Loading projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java +116 −181 Original line number Diff line number Diff line Loading @@ -162,10 +162,14 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO "Support for groups properties not available"); } Group inactiveGroup = getInactiveGroup(group); if (inactiveGroup != null) try { getInactiveGroup(group); return reactivateGroup(group); } catch (GroupNotFoundException e) { return reactiveGroup(group, inactiveGroup); // ignore } DN ownerDN = userPersist.getUserDN(group.getOwner()); Loading Loading @@ -247,11 +251,14 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO } private Group getInactiveGroup(final Group group) throws AccessControlException, UserNotFoundException, LDAPException throws AccessControlException, UserNotFoundException, GroupNotFoundException { Group inactiveGroup = getInactiveGroup(getGroupDN(group.getID()).toNormalizedString(), group.getID()); Group inactiveGroup; try { inactiveGroup = getInactiveGroup(getGroupDN(group.getID()) .toNormalizedString(), group.getID()); if (inactiveGroup == null) { Loading @@ -270,22 +277,29 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO if (inactiveAdminGroup == null) { throw new RuntimeException("BUG: adminGroup not found for group " + group.getID()); throw new RuntimeException( "BUG: adminGroup not found for group " + group.getID()); } if (!group.getOwner().equals(inactiveAdminGroup.getOwner())) { throw new RuntimeException("Bug: adminGroup owner doesn't match " + "group owner for group " + group.getID()); throw new RuntimeException( "Bug: adminGroup owner doesn't match " + "group owner for group " + group.getID()); } return inactiveGroup; } catch (LDAPException e) { // TODO Auto-generated catch block throw new RuntimeException("BUG: LDAP Exception: ", e); } } private Group getInactiveGroup(final String groupDN, final String groupID) throws UserNotFoundException, LDAPException throws UserNotFoundException, LDAPException, GroupNotFoundException { Filter filter = Filter.createANDFilter( Filter.createEqualityFilter("cn", groupID), Loading @@ -306,7 +320,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO { String msg = "Inactive Group not found " + groupID; logger.debug(msg); return null; throw new GroupNotFoundException(msg); } String groupCN = searchResult.getAttributeValue("cn"); Loading @@ -317,35 +331,12 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO return new Group(groupCN, owner); } private Group reactiveGroup(final Group newGroup, final Group inactiveGroup) throws UserNotFoundException, LDAPException, TransientException private Group reactivateGroup(final Group group) throws UserNotFoundException, LDAPException, TransientException, AccessControlException, GroupNotFoundException { Group group = reactiveGroup(getGroupDN(newGroup.getID()), newGroup, inactiveGroup); Group adminGroup = reactiveGroup(getGroupDN(newGroup.getID()), newGroup, inactiveGroup); return group; return modifyGroup(group, true); } private Group reactiveGroup(final DN groupDN, final Group newGroup, final Group inactiveGroup) throws UserNotFoundException, LDAPException, TransientException { List<Modification> mods = new ArrayList<Modification>(); mods.add(new Modification(ModificationType.DELETE, "nsaccountlock")); Group modifiedGroup = modifyGroup(groupDN, newGroup, inactiveGroup, mods); Group activatedGroup = new ActivatedGroup(modifiedGroup.getID(), modifiedGroup.getOwner()); activatedGroup.description = modifiedGroup.description; activatedGroup.getProperties().addAll(modifiedGroup.getProperties()); activatedGroup.getGroupMembers().addAll(modifiedGroup.getGroupMembers()); activatedGroup.getUserMembers().addAll(modifiedGroup.getUserMembers()); activatedGroup.getGroupAdmins().addAll(modifiedGroup.getGroupAdmins()); activatedGroup.getUserAdmins().addAll(modifiedGroup.getUserAdmins()); return activatedGroup; } /** * Get the group with the given Group ID. Loading Loading @@ -504,7 +495,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO /** * Modify the given group. * * @param group The group to update. * @param group The group to update. It must be an existing group * * @return The newly updated group. * Loading @@ -517,58 +508,49 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO throws GroupNotFoundException, TransientException, AccessControlException, UserNotFoundException { DN groupDN = getGroupDN(group.getID()); Group oldGroup = getGroup(groupDN, group.getID(), true); Group newGroup = modifyGroup(groupDN, group, oldGroup, null); DN adminGroupDN = getAdminGroupDN(group.getID()); Group oldAdminGroup = getGroup(adminGroupDN, group.getID(), true); Group newAdminGroup = modifyGroup(adminGroupDN, group, oldAdminGroup, null); newGroup.getGroupAdmins().addAll(newAdminGroup.getGroupAdmins()); newGroup.getUserAdmins().addAll(newAdminGroup.getUserAdmins()); return newGroup; return modifyGroup(group, false); } private Group modifyGroup(final DN groupDN, final Group newGroup, final Group oldGroup, final List<Modification> modifications) private Group modifyGroup(final Group group, boolean withActivate) throws UserNotFoundException, TransientException, AccessControlException AccessControlException, GroupNotFoundException { if (!newGroup.getProperties().isEmpty()) if (!group.getProperties().isEmpty()) { throw new UnsupportedOperationException( "Support for groups properties not available"); } List<Modification> mods = new ArrayList<Modification>(); if (modifications != null) // check if group exists if (withActivate) { mods.addAll(modifications); getInactiveGroup(group); } else { getGroup(group.getID()); } if (newGroup.description == null && oldGroup.description != null) List<Modification> mods = new ArrayList<Modification>(); List<Modification> adminMods = new ArrayList<Modification>(); if (withActivate) { mods.add(new Modification(ModificationType.DELETE, "description")); mods.add(new Modification(ModificationType.DELETE, "nsaccountlock")); adminMods.add(new Modification(ModificationType.DELETE, "nsaccountlock")); } else if (newGroup.description != null && oldGroup.description == null) if (group.description == null) { mods.add(new Modification(ModificationType.ADD, "description", newGroup.description)); mods.add(new Modification(ModificationType.REPLACE, "description")); } else if (newGroup.description != null && oldGroup.description != null) else { mods.add(new Modification(ModificationType.REPLACE, "description", newGroup.description)); mods.add(new Modification(ModificationType.REPLACE, "description", group.description)); } List<String> newMembers = new ArrayList<String>(); for (User<?> member : newGroup.getUserMembers()) { if (!oldGroup.getUserMembers().remove(member)) for (User<?> member : group.getUserMembers()) { DN memberDN; try Loading @@ -577,29 +559,18 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO } catch (LDAPException e) { throw new UserNotFoundException( "User not found " + member.getUserID()); throw new UserNotFoundException("User not found " + member.getUserID()); } newMembers.add(memberDN.toNormalizedString()); } } for (Group gr : newGroup.getGroupMembers()) { if (gr.equals(newGroup)) { throw new IllegalArgumentException( "cyclical reference from group member to group"); } if (!oldGroup.getGroupMembers().remove(gr)) for (Group gr : group.getGroupMembers()) { DN grDN = getGroupDN(gr.getID()); newMembers.add(grDN.toNormalizedString()); } } for (User<?> member : newGroup.getUserAdmins()) { if (!oldGroup.getUserAdmins().remove(member)) List<String> newAdmins = new ArrayList<String>(); for (User<?> member : group.getUserAdmins()) { DN memberDN; try Loading @@ -611,77 +582,34 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO throw new UserNotFoundException( "User not found " + member.getUserID()); } newMembers.add(memberDN.toNormalizedString()); } newAdmins.add(memberDN.toNormalizedString()); } for (Group gr : newGroup.getGroupAdmins()) { if (gr.equals(newGroup)) { throw new IllegalArgumentException( "cyclical reference from group member to group"); } if (!oldGroup.getGroupAdmins().remove(gr)) for (Group gr : group.getGroupAdmins()) { DN grDN = getGroupDN(gr.getID()); newMembers.add(grDN.toNormalizedString()); } } if (!newMembers.isEmpty()) { mods.add(new Modification(ModificationType.ADD, "uniquemember", mods.add(new Modification(ModificationType.REPLACE, "uniquemember", (String[]) newMembers.toArray(new String[newMembers.size()]))); } adminMods.add(new Modification(ModificationType.REPLACE, "uniquemember", (String[]) newAdmins.toArray(new String[newAdmins.size()]))); List<String> delMembers = new ArrayList<String>(); for (User<?> member : oldGroup.getUserMembers()) { DN memberDN; try { memberDN = this.userPersist.getUserDN(member); } catch (LDAPException e) { throw new UserNotFoundException( "User not found " + member.getUserID()); } delMembers.add(memberDN.toNormalizedString()); } for (Group gr : oldGroup.getGroupMembers()) { DN grDN = getGroupDN(gr.getID()); delMembers.add(grDN.toNormalizedString()); } for (User<?> member : oldGroup.getUserAdmins()) { DN memberDN; // modify admin group first ModifyRequest modifyRequest = new ModifyRequest(getAdminGroupDN(group.getID()), adminMods); try { memberDN = this.userPersist.getUserDN(member); } catch (LDAPException e) { throw new UserNotFoundException( "User not found " + member.getUserID()); } delMembers.add(memberDN.toNormalizedString()); } for (Group gr : oldGroup.getGroupAdmins()) { DN grDN = getGroupDN(gr.getID()); delMembers.add(grDN.toNormalizedString()); modifyRequest.addControl( new ProxiedAuthorizationV2RequestControl( "dn:" + getSubjectDN().toNormalizedString())); LDAPResult result = getConnection().modify(modifyRequest); } if (!delMembers.isEmpty()) catch (LDAPException e1) { mods.add(new Modification(ModificationType.DELETE, "uniquemember", (String[]) delMembers.toArray(new String[delMembers.size()]))); throw new RuntimeException("LDAP problem", e1); } ModifyRequest modifyRequest = new ModifyRequest(groupDN, mods); // modify the group itself now modifyRequest = new ModifyRequest(getGroupDN(group.getID()), mods); try { modifyRequest.addControl( Loading @@ -695,12 +623,19 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO } try { return getGroup(newGroup.getID()); if (withActivate) { return new ActivatedGroup(getGroup(group.getID())); } else { return getGroup(group.getID()); } } catch (GroupNotFoundException e) { throw new RuntimeException( "BUG: modified group not found (" + groupDN + ")"); "BUG: modified group not found (" + group.getID() + ")"); } } Loading projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java +0 −9 Original line number Diff line number Diff line Loading @@ -457,15 +457,6 @@ public class LdapGroupDAOTest public Object run() throws Exception { getGroupDAO().addGroup(new Group(groupID, daoTestUser1)); // try // { // getGroupDAO().modifyGroup(new Group(groupID, unknownUser)); // fail("modifyGroup with unknown user should throw " + // "UserNotFoundException"); // } // catch (UserNotFoundException ignore) {} try { getGroupDAO().modifyGroup(new Group("foo", daoTestUser1)); Loading projects/cadcAccessControl/src/ca/nrc/cadc/ac/ActivatedGroup.java +9 −10 Original line number Diff line number Diff line Loading @@ -68,19 +68,18 @@ */ package ca.nrc.cadc.ac; import java.security.Principal; public class ActivatedGroup extends Group { public ActivatedGroup(String groupID) public ActivatedGroup(Group group) { super(groupID); super(group.getID(), group.getOwner()); this.description = group.description; this.properties = group.getProperties(); this.lastModified = group.lastModified; this.getUserMembers().addAll(group.getUserMembers()); this.getGroupMembers().addAll(group.getGroupMembers()); this.getUserAdmins().addAll(group.getUserAdmins()); this.getGroupAdmins().addAll(group.getGroupAdmins()); } public ActivatedGroup(String groupID, User<? extends Principal> owner) { super(groupID, owner); } } Loading
