Merge branch 's1651' of /usr/cadc/dev/git/wopencadc into s1651 (6275f438) · Commits · OATS-CADC / ac

projects/cadcAccessControl-Server/build.xml

+3 −3

Original line number	Diff line number	Diff line
		@@ -141,10 +141,10 @@
		<pathelement path="${build}/test/class"/>
		<pathelement path="${testingJars}"/>
		</classpath>
		<!--<test name="ca.nrc.cadc.ac.server.ldap.LdapDAOTest" />-->
		<test name="ca.nrc.cadc.ac.server.ldap.LdapDAOTest" />
		<test name="ca.nrc.cadc.ac.server.ldap.LdapGroupDAOTest" />
		<!--<test name="ca.nrc.cadc.ac.server.web.GroupActionFactoryTest" />-->
		<!--<test name="ca.nrc.cadc.ac.server.ldap.LdapUserDAOTest" />-->
		<test name="ca.nrc.cadc.ac.server.web.GroupActionFactoryTest" />
		<test name="ca.nrc.cadc.ac.server.ldap.LdapUserDAOTest" />
		<formatter type="plain" usefile="false" />
		</junit>
		</target>

projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapDAO.java

+1 −1

Original line number	Diff line number	Diff line
		@@ -212,7 +212,7 @@ public abstract class LdapDAO
		{
		throw new AccessControlException("Invalid credentials " + msg);
		}
		else if (code == ResultCode.SUCCESS)
		else if ((code == ResultCode.SUCCESS) \|\| (code == ResultCode.NO_SUCH_OBJECT) )
		{
		// all good. nothing to do
		}

projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java

+18 −14

Original line number	Diff line number	Diff line
		@@ -345,7 +345,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
		{
		String [] attributes = new String[] {"entrydn", "cn", "description",
		"owner", "uniquemember",
		"modifytimestamp"};
		"modifytimestamp", "nsaccountlock"};
		return getGroup(groupDN, groupID, withMembers, attributes);
		}

		@@ -366,10 +366,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
		{
		try
		{
		Filter filter = Filter.createANDFilter(
		Filter.createEqualityFilter("cn", groupID),
		Filter.createNOTFilter(
		Filter.createEqualityFilter("nsaccountlock", "TRUE")));
		Filter filter = Filter.createEqualityFilter("cn", groupID);

		SearchRequest searchRequest =
		new SearchRequest(groupDN.toNormalizedString(),
		@@ -386,11 +383,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
		}
		catch (LDAPSearchException e)
		{
		if (e.getResultCode() == ResultCode.AUTHORIZATION_DENIED)
		{
		throw new AccessControlException("Unauthorized to access group " + groupID);
		}
		else if (e.getResultCode() == ResultCode.NO_SUCH_OBJECT)
		if (e.getResultCode() == ResultCode.NO_SUCH_OBJECT)
		{
		String msg = "Group not found " + groupID;
		logger.debug(msg);
		@@ -398,23 +391,34 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
		}
		else
		{
		throw new RuntimeException("Unknown LDAP exception: " + e.getResultCode());
		LdapDAO.checkLdapResult(e.getResultCode(), e.getMessage());
		}
		}

		if (searchResult.getEntryCount() == 0)
		{
		// deleted groups?
		String msg = "Group not found " + groupID;
		LdapDAO.checkLdapResult(searchResult.getResultCode(), null);
		//access denied
		String msg = "Not authorized to access " + groupID;
		logger.debug(msg);
		throw new GroupNotFoundException(groupID);
		throw new AccessControlException(groupID);
		}

		if (searchResult.getEntryCount() >1)
		{
		throw new RuntimeException("BUG: multiple results when retrieving group " + groupID);
		}

		SearchResultEntry searchEntry = searchResult.getSearchEntries().get(0);

		if (searchEntry.getAttribute("nsaccountlock") != null)
		{
		// deleted group
		String msg = "Group not found " + groupID;
		logger.debug(msg);
		throw new GroupNotFoundException(groupID);
		}

		String groupCN = searchEntry.getAttributeValue("cn");
		DN groupOwner = searchEntry.getAttributeValueAsDN("owner");

projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java

+26 −5

Original line number	Diff line number	Diff line
		@@ -558,7 +558,28 @@ public class LdapGroupDAOTest
		{
		public Object run() throws Exception
		{
		getGroupDAO().deleteGroup(groupID);
		try
		{
		getGroupDAO().getGroup(groupID);
		//fail("getGroup with anonymous access should throw " +
		// "AccessControlException");
		}
		catch (AccessControlException ignore) {}
		return null;
		}
		});

		Subject.doAs(daoTestUser2Subject, new PrivilegedExceptionAction<Object>()
		{
		public Object run() throws Exception
		{
		try
		{
		getGroupDAO().getGroup(groupID);
		fail("getGroup with anonymous access should throw " +
		"AccessControlException");
		}
		catch (AccessControlException ignore) {}
		return null;
		}
		});
		@@ -729,10 +750,10 @@ public class LdapGroupDAOTest
		Group group = getGroupDAO().getGroup(groupID);
		assertTrue(group == null);

		fail("searchGroups with unknown user should throw " +
		"GroupNotFoundException");
		fail("searchGroups with un-authorized user should throw " +
		"AccessControlException");
		}
		catch (GroupNotFoundException ignore)
		catch (AccessControlException ignore)
		{

		}

projects/cadcAccessControl/src/ca/nrc/cadc/ac/client/GMSClient.java

+13 −2

Original line number	Diff line number	Diff line
		@@ -86,6 +86,7 @@ import java.util.Map;
		import java.util.Set;

		import javax.net.ssl.HttpsURLConnection;
		import javax.net.ssl.SSLHandshakeException;
		import javax.net.ssl.SSLSocketFactory;
		import javax.security.auth.Subject;

		@@ -380,14 +381,24 @@ public class GMSClient
		((HttpsURLConnection) conn)
		.setSSLSocketFactory(getSSLSocketFactory());
		}
		int responseCode = conn.getResponseCode();
		int responseCode = -1;
		try
		{
		responseCode = conn.getResponseCode();
		}
		catch(SSLHandshakeException e)
		{
		throw new AccessControlException(e.getMessage());
		}

		if (responseCode != 200)
		{
		String errMessage = NetUtil.getErrorBody(conn);
		log.debug("deleteGroup response " + responseCode + ": " +
		errMessage);

		if ((responseCode == 401) \|\| (responseCode == 403))
		if ((responseCode == 401) \|\| (responseCode == 403) \|\|
		(responseCode == -1))
		{
		throw new AccessControlException(errMessage);
		}