Loading projects/cadcAccessControl-Server/build.xml +1 −1 Original line number Diff line number Diff line Loading @@ -148,7 +148,7 @@ <pathelement path="${jars}:${testingJars}"/> </classpath> <sysproperty key="ca.nrc.cadc.util.PropertiesReader.dir" value="test"/> <test name="ca.nrc.cadc.ac.server.web.users.GetUserListActionTest" /> <test name="ca.nrc.cadc.ac.server.web.users.GetUserActionTest" /> <formatter type="plain" usefile="false" /> </junit> </target> Loading projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java +24 −59 Original line number Diff line number Diff line Loading @@ -68,20 +68,6 @@ */ package ca.nrc.cadc.ac.server.ldap; import java.security.AccessControlException; import java.security.Principal; import java.util.ArrayList; import java.util.Collection; import java.util.HashMap; import java.util.HashSet; import java.util.List; import java.util.Map; import java.util.Random; import javax.security.auth.x500.X500Principal; import org.apache.log4j.Logger; import ca.nrc.cadc.ac.PersonalDetails; import ca.nrc.cadc.ac.PosixDetails; import ca.nrc.cadc.ac.User; Loading @@ -91,9 +77,7 @@ import ca.nrc.cadc.ac.UserNotFoundException; import ca.nrc.cadc.ac.UserRequest; import ca.nrc.cadc.auth.AuthenticationUtil; import ca.nrc.cadc.auth.HttpPrincipal; import ca.nrc.cadc.auth.NumericPrincipal; import ca.nrc.cadc.net.TransientException; import com.unboundid.ldap.sdk.AddRequest; import com.unboundid.ldap.sdk.Attribute; import com.unboundid.ldap.sdk.BindRequest; Loading @@ -116,6 +100,17 @@ import com.unboundid.ldap.sdk.SimpleBindRequest; import com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV2RequestControl; import com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedRequest; import com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedResult; import org.apache.log4j.Logger; import javax.security.auth.x500.X500Principal; import java.security.AccessControlException; import java.security.Principal; import java.util.ArrayList; import java.util.Collection; import java.util.HashMap; import java.util.HashSet; import java.util.List; import java.util.Map; public class LdapUserDAO<T extends Principal> extends LdapDAO Loading @@ -135,7 +130,6 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO protected static final String LDAP_ENTRYDN = "entrydn"; protected static final String LDAP_COMMON_NAME = "cn"; protected static final String LDAP_DISTINGUISHED_NAME = "distinguishedName"; protected static final String LDAP_NUMERICID = "numericid"; protected static final String LADP_USER_PASSWORD = "userPassword"; protected static final String LDAP_FIRST_NAME = "givenName"; protected static final String LDAP_LAST_NAME = "sn"; Loading @@ -146,12 +140,11 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO protected static final String LDAP_INSTITUTE = "institute"; protected static final String LDAP_UID = "uid"; private String[] userAttribs = new String[] { LDAP_FIRST_NAME, LDAP_LAST_NAME, LDAP_ADDRESS, LDAP_CITY, LDAP_COUNTRY, LDAP_EMAIL, LDAP_INSTITUTE LDAP_EMAIL, LDAP_INSTITUTE, LDAP_UID }; private String[] memberAttribs = new String[] { Loading @@ -163,7 +156,6 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO super(config); this.userLdapAttrib.put(HttpPrincipal.class, LDAP_UID); this.userLdapAttrib.put(X500Principal.class, LDAP_DISTINGUISHED_NAME); this.userLdapAttrib.put(NumericPrincipal.class, LDAP_NUMERICID); // add the id attributes to user and member attributes String[] princs = userLdapAttrib.values() Loading Loading @@ -359,26 +351,17 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO try { // add new user DN userX500DN = getUserRequestsDN(user.getUserID().getName()); List<Attribute> attributes = new ArrayList<Attribute>(); addAttribute(attributes, LDAP_OBJECT_CLASS, LDAP_INET_ORG_PERSON); addAttribute(attributes, LDAP_OBJECT_CLASS, LDAP_INET_USER); addAttribute(attributes, LDAP_OBJECT_CLASS, LDAP_CADC_ACCOUNT); addAttribute(attributes, LDAP_COMMON_NAME, user.getUserID() .getName()); addAttribute(attributes, LADP_USER_PASSWORD, new String(userRequest .getPassword())); addAttribute(attributes, LDAP_NUMERICID, String.valueOf(genNextNumericId())); for (Principal princ : user.getIdentities()) { if (princ instanceof X500Principal) { addAttribute(attributes, LDAP_DISTINGUISHED_NAME, princ.getName()); } } addAttribute(attributes, LDAP_DISTINGUISHED_NAME, userDN .toNormalizedString()); addAttribute(attributes, LADP_USER_PASSWORD, String.valueOf(userRequest.getPassword())); for (UserDetails details : user.details) { if (details.getClass() == PersonalDetails.class) Loading Loading @@ -466,7 +449,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO "Unsupported principal type " + userID.getClass()); } searchField = "(&(objectclass=inetorgperson)(objectclass=cadcaccount)(" + searchField = "(&(objectclass=inetorgperson)(" + searchField + "=" + userID.getName() + "))"; logger.debug(searchField); Loading @@ -476,6 +459,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO SearchRequest searchRequest = new SearchRequest(usersDN, SearchScope.SUB, searchField, userAttribs); if (isSecure(usersDN)) { searchRequest.addControl( Loading @@ -496,17 +480,10 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO logger.debug(msg); throw new UserNotFoundException(msg); } User<T> user = new User<T>(userID); user.getIdentities().add(new HttpPrincipal( searchResult.getAttributeValue( user.getIdentities().add(new HttpPrincipal(searchResult.getAttributeValue( userLdapAttrib.get(HttpPrincipal.class)))); user.getIdentities().add(new NumericPrincipal( searchResult.getAttributeValueAsLong( userLdapAttrib.get(NumericPrincipal.class)))); user.getIdentities().add(new X500Principal( searchResult.getAttributeValue( userLdapAttrib.get(X500Principal.class)))); String fname = searchResult.getAttributeValue(LDAP_FIRST_NAME); String lname = searchResult.getAttributeValue(LDAP_LAST_NAME); PersonalDetails personaDetails = new PersonalDetails(fname, lname); Loading Loading @@ -816,9 +793,10 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO "Unsupported principal type " + userID.getClass()); } User<T> user = getUser(userID); Filter filter = Filter.createANDFilter( Filter.createEqualityFilter(searchField, userID.getName()), user.getUserID().getName()), Filter.createEqualityFilter(LDAP_MEMBEROF, groupID)); SearchRequest searchRequest = Loading Loading @@ -1015,17 +993,4 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO LdapDAO.checkLdapResult(code); } } /** * Method to return a randomly generated user numeric ID. The default * implementation returns a value between 10000 and Integer.MAX_VALUE. * Services that support a different mechanism for generating numeric * IDs overide this method. * @return */ protected int genNextNumericId() { Random rand = new Random(); return rand.nextInt(Integer.MAX_VALUE - 10000) + 10000; } } projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/GetUserAction.java +31 −1 Original line number Diff line number Diff line Loading @@ -67,6 +67,7 @@ ************************************************************************ */package ca.nrc.cadc.ac.server.web.users; import ca.nrc.cadc.ac.PersonalDetails; import ca.nrc.cadc.ac.User; import ca.nrc.cadc.ac.UserNotFoundException; import ca.nrc.cadc.ac.server.UserPersistence; Loading @@ -75,6 +76,7 @@ import java.security.AccessControlContext; import java.security.AccessController; import java.security.Principal; import java.security.PrivilegedExceptionAction; import java.util.Set; import javax.security.auth.Subject; Loading @@ -85,11 +87,13 @@ public class GetUserAction extends AbstractUserAction { private static final Logger log = Logger.getLogger(GetUserAction.class); private final Principal userID; private final String detail; GetUserAction(Principal userID) GetUserAction(Principal userID, String detail) { super(); this.userID = userID; this.detail = detail; } public void doAction() throws Exception Loading Loading @@ -126,6 +130,32 @@ public class GetUserAction extends AbstractUserAction try { user = userPersistence.getUser(principal); if (detail != null) { // Only return user principals if (detail.equals("identity")) { user.details.clear(); } // Only return user profile info, first and last name. else if (detail.equals("display")) { user.getIdentities().clear(); Set<PersonalDetails> details = user.getDetails(PersonalDetails.class); if (details.isEmpty()) { String error = principal.getName() + " missing required PersonalDetails"; throw new IllegalStateException(error); } PersonalDetails pd = details.iterator().next(); user.details.clear(); user.details.add(new PersonalDetails(pd.getFirstName(), pd.getLastName())); } else { throw new IllegalArgumentException("Illegal detail parameter " + detail); } } } catch (UserNotFoundException e) { Loading projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/UserActionFactory.java +6 −6 Original line number Diff line number Diff line Loading @@ -111,7 +111,7 @@ public abstract class UserActionFactory else if (segments.length == 1) { User user = getUser(segments[0], request.getParameter("idType"), path); action = new GetUserAction(user.getUserID()); action = new GetUserAction(user.getUserID(), request.getParameter("detail")); } if (action != null) Loading Loading @@ -234,24 +234,24 @@ public abstract class UserActionFactory { throw new IllegalArgumentException("User endpoint missing idType parameter"); } else if (idType.equalsIgnoreCase(IdentityType.USERNAME.getValue())) else if (idType.equals(IdentityType.USERNAME.getValue())) { return new User<HttpPrincipal>(new HttpPrincipal(userName)); } else if (idType.equalsIgnoreCase(IdentityType.X500.getValue())) else if (idType.equals(IdentityType.X500.getValue())) { return new User<X500Principal>(new X500Principal(userName)); } else if (idType.equalsIgnoreCase(IdentityType.UID.getValue())) else if (idType.equals(IdentityType.UID.getValue())) { return new User<NumericPrincipal>(new NumericPrincipal( Long.parseLong(userName))); } else if (idType.equalsIgnoreCase(IdentityType.OPENID.getValue())) else if (idType.equals(IdentityType.OPENID.getValue())) { return new User<OpenIdPrincipal>(new OpenIdPrincipal(userName)); } else if (idType.equalsIgnoreCase(IdentityType.COOKIE.getValue())) else if (idType.equals(IdentityType.COOKIE.getValue())) { return new User<CookiePrincipal>(new CookiePrincipal(userName)); } Loading projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAOTest.java +26 −75 Original line number Diff line number Diff line Loading @@ -68,49 +68,41 @@ */ package ca.nrc.cadc.ac.server.ldap; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; import java.security.Principal; import java.security.PrivilegedExceptionAction; import java.util.Collection; import java.util.Random; import javax.security.auth.Subject; import javax.security.auth.x500.X500Principal; import org.apache.log4j.Level; import org.apache.log4j.Logger; import org.junit.BeforeClass; import org.junit.Test; import ca.nrc.cadc.ac.PersonalDetails; import ca.nrc.cadc.ac.User; import ca.nrc.cadc.ac.UserDetails; import ca.nrc.cadc.ac.UserRequest; import ca.nrc.cadc.auth.HttpPrincipal; import ca.nrc.cadc.auth.NumericPrincipal; import ca.nrc.cadc.net.TransientException; import ca.nrc.cadc.util.Log4jInit; import com.unboundid.ldap.sdk.DN; import org.apache.log4j.Level; import org.apache.log4j.Logger; import org.junit.BeforeClass; import org.junit.Test; import javax.security.auth.Subject; import javax.security.auth.x500.X500Principal; import java.security.Principal; import java.security.PrivilegedExceptionAction; import java.util.Collection; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; public class LdapUserDAOTest extends AbstractLdapDAOTest { private static final Logger log = Logger.getLogger(LdapUserDAOTest.class); static final String testUserX509DN = "cn=cadcdaotest1,ou=cadc,o=hia,c=ca"; static int nextUserNumericID = 666; static String testUserDN; static User<X500Principal> testUser; static User<X500Principal> testMember; static User<HttpPrincipal> testPendingUser; static LdapConfig config; static Random ran = new Random(); // source of randomness for numeric ids @BeforeClass Loading @@ -121,43 +113,23 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest // get the configuration of the development server from and config files... config = getLdapConfig(); X500Principal testUserX500Princ = new X500Principal(testUserX509DN); testUser = new User<X500Principal>(testUserX500Princ); testPendingUser = new User<HttpPrincipal>(new HttpPrincipal("CADCtestRequest")); testPendingUser.details.add(new PersonalDetails("CADCtest", "Request")); testPendingUser.getIdentities().add( new HttpPrincipal("CADCtestRequest")); testPendingUser.getIdentities().add( new X500Principal( "uid=CADCtestRequest,ou=userrequests,ou=ds,dc=testcanfar")); testPendingUser.getIdentities().add(new NumericPrincipal(66666)); testUser = new User<X500Principal>(new X500Principal(testUserX509DN)); testUser.details.add(new PersonalDetails("CADC", "DAOTest1")); testUser.getIdentities().add(new HttpPrincipal("CadcDaoTest1")); testUser.getIdentities().add(testUserX500Princ); testUser.getIdentities().add(new NumericPrincipal(666)); testUserDN = "uid=cadcdaotest1," + config.getUsersDN(); // member returned by getMember contains only the fields required by // the GMS testMember = new User<X500Principal>(testUserX500Princ); testMember.details.add(new PersonalDetails("CADC", "DAOTest1")); testMember.getIdentities().add(new HttpPrincipal("CadcDaoTest1")); } <T extends Principal> LdapUserDAO<T> getUserDAO() throws Exception { return new LdapUserDAO(config){ protected int genNextNumericId() { return nextUserNumericID; } }; return new LdapUserDAO<T>(config); } String createUserID() Loading @@ -171,13 +143,9 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest @Test public void testAddUser() throws Exception { String userID = createUserID(); final User<HttpPrincipal> expected = new User<HttpPrincipal>(new HttpPrincipal(userID)); expected.getIdentities().add(new HttpPrincipal(userID)); expected.getIdentities().add(new X500Principal("cn=" + userID + ",ou=cadc,o=hia,c=ca")); nextUserNumericID = ran.nextInt(Integer.MAX_VALUE); expected.getIdentities().add(new NumericPrincipal(nextUserNumericID)); final User<HttpPrincipal> expected = new User<HttpPrincipal>(new HttpPrincipal(createUserID())); expected.getIdentities().add(new HttpPrincipal(createUserID())); expected.details.add(new PersonalDetails("foo", "bar")); final UserRequest<HttpPrincipal> userRequest = Loading Loading @@ -336,7 +304,6 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest Subject subject = new Subject(); subject.getPrincipals().add(testUser.getUserID()); // do everything as owner Subject.doAs(subject, new PrivilegedExceptionAction<Object>() { Loading @@ -345,7 +312,7 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest try { User<X500Principal> actual = getUserDAO().getX500User(new DN(testUserDN)); check(testMember, actual); check(testUser, actual); return null; } catch (Exception e) Loading @@ -368,7 +335,7 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest try { User<X500Principal> actual = getUserDAO().getX500User(new DN(testUserDN)); check(testMember, actual); check(testUser, actual); return null; } catch (Exception e) Loading Loading @@ -568,10 +535,6 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest HttpPrincipal principal = new HttpPrincipal(username); testUser2 = new User<HttpPrincipal>(principal); testUser2.getIdentities().add(principal); testUser2.getIdentities().add(new X500Principal("cn=" + username + ",ou=cadc,o=hia,c=ca")); // update nextNumericId nextUserNumericID = ran.nextInt(Integer.MAX_VALUE); testUser2.getIdentities().add(new NumericPrincipal(nextUserNumericID)); testUser2.details.add(new PersonalDetails("firstName", "lastName")); final UserRequest<HttpPrincipal> userRequest = new UserRequest<HttpPrincipal>(testUser2, password); Loading Loading @@ -662,20 +625,8 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest assertEquals(user1, user2); assertEquals(user1.details, user2.details); assertEquals(user1.details.size(), user2.details.size()); assertEquals(user1.getIdentities().size(), user2.getIdentities().size()); for( Principal princ1 : user1.getIdentities()) { boolean found = false; for( Principal princ2 : user2.getIdentities()) { if (princ2.getClass() == princ1.getClass()) { assertEquals(princ1, princ2); found = true; } } assertTrue(princ1.getName(), found); } assertEquals("Identities don't match.", user1.getIdentities(), user2.getIdentities()); for (UserDetails d1 : user1.details) { assertTrue(user2.details.contains(d1)); Loading Loading
projects/cadcAccessControl-Server/build.xml +1 −1 Original line number Diff line number Diff line Loading @@ -148,7 +148,7 @@ <pathelement path="${jars}:${testingJars}"/> </classpath> <sysproperty key="ca.nrc.cadc.util.PropertiesReader.dir" value="test"/> <test name="ca.nrc.cadc.ac.server.web.users.GetUserListActionTest" /> <test name="ca.nrc.cadc.ac.server.web.users.GetUserActionTest" /> <formatter type="plain" usefile="false" /> </junit> </target> Loading
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java +24 −59 Original line number Diff line number Diff line Loading @@ -68,20 +68,6 @@ */ package ca.nrc.cadc.ac.server.ldap; import java.security.AccessControlException; import java.security.Principal; import java.util.ArrayList; import java.util.Collection; import java.util.HashMap; import java.util.HashSet; import java.util.List; import java.util.Map; import java.util.Random; import javax.security.auth.x500.X500Principal; import org.apache.log4j.Logger; import ca.nrc.cadc.ac.PersonalDetails; import ca.nrc.cadc.ac.PosixDetails; import ca.nrc.cadc.ac.User; Loading @@ -91,9 +77,7 @@ import ca.nrc.cadc.ac.UserNotFoundException; import ca.nrc.cadc.ac.UserRequest; import ca.nrc.cadc.auth.AuthenticationUtil; import ca.nrc.cadc.auth.HttpPrincipal; import ca.nrc.cadc.auth.NumericPrincipal; import ca.nrc.cadc.net.TransientException; import com.unboundid.ldap.sdk.AddRequest; import com.unboundid.ldap.sdk.Attribute; import com.unboundid.ldap.sdk.BindRequest; Loading @@ -116,6 +100,17 @@ import com.unboundid.ldap.sdk.SimpleBindRequest; import com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV2RequestControl; import com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedRequest; import com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedResult; import org.apache.log4j.Logger; import javax.security.auth.x500.X500Principal; import java.security.AccessControlException; import java.security.Principal; import java.util.ArrayList; import java.util.Collection; import java.util.HashMap; import java.util.HashSet; import java.util.List; import java.util.Map; public class LdapUserDAO<T extends Principal> extends LdapDAO Loading @@ -135,7 +130,6 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO protected static final String LDAP_ENTRYDN = "entrydn"; protected static final String LDAP_COMMON_NAME = "cn"; protected static final String LDAP_DISTINGUISHED_NAME = "distinguishedName"; protected static final String LDAP_NUMERICID = "numericid"; protected static final String LADP_USER_PASSWORD = "userPassword"; protected static final String LDAP_FIRST_NAME = "givenName"; protected static final String LDAP_LAST_NAME = "sn"; Loading @@ -146,12 +140,11 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO protected static final String LDAP_INSTITUTE = "institute"; protected static final String LDAP_UID = "uid"; private String[] userAttribs = new String[] { LDAP_FIRST_NAME, LDAP_LAST_NAME, LDAP_ADDRESS, LDAP_CITY, LDAP_COUNTRY, LDAP_EMAIL, LDAP_INSTITUTE LDAP_EMAIL, LDAP_INSTITUTE, LDAP_UID }; private String[] memberAttribs = new String[] { Loading @@ -163,7 +156,6 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO super(config); this.userLdapAttrib.put(HttpPrincipal.class, LDAP_UID); this.userLdapAttrib.put(X500Principal.class, LDAP_DISTINGUISHED_NAME); this.userLdapAttrib.put(NumericPrincipal.class, LDAP_NUMERICID); // add the id attributes to user and member attributes String[] princs = userLdapAttrib.values() Loading Loading @@ -359,26 +351,17 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO try { // add new user DN userX500DN = getUserRequestsDN(user.getUserID().getName()); List<Attribute> attributes = new ArrayList<Attribute>(); addAttribute(attributes, LDAP_OBJECT_CLASS, LDAP_INET_ORG_PERSON); addAttribute(attributes, LDAP_OBJECT_CLASS, LDAP_INET_USER); addAttribute(attributes, LDAP_OBJECT_CLASS, LDAP_CADC_ACCOUNT); addAttribute(attributes, LDAP_COMMON_NAME, user.getUserID() .getName()); addAttribute(attributes, LADP_USER_PASSWORD, new String(userRequest .getPassword())); addAttribute(attributes, LDAP_NUMERICID, String.valueOf(genNextNumericId())); for (Principal princ : user.getIdentities()) { if (princ instanceof X500Principal) { addAttribute(attributes, LDAP_DISTINGUISHED_NAME, princ.getName()); } } addAttribute(attributes, LDAP_DISTINGUISHED_NAME, userDN .toNormalizedString()); addAttribute(attributes, LADP_USER_PASSWORD, String.valueOf(userRequest.getPassword())); for (UserDetails details : user.details) { if (details.getClass() == PersonalDetails.class) Loading Loading @@ -466,7 +449,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO "Unsupported principal type " + userID.getClass()); } searchField = "(&(objectclass=inetorgperson)(objectclass=cadcaccount)(" + searchField = "(&(objectclass=inetorgperson)(" + searchField + "=" + userID.getName() + "))"; logger.debug(searchField); Loading @@ -476,6 +459,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO SearchRequest searchRequest = new SearchRequest(usersDN, SearchScope.SUB, searchField, userAttribs); if (isSecure(usersDN)) { searchRequest.addControl( Loading @@ -496,17 +480,10 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO logger.debug(msg); throw new UserNotFoundException(msg); } User<T> user = new User<T>(userID); user.getIdentities().add(new HttpPrincipal( searchResult.getAttributeValue( user.getIdentities().add(new HttpPrincipal(searchResult.getAttributeValue( userLdapAttrib.get(HttpPrincipal.class)))); user.getIdentities().add(new NumericPrincipal( searchResult.getAttributeValueAsLong( userLdapAttrib.get(NumericPrincipal.class)))); user.getIdentities().add(new X500Principal( searchResult.getAttributeValue( userLdapAttrib.get(X500Principal.class)))); String fname = searchResult.getAttributeValue(LDAP_FIRST_NAME); String lname = searchResult.getAttributeValue(LDAP_LAST_NAME); PersonalDetails personaDetails = new PersonalDetails(fname, lname); Loading Loading @@ -816,9 +793,10 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO "Unsupported principal type " + userID.getClass()); } User<T> user = getUser(userID); Filter filter = Filter.createANDFilter( Filter.createEqualityFilter(searchField, userID.getName()), user.getUserID().getName()), Filter.createEqualityFilter(LDAP_MEMBEROF, groupID)); SearchRequest searchRequest = Loading Loading @@ -1015,17 +993,4 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO LdapDAO.checkLdapResult(code); } } /** * Method to return a randomly generated user numeric ID. The default * implementation returns a value between 10000 and Integer.MAX_VALUE. * Services that support a different mechanism for generating numeric * IDs overide this method. * @return */ protected int genNextNumericId() { Random rand = new Random(); return rand.nextInt(Integer.MAX_VALUE - 10000) + 10000; } }
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/GetUserAction.java +31 −1 Original line number Diff line number Diff line Loading @@ -67,6 +67,7 @@ ************************************************************************ */package ca.nrc.cadc.ac.server.web.users; import ca.nrc.cadc.ac.PersonalDetails; import ca.nrc.cadc.ac.User; import ca.nrc.cadc.ac.UserNotFoundException; import ca.nrc.cadc.ac.server.UserPersistence; Loading @@ -75,6 +76,7 @@ import java.security.AccessControlContext; import java.security.AccessController; import java.security.Principal; import java.security.PrivilegedExceptionAction; import java.util.Set; import javax.security.auth.Subject; Loading @@ -85,11 +87,13 @@ public class GetUserAction extends AbstractUserAction { private static final Logger log = Logger.getLogger(GetUserAction.class); private final Principal userID; private final String detail; GetUserAction(Principal userID) GetUserAction(Principal userID, String detail) { super(); this.userID = userID; this.detail = detail; } public void doAction() throws Exception Loading Loading @@ -126,6 +130,32 @@ public class GetUserAction extends AbstractUserAction try { user = userPersistence.getUser(principal); if (detail != null) { // Only return user principals if (detail.equals("identity")) { user.details.clear(); } // Only return user profile info, first and last name. else if (detail.equals("display")) { user.getIdentities().clear(); Set<PersonalDetails> details = user.getDetails(PersonalDetails.class); if (details.isEmpty()) { String error = principal.getName() + " missing required PersonalDetails"; throw new IllegalStateException(error); } PersonalDetails pd = details.iterator().next(); user.details.clear(); user.details.add(new PersonalDetails(pd.getFirstName(), pd.getLastName())); } else { throw new IllegalArgumentException("Illegal detail parameter " + detail); } } } catch (UserNotFoundException e) { Loading
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/UserActionFactory.java +6 −6 Original line number Diff line number Diff line Loading @@ -111,7 +111,7 @@ public abstract class UserActionFactory else if (segments.length == 1) { User user = getUser(segments[0], request.getParameter("idType"), path); action = new GetUserAction(user.getUserID()); action = new GetUserAction(user.getUserID(), request.getParameter("detail")); } if (action != null) Loading Loading @@ -234,24 +234,24 @@ public abstract class UserActionFactory { throw new IllegalArgumentException("User endpoint missing idType parameter"); } else if (idType.equalsIgnoreCase(IdentityType.USERNAME.getValue())) else if (idType.equals(IdentityType.USERNAME.getValue())) { return new User<HttpPrincipal>(new HttpPrincipal(userName)); } else if (idType.equalsIgnoreCase(IdentityType.X500.getValue())) else if (idType.equals(IdentityType.X500.getValue())) { return new User<X500Principal>(new X500Principal(userName)); } else if (idType.equalsIgnoreCase(IdentityType.UID.getValue())) else if (idType.equals(IdentityType.UID.getValue())) { return new User<NumericPrincipal>(new NumericPrincipal( Long.parseLong(userName))); } else if (idType.equalsIgnoreCase(IdentityType.OPENID.getValue())) else if (idType.equals(IdentityType.OPENID.getValue())) { return new User<OpenIdPrincipal>(new OpenIdPrincipal(userName)); } else if (idType.equalsIgnoreCase(IdentityType.COOKIE.getValue())) else if (idType.equals(IdentityType.COOKIE.getValue())) { return new User<CookiePrincipal>(new CookiePrincipal(userName)); } Loading
projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAOTest.java +26 −75 Original line number Diff line number Diff line Loading @@ -68,49 +68,41 @@ */ package ca.nrc.cadc.ac.server.ldap; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; import java.security.Principal; import java.security.PrivilegedExceptionAction; import java.util.Collection; import java.util.Random; import javax.security.auth.Subject; import javax.security.auth.x500.X500Principal; import org.apache.log4j.Level; import org.apache.log4j.Logger; import org.junit.BeforeClass; import org.junit.Test; import ca.nrc.cadc.ac.PersonalDetails; import ca.nrc.cadc.ac.User; import ca.nrc.cadc.ac.UserDetails; import ca.nrc.cadc.ac.UserRequest; import ca.nrc.cadc.auth.HttpPrincipal; import ca.nrc.cadc.auth.NumericPrincipal; import ca.nrc.cadc.net.TransientException; import ca.nrc.cadc.util.Log4jInit; import com.unboundid.ldap.sdk.DN; import org.apache.log4j.Level; import org.apache.log4j.Logger; import org.junit.BeforeClass; import org.junit.Test; import javax.security.auth.Subject; import javax.security.auth.x500.X500Principal; import java.security.Principal; import java.security.PrivilegedExceptionAction; import java.util.Collection; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; public class LdapUserDAOTest extends AbstractLdapDAOTest { private static final Logger log = Logger.getLogger(LdapUserDAOTest.class); static final String testUserX509DN = "cn=cadcdaotest1,ou=cadc,o=hia,c=ca"; static int nextUserNumericID = 666; static String testUserDN; static User<X500Principal> testUser; static User<X500Principal> testMember; static User<HttpPrincipal> testPendingUser; static LdapConfig config; static Random ran = new Random(); // source of randomness for numeric ids @BeforeClass Loading @@ -121,43 +113,23 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest // get the configuration of the development server from and config files... config = getLdapConfig(); X500Principal testUserX500Princ = new X500Principal(testUserX509DN); testUser = new User<X500Principal>(testUserX500Princ); testPendingUser = new User<HttpPrincipal>(new HttpPrincipal("CADCtestRequest")); testPendingUser.details.add(new PersonalDetails("CADCtest", "Request")); testPendingUser.getIdentities().add( new HttpPrincipal("CADCtestRequest")); testPendingUser.getIdentities().add( new X500Principal( "uid=CADCtestRequest,ou=userrequests,ou=ds,dc=testcanfar")); testPendingUser.getIdentities().add(new NumericPrincipal(66666)); testUser = new User<X500Principal>(new X500Principal(testUserX509DN)); testUser.details.add(new PersonalDetails("CADC", "DAOTest1")); testUser.getIdentities().add(new HttpPrincipal("CadcDaoTest1")); testUser.getIdentities().add(testUserX500Princ); testUser.getIdentities().add(new NumericPrincipal(666)); testUserDN = "uid=cadcdaotest1," + config.getUsersDN(); // member returned by getMember contains only the fields required by // the GMS testMember = new User<X500Principal>(testUserX500Princ); testMember.details.add(new PersonalDetails("CADC", "DAOTest1")); testMember.getIdentities().add(new HttpPrincipal("CadcDaoTest1")); } <T extends Principal> LdapUserDAO<T> getUserDAO() throws Exception { return new LdapUserDAO(config){ protected int genNextNumericId() { return nextUserNumericID; } }; return new LdapUserDAO<T>(config); } String createUserID() Loading @@ -171,13 +143,9 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest @Test public void testAddUser() throws Exception { String userID = createUserID(); final User<HttpPrincipal> expected = new User<HttpPrincipal>(new HttpPrincipal(userID)); expected.getIdentities().add(new HttpPrincipal(userID)); expected.getIdentities().add(new X500Principal("cn=" + userID + ",ou=cadc,o=hia,c=ca")); nextUserNumericID = ran.nextInt(Integer.MAX_VALUE); expected.getIdentities().add(new NumericPrincipal(nextUserNumericID)); final User<HttpPrincipal> expected = new User<HttpPrincipal>(new HttpPrincipal(createUserID())); expected.getIdentities().add(new HttpPrincipal(createUserID())); expected.details.add(new PersonalDetails("foo", "bar")); final UserRequest<HttpPrincipal> userRequest = Loading Loading @@ -336,7 +304,6 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest Subject subject = new Subject(); subject.getPrincipals().add(testUser.getUserID()); // do everything as owner Subject.doAs(subject, new PrivilegedExceptionAction<Object>() { Loading @@ -345,7 +312,7 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest try { User<X500Principal> actual = getUserDAO().getX500User(new DN(testUserDN)); check(testMember, actual); check(testUser, actual); return null; } catch (Exception e) Loading @@ -368,7 +335,7 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest try { User<X500Principal> actual = getUserDAO().getX500User(new DN(testUserDN)); check(testMember, actual); check(testUser, actual); return null; } catch (Exception e) Loading Loading @@ -568,10 +535,6 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest HttpPrincipal principal = new HttpPrincipal(username); testUser2 = new User<HttpPrincipal>(principal); testUser2.getIdentities().add(principal); testUser2.getIdentities().add(new X500Principal("cn=" + username + ",ou=cadc,o=hia,c=ca")); // update nextNumericId nextUserNumericID = ran.nextInt(Integer.MAX_VALUE); testUser2.getIdentities().add(new NumericPrincipal(nextUserNumericID)); testUser2.details.add(new PersonalDetails("firstName", "lastName")); final UserRequest<HttpPrincipal> userRequest = new UserRequest<HttpPrincipal>(testUser2, password); Loading Loading @@ -662,20 +625,8 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest assertEquals(user1, user2); assertEquals(user1.details, user2.details); assertEquals(user1.details.size(), user2.details.size()); assertEquals(user1.getIdentities().size(), user2.getIdentities().size()); for( Principal princ1 : user1.getIdentities()) { boolean found = false; for( Principal princ2 : user2.getIdentities()) { if (princ2.getClass() == princ1.getClass()) { assertEquals(princ1, princ2); found = true; } } assertTrue(princ1.getName(), found); } assertEquals("Identities don't match.", user1.getIdentities(), user2.getIdentities()); for (UserDetails d1 : user1.details) { assertTrue(user2.details.contains(d1)); Loading
