Loading projects/cadcAccessControl-Server/build.xml +1 −0 Original line number Diff line number Diff line Loading @@ -145,6 +145,7 @@ <!--<test name="ca.nrc.cadc.ac.server.ldap.LdapDAOTestImpl" />--> <test name="ca.nrc.cadc.ac.server.ldap.LdapGroupDAOTest" /> <!--<test name="ca.nrc.cadc.ac.server.web.GroupActionFactoryTest" />--> <!--<test name="ca.nrc.cadc.ac.server.ldap.LdapUserDAOTest" />--> <formatter type="plain" usefile="false" /> </junit> </target> Loading projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/GroupPersistence.java +8 −22 Original line number Diff line number Diff line Loading @@ -71,8 +71,8 @@ package ca.nrc.cadc.ac.server; import ca.nrc.cadc.ac.Group; import ca.nrc.cadc.ac.GroupAlreadyExistsException; import ca.nrc.cadc.ac.GroupNotFoundException; import ca.nrc.cadc.ac.IdentityType; import ca.nrc.cadc.ac.Role; import ca.nrc.cadc.ac.User; import ca.nrc.cadc.ac.UserNotFoundException; import ca.nrc.cadc.net.TransientException; import java.security.AccessControlException; Loading Loading @@ -145,35 +145,21 @@ public abstract interface GroupPersistence<T extends Principal> /** * Obtain a Collection of Groups that fit the given query. * * @param user user * @param userID The userID. * @param role Role of the user, either owner, member, or read/write. * @param groupID The Group ID. * * @return Collection of Groups matching the query, or empty Collection. * Never null. * * @throws UserNotFoundException If owner or group members not valid users. * @throws ca.nrc.cadc.ac.GroupNotFoundException * @throws TransientException If an temporary, unexpected problem occurred. * @throws AccessControlException If the operation is not permitted. */ public abstract Collection<Group> getGroups(User<T> user, Role role) throws UserNotFoundException, TransientException, AccessControlException; /** * Check whether the user is a member of the group. * * @param user user * @param groupID ID of group * * @return true or false * * @throws GroupNotFoundException If the group was not found. * @throws TransientException If an temporary, unexpected problem occurred. * @throws AccessControlException If the operation is not permitted. * @throws ca.nrc.cadc.ac.UserNotFoundException */ public abstract boolean isMember(User<T> user, String groupID) throws GroupNotFoundException, TransientException, AccessControlException, UserNotFoundException; public abstract Collection<Group> searchGroups(T userID, Role role, String groupID) throws UserNotFoundException, GroupNotFoundException, TransientException, AccessControlException; } projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/RequestValidator.java 0 → 100644 +179 −0 Original line number Diff line number Diff line /* ************************************************************************ ******************* CANADIAN ASTRONOMY DATA CENTRE ******************* ************** CENTRE CANADIEN DE DONNÉES ASTRONOMIQUES ************** * * (c) 2014. (c) 2014. * Government of Canada Gouvernement du Canada * National Research Council Conseil national de recherches * Ottawa, Canada, K1A 0R6 Ottawa, Canada, K1A 0R6 * All rights reserved Tous droits réservés * * NRC disclaims any warranties, Le CNRC dénie toute garantie * expressed, implied, or énoncée, implicite ou légale, * statutory, of any kind with de quelque nature que ce * respect to the software, soit, concernant le logiciel, * including without limitation y compris sans restriction * any warranty of merchantability toute garantie de valeur * or fitness for a particular marchande ou de pertinence * purpose. NRC shall not be pour un usage particulier. * liable in any event for any Le CNRC ne pourra en aucun cas * damages, whether direct or être tenu responsable de tout * indirect, special or general, dommage, direct ou indirect, * consequential or incidental, particulier ou général, * arising from the use of the accessoire ou fortuit, résultant * software. Neither the name de l'utilisation du logiciel. Ni * of the National Research le nom du Conseil National de * Council of Canada nor the Recherches du Canada ni les noms * names of its contributors may de ses participants ne peuvent * be used to endorse or promote être utilisés pour approuver ou * products derived from this promouvoir les produits dérivés * software without specific prior de ce logiciel sans autorisation * written permission. préalable et particulière * par écrit. * * This file is part of the Ce fichier fait partie du projet * OpenCADC project. OpenCADC. * * OpenCADC is free software: OpenCADC est un logiciel libre ; * you can redistribute it and/or vous pouvez le redistribuer ou le * modify it under the terms of modifier suivant les termes de * the GNU Affero General Public la “GNU Affero General Public * License as published by the License” telle que publiée * Free Software Foundation, par la Free Software Foundation * either version 3 of the : soit la version 3 de cette * License, or (at your option) licence, soit (à votre gré) * any later version. toute version ultérieure. * * OpenCADC is distributed in the OpenCADC est distribué * hope that it will be useful, dans l’espoir qu’il vous * but WITHOUT ANY WARRANTY; sera utile, mais SANS AUCUNE * without even the implied GARANTIE : sans même la garantie * warranty of MERCHANTABILITY implicite de COMMERCIALISABILITÉ * or FITNESS FOR A PARTICULAR ni d’ADÉQUATION À UN OBJECTIF * PURPOSE. See the GNU Affero PARTICULIER. Consultez la Licence * General Public License for Générale Publique GNU Affero * more details. pour plus de détails. * * You should have received Vous devriez avoir reçu une * a copy of the GNU Affero copie de la Licence Générale * General Public License along Publique GNU Affero avec * with OpenCADC. If not, see OpenCADC ; si ce n’est * <http://www.gnu.org/licenses/>. pas le cas, consultez : * <http://www.gnu.org/licenses/>. * * $Revision: 4 $ * ************************************************************************ */ package ca.nrc.cadc.ac.server; import ca.nrc.cadc.ac.IdentityType; import ca.nrc.cadc.ac.Role; import ca.nrc.cadc.uws.Parameter; import ca.nrc.cadc.uws.ParameterUtil; import java.util.List; import org.apache.log4j.Logger; /** * Request Validator. This class extracts and validates the ID, TYPE, ROLE * and GURI parameters. * */ public class RequestValidator { private static final Logger log = Logger.getLogger(RequestValidator.class); private String id; private IdentityType type; private Role role; private String guri; public RequestValidator() { } private void clear() { this.id = null; this.type = null; this.role = null; this.guri = null; } public void validate(List<Parameter> paramList) { clear(); if (paramList == null || paramList.isEmpty()) { throw new IllegalArgumentException( "Missing required parameters: ID and TYPE"); } // ID String param = ParameterUtil.findParameterValue("ID", paramList); if (param == null || param.trim().isEmpty()) { throw new IllegalArgumentException( "ID parameter required but not found"); } this.id = param.trim(); log.debug("ID: " + id); // TYPE param = ParameterUtil.findParameterValue("TYPE", paramList); if (param == null || param.trim().isEmpty()) { throw new IllegalArgumentException( "TYPE parameter required but not found"); } this.type = IdentityType.toValue(param); log.debug("TYPE: " + type); // ROLE param = ParameterUtil.findParameterValue("ROLE", paramList); if (param == null || param.trim().isEmpty()) { throw new IllegalArgumentException( "ROLE parameter required but not found"); } this.role = Role.toValue(param); log.debug("ROLE: " + role); // GURI param = ParameterUtil.findParameterValue("GURI", paramList); if (param != null) { if (param.isEmpty()) throw new IllegalArgumentException( "GURI parameter specified without a value"); this.guri = param.trim(); } log.debug("GURI: " + guri); if (role != null && guri != null) { throw new IllegalArgumentException( "ROLE and GURI cannot be used in the same search"); } } public String getId() { return id; } public IdentityType getType() { return type; } public Role getRole() { return role; } public String getGUri() { return guri; } } projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/UserPersistence.java +33 −1 Original line number Diff line number Diff line Loading @@ -68,11 +68,13 @@ */ package ca.nrc.cadc.ac.server; import ca.nrc.cadc.ac.Group; import ca.nrc.cadc.ac.User; import ca.nrc.cadc.ac.UserNotFoundException; import ca.nrc.cadc.net.TransientException; import java.security.AccessControlException; import java.security.Principal; import java.util.Collection; public abstract interface UserPersistence<T extends Principal> { Loading @@ -82,11 +84,41 @@ public abstract interface UserPersistence<T extends Principal> * @param userID The userID. * * @return User instance. * @throws UserNotFoundException when the member is not found. * * @throws UserNotFoundException when the user is not found. * @throws TransientException If an temporary, unexpected problem occurred. * @throws AccessControlException If the operation is not permitted. */ public abstract User<T> getUser(T userID) throws UserNotFoundException, TransientException, AccessControlException; /** * Get all groups the user specified by userID belongs to. * * @param userID The userID. * * @return Collection of Group instances. * * @throws UserNotFoundException when the user is not found. * @throws TransientException If an temporary, unexpected problem occurred. * @throws AccessControlException If the operation is not permitted. */ public abstract Collection<Group> getUserGroups(T userID) throws UserNotFoundException, TransientException, AccessControlException; /** * Check whether the user is a member of the group. * * @param userID The userID. * @param groupID The groupID. * * @return true or false * * @throws UserNotFoundException If the user is not found. * @throws TransientException If an temporary, unexpected problem occurred. * @throws AccessControlException If the operation is not permitted. */ public abstract boolean isMember(T userID, String groupID) throws UserNotFoundException, TransientException, AccessControlException; } projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java +416 −112 File changed.Preview size limit exceeded, changes collapsed. Show changes Loading
projects/cadcAccessControl-Server/build.xml +1 −0 Original line number Diff line number Diff line Loading @@ -145,6 +145,7 @@ <!--<test name="ca.nrc.cadc.ac.server.ldap.LdapDAOTestImpl" />--> <test name="ca.nrc.cadc.ac.server.ldap.LdapGroupDAOTest" /> <!--<test name="ca.nrc.cadc.ac.server.web.GroupActionFactoryTest" />--> <!--<test name="ca.nrc.cadc.ac.server.ldap.LdapUserDAOTest" />--> <formatter type="plain" usefile="false" /> </junit> </target> Loading
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/GroupPersistence.java +8 −22 Original line number Diff line number Diff line Loading @@ -71,8 +71,8 @@ package ca.nrc.cadc.ac.server; import ca.nrc.cadc.ac.Group; import ca.nrc.cadc.ac.GroupAlreadyExistsException; import ca.nrc.cadc.ac.GroupNotFoundException; import ca.nrc.cadc.ac.IdentityType; import ca.nrc.cadc.ac.Role; import ca.nrc.cadc.ac.User; import ca.nrc.cadc.ac.UserNotFoundException; import ca.nrc.cadc.net.TransientException; import java.security.AccessControlException; Loading Loading @@ -145,35 +145,21 @@ public abstract interface GroupPersistence<T extends Principal> /** * Obtain a Collection of Groups that fit the given query. * * @param user user * @param userID The userID. * @param role Role of the user, either owner, member, or read/write. * @param groupID The Group ID. * * @return Collection of Groups matching the query, or empty Collection. * Never null. * * @throws UserNotFoundException If owner or group members not valid users. * @throws ca.nrc.cadc.ac.GroupNotFoundException * @throws TransientException If an temporary, unexpected problem occurred. * @throws AccessControlException If the operation is not permitted. */ public abstract Collection<Group> getGroups(User<T> user, Role role) throws UserNotFoundException, TransientException, AccessControlException; /** * Check whether the user is a member of the group. * * @param user user * @param groupID ID of group * * @return true or false * * @throws GroupNotFoundException If the group was not found. * @throws TransientException If an temporary, unexpected problem occurred. * @throws AccessControlException If the operation is not permitted. * @throws ca.nrc.cadc.ac.UserNotFoundException */ public abstract boolean isMember(User<T> user, String groupID) throws GroupNotFoundException, TransientException, AccessControlException, UserNotFoundException; public abstract Collection<Group> searchGroups(T userID, Role role, String groupID) throws UserNotFoundException, GroupNotFoundException, TransientException, AccessControlException; }
