Loading cadc-access-control-admin/src/main/java/ca/nrc/cadc/ac/admin/AbstractCommand.java +0 −1 Original line number Diff line number Diff line Loading @@ -89,7 +89,6 @@ public abstract class AbstractCommand implements PrivilegedAction<Object> private UserPersistence userPersistence; protected abstract void doRun() throws AccessControlException, TransientException; Loading cadc-access-control-admin/src/main/java/ca/nrc/cadc/ac/admin/CommandRunner.java +7 −45 Original line number Diff line number Diff line Loading @@ -78,11 +78,8 @@ import org.apache.log4j.Logger; import ca.nrc.cadc.ac.UserNotFoundException; import ca.nrc.cadc.ac.server.UserPersistence; import ca.nrc.cadc.auth.AuthenticationUtil; import ca.nrc.cadc.auth.DelegationToken; import ca.nrc.cadc.auth.PrincipalExtractor; import ca.nrc.cadc.auth.SSOCookieCredential; import ca.nrc.cadc.auth.X509CertificateChain; import ca.nrc.cadc.auth.AuthMethod; import ca.nrc.cadc.auth.HttpPrincipal; import ca.nrc.cadc.net.TransientException; Loading Loading @@ -116,6 +113,7 @@ public class CommandRunner { Principal userIDPrincipal = ((AbstractUserCommand) command).getPrincipal(); operatorSubject.getPrincipals().add(userIDPrincipal); operatorSubject.getPublicCredentials().add(AuthMethod.PASSWORD); } else { Loading @@ -130,48 +128,12 @@ public class CommandRunner throw new IllegalArgumentException("Certificate required"); operatorSubject.getPrincipals().addAll(subjectFromCert.getPrincipals()); operatorSubject.getPrincipals().add(new HttpPrincipal("authorizedUser")); operatorSubject.getPublicCredentials().addAll(subjectFromCert.getPublicCredentials()); operatorSubject.getPublicCredentials().add(AuthMethod.CERT); } // run as the user AnonPrincipalExtractor principalExtractor = new AnonPrincipalExtractor(operatorSubject); Subject subject = AuthenticationUtil.getSubject(principalExtractor); LOGGER.debug("running as: " + subject); Subject.doAs(subject, command); } class AnonPrincipalExtractor implements PrincipalExtractor { Subject s; AnonPrincipalExtractor(Subject s) { this.s = s; } public Set<Principal> getPrincipals() { return s.getPrincipals(); } public X509CertificateChain getCertificateChain() { LOGGER.debug("getCerfiticateChain called"); for (Object o : s.getPublicCredentials()) { if (o instanceof X509CertificateChain) { LOGGER.debug("returning certificate chain."); return (X509CertificateChain) o; } } return null; } public DelegationToken getDelegationToken() { return null; } public SSOCookieCredential getSSOCookieCredential() { return null; } LOGGER.debug("running as: " + operatorSubject); Subject.doAs(operatorSubject, command); } } cadc-access-control-admin/src/main/java/ca/nrc/cadc/ac/admin/ListUserRequests.java +1 −0 Original line number Diff line number Diff line Loading @@ -92,4 +92,5 @@ public class ListUserRequests extends AbstractListUsers { return this.getUserPersistence().getUserRequests(); } } cadc-access-control-admin/src/main/java/ca/nrc/cadc/ac/admin/ListUsers.java +1 −0 Original line number Diff line number Diff line Loading @@ -92,4 +92,5 @@ public class ListUsers extends AbstractListUsers { return this.getUserPersistence().getUsers(); } } cadc-access-control-admin/src/main/java/ca/nrc/cadc/ac/admin/ViewUser.java +1 −1 Original line number Diff line number Diff line Loading @@ -106,7 +106,7 @@ public class ViewUser extends AbstractUserCommand User user = this.getUserPersistence().getUser(this.getPrincipal()); this.printUser(user); } catch (UserNotFoundException e) catch (AccessControlException | UserNotFoundException e) { // Not in the main tree, try the pending tree User user = this.getUserPersistence().getUserRequest(this.getPrincipal()); Loading cadc-access-control-admin/src/main/java/ca/nrc/cadc/ac/admin/RejectUser.java +5 −5 File changed.Contains only whitespace changes. Show changes Loading
cadc-access-control-admin/src/main/java/ca/nrc/cadc/ac/admin/AbstractCommand.java +0 −1 Original line number Diff line number Diff line Loading @@ -89,7 +89,6 @@ public abstract class AbstractCommand implements PrivilegedAction<Object> private UserPersistence userPersistence; protected abstract void doRun() throws AccessControlException, TransientException; Loading
cadc-access-control-admin/src/main/java/ca/nrc/cadc/ac/admin/CommandRunner.java +7 −45 Original line number Diff line number Diff line Loading @@ -78,11 +78,8 @@ import org.apache.log4j.Logger; import ca.nrc.cadc.ac.UserNotFoundException; import ca.nrc.cadc.ac.server.UserPersistence; import ca.nrc.cadc.auth.AuthenticationUtil; import ca.nrc.cadc.auth.DelegationToken; import ca.nrc.cadc.auth.PrincipalExtractor; import ca.nrc.cadc.auth.SSOCookieCredential; import ca.nrc.cadc.auth.X509CertificateChain; import ca.nrc.cadc.auth.AuthMethod; import ca.nrc.cadc.auth.HttpPrincipal; import ca.nrc.cadc.net.TransientException; Loading Loading @@ -116,6 +113,7 @@ public class CommandRunner { Principal userIDPrincipal = ((AbstractUserCommand) command).getPrincipal(); operatorSubject.getPrincipals().add(userIDPrincipal); operatorSubject.getPublicCredentials().add(AuthMethod.PASSWORD); } else { Loading @@ -130,48 +128,12 @@ public class CommandRunner throw new IllegalArgumentException("Certificate required"); operatorSubject.getPrincipals().addAll(subjectFromCert.getPrincipals()); operatorSubject.getPrincipals().add(new HttpPrincipal("authorizedUser")); operatorSubject.getPublicCredentials().addAll(subjectFromCert.getPublicCredentials()); operatorSubject.getPublicCredentials().add(AuthMethod.CERT); } // run as the user AnonPrincipalExtractor principalExtractor = new AnonPrincipalExtractor(operatorSubject); Subject subject = AuthenticationUtil.getSubject(principalExtractor); LOGGER.debug("running as: " + subject); Subject.doAs(subject, command); } class AnonPrincipalExtractor implements PrincipalExtractor { Subject s; AnonPrincipalExtractor(Subject s) { this.s = s; } public Set<Principal> getPrincipals() { return s.getPrincipals(); } public X509CertificateChain getCertificateChain() { LOGGER.debug("getCerfiticateChain called"); for (Object o : s.getPublicCredentials()) { if (o instanceof X509CertificateChain) { LOGGER.debug("returning certificate chain."); return (X509CertificateChain) o; } } return null; } public DelegationToken getDelegationToken() { return null; } public SSOCookieCredential getSSOCookieCredential() { return null; } LOGGER.debug("running as: " + operatorSubject); Subject.doAs(operatorSubject, command); } }
cadc-access-control-admin/src/main/java/ca/nrc/cadc/ac/admin/ListUserRequests.java +1 −0 Original line number Diff line number Diff line Loading @@ -92,4 +92,5 @@ public class ListUserRequests extends AbstractListUsers { return this.getUserPersistence().getUserRequests(); } }
cadc-access-control-admin/src/main/java/ca/nrc/cadc/ac/admin/ListUsers.java +1 −0 Original line number Diff line number Diff line Loading @@ -92,4 +92,5 @@ public class ListUsers extends AbstractListUsers { return this.getUserPersistence().getUsers(); } }
cadc-access-control-admin/src/main/java/ca/nrc/cadc/ac/admin/ViewUser.java +1 −1 Original line number Diff line number Diff line Loading @@ -106,7 +106,7 @@ public class ViewUser extends AbstractUserCommand User user = this.getUserPersistence().getUser(this.getPrincipal()); this.printUser(user); } catch (UserNotFoundException e) catch (AccessControlException | UserNotFoundException e) { // Not in the main tree, try the pending tree User user = this.getUserPersistence().getUserRequest(this.getPrincipal()); Loading
cadc-access-control-admin/src/main/java/ca/nrc/cadc/ac/admin/RejectUser.java +5 −5 File changed.Contains only whitespace changes. Show changes
