Loading cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupPersistence.java +12 −2 Original line number Original line Diff line number Diff line Loading @@ -92,6 +92,7 @@ import ca.nrc.cadc.ac.server.GroupPersistence; import ca.nrc.cadc.auth.AuthMethod; import ca.nrc.cadc.auth.AuthMethod; import ca.nrc.cadc.auth.AuthenticationUtil; import ca.nrc.cadc.auth.AuthenticationUtil; import ca.nrc.cadc.auth.DNPrincipal; import ca.nrc.cadc.auth.DNPrincipal; import ca.nrc.cadc.auth.HttpPrincipal; import ca.nrc.cadc.net.TransientException; import ca.nrc.cadc.net.TransientException; import ca.nrc.cadc.util.ObjectUtil; import ca.nrc.cadc.util.ObjectUtil; Loading Loading @@ -125,8 +126,7 @@ public class LdapGroupPersistence extends LdapPersistence implements GroupPersis { { // current policy: group names visible to all authenticated users // current policy: group names visible to all authenticated users Subject caller = AuthenticationUtil.getCurrentSubject(); Subject caller = AuthenticationUtil.getCurrentSubject(); if (caller == null || AuthMethod.ANON.equals(AuthenticationUtil.getAuthMethod(caller))) checkAuthenticatedWithAccount(caller); throw new AccessControlException("Caller is not authenticated"); LdapGroupDAO groupDAO = null; LdapGroupDAO groupDAO = null; LdapUserDAO userDAO = null; LdapUserDAO userDAO = null; Loading Loading @@ -175,6 +175,7 @@ public class LdapGroupPersistence extends LdapPersistence implements GroupPersis GroupNotFoundException GroupNotFoundException { { Subject caller = AuthenticationUtil.getCurrentSubject(); Subject caller = AuthenticationUtil.getCurrentSubject(); checkAuthenticatedWithAccount(caller); Principal userID = getUser(caller); Principal userID = getUser(caller); LdapConnections conns = new LdapConnections(this); LdapConnections conns = new LdapConnections(this); Loading Loading @@ -395,4 +396,13 @@ public class LdapGroupPersistence extends LdapPersistence implements GroupPersis GroupMemberships gms = gset.iterator().next(); GroupMemberships gms = gset.iterator().next(); return gms.getUserID(); return gms.getUserID(); } } private void checkAuthenticatedWithAccount(Subject caller) { if (caller == null || AuthMethod.ANON.equals(AuthenticationUtil.getAuthMethod(caller))) throw new AccessControlException("Caller is not authenticated"); if (caller.getPrincipals(HttpPrincipal.class).isEmpty()) throw new AccessControlException("Caller does not have authorized account"); } } } cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserPersistence.java +4 −0 Original line number Original line Diff line number Diff line Loading @@ -290,6 +290,10 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste if (caller == null || AuthMethod.ANON.equals(AuthenticationUtil.getAuthMethod(caller))) if (caller == null || AuthMethod.ANON.equals(AuthenticationUtil.getAuthMethod(caller))) throw new AccessControlException("Caller is not authenticated"); throw new AccessControlException("Caller is not authenticated"); // user must also have an approved account if (caller.getPrincipals(HttpPrincipal.class).isEmpty()) throw new AccessControlException("Caller does not have authorized account"); LdapUserDAO userDAO = null; LdapUserDAO userDAO = null; LdapConnections conns = new LdapConnections(this); LdapConnections conns = new LdapConnections(this); try try Loading Loading
cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupPersistence.java +12 −2 Original line number Original line Diff line number Diff line Loading @@ -92,6 +92,7 @@ import ca.nrc.cadc.ac.server.GroupPersistence; import ca.nrc.cadc.auth.AuthMethod; import ca.nrc.cadc.auth.AuthMethod; import ca.nrc.cadc.auth.AuthenticationUtil; import ca.nrc.cadc.auth.AuthenticationUtil; import ca.nrc.cadc.auth.DNPrincipal; import ca.nrc.cadc.auth.DNPrincipal; import ca.nrc.cadc.auth.HttpPrincipal; import ca.nrc.cadc.net.TransientException; import ca.nrc.cadc.net.TransientException; import ca.nrc.cadc.util.ObjectUtil; import ca.nrc.cadc.util.ObjectUtil; Loading Loading @@ -125,8 +126,7 @@ public class LdapGroupPersistence extends LdapPersistence implements GroupPersis { { // current policy: group names visible to all authenticated users // current policy: group names visible to all authenticated users Subject caller = AuthenticationUtil.getCurrentSubject(); Subject caller = AuthenticationUtil.getCurrentSubject(); if (caller == null || AuthMethod.ANON.equals(AuthenticationUtil.getAuthMethod(caller))) checkAuthenticatedWithAccount(caller); throw new AccessControlException("Caller is not authenticated"); LdapGroupDAO groupDAO = null; LdapGroupDAO groupDAO = null; LdapUserDAO userDAO = null; LdapUserDAO userDAO = null; Loading Loading @@ -175,6 +175,7 @@ public class LdapGroupPersistence extends LdapPersistence implements GroupPersis GroupNotFoundException GroupNotFoundException { { Subject caller = AuthenticationUtil.getCurrentSubject(); Subject caller = AuthenticationUtil.getCurrentSubject(); checkAuthenticatedWithAccount(caller); Principal userID = getUser(caller); Principal userID = getUser(caller); LdapConnections conns = new LdapConnections(this); LdapConnections conns = new LdapConnections(this); Loading Loading @@ -395,4 +396,13 @@ public class LdapGroupPersistence extends LdapPersistence implements GroupPersis GroupMemberships gms = gset.iterator().next(); GroupMemberships gms = gset.iterator().next(); return gms.getUserID(); return gms.getUserID(); } } private void checkAuthenticatedWithAccount(Subject caller) { if (caller == null || AuthMethod.ANON.equals(AuthenticationUtil.getAuthMethod(caller))) throw new AccessControlException("Caller is not authenticated"); if (caller.getPrincipals(HttpPrincipal.class).isEmpty()) throw new AccessControlException("Caller does not have authorized account"); } } }
cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserPersistence.java +4 −0 Original line number Original line Diff line number Diff line Loading @@ -290,6 +290,10 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste if (caller == null || AuthMethod.ANON.equals(AuthenticationUtil.getAuthMethod(caller))) if (caller == null || AuthMethod.ANON.equals(AuthenticationUtil.getAuthMethod(caller))) throw new AccessControlException("Caller is not authenticated"); throw new AccessControlException("Caller is not authenticated"); // user must also have an approved account if (caller.getPrincipals(HttpPrincipal.class).isEmpty()) throw new AccessControlException("Caller does not have authorized account"); LdapUserDAO userDAO = null; LdapUserDAO userDAO = null; LdapConnections conns = new LdapConnections(this); LdapConnections conns = new LdapConnections(this); try try Loading
