Loading projects/cadcAccessControl-Admin/build.xml +95 −79 Original line number Diff line number Diff line Loading @@ -92,9 +92,11 @@ <property name="commons-logging" value="${ext.lib}/commons-logging.jar"/> <property name="unboundid" value="${ext.lib}/unboundid-ldapsdk-se.jar"/> <property name="jars" value="${cadcAC}:${cadcAC-Server}:${cadcUtil}:${log4j}" /> <property name="jars" value="${cadcAC}:${cadcAC-Server}:${cadcUtil}:${log4j}"/> <property name="client.cadc.jars" value="${cadcAC}:${cadcAC-Server}:${cadcLog}:${cadcUtil}" /> <property name="client.cadc.jars" value="${cadcAC}:${cadcAC-Server}:${cadcLog}:${cadcUtil}"/> <property name="client.external.jars" value="${unboundid}:${log4j}"/> <property name="jars" value="${cadc}:${external}"/> Loading @@ -116,27 +118,41 @@ <target name="manifest"> <pathconvert property="client.flat.manifest" pathsep=" "> <mapper type="flatten"/> <path> <pathelement path="${client.cadc.jars}"/> </path> <path> <pathelement path="${client.external.jars}"/> </path> <path> <pathelement path="${client.cadc.jars}"/> </path> <path> <pathelement path="${client.external.jars}"/> </path> </pathconvert> <pathconvert property="client.non-flat.manifest" pathsep=" "> <path> <pathelement path="${client.cadc.jars}"/> </path> <path> <pathelement path="${client.external.jars}"/> </path> <path> <pathelement path="${client.cadc.jars}"/> </path> <path> <pathelement path="${client.external.jars}"/> </path> </pathconvert> <manifest file="${build}/tmp/${project}.mf" mode="replace"> <attribute name="Main-Class" value="ca.nrc.cadc.ac.admin.Main"/> <attribute name="Class-Path" value="${client.flat.manifest} ${client.non-flat.manifest}"/> <attribute name="Class-Path" value="${client.flat.manifest} ${client.non-flat.manifest}"/> </manifest> </target> <!-- JAR files needed to run the test suite --> <property name="cadcLog" value="${lib}/cadcLog.jar"/> <property name="asm" value="${ext.dev}/asm.jar" /> <property name="cglib" value="${ext.dev}/cglib.jar" /> <property name="easymock" value="${ext.dev}/easymock.jar" /> <property name="junit" value="${ext.dev}/junit.jar" /> <property name="objenesis" value="${ext.dev}/objenesis.jar" /> <property name="testingJars" value="${cadcLog}:${junit}:${unboundid}" /> <property name="testingJars" value="${junit}:${asm}:${cglib}:${easymock}:${objenesis}:{unboundid}:${cadcLog}"/> <target name="single-test" depends="compile,compile-test,setup-test"> <target name="int-test" depends="build,compile-test,setup-test"> <echo message="Running test suite..."/> <junit printsummary="yes" haltonfailure="yes" fork="yes"> <classpath> Loading @@ -144,7 +160,7 @@ <pathelement path="${build}/test/class"/> <pathelement path="${jars}:${testingJars}"/> </classpath> <test name="ca.nrc.cadc.ac.admin.UserAdminTest" /> <test name="ca.nrc.cadc.ac.admin.integration.UserAdminIntTest"/> <formatter type="plain" usefile="false"/> </junit> </target> Loading projects/cadcAccessControl-Admin/local.build.properties 0 → 100644 +2 −0 Original line number Diff line number Diff line java.source.version=1.7 java.target.version=1.7 projects/cadcAccessControl-Admin/src/ca/nrc/cadc/ac/admin/AbstractCommand.java +15 −12 Original line number Diff line number Diff line Loading @@ -74,12 +74,10 @@ import java.security.AccessControlException; import java.security.Principal; import java.security.PrivilegedAction; import org.apache.log4j.Logger; import ca.nrc.cadc.ac.server.PluginFactory; import ca.nrc.cadc.ac.server.UserPersistence; import ca.nrc.cadc.net.TransientException; /** * Provide attributes and methods that apply to all commands. * @author yeunga Loading @@ -87,16 +85,18 @@ import ca.nrc.cadc.net.TransientException; */ public abstract class AbstractCommand implements PrivilegedAction<Object> { private static final Logger log = Logger.getLogger(AbstractCommand.class); protected PrintStream systemOut = System.out; protected PrintStream systemErr = System.err; protected abstract void doRun() throws AccessControlException, TransientException; private UserPersistence<Principal> userPersistence; protected abstract void doRun() throws AccessControlException, TransientException; /** * Set the system out. * @param printStream * @param printStream The stream to write System.out to . */ public void setSystemOut(PrintStream printStream) { Loading @@ -105,7 +105,7 @@ public abstract class AbstractCommand implements PrivilegedAction<Object> /** * Set the system err. * @param printStream * @param printStream The stream to write System.err to. */ public void setSystemErr(PrintStream printStream) { Loading Loading @@ -134,11 +134,14 @@ public abstract class AbstractCommand implements PrivilegedAction<Object> return null; } protected <T extends Principal> UserPersistence<T> getUserPersistence() protected void setUserPersistence( final UserPersistence<Principal> userPersistence) { System.setProperty("java.naming.factory.initial", ContextFactoryImpl.class.getName()); this.userPersistence = userPersistence; } PluginFactory pluginFactory = new PluginFactory(); return pluginFactory.createUserPersistence(); public UserPersistence<Principal> getUserPersistence() { return userPersistence; } } projects/cadcAccessControl-Admin/src/ca/nrc/cadc/ac/admin/CommandRunner.java 0 → 100644 +139 −0 Original line number Diff line number Diff line /* ************************************************************************ ******************* CANADIAN ASTRONOMY DATA CENTRE ******************* ************** CENTRE CANADIEN DE DONNÉES ASTRONOMIQUES ************** * * (c) 2015. (c) 2015. * Government of Canada Gouvernement du Canada * National Research Council Conseil national de recherches * Ottawa, Canada, K1A 0R6 Ottawa, Canada, K1A 0R6 * All rights reserved Tous droits réservés * * NRC disclaims any warranties, Le CNRC dénie toute garantie * expressed, implied, or énoncée, implicite ou légale, * statutory, of any kind with de quelque nature que ce * respect to the software, soit, concernant le logiciel, * including without limitation y compris sans restriction * any warranty of merchantability toute garantie de valeur * or fitness for a particular marchande ou de pertinence * purpose. NRC shall not be pour un usage particulier. * liable in any event for any Le CNRC ne pourra en aucun cas * damages, whether direct or être tenu responsable de tout * indirect, special or general, dommage, direct ou indirect, * consequential or incidental, particulier ou général, * arising from the use of the accessoire ou fortuit, résultant * software. Neither the name de l'utilisation du logiciel. Ni * of the National Research le nom du Conseil National de * Council of Canada nor the Recherches du Canada ni les noms * names of its contributors may de ses participants ne peuvent * be used to endorse or promote être utilisés pour approuver ou * products derived from this promouvoir les produits dérivés * software without specific prior de ce logiciel sans autorisation * written permission. préalable et particulière * par écrit. * * This file is part of the Ce fichier fait partie du projet * OpenCADC project. OpenCADC. * * OpenCADC is free software: OpenCADC est un logiciel libre ; * you can redistribute it and/or vous pouvez le redistribuer ou le * modify it under the terms of modifier suivant les termes de * the GNU Affero General Public la “GNU Affero General Public * License as published by the License” telle que publiée * Free Software Foundation, par la Free Software Foundation * either version 3 of the : soit la version 3 de cette * License, or (at your option) licence, soit (à votre gré) * any later version. toute version ultérieure. * * OpenCADC is distributed in the OpenCADC est distribué * hope that it will be useful, dans l’espoir qu’il vous * but WITHOUT ANY WARRANTY; sera utile, mais SANS AUCUNE * without even the implied GARANTIE : sans même la garantie * warranty of MERCHANTABILITY implicite de COMMERCIALISABILITÉ * or FITNESS FOR A PARTICULAR ni d’ADÉQUATION À UN OBJECTIF * PURPOSE. See the GNU Affero PARTICULIER. Consultez la Licence * General Public License for Générale Publique GNU Affero * more details. pour plus de détails. * * You should have received Vous devriez avoir reçu une * a copy of the GNU Affero copie de la Licence Générale * General Public License along Publique GNU Affero avec * with OpenCADC. If not, see OpenCADC ; si ce n’est * <http://www.gnu.org/licenses/>. pas le cas, consultez : * <http://www.gnu.org/licenses/>. * * ************************************************************************ */ package ca.nrc.cadc.ac.admin; import ca.nrc.cadc.ac.User; import ca.nrc.cadc.ac.UserNotFoundException; import ca.nrc.cadc.ac.server.UserPersistence; import ca.nrc.cadc.net.TransientException; import org.apache.log4j.Logger; import javax.security.auth.Subject; import java.security.Principal; public class CommandRunner { private final static Logger LOGGER = Logger.getLogger(CommandRunner.class); private final CmdLineParser commandLineParser; private final UserPersistence<Principal> userPersistence; public CommandRunner(final CmdLineParser commandLineParser, final UserPersistence<Principal> userPersistence) { this.commandLineParser = commandLineParser; this.userPersistence = userPersistence; } /** * Run a suitable action command. * */ public void run() throws UserNotFoundException, TransientException { if (commandLineParser.proceed()) { AbstractCommand command = commandLineParser.getCommand(); command.setUserPersistence(userPersistence); if (commandLineParser.getSubject() == null) { // no credential, but command works with an anonymous user LOGGER.debug("running as anon user"); command.run(); } else { Subject subject = commandLineParser.getSubject(); LOGGER.debug("running as " + subject); // augment the subject if (subject.getPrincipals().isEmpty()) { throw new RuntimeException("BUG: subject with no principals"); } Principal userID = subject.getPrincipals().iterator().next(); User<Principal> subjectUser = userPersistence.getAugmentedUser(userID); for (Principal identity : subjectUser.getIdentities()) { subject.getPrincipals().add(identity); } LOGGER.debug("augmented subject: " + subject); Subject.doAs(subject, command); } } else { throw new IllegalStateException("Not ready to proceed."); } } } projects/cadcAccessControl-Admin/src/ca/nrc/cadc/ac/admin/ContextImpl.java +7 −6 Original line number Diff line number Diff line Loading @@ -71,33 +71,34 @@ package ca.nrc.cadc.ac.admin; import javax.naming.Binding; import javax.naming.Context; import javax.naming.InitialContext; import javax.naming.Name; import javax.naming.NameClassPair; import javax.naming.NameParser; import javax.naming.NamingEnumeration; import javax.naming.NamingException; import java.util.HashMap; import java.util.Hashtable; import java.util.Map; import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.ConcurrentMap; /** * A Simple JNDI context. */ public class ContextImpl implements Context { Map<String,Object> map = new HashMap<String,Object>(1); private final static ConcurrentMap<String,Object> POOL_MAP = new ConcurrentHashMap<>(1); @Override public Object lookup(String name) throws NamingException { return map.get(name); return POOL_MAP.get(name); } @Override public void bind(String name, Object value) throws NamingException { map.put(name, value); POOL_MAP.put(name, value); } @Override Loading Loading
projects/cadcAccessControl-Admin/build.xml +95 −79 Original line number Diff line number Diff line Loading @@ -92,9 +92,11 @@ <property name="commons-logging" value="${ext.lib}/commons-logging.jar"/> <property name="unboundid" value="${ext.lib}/unboundid-ldapsdk-se.jar"/> <property name="jars" value="${cadcAC}:${cadcAC-Server}:${cadcUtil}:${log4j}" /> <property name="jars" value="${cadcAC}:${cadcAC-Server}:${cadcUtil}:${log4j}"/> <property name="client.cadc.jars" value="${cadcAC}:${cadcAC-Server}:${cadcLog}:${cadcUtil}" /> <property name="client.cadc.jars" value="${cadcAC}:${cadcAC-Server}:${cadcLog}:${cadcUtil}"/> <property name="client.external.jars" value="${unboundid}:${log4j}"/> <property name="jars" value="${cadc}:${external}"/> Loading @@ -116,27 +118,41 @@ <target name="manifest"> <pathconvert property="client.flat.manifest" pathsep=" "> <mapper type="flatten"/> <path> <pathelement path="${client.cadc.jars}"/> </path> <path> <pathelement path="${client.external.jars}"/> </path> <path> <pathelement path="${client.cadc.jars}"/> </path> <path> <pathelement path="${client.external.jars}"/> </path> </pathconvert> <pathconvert property="client.non-flat.manifest" pathsep=" "> <path> <pathelement path="${client.cadc.jars}"/> </path> <path> <pathelement path="${client.external.jars}"/> </path> <path> <pathelement path="${client.cadc.jars}"/> </path> <path> <pathelement path="${client.external.jars}"/> </path> </pathconvert> <manifest file="${build}/tmp/${project}.mf" mode="replace"> <attribute name="Main-Class" value="ca.nrc.cadc.ac.admin.Main"/> <attribute name="Class-Path" value="${client.flat.manifest} ${client.non-flat.manifest}"/> <attribute name="Class-Path" value="${client.flat.manifest} ${client.non-flat.manifest}"/> </manifest> </target> <!-- JAR files needed to run the test suite --> <property name="cadcLog" value="${lib}/cadcLog.jar"/> <property name="asm" value="${ext.dev}/asm.jar" /> <property name="cglib" value="${ext.dev}/cglib.jar" /> <property name="easymock" value="${ext.dev}/easymock.jar" /> <property name="junit" value="${ext.dev}/junit.jar" /> <property name="objenesis" value="${ext.dev}/objenesis.jar" /> <property name="testingJars" value="${cadcLog}:${junit}:${unboundid}" /> <property name="testingJars" value="${junit}:${asm}:${cglib}:${easymock}:${objenesis}:{unboundid}:${cadcLog}"/> <target name="single-test" depends="compile,compile-test,setup-test"> <target name="int-test" depends="build,compile-test,setup-test"> <echo message="Running test suite..."/> <junit printsummary="yes" haltonfailure="yes" fork="yes"> <classpath> Loading @@ -144,7 +160,7 @@ <pathelement path="${build}/test/class"/> <pathelement path="${jars}:${testingJars}"/> </classpath> <test name="ca.nrc.cadc.ac.admin.UserAdminTest" /> <test name="ca.nrc.cadc.ac.admin.integration.UserAdminIntTest"/> <formatter type="plain" usefile="false"/> </junit> </target> Loading
