Commit 87db79f4 authored by Brian Major's avatar Brian Major
Browse files

Modifications to credentials provided when running the ac admin tool.

parent 6d723106
......@@ -89,7 +89,6 @@ public abstract class AbstractCommand implements PrivilegedAction<Object>
private UserPersistence userPersistence;
protected abstract void doRun()
throws AccessControlException, TransientException;
......
......@@ -78,11 +78,8 @@ import org.apache.log4j.Logger;
import ca.nrc.cadc.ac.UserNotFoundException;
import ca.nrc.cadc.ac.server.UserPersistence;
import ca.nrc.cadc.auth.AuthenticationUtil;
import ca.nrc.cadc.auth.DelegationToken;
import ca.nrc.cadc.auth.PrincipalExtractor;
import ca.nrc.cadc.auth.SSOCookieCredential;
import ca.nrc.cadc.auth.X509CertificateChain;
import ca.nrc.cadc.auth.AuthMethod;
import ca.nrc.cadc.auth.HttpPrincipal;
import ca.nrc.cadc.net.TransientException;
......@@ -116,6 +113,7 @@ public class CommandRunner
{
Principal userIDPrincipal = ((AbstractUserCommand) command).getPrincipal();
operatorSubject.getPrincipals().add(userIDPrincipal);
operatorSubject.getPublicCredentials().add(AuthMethod.PASSWORD);
}
else
{
......@@ -130,48 +128,12 @@ public class CommandRunner
throw new IllegalArgumentException("Certificate required");
operatorSubject.getPrincipals().addAll(subjectFromCert.getPrincipals());
operatorSubject.getPrincipals().add(new HttpPrincipal("authorizedUser"));
operatorSubject.getPublicCredentials().addAll(subjectFromCert.getPublicCredentials());
operatorSubject.getPublicCredentials().add(AuthMethod.CERT);
}
// run as the user
AnonPrincipalExtractor principalExtractor = new AnonPrincipalExtractor(operatorSubject);
Subject subject = AuthenticationUtil.getSubject(principalExtractor);
LOGGER.debug("running as: " + subject);
Subject.doAs(subject, command);
}
class AnonPrincipalExtractor implements PrincipalExtractor
{
Subject s;
AnonPrincipalExtractor(Subject s)
{
this.s = s;
}
public Set<Principal> getPrincipals()
{
return s.getPrincipals();
}
public X509CertificateChain getCertificateChain()
{
LOGGER.debug("getCerfiticateChain called");
for (Object o : s.getPublicCredentials())
{
if (o instanceof X509CertificateChain)
{
LOGGER.debug("returning certificate chain.");
return (X509CertificateChain) o;
}
}
return null;
}
public DelegationToken getDelegationToken()
{
return null;
}
public SSOCookieCredential getSSOCookieCredential()
{
return null;
}
LOGGER.debug("running as: " + operatorSubject);
Subject.doAs(operatorSubject, command);
}
}
......@@ -92,4 +92,5 @@ public class ListUserRequests extends AbstractListUsers
{
return this.getUserPersistence().getUserRequests();
}
}
......@@ -92,4 +92,5 @@ public class ListUsers extends AbstractListUsers
{
return this.getUserPersistence().getUsers();
}
}
......@@ -81,10 +81,10 @@ import ca.nrc.cadc.net.TransientException;
* @author yeunga
*
*/
public class RejectUser extends AbstractUserCommand
public class RejectUser extends AbstractUserCommand
{
private static final Logger log = Logger.getLogger(RejectUser.class);
/**
* Constructor
* @param userID Id of the pending user to be deleted
......@@ -93,9 +93,9 @@ public class RejectUser extends AbstractUserCommand
{
super(userID);
}
protected void execute()
throws AccessControlException, UserNotFoundException, TransientException
protected void execute()
throws AccessControlException, UserNotFoundException, TransientException
{
// delete user from the pending tree
this.getUserPersistence().deleteUserRequest(this.getPrincipal());
......
......@@ -106,7 +106,7 @@ public class ViewUser extends AbstractUserCommand
User user = this.getUserPersistence().getUser(this.getPrincipal());
this.printUser(user);
}
catch (UserNotFoundException e)
catch (AccessControlException | UserNotFoundException e)
{
// Not in the main tree, try the pending tree
User user = this.getUserPersistence().getUserRequest(this.getPrincipal());
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment