Loading projects/cadcAccessControl-Server/src/ca/nrc/cadc/auth/AuthenticatorImpl.java +1 −0 Original line number Diff line number Diff line Loading @@ -165,6 +165,7 @@ public class AuthenticatorImpl implements Authenticator } } user.appData = null; // avoid loop that prevents GC??? profiler.checkpoint("augmentSubject"); } catch (UserNotFoundException e) Loading projects/cadcAccessControl/src/ca/nrc/cadc/ac/client/UserClient.java +32 −22 Original line number Diff line number Diff line Loading @@ -68,21 +68,21 @@ */ package ca.nrc.cadc.ac.client; import java.io.*; import java.io.ByteArrayOutputStream; import java.net.MalformedURLException; import java.net.URL; import java.security.Principal; import java.util.Iterator; import java.util.Set; import javax.security.auth.Subject; import ca.nrc.cadc.ac.*; import javax.security.auth.x500.X500Principal; import org.apache.log4j.Logger; import ca.nrc.cadc.ac.User; import ca.nrc.cadc.ac.xml.UserReader; import ca.nrc.cadc.auth.AuthenticationUtil; import ca.nrc.cadc.auth.NumericPrincipal; import ca.nrc.cadc.net.HttpDownload; import ca.nrc.cadc.net.NetUtil; Loading Loading @@ -169,26 +169,36 @@ public class UserClient } } protected Principal getPrincipal(final Subject subject) { Set<Principal> principals = subject.getPrincipals(); Iterator<Principal> iterator = principals.iterator(); if (iterator.hasNext()) if (subject == null || subject.getPrincipals() == null || subject.getPrincipals().isEmpty()) { Principal principal = iterator.next(); if (iterator.hasNext()) return null; } if (subject.getPrincipals().size() == 1) { // Should only have one principal final String msg = "Subject has more than one principal."; throw new IllegalArgumentException(msg); return subject.getPrincipals().iterator().next(); } return principal; // in the case that there is more than one principal in the // subject, favor x500 principals then numeric principals Set<X500Principal> x500Principals = subject.getPrincipals(X500Principal.class); if (x500Principals.size() > 0) { return x500Principals.iterator().next(); } else Set<NumericPrincipal> numericPrincipals = subject.getPrincipals(NumericPrincipal.class); if (numericPrincipals.size() > 0) { return null; return numericPrincipals.iterator().next(); } // just return the first one return subject.getPrincipals().iterator().next(); } protected Set<Principal> getPrincipals(ByteArrayOutputStream out) Loading projects/cadcAccessControl/test/src/ca/nrc/cadc/ac/client/UserClientTest.java +106 −36 Original line number Diff line number Diff line Loading @@ -77,9 +77,12 @@ import java.security.Principal; import javax.management.remote.JMXPrincipal; import javax.security.auth.Subject; import javax.security.auth.x500.X500Principal; import org.apache.log4j.Level; import org.apache.log4j.Logger; import org.junit.Assert; import org.junit.Test; import ca.nrc.cadc.ac.AC; import ca.nrc.cadc.auth.HttpPrincipal; Loading @@ -87,9 +90,6 @@ import ca.nrc.cadc.auth.NumericPrincipal; import ca.nrc.cadc.reg.client.RegistryClient; import ca.nrc.cadc.util.Log4jInit; import org.junit.Assert; import org.junit.Test; public class UserClientTest { Loading Loading @@ -153,21 +153,22 @@ public class UserClientTest } } @Test public void testSubjectWithMultiplePrincipal() public void testSubjectWithUnsupportedPrincipal() { Principal principal = new JMXPrincipal("APIName"); try { // test subject augmentation given a subject with more than one principal Subject subject = new Subject(); subject.getPrincipals().add(new NumericPrincipal(4)); subject.getPrincipals().add(new HttpPrincipal("cadcauthtest1")); subject.getPrincipals().add(principal); this.createUserClient().augmentSubject(subject); Assert.fail("Expecting an