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/RequestValidator.java 0 → 100644 +179 −0 Original line number Diff line number Diff line /* ************************************************************************ ******************* CANADIAN ASTRONOMY DATA CENTRE ******************* ************** CENTRE CANADIEN DE DONNÉES ASTRONOMIQUES ************** * * (c) 2014. (c) 2014. * Government of Canada Gouvernement du Canada * National Research Council Conseil national de recherches * Ottawa, Canada, K1A 0R6 Ottawa, Canada, K1A 0R6 * All rights reserved Tous droits réservés * * NRC disclaims any warranties, Le CNRC dénie toute garantie * expressed, implied, or énoncée, implicite ou légale, * statutory, of any kind with de quelque nature que ce * respect to the software, soit, concernant le logiciel, * including without limitation y compris sans restriction * any warranty of merchantability toute garantie de valeur * or fitness for a particular marchande ou de pertinence * purpose. NRC shall not be pour un usage particulier. * liable in any event for any Le CNRC ne pourra en aucun cas * damages, whether direct or être tenu responsable de tout * indirect, special or general, dommage, direct ou indirect, * consequential or incidental, particulier ou général, * arising from the use of the accessoire ou fortuit, résultant * software. Neither the name de l'utilisation du logiciel. Ni * of the National Research le nom du Conseil National de * Council of Canada nor the Recherches du Canada ni les noms * names of its contributors may de ses participants ne peuvent * be used to endorse or promote être utilisés pour approuver ou * products derived from this promouvoir les produits dérivés * software without specific prior de ce logiciel sans autorisation * written permission. préalable et particulière * par écrit. * * This file is part of the Ce fichier fait partie du projet * OpenCADC project. OpenCADC. * * OpenCADC is free software: OpenCADC est un logiciel libre ; * you can redistribute it and/or vous pouvez le redistribuer ou le * modify it under the terms of modifier suivant les termes de * the GNU Affero General Public la “GNU Affero General Public * License as published by the License” telle que publiée * Free Software Foundation, par la Free Software Foundation * either version 3 of the : soit la version 3 de cette * License, or (at your option) licence, soit (à votre gré) * any later version. toute version ultérieure. * * OpenCADC is distributed in the OpenCADC est distribué * hope that it will be useful, dans l’espoir qu’il vous * but WITHOUT ANY WARRANTY; sera utile, mais SANS AUCUNE * without even the implied GARANTIE : sans même la garantie * warranty of MERCHANTABILITY implicite de COMMERCIALISABILITÉ * or FITNESS FOR A PARTICULAR ni d’ADÉQUATION À UN OBJECTIF * PURPOSE. See the GNU Affero PARTICULIER. Consultez la Licence * General Public License for Générale Publique GNU Affero * more details. pour plus de détails. * * You should have received Vous devriez avoir reçu une * a copy of the GNU Affero copie de la Licence Générale * General Public License along Publique GNU Affero avec * with OpenCADC. If not, see OpenCADC ; si ce n’est * <http://www.gnu.org/licenses/>. pas le cas, consultez : * <http://www.gnu.org/licenses/>. * * $Revision: 4 $ * ************************************************************************ */ package ca.nrc.cadc.ac.server; import ca.nrc.cadc.ac.IdentityType; import ca.nrc.cadc.ac.Role; import ca.nrc.cadc.uws.Parameter; import ca.nrc.cadc.uws.ParameterUtil; import java.util.List; import org.apache.log4j.Logger; /** * Request Validator. This class extracts and validates the ID, TYPE, ROLE * and GURI parameters. * */ public class RequestValidator { private static final Logger log = Logger.getLogger(RequestValidator.class); private String id; private IdentityType type; private Role role; private String guri; public RequestValidator() { } private void clear() { this.id = null; this.type = null; this.role = null; this.guri = null; } public void validate(List<Parameter> paramList) { clear(); if (paramList == null || paramList.isEmpty()) { throw new IllegalArgumentException( "Missing required parameters: ID and TYPE"); } // ID String param = ParameterUtil.findParameterValue("ID", paramList); if (param == null || param.trim().isEmpty()) { throw new IllegalArgumentException( "ID parameter required but not found"); } this.id = param.trim(); log.debug("ID: " + id); // TYPE param = ParameterUtil.findParameterValue("TYPE", paramList); if (param == null || param.trim().isEmpty()) { throw new IllegalArgumentException( "TYPE parameter required but not found"); } this.type = IdentityType.toValue(param); log.debug("TYPE: " + type); // ROLE param = ParameterUtil.findParameterValue("ROLE", paramList); if (param == null || param.trim().isEmpty()) { throw new IllegalArgumentException( "ROLE parameter required but not found"); } this.role = Role.toValue(param); log.debug("ROLE: " + role); // GURI param = ParameterUtil.findParameterValue("GURI", paramList); if (param != null) { if (param.isEmpty()) throw new IllegalArgumentException( "GURI parameter specified without a value"); this.guri = param.trim(); } log.debug("GURI: " + guri); if (role != null && guri != null) { throw new IllegalArgumentException( "ROLE and GURI cannot be used in the same search"); } } public String getId() { return id; } public IdentityType getType() { return type; } public Role getRole() { return role; } public String getGUri() { return guri; } }
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/UserPersistence.java +33 −1 Original line number Diff line number Diff line Loading @@ -68,11 +68,13 @@ */ package ca.nrc.cadc.ac.server; import ca.nrc.cadc.ac.Group; import ca.nrc.cadc.ac.User; import ca.nrc.cadc.ac.UserNotFoundException; import ca.nrc.cadc.net.TransientException; import java.security.AccessControlException; import java.security.Principal; import java.util.Collection; public abstract interface UserPersistence<T extends Principal> { Loading @@ -82,11 +84,41 @@ public abstract interface UserPersistence<T extends Principal> * @param userID The userID. * * @return User instance. * @throws UserNotFoundException when the member is not found. * * @throws UserNotFoundException when the user is not found. * @throws TransientException If an temporary, unexpected problem occurred. * @throws AccessControlException If the operation is not permitted. */ public abstract User<T> getUser(T userID) throws UserNotFoundException, TransientException, AccessControlException; /** * Get all groups the user specified by userID belongs to. * * @param userID The userID. * * @return Collection of Group instances. * * @throws UserNotFoundException when the user is not found. * @throws TransientException If an temporary, unexpected problem occurred. * @throws AccessControlException If the operation is not permitted. */ public abstract Collection<Group> getUserGroups(T userID) throws UserNotFoundException, TransientException, AccessControlException; /** * Check whether the user is a member of the group. * * @param userID The userID. * @param groupID The groupID. * * @return true or false * * @throws UserNotFoundException If the user is not found. * @throws TransientException If an temporary, unexpected problem occurred. * @throws AccessControlException If the operation is not permitted. */ public abstract boolean isMember(T userID, String groupID) throws UserNotFoundException, TransientException, AccessControlException; }
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java +416 −112 File changed.Preview size limit exceeded, changes collapsed. Show changes
