDn(dn, context); assignGroupsBasedOnLdapDn(dn, context);
} }
catch (AuthorizeException e) catch (AuthorizeException e)
{ {
return NO_SUCH_USER; return NO_SUCH_USER;
} }
finally finally
{ {
context.setIgnoreAuthorization(false); context.setIgnoreAuthorization(false);
} }
log.info(LogManager.getHeader(context, "authenticate", log.info(LogManager.getHeader(context, "authenticate",
"type=ldap-login, created ePerson")); "type=ldap-login, created ePerson"));
return SUCCESS; return SUCCESS;
} }
else else
{ {
// No auto-registration for valid certs // No auto-registration for valid certs
log.info(LogManager.getHeader(context, log.info(LogManager.getHeader(context,
"failed_login", "type=ldap_but_no_record")); "failed_login", "type=ldap_but_no_record"));
return NO_SUCH_USER; return NO_SUCH_USER;
} }
} }
} }
catch (AuthorizeException e) catch (AuthorizeException e)
{ {
eperson = null; eperson = null;
} }
finally finally
{ {
context.setIgnoreAuthorization(false); context.setIgnoreAuthorization(false);
} }
} }
} }
} }
return BAD_ARGS; return BAD_ARGS;
} }
@@ -363,47 +363,47 @@ public class LDAPAuthentication
protected String ldapSurname = null; protected String ldapSurname = null;
protected String ldapPhone = null; protected String ldapPhone = null;
/** LDAP settings */ /** LDAP settings */
String ldap_provider_url = ConfigurationManager.getProperty("authentication-ldap", "provider_url"); String ldap_provider_url = ConfigurationManager.getProperty("authentication-ldap", "provider_url");
String ldap_id_field = ConfigurationManager.getProperty("authentication-ldap", "id_field"); String ldap_id_field = ConfigurationManager.getProperty("authentication-ldap", "id_field");
String ldap_search_context = ConfigurationManager.getProperty("authentication-ldap", "search_context"); String ldap_search_context = ConfigurationManager.getProperty("authentication-ldap", "search_context");
String ldap_search_scope = ConfigurationManager.getProperty("authentication-ldap", "search_scope"); String ldap_search_scope = ConfigurationManager.getProperty("authentication-ldap", "search_scope");
String ldap_email_field = ConfigurationManager.getProperty("authentication-ldap", "email_field"); String ldap_email_field = ConfigurationManager.getProperty("authentication-ldap", "email_field");
String ldap_givenname_field = ConfigurationManager.getProperty("authentication-ldap", "givenname_field"); String ldap_givenname_field = ConfigurationManager.getProperty("authentication-ldap", "givenname_field");
String ldap_surname_field = ConfigurationManager.getProperty("authentication-ldap", "surname_field"); String ldap_surname_field = ConfigurationManager.getProperty("authentication-ldap", "surname_field");
String ldap_phone_field = ConfigurationManager.getProperty("authentication-ldap", "phone_field"); String ldap_phone_field = ConfigurationManager.getProperty("authentication-ldap", "phone_field");
SpeakerToLDAP(Logger thelog) SpeakerToLDAP(Logger thelog)
{ {
log = thelog; log = thelog;
} }
protected String getDNOfUser(String adminUser, String adminPassword, Context context, String netid) protected String getDNOfUser(String adminUser, String adminPassword, Context context, String netid)
{ {
// The resultant DN // The resultant DN
String resultDN; String resultDN;
// The search scope to use (default to 0) // The search scope to use (default to 0)
int ldap_search_scope_value = 0; int ldap_search_scope_value = 0;
try try
{ {
ldap_search_scope_value = Integer.parseInt(ldap_search_scope.trim()); ldap_search_scope_value = Integer.parseInt(ldap_search_scope.trim());
} }
catch (NumberFormatException e) catch (NumberFormatException e)
{ {
// Log the error if it has been set but is invalid // Log the error if it has been set but is invalid
if (ldap_search_scope != null) if (ldap_search_scope != null)
{ {
log.warn(LogManager.getHeader(context, log.warn(LogManager.getHeader(context,
"ldap_authentication", "invalid search scope: " + ldap_search_scope)); "ldap_authentication", "invalid search scope: " + ldap_search_scope));
} }
} }
// Set up environment for creating initial context // Set up environment for creating initial context
Hashtable env = new Hashtable(11); Hashtable env = new Hashtable(11);
env.put(javax.naming.Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env.put(javax.naming.Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(javax.naming.Context.PROVIDER_URL, ldap_provider_url); env.put(javax.naming.Context.PROVIDER_URL, ldap_provider_url);
if ((adminUser != null) && (!adminUser.trim().equals("")) && if ((adminUser != null) && (!adminUser.trim().equals("")) &&
(adminPassword != null) && (!adminPassword.trim().equals(""))) (adminPassword != null) && (!adminPassword.trim().equals("")))
@@ -419,158 +419,158 @@ public class LDAPAuthentication
env.put(javax.naming.Context.SECURITY_AUTHENTICATION, "none"); env.put(javax.naming.Context.SECURITY_AUTHENTICATION, "none");
} }
DirContext ctx = null; DirContext ctx = null;
try try
{ {
// Create initial context // Create initial context
ctx = new InitialDirContext(env); ctx = new InitialDirContext(env);
Attributes matchAttrs = new BasicAttributes(true); Attributes matchAttrs = new BasicAttributes(true);
matchAttrs.put(new BasicAttribute(ldap_id_field, netid)); matchAttrs.put(new BasicAttribute(ldap_id_field, netid));
// look up attributes // look up attributes
try try
{ {
SearchControls ctrls = new SearchControls(); SearchControls ctrls = new SearchControls();
ctrls.setSearchScope(ldap_search_scope_value); ctrls.setSearchScope(ldap_search_scope_value);
NamingEnumeration<SearchResult> answer = ctx.search( NamingEnumeration<SearchResult> answer = ctx.search(
ldap_provider_url + ldap_search_context, ldap_provider_url + ldap_search_context,
"(&({0}={1}))", new Object[] { ldap_id_field, "(&({0}={1}))", new Object[] { ldap_id_field,
netid }, ctrls); netid }, ctrls);
while (answer.hasMoreElements()) { while (answer.hasMoreElements()) {
SearchResult sr = answer.next(); SearchResult sr = answer.next();
if (StringUtils.isEmpty(ldap_search_context)) { if (StringUtils.isEmpty(ldap_search_context)) {
resultDN = sr.getName(); resultDN = sr.getName();
} else { } else {
resultDN = (sr.getName() + "," + ldap_search_context); resultDN = (sr.getName() + "," + ldap_search_context);
} }
String attlist[] = {ldap_email_field, ldap_givenname_field, String attlist[] = {ldap_email_field, ldap_givenname_field,
ldap_surname_field, ldap_phone_field}; ldap_surname_field, ldap_phone_field};
Attributes atts = sr.getAttributes(); Attributes atts = sr.getAttributes();
Attribute att; Attribute att;
if (attlist[0] != null) { if (attlist[0] != null) {
att = atts.get(attlist[0]); att = atts.get(attlist[0]);
if (att != null) if (att != null)
{ {
ldapEmail = (String) att.get(); ldapEmail = (String) att.get();
} }
} }
if (attlist[1] != null) { if (attlist[1] != null) {
att = atts.get(attlist[1]); att = atts.get(attlist[1]);
if (att != null) if (att != null)
{ {
ldapGivenName = (String) att.get(); ldapGivenName = (String) att.get();
} }
} }
if (attlist[2] != null) { if (attlist[2] != null) {
att = atts.get(attlist[2]); att = atts.get(attlist[2]);
if (att != null) if (att != null)
{ {
ldapSurname = (String) att.get(); ldapSurname = (String) att.get();
} }
} }
if (attlist[3] != null) { if (attlist[3] != null) {
att = atts.get(attlist[3]); att = atts.get(attlist[3]);
if (att != null) if (att != null)
{ {
ldapPhone = (String) att.get(); ldapPhone = (String) att.get();
} }
} }
if (answer.hasMoreElements()) { if (answer.hasMoreElements()) {
// Oh dear - more than one match // Oh dear - more than one match
// Ambiguous user, can't continue // Ambiguous user, can't continue
} else { } else {
log.debug(LogManager.getHeader(context, "got DN", resultDN)); log.debug(LogManager.getHeader(context, "got DN", resultDN));
return resultDN; return resultDN;
} }
} }
} }
catch (NamingException e) catch (NamingException e)
{ {
// if the lookup fails go ahead and create a new record for them because the authentication // if the lookup fails go ahead and create a new record for them because the authentication
// succeeded // succeeded
log.warn(LogManager.getHeader(context, log.warn(LogManager.getHeader(context,
"ldap_attribute_lookup", "type=failed_search " "ldap_attribute_lookup", "type=failed_search "
+ e)); + e));
} }
} }
catch (NamingException e) catch (NamingException e)
{ {
log.warn(LogManager.getHeader(context, log.warn(LogManager.getHeader(context,
"ldap_authentication", "type=failed_auth " + e)); "ldap_authentication", "type=failed_auth " + e));
} }
finally finally
{ {
// Close the context when we're done // Close the context when we're done
try try
{ {
if (ctx != null) if (ctx != null)
{ {
ctx.close(); ctx.close();
} }
} }
catch (NamingException e) catch (NamingException e)
{ {
} }
} }
// No DN match found // No DN match found
return null; return null;
} }
/** /**
* contact the ldap server and attempt to authenticate * contact the ldap server and attempt to authenticate
*/ */
protected boolean ldapAuthenticate(String netid, String password, protected boolean ldapAuthenticate(String netid, String password,
Context context) { Context context) {
if (!password.equals("")) { if (!password.equals("")) {
// Set up environment for creating initial context // Set up environment for creating initial context
Hashtable<String, String> env = new Hashtable<String, String>(); Hashtable<String, String> env = new Hashtable<String, String>();
env.put(javax.naming.Context.INITIAL_CONTEXT_FACTORY, env.put(javax.naming.Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory"); "com.sun.jndi.ldap.LdapCtxFactory");
env.put(javax.naming.Context.PROVIDER_URL, ldap_provider_url); env.put(javax.naming.Context.PROVIDER_URL, ldap_provider_url);
// Authenticate // Authenticate
env.put(javax.naming.Context.SECURITY_AUTHENTICATION, "Simple"); env.put(javax.naming.Context.SECURITY_AUTHENTICATION, "Simple");
env.put(javax.naming.Context.SECURITY_PRINCIPAL, netid); env.put(javax.naming.Context.SECURITY_PRINCIPAL, netid);
env.put(javax.naming.Context.SECURITY_CREDENTIALS, password); env.put(javax.naming.Context.SECURITY_CREDENTIALS, password);
env.put(javax.naming.Context.AUTHORITATIVE, "true"); env.put(javax.naming.Context.AUTHORITATIVE, "true");
env.put(javax.naming.Context.REFERRAL, "follow"); env.put(javax.naming.Context.REFERRAL, "follow");
DirContext ctx = null; DirContext ctx = null;
try { try {
// Try to bind // Try to bind
ctx = new InitialDirContext(env); ctx = new InitialDirContext(env);
} catch (NamingException e) { } catch (NamingException e) {
log.warn(LogManager.getHeader(context, log.warn(LogManager.getHeader(context,
"ldap_authentication", "type=failed_auth " + e)); "ldap_authentication", "type=failed_auth " + e));
return false; return false;
} finally { } finally {
// Close the context when we're done // Close the context when we're done
try { try {
if (ctx != null) if (ctx != null)
{ {
ctx.close(); ctx.close();
} }
} catch (NamingException e) { } catch (NamingException e) {
} }
} }
} else { } else {
return false; return false;
} }
return true; return true;
} }
} }
/* /*
* Returns URL to which to redirect to obtain credentials (either password * Returns URL to which to redirect to obtain credentials (either password
@@ -649,11 +649,11 @@ public class LDAPAuthentication
} }
catch (AuthorizeException ae) catch (AuthorizeException ae)
{ {
log.debug(LogManager.getHeader(context, "assignGroupsBasedOnLdapDn could not authorize addition to group", dspaceGroupName)); log.debug(LogManager.getHeader(context, "assignGroupsBasedOnLdapDn could not authorize addition to group", dspaceGroupName));
} }
catch (SQLException e) catch (SQLException e)
{ {
log.debug(LogManager.getHeader(context, "assignGroupsBasedOnLdapDn could not find group", dspaceGroupName)); log.debug(LogManager.getHeader(context, "assignGroupsBasedOnLdapDn could not find group", dspaceGroupName));
} }
} }