Loading projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/UserPersistence.java +15 −15 Original line number Diff line number Diff line Loading @@ -100,7 +100,7 @@ public interface UserPersistence<T extends Principal> * @throws TransientException If an temporary, unexpected problem occurred. * @throws AccessControlException If the operation is not permitted. */ User<T> addUser(UserRequest<T> user) void addUser(UserRequest<T> user) throws TransientException, AccessControlException, UserAlreadyExistsException; Loading projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java +20 −20 Original line number Diff line number Diff line Loading @@ -284,7 +284,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO * @throws AccessControlException If the operation is not permitted. * @throws UserAlreadyExistsException If the user already exists. */ public User<T> addUser(final UserRequest<T> userRequest) public void addUser(final UserRequest<T> userRequest) throws TransientException, UserAlreadyExistsException { DN userDN; Loading @@ -301,19 +301,6 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO userDN = getUserRequestsDN(userID.getName()); addUser(userRequest, userDN); // AD: Search results sometimes come incomplete if // connection is not reset - not sure why. getConnection().reconnect(); try { return getUser(userID, config.getUserRequestsDN()); } catch (UserNotFoundException e) { throw new RuntimeException("BUG: new user " + userDN.toNormalizedString() + " not found"); } } catch (LDAPException e) { Loading Loading @@ -507,9 +494,13 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO searchField, userAttribs); if (proxy && isSecure(usersDN)) { searchRequest.addControl( new ProxiedAuthorizationV2RequestControl( "dn:" + getSubjectDN().toNormalizedString())); String proxyDN = "dn:" + getSubjectDN().toNormalizedString(); logger.debug("Proxying auth as: " + proxyDN); searchRequest.addControl(new ProxiedAuthorizationV2RequestControl(proxyDN)); } else { logger.debug("Not proxying authorization"); } searchResult = getConnection().searchForEntry(searchRequest); Loading @@ -530,9 +521,18 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO user.getIdentities().add(new HttpPrincipal( searchResult.getAttributeValue( userLdapAttrib.get(HttpPrincipal.class)))); user.getIdentities().add(new NumericPrincipal( searchResult.getAttributeValueAsLong( userLdapAttrib.get(NumericPrincipal.class)))); Long numericID = searchResult.getAttributeValueAsLong(userLdapAttrib.get(NumericPrincipal.class)); logger.debug("Numeric id is: " + numericID); if (numericID == null) { // If the numeric ID does not return it means the user // does not have permission throw new AccessControlException("Permission denied"); } NumericPrincipal numericPrincipal = new NumericPrincipal(numericID); user.getIdentities().add(numericPrincipal); user.getIdentities().add(new X500Principal( searchResult.getAttributeValue( userLdapAttrib.get(X500Principal.class)))); Loading projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserPersistence.java +2 −2 Original line number Diff line number Diff line Loading @@ -126,7 +126,7 @@ public class LdapUserPersistence<T extends Principal> * @throws TransientException If an temporary, unexpected problem occurred. * @throws AccessControlException If the operation is not permitted. */ public User<T> addUser(UserRequest<T> user) public void addUser(UserRequest<T> user) throws TransientException, AccessControlException, UserAlreadyExistsException { Loading @@ -134,7 +134,7 @@ public class LdapUserPersistence<T extends Principal> try { userDAO = new LdapUserDAO<T>(this.config); return userDAO.addUser(user); userDAO.addUser(user); } finally { Loading projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/groups/ACSearchRunner.java→projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/ACSearchRunner.java +1 −1 Original line number Diff line number Diff line Loading @@ -66,7 +66,7 @@ * ************************************************************************ */ package ca.nrc.cadc.ac.server.web.groups; package ca.nrc.cadc.ac.server.web; import ca.nrc.cadc.ac.Group; import ca.nrc.cadc.ac.GroupNotFoundException; Loading projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/groups/GroupServlet.java→projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/GroupServlet.java +4 −2 Original line number Diff line number Diff line Loading @@ -66,7 +66,7 @@ * ************************************************************************ */ package ca.nrc.cadc.ac.server.web.groups; package ca.nrc.cadc.ac.server.web; import java.io.IOException; import java.security.PrivilegedActionException; Loading @@ -76,9 +76,11 @@ import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import ca.nrc.cadc.ac.server.web.groups.AbstractGroupAction; import ca.nrc.cadc.ac.server.web.groups.GroupLogInfo; import ca.nrc.cadc.ac.server.web.groups.GroupsActionFactory; import org.apache.log4j.Logger; import ca.nrc.cadc.ac.server.web.SyncOutput; import ca.nrc.cadc.auth.AuthenticationUtil; /** Loading Loading
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/UserPersistence.java +15 −15 Original line number Diff line number Diff line Loading @@ -100,7 +100,7 @@ public interface UserPersistence<T extends Principal> * @throws TransientException If an temporary, unexpected problem occurred. * @throws AccessControlException If the operation is not permitted. */ User<T> addUser(UserRequest<T> user) void addUser(UserRequest<T> user) throws TransientException, AccessControlException, UserAlreadyExistsException; Loading
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java +20 −20 Original line number Diff line number Diff line Loading @@ -284,7 +284,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO * @throws AccessControlException If the operation is not permitted. * @throws UserAlreadyExistsException If the user already exists. */ public User<T> addUser(final UserRequest<T> userRequest) public void addUser(final UserRequest<T> userRequest) throws TransientException, UserAlreadyExistsException { DN userDN; Loading @@ -301,19 +301,6 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO userDN = getUserRequestsDN(userID.getName()); addUser(userRequest, userDN); // AD: Search results sometimes come incomplete if // connection is not reset - not sure why. getConnection().reconnect(); try { return getUser(userID, config.getUserRequestsDN()); } catch (UserNotFoundException e) { throw new RuntimeException("BUG: new user " + userDN.toNormalizedString() + " not found"); } } catch (LDAPException e) { Loading Loading @@ -507,9 +494,13 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO searchField, userAttribs); if (proxy && isSecure(usersDN)) { searchRequest.addControl( new ProxiedAuthorizationV2RequestControl( "dn:" + getSubjectDN().toNormalizedString())); String proxyDN = "dn:" + getSubjectDN().toNormalizedString(); logger.debug("Proxying auth as: " + proxyDN); searchRequest.addControl(new ProxiedAuthorizationV2RequestControl(proxyDN)); } else { logger.debug("Not proxying authorization"); } searchResult = getConnection().searchForEntry(searchRequest); Loading @@ -530,9 +521,18 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO user.getIdentities().add(new HttpPrincipal( searchResult.getAttributeValue( userLdapAttrib.get(HttpPrincipal.class)))); user.getIdentities().add(new NumericPrincipal( searchResult.getAttributeValueAsLong( userLdapAttrib.get(NumericPrincipal.class)))); Long numericID = searchResult.getAttributeValueAsLong(userLdapAttrib.get(NumericPrincipal.class)); logger.debug("Numeric id is: " + numericID); if (numericID == null) { // If the numeric ID does not return it means the user // does not have permission throw new AccessControlException("Permission denied"); } NumericPrincipal numericPrincipal = new NumericPrincipal(numericID); user.getIdentities().add(numericPrincipal); user.getIdentities().add(new X500Principal( searchResult.getAttributeValue( userLdapAttrib.get(X500Principal.class)))); Loading
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserPersistence.java +2 −2 Original line number Diff line number Diff line Loading @@ -126,7 +126,7 @@ public class LdapUserPersistence<T extends Principal> * @throws TransientException If an temporary, unexpected problem occurred. * @throws AccessControlException If the operation is not permitted. */ public User<T> addUser(UserRequest<T> user) public void addUser(UserRequest<T> user) throws TransientException, AccessControlException, UserAlreadyExistsException { Loading @@ -134,7 +134,7 @@ public class LdapUserPersistence<T extends Principal> try { userDAO = new LdapUserDAO<T>(this.config); return userDAO.addUser(user); userDAO.addUser(user); } finally { Loading
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/groups/ACSearchRunner.java→projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/ACSearchRunner.java +1 −1 Original line number Diff line number Diff line Loading @@ -66,7 +66,7 @@ * ************************************************************************ */ package ca.nrc.cadc.ac.server.web.groups; package ca.nrc.cadc.ac.server.web; import ca.nrc.cadc.ac.Group; import ca.nrc.cadc.ac.GroupNotFoundException; Loading
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/groups/GroupServlet.java→projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/GroupServlet.java +4 −2 Original line number Diff line number Diff line Loading @@ -66,7 +66,7 @@ * ************************************************************************ */ package ca.nrc.cadc.ac.server.web.groups; package ca.nrc.cadc.ac.server.web; import java.io.IOException; import java.security.PrivilegedActionException; Loading @@ -76,9 +76,11 @@ import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import ca.nrc.cadc.ac.server.web.groups.AbstractGroupAction; import ca.nrc.cadc.ac.server.web.groups.GroupLogInfo; import ca.nrc.cadc.ac.server.web.groups.GroupsActionFactory; import org.apache.log4j.Logger; import ca.nrc.cadc.ac.server.web.SyncOutput; import ca.nrc.cadc.auth.AuthenticationUtil; /** Loading