projects/cadcAccessControl-Admin/local.build.properties 0 → 100644 +2 −0 Original line number Diff line number Diff line java.source.version=1.7 java.target.version=1.7
projects/cadcAccessControl-Admin/src/ca/nrc/cadc/ac/admin/AbstractCommand.java +15 −12 Original line number Diff line number Diff line Loading @@ -74,12 +74,10 @@ import java.security.AccessControlException; import java.security.Principal; import java.security.PrivilegedAction; import org.apache.log4j.Logger; import ca.nrc.cadc.ac.server.PluginFactory; import ca.nrc.cadc.ac.server.UserPersistence; import ca.nrc.cadc.net.TransientException; /** * Provide attributes and methods that apply to all commands. * @author yeunga Loading @@ -87,16 +85,18 @@ import ca.nrc.cadc.net.TransientException; */ public abstract class AbstractCommand implements PrivilegedAction<Object> { private static final Logger log = Logger.getLogger(AbstractCommand.class); protected PrintStream systemOut = System.out; protected PrintStream systemErr = System.err; protected abstract void doRun() throws AccessControlException, TransientException; private UserPersistence<Principal> userPersistence; protected abstract void doRun() throws AccessControlException, TransientException; /** * Set the system out. * @param printStream * @param printStream The stream to write System.out to . */ public void setSystemOut(PrintStream printStream) { Loading @@ -105,7 +105,7 @@ public abstract class AbstractCommand implements PrivilegedAction<Object> /** * Set the system err. * @param printStream * @param printStream The stream to write System.err to. */ public void setSystemErr(PrintStream printStream) { Loading Loading @@ -134,11 +134,14 @@ public abstract class AbstractCommand implements PrivilegedAction<Object> return null; } protected <T extends Principal> UserPersistence<T> getUserPersistence() protected void setUserPersistence( final UserPersistence<Principal> userPersistence) { System.setProperty("java.naming.factory.initial", ContextFactoryImpl.class.getName()); this.userPersistence = userPersistence; } PluginFactory pluginFactory = new PluginFactory(); return pluginFactory.createUserPersistence(); public UserPersistence<Principal> getUserPersistence() { return userPersistence; } }
projects/cadcAccessControl-Admin/src/ca/nrc/cadc/ac/admin/CommandRunner.java 0 → 100644 +139 −0 Original line number Diff line number Diff line /* ************************************************************************ ******************* CANADIAN ASTRONOMY DATA CENTRE ******************* ************** CENTRE CANADIEN DE DONNÉES ASTRONOMIQUES ************** * * (c) 2015. (c) 2015. * Government of Canada Gouvernement du Canada * National Research Council Conseil national de recherches * Ottawa, Canada, K1A 0R6 Ottawa, Canada, K1A 0R6 * All rights reserved Tous droits réservés * * NRC disclaims any warranties, Le CNRC dénie toute garantie * expressed, implied, or énoncée, implicite ou légale, * statutory, of any kind with de quelque nature que ce * respect to the software, soit, concernant le logiciel, * including without limitation y compris sans restriction * any warranty of merchantability toute garantie de valeur * or fitness for a particular marchande ou de pertinence * purpose. NRC shall not be pour un usage particulier. * liable in any event for any Le CNRC ne pourra en aucun cas * damages, whether direct or être tenu responsable de tout * indirect, special or general, dommage, direct ou indirect, * consequential or incidental, particulier ou général, * arising from the use of the accessoire ou fortuit, résultant * software. Neither the name de l'utilisation du logiciel. Ni * of the National Research le nom du Conseil National de * Council of Canada nor the Recherches du Canada ni les noms * names of its contributors may de ses participants ne peuvent * be used to endorse or promote être utilisés pour approuver