Commit cf0e8254 authored by bmajor's avatar bmajor Committed by GitHub
Browse files

Merge pull request #14 from brianmajor/issue-10

Issue 10 - Full URI with authority in Group Model
parents f6757bd1 7bd03087
......@@ -13,7 +13,7 @@ repositories {
sourceCompatibility = 1.7
group = 'org.opencadc'
version = '1.0.2'
version = '1.1.0'
dependencies {
compile 'log4j:log4j:1.2.+'
......@@ -22,7 +22,7 @@ dependencies {
compile 'xerces:xercesImpl:2.+'
compile 'com.unboundid:unboundid-ldapsdk:2.3.+'
compile 'org.opencadc:cadc-access-control:1.+'
compile 'org.opencadc:cadc-access-control:1.1.+'
compile 'org.opencadc:cadc-util:1.+'
compile 'org.opencadc:cadc-log:1.+'
compile 'org.opencadc:cadc-registry:1.+'
......
......@@ -69,6 +69,7 @@
package ca.nrc.cadc.ac.server.ldap;
import java.lang.reflect.Field;
import java.net.URI;
import java.security.AccessControlException;
import java.util.ArrayList;
import java.util.Collection;
......@@ -79,18 +80,6 @@ import java.util.Set;
import org.apache.log4j.Logger;
import ca.nrc.cadc.ac.ActivatedGroup;
import ca.nrc.cadc.ac.Group;
import ca.nrc.cadc.ac.GroupAlreadyExistsException;
import ca.nrc.cadc.ac.GroupNotFoundException;
import ca.nrc.cadc.ac.User;
import ca.nrc.cadc.ac.UserNotFoundException;
import ca.nrc.cadc.ac.server.GroupDetailSelector;
import ca.nrc.cadc.auth.DNPrincipal;
import ca.nrc.cadc.net.TransientException;
import ca.nrc.cadc.profiler.Profiler;
import ca.nrc.cadc.util.StringUtil;
import com.unboundid.ldap.sdk.AddRequest;
import com.unboundid.ldap.sdk.Attribute;
import com.unboundid.ldap.sdk.DN;
......@@ -110,6 +99,21 @@ import com.unboundid.ldap.sdk.SearchResultListener;
import com.unboundid.ldap.sdk.SearchResultReference;
import com.unboundid.ldap.sdk.SearchScope;
import ca.nrc.cadc.ac.ActivatedGroup;
import ca.nrc.cadc.ac.Group;
import ca.nrc.cadc.ac.GroupAlreadyExistsException;
import ca.nrc.cadc.ac.GroupNotFoundException;
import ca.nrc.cadc.ac.GroupURI;
import ca.nrc.cadc.ac.User;
import ca.nrc.cadc.ac.UserNotFoundException;
import ca.nrc.cadc.ac.server.GroupDetailSelector;
import ca.nrc.cadc.auth.DNPrincipal;
import ca.nrc.cadc.net.TransientException;
import ca.nrc.cadc.profiler.Profiler;
import ca.nrc.cadc.reg.Standards;
import ca.nrc.cadc.reg.client.LocalAuthority;
import ca.nrc.cadc.util.StringUtil;
public class LdapGroupDAO extends LdapDAO
{
private static final Logger logger = Logger.getLogger(LdapGroupDAO.class);
......@@ -193,16 +197,16 @@ public class LdapGroupDAO extends LdapDAO
else
{
// add group to groups tree
LDAPResult result = addGroup(getGroupDN(group.getID()),
group.getID(), ownerDN,
LDAPResult result = addGroup(getGroupDN(group.getID().getName()),
group.getID().getName(), ownerDN,
group.description,
group.getUserMembers(),
group.getGroupMembers());
LdapDAO.checkLdapResult(result.getResultCode());
// add group to admin groups tree
result = addGroup(getAdminGroupDN(group.getID()),
group.getID(), ownerDN,
result = addGroup(getAdminGroupDN(group.getID().getName()),
group.getID().getName(), ownerDN,
group.description,
group.getUserAdmins(),
group.getGroupAdmins());
......@@ -245,7 +249,7 @@ public class LdapGroupDAO extends LdapDAO
}
for (Group groupMember : groups)
{
final String groupMemberID = groupMember.getID();
final String groupMemberID = groupMember.getID().getName();
if (!checkGroupExists(groupMemberID))
{
throw new GroupNotFoundException(groupMemberID);
......@@ -285,9 +289,9 @@ public class LdapGroupDAO extends LdapDAO
try
{
// check group name exists
Filter filter = Filter.createEqualityFilter(LDAP_CN, group.getID());
Filter filter = Filter.createEqualityFilter(LDAP_CN, group.getID().getName());
DN groupDN = getGroupDN(group.getID());
DN groupDN = getGroupDN(group.getID().getName());
SearchRequest searchRequest =
new SearchRequest(groupDN.toNormalizedString(), SearchScope.BASE,
filter, new String[]{LDAP_NSACCOUNTLOCK});
......@@ -537,7 +541,7 @@ public class LdapGroupDAO extends LdapDAO
throws GroupNotFoundException, TransientException,
AccessControlException, UserNotFoundException
{
String groupID = group.getID();
String groupID = group.getID().getName();
getGroup(getGroupDN(groupID), groupID, PUB_GROUP_ATTRS);//group must exists first
return modifyGroup(group, false);
}
......@@ -580,11 +584,11 @@ public class LdapGroupDAO extends LdapDAO
}
for (Group gr : group.getGroupMembers())
{
if (!checkGroupExists(gr.getID()))
if (!checkGroupExists(gr.getID().getName()))
{
throw new GroupNotFoundException(gr.getID());
throw new GroupNotFoundException(gr.getID().getName());
}
DN grDN = getGroupDN(gr.getID());
DN grDN = getGroupDN(gr.getID().getName());
newMembers.add(grDN.toNormalizedString());
}
......@@ -596,11 +600,11 @@ public class LdapGroupDAO extends LdapDAO
}
for (Group gr : group.getGroupAdmins())
{
if (!checkGroupExists(gr.getID()))
if (!checkGroupExists(gr.getID().getName()))
{
throw new GroupNotFoundException(gr.getID());
throw new GroupNotFoundException(gr.getID().getName());
}
DN grDN = getGroupDN(gr.getID());
DN grDN = getGroupDN(gr.getID().getName());
newAdmins.add(grDN.toNormalizedString());
}
......@@ -610,7 +614,7 @@ public class LdapGroupDAO extends LdapDAO
(String[]) newAdmins.toArray(new String[newAdmins.size()])));
ModifyRequest adminModify =
new ModifyRequest(getAdminGroupDN(group.getID()), adminMods);
new ModifyRequest(getAdminGroupDN(group.getID().getName()), adminMods);
LdapDAO.checkLdapResult(
getReadWriteConnection().modify(adminModify).getResultCode());
......@@ -621,7 +625,7 @@ public class LdapGroupDAO extends LdapDAO
(String[]) newMembers.toArray(new String[newMembers.size()])));
ModifyRequest modifyRequest =
new ModifyRequest(getGroupDN(group.getID()), mods);
new ModifyRequest(getGroupDN(group.getID().getName()), mods);
LdapDAO.checkLdapResult(
getReadWriteConnection().modify(modifyRequest).getResultCode());
......@@ -635,11 +639,11 @@ public class LdapGroupDAO extends LdapDAO
{
if (withActivate)
{
return new ActivatedGroup(getGroup(group.getID(), true));
return new ActivatedGroup(getGroup(group.getID().getName(), true));
}
else
{
return getGroup(group.getID(), true);
return getGroup(group.getID().getName(), true);
}
}
catch (GroupNotFoundException e)
......@@ -756,9 +760,12 @@ public class LdapGroupDAO extends LdapDAO
String entryDN = result.getAttributeValue(LDAP_ENTRYDN);
String groupName = result.getAttributeValue(LDAP_CN);
LocalAuthority localAuthority = new LocalAuthority();
URI gmsServiceID = localAuthority.getServiceURI(Standards.GMS_GROUPS_01.toString());
if (attributes == PUB_GROUP_ATTRS)
{
return new Group(groupName);
GroupURI groupID = new GroupURI(gmsServiceID.toString() + "?" + groupName);
return new Group(groupID);
}
String ownerDN = result.getAttributeValue(LDAP_OWNER);
......@@ -769,7 +776,8 @@ public class LdapGroupDAO extends LdapDAO
try
{
User owner = userDAO.getUser(new DNPrincipal(ownerDN));
Group group = new Group(groupName);
GroupURI groupID = new GroupURI(gmsServiceID.toString() + "?" + groupName);
Group group = new Group(groupID);
setField(group, owner, LDAP_OWNER);
if (result.hasAttribute(LDAP_DESCRIPTION))
{
......
