Loading projects/cadcAccessControl-Server/build.xml +1 −1 Original line number Diff line number Diff line Loading @@ -149,7 +149,7 @@ <pathelement path="${jars}:${testingJars}"/> </classpath> <sysproperty key="ca.nrc.cadc.util.PropertiesReader.dir" value="test"/> <test name="ca.nrc.cadc.ac.server.web.users.UserActionFactoryTest" /> <test name="ca.nrc.cadc.ac.server.ldap.LdapUserDAOTest" /> <formatter type="plain" usefile="false" /> </junit> </target> Loading projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/UserPersistence.java +17 −2 Original line number Diff line number Diff line Loading @@ -134,6 +134,21 @@ public interface UserPersistence<T extends Principal> throws UserNotFoundException, TransientException, AccessControlException; /** * Get the user specified by userID with all of the users identities. * * @param userID The userID. * * @return User instance. * * @throws UserNotFoundException when the user is not found. * @throws TransientException If an temporary, unexpected problem occurred. * @throws AccessControlException If the operation is not permitted. */ User<T> getAugmentedUser(T userID) throws UserNotFoundException, TransientException, AccessControlException; /** * Attempt to login the specified user. * Loading projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapDAO.java +12 −42 Original line number Diff line number Diff line Loading @@ -68,22 +68,17 @@ */ package ca.nrc.cadc.ac.server.ldap; import ca.nrc.cadc.auth.HttpPrincipal; import ca.nrc.cadc.auth.NumericPrincipal; import ca.nrc.cadc.auth.OpenIdPrincipal; import ca.nrc.cadc.auth.DNPrincipal; import ca.nrc.cadc.net.TransientException; import com.unboundid.ldap.sdk.DN; import com.unboundid.ldap.sdk.LDAPConnection; import com.unboundid.ldap.sdk.LDAPException; import com.unboundid.ldap.sdk.ResultCode; import com.unboundid.ldap.sdk.SearchResult; import com.unboundid.ldap.sdk.SearchScope; import org.apache.log4j.Logger; import javax.net.SocketFactory; import javax.net.ssl.SSLSocketFactory; import javax.security.auth.Subject; import javax.security.auth.x500.X500Principal; import java.security.AccessControlException; import java.security.AccessController; import java.security.GeneralSecurityException; Loading Loading @@ -159,12 +154,12 @@ public abstract class LdapDAO } } protected DN getSubjectDN() throws LDAPException protected DN getSubjectDN() throws LDAPException { if (subjDN == null) { Subject callerSubject = Subject.getSubject(AccessController.getContext()); Subject callerSubject = getSubject(); if (callerSubject == null) { throw new AccessControlException("Caller not authenticated."); Loading @@ -176,48 +171,18 @@ public abstract class LdapDAO throw new AccessControlException("Caller not authenticated."); } String ldapField = null; for (Principal p : principals) { if (p instanceof HttpPrincipal) if (p instanceof DNPrincipal) { ldapField = "(uid=" + p.getName() + ")"; break; } if (p instanceof NumericPrincipal) { ldapField = "(numericid=" + p.getName() + ")"; break; } if (p instanceof X500Principal) { ldapField = "(distinguishedname=" + p.getName() + ")"; break; } if (p instanceof OpenIdPrincipal) { ldapField = "(openid=" + p.getName() + ")"; break; subjDN = new DN(p.getName()); } } if (ldapField == null) if (subjDN == null) { throw new AccessControlException("Identity of caller unknown."); } SearchResult searchResult = getConnection().search(config.getUsersDN(), SearchScope.ONE, ldapField, "entrydn"); if (searchResult.getEntryCount() < 1) { throw new AccessControlException( "No LDAP account when search with rule " + ldapField); } subjDN = (searchResult.getSearchEntries().get(0)) .getAttributeValueAsDN("entrydn"); } return subjDN; } Loading Loading @@ -268,4 +233,9 @@ public abstract class LdapDAO throw new RuntimeException("Ldap error (" + code.getName() + ")"); } protected Subject getSubject() { return Subject.getSubject(AccessController.getContext()); } } projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java +64 −8 Original line number Diff line number Diff line Loading @@ -80,6 +80,7 @@ import java.util.Random; import javax.security.auth.x500.X500Principal; import ca.nrc.cadc.auth.DNPrincipal; import org.apache.log4j.Logger; import ca.nrc.cadc.ac.PersonalDetails; Loading Loading @@ -156,6 +157,10 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO { LDAP_FIRST_NAME, LDAP_LAST_NAME }; private String[] identityAttribs = new String[] { LDAP_UID, LDAP_DISTINGUISHED_NAME, LDAP_NUMERICID, LDAP_ENTRYDN }; public LdapUserDAO(LdapConfig config) { Loading Loading @@ -307,7 +312,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO catch (UserNotFoundException e) { throw new RuntimeException("BUG: new user " + userDN.toNormalizedString() + " not found because " + e.getMessage()); " not found"); } } catch (LDAPException e) Loading Loading @@ -545,6 +550,57 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO return user; } public User<T> getAugmentedUser(final T userID) throws UserNotFoundException, TransientException { String searchField = userLdapAttrib.get(userID.getClass()); if (searchField == null) { throw new IllegalArgumentException( "Unsupported principal type " + userID.getClass()); } try { searchField = "(" + searchField + "=" + userID.getName() + ")"; logger.debug("search field: " + searchField); // TODO: Search must take into account deleted users (nsaccountlock attr) SearchRequest searchRequest = new SearchRequest(config.getUsersDN(), SearchScope.ONE, searchField, identityAttribs); SearchResultEntry searchResult = getConnection().searchForEntry(searchRequest); if (searchResult == null) { String msg = "User not found " + userID.toString(); logger.debug(msg); throw new UserNotFoundException(msg); } User<T> user = new User<T>(userID); user.getIdentities().add(new HttpPrincipal( searchResult.getAttributeValue(LDAP_UID))); user.getIdentities().add(new NumericPrincipal( searchResult.getAttributeValueAsLong(LDAP_NUMERICID))); user.getIdentities().add(new X500Principal( searchResult.getAttributeValue(LDAP_DISTINGUISHED_NAME))); user.getIdentities().add(new DNPrincipal( searchResult.getAttributeValue(LDAP_ENTRYDN))); return user; } catch (LDAPException e) { logger.debug("getGroup Exception: " + e, e); LdapDAO.checkLdapResult(e.getResultCode()); throw new RuntimeException("BUG: checkLdapResult didn't throw an exception"); } } /** * Obtain whether the given DN tree requires authentication. * Loading projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserPersistence.java +43 −14 Original line number Diff line number Diff line Loading @@ -202,6 +202,35 @@ public class LdapUserPersistence<T extends Principal> } } /** * Get the user specified by userID with all of the users identities. * * @param userID The userID. * * @return User instance. * * @throws UserNotFoundException when the user is not found. * @throws TransientException If an temporary, unexpected problem occurred. * @throws AccessControlException If the operation is not permitted. */ public User<T> getAugmentedUser(T userID) throws UserNotFoundException, TransientException { LdapUserDAO<T> userDAO = null; try { userDAO = new LdapUserDAO<T>(this.config); return userDAO.getAugmentedUser(userID); } finally { if (userDAO != null) { userDAO.close(); } } } /** * Get the user specified by userID. * Loading Loading
projects/cadcAccessControl-Server/build.xml +1 −1 Original line number Diff line number Diff line Loading @@ -149,7 +149,7 @@ <pathelement path="${jars}:${testingJars}"/> </classpath> <sysproperty key="ca.nrc.cadc.util.PropertiesReader.dir" value="test"/> <test name="ca.nrc.cadc.ac.server.web.users.UserActionFactoryTest" /> <test name="ca.nrc.cadc.ac.server.ldap.LdapUserDAOTest" /> <formatter type="plain" usefile="false" /> </junit> </target> Loading
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/UserPersistence.java +17 −2 Original line number Diff line number Diff line Loading @@ -134,6 +134,21 @@ public interface UserPersistence<T extends Principal> throws UserNotFoundException, TransientException, AccessControlException; /** * Get the user specified by userID with all of the users identities. * * @param userID The userID. * * @return User instance. * * @throws UserNotFoundException when the user is not found. * @throws TransientException If an temporary, unexpected problem occurred. * @throws AccessControlException If the operation is not permitted. */ User<T> getAugmentedUser(T userID) throws UserNotFoundException, TransientException, AccessControlException; /** * Attempt to login the specified user. * Loading
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapDAO.java +12 −42 Original line number Diff line number Diff line Loading @@ -68,22 +68,17 @@ */ package ca.nrc.cadc.ac.server.ldap; import ca.nrc.cadc.auth.HttpPrincipal; import ca.nrc.cadc.auth.NumericPrincipal; import ca.nrc.cadc.auth.OpenIdPrincipal; import ca.nrc.cadc.auth.DNPrincipal; import ca.nrc.cadc.net.TransientException; import com.unboundid.ldap.sdk.DN; import com.unboundid.ldap.sdk.LDAPConnection; import com.unboundid.ldap.sdk.LDAPException; import com.unboundid.ldap.sdk.ResultCode; import com.unboundid.ldap.sdk.SearchResult; import com.unboundid.ldap.sdk.SearchScope; import org.apache.log4j.Logger; import javax.net.SocketFactory; import javax.net.ssl.SSLSocketFactory; import javax.security.auth.Subject; import javax.security.auth.x500.X500Principal; import java.security.AccessControlException; import java.security.AccessController; import java.security.GeneralSecurityException; Loading Loading @@ -159,12 +154,12 @@ public abstract class LdapDAO } } protected DN getSubjectDN() throws LDAPException protected DN getSubjectDN() throws LDAPException { if (subjDN == null) { Subject callerSubject = Subject.getSubject(AccessController.getContext()); Subject callerSubject = getSubject(); if (callerSubject == null) { throw new AccessControlException("Caller not authenticated."); Loading @@ -176,48 +171,18 @@ public abstract class LdapDAO throw new AccessControlException("Caller not authenticated."); } String ldapField = null; for (Principal p : principals) { if (p instanceof HttpPrincipal) if (p instanceof DNPrincipal) { ldapField = "(uid=" + p.getName() + ")"; break; } if (p instanceof NumericPrincipal) { ldapField = "(numericid=" + p.getName() + ")"; break; } if (p instanceof X500Principal) { ldapField = "(distinguishedname=" + p.getName() + ")"; break; } if (p instanceof OpenIdPrincipal) { ldapField = "(openid=" + p.getName() + ")"; break; subjDN = new DN(p.getName()); } } if (ldapField == null) if (subjDN == null) { throw new AccessControlException("Identity of caller unknown."); } SearchResult searchResult = getConnection().search(config.getUsersDN(), SearchScope.ONE, ldapField, "entrydn"); if (searchResult.getEntryCount() < 1) { throw new AccessControlException( "No LDAP account when search with rule " + ldapField); } subjDN = (searchResult.getSearchEntries().get(0)) .getAttributeValueAsDN("entrydn"); } return subjDN; } Loading Loading @@ -268,4 +233,9 @@ public abstract class LdapDAO throw new RuntimeException("Ldap error (" + code.getName() + ")"); } protected Subject getSubject() { return Subject.getSubject(AccessController.getContext()); } }
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java +64 −8 Original line number Diff line number Diff line Loading @@ -80,6 +80,7 @@ import java.util.Random; import javax.security.auth.x500.X500Principal; import ca.nrc.cadc.auth.DNPrincipal; import org.apache.log4j.Logger; import ca.nrc.cadc.ac.PersonalDetails; Loading Loading @@ -156,6 +157,10 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO { LDAP_FIRST_NAME, LDAP_LAST_NAME }; private String[] identityAttribs = new String[] { LDAP_UID, LDAP_DISTINGUISHED_NAME, LDAP_NUMERICID, LDAP_ENTRYDN }; public LdapUserDAO(LdapConfig config) { Loading Loading @@ -307,7 +312,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO catch (UserNotFoundException e) { throw new RuntimeException("BUG: new user " + userDN.toNormalizedString() + " not found because " + e.getMessage()); " not found"); } } catch (LDAPException e) Loading Loading @@ -545,6 +550,57 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO return user; } public User<T> getAugmentedUser(final T userID) throws UserNotFoundException, TransientException { String searchField = userLdapAttrib.get(userID.getClass()); if (searchField == null) { throw new IllegalArgumentException( "Unsupported principal type " + userID.getClass()); } try { searchField = "(" + searchField + "=" + userID.getName() + ")"; logger.debug("search field: " + searchField); // TODO: Search must take into account deleted users (nsaccountlock attr) SearchRequest searchRequest = new SearchRequest(config.getUsersDN(), SearchScope.ONE, searchField, identityAttribs); SearchResultEntry searchResult = getConnection().searchForEntry(searchRequest); if (searchResult == null) { String msg = "User not found " + userID.toString(); logger.debug(msg); throw new UserNotFoundException(msg); } User<T> user = new User<T>(userID); user.getIdentities().add(new HttpPrincipal( searchResult.getAttributeValue(LDAP_UID))); user.getIdentities().add(new NumericPrincipal( searchResult.getAttributeValueAsLong(LDAP_NUMERICID))); user.getIdentities().add(new X500Principal( searchResult.getAttributeValue(LDAP_DISTINGUISHED_NAME))); user.getIdentities().add(new DNPrincipal( searchResult.getAttributeValue(LDAP_ENTRYDN))); return user; } catch (LDAPException e) { logger.debug("getGroup Exception: " + e, e); LdapDAO.checkLdapResult(e.getResultCode()); throw new RuntimeException("BUG: checkLdapResult didn't throw an exception"); } } /** * Obtain whether the given DN tree requires authentication. * Loading
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserPersistence.java +43 −14 Original line number Diff line number Diff line Loading @@ -202,6 +202,35 @@ public class LdapUserPersistence<T extends Principal> } } /** * Get the user specified by userID with all of the users identities. * * @param userID The userID. * * @return User instance. * * @throws UserNotFoundException when the user is not found. * @throws TransientException If an temporary, unexpected problem occurred. * @throws AccessControlException If the operation is not permitted. */ public User<T> getAugmentedUser(T userID) throws UserNotFoundException, TransientException { LdapUserDAO<T> userDAO = null; try { userDAO = new LdapUserDAO<T>(this.config); return userDAO.getAugmentedUser(userID); } finally { if (userDAO != null) { userDAO.close(); } } } /** * Get the user specified by userID. * Loading