ou * products derived from this promouvoir les produits dérivés * software without specific prior de ce logiciel sans autorisation * written permission. préalable et particulière * par écrit. * * This file is part of the Ce fichier fait partie du projet * OpenCADC project. OpenCADC. * * OpenCADC is free software: OpenCADC est un logiciel libre ; * you can redistribute it and/or vous pouvez le redistribuer ou le * modify it under the terms of modifier suivant les termes de * the GNU Affero General Public la “GNU Affero General Public * License as published by the License” telle que publiée * Free Software Foundation, par la Free Software Foundation * either version 3 of the : soit la version 3 de cette * License, or (at your option) licence, soit (à votre gré) * any later version. toute version ultérieure. * * OpenCADC is distributed in the OpenCADC est distribué * hope that it will be useful, dans l’espoir qu’il vous * but WITHOUT ANY WARRANTY; sera utile, mais SANS AUCUNE * without even the implied GARANTIE : sans même la garantie * warranty of MERCHANTABILITY implicite de COMMERCIALISABILITÉ * or FITNESS FOR A PARTICULAR ni d’ADÉQUATION À UN OBJECTIF * PURPOSE. See the GNU Affero PARTICULIER. Consultez la Licence * General Public License for Générale Publique GNU Affero * more details. pour plus de détails. * * You should have received Vous devriez avoir reçu une * a copy of the GNU Affero copie de la Licence Générale * General Public License along Publique GNU Affero avec * with OpenCADC. If not, see OpenCADC ; si ce n’est * <http://www.gnu.org/licenses/>. pas le cas, consultez : * <http://www.gnu.org/licenses/>. * * ************************************************************************ */ package ca.nrc.cadc.ac.admin; import ca.nrc.cadc.ac.User; import ca.nrc.cadc.ac.UserNotFoundException; import ca.nrc.cadc.ac.server.UserPersistence; import ca.nrc.cadc.net.TransientException; import org.apache.log4j.Logger; import javax.security.auth.Subject; import java.security.Principal; public class CommandRunner { private final static Logger LOGGER = Logger.getLogger(CommandRunner.class); private final CmdLineParser commandLineParser; private final UserPersistence<Principal> userPersistence; public CommandRunner(final CmdLineParser commandLineParser, final UserPersistence<Principal> userPersistence) { this.commandLineParser = commandLineParser; this.userPersistence = userPersistence; } /** * Run a suitable action command. * */ public void run() throws UserNotFoundException, TransientException { if (commandLineParser.proceed()) { AbstractCommand command = commandLineParser.getCommand(); command.setUserPersistence(userPersistence); if (commandLineParser.getSubject() == null) { // no credential, but command works with an anonymous user LOGGER.debug("running as anon user"); command.run(); } else { Subject subject = commandLineParser.getSubject(); LOGGER.debug("running as " + subject); // augment the subject if (subject.getPrincipals().isEmpty()) { throw new RuntimeException("BUG: subject with no principals"); } Principal userID = subject.getPrincipals().iterator().next(); User<Principal> subjectUser = userPersistence.getAugmentedUser(userID); for (Principal identity : subjectUser.getIdentities()) { subject.getPrincipals().add(identity); } LOGGER.debug("augmented subject: " + subject); Subject.doAs(subject, command); } } else { throw new IllegalStateException("Not ready to proceed."); } } }
projects/cadcAccessControl-Admin/src/ca/nrc/cadc/ac/admin/ContextImpl.java +7 −6 Original line number Diff line number Diff line Loading @@ -71,33 +71,34 @@ package ca.nrc.cadc.ac.admin; import javax.naming.Binding; import javax.naming.Context; import javax.naming.InitialContext; import javax.naming.Name; import javax.naming.NameClassPair; import javax.naming.NameParser; import javax.naming.NamingEnumeration; import javax.naming.NamingException; import java.util.HashMap; import java.util.Hashtable; import java.util.Map; import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.ConcurrentMap; /** * A Simple JNDI context. */ public class ContextImpl implements Context { Map<String,Object> map = new HashMap<String,Object>(1); private final static ConcurrentMap<String,Object> POOL_MAP = new ConcurrentHashMap<>(1); @Override public Object lookup(String name) throws NamingException { return map.get(name); return POOL_MAP.get(name); } @Override public void bind(String name, Object value) throws NamingException { map.put(name, value); POOL_MAP.put(name, value); } @Override Loading
