Loading projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/GroupPersistence.java +4 −3 Original line number Diff line number Diff line Loading @@ -145,7 +145,7 @@ public abstract interface GroupPersistence<T extends Principal> /** * Obtain a Collection of Groups that fit the given query. * * @param user<T> ID of user * @param user user * @param role Role of the user, either owner, member, or read/write. * * @return Collection of Groups matching the query, or empty Collection. Loading @@ -162,7 +162,7 @@ public abstract interface GroupPersistence<T extends Principal> /** * Check whether the user is a member of the group. * * @param user<T> ID of user * @param user user * @param groupID ID of group * * @return true or false Loading @@ -170,9 +170,10 @@ public abstract interface GroupPersistence<T extends Principal> * @throws GroupNotFoundException If the group was not found. * @throws TransientException If an temporary, unexpected problem occurred. * @throws AccessControlException If the operation is not permitted. * @throws ca.nrc.cadc.ac.UserNotFoundException */ public abstract boolean isMember(User<T> user, String groupID) throws GroupNotFoundException, TransientException, AccessControlException; AccessControlException, UserNotFoundException; } projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java +51 −17 Original line number Diff line number Diff line Loading @@ -68,7 +68,6 @@ */ package ca.nrc.cadc.ac.server.ldap; import ca.nrc.cadc.ac.AC; import ca.nrc.cadc.ac.Group; import ca.nrc.cadc.ac.GroupAlreadyExistsException; import ca.nrc.cadc.ac.GroupNotFoundException; Loading @@ -87,6 +86,7 @@ import com.unboundid.ldap.sdk.ModificationType; import com.unboundid.ldap.sdk.ModifyDNRequest; import com.unboundid.ldap.sdk.ModifyRequest; import com.unboundid.ldap.sdk.SearchRequest; import com.unboundid.ldap.sdk.SearchResult; import com.unboundid.ldap.sdk.SearchResultEntry; import com.unboundid.ldap.sdk.SearchScope; import com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV2RequestControl; Loading Loading @@ -232,7 +232,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO } List<String> members = new ArrayList<String>(); for (User member : group.getUserMembers()) for (User<?> member : group.getUserMembers()) { DN memberDN = this.userPersist.getUserDN(member); members.add(memberDN.toNormalizedString()); Loading Loading @@ -323,7 +323,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO * readGrDN.toNormalizedString()) the query, or empty * Collection. Never null. * @throws TransientException If an temporary, unexpected problem occurred. * @throws ca.nrc.cadc.ac.UserNotFoundException * @throws UserNotFoundException */ public Collection<Group> getGroups(User<T> user, Role role) throws TransientException, AccessControlException, Loading @@ -331,31 +331,65 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO { try { Filter filter; switch (role) DN userDN = userPersist.getUserDN(user); Filter filter = null; if (role == Role.OWNER) { filter = Filter.createEqualityFilter("owner", userDN.toString()); } else if (role == Role.MEMBER) { throw new IllegalArgumentException("Member role not implemented"); } else if (role == Role.RW) { case AC.ID_TYPE_X500: throw new IllegalArgumentException("RW role not implemented"); } SearchRequest searchRequest = new SearchRequest( config.getGroupsDN(), SearchScope.SUB, filter, new String[] {"cn", "description", "owner", "modifytimestamp"}); searchRequest.addControl( new ProxiedAuthorizationV2RequestControl("dn:" + getSubjectDN().toNormalizedString())); Collection<Group> groups = new ArrayList<Group>(); SearchResult results = getConnection().search(searchRequest); for (SearchResultEntry result : results.getSearchEntries()) { String groupName = result.getAttributeValue("cn"); DN groupOwner = result.getAttributeValueAsDN("owner"); User<X500Principal> owner; try { owner = userPersist.getMember(groupOwner); } catch (UserNotFoundException e) { throw new RuntimeException("BUG: group owner not found"); } SearchRequest searchRequest = new SearchRequest( config.getGroupsDN(), SearchScope.SUB, "(cn=" + groupID + ")", new String[] {"entrydn", "entryid", "cn", "description", "owner", "uniquemember", "aci", "modifytimestamp"}); Group group = new Group(groupName, owner); group.description = result.getAttributeValue("description"); group.lastModified = result.getAttributeValueAsDate("modifytimestamp"); groups.add(group); } return groups; } catch (LDAPException e1) { // TODO check which LDAP exceptions are transient and which // ones are // access control throw new TransientException("Error getting the group", e1); throw new TransientException("Error getting groups", e1); } } public boolean isMember(User<T> member, String groupID) public boolean isMember(User<T> user, String groupID) throws UserNotFoundException, TransientException, AccessControlException { Loading Loading @@ -601,7 +635,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO } List<String> delMembers = new ArrayList<String>(); for (User member : oldGroup.getUserMembers()) for (User<?> member : oldGroup.getUserMembers()) { DN memberDN; try Loading projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupPersistence.java +15 −15 Original line number Diff line number Diff line Loading @@ -97,10 +97,10 @@ public class LdapGroupPersistence<T extends Principal> throws GroupNotFoundException, TransientException, AccessControlException { LdapGroupDAO groupDAO = null; LdapGroupDAO<T> groupDAO = null; try { groupDAO = new LdapGroupDAO(config, new LdapUserDAO(config)); groupDAO = new LdapGroupDAO<T>(config, new LdapUserDAO<T>(config)); Group ret = groupDAO.getGroup(groupName); return ret; } Loading @@ -117,10 +117,10 @@ public class LdapGroupPersistence<T extends Principal> throws GroupAlreadyExistsException, TransientException, AccessControlException, UserNotFoundException { LdapGroupDAO groupDAO = null; LdapGroupDAO<T> groupDAO = null; try { groupDAO = new LdapGroupDAO(config, new LdapUserDAO(config)); groupDAO = new LdapGroupDAO<T>(config, new LdapUserDAO<T>(config)); Group ret = groupDAO.addGroup(group); return ret; } Loading @@ -137,10 +137,10 @@ public class LdapGroupPersistence<T extends Principal> throws GroupNotFoundException, TransientException, AccessControlException { LdapGroupDAO groupDAO = null; LdapGroupDAO<T> groupDAO = null; try { groupDAO = new LdapGroupDAO(config, new LdapUserDAO(config)); groupDAO = new LdapGroupDAO<T>(config, new LdapUserDAO<T>(config)); groupDAO.deleteGroup(groupName); } finally Loading @@ -156,10 +156,10 @@ public class LdapGroupPersistence<T extends Principal> throws GroupNotFoundException, TransientException, AccessControlException, UserNotFoundException { LdapGroupDAO groupDAO = null; LdapGroupDAO<T> groupDAO = null; try { groupDAO = new LdapGroupDAO(config, new LdapUserDAO(config)); groupDAO = new LdapGroupDAO<T>(config, new LdapUserDAO<T>(config)); Group ret = groupDAO.modifyGroup(group); return ret; } Loading @@ -175,10 +175,10 @@ public class LdapGroupPersistence<T extends Principal> public Collection<Group> getGroups(User<T> user, Role role) throws UserNotFoundException, TransientException, AccessControlException { LdapGroupDAO groupDAO = null; LdapGroupDAO<T> groupDAO = null; try { groupDAO = new LdapGroupDAO(config, new LdapUserDAO(config)); groupDAO = new LdapGroupDAO<T>(config, new LdapUserDAO<T>(config)); Collection<Group> ret = groupDAO.getGroups(user, role); return ret; } Loading @@ -191,15 +191,15 @@ public class LdapGroupPersistence<T extends Principal> } } public boolean isMember(User<T> member, String groupID) public boolean isMember(User<T> user, String groupID) throws GroupNotFoundException, TransientException, AccessControlException AccessControlException, UserNotFoundException { LdapGroupDAO groupDAO = null; LdapGroupDAO<T> groupDAO = null; try { groupDAO = new LdapGroupDAO(config, new LdapUserDAO(config)); boolean ret = groupDAO.isMember(member, groupID); groupDAO = new LdapGroupDAO<T>(config, new LdapUserDAO<T>(config)); boolean ret = groupDAO.isMember(user, groupID); return ret; } finally Loading projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserPersistence.java +3 −3 Original line number Diff line number Diff line Loading @@ -97,11 +97,11 @@ public class LdapUserPersistence<T extends Principal> public User<T> getUser(T userID) throws UserNotFoundException, TransientException, AccessControlException { LdapUserDAO userDAO = null; LdapUserDAO<T> userDAO = null; try { userDAO = new LdapUserDAO(this.config); User ret = userDAO.getUser(userID); userDAO = new LdapUserDAO<T>(this.config); User<T> ret = userDAO.getUser(userID); return ret; } finally Loading projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/AddGroupMemberAction.java +5 −4 Original line number Diff line number Diff line Loading @@ -77,10 +77,11 @@ import java.util.Set; public class AddGroupMemberAction extends GroupsAction { private String groupName; private String groupMemberName; private final String groupName; private final String groupMemberName; AddGroupMemberAction(GroupLogInfo logInfo, String groupName, String groupMemberName) AddGroupMemberAction(GroupLogInfo logInfo, String groupName, String groupMemberName) { super(logInfo); this.groupName = groupName; Loading @@ -99,7 +100,7 @@ public class AddGroupMemberAction extends GroupsAction } groupPersistence.modifyGroup(group); List addedMembers = new ArrayList(); List<String> addedMembers = new ArrayList<String>(); addedMembers.add(toAdd.getID()); logGroupInfo(group.getID(), null, addedMembers); return null; Loading Loading
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/GroupPersistence.java +4 −3 Original line number Diff line number Diff line Loading @@ -145,7 +145,7 @@ public abstract interface GroupPersistence<T extends Principal> /** * Obtain a Collection of Groups that fit the given query. * * @param user<T> ID of user * @param user user * @param role Role of the user, either owner, member, or read/write. * * @return Collection of Groups matching the query, or empty Collection. Loading @@ -162,7 +162,7 @@ public abstract interface GroupPersistence<T extends Principal> /** * Check whether the user is a member of the group. * * @param user<T> ID of user * @param user user * @param groupID ID of group * * @return true or false Loading @@ -170,9 +170,10 @@ public abstract interface GroupPersistence<T extends Principal> * @throws GroupNotFoundException If the group was not found. * @throws TransientException If an temporary, unexpected problem occurred. * @throws AccessControlException If the operation is not permitted. * @throws ca.nrc.cadc.ac.UserNotFoundException */ public abstract boolean isMember(User<T> user, String groupID) throws GroupNotFoundException, TransientException, AccessControlException; AccessControlException, UserNotFoundException; }
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java +51 −17 Original line number Diff line number Diff line Loading @@ -68,7 +68,6 @@ */ package ca.nrc.cadc.ac.server.ldap; import ca.nrc.cadc.ac.AC; import ca.nrc.cadc.ac.Group; import ca.nrc.cadc.ac.GroupAlreadyExistsException; import ca.nrc.cadc.ac.GroupNotFoundException; Loading @@ -87,6 +86,7 @@ import com.unboundid.ldap.sdk.ModificationType; import com.unboundid.ldap.sdk.ModifyDNRequest; import com.unboundid.ldap.sdk.ModifyRequest; import com.unboundid.ldap.sdk.SearchRequest; import com.unboundid.ldap.sdk.SearchResult; import com.unboundid.ldap.sdk.SearchResultEntry; import com.unboundid.ldap.sdk.SearchScope; import com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV2RequestControl; Loading Loading @@ -232,7 +232,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO } List<String> members = new ArrayList<String>(); for (User member : group.getUserMembers()) for (User<?