Commit 239b3e93 authored by Patrick Dowler's avatar Patrick Dowler
Browse files

bug fix for determining AuthMethod correctly

parent 4c6af860
...@@ -15,7 +15,7 @@ sourceCompatibility = 1.7 ...@@ -15,7 +15,7 @@ sourceCompatibility = 1.7
group = 'org.opencadc' group = 'org.opencadc'
version = '1.1.5' version = '1.1.6'
mainClassName = 'ca.nrc.cadc.ac.client.Main' mainClassName = 'ca.nrc.cadc.ac.client.Main'
......
...@@ -1104,37 +1104,63 @@ public class GMSClient implements TransferListener ...@@ -1104,37 +1104,63 @@ public class GMSClient implements TransferListener
private URL lookupServiceURL(final URI standard) private URL lookupServiceURL(final URI standard)
throws AccessControlException throws AccessControlException
{ {
final URL serviceURL = getRegistryClient() Subject subject = AuthenticationUtil.getCurrentSubject();
.getServiceURL(this.serviceID, standard, getAuthMethod()); AuthMethod am = getAuthMethod(subject);
URL serviceURL = getRegistryClient().getServiceURL(this.serviceID, standard, am);
// now that we have a URL we can check if the cookie will actually be sent to it
if (AuthMethod.COOKIE.equals(am))
{
try
{
boolean domainMatch = false;
String domain = NetUtil.getDomainName(serviceURL);
for (SSOCookieCredential cc : subject.getPublicCredentials(SSOCookieCredential.class))
{
if (cc.getDomain().equals(domain))
domainMatch = true;
}
if (!domainMatch)
{
throw new AccessControlException("No valid public credentials.");
}
}
catch(IOException ex)
{
throw new RuntimeException("failure checking domain for cookie use", ex);
}
}
if (serviceURL == null) if (serviceURL == null)
{ {
throw new RuntimeException( throw new RuntimeException(
String.format("Unable to get Service URL for '%s', '%s', '%s'", String.format("Unable to get Service URL for '%s', '%s', '%s'",
serviceID.toString(), Standards.GMS_GROUPS_01, serviceID.toString(), standard, am));
getAuthMethod()));
}
else
{
return serviceURL;
} }
return serviceURL;
} }
private AuthMethod getAuthMethod() private AuthMethod getAuthMethod(Subject subject)
{ {
Subject subject = AuthenticationUtil.getCurrentSubject();
if (subject != null) if (subject != null)
{ {
for (Object o : subject.getPublicCredentials()) // web services use CDP to load a proxy cert so prefer that
X509CertificateChain privateKeyChain = X509CertificateChain.findPrivateKeyChain(
subject.getPublicCredentials());
if (privateKeyChain != null)
return AuthMethod.CERT;
// ui applications pass cookie(s) along
Set sso = subject.getPublicCredentials(SSOCookieCredential.class);
if ( !sso.isEmpty() )
{ {
if (o instanceof X509CertificateChain) return AuthMethod.COOKIE;
return AuthMethod.CERT;
if (o instanceof SSOCookieCredential)
return AuthMethod.COOKIE;
// AuthMethod.PASSWORD not supported
// AuthMethod.TOKEN not supported
} }
// AuthMethod.PASSWORD not supported
// AuthMethod.TOKEN not supported
throw new AccessControlException("No valid public credentials."); throw new AccessControlException("No valid public credentials.");
} }
else else
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment