Added the core authorization classes (c073c917) · Commits · OATS-CADC / ac

projects/cadcUtil/doc/auth.html

0 → 100644

+36 −0

Original line number	Diff line number	Diff line
		<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
		"http://www.w3.org/TR/html4/loose.dtd">
		<html>
		<head>
		<title>
		CADC User Authorization Model
		</title>
		</head>

		<body>

		<div class="main">

		<h1>CADC User Authorization Model</h1>

		<p>The CADC User Authorization Model is a model for representing CADC users and groups. The model is used primarily in the GMS and Users Web services.
		</p>

		<a href="uml/UserAuth.png"> <img src="uml/UserAuth.png" alt="CADC User Authorization Model"></a>

		<h2>User Class Features </h2>
		In the system, a user is uniquely identified by a Principal (in CADC's case that is the CadcPrincipal) but can have a number of other identities for different contexts:
		<ul>
		<li>HttpPrincipal: Web user identity associated with Simple HHTP User Password access.</li>
		<li>X500Principal: X509 certificate identity. </li>
		<li>SShPubKeyPrincipal: An ssh key identity. </li>
		<li>CadcPrincipal: An identity used internally at the CADC. </li>
		<li>CookiePrincipal: Cookie based identity. </li>
		<li>OpenIdPrincipal: An OpenID identity. </li>
		</ul>

		<h2>Group Class Features</h2>
		Groups represet associations of users. Members of groups can be groups of users or simple users. groupWrite and groupRead represent the groups that have read and read-and-write permissions to the current group.

		</body>
		</html>

projects/cadcUtil/doc/uml/UserAuth.png

0 → 100644

+17.7 KiB

Loading image diff...

projects/cadcUtil/src/ca/nrc/cadc/auth/model/Group.java

0 → 100644

+263 −0

Original line number	Diff line number	Diff line
		/*
		************************************************************************
		** C A N A D I A N A S T R O N O M Y D A T A C E N T R E ***
		*
		* (c) 2014. (c) 2014.
		* National Research Council Conseil national de recherches
		* Ottawa, Canada, K1A 0R6 Ottawa, Canada, K1A 0R6
		* All rights reserved Tous droits reserves
		*
		* NRC disclaims any warranties Le CNRC denie toute garantie
		* expressed, implied, or statu- enoncee, implicite ou legale,
		* tory, of any kind with respect de quelque nature que se soit,
		* to the software, including concernant le logiciel, y com-
		* without limitation any war- pris sans restriction toute
		* ranty of merchantability or garantie de valeur marchande
		* fitness for a particular pur- ou de pertinence pour un usage
		* pose. NRC shall not be liable particulier. Le CNRC ne
		* in any event for any damages, pourra en aucun cas etre tenu
		* whether direct or indirect, responsable de tout dommage,
		* special or general, consequen- direct ou indirect, particul-
		* tial or incidental, arising ier ou general, accessoire ou
		* from the use of the software. fortuit, resultant de l'utili-
		* sation du logiciel.
		*
		*
		* @author adriand
		*
		* @version $Revision: $
		*
		*
		** C A N A D I A N A S T R O N O M Y D A T A C E N T R E ***
		************************************************************************
		*/

		package ca.nrc.cadc.auth.model;

		import java.security.Principal;
		import java.util.HashSet;
		import java.util.Set;

		public class Group
		{
		private String groupID;

		private User<? extends Principal> owner;

		// group's properties
		protected Set<GroupProperty> properties = new HashSet<GroupProperty>();

		// group's user members
		private Set<User<? extends Principal>> userMembers =
		new HashSet<User<? extends Principal>>();
		// group's group members
		private Set<Group> groupMembers = new HashSet<Group>();

		public String description;

		// Access Control properties
		/**
		* group that can read details of this group
		* Note: this class does not enforce any access control rules
		*/
		public Group groupRead;
		/**
		* group that can read and write details of this group
		* Note: this class does not enforce any access control rules
		*/
		public Group groupWrite;
		/**
		* flag that show whether the details of this group are publicly readable
		* Note: this class does not enforce any access control rules
		*/
		public boolean publicRead = false;

		/**
		* Ctor.
		*
		* @param groupID
		* Unique ID for the group
		* @param owner
		* Owner/Creator of the group.
		*/
		public Group(final String groupID,
		final User<? extends Principal> owner)
		{
		if(groupID == null)
		{
		throw new IllegalArgumentException("Null groupID");
		}
		this.groupID = groupID;
		if(owner == null)
		{
		throw new IllegalArgumentException("Null owner");
		}
		this.owner = owner;
		}

		/**
		* Obtain this Group's unique id.
		*
		* @return String group ID.
		*/
		public String getID()
		{
		return groupID;
		}

		/**
		* Obtain this group's owner
		* @return owner of the group
		*/
		public User<? extends Principal> getOwner()
		{
		return owner;
		}

		/**
		*
		* @return a set of properties associated with a group
		*/
		public Set<GroupProperty> getProperties()
		{
		return properties;
		}

		/**
		*
		* @return individual user members of this group
		*/
		public Set<User<? extends Principal>> getUserMembers()
		{
		return userMembers;
		}

		/**
		*
		* @return group members of this group
		*/
		public Set<Group> getGroupMembers()
		{
		return groupMembers;
		}


		/* (non-Javadoc)
		* @see java.lang.Object#hashCode()
		*/
		@Override
		public int hashCode()
		{
		return 31 + groupID.hashCode();
		}

		/* (non-Javadoc)
		* @see java.lang.Object#equals(java.lang.Object)
		*/
		@Override
		public boolean equals(Object obj)
		{
		if (this == obj)
		{
		return true;
		}
		if (obj == null)
		{
		return false;
		}
		if (!(obj instanceof Group))
		{
		return false;
		}
		Group other = (Group) obj;
		if (description == null)
		{
		if (other.description != null)
		{
		return false;
		}
		}
		else if (!description.equals(other.description))
		{
		return false;
		}
		if (groupRead == null)
		{
		if (other.groupRead != null)
		{
		return false;
		}
		}
		else if (!groupRead.equals(other.groupRead))
		{
		return false;
		}
		if (groupWrite == null)
		{
		if (other.groupWrite != null)
		{
		return false;
		}
		}
		else if (!groupWrite.equals(other.groupWrite))
		{
		return false;
		}
		if (groupID == null)
		{
		if (other.groupID != null)
		{
		return false;
		}
		}
		else if (!groupID.equals(other.groupID))
		{
		return false;
		}
		if (groupMembers == null)
		{
		if (other.groupMembers != null)
		{
		return false;
		}
		}
		else if (!groupMembers.equals(other.groupMembers))
		{
		return false;
		}
		if (!owner.equals(other.owner))
		{
		return false;
		}
		if (properties == null)
		{
		if (other.properties != null)
		{
		return false;
		}
		}
		else if (!properties.equals(other.properties))
		{
		return false;
		}
		if (userMembers == null)
		{
		if (other.userMembers != null)
		{
		return false;
		}
		}
		else if (!userMembers.equals(other.userMembers))
		{
		return false;
		}
		return (publicRead == other.publicRead);
		}

		@Override
		public String toString()
		{
		return getClass().getSimpleName() + "[" + groupID + "]";
		}

		}

projects/cadcUtil/src/ca/nrc/cadc/auth/model/GroupProperty.java

0 → 100644

+199 −0

Original line number	Diff line number	Diff line
		/*
		************************************************************************
		***************** CANADIAN ASTRONOMY DATA CENTRE *****************
		************ CENTRE CANADIEN DE DONNÉES ASTRONOMIQUES ************
		*
		* (c) 2009. (c) 2009.
		* Government of Canada Gouvernement du Canada
		* National Research Council Conseil national de recherches
		* Ottawa, Canada, K1A 0R6 Ottawa, Canada, K1A 0R6
		* All rights reserved Tous droits réservés
		*
		* NRC disclaims any warranties, Le CNRC dénie toute garantie
		* expressed, implied, or énoncée, implicite ou légale,
		* statutory, of any kind with de quelque nature que ce
		* respect to the software, soit, concernant le logiciel,
		* including without limitation y compris sans restriction
		* any warranty of merchantability toute garantie de valeur
		* or fitness for a particular marchande ou de pertinence
		* purpose. NRC shall not be pour un usage particulier.
		* liable in any event for any Le CNRC ne pourra en aucun cas
		* damages, whether direct or être tenu responsable de tout
		* indirect, special or general, dommage, direct ou indirect,
		* consequential or incidental, particulier ou général,
		* arising from the use of the accessoire ou fortuit, résultant
		* software. Neither the name de l'utilisation du logiciel. Ni
		* of the National Research le nom du Conseil National de
		* Council of Canada nor the Recherches du Canada ni les noms
		* names of its contributors may de ses participants ne peuvent
		* be used to endorse or promote être utilisés pour approuver ou
		* products derived from this promouvoir les produits dérivés
		* software without specific prior de ce logiciel sans autorisation
		* written permission. préalable et particulière
		* par écrit.
		*
		* This file is part of the Ce fichier fait partie du projet
		* OpenCADC project. OpenCADC.
		*
		* OpenCADC is free software: OpenCADC est un logiciel libre ;
		* you can redistribute it and/or vous pouvez le redistribuer ou le
		* modify it under the terms of modifier suivant les termes de
		* the GNU Affero General Public la “GNU Affero General Public
		* License as published by the License” telle que publiée
		* Free Software Foundation, par la Free Software Foundation
		* either version 3 of the : soit la version 3 de cette
		* License, or (at your option) licence, soit (à votre gré)
		* any later version. toute version ultérieure.
		*
		* OpenCADC is distributed in the OpenCADC est distribué
		* hope that it will be useful, dans l’espoir qu’il vous
		* but WITHOUT ANY WARRANTY; sera utile, mais SANS AUCUNE
		* without even the implied GARANTIE : sans même la garantie
		* warranty of MERCHANTABILITY implicite de COMMERCIALISABILITÉ
		* or FITNESS FOR A PARTICULAR ni d’ADÉQUATION À UN OBJECTIF
		* PURPOSE. See the GNU Affero PARTICULIER. Consultez la Licence
		* General Public License for Générale Publique GNU Affero
		* more details. pour plus de détails.
		*
		* You should have received Vous devriez avoir reçu une
		* a copy of the GNU Affero copie de la Licence Générale
		* General Public License along Publique GNU Affero avec
		* with OpenCADC. If not, see OpenCADC ; si ce n’est
		* <http://www.gnu.org/licenses/>. pas le cas, consultez :
		* <http://www.gnu.org/licenses/>.
		*
		*
		************************************************************************
		*/

		package ca.nrc.cadc.auth.model;

		/**
		* A property representing metadata for a group.
		*
		*/
		public class GroupProperty
		{
		// The property identifier
		private String key;

		// The value of the property
		private Object value;

		// true if the property cannot be modified.
		private boolean readOnly;


		/**
		* GroupProperty constructor.
		*
		* @param key The property key. Cannot be null.
		* @param value The property value.
		*/
		public GroupProperty(String key, Object value, boolean readOnly)
		{
		if(key == null)
		{
		throw new IllegalArgumentException("Null key");
		}
		this.key = key;
		this.value = value;
		this.readOnly = readOnly;
		}

		/**
		* @return property key
		*/
		public String getKey()
		{
		return key;
		}

		/**
		* @return value
		*/
		public Object getValue()
		{
		return value;
		}

		/**
		* @return read only
		*/
		public boolean isReadOnly()
		{
		return readOnly;
		}



		/* (non-Javadoc)
		* @see java.lang.Object#hashCode()
		*/
		@Override
		public int hashCode()
		{
		final int prime = 31;
		int result = 1;
		result = prime * result + ((key == null) ? 0 : key.hashCode());
		result = prime * result + (readOnly ? 1231 : 1237);
		result = prime * result
		+ ((value == null) ? 0 : value.hashCode());
		return result;
		}

		/* (non-Javadoc)
		* @see java.lang.Object#equals(java.lang.Object)
		*/
		@Override
		public boolean equals(Object obj)
		{
		if (this == obj)
		{
		return true;
		}
		if (obj == null)
		{
		return false;
		}
		if (!(obj instanceof GroupProperty))
		{
		return false;
		}
		GroupProperty other = (GroupProperty) obj;
		if (key == null)
		{
		if (other.key != null)
		{
		return false;
		}
		}
		else if (!key.equals(other.key))
		{
		return false;
		}
		if (readOnly != other.readOnly)
		{
		return false;
		}
		if (value == null)
		{
		if (other.value != null)
		{
		return false;
		}
		}
		else if (!value.equals(other.value))
		{
		return false;
		}
		return true;
		}

		@Override
		public String toString()
		{
		return getClass().getSimpleName() + "[" + key + ": " + value + "]";
		}

		}

projects/cadcUtil/src/ca/nrc/cadc/auth/model/PosixDetails.java

0 → 100644

+167 −0

Original line number	Diff line number	Diff line
		/*
		************************************************************************
		** C A N A D I A N A S T R O N O M Y D A T A C E N T R E ***
		*
		* (c) 2014. (c) 2014.
		* National Research Council Conseil national de recherches
		* Ottawa, Canada, K1A 0R6 Ottawa, Canada, K1A 0R6
		* All rights reserved Tous droits reserves
		*
		* NRC disclaims any warranties Le CNRC denie toute garantie
		* expressed, implied, or statu- enoncee, implicite ou legale,
		* tory, of any kind with respect de quelque nature que se soit,
		* to the software, including concernant le logiciel, y com-
		* without limitation any war- pris sans restriction toute
		* ranty of merchantability or garantie de valeur marchande
		* fitness for a particular pur- ou de pertinence pour un usage
		* pose. NRC shall not be liable particulier. Le CNRC ne
		* in any event for any damages, pourra en aucun cas etre tenu
		* whether direct or indirect, responsable de tout dommage,
		* special or general, consequen- direct ou indirect, particul-
		* tial or incidental, arising ier ou general, accessoire ou
		* from the use of the software. fortuit, resultant de l'utili-
		* sation du logiciel.
		*
		*
		* @author adriand
		*
		* @version $Revision: $
		*
		*
		** C A N A D I A N A S T R O N O M Y D A T A C E N T R E ***
		************************************************************************
		*/

		package ca.nrc.cadc.auth.model;

		/**
		* Represents the posix account details associated with a user account.
		*/
		public class PosixDetails
		{
		private long uid;
		private long gid;
		private String homeDirectory;

		/**
		* user login shell
		*/
		public String loginShell;

		/**
		*
		* @param uid
		* posix uid
		* @param gid
		* posix gid
		* @param homeDirectory
		* home directory
		*/
		public PosixDetails(long uid, long gid, String homeDirectory)
		{
		this.uid = uid;
		this.gid = gid;
		if (homeDirectory == null)
		{
		throw new IllegalArgumentException(
		"null home directory in POSIX details");
		}
		this.homeDirectory = homeDirectory;
		}

		/**
		* @return the uid
		*/
		public long getUid()
		{
		return uid;
		}

		/**
		* @return the gid
		*/
		public long getGid()
		{
		return gid;
		}

		/**
		* @return the homeDirectory
		*/
		public String getHomeDirectory()
		{
		return homeDirectory;
		}

		/*
		* (non-Javadoc)
		*
		* @see java.lang.Object#hashCode()
		*/
		@Override
		public int hashCode()
		{
		final int prime = 31;
		int result = 1;
		result = prime * result + (int) (gid ^ (gid >>> 32));
		result = prime * result + homeDirectory.hashCode();
		result = prime * result + (int) (uid ^ (uid >>> 32));
		return result;
		}

		/*
		* (non-Javadoc)
		*
		* @see java.lang.Object#equals(java.lang.Object)
		*/
		@Override
		public boolean equals(Object obj)
		{
		if (this == obj)
		{
		return true;
		}
		if (obj == null)
		{
		return false;
		}
		if (!(obj instanceof PosixDetails))
		{
		return false;
		}
		PosixDetails other = (PosixDetails) obj;
		if (gid != other.gid)
		{
		return false;
		}

		if (!homeDirectory.equals(other.homeDirectory))
		{
		return false;
		}
		if (loginShell == null)
		{
		if (other.loginShell != null)
		{
		return false;
		}
		}
		else if (!loginShell.equals(other.loginShell))
		{
		return false;
		}
		if (uid != other.uid)
		{
		return false;
		}
		return true;
		}

		@Override
		public String toString()
		{
		return getClass().getSimpleName() + "[" + uid + ", " + gid + ", "
		+ homeDirectory + "]";
		}

		}