Loading projects/cadcAccessControl-Server/build.xml +2 −1 Original line number Diff line number Diff line Loading @@ -93,6 +93,7 @@ <property name="cadcUtil" value="${lib}/cadcUtil.jar"/> <property name="cadcUWS" value="${lib}/cadcUWS.jar"/> <property name="wsUtil" value="${lib}/wsUtil.jar"/> <property name="wsUtil-augment" value="${lib}/wsUtil-augment.jar"/> <property name="javacsv" value="${ext.lib}/javacsv.jar"/> <property name="jdom2" value="${ext.lib}/jdom2.jar"/> Loading @@ -102,7 +103,7 @@ <property name="xerces" value="${ext.lib}/xerces.jar"/> <property name="jars" value="${javacsv}:${jdom2}:${log4j}:${servlet}:${unboundid}:${xerces}:${cadcAccessControl}:${cadcLog}:${cadcRegistry}:${cadcUtil}:${cadcUWS}:${wsUtil}"/> value="${javacsv}:${jdom2}:${log4j}:${servlet}:${unboundid}:${xerces}:${cadcAccessControl}:${cadcLog}:${cadcRegistry}:${cadcUtil}:${cadcUWS}:${wsUtil}:${wsUtil-augment}"/> <target name="build" depends="compile"> <jar jarfile="${build}/lib/${project}.jar" Loading projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/GetUserAction.java +41 −38 Original line number Diff line number Diff line Loading @@ -71,6 +71,8 @@ import ca.nrc.cadc.ac.PersonalDetails; import ca.nrc.cadc.ac.User; import ca.nrc.cadc.ac.UserNotFoundException; import ca.nrc.cadc.ac.server.UserPersistence; import ca.nrc.cadc.auth.HttpPrincipal; import ca.nrc.cadc.auth.NumericPrincipal; import java.security.AccessControlContext; import java.security.AccessController; Loading @@ -79,10 +81,12 @@ import java.security.PrivilegedExceptionAction; import java.util.Set; import javax.security.auth.Subject; import javax.security.auth.x500.X500Principal; import org.apache.log4j.Logger; public class GetUserAction extends AbstractUserAction { private static final Logger log = Logger.getLogger(GetUserAction.class); Loading @@ -100,14 +104,14 @@ public class GetUserAction extends AbstractUserAction { User<Principal> user; if (isServops()) if (isAugmentUser()) { Subject subject = new Subject(); subject.getPrincipals().add(this.userID); user = (User<Principal>) Subject.doAs(subject, new PrivilegedExceptionAction<Object>() user = Subject.doAs(subject, new PrivilegedExceptionAction<User<Principal>>() { @Override public Object run() throws Exception public User<Principal> run() throws Exception { return getUser(userID); } Loading @@ -130,6 +134,12 @@ public class GetUserAction extends AbstractUserAction try { user = userPersistence.getUser(principal); } catch (UserNotFoundException e) { user = userPersistence.getPendingUser(principal); } if (detail != null) { // Only return user principals Loading @@ -156,32 +166,25 @@ public class GetUserAction extends AbstractUserAction throw new IllegalArgumentException("Illegal detail parameter " + detail); } } } catch (UserNotFoundException e) { user = userPersistence.getPendingUser(principal); } return user; } protected boolean isServops() protected boolean isAugmentUser() { boolean isServops = false; AccessControlContext acc = AccessController.getContext(); Subject subject = Subject.getSubject(acc); if (subject != null) { for (Principal principal : subject.getPrincipals()) for (Principal principal : subject.getPrincipals(HttpPrincipal.class)) { if (principal.getName().equals(this.getAugmentUserDN())) { isServops = true; break; return true; } } } return isServops; return false; } } projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/UserActionFactory.java +2 −1 Original line number Diff line number Diff line Loading @@ -68,17 +68,18 @@ */ package ca.nrc.cadc.ac.server.web.users; import ca.nrc.cadc.ac.IdentityType; import ca.nrc.cadc.ac.User; import ca.nrc.cadc.ac.server.web.WebUtil; import ca.nrc.cadc.auth.CookiePrincipal; import ca.nrc.cadc.auth.HttpPrincipal; import ca.nrc.cadc.auth.IdentityType; import ca.nrc.cadc.auth.NumericPrincipal; import ca.nrc.cadc.auth.OpenIdPrincipal; import java.io.IOException; import java.net.URL; import java.security.Principal; import javax.security.auth.x500.X500Principal; import javax.servlet.http.HttpServletRequest; Loading projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/UserServlet.java +4 −4 Original line number Diff line number Diff line Loading @@ -90,7 +90,7 @@ public class UserServlet extends HttpServlet private static final long serialVersionUID = 5289130885807305288L; private static final Logger log = Logger.getLogger(UserServlet.class); private String augmentUserDN; private String augmentUser; @Override public void init(final ServletConfig config) throws ServletException Loading @@ -99,8 +99,8 @@ public class UserServlet extends HttpServlet try { this.augmentUserDN = config.getInitParameter(UserServlet.class.getName() + ".augmentUserDN"); log.info("augmentUserDN: " + augmentUserDN); this.augmentUser = config.getInitParameter(UserServlet.class.getName() + ".augmentUser"); log.info("augmentUser: " + augmentUser); } catch(Exception ex) { Loading @@ -126,7 +126,7 @@ public class UserServlet extends HttpServlet AbstractUserAction action = factory.createAction(request); SyncOutput syncOut = new SyncOutput(response); action.setAugmentUserDN(this.augmentUserDN); action.setAugmentUserDN(this.augmentUser); action.setLogInfo(logInfo); action.setSyncOut(syncOut); action.setAcceptedContentType(getAcceptedContentType(request)); Loading projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/RequestValidatorTest.java +6 −3 Original line number Diff line number Diff line Loading @@ -71,15 +71,18 @@ package ca.nrc.cadc.ac.server; import ca.nrc.cadc.ac.Role; import ca.nrc.cadc.ac.server.web.groups.AddUserMemberActionTest; import ca.nrc.cadc.auth.AuthenticationUtil; import ca.nrc.cadc.auth.IdentityType; import ca.nrc.cadc.util.Log4jInit; import ca.nrc.cadc.uws.Parameter; import java.util.ArrayList; import java.util.List; import org.apache.log4j.Level; import org.apache.log4j.Logger; import org.junit.BeforeClass; import org.junit.Test; import static org.junit.Assert.*; /** Loading Loading @@ -152,7 +155,7 @@ public class RequestValidatorTest paramList.clear(); paramList.add(new Parameter("ID", "foo")); paramList.add(new Parameter("IDTYPE", AuthenticationUtil.AUTH_TYPE_HTTP)); paramList.add(new Parameter("IDTYPE", IdentityType.USERNAME.getValue())); paramList.add(new Parameter("ROLE", "foo")); try { Loading @@ -163,7 +166,7 @@ public class RequestValidatorTest paramList.clear(); paramList.add(new Parameter("ID", "foo")); paramList.add(new Parameter("IDTYPE", AuthenticationUtil.AUTH_TYPE_HTTP)); paramList.add(new Parameter("IDTYPE", IdentityType.USERNAME.getValue())); paramList.add(new Parameter("ROLE", "foo")); paramList.add(new Parameter("GROUPID", "")); try Loading @@ -175,7 +178,7 @@ public class RequestValidatorTest paramList.clear(); paramList.add(new Parameter("ID", "foo")); paramList.add(new Parameter("IDTYPE", AuthenticationUtil.AUTH_TYPE_HTTP)); paramList.add(new Parameter("IDTYPE", IdentityType.USERNAME.getValue())); paramList.add(new Parameter("ROLE", Role.MEMBER.getValue())); rv.validate(paramList); Loading Loading
projects/cadcAccessControl-Server/build.xml +2 −1 Original line number Diff line number Diff line Loading @@ -93,6 +93,7 @@ <property name="cadcUtil" value="${lib}/cadcUtil.jar"/> <property name="cadcUWS" value="${lib}/cadcUWS.jar"/> <property name="wsUtil" value="${lib}/wsUtil.jar"/> <property name="wsUtil-augment" value="${lib}/wsUtil-augment.jar"/> <property name="javacsv" value="${ext.lib}/javacsv.jar"/> <property name="jdom2" value="${ext.lib}/jdom2.jar"/> Loading @@ -102,7 +103,7 @@ <property name="xerces" value="${ext.lib}/xerces.jar"/> <property name="jars" value="${javacsv}:${jdom2}:${log4j}:${servlet}:${unboundid}:${xerces}:${cadcAccessControl}:${cadcLog}:${cadcRegistry}:${cadcUtil}:${cadcUWS}:${wsUtil}"/> value="${javacsv}:${jdom2}:${log4j}:${servlet}:${unboundid}:${xerces}:${cadcAccessControl}:${cadcLog}:${cadcRegistry}:${cadcUtil}:${cadcUWS}:${wsUtil}:${wsUtil-augment}"/> <target name="build" depends="compile"> <jar jarfile="${build}/lib/${project}.jar" Loading
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/GetUserAction.java +41 −38 Original line number Diff line number Diff line Loading @@ -71,6 +71,8 @@ import ca.nrc.cadc.ac.PersonalDetails; import ca.nrc.cadc.ac.User; import ca.nrc.cadc.ac.UserNotFoundException; import ca.nrc.cadc.ac.server.UserPersistence; import ca.nrc.cadc.auth.HttpPrincipal; import ca.nrc.cadc.auth.NumericPrincipal; import java.security.AccessControlContext; import java.security.AccessController; Loading @@ -79,10 +81,12 @@ import java.security.PrivilegedExceptionAction; import java.util.Set; import javax.security.auth.Subject; import javax.security.auth.x500.X500Principal; import org.apache.log4j.Logger; public class GetUserAction extends AbstractUserAction { private static final Logger log = Logger.getLogger(GetUserAction.class); Loading @@ -100,14 +104,14 @@ public class GetUserAction extends AbstractUserAction { User<Principal> user; if (isServops()) if (isAugmentUser()) { Subject subject = new Subject(); subject.getPrincipals().add(this.userID); user = (User<Principal>) Subject.doAs(subject, new PrivilegedExceptionAction<Object>() user = Subject.doAs(subject, new PrivilegedExceptionAction<User<Principal>>() { @Override public Object run() throws Exception public User<Principal> run() throws Exception { return getUser(userID); } Loading @@ -130,6 +134,12 @@ public class GetUserAction extends AbstractUserAction try { user = userPersistence.getUser(principal); } catch (UserNotFoundException e) { user = userPersistence.getPendingUser(principal); } if (detail != null) { // Only return user principals Loading @@ -156,32 +166,25 @@ public class GetUserAction extends AbstractUserAction throw new IllegalArgumentException("Illegal detail parameter " + detail); } } } catch (UserNotFoundException e) { user = userPersistence.getPendingUser(principal); } return user; } protected boolean isServops() protected boolean isAugmentUser() { boolean isServops = false; AccessControlContext acc = AccessController.getContext(); Subject subject = Subject.getSubject(acc); if (subject != null) { for (Principal principal : subject.getPrincipals()) for (Principal principal : subject.getPrincipals(HttpPrincipal.class)) { if (principal.getName().equals(this.getAugmentUserDN())) { isServops = true; break; return true; } } } return isServops; return false; } }
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/UserActionFactory.java +2 −1 Original line number Diff line number Diff line Loading @@ -68,17 +68,18 @@ */ package ca.nrc.cadc.ac.server.web.users; import ca.nrc.cadc.ac.IdentityType; import ca.nrc.cadc.ac.User; import ca.nrc.cadc.ac.server.web.WebUtil; import ca.nrc.cadc.auth.CookiePrincipal; import ca.nrc.cadc.auth.HttpPrincipal; import ca.nrc.cadc.auth.IdentityType; import ca.nrc.cadc.auth.NumericPrincipal; import ca.nrc.cadc.auth.OpenIdPrincipal; import java.io.IOException; import java.net.URL; import java.security.Principal; import javax.security.auth.x500.X500Principal; import javax.servlet.http.HttpServletRequest; Loading
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/UserServlet.java +4 −4 Original line number Diff line number Diff line Loading @@ -90,7 +90,7 @@ public class UserServlet extends HttpServlet private static final long serialVersionUID = 5289130885807305288L; private static final Logger log = Logger.getLogger(UserServlet.class); private String augmentUserDN; private String augmentUser; @Override public void init(final ServletConfig config) throws ServletException Loading @@ -99,8 +99,8 @@ public class UserServlet extends HttpServlet try { this.augmentUserDN = config.getInitParameter(UserServlet.class.getName() + ".augmentUserDN"); log.info("augmentUserDN: " + augmentUserDN); this.augmentUser = config.getInitParameter(UserServlet.class.getName() + ".augmentUser"); log.info("augmentUser: " + augmentUser); } catch(Exception ex) { Loading @@ -126,7 +126,7 @@ public class UserServlet extends HttpServlet AbstractUserAction action = factory.createAction(request); SyncOutput syncOut = new SyncOutput(response); action.setAugmentUserDN(this.augmentUserDN); action.setAugmentUserDN(this.augmentUser); action.setLogInfo(logInfo); action.setSyncOut(syncOut); action.setAcceptedContentType(getAcceptedContentType(request)); Loading
projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/RequestValidatorTest.java +6 −3 Original line number Diff line number Diff line Loading @@ -71,15 +71,18 @@ package ca.nrc.cadc.ac.server; import ca.nrc.cadc.ac.Role; import ca.nrc.cadc.ac.server.web.groups.AddUserMemberActionTest; import ca.nrc.cadc.auth.AuthenticationUtil; import ca.nrc.cadc.auth.IdentityType; import ca.nrc.cadc.util.Log4jInit; import ca.nrc.cadc.uws.Parameter; import java.util.ArrayList; import java.util.List; import org.apache.log4j.Level; import org.apache.log4j.Logger; import org.junit.BeforeClass; import org.junit.Test; import static org.junit.Assert.*; /** Loading Loading @@ -152,7 +155,7 @@ public class RequestValidatorTest paramList.clear(); paramList.add(new Parameter("ID", "foo")); paramList.add(new Parameter("IDTYPE", AuthenticationUtil.AUTH_TYPE_HTTP)); paramList.add(new Parameter("IDTYPE", IdentityType.USERNAME.getValue())); paramList.add(new Parameter("ROLE", "foo")); try { Loading @@ -163,7 +166,7 @@ public class RequestValidatorTest paramList.clear(); paramList.add(new Parameter("ID", "foo")); paramList.add(new Parameter("IDTYPE", AuthenticationUtil.AUTH_TYPE_HTTP)); paramList.add(new Parameter("IDTYPE", IdentityType.USERNAME.getValue())); paramList.add(new Parameter("ROLE", "foo")); paramList.add(new Parameter("GROUPID", "")); try Loading @@ -175,7 +178,7 @@ public class RequestValidatorTest paramList.clear(); paramList.add(new Parameter("ID", "foo")); paramList.add(new Parameter("IDTYPE", AuthenticationUtil.AUTH_TYPE_HTTP)); paramList.add(new Parameter("IDTYPE", IdentityType.USERNAME.getValue())); paramList.add(new Parameter("ROLE", Role.MEMBER.getValue())); rv.validate(paramList); Loading
