Loading projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java +64 −7 Original line number Diff line number Diff line Loading @@ -535,8 +535,16 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO else if (memberDN.isDescendantOf(config.getGroupsDN(), false)) { ldapGroup.getGroupMembers().add(new Group( memberDN.getRDNString().replace("cn=", ""))); try { ldapGroup.getGroupMembers(). add(new Group(getGroupID(memberDN))); } catch(GroupNotFoundException e) { // ignore as we are not cleaning up // deleted groups from the group members } } else { Loading Loading @@ -603,7 +611,8 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO mods.add(new Modification(ModificationType.REPLACE, "description", group.description)); } List<String> newMembers = new ArrayList<String>(); Set<String> newMembers = new HashSet<String>(); for (User<?> member : group.getUserMembers()) { DN memberDN = userPersist.getUserDN(member); Loading @@ -618,7 +627,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO DN grDN = getGroupDN(gr.getID()); newMembers.add(grDN.toNormalizedString()); } List<String> newAdmins = new ArrayList<String>(); Set<String> newAdmins = new HashSet<String>(); for (User<?> member : group.getUserAdmins()) { DN memberDN = userPersist.getUserDN(member); Loading Loading @@ -908,13 +917,14 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO } /** * Returns a group based on its LDAP DN. The returned group is bare * (contains only group ID, description, modifytimestamp). * Returns a group based on its LDAP DN. The returned group does not contain * members or admins * * @param groupDN * @return * @throws com.unboundid.ldap.sdk.LDAPException * @throws ca.nrc.cadc.ac.GroupNotFoundException * @throws ca.nrc.cadc.ac.GroupNotFoundException - if group does not exist, * it's deleted or caller has no access to it. */ protected Group getGroup(final DN groupDN) throws LDAPException, GroupNotFoundException, UserNotFoundException Loading Loading @@ -956,6 +966,53 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO return group; } /** * Returns a group ID corresponding to a DN. Although the groupID can be * deduced from the group DN, this method checks if the group exists and * it's active and throws an exception if any of those conditions are not * met. * * @param groupDN * @return * @throws com.unboundid.ldap.sdk.LDAPException * @throws ca.nrc.cadc.ac.GroupNotFoundException - Group not found or not * active */ protected String getGroupID(final DN groupDN) throws LDAPException, GroupNotFoundException { Filter filter = Filter.createEqualityFilter("entrydn", groupDN.toNormalizedString()); SearchRequest searchRequest = new SearchRequest( config.getGroupsDN(), SearchScope.SUB, filter, "cn", "nsaccountlock"); searchRequest.addControl( new ProxiedAuthorizationV2RequestControl("dn:" + getSubjectDN().toNormalizedString())); SearchResultEntry searchResult = getConnection().searchForEntry(searchRequest); if (searchResult == null) { String msg = "Group not found " + groupDN; logger.debug(msg); throw new GroupNotFoundException(groupDN.toNormalizedString()); } if (searchResult.getAttribute("nsaccountlock") != null) { // deleted group String msg = "Group not found " + groupDN; logger.debug(msg); throw new GroupNotFoundException(groupDN.toNormalizedString()); } return searchResult.getAttributeValue("cn"); } /** * * @param groupID Loading projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/AddGroupMemberAction.java +1 −2 Original line number Diff line number Diff line Loading @@ -73,7 +73,6 @@ import ca.nrc.cadc.ac.GroupAlreadyExistsException; import ca.nrc.cadc.ac.server.GroupPersistence; import java.util.ArrayList; import java.util.List; import java.util.Set; public class AddGroupMemberAction extends GroupsAction { Loading @@ -93,7 +92,7 @@ public class AddGroupMemberAction extends GroupsAction { GroupPersistence groupPersistence = getGroupPersistence(); Group group = groupPersistence.getGroup(this.groupName); Group toAdd = groupPersistence.getGroup(this.groupMemberName); Group toAdd = new Group(this.groupMemberName); if (!group.getGroupMembers().add(toAdd)) { throw new GroupAlreadyExistsException(this.groupMemberName); Loading projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/AddUserMemberAction.java +2 −2 Original line number Diff line number Diff line Loading @@ -99,14 +99,14 @@ public class AddUserMemberAction extends GroupsAction throws Exception { GroupPersistence groupPersistence = getGroupPersistence(); UserPersistence userPersistence = getUserPersistence(); Group group = groupPersistence.getGroup(this.groupName); Principal userPrincipal = AuthenticationUtil.createPrincipal(this.userID, this.userIDType); User toAdd = userPersistence.getUser(userPrincipal); User<Principal> toAdd = new User(userPrincipal); if (!group.getUserMembers().add(toAdd)) { throw new MemberAlreadyExistsException(); } groupPersistence.modifyGroup(group); List<String> addedMembers = new ArrayList<String>(); Loading projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/GroupsAction.java +8 −8 Original line number Diff line number Diff line Loading @@ -132,56 +132,56 @@ public abstract class GroupsAction } catch (AccessControlException e) { log.debug(e); log.debug(e.getMessage(), e); String message = "Permission Denied"; this.logInfo.setMessage(message); sendError(403, message); } catch (IllegalArgumentException e) { log.debug(e); log.debug(e.getMessage(), e); String message = e.getMessage(); this.logInfo.setMessage(message); sendError(400, message); } catch (MemberNotFoundException e) { log.debug(e); log.debug(e.getMessage(), e); String message = "Member not found: " + e.getMessage(); this.logInfo.setMessage(message); sendError(404, message); } catch (GroupNotFoundException e) { log.debug(e); log.debug(e.getMessage(), e); String message = "Group not found: " + e.getMessage(); this.logInfo.setMessage(message); sendError(404, message); } catch (UserNotFoundException e) { log.debug(e); log.debug(e.getMessage(), e); String message = "User not found: " + e.getMessage(); this.logInfo.setMessage(message); sendError(404, message); } catch (MemberAlreadyExistsException e) { log.debug(e); log.debug(e.getMessage(), e); String message = "Member already exists: " + e.getMessage(); this.logInfo.setMessage(message); sendError(409, message); } catch (GroupAlreadyExistsException e) { log.debug(e); log.debug(e.getMessage(), e); String message = "Group already exists: " + e.getMessage(); this.logInfo.setMessage(message); sendError(409, message); } catch (UnsupportedOperationException e) { log.debug(e); log.debug(e.getMessage(), e); this.logInfo.setMessage("Not yet implemented."); sendError(501); } Loading projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/RemoveGroupMemberAction.java +1 −1 Original line number Diff line number Diff line Loading @@ -92,7 +92,7 @@ public class RemoveGroupMemberAction extends GroupsAction { GroupPersistence groupPersistence = getGroupPersistence(); Group group = groupPersistence.getGroup(this.groupName); Group toRemove = groupPersistence.getGroup(this.groupMemberName); Group toRemove = new Group(this.groupMemberName); if (!group.getGroupMembers().remove(toRemove)) { throw new GroupNotFoundException(this.groupMemberName); Loading Loading
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java +64 −7 Original line number Diff line number Diff line Loading @@ -535,8 +535,16 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO else if (memberDN.isDescendantOf(config.getGroupsDN(), false)) { ldapGroup.getGroupMembers().add(new Group( memberDN.getRDNString().replace("cn=", ""))); try { ldapGroup.getGroupMembers(). add(new Group(getGroupID(memberDN))); } catch(GroupNotFoundException e) { // ignore as we are not cleaning up // deleted groups from the group members } } else { Loading Loading @@ -603,7 +611,8 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO mods.add(new Modification(ModificationType.REPLACE, "description", group.description)); } List<String> newMembers = new ArrayList<String>(); Set<String> newMembers = new HashSet<String>(); for (User<?> member : group.getUserMembers()) { DN memberDN = userPersist.getUserDN(member); Loading @@ -618,7 +627,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO DN grDN = getGroupDN(gr.getID()); newMembers.add(grDN.toNormalizedString()); } List<String> newAdmins = new ArrayList<String>(); Set<String> newAdmins = new HashSet<String>(); for (User<?> member : group.getUserAdmins()) { DN memberDN = userPersist.getUserDN(member); Loading Loading @@ -908,13 +917,14 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO } /** * Returns a group based on its LDAP DN. The returned group is bare * (contains only group ID, description, modifytimestamp). * Returns a group based on its LDAP DN. The returned group does not contain * members or admins * * @param groupDN * @return * @throws com.unboundid.ldap.sdk.LDAPException * @throws ca.nrc.cadc.ac.GroupNotFoundException * @throws ca.nrc.cadc.ac.GroupNotFoundException - if group does not exist, * it's deleted or caller has no access to it. */ protected Group getGroup(final DN groupDN) throws LDAPException, GroupNotFoundException, UserNotFoundException Loading Loading @@ -956,6 +966,53 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO return group; } /** * Returns a group ID corresponding to a DN. Although the groupID can be * deduced from the group DN, this method checks if the group exists and * it's active and throws an exception if any of those conditions are not * met. * * @param groupDN * @return * @throws com.unboundid.ldap.sdk.LDAPException * @throws ca.nrc.cadc.ac.GroupNotFoundException - Group not found or not * active */ protected String getGroupID(final DN groupDN) throws LDAPException, GroupNotFoundException { Filter filter = Filter.createEqualityFilter("entrydn", groupDN.toNormalizedString()); SearchRequest searchRequest = new SearchRequest( config.getGroupsDN(), SearchScope.SUB, filter, "cn", "nsaccountlock"); searchRequest.addControl( new ProxiedAuthorizationV2RequestControl("dn:" + getSubjectDN().toNormalizedString())); SearchResultEntry searchResult = getConnection().searchForEntry(searchRequest); if (searchResult == null) { String msg = "Group not found " + groupDN; logger.debug(msg); throw new GroupNotFoundException(groupDN.toNormalizedString()); } if (searchResult.getAttribute("nsaccountlock") != null) { // deleted group String msg = "Group not found " + groupDN; logger.debug(msg); throw new GroupNotFoundException(groupDN.toNormalizedString()); } return searchResult.getAttributeValue("cn"); } /** * * @param groupID Loading
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/AddGroupMemberAction.java +1 −2 Original line number Diff line number Diff line Loading @@ -73,7 +73,6 @@ import ca.nrc.cadc.ac.GroupAlreadyExistsException; import ca.nrc.cadc.ac.server.GroupPersistence; import java.util.ArrayList; import java.util.List; import java.util.Set; public class AddGroupMemberAction extends GroupsAction { Loading @@ -93,7 +92,7 @@ public class AddGroupMemberAction extends GroupsAction { GroupPersistence groupPersistence = getGroupPersistence(); Group group = groupPersistence.getGroup(this.groupName); Group toAdd = groupPersistence.getGroup(this.groupMemberName); Group toAdd = new Group(this.groupMemberName); if (!group.getGroupMembers().add(toAdd)) { throw new GroupAlreadyExistsException(this.groupMemberName); Loading
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/AddUserMemberAction.java +2 −2 Original line number Diff line number Diff line Loading @@ -99,14 +99,14 @@ public class AddUserMemberAction extends GroupsAction throws Exception { GroupPersistence groupPersistence = getGroupPersistence(); UserPersistence userPersistence = getUserPersistence(); Group group = groupPersistence.getGroup(this.groupName); Principal userPrincipal = AuthenticationUtil.createPrincipal(this.userID, this.userIDType); User toAdd = userPersistence.getUser(userPrincipal); User<Principal> toAdd = new User(userPrincipal); if (!group.getUserMembers().add(toAdd)) { throw new MemberAlreadyExistsException(); } groupPersistence.modifyGroup(group); List<String> addedMembers = new ArrayList<String>(); Loading
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/GroupsAction.java +8 −8 Original line number Diff line number Diff line Loading @@ -132,56 +132,56 @@ public abstract class GroupsAction } catch (AccessControlException e) { log.debug(e); log.debug(e.getMessage(), e); String message = "Permission Denied"; this.logInfo.setMessage(message); sendError(403, message); } catch (IllegalArgumentException e) { log.debug(e); log.debug(e.getMessage(), e); String message = e.getMessage(); this.logInfo.setMessage(message); sendError(400, message); } catch (MemberNotFoundException e) { log.debug(e); log.debug(e.getMessage(), e); String message = "Member not found: " + e.getMessage(); this.logInfo.setMessage(message); sendError(404, message); } catch (GroupNotFoundException e) { log.debug(e); log.debug(e.getMessage(), e); String message = "Group not found: " + e.getMessage(); this.logInfo.setMessage(message); sendError(404, message); } catch (UserNotFoundException e) { log.debug(e); log.debug(e.getMessage(), e); String message = "User not found: " + e.getMessage(); this.logInfo.setMessage(message); sendError(404, message); } catch (MemberAlreadyExistsException e) { log.debug(e); log.debug(e.getMessage(), e); String message = "Member already exists: " + e.getMessage(); this.logInfo.setMessage(message); sendError(409, message); } catch (GroupAlreadyExistsException e) { log.debug(e); log.debug(e.getMessage(), e); String message = "Group already exists: " + e.getMessage(); this.logInfo.setMessage(message); sendError(409, message); } catch (UnsupportedOperationException e) { log.debug(e); log.debug(e.getMessage(), e); this.logInfo.setMessage("Not yet implemented."); sendError(501); } Loading
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/RemoveGroupMemberAction.java +1 −1 Original line number Diff line number Diff line Loading @@ -92,7 +92,7 @@ public class RemoveGroupMemberAction extends GroupsAction { GroupPersistence groupPersistence = getGroupPersistence(); Group group = groupPersistence.getGroup(this.groupName); Group toRemove = groupPersistence.getGroup(this.groupMemberName); Group toRemove = new Group(this.groupMemberName); if (!group.getGroupMembers().remove(toRemove)) { throw new GroupNotFoundException(this.groupMemberName); Loading
