add check timeout codes and throw TransientException; re-implement... (0a079113) · Commits · OATS-CADC / ac

projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapDAO.java

+13 −8

Original line number	Diff line number	Diff line
		@@ -227,6 +227,11 @@ public abstract class LdapDAO
		throws TransientException
		{
		logger.debug("Ldap result: " + code);
		if (code == ResultCode.SUCCESS
		\|\| code == ResultCode.NO_SUCH_OBJECT)
		{
		return;
		}

		if (code == ResultCode.INSUFFICIENT_ACCESS_RIGHTS)
		{
		@@ -236,20 +241,20 @@ public abstract class LdapDAO
		{
		throw new AccessControlException("Invalid credentials ");
		}
		else if ((code == ResultCode.SUCCESS) \|\| (code
		== ResultCode.NO_SUCH_OBJECT))
		{
		// all good. nothing to do
		}
		else if (code == ResultCode.PARAM_ERROR)
		{
		throw new IllegalArgumentException("Error in Ldap parameters ");
		}
		else if (code == ResultCode.BUSY \|\|
		code == ResultCode.CONNECT_ERROR)
		else if (code == ResultCode.BUSY
		\|\| code == ResultCode.CONNECT_ERROR)
		{
		throw new TransientException("Connection problems ");
		}
		else if (code == ResultCode.TIMEOUT
		\|\| code == ResultCode.TIME_LIMIT_EXCEEDED)
		{
		throw new TransientException("ldap timeout");
		}
		else
		{
		throw new RuntimeException("Ldap error (" + code.getName() + ")");

projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java

+96 −72

Original line number	Diff line number	Diff line
		@@ -235,7 +235,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
		for (Group groupMember : groups)
		{
		final String groupMemberID = groupMember.getID();
		if (!checkGroupExists(groupMemberID))
		if (!checkGroupExists(groupMemberID, false))
		{
		throw new GroupNotFoundException(groupMemberID);
		}
		@@ -346,12 +346,11 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
		catch (LDAPSearchException e)
		{
		logger.debug("Could not find groups root", e);
		LdapDAO.checkLdapResult(e.getResultCode());
		if (e.getResultCode() == ResultCode.NO_SUCH_OBJECT)
		{
		throw new IllegalStateException("Could not find groups root");
		}
		else if (e.getResultCode() == ResultCode.TIME_LIMIT_EXCEEDED)
		throw new TransientException("time limit exceeded", e);

		throw new IllegalStateException("unexpected failure", e);
		}
		@@ -622,7 +621,8 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
		{
		mods.add(new Modification(ModificationType.REPLACE, "description", group.description));
		}

		try
		{
		Set<String> newMembers = new HashSet<String>();
		for (User<?> member : group.getUserMembers())
		{
		@@ -631,7 +631,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
		}
		for (Group gr : group.getGroupMembers())
		{
		if (!checkGroupExists(gr.getID()))
		if (!checkGroupExists(gr.getID(), false))
		{
		throw new GroupNotFoundException(gr.getID());
		}
		@@ -662,7 +662,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
		}
		for (Group gr : group.getGroupAdmins())
		{
		if (!checkGroupExists(gr.getID()))
		if (!checkGroupExists(gr.getID(), false))
		{
		throw new GroupNotFoundException(gr.getID());
		}
		@@ -680,8 +680,6 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
		adminMods.add(new Modification(ModificationType.REPLACE, "uniquemember",
		(String[]) newAdmins.toArray(new String[newAdmins.size()])));

		try
		{
		// modify admin group first (if necessary)
		if (adminChanges)
		{
		@@ -1117,17 +1115,43 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
		}
		}

		private boolean checkGroupExists(String groupID)
		throws TransientException
		private boolean checkGroupExists(String groupID, boolean lockedGroupsExist)
		throws LDAPException, TransientException
		{
		for (String groupName : getGroupNames())
		try
		{
		if (groupName.equalsIgnoreCase(groupID))
		DN groupDN = getGroupDN(groupID);
		Filter filter = Filter.createEqualityFilter("entrydn", groupDN.toNormalizedString());

		SearchRequest searchRequest = new SearchRequest(
		config.getGroupsDN(), SearchScope.SUB, filter,
		"cn", "nsaccountlock");

		//searchRequest.addControl(
		// new ProxiedAuthorizationV2RequestControl("dn:" +
		// getSubjectDN().toNormalizedString()));

		SearchResultEntry searchResult =
		getConnection().searchForEntry(searchRequest);

		if (searchResult == null)
		{
		return true;
		String msg = "Group not found " + groupDN;
		logger.debug(msg);
		return false;
		}

		if (searchResult.getAttribute("nsaccountlock") != null)
		{
		// deleted group
		String msg = "Group marked deleted " + groupDN;
		logger.debug(msg);
		return lockedGroupsExist;
		}
		return false;

		return true;
		}
		finally { }
		}

		}