......@@ -223,7 +223,7 @@ public class LdapGroupPersistence extends LdapPersistence implements GroupPersis
AccessControlException, UserNotFoundException
{
Subject callerSubject = AuthenticationUtil.getCurrentSubject();
boolean allowed = isAdmin(callerSubject, group.getID());
boolean allowed = isAdmin(callerSubject, group.getID().getName());
LdapGroupDAO groupDAO = null;
LdapUserDAO userDAO = null;
......@@ -234,7 +234,7 @@ public class LdapGroupPersistence extends LdapPersistence implements GroupPersis
groupDAO = new LdapGroupDAO(conns, userDAO);
if (!allowed)
{
Group g = groupDAO.getGroup(group.getID(), false);
Group g = groupDAO.getGroup(group.getID().getName(), false);
if (isOwner(callerSubject, g))
allowed = true;
}
......@@ -287,13 +287,13 @@ public class LdapGroupPersistence extends LdapPersistence implements GroupPersis
while ( i.hasNext() )
{
Group g = i.next();
if (groupID == null || g.getID().equalsIgnoreCase(groupID))
if (groupID == null || g.getID().getName().equalsIgnoreCase(groupID))
{
if (detailSelector != null && detailSelector.isDetailedSearch(g, role))
{
try
{
Group g2 = groupDAO.getGroup(g.getID(), false);
Group g2 = groupDAO.getGroup(g.getID().getName(), false);
log.debug("role " + role + " loaded: " + g2);
ret.add(g2);
}
......@@ -340,7 +340,7 @@ public class LdapGroupPersistence extends LdapPersistence implements GroupPersis
List<Group> groups = getGroupCache(caller, Role.MEMBER);
for (Group g : groups)
{
if (g.getID().equalsIgnoreCase(groupName))
if (g.getID().getName().equalsIgnoreCase(groupName))
return true;
}
return false;
......@@ -351,7 +351,7 @@ public class LdapGroupPersistence extends LdapPersistence implements GroupPersis
List<Group> groups = getGroupCache(caller, Role.ADMIN);
for (Group g : groups)
{
if (g.getID().equalsIgnoreCase(groupName))
if (g.getID().getName().equalsIgnoreCase(groupName))
return true;
}
return false;
......
