Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
OATS-CADC
ac
Commits
1769bdf7
Commit
1769bdf7
authored
Jun 13, 2016
by
Brian Major
Browse files
Merge branch 's1885'
parents
66d1cf3e
683a0f73
Changes
2
Hide whitespace changes
Inline
Side-by-side
cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/UserServlet.java
View file @
1769bdf7
...
...
@@ -75,6 +75,8 @@ import java.security.PrivilegedActionException;
import
java.util.ArrayList
;
import
java.util.List
;
import
java.util.Set
;
import
java.util.regex.Matcher
;
import
java.util.regex.Pattern
;
import
javax.security.auth.Subject
;
import
javax.security.auth.x500.X500Principal
;
...
...
@@ -104,7 +106,7 @@ public class UserServlet extends HttpServlet
private
static
final
long
serialVersionUID
=
5289130885807305288L
;
private
static
final
Logger
log
=
Logger
.
getLogger
(
UserServlet
.
class
);
pr
ivate
List
<
Subject
>
privilegedSubjects
;
pr
otected
List
<
Subject
>
privilegedSubjects
;
private
UserPersistence
userPersistence
;
...
...
@@ -121,24 +123,37 @@ public class UserServlet extends HttpServlet
String
httpUsers
=
config
.
getInitParameter
(
UserServlet
.
class
.
getName
()
+
".PrivilegedHttpPrincipals"
);
log
.
debug
(
"PrivilegedHttpUsers: "
+
httpUsers
);
String
[]
x500List
=
new
String
[
0
]
;
String
[]
httpList
=
new
String
[
0
]
;
List
<
String
>
x500List
=
new
ArrayList
<
String
>()
;
List
<
String
>
httpList
=
new
ArrayList
<
String
>()
;
if
(
x500Users
!=
null
&&
httpUsers
!=
null
)
{
x500List
=
x500Users
.
split
(
" "
);
httpList
=
httpUsers
.
split
(
" "
);
Pattern
pattern
=
Pattern
.
compile
(
"([^\"]\\S*|\".+?\")\\s*"
);
Matcher
x500Matcher
=
pattern
.
matcher
(
x500Users
);
Matcher
httpMatcher
=
pattern
.
matcher
(
httpUsers
);
if
(
x500List
.
length
!=
httpList
.
length
)
while
(
x500Matcher
.
find
())
{
String
next
=
x500Matcher
.
group
(
1
);
x500List
.
add
(
next
.
replace
(
"\""
,
""
));
}
while
(
httpMatcher
.
find
())
{
String
next
=
httpMatcher
.
group
(
1
);
httpList
.
add
(
next
.
replace
(
"\""
,
""
));
}
if
(
x500List
.
size
()
!=
httpList
.
size
())
{
throw
new
RuntimeException
(
"Init exception: Lists of augment subject principals not equivalent in length"
);
}
privilegedSubjects
=
new
ArrayList
<
Subject
>(
x500Users
.
length
());
for
(
int
i
=
0
;
i
<
x500List
.
length
;
i
++)
for
(
int
i
=
0
;
i
<
x500List
.
size
()
;
i
++)
{
Subject
s
=
new
Subject
();
s
.
getPrincipals
().
add
(
new
X500Principal
(
x500List
[
i
]
));
s
.
getPrincipals
().
add
(
new
HttpPrincipal
(
httpList
[
i
]
));
s
.
getPrincipals
().
add
(
new
X500Principal
(
x500List
.
get
(
i
)
));
s
.
getPrincipals
().
add
(
new
HttpPrincipal
(
httpList
.
get
(
i
)
));
privilegedSubjects
.
add
(
s
);
}
...
...
cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/web/UserServletTest.java
View file @
1769bdf7
package
ca.nrc.cadc.ac.server.web
;
import
static
org
.
easymock
.
EasyMock
.
createMock
;
import
static
org
.
easymock
.
EasyMock
.
expect
;
import
static
org
.
easymock
.
EasyMock
.
replay
;
import
static
org
.
easymock
.
EasyMock
.
verify
;
import
static
org
.
junit
.
Assert
.
assertEquals
;
import
java.util.List
;
import
javax.security.auth.Subject
;
import
javax.servlet.ServletConfig
;
import
javax.servlet.http.HttpServletRequest
;
import
ca.nrc.cadc.ac.server.web.UserServlet
;
import
junit.framework.Assert
;
import
org.apache.log4j.Level
;
import
org.apache.log4j.Logger
;
import
org.easymock.EasyMock
;
import
org.junit.Test
;
import
static
org
.
easymock
.
EasyMock
.*;
import
static
org
.
junit
.
Assert
.*;
import
ca.nrc.cadc.db.StandaloneContextFactory
;
import
ca.nrc.cadc.util.Log4jInit
;
public
class
UserServletTest
{
private
static
final
Logger
log
=
Logger
.
getLogger
(
UserServletTest
.
class
);
public
UserServletTest
()
{
Log4jInit
.
setLevel
(
"ca.nrc.cadc.ac"
,
Level
.
INFO
);
}
@Test
public
void
getAcceptedContentTypeJSON
()
throws
Exception
{
...
...
@@ -45,4 +67,117 @@ public class UserServletTest
verify
(
mockRequest
);
}
@Test
public
void
testPrivilegedUsers1
()
{
try
{
StandaloneContextFactory
.
initJNDI
();
UserServlet
userServlet
=
new
UserServlet
();
ServletConfig
config
=
EasyMock
.
createMock
(
ServletConfig
.
class
);
EasyMock
.
expect
(
config
.
getInitParameter
(
UserServlet
.
class
.
getName
()
+
".PrivilegedX500Principals"
)).
andReturn
(
"cn=user1,ou=cadc,o=hia,c=ca cn=user2,ou=cadc,o=hia,c=ca"
);
EasyMock
.
expect
(
config
.
getInitParameter
(
UserServlet
.
class
.
getName
()
+
".PrivilegedHttpPrincipals"
)).
andReturn
(
"user1 user2"
);
EasyMock
.
replay
(
config
);
userServlet
.
init
(
config
);
List
<
Subject
>
subjects
=
userServlet
.
privilegedSubjects
;
Assert
.
assertTrue
(
subjects
.
size
()
==
2
);
EasyMock
.
verify
(
config
);
}
catch
(
Exception
e
)
{
log
.
error
(
"Unexpected"
,
e
);
Assert
.
fail
(
e
.
getMessage
());
}
}
@Test
public
void
testPrivilegedUsers2
()
{
try
{
StandaloneContextFactory
.
initJNDI
();
UserServlet
userServlet
=
new
UserServlet
();
ServletConfig
config
=
EasyMock
.
createMock
(
ServletConfig
.
class
);
EasyMock
.
expect
(
config
.
getInitParameter
(
UserServlet
.
class
.
getName
()
+
".PrivilegedX500Principals"
)).
andReturn
(
"\"cn=user1, ou=cadc, o=hia,c=ca\" \"cn=user2, ou=cadc,o=hia,c=ca\""
);
EasyMock
.
expect
(
config
.
getInitParameter
(
UserServlet
.
class
.
getName
()
+
".PrivilegedHttpPrincipals"
)).
andReturn
(
"user1 \"user2\""
);
EasyMock
.
replay
(
config
);
userServlet
.
init
(
config
);
List
<
Subject
>
subjects
=
userServlet
.
privilegedSubjects
;
Assert
.
assertTrue
(
subjects
.
size
()
==
2
);
EasyMock
.
verify
(
config
);
}
catch
(
Exception
e
)
{
log
.
error
(
"Unexpected"
,
e
);
Assert
.
fail
(
e
.
getMessage
());
}
}
@Test
public
void
testPrivilegedUsers3
()
{
try
{
StandaloneContextFactory
.
initJNDI
();
UserServlet
userServlet
=
new
UserServlet
();
ServletConfig
config
=
EasyMock
.
createMock
(
ServletConfig
.
class
);
EasyMock
.
expect
(
config
.
getInitParameter
(
UserServlet
.
class
.
getName
()
+
".PrivilegedX500Principals"
)).
andReturn
(
"\"cn=user1, ou=cadc, o=hia,c=ca\""
);
EasyMock
.
expect
(
config
.
getInitParameter
(
UserServlet
.
class
.
getName
()
+
".PrivilegedHttpPrincipals"
)).
andReturn
(
"user1"
);
EasyMock
.
replay
(
config
);
userServlet
.
init
(
config
);
List
<
Subject
>
subjects
=
userServlet
.
privilegedSubjects
;
Assert
.
assertTrue
(
subjects
.
size
()
==
1
);
EasyMock
.
verify
(
config
);
}
catch
(
Exception
e
)
{
log
.
error
(
"Unexpected"
,
e
);
Assert
.
fail
(
e
.
getMessage
());
}
}
@Test
public
void
testPrivilegedUsers4
()
{
try
{
StandaloneContextFactory
.
initJNDI
();
UserServlet
userServlet
=
new
UserServlet
();
ServletConfig
config
=
EasyMock
.
createMock
(
ServletConfig
.
class
);
EasyMock
.
expect
(
config
.
getInitParameter
(
UserServlet
.
class
.
getName
()
+
".PrivilegedX500Principals"
)).
andReturn
(
"\"cn=user1, ou=cadc, o=hia,c=ca\" \"cn=user2, ou=cadc,o=hia,c=ca\""
);
EasyMock
.
expect
(
config
.
getInitParameter
(
UserServlet
.
class
.
getName
()
+
".PrivilegedHttpPrincipals"
)).
andReturn
(
"user1 \"user2\" user3"
);
EasyMock
.
replay
(
config
);
try
{
userServlet
.
init
(
config
);
Assert
.
fail
(
"Should have thrown an error"
);
}
catch
(
ExceptionInInitializerError
e
)
{
// expected
}
}
catch
(
Exception
e
)
{
log
.
error
(
"Unexpected"
,
e
);
Assert
.
fail
(
e
.
getMessage
());
}
}
}
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment