Loading cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupPersistence.java +12 −2 Original line number Diff line number Diff line Loading @@ -92,6 +92,7 @@ import ca.nrc.cadc.ac.server.GroupPersistence; import ca.nrc.cadc.auth.AuthMethod; import ca.nrc.cadc.auth.AuthenticationUtil; import ca.nrc.cadc.auth.DNPrincipal; import ca.nrc.cadc.auth.HttpPrincipal; import ca.nrc.cadc.net.TransientException; import ca.nrc.cadc.util.ObjectUtil; Loading Loading @@ -125,8 +126,7 @@ public class LdapGroupPersistence extends LdapPersistence implements GroupPersis { // current policy: group names visible to all authenticated users Subject caller = AuthenticationUtil.getCurrentSubject(); if (caller == null || AuthMethod.ANON.equals(AuthenticationUtil.getAuthMethod(caller))) throw new AccessControlException("Caller is not authenticated"); checkAuthenticatedWithAccount(caller); LdapGroupDAO groupDAO = null; LdapUserDAO userDAO = null; Loading Loading @@ -175,6 +175,7 @@ public class LdapGroupPersistence extends LdapPersistence implements GroupPersis GroupNotFoundException { Subject caller = AuthenticationUtil.getCurrentSubject(); checkAuthenticatedWithAccount(caller); Principal userID = getUser(caller); LdapConnections conns = new LdapConnections(this); Loading Loading @@ -395,4 +396,13 @@ public class LdapGroupPersistence extends LdapPersistence implements GroupPersis GroupMemberships gms = gset.iterator().next(); return gms.getUserID(); } private void checkAuthenticatedWithAccount(Subject caller) { if (caller == null || AuthMethod.ANON.equals(AuthenticationUtil.getAuthMethod(caller))) throw new AccessControlException("Caller is not authenticated"); if (caller.getPrincipals(HttpPrincipal.class).isEmpty()) throw new AccessControlException("Caller does not have authorized account"); } } cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserPersistence.java +4 −0 Original line number Diff line number Diff line Loading @@ -290,6 +290,10 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste if (caller == null || AuthMethod.ANON.equals(AuthenticationUtil.getAuthMethod(caller))) throw new AccessControlException("Caller is not authenticated"); // user must also have an approved account if (caller.getPrincipals(HttpPrincipal.class).isEmpty()) throw new AccessControlException("Caller does not have authorized account"); LdapUserDAO userDAO = null; LdapConnections conns = new LdapConnections(this); try Loading Loading
cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupPersistence.java +12 −2 Original line number Diff line number Diff line Loading @@ -92,6 +92,7 @@ import ca.nrc.cadc.ac.server.GroupPersistence; import ca.nrc.cadc.auth.AuthMethod; import ca.nrc.cadc.auth.AuthenticationUtil; import ca.nrc.cadc.auth.DNPrincipal; import ca.nrc.cadc.auth.HttpPrincipal; import ca.nrc.cadc.net.TransientException; import ca.nrc.cadc.util.ObjectUtil; Loading Loading @@ -125,8 +126,7 @@ public class LdapGroupPersistence extends LdapPersistence implements GroupPersis { // current policy: group names visible to all authenticated users Subject caller = AuthenticationUtil.getCurrentSubject(); if (caller == null || AuthMethod.ANON.equals(AuthenticationUtil.getAuthMethod(caller))) throw new AccessControlException("Caller is not authenticated"); checkAuthenticatedWithAccount(caller); LdapGroupDAO groupDAO = null; LdapUserDAO userDAO = null; Loading Loading @@ -175,6 +175,7 @@ public class LdapGroupPersistence extends LdapPersistence implements GroupPersis GroupNotFoundException { Subject caller = AuthenticationUtil.getCurrentSubject(); checkAuthenticatedWithAccount(caller); Principal userID = getUser(caller); LdapConnections conns = new LdapConnections(this); Loading Loading @@ -395,4 +396,13 @@ public class LdapGroupPersistence extends LdapPersistence implements GroupPersis GroupMemberships gms = gset.iterator().next(); return gms.getUserID(); } private void checkAuthenticatedWithAccount(Subject caller) { if (caller == null || AuthMethod.ANON.equals(AuthenticationUtil.getAuthMethod(caller))) throw new AccessControlException("Caller is not authenticated"); if (caller.getPrincipals(HttpPrincipal.class).isEmpty()) throw new AccessControlException("Caller does not have authorized account"); } }
cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserPersistence.java +4 −0 Original line number Diff line number Diff line Loading @@ -290,6 +290,10 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste if (caller == null || AuthMethod.ANON.equals(AuthenticationUtil.getAuthMethod(caller))) throw new AccessControlException("Caller is not authenticated"); // user must also have an approved account if (caller.getPrincipals(HttpPrincipal.class).isEmpty()) throw new AccessControlException("Caller does not have authorized account"); LdapUserDAO userDAO = null; LdapConnections conns = new LdapConnections(this); try Loading
