Loading cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java +34 −23 Original line number Original line Diff line number Diff line Loading @@ -68,6 +68,24 @@ */ */ package ca.nrc.cadc.ac.server.ldap; package ca.nrc.cadc.ac.server.ldap; import java.net.URI; import java.net.URISyntaxException; import java.security.AccessControlException; import java.security.Principal; import java.util.ArrayList; import java.util.Collection; import java.util.HashMap; import java.util.Iterator; import java.util.List; import java.util.Map; import java.util.Random; import java.util.Set; import java.util.UUID; import javax.security.auth.x500.X500Principal; import org.apache.log4j.Logger; import ca.nrc.cadc.ac.AC; import ca.nrc.cadc.ac.AC; import ca.nrc.cadc.ac.Group; import ca.nrc.cadc.ac.Group; import ca.nrc.cadc.ac.InternalID; import ca.nrc.cadc.ac.InternalID; Loading @@ -85,6 +103,7 @@ import ca.nrc.cadc.net.TransientException; import ca.nrc.cadc.profiler.Profiler; import ca.nrc.cadc.profiler.Profiler; import ca.nrc.cadc.util.ObjectUtil; import ca.nrc.cadc.util.ObjectUtil; import ca.nrc.cadc.util.StringUtil; import ca.nrc.cadc.util.StringUtil; import com.unboundid.ldap.sdk.AddRequest; import com.unboundid.ldap.sdk.AddRequest; import com.unboundid.ldap.sdk.Attribute; import com.unboundid.ldap.sdk.Attribute; import com.unboundid.ldap.sdk.BindRequest; import com.unboundid.ldap.sdk.BindRequest; Loading @@ -108,22 +127,6 @@ import com.unboundid.ldap.sdk.SearchScope; import com.unboundid.ldap.sdk.SimpleBindRequest; import com.unboundid.ldap.sdk.SimpleBindRequest; import com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedRequest; import com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedRequest; import com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedResult; import com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedResult; import org.apache.log4j.Logger; import javax.security.auth.x500.X500Principal; import java.net.URI; import java.net.URISyntaxException; import java.security.AccessControlException; import java.security.Principal; import java.util.ArrayList; import java.util.Collection; import java.util.HashMap; import java.util.Iterator; import java.util.List; import java.util.Map; import java.util.Random; import java.util.Set; import java.util.UUID; /** /** Loading Loading @@ -273,12 +276,12 @@ public class LdapUserDAO extends LdapDAO public void addUser(final User user) public void addUser(final User user) throws TransientException, UserAlreadyExistsException throws TransientException, UserAlreadyExistsException { { Set<X500Principal> x500Principals = user.getIdentities(X500Principal.class); Set<Principal> principals = user.getIdentities(); if (x500Principals.isEmpty()) if (principals.isEmpty()) { { throw new IllegalArgumentException("User missing required X500Principal"); throw new IllegalArgumentException("No user identities"); } } Principal userID = x500Principals.iterator().next(); Principal idForLogging = principals.iterator().next(); if (user.posixDetails != null) if (user.posixDetails != null) { { Loading @@ -286,7 +289,12 @@ public class LdapUserDAO extends LdapDAO } } // check current users // check current users checkUsers(userID, null, config.getUsersDN()); for (Principal p : principals) { checkUsers(p, null, config.getUsersDN()); } Set<X500Principal> x500Principals = user.getIdentities(X500Principal.class); try try { { Loading @@ -301,11 +309,14 @@ public class LdapUserDAO extends LdapDAO addAttribute(attributes, LDAP_USER_NAME, EXTERNAL_USER_CN); addAttribute(attributes, LDAP_USER_NAME, EXTERNAL_USER_CN); addAttribute(attributes, LDAP_LAST_NAME, EXTERNAL_USER_SN); addAttribute(attributes, LDAP_LAST_NAME, EXTERNAL_USER_SN); addAttribute(attributes, LADP_USER_PASSWORD, password); addAttribute(attributes, LADP_USER_PASSWORD, password); addAttribute(attributes, LDAP_DISTINGUISHED_NAME, userID.getName()); for (X500Principal p : x500Principals) { addAttribute(attributes, LDAP_DISTINGUISHED_NAME, p.getName()); } DN userDN = getUserDN(numericID, config.getUsersDN()); DN userDN = getUserDN(numericID, config.getUsersDN()); AddRequest addRequest = new AddRequest(userDN, attributes); AddRequest addRequest = new AddRequest(userDN, attributes); logger.info("adding " + userID.getName() + " to " + config.getUsersDN()); logger.info("adding " + idForLogging.getName() + " to " + config.getUsersDN()); LDAPResult result = getReadWriteConnection().add(addRequest); LDAPResult result = getReadWriteConnection().add(addRequest); LdapDAO.checkLdapResult(result.getResultCode()); LdapDAO.checkLdapResult(result.getResultCode()); } } Loading cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/userrequests/UserRequestActionFactory.java +6 −4 Original line number Original line Diff line number Diff line Loading @@ -68,11 +68,13 @@ */ */ package ca.nrc.cadc.ac.server.web.userrequests; package ca.nrc.cadc.ac.server.web.userrequests; import ca.nrc.cadc.ac.server.web.WebUtil; import java.io.IOException; import org.apache.log4j.Logger; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest; import java.io.IOException; import org.apache.log4j.Logger; import ca.nrc.cadc.ac.server.web.WebUtil; public abstract class UserRequestActionFactory public abstract class UserRequestActionFactory Loading cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/UserActionFactory.java +11 −13 Original line number Original line Diff line number Diff line Loading @@ -69,6 +69,7 @@ package ca.nrc.cadc.ac.server.web.users; package ca.nrc.cadc.ac.server.web.users; import java.io.IOException; import java.io.IOException; import java.security.Principal; import java.util.UUID; import java.util.UUID; import javax.security.auth.x500.X500Principal; import javax.security.auth.x500.X500Principal; Loading @@ -76,7 +77,6 @@ import javax.servlet.http.HttpServletRequest; import org.apache.log4j.Logger; import org.apache.log4j.Logger; import ca.nrc.cadc.ac.User; import ca.nrc.cadc.ac.server.web.WebUtil; import ca.nrc.cadc.ac.server.web.WebUtil; import ca.nrc.cadc.auth.CookiePrincipal; import ca.nrc.cadc.auth.CookiePrincipal; import ca.nrc.cadc.auth.HttpPrincipal; import ca.nrc.cadc.auth.HttpPrincipal; Loading Loading @@ -113,8 +113,8 @@ public abstract class UserActionFactory else if (segments.length == 1) else if (segments.length == 1) { { String userID = NetUtil.decode(segments[0]); String userID = NetUtil.decode(segments[0]); User user = getUser(userID, request.getParameter("idType")); Principal p = getIdentity(userID, request.getParameter("idType")); action = new GetUserAction(user.getHttpPrincipal(), request.getParameter("detail")); action = new GetUserAction(p, request.getParameter("detail")); } } if (action != null) if (action != null) Loading Loading @@ -202,8 +202,8 @@ public abstract class UserActionFactory if (segments.length == 1) if (segments.length == 1) { { String userID = NetUtil.decode(segments[0]); String userID = NetUtil.decode(segments[0]); User user = getUser(userID, request.getParameter("idType")); Principal p = getIdentity(userID, request.getParameter("idType")); action = new DeleteUserAction(user.getHttpPrincipal()); action = new DeleteUserAction(p); } } if (action != null) if (action != null) Loading @@ -230,38 +230,36 @@ public abstract class UserActionFactory }; }; } } private static User getUser(String userName, String idType) private static Principal getIdentity(String userName, String idType) { { User user = new User(); if (idType == null || idType.isEmpty()) if (idType == null || idType.isEmpty()) { { throw new IllegalArgumentException("User endpoint missing idType parameter"); throw new IllegalArgumentException("User endpoint missing idType parameter"); } } else if (idType.equalsIgnoreCase(IdentityType.USERNAME.getValue())) else if (idType.equalsIgnoreCase(IdentityType.USERNAME.getValue())) { { user.getIdentities().add(new HttpPrincipal(userName)); return new HttpPrincipal(userName); } } else if (idType.equalsIgnoreCase(IdentityType.X500.getValue())) else if (idType.equalsIgnoreCase(IdentityType.X500.getValue())) { { user.getIdentities().add(new X500Principal(userName)); return new X500Principal(userName); } } else if (idType.equalsIgnoreCase(IdentityType.CADC.getValue())) else if (idType.equalsIgnoreCase(IdentityType.CADC.getValue())) { { user.getIdentities().add(new NumericPrincipal(UUID.fromString(userName))); return new NumericPrincipal(UUID.fromString(userName)); } } else if (idType.equalsIgnoreCase(IdentityType.OPENID.getValue())) else if (idType.equalsIgnoreCase(IdentityType.OPENID.getValue())) { { user.getIdentities().add(new OpenIdPrincipal(userName)); return new OpenIdPrincipal(userName); } } else if (idType.equalsIgnoreCase(IdentityType.COOKIE.getValue())) else if (idType.equalsIgnoreCase(IdentityType.COOKIE.getValue())) { { user.getIdentities().add(new CookiePrincipal(userName)); return new CookiePrincipal(userName); } } else else { { throw new IllegalArgumentException("Unregonized userid"); throw new IllegalArgumentException("Unregonized userid"); } } return user; } } } } Loading
cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java +34 −23 Original line number Original line Diff line number Diff line Loading @@ -68,6 +68,24 @@ */ */ package ca.nrc.cadc.ac.server.ldap; package ca.nrc.cadc.ac.server.ldap; import java.net.URI; import java.net.URISyntaxException; import java.security.AccessControlException; import java.security.Principal; import java.util.ArrayList; import java.util.Collection; import java.util.HashMap; import java.util.Iterator; import java.util.List; import java.util.Map; import java.util.Random; import java.util.Set; import java.util.UUID; import javax.security.auth.x500.X500Principal; import org.apache.log4j.Logger; import ca.nrc.cadc.ac.AC; import ca.nrc.cadc.ac.AC; import ca.nrc.cadc.ac.Group; import ca.nrc.cadc.ac.Group; import ca.nrc.cadc.ac.InternalID; import ca.nrc.cadc.ac.InternalID; Loading @@ -85,6 +103,7 @@ import ca.nrc.cadc.net.TransientException; import ca.nrc.cadc.profiler.Profiler; import ca.nrc.cadc.profiler.Profiler; import ca.nrc.cadc.util.ObjectUtil; import ca.nrc.cadc.util.ObjectUtil; import ca.nrc.cadc.util.StringUtil; import ca.nrc.cadc.util.StringUtil; import com.unboundid.ldap.sdk.AddRequest; import com.unboundid.ldap.sdk.AddRequest; import com.unboundid.ldap.sdk.Attribute; import com.unboundid.ldap.sdk.Attribute; import com.unboundid.ldap.sdk.BindRequest; import com.unboundid.ldap.sdk.BindRequest; Loading @@ -108,22 +127,6 @@ import com.unboundid.ldap.sdk.SearchScope; import com.unboundid.ldap.sdk.SimpleBindRequest; import com.unboundid.ldap.sdk.SimpleBindRequest; import com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedRequest; import com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedRequest; import com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedResult; import com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedResult; import org.apache.log4j.Logger; import javax.security.auth.x500.X500Principal; import java.net.URI; import java.net.URISyntaxException; import java.security.AccessControlException; import java.security.Principal; import java.util.ArrayList; import java.util.Collection; import java.util.HashMap; import java.util.Iterator; import java.util.List; import java.util.Map; import java.util.Random; import java.util.Set; import java.util.UUID; /** /** Loading Loading @@ -273,12 +276,12 @@ public class LdapUserDAO extends LdapDAO public void addUser(final User user) public void addUser(final User user) throws TransientException, UserAlreadyExistsException throws TransientException, UserAlreadyExistsException { { Set<X500Principal> x500Principals = user.getIdentities(X500Principal.class); Set<Principal> principals = user.getIdentities(); if (x500Principals.isEmpty()) if (principals.isEmpty()) { { throw new IllegalArgumentException("User missing required X500Principal"); throw new IllegalArgumentException("No user identities"); } } Principal userID = x500Principals.iterator().next(); Principal idForLogging = principals.iterator().next(); if (user.posixDetails != null) if (user.posixDetails != null) { { Loading @@ -286,7 +289,12 @@ public class LdapUserDAO extends LdapDAO } } // check current users // check current users checkUsers(userID, null, config.getUsersDN()); for (Principal p : principals) { checkUsers(p, null, config.getUsersDN()); } Set<X500Principal> x500Principals = user.getIdentities(X500Principal.class); try try { { Loading @@ -301,11 +309,14 @@ public class LdapUserDAO extends LdapDAO addAttribute(attributes, LDAP_USER_NAME, EXTERNAL_USER_CN); addAttribute(attributes, LDAP_USER_NAME, EXTERNAL_USER_CN); addAttribute(attributes, LDAP_LAST_NAME, EXTERNAL_USER_SN); addAttribute(attributes, LDAP_LAST_NAME, EXTERNAL_USER_SN); addAttribute(attributes, LADP_USER_PASSWORD, password); addAttribute(attributes, LADP_USER_PASSWORD, password); addAttribute(attributes, LDAP_DISTINGUISHED_NAME, userID.getName()); for (X500Principal p : x500Principals) { addAttribute(attributes, LDAP_DISTINGUISHED_NAME, p.getName()); } DN userDN = getUserDN(numericID, config.getUsersDN()); DN userDN = getUserDN(numericID, config.getUsersDN()); AddRequest addRequest = new AddRequest(userDN, attributes); AddRequest addRequest = new AddRequest(userDN, attributes); logger.info("adding " + userID.getName() + " to " + config.getUsersDN()); logger.info("adding " + idForLogging.getName() + " to " + config.getUsersDN()); LDAPResult result = getReadWriteConnection().add(addRequest); LDAPResult result = getReadWriteConnection().add(addRequest); LdapDAO.checkLdapResult(result.getResultCode()); LdapDAO.checkLdapResult(result.getResultCode()); } } Loading
cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/userrequests/UserRequestActionFactory.java +6 −4 Original line number Original line Diff line number Diff line Loading @@ -68,11 +68,13 @@ */ */ package ca.nrc.cadc.ac.server.web.userrequests; package ca.nrc.cadc.ac.server.web.userrequests; import ca.nrc.cadc.ac.server.web.WebUtil; import java.io.IOException; import org.apache.log4j.Logger; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest; import java.io.IOException; import org.apache.log4j.Logger; import ca.nrc.cadc.ac.server.web.WebUtil; public abstract class UserRequestActionFactory public abstract class UserRequestActionFactory Loading
cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/UserActionFactory.java +11 −13 Original line number Original line Diff line number Diff line Loading @@ -69,6 +69,7 @@ package ca.nrc.cadc.ac.server.web.users; package ca.nrc.cadc.ac.server.web.users; import java.io.IOException; import java.io.IOException; import java.security.Principal; import java.util.UUID; import java.util.UUID; import javax.security.auth.x500.X500Principal; import javax.security.auth.x500.X500Principal; Loading @@ -76,7 +77,6 @@ import javax.servlet.http.HttpServletRequest; import org.apache.log4j.Logger; import org.apache.log4j.Logger; import ca.nrc.cadc.ac.User; import ca.nrc.cadc.ac.server.web.WebUtil; import ca.nrc.cadc.ac.server.web.WebUtil; import ca.nrc.cadc.auth.CookiePrincipal; import ca.nrc.cadc.auth.CookiePrincipal; import ca.nrc.cadc.auth.HttpPrincipal; import ca.nrc.cadc.auth.HttpPrincipal; Loading Loading @@ -113,8 +113,8 @@ public abstract class UserActionFactory else if (segments.length == 1) else if (segments.length == 1) { { String userID = NetUtil.decode(segments[0]); String userID = NetUtil.decode(segments[0]); User user = getUser(userID, request.getParameter("idType")); Principal p = getIdentity(userID, request.getParameter("idType")); action = new GetUserAction(user.getHttpPrincipal(), request.getParameter("detail")); action = new GetUserAction(p, request.getParameter("detail")); } } if (action != null) if (action != null) Loading Loading @@ -202,8 +202,8 @@ public abstract class UserActionFactory if (segments.length == 1) if (segments.length == 1) { { String userID = NetUtil.decode(segments[0]); String userID = NetUtil.decode(segments[0]); User user = getUser(userID, request.getParameter("idType")); Principal p = getIdentity(userID, request.getParameter("idType")); action = new DeleteUserAction(user.getHttpPrincipal()); action = new DeleteUserAction(p); } } if (action != null) if (action != null) Loading @@ -230,38 +230,36 @@ public abstract class UserActionFactory }; }; } } private static User getUser(String userName, String idType) private static Principal getIdentity(String userName, String idType) { { User user = new User(); if (idType == null || idType.isEmpty()) if (idType == null || idType.isEmpty()) { { throw new IllegalArgumentException("User endpoint missing idType parameter"); throw new IllegalArgumentException("User endpoint missing idType parameter"); } } else if (idType.equalsIgnoreCase(IdentityType.USERNAME.getValue())) else if (idType.equalsIgnoreCase(IdentityType.USERNAME.getValue())) { { user.getIdentities().add(new HttpPrincipal(userName)); return new HttpPrincipal(userName); } } else if (idType.equalsIgnoreCase(IdentityType.X500.getValue())) else if (idType.equalsIgnoreCase(IdentityType.X500.getValue())) { { user.getIdentities().add(new X500Principal(userName)); return new X500Principal(userName); } } else if (idType.equalsIgnoreCase(IdentityType.CADC.getValue())) else if (idType.equalsIgnoreCase(IdentityType.CADC.getValue())) { { user.getIdentities().add(new NumericPrincipal(UUID.fromString(userName))); return new NumericPrincipal(UUID.fromString(userName)); } } else if (idType.equalsIgnoreCase(IdentityType.OPENID.getValue())) else if (idType.equalsIgnoreCase(IdentityType.OPENID.getValue())) { { user.getIdentities().add(new OpenIdPrincipal(userName)); return new OpenIdPrincipal(userName); } } else if (idType.equalsIgnoreCase(IdentityType.COOKIE.getValue())) else if (idType.equalsIgnoreCase(IdentityType.COOKIE.getValue())) { { user.getIdentities().add(new CookiePrincipal(userName)); return new CookiePrincipal(userName); } } else else { { throw new IllegalArgumentException("Unregonized userid"); throw new IllegalArgumentException("Unregonized userid"); } } return user; } } } }
