Loading cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java +34 −23 Original line number Diff line number Diff line Loading @@ -68,6 +68,24 @@ */ package ca.nrc.cadc.ac.server.ldap; import java.net.URI; import java.net.URISyntaxException; import java.security.AccessControlException; import java.security.Principal; import java.util.ArrayList; import java.util.Collection; import java.util.HashMap; import java.util.Iterator; import java.util.List; import java.util.Map; import java.util.Random; import java.util.Set; import java.util.UUID; import javax.security.auth.x500.X500Principal; import org.apache.log4j.Logger; import ca.nrc.cadc.ac.AC; import ca.nrc.cadc.ac.Group; import ca.nrc.cadc.ac.InternalID; Loading @@ -85,6 +103,7 @@ import ca.nrc.cadc.net.TransientException; import ca.nrc.cadc.profiler.Profiler; import ca.nrc.cadc.util.ObjectUtil; import ca.nrc.cadc.util.StringUtil; import com.unboundid.ldap.sdk.AddRequest; import com.unboundid.ldap.sdk.Attribute; import com.unboundid.ldap.sdk.BindRequest; Loading @@ -108,22 +127,6 @@ import com.unboundid.ldap.sdk.SearchScope; import com.unboundid.ldap.sdk.SimpleBindRequest; import com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedRequest; import com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedResult; import org.apache.log4j.Logger; import javax.security.auth.x500.X500Principal; import java.net.URI; import java.net.URISyntaxException; import java.security.AccessControlException; import java.security.Principal; import java.util.ArrayList; import java.util.Collection; import java.util.HashMap; import java.util.Iterator; import java.util.List; import java.util.Map; import java.util.Random; import java.util.Set; import java.util.UUID; /** Loading Loading @@ -273,12 +276,12 @@ public class LdapUserDAO extends LdapDAO public void addUser(final User user) throws TransientException, UserAlreadyExistsException { Set<X500Principal> x500Principals = user.getIdentities(X500Principal.class); if (x500Principals.isEmpty()) Set<Principal> principals = user.getIdentities(); if (principals.isEmpty()) { throw new IllegalArgumentException("User missing required X500Principal"); throw new IllegalArgumentException("No user identities"); } Principal userID = x500Principals.iterator().next(); Principal idForLogging = principals.iterator().next(); if (user.posixDetails != null) { Loading @@ -286,7 +289,12 @@ public class LdapUserDAO extends LdapDAO } // check current users checkUsers(userID, null, config.getUsersDN()); for (Principal p : principals) { checkUsers(p, null, config.getUsersDN()); } Set<X500Principal> x500Principals = user.getIdentities(X500Principal.class); try { Loading @@ -301,11 +309,14 @@ public class LdapUserDAO extends LdapDAO addAttribute(attributes, LDAP_USER_NAME, EXTERNAL_USER_CN); addAttribute(attributes, LDAP_LAST_NAME, EXTERNAL_USER_SN); addAttribute(attributes, LADP_USER_PASSWORD, password); addAttribute(attributes, LDAP_DISTINGUISHED_NAME, userID.getName()); for (X500Principal p : x500Principals) { addAttribute(attributes, LDAP_DISTINGUISHED_NAME, p.getName()); } DN userDN = getUserDN(numericID, config.getUsersDN()); AddRequest addRequest = new AddRequest(userDN, attributes); logger.info("adding " + userID.getName() + " to " + config.getUsersDN()); logger.info("adding " + idForLogging.getName() + " to " + config.getUsersDN()); LDAPResult result = getReadWriteConnection().add(addRequest); LdapDAO.checkLdapResult(result.getResultCode()); } Loading cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/userrequests/UserRequestActionFactory.java +6 −4 Original line number Diff line number Diff line Loading @@ -68,11 +68,13 @@ */ package ca.nrc.cadc.ac.server.web.userrequests; import ca.nrc.cadc.ac.server.web.WebUtil; import org.apache.log4j.Logger; import java.io.IOException; import javax.servlet.http.HttpServletRequest; import java.io.IOException; import org.apache.log4j.Logger; import ca.nrc.cadc.ac.server.web.WebUtil; public abstract class UserRequestActionFactory Loading cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/UserActionFactory.java +11 −13 Original line number Diff line number Diff line Loading @@ -69,6 +69,7 @@ package ca.nrc.cadc.ac.server.web.users; import java.io.IOException; import java.security.Principal; import java.util.UUID; import javax.security.auth.x500.X500Principal; Loading @@ -76,7 +77,6 @@ import javax.servlet.http.HttpServletRequest; import org.apache.log4j.Logger; import ca.nrc.cadc.ac.User; import ca.nrc.cadc.ac.server.web.WebUtil; import ca.nrc.cadc.auth.CookiePrincipal; import ca.nrc.cadc.auth.HttpPrincipal; Loading Loading @@ -113,8 +113,8 @@ public abstract class UserActionFactory else if (segments.length == 1) { String userID = NetUtil.decode(segments[0]); User user = getUser(userID, request.getParameter("idType")); action = new GetUserAction(user.getHttpPrincipal(), request.getParameter("detail")); Principal p = getIdentity(userID, request.getParameter("idType")); action = new GetUserAction(p, request.getParameter("detail")); } if (action != null) Loading Loading @@ -202,8 +202,8 @@ public abstract class UserActionFactory if (segments.length == 1) { String userID = NetUtil.decode(segments[0]); User user = getUser(userID, request.getParameter("idType")); action = new DeleteUserAction(user.getHttpPrincipal()); Principal p = getIdentity(userID, request.getParameter("idType")); action = new DeleteUserAction(p); } if (action != null) Loading @@ -230,38 +230,36 @@ public abstract class UserActionFactory }; } private static User getUser(String userName, String idType) private static Principal getIdentity(String userName, String idType) { User user = new User(); if (idType == null || idType.isEmpty()) { throw new IllegalArgumentException("User endpoint missing idType parameter"); } else if (idType.equalsIgnoreCase(IdentityType.USERNAME.getValue())) { user.getIdentities().add(new HttpPrincipal(userName)); return new HttpPrincipal(userName); } else if (idType.equalsIgnoreCase(IdentityType.X500.getValue())) { user.getIdentities().add(new X500Principal(userName)); return new X500Principal(userName); } else if (idType.equalsIgnoreCase(IdentityType.CADC.getValue())) { user.getIdentities().add(new NumericPrincipal(UUID.fromString(userName))); return new NumericPrincipal(UUID.fromString(userName)); } else if (idType.equalsIgnoreCase(IdentityType.OPENID.getValue())) { user.getIdentities().add(new OpenIdPrincipal(userName)); return new OpenIdPrincipal(userName); } else if (idType.equalsIgnoreCase(IdentityType.COOKIE.getValue())) { user.getIdentities().add(new CookiePrincipal(userName)); return new CookiePrincipal(userName); } else { throw new IllegalArgumentException("Unregonized userid"); } return user; } } Loading
cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java +34 −23 Original line number Diff line number Diff line Loading @@ -68,6 +68,24 @@ */ package ca.nrc.cadc.ac.server.ldap; import java.net.URI; import java.net.URISyntaxException; import java.security.AccessControlException; import java.security.Principal; import java.util.ArrayList; import java.util.Collection; import java.util.HashMap; import java.util.Iterator; import java.util.List; import java.util.Map; import java.util.Random; import java.util.Set; import java.util.UUID; import javax.security.auth.x500.X500Principal; import org.apache.log4j.Logger; import ca.nrc.cadc.ac.AC; import ca.nrc.cadc.ac.Group; import ca.nrc.cadc.ac.InternalID; Loading @@ -85,6 +103,7 @@ import ca.nrc.cadc.net.TransientException; import ca.nrc.cadc.profiler.Profiler; import ca.nrc.cadc.util.ObjectUtil; import ca.nrc.cadc.util.StringUtil; import com.unboundid.ldap.sdk.AddRequest; import com.unboundid.ldap.sdk.Attribute; import com.unboundid.ldap.sdk.BindRequest; Loading @@ -108,22 +127,6 @@ import com.unboundid.ldap.sdk.SearchScope; import com.unboundid.ldap.sdk.SimpleBindRequest; import com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedRequest; import com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedResult; import org.apache.log4j.Logger; import javax.security.auth.x500.X500Principal; import java.net.URI; import java.net.URISyntaxException; import java.security.AccessControlException; import java.security.Principal; import java.util.ArrayList; import java.util.Collection; import java.util.HashMap; import java.util.Iterator; import java.util.List; import java.util.Map; import java.util.Random; import java.util.Set; import java.util.UUID; /** Loading Loading @@ -273,12 +276,12 @@ public class LdapUserDAO extends LdapDAO public void addUser(final User user) throws TransientException, UserAlreadyExistsException { Set<X500Principal> x500Principals = user.getIdentities(X500Principal.class); if (x500Principals.isEmpty()) Set<Principal> principals = user.getIdentities(); if (principals.isEmpty()) { throw new IllegalArgumentException("User missing required X500Principal"); throw new IllegalArgumentException("No user identities"); } Principal userID = x500Principals.iterator().next(); Principal idForLogging = principals.iterator().next(); if (user.posixDetails != null) { Loading @@ -286,7 +289,12 @@ public class LdapUserDAO extends LdapDAO } // check current users checkUsers(userID, null, config.getUsersDN()); for (Principal p : principals) { checkUsers(p, null, config.getUsersDN()); } Set<X500Principal> x500Principals = user.getIdentities(X500Principal.class); try { Loading @@ -301,11 +309,14 @@ public class LdapUserDAO extends LdapDAO addAttribute(attributes, LDAP_USER_NAME, EXTERNAL_USER_CN); addAttribute(attributes, LDAP_LAST_NAME, EXTERNAL_USER_SN); addAttribute(attributes, LADP_USER_PASSWORD, password); addAttribute(attributes, LDAP_DISTINGUISHED_NAME, userID.getName()); for (X500Principal p : x500Principals) { addAttribute(attributes, LDAP_DISTINGUISHED_NAME, p.getName()); } DN userDN = getUserDN(numericID, config.getUsersDN()); AddRequest addRequest = new AddRequest(userDN, attributes); logger.info("adding " + userID.getName() + " to " + config.getUsersDN()); logger.info("adding " + idForLogging.getName() + " to " + config.getUsersDN()); LDAPResult result = getReadWriteConnection().add(addRequest); LdapDAO.checkLdapResult(result.getResultCode()); } Loading
cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/userrequests/UserRequestActionFactory.java +6 −4 Original line number Diff line number Diff line Loading @@ -68,11 +68,13 @@ */ package ca.nrc.cadc.ac.server.web.userrequests; import ca.nrc.cadc.ac.server.web.WebUtil; import org.apache.log4j.Logger; import java.io.IOException; import javax.servlet.http.HttpServletRequest; import java.io.IOException; import org.apache.log4j.Logger; import ca.nrc.cadc.ac.server.web.WebUtil; public abstract class UserRequestActionFactory Loading
cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/UserActionFactory.java +11 −13 Original line number Diff line number Diff line Loading @@ -69,6 +69,7 @@ package ca.nrc.cadc.ac.server.web.users; import java.io.IOException; import java.security.Principal; import java.util.UUID; import javax.security.auth.x500.X500Principal; Loading @@ -76,7 +77,6 @@ import javax.servlet.http.HttpServletRequest; import org.apache.log4j.Logger; import ca.nrc.cadc.ac.User; import ca.nrc.cadc.ac.server.web.WebUtil; import ca.nrc.cadc.auth.CookiePrincipal; import ca.nrc.cadc.auth.HttpPrincipal; Loading Loading @@ -113,8 +113,8 @@ public abstract class UserActionFactory else if (segments.length == 1) { String userID = NetUtil.decode(segments[0]); User user = getUser(userID, request.getParameter("idType")); action = new GetUserAction(user.getHttpPrincipal(), request.getParameter("detail")); Principal p = getIdentity(userID, request.getParameter("idType")); action = new GetUserAction(p, request.getParameter("detail")); } if (action != null) Loading Loading @@ -202,8 +202,8 @@ public abstract class UserActionFactory if (segments.length == 1) { String userID = NetUtil.decode(segments[0]); User user = getUser(userID, request.getParameter("idType")); action = new DeleteUserAction(user.getHttpPrincipal()); Principal p = getIdentity(userID, request.getParameter("idType")); action = new DeleteUserAction(p); } if (action != null) Loading @@ -230,38 +230,36 @@ public abstract class UserActionFactory }; } private static User getUser(String userName, String idType) private static Principal getIdentity(String userName, String idType) { User user = new User(); if (idType == null || idType.isEmpty()) { throw new IllegalArgumentException("User endpoint missing idType parameter"); } else if (idType.equalsIgnoreCase(IdentityType.USERNAME.getValue())) { user.getIdentities().add(new HttpPrincipal(userName)); return new HttpPrincipal(userName); } else if (idType.equalsIgnoreCase(IdentityType.X500.getValue())) { user.getIdentities().add(new X500Principal(userName)); return new X500Principal(userName); } else if (idType.equalsIgnoreCase(IdentityType.CADC.getValue())) { user.getIdentities().add(new NumericPrincipal(UUID.fromString(userName))); return new NumericPrincipal(UUID.fromString(userName)); } else if (idType.equalsIgnoreCase(IdentityType.OPENID.getValue())) { user.getIdentities().add(new OpenIdPrincipal(userName)); return new OpenIdPrincipal(userName); } else if (idType.equalsIgnoreCase(IdentityType.COOKIE.getValue())) { user.getIdentities().add(new CookiePrincipal(userName)); return new CookiePrincipal(userName); } else { throw new IllegalArgumentException("Unregonized userid"); } return user; } }
