Loading cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/UserServlet.java +24 −9 Original line number Diff line number Diff line Loading @@ -75,6 +75,8 @@ import java.security.PrivilegedActionException; import java.util.ArrayList; import java.util.List; import java.util.Set; import java.util.regex.Matcher; import java.util.regex.Pattern; import javax.security.auth.Subject; import javax.security.auth.x500.X500Principal; Loading Loading @@ -104,7 +106,7 @@ public class UserServlet extends HttpServlet private static final long serialVersionUID = 5289130885807305288L; private static final Logger log = Logger.getLogger(UserServlet.class); private List<Subject> privilegedSubjects; protected List<Subject> privilegedSubjects; private UserPersistence userPersistence; Loading @@ -121,24 +123,37 @@ public class UserServlet extends HttpServlet String httpUsers = config.getInitParameter(UserServlet.class.getName() + ".PrivilegedHttpPrincipals"); log.debug("PrivilegedHttpUsers: " + httpUsers); String[] x500List = new String[0]; String[] httpList = new String[0]; List<String> x500List = new ArrayList<String>(); List<String> httpList = new ArrayList<String>(); if (x500Users != null && httpUsers != null) { x500List = x500Users.split(" "); httpList = httpUsers.split(" "); Pattern pattern = Pattern.compile("([^\"]\\S*|\".+?\")\\s*"); Matcher x500Matcher = pattern.matcher(x500Users); Matcher httpMatcher = pattern.matcher(httpUsers); if (x500List.length != httpList.length) while (x500Matcher.find()) { String next = x500Matcher.group(1); x500List.add(next.replace("\"", "")); } while (httpMatcher.find()) { String next = httpMatcher.group(1); httpList.add(next.replace("\"", "")); } if (x500List.size() != httpList.size()) { throw new RuntimeException("Init exception: Lists of augment subject principals not equivalent in length"); } privilegedSubjects = new ArrayList<Subject>(x500Users.length()); for (int i=0; i<x500List.length; i++) for (int i=0; i<x500List.size(); i++) { Subject s = new Subject(); s.getPrincipals().add(new X500Principal(x500List[i])); s.getPrincipals().add(new HttpPrincipal(httpList[i])); s.getPrincipals().add(new X500Principal(x500List.get(i))); s.getPrincipals().add(new HttpPrincipal(httpList.get(i))); privilegedSubjects.add(s); } Loading cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/web/UserServletTest.java +138 −3 Original line number Diff line number Diff line package ca.nrc.cadc.ac.server.web; import static org.easymock.EasyMock.createMock; import static org.easymock.EasyMock.expect; import static org.easymock.EasyMock.replay; import static org.easymock.EasyMock.verify; import static org.junit.Assert.assertEquals; import java.util.List; import javax.security.auth.Subject; import javax.servlet.ServletConfig; import javax.servlet.http.HttpServletRequest; import ca.nrc.cadc.ac.server.web.UserServlet; import junit.framework.Assert; import org.apache.log4j.Level; import org.apache.log4j.Logger; import org.easymock.EasyMock; import org.junit.Test; import static org.easymock.EasyMock.*; import static org.junit.Assert.*; import ca.nrc.cadc.db.StandaloneContextFactory; import ca.nrc.cadc.util.Log4jInit; public class UserServletTest { private static final Logger log = Logger.getLogger(UserServletTest.class); public UserServletTest() { Log4jInit.setLevel("ca.nrc.cadc.ac", Level.INFO); } @Test public void getAcceptedContentTypeJSON() throws Exception { Loading Loading @@ -45,4 +67,117 @@ public class UserServletTest verify(mockRequest); } @Test public void testPrivilegedUsers1() { try { StandaloneContextFactory.initJNDI(); UserServlet userServlet = new UserServlet(); ServletConfig config = EasyMock.createMock(ServletConfig.class); EasyMock.expect(config.getInitParameter( UserServlet.class.getName() + ".PrivilegedX500Principals")). andReturn("cn=user1,ou=cadc,o=hia,c=ca cn=user2,ou=cadc,o=hia,c=ca"); EasyMock.expect(config.getInitParameter( UserServlet.class.getName() + ".PrivilegedHttpPrincipals")). andReturn("user1 user2"); EasyMock.replay(config); userServlet.init(config); List<Subject> subjects = userServlet.privilegedSubjects; Assert.assertTrue(subjects.size() == 2); EasyMock.verify(config); } catch (Exception e) { log.error("Unexpected", e); Assert.fail(e.getMessage()); } } @Test public void testPrivilegedUsers2() { try { StandaloneContextFactory.initJNDI(); UserServlet userServlet = new UserServlet(); ServletConfig config = EasyMock.createMock(ServletConfig.class); EasyMock.expect(config.getInitParameter( UserServlet.class.getName() + ".PrivilegedX500Principals")). andReturn("\"cn=user1, ou=cadc, o=hia,c=ca\" \"cn=user2, ou=cadc,o=hia,c=ca\""); EasyMock.expect(config.getInitParameter( UserServlet.class.getName() + ".PrivilegedHttpPrincipals")). andReturn("user1 \"user2\""); EasyMock.replay(config); userServlet.init(config); List<Subject> subjects = userServlet.privilegedSubjects; Assert.assertTrue(subjects.size() == 2); EasyMock.verify(config); } catch (Exception e) { log.error("Unexpected", e); Assert.fail(e.getMessage()); } } @Test public void testPrivilegedUsers3() { try { StandaloneContextFactory.initJNDI(); UserServlet userServlet = new UserServlet(); ServletConfig config = EasyMock.createMock(ServletConfig.class); EasyMock.expect(config.getInitParameter( UserServlet.class.getName() + ".PrivilegedX500Principals")). andReturn("\"cn=user1, ou=cadc, o=hia,c=ca\""); EasyMock.expect(config.getInitParameter( UserServlet.class.getName() + ".PrivilegedHttpPrincipals")). andReturn("user1"); EasyMock.replay(config); userServlet.init(config); List<Subject> subjects = userServlet.privilegedSubjects; Assert.assertTrue(subjects.size() == 1); EasyMock.verify(config); } catch (Exception e) { log.error("Unexpected", e); Assert.fail(e.getMessage()); } } @Test public void testPrivilegedUsers4() { try { StandaloneContextFactory.initJNDI(); UserServlet userServlet = new UserServlet(); ServletConfig config = EasyMock.createMock(ServletConfig.class); EasyMock.expect(config.getInitParameter( UserServlet.class.getName() + ".PrivilegedX500Principals")). andReturn("\"cn=user1, ou=cadc, o=hia,c=ca\" \"cn=user2, ou=cadc,o=hia,c=ca\""); EasyMock.expect(config.getInitParameter( UserServlet.class.getName() + ".PrivilegedHttpPrincipals")). andReturn("user1 \"user2\" user3"); EasyMock.replay(config); try { userServlet.init(config); Assert.fail("Should have thrown an error"); } catch (ExceptionInInitializerError e) { // expected } } catch (Exception e) { log.error("Unexpected", e); Assert.fail(e.getMessage()); } } } Loading
cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/UserServlet.java +24 −9 Original line number Diff line number Diff line Loading @@ -75,6 +75,8 @@ import java.security.PrivilegedActionException; import java.util.ArrayList; import java.util.List; import java.util.Set; import java.util.regex.Matcher; import java.util.regex.Pattern; import javax.security.auth.Subject; import javax.security.auth.x500.X500Principal; Loading Loading @@ -104,7 +106,7 @@ public class UserServlet extends HttpServlet private static final long serialVersionUID = 5289130885807305288L; private static final Logger log = Logger.getLogger(UserServlet.class); private List<Subject> privilegedSubjects; protected List<Subject> privilegedSubjects; private UserPersistence userPersistence; Loading @@ -121,24 +123,37 @@ public class UserServlet extends HttpServlet String httpUsers = config.getInitParameter(UserServlet.class.getName() + ".PrivilegedHttpPrincipals"); log.debug("PrivilegedHttpUsers: " + httpUsers); String[] x500List = new String[0]; String[] httpList = new String[0]; List<String> x500List = new ArrayList<String>(); List<String> httpList = new ArrayList<String>(); if (x500Users != null && httpUsers != null) { x500List = x500Users.split(" "); httpList = httpUsers.split(" "); Pattern pattern = Pattern.compile("([^\"]\\S*|\".+?\")\\s*"); Matcher x500Matcher = pattern.matcher(x500Users); Matcher httpMatcher = pattern.matcher(httpUsers); if (x500List.length != httpList.length) while (x500Matcher.find()) { String next = x500Matcher.group(1); x500List.add(next.replace("\"", "")); } while (httpMatcher.find()) { String next = httpMatcher.group(1); httpList.add(next.replace("\"", "")); } if (x500List.size() != httpList.size()) { throw new RuntimeException("Init exception: Lists of augment subject principals not equivalent in length"); } privilegedSubjects = new ArrayList<Subject>(x500Users.length()); for (int i=0; i<x500List.length; i++) for (int i=0; i<x500List.size(); i++) { Subject s = new Subject(); s.getPrincipals().add(new X500Principal(x500List[i])); s.getPrincipals().add(new HttpPrincipal(httpList[i])); s.getPrincipals().add(new X500Principal(x500List.get(i))); s.getPrincipals().add(new HttpPrincipal(httpList.get(i))); privilegedSubjects.add(s); } Loading
cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/web/UserServletTest.java +138 −3 Original line number Diff line number Diff line package ca.nrc.cadc.ac.server.web; import static org.easymock.EasyMock.createMock; import static org.easymock.EasyMock.expect; import static org.easymock.EasyMock.replay; import static org.easymock.EasyMock.verify; import static org.junit.Assert.assertEquals; import java.util.List; import javax.security.auth.Subject; import javax.servlet.ServletConfig; import javax.servlet.http.HttpServletRequest; import ca.nrc.cadc.ac.server.web.UserServlet; import junit.framework.Assert; import org.apache.log4j.Level; import org.apache.log4j.Logger; import org.easymock.EasyMock; import org.junit.Test; import static org.easymock.EasyMock.*; import static org.junit.Assert.*; import ca.nrc.cadc.db.StandaloneContextFactory; import ca.nrc.cadc.util.Log4jInit; public class UserServletTest { private static final Logger log = Logger.getLogger(UserServletTest.class); public UserServletTest() { Log4jInit.setLevel("ca.nrc.cadc.ac", Level.INFO); } @Test public void getAcceptedContentTypeJSON() throws Exception { Loading Loading @@ -45,4 +67,117 @@ public class UserServletTest verify(mockRequest); } @Test public void testPrivilegedUsers1() { try { StandaloneContextFactory.initJNDI(); UserServlet userServlet = new UserServlet(); ServletConfig config = EasyMock.createMock(ServletConfig.class); EasyMock.expect(config.getInitParameter( UserServlet.class.getName() + ".PrivilegedX500Principals")). andReturn("cn=user1,ou=cadc,o=hia,c=ca cn=user2,ou=cadc,o=hia,c=ca"); EasyMock.expect(config.getInitParameter( UserServlet.class.getName() + ".PrivilegedHttpPrincipals")). andReturn("user1 user2"); EasyMock.replay(config); userServlet.init(config); List<Subject> subjects = userServlet.privilegedSubjects; Assert.assertTrue(subjects.size() == 2); EasyMock.verify(config); } catch (Exception e) { log.error("Unexpected", e); Assert.fail(e.getMessage()); } } @Test public void testPrivilegedUsers2() { try { StandaloneContextFactory.initJNDI(); UserServlet userServlet = new UserServlet(); ServletConfig config = EasyMock.createMock(ServletConfig.class); EasyMock.expect(config.getInitParameter( UserServlet.class.getName() + ".PrivilegedX500Principals")). andReturn("\"cn=user1, ou=cadc, o=hia,c=ca\" \"cn=user2, ou=cadc,o=hia,c=ca\""); EasyMock.expect(config.getInitParameter( UserServlet.class.getName() + ".PrivilegedHttpPrincipals")). andReturn("user1 \"user2\""); EasyMock.replay(config); userServlet.init(config); List<Subject> subjects = userServlet.privilegedSubjects; Assert.assertTrue(subjects.size() == 2); EasyMock.verify(config); } catch (Exception e) { log.error("Unexpected", e); Assert.fail(e.getMessage()); } } @Test public void testPrivilegedUsers3() { try { StandaloneContextFactory.initJNDI(); UserServlet userServlet = new UserServlet(); ServletConfig config = EasyMock.createMock(ServletConfig.class); EasyMock.expect(config.getInitParameter( UserServlet.class.getName() + ".PrivilegedX500Principals")). andReturn("\"cn=user1, ou=cadc, o=hia,c=ca\""); EasyMock.expect(config.getInitParameter( UserServlet.class.getName() + ".PrivilegedHttpPrincipals")). andReturn("user1"); EasyMock.replay(config); userServlet.init(config); List<Subject> subjects = userServlet.privilegedSubjects; Assert.assertTrue(subjects.size() == 1); EasyMock.verify(config); } catch (Exception e) { log.error("Unexpected", e); Assert.fail(e.getMessage()); } } @Test public void testPrivilegedUsers4() { try { StandaloneContextFactory.initJNDI(); UserServlet userServlet = new UserServlet(); ServletConfig config = EasyMock.createMock(ServletConfig.class); EasyMock.expect(config.getInitParameter( UserServlet.class.getName() + ".PrivilegedX500Principals")). andReturn("\"cn=user1, ou=cadc, o=hia,c=ca\" \"cn=user2, ou=cadc,o=hia,c=ca\""); EasyMock.expect(config.getInitParameter( UserServlet.class.getName() + ".PrivilegedHttpPrincipals")). andReturn("user1 \"user2\" user3"); EasyMock.replay(config); try { userServlet.init(config); Assert.fail("Should have thrown an error"); } catch (ExceptionInInitializerError e) { // expected } } catch (Exception e) { log.error("Unexpected", e); Assert.fail(e.getMessage()); } } }
