small tweaks and fixes to get integration tests to pass; removed support for... (220f226a) · Commits · OATS-CADC / ac

projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/RequestValidator.java

+25 −25

Original line number	Diff line number	Diff line
		@@ -87,7 +87,7 @@ public class RequestValidator
		{
		private static final Logger log = Logger.getLogger(RequestValidator.class);

		private Principal principal;
		//private Principal principal;
		private Role role;
		private String groupID;

		@@ -95,7 +95,7 @@ public class RequestValidator

		private void clear()
		{
		this.principal = null;
		//this.principal = null;
		this.role = null;
		this.groupID = null;
		}
		@@ -110,30 +110,30 @@ public class RequestValidator
		}

		// ID
		String param = ParameterUtil.findParameterValue("ID", paramList);
		if (param == null \|\| param.trim().isEmpty())
		{
		throw new IllegalArgumentException(
		"ID parameter required but not found");
		}
		String userID = param.trim();
		log.debug("ID: " + userID);
		//String param = ParameterUtil.findParameterValue("ID", paramList);
		//if (param == null \|\| param.trim().isEmpty())
		//{
		// throw new IllegalArgumentException(
		// "ID parameter required but not found");
		//}
		//String userID = param.trim();
		//log.debug("ID: " + userID);

		// TYPE
		param = ParameterUtil.findParameterValue("IDTYPE", paramList);
		if (param == null \|\| param.trim().isEmpty())
		{
		throw new IllegalArgumentException(
		"IDTYPE parameter required but not found");
		}

		principal =
		AuthenticationUtil.createPrincipal(userID,
		param.trim());
		log.debug("TYPE: " + param.trim());
		//param = ParameterUtil.findParameterValue("IDTYPE", paramList);
		//if (param == null \|\| param.trim().isEmpty())
		//{
		// throw new IllegalArgumentException(
		// "IDTYPE parameter required but not found");
		//}

		//principal =
		// AuthenticationUtil.createPrincipal(userID,
		// param.trim());
		//log.debug("TYPE: " + param.trim());

		// ROLE
		param = ParameterUtil.findParameterValue("ROLE", paramList);
		String param = ParameterUtil.findParameterValue("ROLE", paramList);
		if (param == null \|\| param.trim().isEmpty())
		{
		throw new IllegalArgumentException(
		@@ -154,10 +154,10 @@ public class RequestValidator
		log.debug("GROUPID: " + groupID);
		}

		public Principal getPrincipal()
		{
		return principal;
		}
		//public Principal getPrincipal()
		//{
		// return principal;
		//}

		public Role getRole()
		{

projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/UserPersistence.java

+3 −3

Original line number	Diff line number	Diff line
		@@ -72,8 +72,8 @@ import ca.nrc.cadc.ac.User;
		import ca.nrc.cadc.ac.UserAlreadyExistsException;
		import ca.nrc.cadc.ac.UserNotFoundException;
		import ca.nrc.cadc.ac.UserRequest;
		import ca.nrc.cadc.auth.HttpPrincipal;
		import ca.nrc.cadc.net.TransientException;
		import com.unboundid.ldap.sdk.DN;

		import java.security.AccessControlException;
		import java.security.Principal;
		@@ -254,14 +254,14 @@ public interface UserPersistence<T extends Principal>
		/**
		* Update a user's password. The given user and authenticating user must match.
		*
		* @param user
		* @param userID
		* @param oldPassword current password.
		* @param newPassword new password.
		* @throws UserNotFoundException If the given user does not exist.
		* @throws TransientException If an temporary, unexpected problem occurred.
		* @throws AccessControlException If the operation is not permitted.
		*/
		void setPassword(User<T> user, final String oldPassword, final String newPassword)
		void setPassword(HttpPrincipal userID, String oldPassword, String newPassword)
		throws UserNotFoundException, TransientException, AccessControlException;

		}

projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java

+4 −3

Original line number	Diff line number	Diff line
		@@ -454,7 +454,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
		throws GroupNotFoundException, TransientException,
		AccessControlException
		{
		logger.debug("getGroup: " + groupDN + " attrs: " + attributes.length);
		logger.info("getGroup: " + groupDN + " attrs: " + attributes.length);
		String loggableGroupID = xgroupID;
		if (loggableGroupID == null)
		{
		@@ -464,8 +464,9 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO

		try
		{
		Filter filter = Filter
		.createNOTFilter(Filter.createPresenceFilter("nsaccountlock"));
		Filter filter = Filter.createNOTFilter(Filter.createPresenceFilter("nsaccountlock"));
		filter = Filter.createANDFilter(filter,
		Filter.createEqualityFilter("entrydn", groupDN.toNormalizedString()));

		SearchRequest searchRequest =
		new SearchRequest(groupDN.toNormalizedString(),

projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupPersistence.java

+29 −8

Original line number	Diff line number	Diff line
		@@ -278,23 +278,44 @@ public class LdapGroupPersistence<T extends Principal> extends LdapPersistence i
		else
		{
		List<Group> groups = getGroupCache(caller, role);
		log.info("getGroups " + role + ": " + groups.size());
		Collection<Group> ret = new ArrayList<Group>(groups.size());
		Iterator<Group> i = groups.iterator();
		while ( i.hasNext() )
		{
		Group g = i.next();
		if (groupID == null \|\| g.getID().equalsIgnoreCase(groupID))
		{
		//if (detailSelector != null && detailSelector.isDetailedSearch(g, role))
		//{
		try
		{
		Group g2 = groupDAO.getGroup(g.getID());
		log.info("role " + role + " loaded: " + g2);
		ret.add(g2);
		}
		catch(GroupNotFoundException contentBug)
		{
		log.info("skip: " + g.getID() + ": " + contentBug);
		}
		//}
		//else
		// ret.add(g);
		}
		}
		return ret;
		}

		}
		catch(TransientException ex)
		{
		log.error("getGroups fail", ex);
		throw ex;
		}
		//catch (GroupNotFoundException ex)
		//{
		// log.error("getGroups fail", ex);
		// throw ex;
		//}
		finally
		{
		conns.releaseConnections();

projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java

+12 −14

Original line number	Diff line number	Diff line
		@@ -217,7 +217,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
		try
		{
		BindRequest bindRequest = new SimpleBindRequest(
		getUserDN(username, config.getUsersDN()), password);
		getUserDN(username, config.getUsersDN()), new String(password));

		LDAPConnection conn = this.getUnboundReadConnection();
		BindResult bindResult = conn.bind(bindRequest);
		@@ -795,37 +795,35 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
		/**
		* Update a user's password. The given user and authenticating user must match.
		*
		* @param user
		* @param userID
		* @param oldPassword current password.
		* @param newPassword new password.
		* @throws UserNotFoundException If the given user does not exist.
		* @throws TransientException If an temporary, unexpected problem occurred.
		* @throws AccessControlException If the operation is not permitted.
		*/
		public void setPassword(User<T> user, final String oldPassword, final String newPassword)
		public void setPassword(HttpPrincipal userID, String oldPassword, String newPassword)
		throws UserNotFoundException, TransientException, AccessControlException
		{
		try
		{
		User user = new User(userID);
		DN userDN = getUserDN(user);
		String username = null;
		for (Principal p : user.getIdentities())
		{
		if (p instanceof HttpPrincipal)
		username = p.getName();
		}

		BindRequest bindRequest = new SimpleBindRequest(
		getUserDN(username, config.getUsersDN()), oldPassword);
		LDAPConnection conn = this.getUnboundReadConnection();
		conn.bind(bindRequest);
		//BindRequest bindRequest = new SimpleBindRequest(
		// getUserDN(username, config.getUsersDN()), oldPassword);
		//LDAPConnection conn = this.getUnboundReadConnection();
		//conn.bind(bindRequest);

		LDAPConnection conn = this.getReadWriteConnection();

		PasswordModifyExtendedRequest passwordModifyRequest =
		new PasswordModifyExtendedRequest(
		userDN.toNormalizedString(), oldPassword, newPassword);
		userDN.toNormalizedString(), new String(oldPassword), new String(newPassword));

		PasswordModifyExtendedResult passwordModifyResult = (PasswordModifyExtendedResult)
		conn.processExtendedOperation(passwordModifyRequest);

		LdapDAO.checkLdapResult(passwordModifyResult.getResultCode());
		}
		catch (LDAPException e)