Loading projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java +28 −6 Original line number Diff line number Diff line Loading @@ -79,15 +79,13 @@ import javax.security.auth.x500.X500Principal; import org.apache.log4j.Logger; import ca.nrc.cadc.ac.Group; import ca.nrc.cadc.ac.PersonalDetails; import ca.nrc.cadc.ac.User; import ca.nrc.cadc.ac.UserNotFoundException; import ca.nrc.cadc.auth.AuthenticationUtil; import ca.nrc.cadc.auth.HttpPrincipal; import ca.nrc.cadc.net.TransientException; import com.unboundid.ldap.sdk.CompareRequest; import com.unboundid.ldap.sdk.CompareResult; import com.unboundid.ldap.sdk.DN; import com.unboundid.ldap.sdk.Filter; import com.unboundid.ldap.sdk.LDAPException; Loading Loading @@ -129,6 +127,8 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO memberAttribs = tmp; } /** * Get the user specified by userID. * Loading Loading @@ -408,8 +408,10 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO "Unsupported principal type " + user.getUserID().getClass()); } String name = getUserName(searchField, user); searchField = "(" + searchField + "=" + user.getUserID().getName() + ")"; name + ")"; SearchResultEntry searchResult = null; try Loading @@ -426,14 +428,34 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO LdapDAO.checkLdapResult(e.getResultCode()); } if (searchResult == null) { String msg = "User not found " + user.getUserID().toString(); String msg = "User not found " + name; logger.debug(msg); throw new UserNotFoundException(msg); } return searchResult.getAttributeValueAsDN("entrydn"); } /** * If the principal is of type x500, canonize the name for the * search. * * @param searchField * @param user * @return */ private String getUserName(String searchField, User<? extends Principal> user) { if (searchField != null) { if (searchField.equals("distinguishedname")) { return AuthenticationUtil.canonizeDistinguishedName(user.getUserID().getName()); } return user.getUserID().getName(); } return null; } } projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/ACSearchRunner.java +49 −14 Original line number Diff line number Diff line Loading @@ -74,8 +74,11 @@ import java.security.AccessController; import java.security.Principal; import java.util.Collection; import java.util.Date; import java.util.Iterator; import java.util.Set; import javax.security.auth.Subject; import javax.security.auth.x500.X500Principal; import javax.servlet.http.HttpServletResponse; import org.apache.log4j.Logger; Loading @@ -87,6 +90,8 @@ import ca.nrc.cadc.ac.UserNotFoundException; import ca.nrc.cadc.ac.server.GroupPersistence; import ca.nrc.cadc.ac.server.PluginFactory; import ca.nrc.cadc.ac.server.RequestValidator; import ca.nrc.cadc.auth.AuthenticationUtil; import ca.nrc.cadc.auth.HttpPrincipal; import ca.nrc.cadc.net.TransientException; import ca.nrc.cadc.uws.ExecutionPhase; import ca.nrc.cadc.uws.Job; Loading Loading @@ -125,15 +130,31 @@ public class ACSearchRunner implements JobRunner @Override public void run() { log.debug("RUN ACSearchRunner: " + job.ownerSubject); AccessControlContext acContext = AccessController.getContext(); Subject subject = Subject.getSubject(acContext); log.debug("RUN ACSearchRunner: " + subject); if (log.isDebugEnabled()) { Set<Principal> principals = subject.getPrincipals(); Iterator<Principal> i = principals.iterator(); while (i.hasNext()) { Principal next = i.next(); log.debug("Principal " + next.getClass().getSimpleName() + ": " + next.getName()); } } logInfo = new JobLogInfo(job); logInfo.setSubject(subject); String startMessage = logInfo.start(); log.info(startMessage); long t1 = System.currentTimeMillis(); search(); search(subject); long t2 = System.currentTimeMillis(); logInfo.setElapsedTime(t2 - t1); Loading @@ -143,7 +164,7 @@ public class ACSearchRunner implements JobRunner } @SuppressWarnings("unchecked") private void search() private void search(Subject subject) { // Note: This search runner is customized to run with Loading @@ -156,8 +177,6 @@ public class ACSearchRunner implements JobRunner try { ExecutionPhase ep = jobUpdater.setPhase(job.getID(), ExecutionPhase.QUEUED, ExecutionPhase.EXECUTING, new Date()); Loading @@ -172,20 +191,36 @@ public class ACSearchRunner implements JobRunner // only allow users to search themselves... Principal userBeingSearched = rv.getPrincipal(); if (userBeingSearched != null) { AccessControlContext acContext = AccessController.getContext(); Subject subject = Subject.getSubject(acContext); boolean idMatch = false; for (Principal p : subject.getPrincipals()) if (userBeingSearched instanceof X500Principal) { Set<X500Principal> x500Principals = subject.getPrincipals(X500Principal.class); Iterator<X500Principal> i = x500Principals.iterator(); while (i.hasNext()) { if (p.equals(userBeingSearched)) X500Principal next = i.next(); log.debug(String.format("Comparing x500: [%s][%s]", next.getName(), userBeingSearched.getName())); if (AuthenticationUtil.equals(next, userBeingSearched)) idMatch = true; } } else if (userBeingSearched instanceof HttpPrincipal) { Set<HttpPrincipal> httpPrincipals = subject.getPrincipals(HttpPrincipal.class); Iterator<HttpPrincipal> i = httpPrincipals.iterator(); while (i.hasNext()) { HttpPrincipal next = i.next(); log.debug(String.format("Comparing http: [%s][%s]", next.getName(), userBeingSearched.getName())); if (next.equals(userBeingSearched)) idMatch = true; } } if (!idMatch) throw new AccessControlException("Can only search oneself."); } PluginFactory factory = new PluginFactory(); GroupPersistence dao = factory.getGroupPersistence(); Loading Loading
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java +28 −6 Original line number Diff line number Diff line Loading @@ -79,15 +79,13 @@ import javax.security.auth.x500.X500Principal; import org.apache.log4j.Logger; import ca.nrc.cadc.ac.Group; import ca.nrc.cadc.ac.PersonalDetails; import ca.nrc.cadc.ac.User; import ca.nrc.cadc.ac.UserNotFoundException; import ca.nrc.cadc.auth.AuthenticationUtil; import ca.nrc.cadc.auth.HttpPrincipal; import ca.nrc.cadc.net.TransientException; import com.unboundid.ldap.sdk.CompareRequest; import com.unboundid.ldap.sdk.CompareResult; import com.unboundid.ldap.sdk.DN; import com.unboundid.ldap.sdk.Filter; import com.unboundid.ldap.sdk.LDAPException; Loading Loading @@ -129,6 +127,8 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO memberAttribs = tmp; } /** * Get the user specified by userID. * Loading Loading @@ -408,8 +408,10 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO "Unsupported principal type " + user.getUserID().getClass()); } String name = getUserName(searchField, user); searchField = "(" + searchField + "=" + user.getUserID().getName() + ")"; name + ")"; SearchResultEntry searchResult = null; try Loading @@ -426,14 +428,34 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO LdapDAO.checkLdapResult(e.getResultCode()); } if (searchResult == null) { String msg = "User not found " + user.getUserID().toString(); String msg = "User not found " + name; logger.debug(msg); throw new UserNotFoundException(msg); } return searchResult.getAttributeValueAsDN("entrydn"); } /** * If the principal is of type x500, canonize the name for the * search. * * @param searchField * @param user * @return */ private String getUserName(String searchField, User<? extends Principal> user) { if (searchField != null) { if (searchField.equals("distinguishedname")) { return AuthenticationUtil.canonizeDistinguishedName(user.getUserID().getName()); } return user.getUserID().getName(); } return null; } }
