Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
OATS-CADC
ac
Commits
3f22fd66
Commit
3f22fd66
authored
Nov 07, 2016
by
Brian Major
Browse files
issue-10 - more work towards full group URI use.
parent
1fd509e1
Changes
6
Hide whitespace changes
Inline
Side-by-side
cadc-access-control-server/src/main/java/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java
View file @
3f22fd66
...
...
@@ -70,7 +70,6 @@ package ca.nrc.cadc.ac.server.ldap;
import
java.lang.reflect.Field
;
import
java.net.URI
;
import
java.net.URISyntaxException
;
import
java.security.AccessControlException
;
import
java.util.ArrayList
;
import
java.util.Collection
;
...
...
@@ -753,55 +752,47 @@ public class LdapGroupDAO extends LdapDAO
private
Group
createGroupFromSearchResult
(
SearchResultEntry
result
,
String
[]
attributes
)
throws
LDAPException
,
TransientException
{
try
if
(
result
.
getAttribute
(
LDAP_NSACCOUNTLOCK
)
!=
null
)
{
if
(
result
.
getAttribute
(
LDAP_NSACCOUNTLOCK
)
!=
null
)
{
throw
new
RuntimeException
(
"BUG: found group with nsaccountlock set: "
+
result
.
getAttributeValue
(
LDAP_ENTRYDN
));
}
throw
new
RuntimeException
(
"BUG: found group with nsaccountlock set: "
+
result
.
getAttributeValue
(
LDAP_ENTRYDN
));
}
String
entryDN
=
result
.
getAttributeValue
(
LDAP_ENTRYDN
);
String
groupName
=
result
.
getAttributeValue
(
LDAP_CN
);
LocalAuthority
localAuthority
=
new
LocalAuthority
();
URI
gmsServiceID
=
localAuthority
.
getServiceURI
(
Standards
.
GMS_GROUPS_01
.
toString
());
if
(
attributes
==
PUB_GROUP_ATTRS
)
{
GroupURI
groupID
=
new
GroupURI
(
gmsServiceID
.
toString
()
+
"?"
+
groupName
);
return
new
Group
(
groupID
);
}
String
entryDN
=
result
.
getAttributeValue
(
LDAP_ENTRYDN
);
String
groupName
=
result
.
getAttributeValue
(
LDAP_CN
);
LocalAuthority
localAuthority
=
new
LocalAuthority
();
URI
gmsServiceID
=
localAuthority
.
getServiceURI
(
Standards
.
GMS_GROUPS_01
.
toString
());
if
(
attributes
==
PUB_GROUP_ATTRS
)
{
GroupURI
groupID
=
new
GroupURI
(
gmsServiceID
.
toString
()
+
"?"
+
groupName
);
return
new
Group
(
groupID
);
}
String
ownerDN
=
result
.
getAttributeValue
(
LDAP_OWNER
);
if
(
ownerDN
==
null
)
{
throw
new
AccessControlException
(
groupName
);
}
try
String
ownerDN
=
result
.
getAttributeValue
(
LDAP_OWNER
);
if
(
ownerDN
==
null
)
{
throw
new
AccessControlException
(
groupName
);
}
try
{
User
owner
=
userDAO
.
getUser
(
new
DNPrincipal
(
ownerDN
));
GroupURI
groupID
=
new
GroupURI
(
gmsServiceID
.
toString
()
+
"?"
+
groupName
);
Group
group
=
new
Group
(
groupID
);
setField
(
group
,
owner
,
LDAP_OWNER
);
if
(
result
.
hasAttribute
(
LDAP_DESCRIPTION
))
{
User
owner
=
userDAO
.
getUser
(
new
DNPrincipal
(
ownerDN
));
GroupURI
groupID
=
new
GroupURI
(
gmsServiceID
.
toString
()
+
"?"
+
groupName
);
Group
group
=
new
Group
(
groupID
);
setField
(
group
,
owner
,
LDAP_OWNER
);
if
(
result
.
hasAttribute
(
LDAP_DESCRIPTION
))
{
group
.
description
=
result
.
getAttributeValue
(
LDAP_DESCRIPTION
);
}
if
(
result
.
hasAttribute
(
LDAP_MODIFY_TIMESTAMP
))
{
group
.
lastModified
=
result
.
getAttributeValueAsDate
(
LDAP_MODIFY_TIMESTAMP
);
}
return
group
;
group
.
description
=
result
.
getAttributeValue
(
LDAP_DESCRIPTION
);
}
catch
(
UserNotFoundException
ex
)
if
(
result
.
hasAttribute
(
LDAP_MODIFY_TIMESTAMP
)
)
{
throw
new
RuntimeException
(
"Invalid state: owner does not exist: "
+
ownerDN
+
" group: "
+
entryDN
);
group
.
lastModified
=
result
.
getAttributeValueAsDate
(
LDAP_MODIFY_TIMESTAMP
);
}
return
group
;
}
catch
(
U
RISyntax
Exception
e
)
catch
(
U
serNotFound
Exception
e
x
)
{
logger
.
error
(
"
i
nvalid
group URI"
,
e
);
thr
ow
ne
w
IllegalStateException
(
"Invalid group URI"
,
e
);
throw
new
RuntimeException
(
"
I
nvalid
state: owner does not exist: "
+
owne
rDN
+
" group: "
+
entryDN
);
}
}
...
