📄 ldapauthentication.java
字号:
if ((ldap.ldapEmail!=null)&&(!ldap.ldapEmail.equals(""))) eperson.setEmail(ldap.ldapEmail); else eperson.setEmail(netid); if ((ldap.ldapGivenName!=null)&&(!ldap.ldapGivenName.equals(""))) eperson.setFirstName(ldap.ldapGivenName); if ((ldap.ldapSurname!=null)&&(!ldap.ldapSurname.equals(""))) eperson.setLastName(ldap.ldapSurname); if ((ldap.ldapPhone!=null)&&(!ldap.ldapPhone.equals(""))) eperson.setMetadata("phone", ldap.ldapPhone); eperson.setNetid(netid); eperson.setCanLogIn(true); AuthenticationManager.initEPerson(context, request, eperson); eperson.update(); context.commit(); } catch (AuthorizeException e) { return NO_SUCH_USER; } finally { context.setIgnoreAuthorization(false); } log.info(LogManager.getHeader(context, "authenticate", "type=ldap-login, created ePerson")); return SUCCESS; } else { // No auto-registration for valid certs log.info(LogManager.getHeader(context, "failed_login", "type=ldap_but_no_record")); return NO_SUCH_USER; } } } catch (AuthorizeException e) { eperson = null; } finally { context.setIgnoreAuthorization(false); } } } } return BAD_ARGS; } /** * Internal class to manage LDAP query and results, mainly * because there are multiple values to return. */ public class SpeakerToLDAP { private Logger log = null; /** ldap email result */ protected String ldapEmail = null; /** ldap name result */ protected String ldapGivenName = null; protected String ldapSurname = null; protected String ldapPhone = null; SpeakerToLDAP(Logger thelog) { log = thelog; } /** * contact the ldap server and attempt to authenticate */ protected boolean ldapAuthenticate(String netid, String password, Context context) { if (!password.equals("")) { String ldap_provider_url = ConfigurationManager.getProperty("ldap.provider_url"); String ldap_id_field = ConfigurationManager.getProperty("ldap.id_field"); String ldap_search_context = ConfigurationManager.getProperty("ldap.search_context"); String ldap_object_context = ConfigurationManager.getProperty("ldap.object_context"); // Set up environment for creating initial context Hashtable env = new Hashtable(11); env.put(javax.naming.Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env.put(javax.naming.Context.PROVIDER_URL, ldap_provider_url); // Authenticate env.put(javax.naming.Context.SECURITY_AUTHENTICATION, "simple"); env.put(javax.naming.Context.SECURITY_PRINCIPAL, ldap_id_field+"="+netid+","+ldap_object_context); env.put(javax.naming.Context.SECURITY_CREDENTIALS, password); DirContext ctx = null; try { // Create initial context ctx = new InitialDirContext(env); String ldap_email_field = ConfigurationManager.getProperty("ldap.email_field"); String ldap_givenname_field = ConfigurationManager.getProperty("ldap.givenname_field"); String ldap_surname_field = ConfigurationManager.getProperty("ldap.surname_field"); String ldap_phone_field = ConfigurationManager.getProperty("ldap.phone_field"); Attributes matchAttrs = new BasicAttributes(true); matchAttrs.put(new BasicAttribute(ldap_id_field, netid)); String attlist[] = {ldap_email_field, ldap_givenname_field, ldap_surname_field, ldap_phone_field}; // look up attributes try { NamingEnumeration answer = ctx.search(ldap_search_context, matchAttrs, attlist); while(answer.hasMore()) { SearchResult sr = (SearchResult)answer.next(); Attributes atts = sr.getAttributes(); Attribute att; if (attlist[0]!=null) { att = atts.get(attlist[0]); if (att != null) ldapEmail = (String)att.get(); } if (attlist[1]!=null) { att = atts.get(attlist[1]); if (att != null) ldapGivenName = (String)att.get(); } if (attlist[2]!=null) { att = atts.get(attlist[2]); if (att != null) ldapSurname = (String)att.get(); } if (attlist[3]!=null) { att = atts.get(attlist[3]); if (att != null) ldapPhone = (String)att.get(); } } } catch (NamingException e) { // if the lookup fails go ahead and create a new record for them because the authentication // succeeded log.warn(LogManager.getHeader(context, "ldap_attribute_lookup", "type=failed_search "+e)); return true; } } catch (NamingException e) { log.warn(LogManager.getHeader(context, "ldap_authentication", "type=failed_auth "+e)); return false; } finally { // Close the context when we're done try { if (ctx != null) ctx.close(); } catch (NamingException e) { } } } else { return false; } return true; } } /* * Returns URL to which to redirect to obtain credentials (either password * prompt or e.g. HTTPS port for client cert.); null means no redirect. * * @param context * DSpace context, will be modified (ePerson set) upon success. * * @param request * The HTTP request that started this operation, or null if not applicable. * * @param response * The HTTP response from the servlet method. * * @return fully-qualified URL */ public String loginPageURL(Context context, HttpServletRequest request, HttpServletResponse response) { return response.encodeRedirectURL(request.getContextPath() + "/ldap-login"); } /** * Returns message key for title of the "login" page, to use * in a menu showing the choice of multiple login methods. * * @param context * DSpace context, will be modified (ePerson set) upon success. * * @return Message key to look up in i18n message catalog. */ public String loginPageTitle(Context context) { return "org.dspace.eperson.LDAPAuthentication.title"; }}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -