Commit 683a0f73 authored by Brian Major's avatar Brian Major
Browse files

s1885 - allow quotes around privileged user identities in web.xml

parent 1637be8e
......@@ -75,6 +75,8 @@ import java.security.PrivilegedActionException;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.security.auth.Subject;
import javax.security.auth.x500.X500Principal;
......@@ -104,7 +106,7 @@ public class UserServlet extends HttpServlet
private static final long serialVersionUID = 5289130885807305288L;
private static final Logger log = Logger.getLogger(UserServlet.class);
private List<Subject> privilegedSubjects;
protected List<Subject> privilegedSubjects;
private UserPersistence userPersistence;
......@@ -121,24 +123,37 @@ public class UserServlet extends HttpServlet
String httpUsers = config.getInitParameter(UserServlet.class.getName() + ".PrivilegedHttpPrincipals");
log.debug("PrivilegedHttpUsers: " + httpUsers);
String[] x500List = new String[0];
String[] httpList = new String[0];
List<String> x500List = new ArrayList<String>();
List<String> httpList = new ArrayList<String>();
if (x500Users != null && httpUsers != null)
{
x500List = x500Users.split(" ");
httpList = httpUsers.split(" ");
Pattern pattern = Pattern.compile("([^\"]\\S*|\".+?\")\\s*");
Matcher x500Matcher = pattern.matcher(x500Users);
Matcher httpMatcher = pattern.matcher(httpUsers);
if (x500List.length != httpList.length)
while (x500Matcher.find())
{
String next = x500Matcher.group(1);
x500List.add(next.replace("\"", ""));
}
while (httpMatcher.find())
{
String next = httpMatcher.group(1);
httpList.add(next.replace("\"", ""));
}
if (x500List.size() != httpList.size())
{
throw new RuntimeException("Init exception: Lists of augment subject principals not equivalent in length");
}
privilegedSubjects = new ArrayList<Subject>(x500Users.length());
for (int i=0; i<x500List.length; i++)
for (int i=0; i<x500List.size(); i++)
{
Subject s = new Subject();
s.getPrincipals().add(new X500Principal(x500List[i]));
s.getPrincipals().add(new HttpPrincipal(httpList[i]));
s.getPrincipals().add(new X500Principal(x500List.get(i)));
s.getPrincipals().add(new HttpPrincipal(httpList.get(i)));
privilegedSubjects.add(s);
}
......
package ca.nrc.cadc.ac.server.web;
import static org.easymock.EasyMock.createMock;
import static org.easymock.EasyMock.expect;
import static org.easymock.EasyMock.replay;
import static org.easymock.EasyMock.verify;
import static org.junit.Assert.assertEquals;
import java.util.List;
import javax.security.auth.Subject;
import javax.servlet.ServletConfig;
import javax.servlet.http.HttpServletRequest;
import ca.nrc.cadc.ac.server.web.UserServlet;
import junit.framework.Assert;
import org.apache.log4j.Level;
import org.apache.log4j.Logger;
import org.easymock.EasyMock;
import org.junit.Test;
import static org.easymock.EasyMock.*;
import static org.junit.Assert.*;
import ca.nrc.cadc.db.StandaloneContextFactory;
import ca.nrc.cadc.util.Log4jInit;
public class UserServletTest
{
private static final Logger log = Logger.getLogger(UserServletTest.class);
public UserServletTest()
{
Log4jInit.setLevel("ca.nrc.cadc.ac", Level.INFO);
}
@Test
public void getAcceptedContentTypeJSON() throws Exception
{
......@@ -45,4 +67,117 @@ public class UserServletTest
verify(mockRequest);
}
@Test
public void testPrivilegedUsers1()
{
try
{
StandaloneContextFactory.initJNDI();
UserServlet userServlet = new UserServlet();
ServletConfig config = EasyMock.createMock(ServletConfig.class);
EasyMock.expect(config.getInitParameter(
UserServlet.class.getName() + ".PrivilegedX500Principals")).
andReturn("cn=user1,ou=cadc,o=hia,c=ca cn=user2,ou=cadc,o=hia,c=ca");
EasyMock.expect(config.getInitParameter(
UserServlet.class.getName() + ".PrivilegedHttpPrincipals")).
andReturn("user1 user2");
EasyMock.replay(config);
userServlet.init(config);
List<Subject> subjects = userServlet.privilegedSubjects;
Assert.assertTrue(subjects.size() == 2);
EasyMock.verify(config);
}
catch (Exception e)
{
log.error("Unexpected", e);
Assert.fail(e.getMessage());
}
}
@Test
public void testPrivilegedUsers2()
{
try
{
StandaloneContextFactory.initJNDI();
UserServlet userServlet = new UserServlet();
ServletConfig config = EasyMock.createMock(ServletConfig.class);
EasyMock.expect(config.getInitParameter(
UserServlet.class.getName() + ".PrivilegedX500Principals")).
andReturn("\"cn=user1, ou=cadc, o=hia,c=ca\" \"cn=user2, ou=cadc,o=hia,c=ca\"");
EasyMock.expect(config.getInitParameter(
UserServlet.class.getName() + ".PrivilegedHttpPrincipals")).
andReturn("user1 \"user2\"");
EasyMock.replay(config);
userServlet.init(config);
List<Subject> subjects = userServlet.privilegedSubjects;
Assert.assertTrue(subjects.size() == 2);
EasyMock.verify(config);
}
catch (Exception e)
{
log.error("Unexpected", e);
Assert.fail(e.getMessage());
}
}
@Test
public void testPrivilegedUsers3()
{
try
{
StandaloneContextFactory.initJNDI();
UserServlet userServlet = new UserServlet();
ServletConfig config = EasyMock.createMock(ServletConfig.class);
EasyMock.expect(config.getInitParameter(
UserServlet.class.getName() + ".PrivilegedX500Principals")).
andReturn("\"cn=user1, ou=cadc, o=hia,c=ca\"");
EasyMock.expect(config.getInitParameter(
UserServlet.class.getName() + ".PrivilegedHttpPrincipals")).
andReturn("user1");
EasyMock.replay(config);
userServlet.init(config);
List<Subject> subjects = userServlet.privilegedSubjects;
Assert.assertTrue(subjects.size() == 1);
EasyMock.verify(config);
}
catch (Exception e)
{
log.error("Unexpected", e);
Assert.fail(e.getMessage());
}
}
@Test
public void testPrivilegedUsers4()
{
try
{
StandaloneContextFactory.initJNDI();
UserServlet userServlet = new UserServlet();
ServletConfig config = EasyMock.createMock(ServletConfig.class);
EasyMock.expect(config.getInitParameter(
UserServlet.class.getName() + ".PrivilegedX500Principals")).
andReturn("\"cn=user1, ou=cadc, o=hia,c=ca\" \"cn=user2, ou=cadc,o=hia,c=ca\"");
EasyMock.expect(config.getInitParameter(
UserServlet.class.getName() + ".PrivilegedHttpPrincipals")).
andReturn("user1 \"user2\" user3");
EasyMock.replay(config);
try
{
userServlet.init(config);
Assert.fail("Should have thrown an error");
}
catch (ExceptionInInitializerError e)
{
// expected
}
}
catch (Exception e)
{
log.error("Unexpected", e);
Assert.fail(e.getMessage());
}
}
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment