Commit 22e2c986 authored by Brian Major's avatar Brian Major
Browse files

Merge branch 's1890' of ssh://gimli2/srv/cadc/git/ac into s1885

parents fa0f6c76 8059e1d5
......@@ -520,7 +520,9 @@ public class LdapUserDAO extends LdapDAO
{
name = userID.getName();
}
Filter filter = Filter.createEqualityFilter(searchField, name);
Filter notFilter = Filter.createNOTFilter(Filter.createPresenceFilter(LDAP_NSACCOUNTLOCK));
Filter equalsFilter = Filter.createEqualityFilter(searchField, name);
Filter filter = Filter.createANDFilter(notFilter, equalsFilter);
logger.debug("getUser: search filter = " + filter);
SearchRequest searchRequest = new SearchRequest(usersDN, SearchScope.ONE, filter, userAttribs);
......@@ -620,8 +622,10 @@ public class LdapUserDAO extends LdapDAO
Filter filter = null;
try
{
filter = Filter.createEqualityFilter("email", emailAddress);
logger.debug("getUserByEmailAddress: search filter = " + filter);
Filter notFilter = Filter.createNOTFilter(Filter.createPresenceFilter(LDAP_NSACCOUNTLOCK));
Filter equalsFilter = Filter.createEqualityFilter("email", emailAddress);
filter = Filter.createANDFilter(notFilter, equalsFilter);
logger.debug("search filter: " + filter);
SearchRequest searchRequest =
new SearchRequest(usersDN, SearchScope.ONE, filter, userAttribs);
......@@ -695,7 +699,11 @@ public class LdapUserDAO extends LdapDAO
{
name = userID.getName();
}
Filter filter = Filter.createEqualityFilter(searchField, name);
Filter notFilter = Filter.createNOTFilter(Filter.createPresenceFilter(LDAP_NSACCOUNTLOCK));
Filter equalsFilter = Filter.createEqualityFilter(searchField, name);
Filter filter = Filter.createANDFilter(notFilter, equalsFilter);
profiler.checkpoint("getAugmentedUser.createFilter");
logger.debug("getAugmentedUser: search filter = " + filter);
......@@ -811,7 +819,9 @@ public class LdapUserDAO extends LdapDAO
{
final Collection<User> users = new ArrayList<User>();
Filter filter = Filter.createPresenceFilter(LDAP_UID);
Filter notFilter = Filter.createNOTFilter(Filter.createPresenceFilter(LDAP_NSACCOUNTLOCK));
Filter presenceFilter = Filter.createPresenceFilter(LDAP_UID);
Filter filter = Filter.createANDFilter(notFilter, presenceFilter);
logger.debug("search filter: " + filter);
final String[] attributes = new String[]
......
......@@ -69,6 +69,7 @@
package ca.nrc.cadc.ac.server.web.groups;
import java.io.InputStream;
import java.security.Principal;
import java.util.ArrayList;
import java.util.List;
......@@ -107,7 +108,12 @@ public class CreateGroupAction extends AbstractGroupAction
}
for (User usr : group.getUserMembers())
{
addedMembers.add(usr.getX500Principal().getName());
Principal p = usr.getHttpPrincipal();
if (p == null)
{
p = usr.getX500Principal();
}
addedMembers.add(p.getName());
}
}
logGroupInfo(group.getID(), null, addedMembers);
......
......@@ -67,23 +67,25 @@
package ca.nrc.cadc.ac.server.ldap;
import ca.nrc.cadc.ac.Group;
import ca.nrc.cadc.ac.GroupNotFoundException;
import ca.nrc.cadc.ac.GroupProperty;
import ca.nrc.cadc.ac.User;
import org.apache.log4j.Logger;
import org.junit.Assert;
import org.junit.Test;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
import javax.security.auth.Subject;
import java.security.Principal;
import java.security.PrivilegedExceptionAction;
import java.util.Collection;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
import javax.security.auth.Subject;
import org.apache.log4j.Logger;
import org.junit.Assert;
import org.junit.Test;
import ca.nrc.cadc.ac.Group;
import ca.nrc.cadc.ac.GroupNotFoundException;
import ca.nrc.cadc.ac.GroupProperty;
import ca.nrc.cadc.ac.User;
public class LdapGroupDAOTest extends AbstractLdapDAOTest
{
......@@ -156,7 +158,7 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest
expectGroup.getUserMembers().add(cadcDaoTest2_User);
expectGroup.getUserMembers().add(duplicateIdentity);
actualGroup = getGroupDAO().modifyGroup(expectGroup);
expectGroup.getUserMembers().remove(duplicateIdentity);
//expectGroup.getUserMembers().remove(duplicateIdentity);
assertGroupsEqual(expectGroup, actualGroup);
expectGroup.getUserMembers().remove(cadcDaoTest2_User);
......@@ -205,7 +207,7 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest
expectGroup.getUserAdmins().add(cadcDaoTest2_User);
expectGroup.getUserAdmins().add(duplicateIdentity);
actualGroup = getGroupDAO().modifyGroup(expectGroup);
expectGroup.getUserAdmins().remove(duplicateIdentity);
//expectGroup.getUserAdmins().remove(duplicateIdentity);
assertGroupsEqual(expectGroup, actualGroup);
// delete the group
......@@ -443,9 +445,8 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest
assertTrue(gr2.getGroupMembers().contains(gr));
}
assertEquals(gr1.getUserMembers().size(), gr2.getUserMembers().size());
assertEquals(gr1.getUserMembers(), gr2.getUserMembers());
assertEquals(gr1.getUserMembers().size(), gr2.getUserMembers()
.size());
for (User user : gr1.getUserMembers())
{
assertTrue(gr2.getUserMembers().contains(user));
......
......@@ -71,28 +71,29 @@ package ca.nrc.cadc.ac;
import java.util.Date;
import java.util.HashSet;
import java.util.Set;
import java.util.TreeSet;
public class Group
{
private String groupID;
private User owner;
// group's properties
protected Set<GroupProperty> properties = new HashSet<GroupProperty>();
// group's user members
private Set<User> userMembers = new HashSet<User>();
private Set<User> userMembers = new TreeSet<User>();
// group's group members
private Set<Group> groupMembers = new HashSet<Group>();
// group's user admins
private Set<User> userAdmins = new HashSet<User>();
private Set<User> userAdmins = new TreeSet<User>();
// group's group admins
private Set<Group> groupAdmins = new HashSet<Group>();
public String description;
public Date lastModified;
......@@ -100,9 +101,9 @@ public class Group
/**
* Ctor.
*
* @param groupID Unique ID for the group. Must be a valid URI fragment
* component, so it's restricted to alphanumeric
*
* @param groupID Unique ID for the group. Must be a valid URI fragment
* component, so it's restricted to alphanumeric
* and "-", ".","_","~" characters.
*/
public Group(String groupID)
......@@ -122,7 +123,7 @@ public class Group
/**
* Obtain this Group's unique id.
*
*
* @return String group ID.
*/
public String getID()
......@@ -140,7 +141,7 @@ public class Group
}
/**
*
*
* @return a set of properties associated with a group
*/
public Set<GroupProperty> getProperties()
......@@ -149,7 +150,7 @@ public class Group
}
/**
*
*
* @return individual user members of this group
*/
public Set<User> getUserMembers()
......@@ -158,16 +159,16 @@ public class Group
}
/**
*
*
* @return group members of this group
*/
public Set<Group> getGroupMembers()
{
return groupMembers;
}
/**
*
*
* @return individual user admins of this group
*/
public Set<User> getUserAdmins()
......@@ -176,7 +177,7 @@ public class Group
}
/**
*
*
* @return group admins of this group
*/
public Set<Group> getGroupAdmins()
......
......@@ -94,10 +94,46 @@ public class InternalID
throw new IllegalArgumentException("uri is null");
}
if (uri.getFragment() != null)
{
throw new IllegalArgumentException("fragment not allowed");
}
this.uri = uri;
uuid = UUID.fromString(uri.getQuery());
}
/**
* Ctor
* @param uri unique identifier
* @param id The uuid of the identifier
*/
public InternalID(URI uri, UUID id)
{
if (uri == null)
{
throw new IllegalArgumentException("uri is null");
}
if (id == null)
{
throw new IllegalArgumentException("id is null");
}
if (uri.getQuery() != null)
{
throw new IllegalArgumentException("query not allowed in base uri");
}
if (uri.getFragment() != null)
{
throw new IllegalArgumentException("fragment not allowed");
}
this.uri = URI.create(uri.toASCIIString() + "?" + id.toString());
this.uuid = id;
}
public URI getURI()
{
return uri;
......
......@@ -68,25 +68,23 @@
*/
package ca.nrc.cadc.ac;
import java.io.PrintWriter;
import java.security.Principal;
import java.util.Comparator;
import java.util.Date;
import java.util.HashSet;
import java.util.Set;
import java.util.SortedSet;
import java.util.TreeSet;
import ca.nrc.cadc.auth.HttpPrincipal;
import javax.security.auth.x500.X500Principal;
public class User
import ca.nrc.cadc.auth.AuthenticationUtil;
import ca.nrc.cadc.auth.HttpPrincipal;
public class User implements Comparable<User>
{
// How on God's green earth is this used? Where is it set?
// jenkinsd 2016.03.24
private InternalID id;
private Set<Principal> identities = new TreeSet<Principal>(new PrincipalComparator());
private SortedSet<Principal> identities = new TreeSet<Principal>(new PrincipalComparator());
public PersonalDetails personalDetails;
public PosixDetails posixDetails;
......@@ -120,15 +118,12 @@ public class User
*/
public <S extends Principal> Set<S> getIdentities(final Class<S> identityClass)
{
final Set<S> matchedIdentities = new HashSet<S>();
final Set<S> matchedIdentities = new TreeSet<S>(new PrincipalComparator());
for (final Principal p : identities)
{
if (p.getClass() == identityClass)
if (identityClass.isAssignableFrom(p.getClass()))
{
// This casting shouldn't happen, but it's the only way to
// do this without a lot of work.
// jenkinsd 2014.09.26
matchedIdentities.add((S) p);
}
}
......@@ -146,11 +141,18 @@ public class User
return null;
}
/**
* @deprecated
*/
public X500Principal getX500Principal()
{
final Set<X500Principal> identities =
getIdentities(X500Principal.class);
return identities.isEmpty() ? null : identities.iterator().next();
if (!identities.isEmpty())
{
return identities.iterator().next();
}
return null;
}
......@@ -158,90 +160,104 @@ public class User
* A User is considered consistent if the User's set of identities are a superset
* of this Users set of identities.
*
* @param other
* @param superset
* @return
*/
public boolean isConsistent(final User other)
public boolean isConsistent(final User superset)
{
if (other == null)
if (superset == null)
{
return false;
}
for (Principal identity: getIdentities())
if (this.identities.isEmpty() || superset.identities.isEmpty())
{
boolean found = false;
for (Principal op: other.getIdentities())
{
if (op.equals(identity))
{
found = true;
break;
}
}
if (!found)
{
return false;
}
return false;
}
return true;
}
/* (non-Javadoc)
* @see java.lang.Object#hashCode()
*/
@Override
public int hashCode()
{
int prime = 31;
int result = 1;
if (id != null)
{
result = prime * result + id.hashCode();
}
else
{
for (Principal principal : getIdentities())
{
result = prime * result + principal.hashCode();
}
}
return result;
return superset.getIdentities().containsAll(this.getIdentities());
// // could be improved because both sets are ordered
// for (Principal identity: getIdentities())
// {
// boolean found = false;
// for (Principal op: superset.getIdentities())
// {
// if (AuthenticationUtil.equals(op, identity))
// {
// found = true;
// break;
// }
// }
// if (!found)
// {
// return false;
// }
// }
// return true;
}
// /* (non-Javadoc)
// * @see java.lang.Object#hashCode()
// */
// @Override
// public int hashCode()
// {
// int prime = 31;
// int result = 1;
// if (id != null)
// {
// result = prime * result + id.hashCode();
// }
// else
// {
// for (Principal principal : getIdentities())
// {
// result = prime * result + principal.hashCode();
// }
// }
// return result;
// }
/* (non-Javadoc)
* @see java.lang.Object#equals(java.lang.Object)
*/
@Override
public boolean equals(Object obj)
{
if (this == obj)
{
return true;
}
if (obj == null)
if (obj instanceof User)
{
return false;
}
if (!(obj instanceof User))
{
return false;
}
User other = (User) obj;
if (this.id == null && other.id == null)
{
return isConsistent(other);
}
if ((this.id == null && other.id != null) ||
(this.id != null && other.id == null))
{
return false;
}
if (id.equals(other.id))
{
return true;
User user = (User) obj;
return (this.isConsistent(user) || user.isConsistent(this));
}
return false;
// if (this == obj)
// {
// return true;
// }
// if (obj == null)
// {
// return false;
// }
// if (!(obj instanceof User))
// {
// return false;
// }
// User other = (User) obj;
// if (this.id == null && other.id == null)
// {
// return isConsistent(other);
// }
// if ((this.id == null && other.id != null) ||
// (this.id != null && other.id == null))
// {
// return false;
// }
// if (id.equals(other.id))
// {
// return true;
// }
// return false;
}
@Override
......@@ -263,32 +279,42 @@ public class User
@Override
public int compare(Principal o1, Principal o2)
{
int ret = -1;
if (o1 == null && o2 == null)
{
ret = 0;
}
else if (o1 == null && o2 != null)
{
ret = 1;
}
else if (o1 != null && o2 == null)
{
ret = -1;
}
else if (o1 instanceof HttpPrincipal && o2 instanceof HttpPrincipal)
if (o1 == null || o2 == null)
{
ret = 0;
throw new IllegalArgumentException("Cannot compare null objects");
}
else if (o1.getClass() == o2.getClass())
if (o1 instanceof HttpPrincipal && o2 instanceof HttpPrincipal)
{
if (o1.getName().equals(o2.getName()))
{
ret = 0;
}
return 0;
}
return ret;
return AuthenticationUtil.compare(o1, o2);
}
}
@Override
public int compareTo(User other)
{
if (other == null)
{
throw new IllegalArgumentException("Cannot compare null objects");
}
if (this.getIdentities().isEmpty() || other.getIdentities().isEmpty())
{
throw new IllegalArgumentException("Users need identities for comparison.");
}
if (this.isConsistent(other) || other.isConsistent(this))
{
return 0;
}
// compare the first pricipals in the order set
Principal p1 = this.getIdentities().iterator().next();
Principal p2 = other.getIdentities().iterator().next();
return AuthenticationUtil.compare(p1, p2);
}
}
......@@ -68,18 +68,19 @@
*/
package ca.nrc.cadc.ac;
import org.apache.log4j.Logger;
import org.junit.Test;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;