Loading projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java +13 −27 Original line number Diff line number Diff line Loading @@ -68,6 +68,17 @@ */ package ca.nrc.cadc.ac.server.ldap; import java.security.AccessControlException; import java.security.Principal; import java.util.ArrayList; import java.util.Collection; import java.util.Date; import java.util.List; import javax.security.auth.x500.X500Principal; import org.apache.log4j.Logger; import ca.nrc.cadc.ac.ActivatedGroup; import ca.nrc.cadc.ac.Group; import ca.nrc.cadc.ac.GroupAlreadyExistsException; Loading @@ -76,6 +87,7 @@ import ca.nrc.cadc.ac.Role; import ca.nrc.cadc.ac.User; import ca.nrc.cadc.ac.UserNotFoundException; import ca.nrc.cadc.net.TransientException; import com.unboundid.ldap.sdk.AddRequest; import com.unboundid.ldap.sdk.Attribute; import com.unboundid.ldap.sdk.DN; Loading @@ -90,15 +102,6 @@ import com.unboundid.ldap.sdk.SearchResult; import com.unboundid.ldap.sdk.SearchResultEntry; import com.unboundid.ldap.sdk.SearchScope; import com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV2RequestControl; import java.security.AccessControlException; import java.security.Principal; import java.util.ArrayList; import java.util.Collection; import java.util.Date; import java.util.List; import java.util.logging.Level; import javax.security.auth.x500.X500Principal; import org.apache.log4j.Logger; public class LdapGroupDAO<T extends Principal> extends LdapDAO { Loading @@ -112,9 +115,6 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO "(version 3.0;acl \"Group Write\";allow " + "(read,compare,search,selfwrite,write,add)" + "(groupdn = \"ldap:///<ACTUAL_GROUP>\");)"; private static final String PUB_GROUP_ACI = "(targetattr = \"*\") " + "(version 3.0;acl \"Group Public\";" + "allow (read,compare,search)userdn=\"ldap:///all\";)"; private LdapUserDAO<T> userPersist; Loading Loading @@ -185,7 +185,6 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO new ActivatedGroup(modifiedGroup.getID(), modifiedGroup.getOwner()); activatedGroup.description = modifiedGroup.description; activatedGroup.publicRead = modifiedGroup.publicRead; activatedGroup.groupRead = modifiedGroup.groupRead; activatedGroup.groupWrite = modifiedGroup.groupWrite; activatedGroup.getProperties() Loading Loading @@ -240,10 +239,6 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO // acis List<String> acis = new ArrayList<String>(); if (group.publicRead) { acis.add(PUB_GROUP_ACI); } if (groupWriteAci != null) { acis.add(groupWriteAci); Loading Loading @@ -428,10 +423,6 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO Group groupWrite = getGroup(grWrite.trim()); ldapGroup.groupWrite = groupWrite; } else if (aci.equals(PUB_GROUP_ACI)) { ldapGroup.publicRead = true; } } } } Loading Loading @@ -529,10 +520,6 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO writeGrDN.toNormalizedString())); } if (newGroup.publicRead) { acis.add(PUB_GROUP_ACI); } modifs.add(new Modification(ModificationType.REPLACE, "aci", (String[]) acis.toArray(new String[acis.size()]))); Loading Loading @@ -645,8 +632,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO } if (group.groupRead != null || group.groupWrite != null || group.publicRead) group.groupWrite != null) { modifs.add(new Modification(ModificationType.DELETE, "aci")); } Loading projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java +8 −20 Original line number Diff line number Diff line Loading @@ -34,17 +34,24 @@ package ca.nrc.cadc.ac.server.ldap; import ca.nrc.cadc.ac.ActivatedGroup; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; import java.security.AccessControlException; import java.security.PrivilegedExceptionAction; import java.util.Collection; import java.util.Set; import javax.security.auth.Subject; import javax.security.auth.x500.X500Principal; import org.apache.log4j.Level; import org.apache.log4j.Logger; import org.junit.BeforeClass; import org.junit.Test; import ca.nrc.cadc.ac.ActivatedGroup; import ca.nrc.cadc.ac.Group; import ca.nrc.cadc.ac.GroupAlreadyExistsException; import ca.nrc.cadc.ac.GroupNotFoundException; Loading @@ -53,14 +60,6 @@ import ca.nrc.cadc.ac.Role; import ca.nrc.cadc.ac.User; import ca.nrc.cadc.ac.UserNotFoundException; import ca.nrc.cadc.util.Log4jInit; import java.security.AccessControlException; import java.security.Principal; import java.util.Collection; import java.util.Set; import org.apache.log4j.Level; import org.apache.log4j.Logger; import static org.junit.Assert.fail; import org.junit.BeforeClass; public class LdapGroupDAOTest { Loading Loading @@ -177,15 +176,6 @@ public class LdapGroupDAOTest actualGroup = getGroupDAO().modifyGroup(expectGroup); assertGroupsEqual(expectGroup, actualGroup); // publicRead expectGroup.publicRead = true; actualGroup = getGroupDAO().modifyGroup(expectGroup); assertGroupsEqual(expectGroup, actualGroup); expectGroup.publicRead = false; actualGroup = getGroupDAO().modifyGroup(expectGroup); assertGroupsEqual(expectGroup, actualGroup); // userMembers expectGroup.getUserMembers().add(daoTestUser2); actualGroup = getGroupDAO().modifyGroup(expectGroup); Loading @@ -208,7 +198,6 @@ public class LdapGroupDAOTest expectGroup.description = "Happy testing"; expectGroup.groupRead = otherGroup; expectGroup.groupWrite = otherGroup; expectGroup.publicRead = true; expectGroup.getUserMembers().add(daoTestUser2); expectGroup.getGroupMembers().add(otherGroup); Loading Loading @@ -662,7 +651,6 @@ public class LdapGroupDAOTest { assertTrue(gr2.getUserMembers().contains(user)); } assertEquals(gr1.publicRead, gr2.publicRead); assertEquals(gr1.groupRead, gr2.groupRead); assertEquals(gr1.groupWrite, gr2.groupWrite); assertEquals(gr1.groupWrite, gr2.groupWrite); Loading projects/cadcAccessControl/build.xml +3 −28 Original line number Diff line number Diff line Loading @@ -88,13 +88,14 @@ <property name="project" value="cadcAccessControl" /> <property name="cadcUtil" value="${lib}/cadcUtil.jar" /> <property name="cadcRegistryClient" value="${lib}/cadcRegistryClient.jar" /> <property name="jdom2" value="${ext.lib}/jdom2.jar" /> <property name="log4j" value="${ext.lib}/log4j.jar" /> <property name="unboundid" value="${ext.lib}/unboundid-ldapsdk-se.jar" /> <property name="jars" value="${cadcUtil}:${jdom2}:${log4j}:${unboundid}" /> <property name="jars" value="${cadcUtil}:${cadcRegistryClient}:${jdom2}:${log4j}:${unboundid}" /> <target name="build" depends="compile"> <jar jarfile="${build}/lib/${project}.jar" Loading @@ -114,30 +115,4 @@ <property name="testingJars" value="${build}/class:${jars}:${xerces}:${asm}:${cglib}:${easymock}:${junit}:${objenesis}" /> <target name="test" depends="compile-test"> <echo message="Running test" /> <!-- Run the junit test suite --> <echo message="Running test suite..." /> <junit printsummary="yes" haltonfailure="yes" fork="yes"> <classpath> <pathelement path="${build}/class"/> <pathelement path="${build}/test/class"/> <pathelement path="${testingJars}"/> </classpath> <test name="ca.nrc.cadc.ac.GroupTest" /> <test name="ca.nrc.cadc.ac.GroupPropertyTest" /> <test name="ca.nrc.cadc.ac.GroupPropertyReaderWriterTest" /> <test name="ca.nrc.cadc.ac.GroupReaderWriterTest" /> <test name="ca.nrc.cadc.ac.IdentityReaderWriterTest" /> <test name="ca.nrc.cadc.ac.PersonalDetailsTest" /> <test name="ca.nrc.cadc.ac.PosixDetailsTest" /> <test name="ca.nrc.cadc.ac.UserDetailsReaderWriterTest" /> <test name="ca.nrc.cadc.ac.UserReaderWriterTest" /> <test name="ca.nrc.cadc.ac.UserTest" /> <formatter type="plain" usefile="false" /> </junit> </target> </project> projects/cadcAccessControl/src/ca/nrc/cadc/ac/AC.java +1 −5 Original line number Diff line number Diff line Loading @@ -85,13 +85,9 @@ public class AC // Denotes a group readable by public public static final String PROPERTY_PUBLIC = "ivo://ivoa.net/gms#public"; public static final String GMS_SERVICE_URI = "ivo://cadc.nrc.ca/ac"; public static final String GMS_SERVICE_URI = "ivo://cadc.nrc.ca/gms"; // Group URI attribute once the group name is appended public static final String GROUP_URI = "ivo://cadc.nrc.ca/gms#"; // public static final String ID_TYPE_X500 = "X500"; // public static final String ID_TYPE_OPENID = "OpenID"; // public static final String ID_TYPE_USERNAME = "HTTP"; // public static final String ID_TYPE_UID = "UID"; } projects/cadcAccessControl/src/ca/nrc/cadc/ac/Group.java +0 −6 Original line number Diff line number Diff line Loading @@ -104,12 +104,6 @@ public class Group */ public Group groupWrite; /** * flag that show whether the details of this group are publicly readable * Note: this class does not enforce any access control rules */ public boolean publicRead = false; /** * Ctor. * Loading Loading
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java +13 −27 Original line number Diff line number Diff line Loading @@ -68,6 +68,17 @@ */ package ca.nrc.cadc.ac.server.ldap; import java.security.AccessControlException; import java.security.Principal; import java.util.ArrayList; import java.util.Collection; import java.util.Date; import java.util.List; import javax.security.auth.x500.X500Principal; import org.apache.log4j.Logger; import ca.nrc.cadc.ac.ActivatedGroup; import ca.nrc.cadc.ac.Group; import ca.nrc.cadc.ac.GroupAlreadyExistsException; Loading @@ -76,6 +87,7 @@ import ca.nrc.cadc.ac.Role; import ca.nrc.cadc.ac.User; import ca.nrc.cadc.ac.UserNotFoundException; import ca.nrc.cadc.net.TransientException; import com.unboundid.ldap.sdk.AddRequest; import com.unboundid.ldap.sdk.Attribute; import com.unboundid.ldap.sdk.DN; Loading @@ -90,15 +102,6 @@ import com.unboundid.ldap.sdk.SearchResult; import com.unboundid.ldap.sdk.SearchResultEntry; import com.unboundid.ldap.sdk.SearchScope; import com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV2RequestControl; import java.security.AccessControlException; import java.security.Principal; import java.util.ArrayList; import java.util.Collection; import java.util.Date; import java.util.List; import java.util.logging.Level; import javax.security.auth.x500.X500Principal; import org.apache.log4j.Logger; public class LdapGroupDAO<T extends Principal> extends LdapDAO { Loading @@ -112,9 +115,6 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO "(version 3.0;acl \"Group Write\";allow " + "(read,compare,search,selfwrite,write,add)" + "(groupdn = \"ldap:///<ACTUAL_GROUP>\");)"; private static final String PUB_GROUP_ACI = "(targetattr = \"*\") " + "(version 3.0;acl \"Group Public\";" + "allow (read,compare,search)userdn=\"ldap:///all\";)"; private LdapUserDAO<T> userPersist; Loading Loading @@ -185,7 +185,6 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO new ActivatedGroup(modifiedGroup.getID(), modifiedGroup.getOwner()); activatedGroup.description = modifiedGroup.description; activatedGroup.publicRead = modifiedGroup.publicRead; activatedGroup.groupRead = modifiedGroup.groupRead; activatedGroup.groupWrite = modifiedGroup.groupWrite; activatedGroup.getProperties() Loading Loading @@ -240,10 +239,6 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO // acis List<String> acis = new ArrayList<String>(); if (group.publicRead) { acis.add(PUB_GROUP_ACI); } if (groupWriteAci != null) { acis.add(groupWriteAci); Loading Loading @@ -428,10 +423,6 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO Group groupWrite = getGroup(grWrite.trim()); ldapGroup.groupWrite = groupWrite; } else if (aci.equals(PUB_GROUP_ACI)) { ldapGroup.publicRead = true; } } } } Loading Loading @@ -529,10 +520,6 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO writeGrDN.toNormalizedString())); } if (newGroup.publicRead) { acis.add(PUB_GROUP_ACI); } modifs.add(new Modification(ModificationType.REPLACE, "aci", (String[]) acis.toArray(new String[acis.size()]))); Loading Loading @@ -645,8 +632,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO } if (group.groupRead != null || group.groupWrite != null || group.publicRead) group.groupWrite != null) { modifs.add(new Modification(ModificationType.DELETE, "aci")); } Loading
projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java +8 −20 Original line number Diff line number Diff line Loading @@ -34,17 +34,24 @@ package ca.nrc.cadc.ac.server.ldap; import ca.nrc.cadc.ac.ActivatedGroup; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; import java.security.AccessControlException; import java.security.PrivilegedExceptionAction; import java.util.Collection; import java.util.Set; import javax.security.auth.Subject; import javax.security.auth.x500.X500Principal; import org.apache.log4j.Level; import org.apache.log4j.Logger; import org.junit.BeforeClass; import org.junit.Test; import ca.nrc.cadc.ac.ActivatedGroup; import ca.nrc.cadc.ac.Group; import ca.nrc.cadc.ac.GroupAlreadyExistsException; import ca.nrc.cadc.ac.GroupNotFoundException; Loading @@ -53,14 +60,6 @@ import ca.nrc.cadc.ac.Role; import ca.nrc.cadc.ac.User; import ca.nrc.cadc.ac.UserNotFoundException; import ca.nrc.cadc.util.Log4jInit; import java.security.AccessControlException; import java.security.Principal; import java.util.Collection; import java.util.Set; import org.apache.log4j.Level; import org.apache.log4j.Logger; import static org.junit.Assert.fail; import org.junit.BeforeClass; public class LdapGroupDAOTest { Loading Loading @@ -177,15 +176,6 @@ public class LdapGroupDAOTest actualGroup = getGroupDAO().modifyGroup(expectGroup); assertGroupsEqual(expectGroup, actualGroup); // publicRead expectGroup.publicRead = true; actualGroup = getGroupDAO().modifyGroup(expectGroup); assertGroupsEqual(expectGroup, actualGroup); expectGroup.publicRead = false; actualGroup = getGroupDAO().modifyGroup(expectGroup); assertGroupsEqual(expectGroup, actualGroup); // userMembers expectGroup.getUserMembers().add(daoTestUser2); actualGroup = getGroupDAO().modifyGroup(expectGroup); Loading @@ -208,7 +198,6 @@ public class LdapGroupDAOTest expectGroup.description = "Happy testing"; expectGroup.groupRead = otherGroup; expectGroup.groupWrite = otherGroup; expectGroup.publicRead = true; expectGroup.getUserMembers().add(daoTestUser2); expectGroup.getGroupMembers().add(otherGroup); Loading Loading @@ -662,7 +651,6 @@ public class LdapGroupDAOTest { assertTrue(gr2.getUserMembers().contains(user)); } assertEquals(gr1.publicRead, gr2.publicRead); assertEquals(gr1.groupRead, gr2.groupRead); assertEquals(gr1.groupWrite, gr2.groupWrite); assertEquals(gr1.groupWrite, gr2.groupWrite); Loading
projects/cadcAccessControl/build.xml +3 −28 Original line number Diff line number Diff line Loading @@ -88,13 +88,14 @@ <property name="project" value="cadcAccessControl" /> <property name="cadcUtil" value="${lib}/cadcUtil.jar" /> <property name="cadcRegistryClient" value="${lib}/cadcRegistryClient.jar" /> <property name="jdom2" value="${ext.lib}/jdom2.jar" /> <property name="log4j" value="${ext.lib}/log4j.jar" /> <property name="unboundid" value="${ext.lib}/unboundid-ldapsdk-se.jar" /> <property name="jars" value="${cadcUtil}:${jdom2}:${log4j}:${unboundid}" /> <property name="jars" value="${cadcUtil}:${cadcRegistryClient}:${jdom2}:${log4j}:${unboundid}" /> <target name="build" depends="compile"> <jar jarfile="${build}/lib/${project}.jar" Loading @@ -114,30 +115,4 @@ <property name="testingJars" value="${build}/class:${jars}:${xerces}:${asm}:${cglib}:${easymock}:${junit}:${objenesis}" /> <target name="test" depends="compile-test"> <echo message="Running test" /> <!-- Run the junit test suite --> <echo message="Running test suite..." /> <junit printsummary="yes" haltonfailure="yes" fork="yes"> <classpath> <pathelement path="${build}/class"/> <pathelement path="${build}/test/class"/> <pathelement path="${testingJars}"/> </classpath> <test name="ca.nrc.cadc.ac.GroupTest" /> <test name="ca.nrc.cadc.ac.GroupPropertyTest" /> <test name="ca.nrc.cadc.ac.GroupPropertyReaderWriterTest" /> <test name="ca.nrc.cadc.ac.GroupReaderWriterTest" /> <test name="ca.nrc.cadc.ac.IdentityReaderWriterTest" /> <test name="ca.nrc.cadc.ac.PersonalDetailsTest" /> <test name="ca.nrc.cadc.ac.PosixDetailsTest" /> <test name="ca.nrc.cadc.ac.UserDetailsReaderWriterTest" /> <test name="ca.nrc.cadc.ac.UserReaderWriterTest" /> <test name="ca.nrc.cadc.ac.UserTest" /> <formatter type="plain" usefile="false" /> </junit> </target> </project>
projects/cadcAccessControl/src/ca/nrc/cadc/ac/AC.java +1 −5 Original line number Diff line number Diff line Loading @@ -85,13 +85,9 @@ public class AC // Denotes a group readable by public public static final String PROPERTY_PUBLIC = "ivo://ivoa.net/gms#public"; public static final String GMS_SERVICE_URI = "ivo://cadc.nrc.ca/ac"; public static final String GMS_SERVICE_URI = "ivo://cadc.nrc.ca/gms"; // Group URI attribute once the group name is appended public static final String GROUP_URI = "ivo://cadc.nrc.ca/gms#"; // public static final String ID_TYPE_X500 = "X500"; // public static final String ID_TYPE_OPENID = "OpenID"; // public static final String ID_TYPE_USERNAME = "HTTP"; // public static final String ID_TYPE_UID = "UID"; }
projects/cadcAccessControl/src/ca/nrc/cadc/ac/Group.java +0 −6 Original line number Diff line number Diff line Loading @@ -104,12 +104,6 @@ public class Group */ public Group groupWrite; /** * flag that show whether the details of this group are publicly readable * Note: this class does not enforce any access control rules */ public boolean publicRead = false; /** * Ctor. * Loading