IllegalArgumentException."); } catch(IllegalArgumentException e) { String expected = "Subject has more than one principal."; String expected = "Subject has unsupported principal " + principal.getName(); Assert.assertEquals(expected, e.getMessage()); } catch(Throwable t) Loading @@ -176,35 +177,104 @@ public class UserClientTest } } protected UserClient createUserClient() throws URISyntaxException, MalformedURLException { RegistryClient regClient = new RegistryClient(); URI serviceURI = new URI(AC.GMS_SERVICE_URI); URL baseURL = regClient.getServiceURL(serviceURI, "https"); return new UserClient(baseURL.toString()); } @Test public void testSubjectWithUnsupportedPrincipal() public void testGetSinglePrincipal() { Principal principal = new JMXPrincipal("APIName"); try { // test subject augmentation given a subject with more than one principal Subject subject = new Subject(); subject.getPrincipals().add(principal); this.createUserClient().augmentSubject(subject); Assert.fail("Expecting an IllegalArgumentException."); RegistryClient rc = new RegistryClient(); URL u = rc.getServiceURL(new URI("ivo://cadc.nrc.ca/canfargms")); UserClient c = new UserClient(u.toString()); Subject s = new Subject(); s.getPrincipals().add(new HttpPrincipal("bob")); Principal p = c.getPrincipal(s); Assert.assertTrue(p instanceof HttpPrincipal); Assert.assertEquals("bob", p.getName()); } catch(IllegalArgumentException e) catch (Throwable t) { String expected = "Subject has unsupported principal " + principal.getName(); Assert.assertEquals(expected, e.getMessage()); log.error("Unexpected exception", t); Assert.fail("Unexpected exception: " + t); } } @Test public void testGetMultiplePrincipals1() { try { RegistryClient rc = new RegistryClient(); URL u = rc.getServiceURL(new URI("ivo://cadc.nrc.ca/canfargms")); UserClient c = new UserClient(u.toString()); Subject s = new Subject(); s.getPrincipals().add(new HttpPrincipal("bob")); s.getPrincipals().add(new NumericPrincipal(1)); Principal p = c.getPrincipal(s); Assert.assertTrue(p instanceof NumericPrincipal); Assert.assertEquals("1", p.getName()); } catch (Throwable t) { Assert.fail("Unexpected exception: " + t.getMessage()); log.error("Unexpected exception", t); Assert.fail("Unexpected exception: " + t); } } protected UserClient createUserClient() throws URISyntaxException, MalformedURLException @Test public void testGetMultiplePrincipals2() { RegistryClient regClient = new RegistryClient(); URI serviceURI = new URI(AC.GMS_SERVICE_URI); URL baseURL = regClient.getServiceURL(serviceURI, "https"); return new UserClient(baseURL.toString()); try { RegistryClient rc = new RegistryClient(); URL u = rc.getServiceURL(new URI("ivo://cadc.nrc.ca/canfargms")); UserClient c = new UserClient(u.toString()); Subject s = new Subject(); s.getPrincipals().add(new NumericPrincipal(1)); s.getPrincipals().add(new HttpPrincipal("bob")); Principal p = c.getPrincipal(s); Assert.assertTrue(p instanceof NumericPrincipal); Assert.assertEquals("1", p.getName()); } catch (Throwable t) { log.error("Unexpected exception", t); Assert.fail("Unexpected exception: " + t); } } @Test public void testGetMultiplePrincipals3() { try { RegistryClient rc = new RegistryClient(); URL u = rc.getServiceURL(new URI("ivo://cadc.nrc.ca/canfargms")); UserClient c = new UserClient(u.toString()); Subject s = new Subject(); s.getPrincipals().add(new NumericPrincipal(1)); s.getPrincipals().add(new X500Principal("CN=majorb")); s.getPrincipals().add(new HttpPrincipal("bob")); Principal p = c.getPrincipal(s); Assert.assertTrue(p instanceof X500Principal); Assert.assertEquals("CN=majorb", p.getName()); } catch (Throwable t) { log.error("Unexpected exception", t); Assert.fail("Unexpected exception: " + t); } } } Loading