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java +116 −181 Original line number Diff line number Diff line Loading @@ -162,10 +162,14 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO "Support for groups properties not available"); } Group inactiveGroup = getInactiveGroup(group); if (inactiveGroup != null) try { getInactiveGroup(group); return reactivateGroup(group); } catch (GroupNotFoundException e) { return reactiveGroup(group, inactiveGroup); // ignore } DN ownerDN = userPersist.getUserDN(group.getOwner()); Loading Loading @@ -247,11 +251,14 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO } private Group getInactiveGroup(final Group group) throws AccessControlException, UserNotFoundException, LDAPException throws AccessControlException, UserNotFoundException, GroupNotFoundException { Group inactiveGroup = getInactiveGroup(getGroupDN(group.getID()).toNormalizedString(), group.getID()); Group inactiveGroup; try { inactiveGroup = getInactiveGroup(getGroupDN(group.getID()) .toNormalizedString(), group.getID()); if (inactiveGroup == null) { Loading @@ -270,22 +277,29 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO if (inactiveAdminGroup == null) { throw new RuntimeException("BUG: adminGroup not found for group " + group.getID()); throw new RuntimeException( "BUG: adminGroup not found for group " + group.getID()); } if (!group.getOwner().equals(inactiveAdminGroup.getOwner())) { throw new RuntimeException("Bug: adminGroup owner doesn't match " + "group owner for group " + group.getID()); throw new RuntimeException( "Bug: adminGroup owner doesn't match " + "group owner for group " + group.getID()); } return inactiveGroup; } catch (LDAPException e) { // TODO Auto-generated catch block throw new RuntimeException("BUG: LDAP Exception: ", e); } } private Group getInactiveGroup(final String groupDN, final String groupID) throws UserNotFoundException, LDAPException throws UserNotFoundException, LDAPException, GroupNotFoundException { Filter filter = Filter.createANDFilter( Filter.createEqualityFilter("cn", groupID), Loading @@ -306,7 +320,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO { String msg = "Inactive Group not found " + groupID; logger.debug(msg); return null; throw new GroupNotFoundException(msg); } String groupCN = searchResult.getAttributeValue("cn"); Loading @@ -317,35 +331,12 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO return new Group(groupCN, owner); } private Group reactiveGroup(final Group newGroup, final Group inactiveGroup) throws UserNotFoundException, LDAPException, TransientException private Group reactivateGroup(final Group group) throws UserNotFoundException, LDAPException, TransientException, AccessControlException, GroupNotFoundException { Group group = reactiveGroup(getGroupDN(newGroup.getID()), newGroup, inactiveGroup); Group adminGroup = reactiveGroup(getGroupDN(newGroup.getID()), newGroup, inactiveGroup); return group; return modifyGroup(group, true); } private Group reactiveGroup(final DN groupDN, final Group newGroup, final Group inactiveGroup) throws UserNotFoundException, LDAPException, TransientException { List<Modification> mods = new ArrayList<Modification>(); mods.add(new Modification(ModificationType.DELETE, "nsaccountlock")); Group modifiedGroup = modifyGroup(groupDN, newGroup, inactiveGroup, mods); Group activatedGroup = new ActivatedGroup(modifiedGroup.getID(), modifiedGroup.getOwner()); activatedGroup.description = modifiedGroup.description; activatedGroup.getProperties().addAll(modifiedGroup.getProperties()); activatedGroup.getGroupMembers().addAll(modifiedGroup.getGroupMembers()); activatedGroup.getUserMembers().addAll(modifiedGroup.getUserMembers()); activatedGroup.getGroupAdmins().addAll(modifiedGroup.getGroupAdmins()); activatedGroup.getUserAdmins().addAll(modifiedGroup.getUserAdmins()); return activatedGroup; } /** * Get the group with the given Group ID. Loading Loading @@ -504,7 +495,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO /** * Modify the given group. * * @param group The group to update. * @param group The group to update. It must be an existing group * * @return The newly updated group. * Loading @@ -517,58 +508,49 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO throws GroupNotFoundException, TransientException, AccessControlException, UserNotFoundException { DN groupDN = getGroupDN(group.getID()); Group oldGroup = getGroup(groupDN, group.getID(), true); Group newGroup = modifyGroup(groupDN, group, oldGroup, null); DN adminGroupDN = getAdminGroupDN(group.getID()); Group oldAdminGroup = getGroup(adminGroupDN, group.getID(), true); Group newAdminGroup = modifyGroup(adminGroupDN, group, oldAdminGroup, null); newGroup.getGroupAdmins().addAll(newAdminGroup.getGroupAdmins()); newGroup.getUserAdmins().addAll(newAdminGroup.getUserAdmins()); return newGroup; return modifyGroup(group, false); } private Group modifyGroup(final DN groupDN, final Group newGroup, final Group oldGroup, final List<Modification> modifications) private Group modifyGroup(final Group group, boolean withActivate) throws UserNotFoundException, TransientException, AccessControlException AccessControlException, GroupNotFoundException { if (!newGroup.getProperties().isEmpty()) if (!group.getProperties().isEmpty()) { throw new UnsupportedOperationException( "Support for groups properties not available"); } List<Modification> mods = new ArrayList<Modification>(); if (modifications != null) // check if group exists if (withActivate) { mods.addAll(modifications); getInactiveGroup(group); } else { getGroup(group.getID()); } if (newGroup.description == null && oldGroup.description != null) List<Modification> mods = new ArrayList<Modification>(); List<Modification> adminMods = new ArrayList<Modification>(); if (withActivate) { mods.add(new Modification(ModificationType.DELETE, "description")); mods.add(new Modification(ModificationType.DELETE, "nsaccountlock")); adminMods.add(new Modification(ModificationType.DELETE, "nsaccountlock")); } else if (newGroup.description != null && oldGroup.description == null) if (group.description == null) { mods.add(new Modification(ModificationType.ADD, "description", newGroup.description)); mods.add(new Modification(ModificationType.REPLACE, "description")); } else if (newGroup.description != null && oldGroup.description != null) else { mods.add(new Modification(ModificationType.REPLACE, "description", newGroup.description)); mods.add(new Modification(ModificationType.REPLACE, "description", group.description)); } List<String> newMembers = new ArrayList<String>(); for (User<?> member : newGroup.getUserMembers()) { if (!oldGroup.getUserMembers().remove(member)) for (User<?> member : group.getUserMembers()) { DN memberDN; try Loading @@ -577,29 +559,18 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO } catch (LDAPException e) { throw new UserNotFoundException( "User not found " + member.getUserID()); throw new UserNotFoundException("User not found " + member.getUserID()); } newMembers.add(memberDN.toNormalizedString()); } } for (Group gr : newGroup.getGroupMembers()) { if (gr.equals(newGroup)) { throw new IllegalArgumentException( "cyclical reference from group member to group"); } if (!oldGroup.getGroupMembers().remove(gr)) for (Group gr : group.getGroupMembers()) { DN grDN = getGroupDN(gr.getID()); newMembers.add(grDN.toNormalizedString()); } } for (User<?> member : newGroup.getUserAdmins()) { if (!oldGroup.getUserAdmins().remove(member)) List<String> newAdmins = new ArrayList<String>(); for (User<?> member : group.getUserAdmins()) { DN memberDN; try Loading @@ -611,77 +582,34 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO throw new UserNotFoundException( "User not found " + member.getUserID()); } newMembers.add(memberDN.toNormalizedString()); } newAdmins.add(memberDN.toNormalizedString()); } for (Group gr : newGroup.getGroupAdmins()) { if (gr.equals(newGroup)) { throw new IllegalArgumentException( "cyclical reference from group member to group"); } if (!oldGroup.getGroupAdmins().remove(gr)) for (Group gr : group.getGroupAdmins()) { DN grDN = getGroupDN(gr.getID()); newMembers.add(grDN.toNormalizedString()); } } if (!newMembers.isEmpty()) { mods.add(new Modification(ModificationType.ADD, "uniquemember", mods.add(new Modification(ModificationType.REPLACE, "uniquemember", (String[]) newMembers.toArray(new String[newMembers.size()]))); } adminMods.add(new Modification(ModificationType.REPLACE, "uniquemember", (String[]) newAdmins.toArray(new String[newAdmins.size()]))); List<String> delMembers = new ArrayList<String>(); for (User<?> member : oldGroup.getUserMembers()) { DN memberDN; try { memberDN = this.userPersist.getUserDN(member); } catch (LDAPException e) { throw new UserNotFoundException( "User not found " + member.getUserID()); } delMembers.add(memberDN.toNormalizedString()); } for (Group gr : oldGroup.getGroupMembers()) { DN grDN = getGroupDN(gr.getID()); delMembers.add(grDN.toNormalizedString()); } for (User<?> member : oldGroup.getUserAdmins()) { DN memberDN; // modify admin group first ModifyRequest modifyRequest = new ModifyRequest(getAdminGroupDN(group.getID()), adminMods); try { memberDN = this.userPersist.getUserDN(member); } catch (LDAPException e) { throw new UserNotFoundException( "User not found " + member.getUserID()); } delMembers.add(memberDN.toNormalizedString()); } for (Group gr : oldGroup.getGroupAdmins()) { DN grDN = getGroupDN(gr.getID()); delMembers.add(grDN.toNormalizedString()); modifyRequest.addControl( new ProxiedAuthorizationV2RequestControl( "dn:" + getSubjectDN().toNormalizedString())); LDAPResult result = getConnection().modify(modifyRequest); } if (!delMembers.isEmpty()) catch (LDAPException e1) { mods.add(new Modification(ModificationType.DELETE, "uniquemember", (String[]) delMembers.toArray(new String[delMembers.size()]))); throw new RuntimeException("LDAP problem", e1); } ModifyRequest modifyRequest = new ModifyRequest(groupDN, mods); // modify the group itself now modifyRequest = new ModifyRequest(getGroupDN(group.getID()), mods); try { modifyRequest.addControl( Loading @@ -695,12 +623,19 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO } try { return getGroup(newGroup.getID()); if (withActivate) { return new ActivatedGroup(getGroup(group.getID())); } else { return getGroup(group.getID()); } } catch (GroupNotFoundException e) { throw new RuntimeException( "BUG: modified group not found (" + groupDN + ")"); "BUG: modified group not found (" + group.getID() + ")"); } } Loading
projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java +0 −9 Original line number Diff line number Diff line Loading @@ -457,15 +457,6 @@ public class LdapGroupDAOTest public Object run() throws Exception { getGroupDAO().addGroup(new Group(groupID, daoTestUser1)); // try // { // getGroupDAO().modifyGroup(new Group(groupID, unknownUser)); // fail("modifyGroup with unknown user should throw " + // "UserNotFoundException"); // } // catch (UserNotFoundException ignore) {} try { getGroupDAO().modifyGroup(new Group("foo", daoTestUser1)); Loading
projects/cadcAccessControl/src/ca/nrc/cadc/ac/ActivatedGroup.java +9 −10 Original line number Diff line number Diff line Loading @@ -68,19 +68,18 @@ */ package ca.nrc.cadc.ac; import java.security.Principal; public class ActivatedGroup extends Group { public ActivatedGroup(String groupID) public ActivatedGroup(Group group) { super(groupID); super(group.getID(), group.getOwner()); this.description = group.description; this.properties = group.getProperties(); this.lastModified = group.lastModified; this.getUserMembers().addAll(group.getUserMembers()); this.getGroupMembers().addAll(group.getGroupMembers()); this.getUserAdmins().addAll(group.getUserAdmins()); this.getGroupAdmins().addAll(group.getGroupAdmins()); } public ActivatedGroup(String groupID, User<? extends Principal> owner) { super(groupID, owner); } }
