001/* 002 * Copyright (c) 2003-2010 The Regents of the University of California. 003 * All rights reserved. 004 * 005 * '$Author: barseghian $' 006 * '$Date: 2013-01-16 23:42:20 +0000 (Wed, 16 Jan 2013) $' 007 * '$Revision: 31342 $' 008 * 009 * Permission is hereby granted, without written agreement and without 010 * license or royalty fees, to use, copy, modify, and distribute this 011 * software and its documentation for any purpose, provided that the above 012 * copyright notice and the following two paragraphs appear in all copies 013 * of this software. 014 * 015 * IN NO EVENT SHALL THE UNIVERSITY OF CALIFORNIA BE LIABLE TO ANY PARTY 016 * FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES 017 * ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS DOCUMENTATION, EVEN IF 018 * THE UNIVERSITY OF CALIFORNIA HAS BEEN ADVISED OF THE POSSIBILITY OF 019 * SUCH DAMAGE. 020 * 021 * THE UNIVERSITY OF CALIFORNIA SPECIFICALLY DISCLAIMS ANY WARRANTIES, 022 * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 023 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE SOFTWARE 024 * PROVIDED HEREUNDER IS ON AN "AS IS" BASIS, AND THE UNIVERSITY OF 025 * CALIFORNIA HAS NO OBLIGATION TO PROVIDE MAINTENANCE, SUPPORT, UPDATES, 026 * ENHANCEMENTS, OR MODIFICATIONS. 027 * 028 */ 029 030package org.kepler.authentication; 031 032import org.ecoinformatics.ecogrid.client.AuthenticationServiceClient; 033import org.kepler.authentication.gui.DomainSelectionGUI; 034import org.kepler.authentication.gui.LDAPLoginGUI; 035 036/** 037 * Authenticates a user against LDAP 038 * 039 */ 040 041public class LDAPAuthenticationService extends AuthenticationService { 042 043 /** 044 * Use LDAP to authenticate the user 045 */ 046 public synchronized ProxyEntity authenticate(Domain d) 047 throws AuthenticationException { 048 /* 049 * STEPS: 1) open the gui to get user info 2) authenticate the user 050 * based on the info 3) if user is authenticated, create ProxyEntity and 051 * return it 052 * 053 * MAJOR NOTE: This class gets its service url from the repository 054 * config file, not the authServicesBundle. this is done so that there 055 * are not two different defined authentication urls for ldap. i'm not 056 * sure if this is the right way to do this. 057 */ 058 059 // check if we even need to ask for the user/pass 060 if (this.userName != null && this.password != null) { 061 ProxyEntity pentity = authenticate(d, this.userName, this.password); 062 this.credential = pentity.getCredential(); 063 return pentity; 064 } 065 066 System.out.println("LDAPAuthenticationService authenticate("+d.getDomain()+")"); 067 // help out with a hint as to where they are authenticating 068 LDAPLoginGUI loginGUI = new LDAPLoginGUI(); 069 loginGUI.setDomainName(d.getDomain()); 070 loginGUI.fire(); 071 072 // user canceled the action 073 if (loginGUI.getOrganization().equals(DomainSelectionGUI.DOMAIN_BREAK)) { 074 return null; 075 } 076 077 // ProgressMonitorSwingWorker worker = new ProgressMonitorSwingWorker( 078 // "Authenticating..."); 079 // worker.start(); 080 081 String username = loginGUI.getUsername(); 082 String password = loginGUI.getPassword(); 083 String org = loginGUI.getOrganization(); 084 loginGUI.resetFields(); 085 086 ProxyEntity pentity; 087 System.out.println("d: " + d.getDomain() + " username: " + username 088 + " password: ****" + " org: " + org); 089 pentity = authenticate(d, username, password, org); 090 091 // worker.destroy(); // kill the window 092 // worker.interrupt(); // stop the thread 093 return pentity; 094 } 095 096 /** 097 * this method authenticates using a full dn instead of breaking it into 098 * username and org 099 */ 100 public ProxyEntity authenticate(Domain d, String dn, String password) 101 throws AuthenticationException { 102 103 String ldapURL = d.getServiceURL(); 104 String sessionid; 105 ProxyEntity pentity; 106 107 try { 108 // System.out.println("==============authenticating with url: " + 109 // ldapURL); 110 AuthenticationServiceClient client = new AuthenticationServiceClient( 111 ldapURL); 112 String ldapUserStr; 113 if (dn.equals("anon")) { 114 // get the generic kepler username from the 115 // properties file 116 ldapUserStr = d.getUsername(); 117 password = d.getPassword(); 118 } else { 119 ldapUserStr = dn; 120 } 121 122 System.out.println("Authenticating with user: " + ldapUserStr 123 + " and " + "password: ******"); 124 sessionid = client.login_action(ldapUserStr, password); 125 pentity = new ProxyEntity(); 126 pentity.setDomain(d); 127 pentity.setCredential(sessionid); 128 pentity.setUserName(ldapUserStr); 129 } catch (Exception e) { 130 throw new AuthenticationException("Error authenticating: " 131 + e.getMessage()); 132 } 133 134 return pentity; 135 } 136 137 /** 138 * this method authenticates without creating a gui popup window for the 139 * user. The username/password/org must be provided. this method assumes 140 * dc=ecoinformatics,dc=org. 141 */ 142 public ProxyEntity authenticate(Domain d, String username, String password, 143 String org) throws AuthenticationException { 144 String dn; 145 146 if (username.equals("anon")) { 147 dn = "anon"; 148 } else { 149 dn = "uid=" + username + ",o=" + org + ",dc=ecoinformatics,dc=org"; 150 } 151 return authenticate(d, dn, password); 152 } 153 154 public void unauthenticate(ProxyEntity pentity) 155 throws AuthenticationException { 156 157 // check for credential first 158 String credential = pentity.getCredential(); 159 if (credential == null) { 160 throw new AuthenticationException( 161 "Cannot unauthenticate with no credential given: credential=" 162 + credential); 163 } 164 165 String ldapURL = pentity.getDomain().getServiceURL(); 166 167 try { 168 AuthenticationServiceClient client = new AuthenticationServiceClient( 169 ldapURL); 170 System.out 171 .println("unauthenticating for credential: " + credential); 172 client.logout_action(credential); 173 this.credential = null; 174 } catch (Exception e) { 175 throw new AuthenticationException("Error unauthenticating: " 176 + e.getMessage()); 177 } 178 179 } 180}