projects/cadcAccessControl-Server/src/ca/nrc/cadc/auth/AuthenticatorImpl.java +1 −0 Original line number Diff line number Diff line Loading @@ -165,6 +165,7 @@ public class AuthenticatorImpl implements Authenticator } } user.appData = null; // avoid loop that prevents GC??? profiler.checkpoint("augmentSubject"); } catch (UserNotFoundException e) Loading
projects/cadcAccessControl/src/ca/nrc/cadc/ac/client/UserClient.java +32 −22 Original line number Diff line number Diff line Loading @@ -68,21 +68,21 @@ */ package ca.nrc.cadc.ac.client; import java.io.*; import java.io.ByteArrayOutputStream; import java.net.MalformedURLException; import java.net.URL; import java.security.Principal; import java.util.Iterator; import java.util.Set; import javax.security.auth.Subject; import ca.nrc.cadc.ac.*; import javax.security.auth.x500.X500Principal; import org.apache.log4j.Logger; import ca.nrc.cadc.ac.User; import ca.nrc.cadc.ac.xml.UserReader; import ca.nrc.cadc.auth.AuthenticationUtil; import ca.nrc.cadc.auth.NumericPrincipal; import ca.nrc.cadc.net.HttpDownload; import ca.nrc.cadc.net.NetUtil; Loading Loading @@ -169,26 +169,36 @@ public class UserClient } } protected Principal getPrincipal(final Subject subject) { Set<Principal> principals = subject.getPrincipals(); Iterator<Principal> iterator = principals.iterator(); if (iterator.hasNext()) if (subject == null || subject.getPrincipals() == null || subject.getPrincipals().isEmpty()) { Principal principal = iterator.next(); if (iterator.hasNext()) return null; } if (subject.getPrincipals().size() == 1) { // Should only have one principal final String msg = "Subject has more than one principal."; throw new IllegalArgumentException(msg); return subject.getPrincipals().iterator().next(); } return principal; // in the case that there is more than one principal in the // subject, favor x500 principals then numeric principals Set<X500Principal> x500Principals = subject.getPrincipals(X500Principal.class); if (x500Principals.size() > 0) { return x500Principals.iterator().next(); } else Set<NumericPrincipal> numericPrincipals = subject.getPrincipals(NumericPrincipal.class); if (numericPrincipals.size() > 0) { return null; return numericPrincipals.iterator().next(); } // just return the first one return subject.getPrincipals().iterator().next(); } protected Set<Principal> getPrincipals(ByteArrayOutputStream out) Loading
projects/cadcAccessControl/test/src/ca/nrc/cadc/ac/client/UserClientTest.java +106 −36 Original line number Diff line number Diff line Loading @@ -77,9 +77,12 @@ import java.security.Principal; import javax.management.remote.JMXPrincipal; import javax.security.auth.Subject; import javax.security.auth.x500.X500Principal; import org.apache.log4j.Level; import org.apache.log4j.Logger; import org.junit.Assert; import org.junit.Test; import ca.nrc.cadc.ac.AC; import ca.nrc.cadc.auth.HttpPrincipal; Loading @@ -87,9 +90,6 @@ import ca.nrc.cadc.auth.NumericPrincipal; import ca.nrc.cadc.reg.client.RegistryClient; import ca.nrc.cadc.util.Log4jInit; import org.junit.Assert; import org.junit.Test; public class UserClientTest { Loading Loading @@ -153,21 +153,22 @@ public class UserClientTest } } @Test public void testSubjectWithMultiplePrincipal() public void testSubjectWithUnsupportedPrincipal() { Principal principal = new JMXPrincipal("APIName"); try { // test subject augmentation given a subject with more than one principal Subject subject = new Subject(); subject.getPrincipals().add(new NumericPrincipal(4)); subject.getPrincipals().add(new HttpPrincipal("cadcauthtest1")); subject.getPrincipals().add(principal); this.createUserClient().augmentSubject(subject); Assert.fail("Expecting an IllegalArgumentException."); } catch(IllegalArgumentException e) { String expected = "Subject has more than one principal."; String expected = "Subject has unsupported principal " + principal.getName(); Assert.assertEquals(expected, e.getMessage()); } catch(Throwable t) Loading @@ -176,35 +177,104 @@ public class UserClientTest } } protected UserClient createUserClient() throws URISyntaxException, MalformedURLException { RegistryClient regClient = new RegistryClient(); URI serviceURI = new URI(AC.GMS_SERVICE_URI); URL baseURL = regClient.getServiceURL(serviceURI, "https"); return new UserClient(baseURL.toString()); } @Test public void testSubjectWithUnsupportedPrincipal() public void testGetSinglePrincipal() { Principal principal = new JMXPrincipal("APIName"); try { // test subject augmentation given a subject with more than one principal Subject subject = new Subject(); subject.getPrincipals().add(principal); this.createUserClient().augmentSubject(subject); Assert.fail("Expecting an IllegalArgumentException."); RegistryClient rc = new RegistryClient(); URL u = rc.getServiceURL(new URI("ivo://cadc.nrc.ca/canfargms")); UserClient c = new UserClient(u.toString()); Subject s = new Subject(); s.getPrincipals().add(new HttpPrincipal("bob")); Principal p = c.getPrincipal(s); Assert.assertTrue(p instanceof HttpPrincipal); Assert.assertEquals("bob", p.getName()); } catch(IllegalArgumentException e) catch (Throwable t) { String expected = "Subject has unsupported principal " + principal.getName(); Assert.assertEquals(expected, e.getMessage()); log.error("Unexpected exception", t); Assert.fail("Unexpected exception: " + t); } } @Test public void testGetMultiplePrincipals1() { try { RegistryClient rc = new RegistryClient(); URL u = rc.getServiceURL(new URI("ivo://cadc.nrc.ca/canfargms")); UserClient c = new UserClient(u.toString()); Subject s = new Subject(); s.getPrincipals().add(new HttpPrincipal("bob")); s.getPrincipals().add(new NumericPrincipal(1)); Principal p = c.getPrincipal(s); Assert.assertTrue(p instanceof NumericPrincipal); Assert.assertEquals("1", p.getName()); } catch (Throwable t) { Assert.fail("Unexpected exception: " + t.getMessage()); log.error("Unexpected exception", t); Assert.fail("Unexpected exception: " + t); } } protected UserClient createUserClient() throws URISyntaxException, MalformedURLException @Test public void testGetMultiplePrincipals2() { RegistryClient regClient = new RegistryClient(); URI serviceURI = new URI(AC.GMS_SERVICE_URI); URL baseURL = regClient.getServiceURL(serviceURI, "https"); return new UserClient(baseURL.toString()); try { RegistryClient rc = new RegistryClient(); URL u = rc.getServiceURL(new URI("ivo://cadc.nrc.ca/canfargms")); UserClient c = new UserClient(u.toString()); Subject s = new Subject(); s.getPrincipals().add(new NumericPrincipal(1)); s.getPrincipals().add(new HttpPrincipal("bob")); Principal p = c.getPrincipal(s); Assert.assertTrue(p instanceof NumericPrincipal); Assert.assertEquals("1", p.getName()); } catch (Throwable t) { log.error("Unexpected exception", t); Assert.fail("Unexpected exception: " + t); } } @Test public void testGetMultiplePrincipals3() { try { RegistryClient rc = new RegistryClient(); URL u = rc.getServiceURL(new URI("ivo://cadc.nrc.ca/canfargms")); UserClient c = new UserClient(u.toString()); Subject s = new Subject(); s.getPrincipals().add(new NumericPrincipal(1)); s.getPrincipals().add(new X500Principal("CN=majorb")); s.getPrincipals().add(new HttpPrincipal("bob")); Principal p = c.getPrincipal(s); Assert.assertTrue(p instanceof X500Principal); Assert.assertEquals("CN=majorb", p.getName()); } catch (Throwable t) { log.error("Unexpected exception", t); Assert.fail("Unexpected exception: " + t); } } }