...
cadc-access-control-server/src/main/java/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java
View file @
3f22fd66
...
...
@@ -788,16 +788,8 @@ public class LdapUserDAO extends LdapDAO
String
[]
parts
=
cn
.
split
(
"="
);
if
(
parts
.
length
==
2
&&
parts
[
0
].
equals
(
"cn"
))
{
try
{
GroupURI
groupID
=
new
GroupURI
(
gmsServiceURI
.
toString
()
+
"?"
+
parts
[
1
]);
return
new
Group
(
groupID
);
}
catch
(
URISyntaxException
e
)
{
logger
.
error
(
"Illegal Group ID"
,
e
);
throw
new
IllegalStateException
(
"Illegal Group ID"
,
e
);
}
GroupURI
groupID
=
new
GroupURI
(
gmsServiceURI
.
toString
()
+
"?"
+
parts
[
1
]);
return
new
Group
(
groupID
);
}
throw
new
RuntimeException
(
"BUG: failed to extract group name from "
+
groupDN
.
toString
());
...
...
cadc-access-control/src/main/java/ca/nrc/cadc/ac/GroupURI.java
View file @
3f22fd66
...
...
@@ -82,10 +82,8 @@ public class GroupURI
{
private
static
Logger
log
=
Logger
.
getLogger
(
GroupURI
.
class
);
public
static
final
String
SCHEME
=
"ivo"
;
public
static
final
String
PATH
=
"/gms"
;
private
URI
uri
;
private
String
name
;
/**
* Attempts to create a URI using the specified uri. The is expected
...
...
@@ -104,26 +102,12 @@ public class GroupURI
throw
new
IllegalArgumentException
(
"Null URI"
);
}
String
fragment
=
uri
.
getFragment
();
if
(
fragment
!=
null
&&
fragment
.
length
()
>
0
)
{
throw
new
IllegalArgumentException
(
"Fragment not allowed in group URIs"
);
}
try
{
this
.
uri
=
new
URI
(
uri
.
getScheme
(),
uri
.
getAuthority
(),
uri
.
getPath
(),
uri
.
getQuery
(),
fragment
);
}
catch
(
URISyntaxException
e
)
{
throw
new
IllegalArgumentException
(
"URI malformed: "
+
uri
.
toString
());
}
this
.
uri
=
uri
;
// Ensure the scheme is correct
if
(
uri
.
getScheme
()
==
null
||
!
uri
.
getScheme
().
equalsIgnoreCase
(
SCHEME
)
)
if
(
uri
.
getScheme
()
==
null
)
{
throw
new
IllegalArgumentException
(
"GroupURI scheme
must be "
+
SCHEME
);
throw
new
IllegalArgumentException
(
"GroupURI scheme
is required."
);
}
if
(
uri
.
getAuthority
()
==
null
)
...
...
@@ -131,20 +115,38 @@ public class GroupURI
throw
new
IllegalArgumentException
(
"Group authority is required."
);
}
if
(
uri
.
getPath
()
==
null
||
!
uri
.
getPath
().
equalsIgnoreCase
(
PATH
)
)
if
(
uri
.
getPath
()
==
null
||
uri
.
getPath
().
length
()
==
0
)
{
if
(
PATH
.
contains
(
uri
.
getAuthority
()))
throw
new
IllegalArgumentException
(
"Missing authority and/or path."
);
}
log
.
debug
(
"URI: "
+
uri
);
log
.
debug
(
" scheme: "
+
uri
.
getScheme
());
log
.
debug
(
" authority: "
+
uri
.
getAuthority
());
log
.
debug
(
" path: "
+
uri
.
getPath
());
String
fragment
=
uri
.
getFragment
();
String
query
=
uri
.
getQuery
();
if
(
query
==
null
)
{
if
(
fragment
!=
null
)
{
throw
new
IllegalArgumentException
(
"Missing authority"
);
// allow the fragment to define the group name (old style)
name
=
fragment
;
}
else
{
throw
new
IllegalArgumentException
(
"Group name is required."
);
}
throw
new
IllegalArgumentException
(
"GroupURI path must be "
+
PATH
);
}
if
(
uri
.
getQuery
()
==
null
)
else
{
throw
new
IllegalArgumentException
(
"Group name is required."
);
if
(
fragment
!=
null
)
{
throw
new
IllegalArgumentException
(
"Fragment not allowed in group URIs"
);
}
name
=
query
;
}
}
/**
...
...
@@ -152,9 +154,8 @@ public class GroupURI
* that takes a URI object.
*/
public
GroupURI
(
String
uri
)
throws
URISyntaxException
{
this
(
new
URI
(
uri
));
this
(
URI
.
create
(
uri
));
}
@Override
...
...
@@ -167,7 +168,7 @@ public class GroupURI
if
(
rhs
instanceof
GroupURI
)
{
GroupURI
vu
=
(
GroupURI
)
rhs
;
return
uri
.
equals
(
vu
.
uri
);
return
uri
.
toString
().
equals
(
vu
.
uri
.
toString
()
);
}
return
false
;
}
...
...
@@ -199,7 +200,7 @@ public class GroupURI
*/
public
String
getName
()
{
return
uri
.
getQuery
()
;
return
name
;
}
public
URI
getServiceID
()
...
...
@@ -222,7 +223,7 @@ public class GroupURI
@Override
public
String
toString
()
{
return
uri
.
toString
()
;
return
getServiceID
()
+
"?"
+
name
;
}
}
cadc-access-control/src/main/java/ca/nrc/cadc/ac/xml/AbstractReaderWriter.java
View file @
3f22fd66
...
...
@@ -489,19 +489,7 @@ public abstract class AbstractReaderWriter
user
=
getUser
(
userElement
);
}
GroupURI
groupURI
=
null
;
try
{
groupURI
=
new
GroupURI
(
uri
);
}
catch
(
URISyntaxException
e
)
{
throw
new
ReaderException
(
"Invalid uri: "
+
uri
+
": "
+
e
.
getMessage
());
}
catch
(
IllegalArgumentException
e
)
{
throw
new
ReaderException
(
"Invalid group uri: "
+
uri
+
": "
+
e
.
getMessage
());
}
GroupURI
groupURI
=
new
GroupURI
(
uri
);
Group
group
=
new
Group
(
groupURI
);
// set owner field
...
...
cadc-access-control/src/test/java/ca/nrc/cadc/ac/GroupTest.java
View file @
3f22fd66
...
...
@@ -165,7 +165,7 @@ public class GroupTest
{
new
Group
(
new
GroupURI
(
"ivo://example.org/New%Test%Group"
));
}
catch
(
URISyntax
Exception
e
)
catch
(
IllegalArgument
Exception
e
)
{
thrown
=
true
;
}
...
...
@@ -176,7 +176,7 @@ public class GroupTest
{
new
Group
(
new
GroupURI
(
"ivo://example.org/New\\Test\\Group"
));
}
catch
(
URISyntax
Exception
e
)
catch
(
IllegalArgument
Exception
e
)
{
thrown
=
true
;
}
...
...
cadc-access-control/src/test/java/ca/nrc/cadc/ac/GroupURITest.java
View file @
3f22fd66
...
...
@@ -15,7 +15,7 @@ public class GroupURITest
static
{
Log4jInit
.
setLevel
(
"ca.nrc.cadc.ac"
,
Level
.
INFO
);
Log4jInit
.
setLevel
(
"ca.nrc.cadc.ac"
,
Level
.
DEBUG
);
}
@Test
...
...
@@ -23,17 +23,14 @@ public class GroupURITest
{
try
{
// wrong scheme
assertIllegalArgument
(
"iko://cadc.nrc.ca/gms?gname"
,
"scheme"
);
// fragment instead of query
assertIllegalArgument
(
"ivo://cadc.nrc.ca/gms#gname"
,
"fragment"
);
// no scheme
assertIllegalArgument
(
"example.org/gms?gname"
,
"scheme"
);
// no authority
assertIllegalArgument
(
"ivo://gms?gname"
,
"authority"
);
//
extended path in group
assertIllegalArgument
(
"ivo://
cadc.nrc.ca/gms/path?
gname"
,
"
path
"
);
//
no path
assertIllegalArgument
(
"ivo://
example.org/
gname"
,
"
name
"
);
}
catch
(
Throwable
t
)
{
...
...
@@ -43,7 +40,7 @@ public class GroupURITest
}
@Test
public
void
testCorrect
()
public
void
testCorrect
1
()
{
try
{
...
...
@@ -53,6 +50,26 @@ public class GroupURITest
Assert
.
assertEquals
(
"/gms"
,
g
.
getURI
().
getPath
());
Assert
.
assertEquals
(
"name"
,
g
.
getName
());
Assert
.
assertEquals
(
"ivo://my.authority/gms"
,
g
.
getServiceID
().
toString
());
Assert
.
assertEquals
(
"ivo://my.authority/gms?name"
,
g
.
toString
());
}
catch
(
Throwable
t
)
{
log
.
error
(
"Test Failed"
,
t
);
}
}
@Test
public
void
testCorrect2
()
{
try
{
GroupURI
g
=
new
GroupURI
(
"ivo://my.authority/gms#name"
);
Assert
.
assertEquals
(
"ivo"
,
g
.
getURI
().
getScheme
());
Assert
.
assertEquals
(
"my.authority"
,
g
.
getAuthority
());
Assert
.
assertEquals
(
"/gms"
,
g
.
getURI
().
getPath
());
Assert
.
assertEquals
(
"name"
,
g
.
getName
());
Assert
.
assertEquals
(
"ivo://my.authority/gms"
,
g
.
getServiceID
().
toString
());
Assert
.
assertEquals
(
"ivo://my.authority/gms?name"
,
g
.
toString
());
}
catch
(
Throwable
t
)
{
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment