Loading cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/groups/CreateGroupAction.java +7 −1 Original line number Diff line number Diff line Loading @@ -69,6 +69,7 @@ package ca.nrc.cadc.ac.server.web.groups; import java.io.InputStream; import java.security.Principal; import java.util.ArrayList; import java.util.List; Loading Loading @@ -107,7 +108,12 @@ public class CreateGroupAction extends AbstractGroupAction } for (User usr : group.getUserMembers()) { addedMembers.add(usr.getX500Principal().getName()); Principal p = usr.getHttpPrincipal(); if (p == null) { p = usr.getX500Principal(); } addedMembers.add(p.getName()); } } logGroupInfo(group.getID(), null, addedMembers); Loading cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java +17 −16 Original line number Diff line number Diff line Loading @@ -67,23 +67,25 @@ package ca.nrc.cadc.ac.server.ldap; import ca.nrc.cadc.ac.Group; import ca.nrc.cadc.ac.GroupNotFoundException; import ca.nrc.cadc.ac.GroupProperty; import ca.nrc.cadc.ac.User; import org.apache.log4j.Logger; import org.junit.Assert; import org.junit.Test; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; import javax.security.auth.Subject; import java.security.Principal; import java.security.PrivilegedExceptionAction; import java.util.Collection; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; import javax.security.auth.Subject; import org.apache.log4j.Logger; import org.junit.Assert; import org.junit.Test; import ca.nrc.cadc.ac.Group; import ca.nrc.cadc.ac.GroupNotFoundException; import ca.nrc.cadc.ac.GroupProperty; import ca.nrc.cadc.ac.User; public class LdapGroupDAOTest extends AbstractLdapDAOTest { Loading Loading @@ -156,7 +158,7 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest expectGroup.getUserMembers().add(cadcDaoTest2_User); expectGroup.getUserMembers().add(duplicateIdentity); actualGroup = getGroupDAO().modifyGroup(expectGroup); expectGroup.getUserMembers().remove(duplicateIdentity); //expectGroup.getUserMembers().remove(duplicateIdentity); assertGroupsEqual(expectGroup, actualGroup); expectGroup.getUserMembers().remove(cadcDaoTest2_User); Loading Loading @@ -205,7 +207,7 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest expectGroup.getUserAdmins().add(cadcDaoTest2_User); expectGroup.getUserAdmins().add(duplicateIdentity); actualGroup = getGroupDAO().modifyGroup(expectGroup); expectGroup.getUserAdmins().remove(duplicateIdentity); //expectGroup.getUserAdmins().remove(duplicateIdentity); assertGroupsEqual(expectGroup, actualGroup); // delete the group Loading Loading @@ -443,9 +445,8 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest assertTrue(gr2.getGroupMembers().contains(gr)); } assertEquals(gr1.getUserMembers().size(), gr2.getUserMembers().size()); assertEquals(gr1.getUserMembers(), gr2.getUserMembers()); assertEquals(gr1.getUserMembers().size(), gr2.getUserMembers() .size()); for (User user : gr1.getUserMembers()) { assertTrue(gr2.getUserMembers().contains(user)); Loading cadcAccessControl/src/ca/nrc/cadc/ac/Group.java +18 −17 Original line number Diff line number Diff line Loading @@ -71,6 +71,7 @@ package ca.nrc.cadc.ac; import java.util.Date; import java.util.HashSet; import java.util.Set; import java.util.TreeSet; public class Group { Loading @@ -82,13 +83,13 @@ public class Group protected Set<GroupProperty> properties = new HashSet<GroupProperty>(); // group's user members private Set<User> userMembers = new HashSet<User>(); private Set<User> userMembers = new TreeSet<User>(); // group's group members private Set<Group> groupMembers = new HashSet<Group>(); // group's user admins private Set<User> userAdmins = new HashSet<User>(); private Set<User> userAdmins = new TreeSet<User>(); // group's group admins private Set<Group> groupAdmins = new HashSet<Group>(); Loading cadcAccessControl/src/ca/nrc/cadc/ac/InternalID.java +36 −0 Original line number Diff line number Diff line Loading @@ -94,10 +94,46 @@ public class InternalID throw new IllegalArgumentException("uri is null"); } if (uri.getFragment() != null) { throw new IllegalArgumentException("fragment not allowed"); } this.uri = uri; uuid = UUID.fromString(uri.getQuery()); } /** * Ctor * @param uri unique identifier * @param id The uuid of the identifier */ public InternalID(URI uri, UUID id) { if (uri == null) { throw new IllegalArgumentException("uri is null"); } if (id == null) { throw new IllegalArgumentException("id is null"); } if (uri.getQuery() != null) { throw new IllegalArgumentException("query not allowed in base uri"); } if (uri.getFragment() != null) { throw new IllegalArgumentException("fragment not allowed"); } this.uri = URI.create(uri.toASCIIString() + "?" + id.toString()); this.uuid = id; } public URI getURI() { return uri; Loading cadcAccessControl/src/ca/nrc/cadc/ac/User.java +124 −98 Original line number Diff line number Diff line Loading @@ -68,25 +68,23 @@ */ package ca.nrc.cadc.ac; import java.io.PrintWriter; import java.security.Principal; import java.util.Comparator; import java.util.Date; import java.util.HashSet; import java.util.Set; import java.util.SortedSet; import java.util.TreeSet; import ca.nrc.cadc.auth.HttpPrincipal; import javax.security.auth.x500.X500Principal; public class User import ca.nrc.cadc.auth.AuthenticationUtil; import ca.nrc.cadc.auth.HttpPrincipal; public class User implements Comparable<User> { // How on God's green earth is this used? Where is it set? // jenkinsd 2016.03.24 private InternalID id; private Set<Principal> identities = new TreeSet<Principal>(new PrincipalComparator()); private SortedSet<Principal> identities = new TreeSet<Principal>(new PrincipalComparator()); public PersonalDetails personalDetails; public PosixDetails posixDetails; Loading Loading @@ -120,15 +118,12 @@ public class User */ public <S extends Principal> Set<S> getIdentities(final Class<S> identityClass) { final Set<S> matchedIdentities = new HashSet<S>(); final Set<S> matchedIdentities = new TreeSet<S>(new PrincipalComparator()); for (final Principal p : identities) { if (p.getClass() == identityClass) if (identityClass.isAssignableFrom(p.getClass())) { // This casting shouldn't happen, but it's the only way to // do this without a lot of work. // jenkinsd 2014.09.26 matchedIdentities.add((S) p); } } Loading @@ -146,11 +141,18 @@ public class User return null; } /** * @deprecated */ public X500Principal getX500Principal() { final Set<X500Principal> identities = getIdentities(X500Principal.class); return identities.isEmpty() ? null : identities.iterator().next(); if (!identities.isEmpty()) { return identities.iterator().next(); } return null; } Loading @@ -158,90 +160,104 @@ public class User * A User is considered consistent if the User's set of identities are a superset * of this Users set of identities. * * @param other * @param superset * @return */ public boolean isConsistent(final User other) public boolean isConsistent(final User superset) { if (other == null) if (superset == null) { return false; } for (Principal identity: getIdentities()) { boolean found = false; for (Principal op: other.getIdentities()) { if (op.equals(identity)) { found = true; break; } } if (!found) if (this.identities.isEmpty() || superset.identities.isEmpty()) { return false; } } return true; } /* (non-Javadoc) * @see java.lang.Object#hashCode() */ @Override public int hashCode() { int prime = 31; int result = 1; if (id != null) { result = prime * result + id.hashCode(); } else { for (Principal principal : getIdentities()) { result = prime * result + principal.hashCode(); } } return result; return superset.getIdentities().containsAll(this.getIdentities()); // // could be improved because both sets are ordered // for (Principal identity: getIdentities()) // { // boolean found = false; // for (Principal op: superset.getIdentities()) // { // if (AuthenticationUtil.equals(op, identity)) // { // found = true; // break; // } // } // if (!found) // { // return false; // } // } // return true; } // /* (non-Javadoc) // * @see java.lang.Object#hashCode() // */ // @Override // public int hashCode() // { // int prime = 31; // int result = 1; // if (id != null) // { // result = prime * result + id.hashCode(); // } // else // { // for (Principal principal : getIdentities()) // { // result = prime * result + principal.hashCode(); // } // } // return result; // } /* (non-Javadoc) * @see java.lang.Object#equals(java.lang.Object) */ @Override public boolean equals(Object obj) { if (this == obj) { return true; } if (obj == null) { return false; } if (!(obj instanceof User)) { return false; } User other = (User) obj; if (this.id == null && other.id == null) { return isConsistent(other); } if ((this.id == null && other.id != null) || (this.id != null && other.id == null)) { return false; } if (id.equals(other.id)) if (obj instanceof User) { return true; User user = (User) obj; return (this.isConsistent(user) || user.isConsistent(this)); } return false; // if (this == obj) // { // return true; // } // if (obj == null) // { // return false; // } // if (!(obj instanceof User)) // { // return false; // } // User other = (User) obj; // if (this.id == null && other.id == null) // { // return isConsistent(other); // } // if ((this.id == null && other.id != null) || // (this.id != null && other.id == null)) // { // return false; // } // if (id.equals(other.id)) // { // return true; // } // return false; } @Override Loading @@ -263,32 +279,42 @@ public class User @Override public int compare(Principal o1, Principal o2) { int ret = -1; if (o1 == null && o2 == null) if (o1 == null || o2 == null) { ret = 0; throw new IllegalArgumentException("Cannot compare null objects"); } else if (o1 == null && o2 != null) if (o1 instanceof HttpPrincipal && o2 instanceof HttpPrincipal) { ret = 1; return 0; } else if (o1 != null && o2 == null) { ret = -1; return AuthenticationUtil.compare(o1, o2); } else if (o1 instanceof HttpPrincipal && o2 instanceof HttpPrincipal) { ret = 0; } else if (o1.getClass() == o2.getClass()) @Override public int compareTo(User other) { if (o1.getName().equals(o2.getName())) if (other == null) { ret = 0; throw new IllegalArgumentException("Cannot compare null objects"); } if (this.getIdentities().isEmpty() || other.getIdentities().isEmpty()) { throw new IllegalArgumentException("Users need identities for comparison."); } return ret; if (this.isConsistent(other) || other.isConsistent(this)) { return 0; } // compare the first pricipals in the order set Principal p1 = this.getIdentities().iterator().next(); Principal p2 = other.getIdentities().iterator().next(); return AuthenticationUtil.compare(p1, p2); } } Loading
cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/groups/CreateGroupAction.java +7 −1 Original line number Diff line number Diff line Loading @@ -69,6 +69,7 @@ package ca.nrc.cadc.ac.server.web.groups; import java.io.InputStream; import java.security.Principal; import java.util.ArrayList; import java.util.List; Loading Loading @@ -107,7 +108,12 @@ public class CreateGroupAction extends AbstractGroupAction } for (User usr : group.getUserMembers()) { addedMembers.add(usr.getX500Principal().getName()); Principal p = usr.getHttpPrincipal(); if (p == null) { p = usr.getX500Principal(); } addedMembers.add(p.getName()); } } logGroupInfo(group.getID(), null, addedMembers); Loading
cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java +17 −16 Original line number Diff line number Diff line Loading @@ -67,23 +67,25 @@ package ca.nrc.cadc.ac.server.ldap; import ca.nrc.cadc.ac.Group; import ca.nrc.cadc.ac.GroupNotFoundException; import ca.nrc.cadc.ac.GroupProperty; import ca.nrc.cadc.ac.User; import org.apache.log4j.Logger; import org.junit.Assert; import org.junit.Test; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; import javax.security.auth.Subject; import java.security.Principal; import java.security.PrivilegedExceptionAction; import java.util.Collection; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; import javax.security.auth.Subject; import org.apache.log4j.Logger; import org.junit.Assert; import org.junit.Test; import ca.nrc.cadc.ac.Group; import ca.nrc.cadc.ac.GroupNotFoundException; import ca.nrc.cadc.ac.GroupProperty; import ca.nrc.cadc.ac.User; public class LdapGroupDAOTest extends AbstractLdapDAOTest { Loading Loading @@ -156,7 +158,7 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest expectGroup.getUserMembers().add(cadcDaoTest2_User); expectGroup.getUserMembers().add(duplicateIdentity); actualGroup = getGroupDAO().modifyGroup(expectGroup); expectGroup.getUserMembers().remove(duplicateIdentity); //expectGroup.getUserMembers().remove(duplicateIdentity); assertGroupsEqual(expectGroup, actualGroup); expectGroup.getUserMembers().remove(cadcDaoTest2_User); Loading Loading @@ -205,7 +207,7 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest expectGroup.getUserAdmins().add(cadcDaoTest2_User); expectGroup.getUserAdmins().add(duplicateIdentity); actualGroup = getGroupDAO().modifyGroup(expectGroup); expectGroup.getUserAdmins().remove(duplicateIdentity); //expectGroup.getUserAdmins().remove(duplicateIdentity); assertGroupsEqual(expectGroup, actualGroup); // delete the group Loading Loading @@ -443,9 +445,8 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest assertTrue(gr2.getGroupMembers().contains(gr)); } assertEquals(gr1.getUserMembers().size(), gr2.getUserMembers().size()); assertEquals(gr1.getUserMembers(), gr2.getUserMembers()); assertEquals(gr1.getUserMembers().size(), gr2.getUserMembers() .size()); for (User user : gr1.getUserMembers()) { assertTrue(gr2.getUserMembers().contains(user)); Loading
cadcAccessControl/src/ca/nrc/cadc/ac/Group.java +18 −17 Original line number Diff line number Diff line Loading @@ -71,6 +71,7 @@ package ca.nrc.cadc.ac; import java.util.Date; import java.util.HashSet; import java.util.Set; import java.util.TreeSet; public class Group { Loading @@ -82,13 +83,13 @@ public class Group protected Set<GroupProperty> properties = new HashSet<GroupProperty>(); // group's user members private Set<User> userMembers = new HashSet<User>(); private Set<User> userMembers = new TreeSet<User>(); // group's group members private Set<Group> groupMembers = new HashSet<Group>(); // group's user admins private Set<User> userAdmins = new HashSet<User>(); private Set<User> userAdmins = new TreeSet<User>(); // group's group admins private Set<Group> groupAdmins = new HashSet<Group>(); Loading
cadcAccessControl/src/ca/nrc/cadc/ac/InternalID.java +36 −0 Original line number Diff line number Diff line Loading @@ -94,10 +94,46 @@ public class InternalID throw new IllegalArgumentException("uri is null"); } if (uri.getFragment() != null) { throw new IllegalArgumentException("fragment not allowed"); } this.uri = uri; uuid = UUID.fromString(uri.getQuery()); } /** * Ctor * @param uri unique identifier * @param id The uuid of the identifier */ public InternalID(URI uri, UUID id) { if (uri == null) { throw new IllegalArgumentException("uri is null"); } if (id == null) { throw new IllegalArgumentException("id is null"); } if (uri.getQuery() != null) { throw new IllegalArgumentException("query not allowed in base uri"); } if (uri.getFragment() != null) { throw new IllegalArgumentException("fragment not allowed"); } this.uri = URI.create(uri.toASCIIString() + "?" + id.toString()); this.uuid = id; } public URI getURI() { return uri; Loading
cadcAccessControl/src/ca/nrc/cadc/ac/User.java +124 −98 Original line number Diff line number Diff line Loading @@ -68,25 +68,23 @@ */ package ca.nrc.cadc.ac; import java.io.PrintWriter; import java.security.Principal; import java.util.Comparator; import java.util.Date; import java.util.HashSet; import java.util.Set; import java.util.SortedSet; import java.util.TreeSet; import ca.nrc.cadc.auth.HttpPrincipal; import javax.security.auth.x500.X500Principal; public class User import ca.nrc.cadc.auth.AuthenticationUtil; import ca.nrc.cadc.auth.HttpPrincipal; public class User implements Comparable<User> { // How on God's green earth is this used? Where is it set? // jenkinsd 2016.03.24 private InternalID id; private Set<Principal> identities = new TreeSet<Principal>(new PrincipalComparator()); private SortedSet<Principal> identities = new TreeSet<Principal>(new PrincipalComparator()); public PersonalDetails personalDetails; public PosixDetails posixDetails; Loading Loading @@ -120,15 +118,12 @@ public class User */ public <S extends Principal> Set<S> getIdentities(final Class<S> identityClass) { final Set<S> matchedIdentities = new HashSet<S>(); final Set<S> matchedIdentities = new TreeSet<S>(new PrincipalComparator()); for (final Principal p : identities) { if (p.getClass() == identityClass) if (identityClass.isAssignableFrom(p.getClass())) { // This casting shouldn't happen, but it's the only way to // do this without a lot of work. // jenkinsd 2014.09.26 matchedIdentities.add((S) p); } } Loading @@ -146,11 +141,18 @@ public class User return null; } /** * @deprecated */ public X500Principal