Loading projects/cadcAccessControl-Admin/src/ca/nrc/cadc/ac/admin/CommandRunner.java +45 −28 Original line number Diff line number Diff line Loading @@ -78,8 +78,10 @@ import org.apache.log4j.Logger; import ca.nrc.cadc.ac.UserNotFoundException; import ca.nrc.cadc.ac.server.UserPersistence; import ca.nrc.cadc.ac.server.ldap.LdapConfig; import ca.nrc.cadc.auth.AuthenticationUtil; import ca.nrc.cadc.auth.DelegationToken; import ca.nrc.cadc.auth.HttpPrincipal; import ca.nrc.cadc.auth.PrincipalExtractor; import ca.nrc.cadc.auth.SSOCookieCredential; import ca.nrc.cadc.auth.X509CertificateChain; Loading Loading @@ -118,20 +120,39 @@ public class CommandRunner if (userIDPrincipal == null) { // no credential, but command works with an anonymous user LOGGER.debug("running as anon user"); command.run(); // run as the operator LdapConfig config = LdapConfig.getLdapConfig(); String proxyDN = config.getProxyUserDN(); if (proxyDN == null) throw new IllegalArgumentException("No ldap account in .dbrc"); String userIDLabel = "uid="; int uidIndex = proxyDN.indexOf("uid="); int commaIndex = proxyDN.indexOf(",", userIDLabel.length()); String userID = proxyDN.substring(uidIndex + userIDLabel.length(), commaIndex); userIDPrincipal = new HttpPrincipal(userID); } else { // run as the user LOGGER.debug("running as " + userIDPrincipal.getName()); final Set<Principal> userPrincipals = new HashSet<Principal>(1); Set<Principal> userPrincipals = new HashSet<Principal>(1); userPrincipals.add(userIDPrincipal); PrincipalExtractor principalExtractor = new PrincipalExtractor() AnonPrincipalExtractor principalExtractor = new AnonPrincipalExtractor(userPrincipals); Subject subject = AuthenticationUtil.getSubject(principalExtractor); Subject.doAs(subject, command); } class AnonPrincipalExtractor implements PrincipalExtractor { Set<Principal> principals; AnonPrincipalExtractor(Set<Principal> principals) { this.principals = principals; } public Set<Principal> getPrincipals() { return userPrincipals; return principals; } public X509CertificateChain getCertificateChain() { Loading @@ -145,9 +166,5 @@ public class CommandRunner { return null; } }; Subject subject = AuthenticationUtil.getSubject(principalExtractor); Subject.doAs(subject, command); } } } Loading
projects/cadcAccessControl-Admin/src/ca/nrc/cadc/ac/admin/CommandRunner.java +45 −28 Original line number Diff line number Diff line Loading @@ -78,8 +78,10 @@ import org.apache.log4j.Logger; import ca.nrc.cadc.ac.UserNotFoundException; import ca.nrc.cadc.ac.server.UserPersistence; import ca.nrc.cadc.ac.server.ldap.LdapConfig; import ca.nrc.cadc.auth.AuthenticationUtil; import ca.nrc.cadc.auth.DelegationToken; import ca.nrc.cadc.auth.HttpPrincipal; import ca.nrc.cadc.auth.PrincipalExtractor; import ca.nrc.cadc.auth.SSOCookieCredential; import ca.nrc.cadc.auth.X509CertificateChain; Loading Loading @@ -118,20 +120,39 @@ public class CommandRunner if (userIDPrincipal == null) { // no credential, but command works with an anonymous user LOGGER.debug("running as anon user"); command.run(); // run as the operator LdapConfig config = LdapConfig.getLdapConfig(); String proxyDN = config.getProxyUserDN(); if (proxyDN == null) throw new IllegalArgumentException("No ldap account in .dbrc"); String userIDLabel = "uid="; int uidIndex = proxyDN.indexOf("uid="); int commaIndex = proxyDN.indexOf(",", userIDLabel.length()); String userID = proxyDN.substring(uidIndex + userIDLabel.length(), commaIndex); userIDPrincipal = new HttpPrincipal(userID); } else { // run as the user LOGGER.debug("running as " + userIDPrincipal.getName()); final Set<Principal> userPrincipals = new HashSet<Principal>(1); Set<Principal> userPrincipals = new HashSet<Principal>(1); userPrincipals.add(userIDPrincipal); PrincipalExtractor principalExtractor = new PrincipalExtractor() AnonPrincipalExtractor principalExtractor = new AnonPrincipalExtractor(userPrincipals); Subject subject = AuthenticationUtil.getSubject(principalExtractor); Subject.doAs(subject, command); } class AnonPrincipalExtractor implements PrincipalExtractor { Set<Principal> principals; AnonPrincipalExtractor(Set<Principal> principals) { this.principals = principals; } public Set<Principal> getPrincipals() { return userPrincipals; return principals; } public X509CertificateChain getCertificateChain() { Loading @@ -145,9 +166,5 @@ public class CommandRunner { return null; } }; Subject subject = AuthenticationUtil.getSubject(principalExtractor); Subject.doAs(subject, command); } } }
