Loading projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/UserPersistence.java +17 −2 Original line number Diff line number Diff line Loading @@ -94,7 +94,7 @@ public interface UserPersistence<T extends Principal> /** * Add the new user. * * @param user * @param user The user request to put into the request tree. * * @return User instance. * Loading @@ -120,6 +120,21 @@ public interface UserPersistence<T extends Principal> throws UserNotFoundException, TransientException, AccessControlException; /** * Get the user specified by userID whose account is pending approval. * * @param userID The userID. * * @return User instance. * * @throws UserNotFoundException when the user is not found. * @throws TransientException If an temporary, unexpected problem occurred. * @throws AccessControlException If the operation is not permitted. */ User<T> getPendingUser(T userID) throws UserNotFoundException, TransientException, AccessControlException; /** * Attempt to login the specified user. * Loading @@ -139,7 +154,7 @@ public interface UserPersistence<T extends Principal> /** * Updated the user specified by User. * * @param user * @param user The user instance to modify. * * @return User instance. * Loading projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java +29 −49 Original line number Diff line number Diff line Loading @@ -77,32 +77,14 @@ import ca.nrc.cadc.ac.User; import ca.nrc.cadc.ac.UserNotFoundException; import ca.nrc.cadc.net.TransientException; import ca.nrc.cadc.util.StringUtil; import com.unboundid.ldap.sdk.AddRequest; import com.unboundid.ldap.sdk.Attribute; import com.unboundid.ldap.sdk.DN; import com.unboundid.ldap.sdk.Filter; import com.unboundid.ldap.sdk.LDAPException; import com.unboundid.ldap.sdk.LDAPResult; import com.unboundid.ldap.sdk.LDAPSearchException; import com.unboundid.ldap.sdk.Modification; import com.unboundid.ldap.sdk.ModificationType; import com.unboundid.ldap.sdk.ModifyRequest; import com.unboundid.ldap.sdk.ResultCode; import com.unboundid.ldap.sdk.SearchRequest; import com.unboundid.ldap.sdk.SearchResult; import com.unboundid.ldap.sdk.SearchResultEntry; import com.unboundid.ldap.sdk.SearchScope; import com.unboundid.ldap.sdk.*; import com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV2RequestControl; import org.apache.log4j.Logger; import javax.security.auth.x500.X500Principal; import java.security.AccessControlException; import java.security.Principal; import java.util.ArrayList; import java.util.Collection; import java.util.HashSet; import java.util.List; import java.util.Set; import java.util.*; public class LdapGroupDAO<T extends Principal> extends LdapDAO { Loading Loading @@ -323,49 +305,47 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO * * @throws TransientException If an temporary, unexpected problem occurred. */ public Collection<String> getGroupNames() throws TransientException public Collection<String> getGroupNames() throws TransientException { try { Filter filter = Filter.createPresenceFilter("cn"); String [] attributes = new String[] {"cn", "nsaccountlock"}; final Filter filter = Filter.createPresenceFilter("cn"); final String [] attributes = new String[] {"cn", "nsaccountlock"}; final List<String> groupNames = new ArrayList<String>(); final long begin = System.currentTimeMillis(); SearchRequest searchRequest = new SearchRequest(config.getGroupsDN(), SearchScope.SUB, filter, attributes); SearchResult searchResult = null; try { searchResult = getConnection().search(searchRequest); } catch (LDAPSearchException e) final SearchResult searchResult = getConnection().search(new SearchResultListener() { if (e.getResultCode() == ResultCode.NO_SUCH_OBJECT) @Override public void searchEntryReturned( final SearchResultEntry searchEntry) { logger.debug("Could not find groups root", e); throw new IllegalStateException("Could not find groups root"); } groupNames.add(searchEntry.getAttributeValue("cn")); } LdapDAO.checkLdapResult(searchResult.getResultCode()); List<String> groupNames = new ArrayList<String>(); for (SearchResultEntry next : searchResult.getSearchEntries()) { if (!next.hasAttribute("nsaccountlock")) @Override public void searchReferenceReturned( final SearchResultReference searchReference) { groupNames.add(next.getAttributeValue("cn")); } } }, config.getGroupsDN(), SearchScope.ONE, filter, attributes); LdapDAO.checkLdapResult(searchResult.getResultCode()); long end = System.currentTimeMillis(); logger.info("<-- groupNames in " + ((new Long(end).doubleValue() - new Long(begin).doubleValue()) / 1000.0) + " seconds."); return groupNames; } catch (LDAPException e1) { logger.debug("getGroupNames Exception: " + e1, e1); LdapDAO.checkLdapResult(e1.getResultCode()); throw new IllegalStateException("Unexpected exception: " + e1.getMatchedDN(), e1); throw new IllegalStateException("Unexpected exception: " + e1.getMatchedDN(), e1); } } Loading projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java +21 −2 Original line number Diff line number Diff line Loading @@ -122,6 +122,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO // Returned User attributes protected static final String LDAP_OBJECT_CLASS = "objectClass"; protected static final String LDAP_INET_USER = "inetuser"; protected static final String LDAP_INET_ORG_PERSON = "inetOrgPerson"; protected static final String LDAP_CADC_ACCOUNT = "cadcaccount"; protected static final String LDAP_NSACCOUNTLOCK = "nsaccountlock"; Loading Loading @@ -352,6 +353,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO // add new user List<Attribute> attributes = new ArrayList<Attribute>(); addAttribute(attributes, LDAP_OBJECT_CLASS, LDAP_INET_ORG_PERSON); addAttribute(attributes, LDAP_OBJECT_CLASS, LDAP_INET_USER); addAttribute(attributes, LDAP_OBJECT_CLASS, LDAP_CADC_ACCOUNT); addAttribute(attributes, LDAP_COMMON_NAME, user.getUserID() .getName()); Loading Loading @@ -397,7 +399,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO * * @param userID The userID. * @return User instance. * @throws UserNotFoundException when the user is not found. * @throws UserNotFoundException when the user is not found in the main tree. * @throws TransientException If an temporary, unexpected problem occurred. * @throws AccessControlException If the operation is not permitted. */ Loading @@ -408,6 +410,23 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO return getUser(userID, config.getUsersDN()); } /** * Obtain a user who is awaiting approval. * * @param userID The user ID of the pending user. * @return A User instance awaiting approval. * * @throws UserNotFoundException when the user is not found in the user request tree. * @throws TransientException If an temporary, unexpected problem occurred. * @throws AccessControlException If the operation is not permitted. */ public User<T> getPendingUser(final T userID) throws UserNotFoundException, TransientException, AccessControlException { return getUser(userID, config.getUserRequestsDN()); } /** * Get the user specified by userID. Loading projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserPersistence.java +36 −13 Original line number Diff line number Diff line Loading @@ -134,8 +134,7 @@ public class LdapUserPersistence<T extends Principal> try { userDAO = new LdapUserDAO<T>(this.config); User<T> ret = userDAO.addUser(user); return ret; return userDAO.addUser(user); } finally { Loading Loading @@ -164,8 +163,36 @@ public class LdapUserPersistence<T extends Principal> try { userDAO = new LdapUserDAO<T>(this.config); User<T> ret = userDAO.getUser(userID); return ret; return userDAO.getUser(userID); } finally { if (userDAO != null) { userDAO.close(); } } } /** * Get the user specified by userID whose account is pending approval. * * @param userID The userID. * @return User instance. * @throws UserNotFoundException when the user is not found. * @throws TransientException If an temporary, unexpected problem occurred. * @throws AccessControlException If the operation is not permitted. */ @Override public User<T> getPendingUser(final T userID) throws UserNotFoundException, TransientException, AccessControlException { LdapUserDAO<T> userDAO = null; try { userDAO = new LdapUserDAO<T>(this.config); return userDAO.getPendingUser(userID); } finally { Loading Loading @@ -208,7 +235,7 @@ public class LdapUserPersistence<T extends Principal> /** * Updated the user specified by User. * * @param user * @param user The user to update. * * @return User instance. * Loading @@ -224,8 +251,7 @@ public class LdapUserPersistence<T extends Principal> try { userDAO = new LdapUserDAO<T>(this.config); User<T> ret = userDAO.modifyUser(user); return ret; return userDAO.modifyUser(user); } finally { Loading Loading @@ -312,8 +338,7 @@ public class LdapUserPersistence<T extends Principal> try { userDAO = new LdapUserDAO<T>(this.config); Collection<DN> ret = userDAO.getUserGroups(userID, isAdmin); return ret; return userDAO.getUserGroups(userID, isAdmin); } finally { Loading Loading @@ -344,8 +369,7 @@ public class LdapUserPersistence<T extends Principal> try { userDAO = new LdapUserDAO<T>(this.config); boolean ret = userDAO.isMember(userID, groupID); return ret; return userDAO.isMember(userID, groupID); } finally { Loading @@ -355,5 +379,4 @@ public class LdapUserPersistence<T extends Principal> } } } } projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/CreateUserAction.java +21 −4 Original line number Diff line number Diff line Loading @@ -68,6 +68,7 @@ */ package ca.nrc.cadc.ac.server.web.users; import java.io.IOException; import java.io.InputStream; import ca.nrc.cadc.ac.ReaderException; Loading @@ -75,23 +76,27 @@ import ca.nrc.cadc.ac.User; import ca.nrc.cadc.ac.UserAlreadyExistsException; import ca.nrc.cadc.ac.UserRequest; import ca.nrc.cadc.ac.server.UserPersistence; import ca.nrc.cadc.auth.HttpPrincipal; import javax.servlet.http.HttpServletResponse; import java.security.Principal; import java.util.Set; public class CreateUserAction extends UsersAction { private final InputStream inputStream; CreateUserAction(UserLogInfo logInfo, InputStream inputStream) CreateUserAction(final UserLogInfo logInfo, final InputStream inputStream) { super(logInfo); this.inputStream = inputStream; } public Object run() throws Exception public Object run() throws Exception { try { Loading @@ -101,8 +106,20 @@ public class CreateUserAction extends UsersAction readUserRequest(this.inputStream); final User<Principal> newUser = userPersistence.addUser(userRequest); final Set<HttpPrincipal> httpPrincipals = newUser.getIdentities(HttpPrincipal.class); if (httpPrincipals.isEmpty()) { throw new IOException("No Web Identity found (HttpPrincipal)"); } else { response.setStatus(HttpServletResponse.SC_CREATED); redirectGet(httpPrincipals.toArray( new HttpPrincipal[1])[0].getName()); } writeUser(newUser); logUserInfo(newUser.getUserID().getName()); } catch (UserAlreadyExistsException e) Loading Loading
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/UserPersistence.java +17 −2 Original line number Diff line number Diff line Loading @@ -94,7 +94,7 @@ public interface UserPersistence<T extends Principal> /** * Add the new user. * * @param user * @param user The user request to put into the request tree. * * @return User instance. * Loading @@ -120,6 +120,21 @@ public interface UserPersistence<T extends Principal> throws UserNotFoundException, TransientException, AccessControlException; /** * Get the user specified by userID whose account is pending approval. * * @param userID The userID. * * @return User instance. * * @throws UserNotFoundException when the user is not found. * @throws TransientException If an temporary, unexpected problem occurred. * @throws AccessControlException If the operation is not permitted. */ User<T> getPendingUser(T userID) throws UserNotFoundException, TransientException, AccessControlException; /** * Attempt to login the specified user. * Loading @@ -139,7 +154,7 @@ public interface UserPersistence<T extends Principal> /** * Updated the user specified by User. * * @param user * @param user The user instance to modify. * * @return User instance. * Loading
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java +29 −49 Original line number Diff line number Diff line Loading @@ -77,32 +77,14 @@ import ca.nrc.cadc.ac.User; import ca.nrc.cadc.ac.UserNotFoundException; import ca.nrc.cadc.net.TransientException; import ca.nrc.cadc.util.StringUtil; import com.unboundid.ldap.sdk.AddRequest; import com.unboundid.ldap.sdk.Attribute; import com.unboundid.ldap.sdk.DN; import com.unboundid.ldap.sdk.Filter; import com.unboundid.ldap.sdk.LDAPException; import com.unboundid.ldap.sdk.LDAPResult; import com.unboundid.ldap.sdk.LDAPSearchException; import com.unboundid.ldap.sdk.Modification; import com.unboundid.ldap.sdk.ModificationType; import com.unboundid.ldap.sdk.ModifyRequest; import com.unboundid.ldap.sdk.ResultCode; import com.unboundid.ldap.sdk.SearchRequest; import com.unboundid.ldap.sdk.SearchResult; import com.unboundid.ldap.sdk.SearchResultEntry; import com.unboundid.ldap.sdk.SearchScope; import com.unboundid.ldap.sdk.*; import com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV2RequestControl; import org.apache.log4j.Logger; import javax.security.auth.x500.X500Principal; import java.security.AccessControlException; import java.security.Principal; import java.util.ArrayList; import java.util.Collection; import java.util.HashSet; import java.util.List; import java.util.Set; import java.util.*; public class LdapGroupDAO<T extends Principal> extends LdapDAO { Loading Loading @@ -323,49 +305,47 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO * * @throws TransientException If an temporary, unexpected problem occurred. */ public Collection<String> getGroupNames() throws TransientException public Collection<String> getGroupNames() throws TransientException { try { Filter filter = Filter.createPresenceFilter("cn"); String [] attributes = new String[] {"cn", "nsaccountlock"}; final Filter filter = Filter.createPresenceFilter("cn"); final String [] attributes = new String[] {"cn", "nsaccountlock"}; final List<String> groupNames = new ArrayList<String>(); final long begin = System.currentTimeMillis(); SearchRequest searchRequest = new SearchRequest(config.getGroupsDN(), SearchScope.SUB, filter, attributes); SearchResult searchResult = null; try { searchResult = getConnection().search(searchRequest); } catch (LDAPSearchException e) final SearchResult searchResult = getConnection().search(new SearchResultListener() { if (e.getResultCode() == ResultCode.NO_SUCH_OBJECT) @Override public void searchEntryReturned( final SearchResultEntry searchEntry) { logger.debug("Could not find groups root", e); throw new IllegalStateException("Could not find groups root"); } groupNames.add(searchEntry.getAttributeValue("cn")); } LdapDAO.checkLdapResult(searchResult.getResultCode()); List<String> groupNames = new ArrayList<String>(); for (SearchResultEntry next : searchResult.getSearchEntries()) { if (!next.hasAttribute("nsaccountlock")) @Override public void searchReferenceReturned( final SearchResultReference searchReference) { groupNames.add(next.getAttributeValue("cn")); } } }, config.getGroupsDN(), SearchScope.ONE, filter, attributes); LdapDAO.checkLdapResult(searchResult.getResultCode()); long end = System.currentTimeMillis(); logger.info("<-- groupNames in " + ((new Long(end).doubleValue() - new Long(begin).doubleValue()) / 1000.0) + " seconds."); return groupNames; } catch (LDAPException e1) { logger.debug("getGroupNames Exception: " + e1, e1); LdapDAO.checkLdapResult(e1.getResultCode()); throw new IllegalStateException("Unexpected exception: " + e1.getMatchedDN(), e1); throw new IllegalStateException("Unexpected exception: " + e1.getMatchedDN(), e1); } } Loading
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java +21 −2 Original line number Diff line number Diff line Loading @@ -122,6 +122,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO // Returned User attributes protected static final String LDAP_OBJECT_CLASS = "objectClass"; protected static final String LDAP_INET_USER = "inetuser"; protected static final String LDAP_INET_ORG_PERSON = "inetOrgPerson"; protected static final String LDAP_CADC_ACCOUNT = "cadcaccount"; protected static final String LDAP_NSACCOUNTLOCK = "nsaccountlock"; Loading Loading @@ -352,6 +353,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO // add new user List<Attribute> attributes = new ArrayList<Attribute>(); addAttribute(attributes, LDAP_OBJECT_CLASS, LDAP_INET_ORG_PERSON); addAttribute(attributes, LDAP_OBJECT_CLASS, LDAP_INET_USER); addAttribute(attributes, LDAP_OBJECT_CLASS, LDAP_CADC_ACCOUNT); addAttribute(attributes, LDAP_COMMON_NAME, user.getUserID() .getName()); Loading Loading @@ -397,7 +399,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO * * @param userID The userID. * @return User instance. * @throws UserNotFoundException when the user is not found. * @throws UserNotFoundException when the user is not found in the main tree. * @throws TransientException If an temporary, unexpected problem occurred. * @throws AccessControlException If the operation is not permitted. */ Loading @@ -408,6 +410,23 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO return getUser(userID, config.getUsersDN()); } /** * Obtain a user who is awaiting approval. * * @param userID The user ID of the pending user. * @return A User instance awaiting approval. * * @throws UserNotFoundException when the user is not found in the user request tree. * @throws TransientException If an temporary, unexpected problem occurred. * @throws AccessControlException If the operation is not permitted. */ public User<T> getPendingUser(final T userID) throws UserNotFoundException, TransientException, AccessControlException { return getUser(userID, config.getUserRequestsDN()); } /** * Get the user specified by userID. Loading
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserPersistence.java +36 −13 Original line number Diff line number Diff line Loading @@ -134,8 +134,7 @@ public class LdapUserPersistence<T extends Principal> try { userDAO = new LdapUserDAO<T>(this.config); User<T> ret = userDAO.addUser(user); return ret; return userDAO.addUser(user); } finally { Loading Loading @@ -164,8 +163,36 @@ public class LdapUserPersistence<T extends Principal> try { userDAO = new LdapUserDAO<T>(this.config); User<T> ret = userDAO.getUser(userID); return ret; return userDAO.getUser(userID); } finally { if (userDAO != null) { userDAO.close(); } } } /** * Get the user specified by userID whose account is pending approval. * * @param userID The userID. * @return User instance. * @throws UserNotFoundException when the user is not found. * @throws TransientException If an temporary, unexpected problem occurred. * @throws AccessControlException If the operation is not permitted. */ @Override public User<T> getPendingUser(final T userID) throws UserNotFoundException, TransientException, AccessControlException { LdapUserDAO<T> userDAO = null; try { userDAO = new LdapUserDAO<T>(this.config); return userDAO.getPendingUser(userID); } finally { Loading Loading @@ -208,7 +235,7 @@ public class LdapUserPersistence<T extends Principal> /** * Updated the user specified by User. * * @param user * @param user The user to update. * * @return User instance. * Loading @@ -224,8 +251,7 @@ public class LdapUserPersistence<T extends Principal> try { userDAO = new LdapUserDAO<T>(this.config); User<T> ret = userDAO.modifyUser(user); return ret; return userDAO.modifyUser(user); } finally { Loading Loading @@ -312,8 +338,7 @@ public class LdapUserPersistence<T extends Principal> try { userDAO = new LdapUserDAO<T>(this.config); Collection<DN> ret = userDAO.getUserGroups(userID, isAdmin); return ret; return userDAO.getUserGroups(userID, isAdmin); } finally { Loading Loading @@ -344,8 +369,7 @@ public class LdapUserPersistence<T extends Principal> try { userDAO = new LdapUserDAO<T>(this.config); boolean ret = userDAO.isMember(userID, groupID); return ret; return userDAO.isMember(userID, groupID); } finally { Loading @@ -355,5 +379,4 @@ public class LdapUserPersistence<T extends Principal> } } } }
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/CreateUserAction.java +21 −4 Original line number Diff line number Diff line Loading @@ -68,6 +68,7 @@ */ package ca.nrc.cadc.ac.server.web.users; import java.io.IOException; import java.io.InputStream; import ca.nrc.cadc.ac.ReaderException; Loading @@ -75,23 +76,27 @@ import ca.nrc.cadc.ac.User; import ca.nrc.cadc.ac.UserAlreadyExistsException; import ca.nrc.cadc.ac.UserRequest; import ca.nrc.cadc.ac.server.UserPersistence; import ca.nrc.cadc.auth.HttpPrincipal; import javax.servlet.http.HttpServletResponse; import java.security.Principal; import java.util.Set; public class CreateUserAction extends UsersAction { private final InputStream inputStream; CreateUserAction(UserLogInfo logInfo, InputStream inputStream) CreateUserAction(final UserLogInfo logInfo, final InputStream inputStream) { super(logInfo); this.inputStream = inputStream; } public Object run() throws Exception public Object run() throws Exception { try { Loading @@ -101,8 +106,20 @@ public class CreateUserAction extends UsersAction readUserRequest(this.inputStream); final User<Principal> newUser = userPersistence.addUser(userRequest); final Set<HttpPrincipal> httpPrincipals = newUser.getIdentities(HttpPrincipal.class); if (httpPrincipals.isEmpty()) { throw new IOException("No Web Identity found (HttpPrincipal)"); } else { response.setStatus(HttpServletResponse.SC_CREATED); redirectGet(httpPrincipals.toArray( new HttpPrincipal[1])[0].getName()); } writeUser(newUser); logUserInfo(newUser.getUserID().getName()); } catch (UserAlreadyExistsException e) Loading
