Merged with ac2

  <property name="testingJars"

            value="${lib.commons-logging}:${dev.junit}:${dev.jsonassert}:${dev.httpunit}:${dev.easyMock}:${dev.selenium.server}:${dev.objenesis}:${lib.js}:${lib.nekoHTML}:${lib.xerces}"/>

  <target name="test" depends="compile,compile-test">

  <target name="single-test" depends="compile,compile-test">

    <echo message="Running test suite..." />

    <junit printsummary="yes" haltonfailure="yes" fork="yes">

      <classpath>

        <pathelement path="${jars}:${testingJars}"/>

      </classpath>

      <sysproperty key="ca.nrc.cadc.util.PropertiesReader.dir" value="test"/>

      <test name="ca.nrc.cadc.ac.server.ldap.LdapUserDAOTest" />

      <test name="ca.nrc.cadc.ac.server.ldap.LdapGroupDAOTest" />

      <test name="ca.nrc.cadc.ac.server.web.users.GetUserListActionTest" />

      <formatter type="plain" usefile="false" />

    </junit>

  </target>

import ca.nrc.cadc.ac.UserNotFoundException;

import ca.nrc.cadc.net.TransientException;

public abstract interface GroupPersistence<T extends Principal>

public interface GroupPersistence<T extends Principal>

{

    /**

     * Get all group names.

     * @throws TransientException If an temporary, unexpected problem occurred.

     * @throws AccessControlException If the operation is not permitted.

     */

    public Collection<String> getGroupNames()

    Collection<String> getGroupNames()

            throws TransientException, AccessControlException;

    /**

     * @throws TransientException If an temporary, unexpected problem occurred.

     * @throws AccessControlException If the operation is not permitted.

     */

    public abstract Group getGroup(String groupID)

    Group getGroup(String groupID)

        throws GroupNotFoundException, TransientException,

               AccessControlException;

     * @throws GroupNotFoundException if one of the groups in group members or

     * group admins does not exist in the server.

     */

    public abstract Group addGroup(Group group)

    Group addGroup(Group group)

        throws GroupAlreadyExistsException, TransientException,

               AccessControlException, UserNotFoundException, 

               GroupNotFoundException;

     * @throws TransientException If an temporary, unexpected problem occurred.

     * @throws AccessControlException If the operation is not permitted.

     */

    public abstract void deleteGroup(String groupID)

    void deleteGroup(String groupID)

        throws GroupNotFoundException, TransientException,

               AccessControlException;

     * @throws AccessControlException If the operation is not permitted.

     * @throws UserNotFoundException If owner or group members not valid users.

     */

    public abstract Group modifyGroup(Group group)

    Group modifyGroup(Group group)

        throws GroupNotFoundException, TransientException,

               AccessControlException, UserNotFoundException;

     * @throws TransientException If an temporary, unexpected problem occurred.

     * @throws AccessControlException If the operation is not permitted.

     */

    public abstract Collection<Group> getGroups(T userID, Role role, 

                                                String groupID)

    Collection<Group> getGroups(T userID, Role role, String groupID)

        throws UserNotFoundException, GroupNotFoundException,

               TransientException, AccessControlException;

    /**

     * Check whether the user is a member of the group.

     *

     * @param userID The userID.

     * @param groupID The groupID.

     *

     * @return true or false

     *

     * @throws UserNotFoundException If the user is not found.

     * @throws TransientException If an temporary, unexpected problem occurred.

     * @throws AccessControlException If the operation is not permitted.

     */

    boolean isMember(T userID, String groupID)

        throws UserNotFoundException, TransientException,

               AccessControlException;

}

import java.security.AccessControlException;

import java.security.Principal;

import java.util.Collection;

import java.util.Map;

import ca.nrc.cadc.ac.*;

import ca.nrc.cadc.net.TransientException;

import com.unboundid.ldap.sdk.DN;

public interface UserPersistence<T extends Principal>

{

    /**

     * Add the new user.

     *

     * @param user

     * @param user      The user request to put into the request tree.

     *

     * @return User instance.

     * 

               AccessControlException;

    /**

     * Attempt to login the specified user.

     * Get the user specified by userID whose account is pending approval.

     *

     * @param userID The userID.

     * @param password The password.

     *

     * @return Boolean

     * 

     * @throws UserNotFoundException when the user is not found.

     * @throws TransientException If an temporary, unexpected problem occurred.

     * @throws AccessControlException If the operation is not permitted.

     */

    Boolean loginUser(String userID, String password)

            throws UserNotFoundException, TransientException, 

            AccessControlException;

    /**

     * Updated the user specified by User.

     *

     * @param user

     *

     * @return User instance.

     *

     * @throws TransientException If an temporary, unexpected problem occurred.

     * @throws AccessControlException If the operation is not permitted.

     */

    User<T> modifyUser(User<T> user)

    User<T> getPendingUser(T userID)

            throws UserNotFoundException, TransientException,

                   AccessControlException;

    /**

     * Delete the user specified by userID.

     * Attempt to login the specified user.

     *

     * @param userID The userID.

     * @param password The password.

     *

     * @return Boolean

     * 

     * @throws UserNotFoundException when the user is not found.

     * @throws TransientException If an temporary, unexpected problem occurred.

     * @throws AccessControlException If the operation is not permitted.

     */

    void deleteUser(T userID)

    Boolean doLogin(String userID, String password)

            throws UserNotFoundException, TransientException, 

            AccessControlException;

    /**

     * Get all groups the user specified by userID belongs to.

     * Updated the user specified by User.

     *

     * @param userID The userID.

     * @param isAdmin return only admin Groups when true, else return non-admin

     *                Groups.

     * @param user      The user instance to modify.

     *

     * @return Collection of group DN.

     * @return User instance.

     * 

     * @throws UserNotFoundException when the user is not found.

     * @throws TransientException If an temporary, unexpected problem occurred.

     * @throws AccessControlException If the operation is not permitted.

     */

    Collection<DN> getUserGroups(T userID, boolean isAdmin)

    User<T> modifyUser(User<T> user)

        throws UserNotFoundException, TransientException, 

               AccessControlException;

    /**

     * Check whether the user is a member of the group.

     * Delete the user specified by userID.

     *

     * @param userID The userID.

     * @param groupID The groupID.

     * 

     * @return true or false

     *

     * @throws UserNotFoundException If the user is not found.

     * @throws UserNotFoundException when the user is not found.

     * @throws TransientException If an temporary, unexpected problem occurred.

     * @throws AccessControlException If the operation is not permitted.

     */

    boolean isMember(T userID, String groupID)

    void deleteUser(T userID)

        throws UserNotFoundException, TransientException, 

               AccessControlException;

}

import ca.nrc.cadc.ac.UserNotFoundException;

import ca.nrc.cadc.net.TransientException;

import ca.nrc.cadc.util.StringUtil;

import com.unboundid.ldap.sdk.AddRequest;

import com.unboundid.ldap.sdk.Attribute;

import com.unboundid.ldap.sdk.DN;

import com.unboundid.ldap.sdk.Filter;

import com.unboundid.ldap.sdk.LDAPException;

import com.unboundid.ldap.sdk.LDAPResult;

import com.unboundid.ldap.sdk.LDAPSearchException;

import com.unboundid.ldap.sdk.Modification;

import com.unboundid.ldap.sdk.ModificationType;

import com.unboundid.ldap.sdk.ModifyRequest;

import com.unboundid.ldap.sdk.ResultCode;

import com.unboundid.ldap.sdk.SearchRequest;

import com.unboundid.ldap.sdk.SearchResult;

import com.unboundid.ldap.sdk.SearchResultEntry;

import com.unboundid.ldap.sdk.SearchScope;

import com.unboundid.ldap.sdk.*;

import com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV2RequestControl;

import org.apache.log4j.Logger;

import javax.security.auth.x500.X500Principal;

import java.security.AccessControlException;

import java.security.Principal;

import java.util.ArrayList;

import java.util.Collection;

import java.util.HashSet;

import java.util.List;

import java.util.Set;

import java.util.*;

public class LdapGroupDAO<T extends Principal> extends LdapDAO

{

     * 

     * @throws TransientException If an temporary, unexpected problem occurred.

     */

    public Collection<String> getGroupNames()

        throws TransientException

    public Collection<String> getGroupNames() throws TransientException

    {

        try

        {

            Filter filter = Filter.createPresenceFilter("cn");

            String [] attributes = new String[] {"cn", "nsaccountlock"};

            final Filter filter = Filter.createPresenceFilter("cn");

            final String [] attributes = new String[] {"cn", "nsaccountlock"};

            final Collection<String> groupNames = new ArrayList<String>();

            final long begin = System.currentTimeMillis();

            SearchRequest searchRequest = 

                    new SearchRequest(config.getGroupsDN(), 

                                      SearchScope.SUB, filter, attributes);

            SearchResult searchResult = null;

            try

            {

                searchResult = getConnection().search(searchRequest);

            }

            catch (LDAPSearchException e)

            final SearchResult searchResult =

                    getConnection().search(new SearchResultListener()

            {

                if (e.getResultCode() == ResultCode.NO_SUCH_OBJECT)

                @Override

                public void searchEntryReturned(

                        final SearchResultEntry searchEntry)

                {

                    logger.debug("Could not find groups root", e);

                    throw new IllegalStateException("Could not find groups root");

                }

                    groupNames.add(searchEntry.getAttributeValue("cn"));

                }

            LdapDAO.checkLdapResult(searchResult.getResultCode());

            List<String> groupNames = new ArrayList<String>();

            for (SearchResultEntry next : searchResult.getSearchEntries())

            {

                if (!next.hasAttribute("nsaccountlock"))

                @Override

                public void searchReferenceReturned(

                        final SearchResultReference searchReference)

                {

                    groupNames.add(next.getAttributeValue("cn"));

                }

                }

            }, config.getGroupsDN(), SearchScope.ONE, filter, attributes);

            LdapDAO.checkLdapResult(searchResult.getResultCode());

            long end = System.currentTimeMillis();

            logger.info("<-- groupNames in " + ((new Long(end).doubleValue()

                                                 - new Long(begin).doubleValue())

                                                / 1000.0) + " seconds.");

            return groupNames;

        }

        catch (LDAPException e1)

        {

        	logger.debug("getGroupNames Exception: " + e1, e1);

            LdapDAO.checkLdapResult(e1.getResultCode());

            throw new IllegalStateException("Unexpected exception: " + e1.getMatchedDN(), e1);

            throw new IllegalStateException("Unexpected exception: "

                                            + e1.getMatchedDN(), e1);

        }

    }

            User<X500Principal> owner;

            try

            {

                owner = userPersist.getMember(groupOwner);

                owner = userPersist.getX500User(groupOwner);

            }

            catch (UserNotFoundException e)

            {

                            User<X500Principal> user;

                            try

                            {

                                user = userPersist.getMember(memberDN);

                                user = userPersist.getX500User(memberDN);

                            }

                            catch (UserNotFoundException e)

                            {

        }

        Group group = new Group(searchResult.getAttributeValue("cn"),

                                userPersist.getMember(

                                userPersist.getX500User(

                                    new DN(searchResult.getAttributeValue(

                                        "owner"))));

        group.description = searchResult.getAttributeValue("description");

        try

        {

            User<X500Principal> subjectUser = 

                    userPersist.getMember(getSubjectDN());

                    userPersist.getX500User(getSubjectDN());

            if (subjectUser.equals(owner))

            {

                return true;

        }

    }

    public boolean isMember(T userID, String groupID)

            throws UserNotFoundException, TransientException,

            AccessControlException

    {

        return (new LdapUserPersistence<T>()).isMember(userID, groupID);

    }

}