Loading cadc-access-control/build.gradle +1 −1 Original line number Diff line number Diff line Loading @@ -15,7 +15,7 @@ sourceCompatibility = 1.7 group = 'org.opencadc' version = '1.1.5' version = '1.1.6' mainClassName = 'ca.nrc.cadc.ac.client.Main' Loading cadc-access-control/src/main/java/ca/nrc/cadc/ac/client/GMSClient.java +46 −20 Original line number Diff line number Diff line Loading @@ -1104,37 +1104,63 @@ public class GMSClient implements TransferListener private URL lookupServiceURL(final URI standard) throws AccessControlException { final URL serviceURL = getRegistryClient() .getServiceURL(this.serviceID, standard, getAuthMethod()); Subject subject = AuthenticationUtil.getCurrentSubject(); AuthMethod am = getAuthMethod(subject); URL serviceURL = getRegistryClient().getServiceURL(this.serviceID, standard, am); // now that we have a URL we can check if the cookie will actually be sent to it if (AuthMethod.COOKIE.equals(am)) { try { boolean domainMatch = false; String domain = NetUtil.getDomainName(serviceURL); for (SSOCookieCredential cc : subject.getPublicCredentials(SSOCookieCredential.class)) { if (cc.getDomain().equals(domain)) domainMatch = true; } if (!domainMatch) { throw new AccessControlException("No valid public credentials."); } } catch(IOException ex) { throw new RuntimeException("failure checking domain for cookie use", ex); } } if (serviceURL == null) { throw new RuntimeException( String.format("Unable to get Service URL for '%s', '%s', '%s'", serviceID.toString(), Standards.GMS_GROUPS_01, getAuthMethod())); serviceID.toString(), standard, am)); } else { return serviceURL; } } private AuthMethod getAuthMethod() private AuthMethod getAuthMethod(Subject subject) { Subject subject = AuthenticationUtil.getCurrentSubject(); if (subject != null) { for (Object o : subject.getPublicCredentials()) { if (o instanceof X509CertificateChain) // web services use CDP to load a proxy cert so prefer that X509CertificateChain privateKeyChain = X509CertificateChain.findPrivateKeyChain( subject.getPublicCredentials()); if (privateKeyChain != null) return AuthMethod.CERT; if (o instanceof SSOCookieCredential) // ui applications pass cookie(s) along Set sso = subject.getPublicCredentials(SSOCookieCredential.class); if ( !sso.isEmpty() ) { return AuthMethod.COOKIE; // AuthMethod.PASSWORD not supported // AuthMethod.TOKEN not supported } // AuthMethod.PASSWORD not supported // AuthMethod.TOKEN not supported throw new AccessControlException("No valid public credentials."); } else Loading Loading
cadc-access-control/build.gradle +1 −1 Original line number Diff line number Diff line Loading @@ -15,7 +15,7 @@ sourceCompatibility = 1.7 group = 'org.opencadc' version = '1.1.5' version = '1.1.6' mainClassName = 'ca.nrc.cadc.ac.client.Main' Loading
cadc-access-control/src/main/java/ca/nrc/cadc/ac/client/GMSClient.java +46 −20 Original line number Diff line number Diff line Loading @@ -1104,37 +1104,63 @@ public class GMSClient implements TransferListener private URL lookupServiceURL(final URI standard) throws AccessControlException { final URL serviceURL = getRegistryClient() .getServiceURL(this.serviceID, standard, getAuthMethod()); Subject subject = AuthenticationUtil.getCurrentSubject(); AuthMethod am = getAuthMethod(subject); URL serviceURL = getRegistryClient().getServiceURL(this.serviceID, standard, am); // now that we have a URL we can check if the cookie will actually be sent to it if (AuthMethod.COOKIE.equals(am)) { try { boolean domainMatch = false; String domain = NetUtil.getDomainName(serviceURL); for (SSOCookieCredential cc : subject.getPublicCredentials(SSOCookieCredential.class)) { if (cc.getDomain().equals(domain)) domainMatch = true; } if (!domainMatch) { throw new AccessControlException("No valid public credentials."); } } catch(IOException ex) { throw new RuntimeException("failure checking domain for cookie use", ex); } } if (serviceURL == null) { throw new RuntimeException( String.format("Unable to get Service URL for '%s', '%s', '%s'", serviceID.toString(), Standards.GMS_GROUPS_01, getAuthMethod())); serviceID.toString(), standard, am)); } else { return serviceURL; } } private AuthMethod getAuthMethod() private AuthMethod getAuthMethod(Subject subject) { Subject subject = AuthenticationUtil.getCurrentSubject(); if (subject != null) { for (Object o : subject.getPublicCredentials()) { if (o instanceof X509CertificateChain) // web services use CDP to load a proxy cert so prefer that X509CertificateChain privateKeyChain = X509CertificateChain.findPrivateKeyChain( subject.getPublicCredentials()); if (privateKeyChain != null) return AuthMethod.CERT; if (o instanceof SSOCookieCredential) // ui applications pass cookie(s) along Set sso = subject.getPublicCredentials(SSOCookieCredential.class); if ( !sso.isEmpty() ) { return AuthMethod.COOKIE; // AuthMethod.PASSWORD not supported // AuthMethod.TOKEN not supported } // AuthMethod.PASSWORD not supported // AuthMethod.TOKEN not supported throw new AccessControlException("No valid public credentials."); } else Loading