getX500Principal() { final Set<X500Principal> identities = getIdentities(X500Principal.class); return identities.isEmpty() ? null : identities.iterator().next(); if (!identities.isEmpty()) { return identities.iterator().next(); } return null; } Loading @@ -158,90 +160,104 @@ public class User * A User is considered consistent if the User's set of identities are a superset * of this Users set of identities. * * @param other * @param superset * @return */ public boolean isConsistent(final User other) public boolean isConsistent(final User superset) { if (other == null) if (superset == null) { return false; } for (Principal identity: getIdentities()) { boolean found = false; for (Principal op: other.getIdentities()) { if (op.equals(identity)) { found = true; break; } } if (!found) if (this.identities.isEmpty() || superset.identities.isEmpty()) { return false; } } return true; } /* (non-Javadoc) * @see java.lang.Object#hashCode() */ @Override public int hashCode() { int prime = 31; int result = 1; if (id != null) { result = prime * result + id.hashCode(); } else { for (Principal principal : getIdentities()) { result = prime * result + principal.hashCode(); } } return result; return superset.getIdentities().containsAll(this.getIdentities()); // // could be improved because both sets are ordered // for (Principal identity: getIdentities()) // { // boolean found = false; // for (Principal op: superset.getIdentities()) // { // if (AuthenticationUtil.equals(op, identity)) // { // found = true; // break; // } // } // if (!found) // { // return false; // } // } // return true; } // /* (non-Javadoc) // * @see java.lang.Object#hashCode() // */ // @Override // public int hashCode() // { // int prime = 31; // int result = 1; // if (id != null) // { // result = prime * result + id.hashCode(); // } // else // { // for (Principal principal : getIdentities()) // { // result = prime * result + principal.hashCode(); // } // } // return result; // } /* (non-Javadoc) * @see java.lang.Object#equals(java.lang.Object) */ @Override public boolean equals(Object obj) { if (this == obj) { return true; } if (obj == null) { return false; } if (!(obj instanceof User)) { return false; } User other = (User) obj; if (this.id == null && other.id == null) { return isConsistent(other); } if ((this.id == null && other.id != null) || (this.id != null && other.id == null)) { return false; } if (id.equals(other.id)) if (obj instanceof User) { return true; User user = (User) obj; return (this.isConsistent(user) || user.isConsistent(this)); } return false; // if (this == obj) // { // return true; // } // if (obj == null) // { // return false; // } // if (!(obj instanceof User)) // { // return false; // } // User other = (User) obj; // if (this.id == null && other.id == null) // { // return isConsistent(other); // } // if ((this.id == null && other.id != null) || // (this.id != null && other.id == null)) // { // return false; // } // if (id.equals(other.id)) // { // return true; // } // return false; } @Override Loading @@ -263,32 +279,42 @@ public class User @Override public int compare(Principal o1, Principal o2) { int ret = -1; if (o1 == null && o2 == null) if (o1 == null || o2 == null) { ret = 0; throw new IllegalArgumentException("Cannot compare null objects"); } else if (o1 == null && o2 != null) if (o1 instanceof HttpPrincipal && o2 instanceof HttpPrincipal) { ret = 1; return 0; } else if (o1 != null && o2 == null) { ret = -1; return AuthenticationUtil.compare(o1, o2); } else if (o1 instanceof HttpPrincipal && o2 instanceof HttpPrincipal) { ret = 0; } else if (o1.getClass() == o2.getClass()) @Override public int compareTo(User other) { if (o1.getName().equals(o2.getName())) if (other == null) { ret = 0; throw new IllegalArgumentException("Cannot compare null objects"); } if (this.getIdentities().isEmpty() || other.getIdentities().isEmpty()) { throw new IllegalArgumentException("Users need identities for comparison."); } return ret; if (this.isConsistent(other) || other.isConsistent(this)) { return 0; } // compare the first pricipals in the order set Principal p1 = this.getIdentities().iterator().next(); Principal p2 = other.getIdentities().iterator().next(); return AuthenticationUtil.compare(p1, p2); } }