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/ACSearchRunner.java +49 −14 Original line number Diff line number Diff line Loading @@ -74,8 +74,11 @@ import java.security.AccessController; import java.security.Principal; import java.util.Collection; import java.util.Date; import java.util.Iterator; import java.util.Set; import javax.security.auth.Subject; import javax.security.auth.x500.X500Principal; import javax.servlet.http.HttpServletResponse; import org.apache.log4j.Logger; Loading @@ -87,6 +90,8 @@ import ca.nrc.cadc.ac.UserNotFoundException; import ca.nrc.cadc.ac.server.GroupPersistence; import ca.nrc.cadc.ac.server.PluginFactory; import ca.nrc.cadc.ac.server.RequestValidator; import ca.nrc.cadc.auth.AuthenticationUtil; import ca.nrc.cadc.auth.HttpPrincipal; import ca.nrc.cadc.net.TransientException; import ca.nrc.cadc.uws.ExecutionPhase; import ca.nrc.cadc.uws.Job; Loading Loading @@ -125,15 +130,31 @@ public class ACSearchRunner implements JobRunner @Override public void run() { log.debug("RUN ACSearchRunner: " + job.ownerSubject); AccessControlContext acContext = AccessController.getContext(); Subject subject = Subject.getSubject(acContext); log.debug("RUN ACSearchRunner: " + subject); if (log.isDebugEnabled()) { Set<Principal> principals = subject.getPrincipals(); Iterator<Principal> i = principals.iterator(); while (i.hasNext()) { Principal next = i.next(); log.debug("Principal " + next.getClass().getSimpleName() + ": " + next.getName()); } } logInfo = new JobLogInfo(job); logInfo.setSubject(subject); String startMessage = logInfo.start(); log.info(startMessage); long t1 = System.currentTimeMillis(); search(); search(subject); long t2 = System.currentTimeMillis(); logInfo.setElapsedTime(t2 - t1); Loading @@ -143,7 +164,7 @@ public class ACSearchRunner implements JobRunner } @SuppressWarnings("unchecked") private void search() private void search(Subject subject) { // Note: This search runner is customized to run with Loading @@ -156,8 +177,6 @@ public class ACSearchRunner implements JobRunner try { ExecutionPhase ep = jobUpdater.setPhase(job.getID(), ExecutionPhase.QUEUED, ExecutionPhase.EXECUTING, new Date()); Loading @@ -172,20 +191,36 @@ public class ACSearchRunner implements JobRunner // only allow users to search themselves... Principal userBeingSearched = rv.getPrincipal(); if (userBeingSearched != null) { AccessControlContext acContext = AccessController.getContext(); Subject subject = Subject.getSubject(acContext); boolean idMatch = false; for (Principal p : subject.getPrincipals()) if (userBeingSearched instanceof X500Principal) { Set<X500Principal> x500Principals = subject.getPrincipals(X500Principal.class); Iterator<X500Principal> i = x500Principals.iterator(); while (i.hasNext()) { if (p.equals(userBeingSearched)) X500Principal next = i.next(); log.debug(String.format("Comparing x500: [%s][%s]", next.getName(), userBeingSearched.getName())); if (AuthenticationUtil.equals(next, userBeingSearched)) idMatch = true; } } else if (userBeingSearched instanceof HttpPrincipal) { Set<HttpPrincipal> httpPrincipals = subject.getPrincipals(HttpPrincipal.class); Iterator<HttpPrincipal> i = httpPrincipals.iterator(); while (i.hasNext()) { HttpPrincipal next = i.next(); log.debug(String.format("Comparing http: [%s][%s]", next.getName(), userBeingSearched.getName())); if (next.equals(userBeingSearched)) idMatch = true; } } if (!idMatch) throw new AccessControlException("Can only search oneself."); } PluginFactory factory = new PluginFactory(); GroupPersistence dao = factory.getGroupPersistence(); Loading