> member : group.getUserMembers()) { DN memberDN = this.userPersist.getUserDN(member); members.add(memberDN.toNormalizedString()); Loading Loading @@ -323,7 +323,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO * readGrDN.toNormalizedString()) the query, or empty * Collection. Never null. * @throws TransientException If an temporary, unexpected problem occurred. * @throws ca.nrc.cadc.ac.UserNotFoundException * @throws UserNotFoundException */ public Collection<Group> getGroups(User<T> user, Role role) throws TransientException, AccessControlException, Loading @@ -331,31 +331,65 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO { try { Filter filter; switch (role) DN userDN = userPersist.getUserDN(user); Filter filter = null; if (role == Role.OWNER) { filter = Filter.createEqualityFilter("owner", userDN.toString()); } else if (role == Role.MEMBER) { throw new IllegalArgumentException("Member role not implemented"); } else if (role == Role.RW) { case AC.ID_TYPE_X500: throw new IllegalArgumentException("RW role not implemented"); } SearchRequest searchRequest = new SearchRequest( config.getGroupsDN(), SearchScope.SUB, filter, new String[] {"cn", "description", "owner", "modifytimestamp"}); searchRequest.addControl( new ProxiedAuthorizationV2RequestControl("dn:" + getSubjectDN().toNormalizedString())); Collection<Group> groups = new ArrayList<Group>(); SearchResult results = getConnection().search(searchRequest); for (SearchResultEntry result : results.getSearchEntries()) { String groupName = result.getAttributeValue("cn"); DN groupOwner = result.getAttributeValueAsDN("owner"); User<X500Principal> owner; try { owner = userPersist.getMember(groupOwner); } catch (UserNotFoundException e) { throw new RuntimeException("BUG: group owner not found"); } SearchRequest searchRequest = new SearchRequest( config.getGroupsDN(), SearchScope.SUB, "(cn=" + groupID + ")", new String[] {"entrydn", "entryid", "cn", "description", "owner", "uniquemember", "aci", "modifytimestamp"}); Group group = new Group(groupName, owner); group.description = result.getAttributeValue("description"); group.lastModified = result.getAttributeValueAsDate("modifytimestamp"); groups.add(group); } return groups; } catch (LDAPException e1) { // TODO check which LDAP exceptions are transient and which // ones are // access control throw new TransientException("Error getting the group", e1); throw new TransientException("Error getting groups", e1); } } public boolean isMember(User<T> member, String groupID) public boolean isMember(User<T> user, String groupID) throws UserNotFoundException, TransientException, AccessControlException { Loading Loading @@ -601,7 +635,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO } List<String> delMembers = new ArrayList<String>(); for (User member : oldGroup.getUserMembers()) for (User<?> member : oldGroup.getUserMembers()) { DN memberDN; try Loading
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupPersistence.java +15 −15 Original line number Diff line number Diff line Loading @@ -97,10 +97,10 @@ public class LdapGroupPersistence<T extends Principal> throws GroupNotFoundException, TransientException, AccessControlException { LdapGroupDAO groupDAO = null; LdapGroupDAO<T> groupDAO = null; try { groupDAO = new LdapGroupDAO(config, new LdapUserDAO(config)); groupDAO = new LdapGroupDAO<T>(config, new LdapUserDAO<T>(config)); Group ret = groupDAO.getGroup(groupName); return ret; } Loading @@ -117,10 +117,10 @@ public class LdapGroupPersistence<T extends Principal> throws GroupAlreadyExistsException, TransientException, AccessControlException, UserNotFoundException { LdapGroupDAO groupDAO = null; LdapGroupDAO<T> groupDAO = null; try { groupDAO = new LdapGroupDAO(config, new LdapUserDAO(config)); groupDAO = new LdapGroupDAO<T>(config, new LdapUserDAO<T>(config)); Group ret = groupDAO.addGroup(group); return ret; } Loading @@ -137,10 +137,10 @@ public class LdapGroupPersistence<T extends Principal> throws GroupNotFoundException, TransientException, AccessControlException { LdapGroupDAO groupDAO = null; LdapGroupDAO<T> groupDAO = null; try { groupDAO = new LdapGroupDAO(config, new LdapUserDAO(config)); groupDAO = new LdapGroupDAO<T>(config, new LdapUserDAO<T>(config)); groupDAO.deleteGroup(groupName); } finally Loading @@ -156,10 +156,10 @@ public class LdapGroupPersistence<T extends Principal> throws GroupNotFoundException, TransientException, AccessControlException, UserNotFoundException { LdapGroupDAO groupDAO = null; LdapGroupDAO<T> groupDAO = null; try { groupDAO = new LdapGroupDAO(config, new LdapUserDAO(config)); groupDAO = new LdapGroupDAO<T>(config, new LdapUserDAO<T>(config)); Group ret = groupDAO.modifyGroup(group); return ret; } Loading @@ -175,10 +175,10 @@ public class LdapGroupPersistence<T extends Principal> public Collection<Group> getGroups(User<T> user, Role role) throws UserNotFoundException, TransientException, AccessControlException { LdapGroupDAO groupDAO = null; LdapGroupDAO<T> groupDAO = null; try { groupDAO = new LdapGroupDAO(config, new LdapUserDAO(config)); groupDAO = new LdapGroupDAO<T>(config, new LdapUserDAO<T>(config)); Collection<Group> ret = groupDAO.getGroups(user, role); return ret; } Loading @@ -191,15 +191,15 @@ public class LdapGroupPersistence<T extends Principal> } } public boolean isMember(User<T> member, String groupID) public boolean isMember(User<T> user, String groupID) throws GroupNotFoundException, TransientException, AccessControlException AccessControlException, UserNotFoundException { LdapGroupDAO groupDAO = null; LdapGroupDAO<T> groupDAO = null; try { groupDAO = new LdapGroupDAO(config, new LdapUserDAO(config)); boolean ret = groupDAO.isMember(member, groupID); groupDAO = new LdapGroupDAO<T>(config, new LdapUserDAO<T>(config)); boolean ret = groupDAO.isMember(user, groupID); return ret; } finally Loading
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserPersistence.java +3 −3 Original line number Diff line number Diff line Loading @@ -97,11 +97,11 @@ public class LdapUserPersistence<T extends Principal> public User<T> getUser(T userID) throws UserNotFoundException, TransientException, AccessControlException { LdapUserDAO userDAO = null; LdapUserDAO<T> userDAO = null; try { userDAO = new LdapUserDAO(this.config); User ret = userDAO.getUser(userID); userDAO = new LdapUserDAO<T>(this.config); User<T> ret = userDAO.getUser(userID); return ret; } finally Loading
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/AddGroupMemberAction.java +5 −4 Original line number Diff line number Diff line Loading @@ -77,10 +77,11 @@ import java.util.Set; public class AddGroupMemberAction extends GroupsAction { private String groupName; private String groupMemberName; private final String groupName; private final String groupMemberName; AddGroupMemberAction(GroupLogInfo logInfo, String groupName, String groupMemberName) AddGroupMemberAction(GroupLogInfo logInfo, String groupName, String groupMemberName) { super(logInfo); this.groupName = groupName; Loading @@ -99,7 +100,7 @@ public class AddGroupMemberAction extends GroupsAction } groupPersistence.modifyGroup(group); List addedMembers = new ArrayList(); List<String> addedMembers = new ArrayList<String>(); addedMembers.add(toAdd.getID()); logGroupInfo(group.getID(), null, addedMembers); return null; Loading