......@@ -86,25 +86,6 @@ import javax.security.auth.x500.X500Principal;
import org.apache.log4j.Logger;
import ca.nrc.cadc.ac.Group;
import ca.nrc.cadc.ac.InternalID;
import ca.nrc.cadc.ac.PersonalDetails;
import ca.nrc.cadc.ac.Role;
import ca.nrc.cadc.ac.User;
import ca.nrc.cadc.ac.UserAlreadyExistsException;
import ca.nrc.cadc.ac.UserNotFoundException;
import ca.nrc.cadc.ac.UserRequest;
import ca.nrc.cadc.ac.client.GroupMemberships;
import ca.nrc.cadc.auth.DNPrincipal;
import ca.nrc.cadc.auth.HttpPrincipal;
import ca.nrc.cadc.auth.NumericPrincipal;
import ca.nrc.cadc.net.TransientException;
import ca.nrc.cadc.profiler.Profiler;
import ca.nrc.cadc.reg.Standards;
import ca.nrc.cadc.reg.client.LocalAuthority;
import ca.nrc.cadc.util.ObjectUtil;
import ca.nrc.cadc.util.StringUtil;
import com.unboundid.ldap.sdk.AddRequest;
import com.unboundid.ldap.sdk.Attribute;
import com.unboundid.ldap.sdk.BindRequest;
......@@ -129,6 +110,26 @@ import com.unboundid.ldap.sdk.SimpleBindRequest;
import com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedRequest;
import com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedResult;
import ca.nrc.cadc.ac.Group;
import ca.nrc.cadc.ac.GroupURI;
import ca.nrc.cadc.ac.InternalID;
import ca.nrc.cadc.ac.PersonalDetails;
import ca.nrc.cadc.ac.Role;
import ca.nrc.cadc.ac.User;
import ca.nrc.cadc.ac.UserAlreadyExistsException;
import ca.nrc.cadc.ac.UserNotFoundException;
import ca.nrc.cadc.ac.UserRequest;
import ca.nrc.cadc.ac.client.GroupMemberships;
import ca.nrc.cadc.auth.DNPrincipal;
import ca.nrc.cadc.auth.HttpPrincipal;
import ca.nrc.cadc.auth.NumericPrincipal;
import ca.nrc.cadc.net.TransientException;
import ca.nrc.cadc.profiler.Profiler;
import ca.nrc.cadc.reg.Standards;
import ca.nrc.cadc.reg.client.LocalAuthority;
import ca.nrc.cadc.util.ObjectUtil;
import ca.nrc.cadc.util.StringUtil;
/**
*
......@@ -781,11 +782,14 @@ public class LdapUserDAO extends LdapDAO
// some pretty horrible hacks to avoid querying LDAP for group details...
private Group createGroupFromDN(DN groupDN)
{
LocalAuthority localAuthority = new LocalAuthority();
URI gmsServiceURI = localAuthority.getServiceURI(Standards.GMS_GROUPS_01.toString());
String cn = groupDN.getRDNString();
String[] parts = cn.split("=");
if (parts.length == 2 && parts[0].equals("cn"))
{
return new Group(parts[1]);
GroupURI groupID = new GroupURI(gmsServiceURI.toString() + "?" + parts[1]);
return new Group(groupID);
}
throw new RuntimeException("BUG: failed to extract group name from " + groupDN
.toString());
......
......@@ -79,13 +79,13 @@ import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import ca.nrc.cadc.auth.AuthMethod;
import ca.nrc.cadc.reg.Standards;
import org.apache.log4j.Logger;
import ca.nrc.cadc.auth.AuthMethod;
import ca.nrc.cadc.auth.AuthenticationUtil;
import ca.nrc.cadc.auth.HttpPrincipal;
import ca.nrc.cadc.log.ServletLogInfo;
import ca.nrc.cadc.reg.Standards;
import ca.nrc.cadc.reg.client.LocalAuthority;
import ca.nrc.cadc.reg.client.RegistryClient;
......@@ -154,6 +154,12 @@ public class WhoAmIServlet extends HttpServlet
}
}
public URI getServiceURI(URI standard)
{
LocalAuthority localAuthority = new LocalAuthority();
return localAuthority.getServiceURI(standard.toString());
}
/**
* Forward on to the Service's user endpoint.
*
......@@ -167,8 +173,7 @@ public class WhoAmIServlet extends HttpServlet
{
final RegistryClient registryClient = getRegistryClient();
LocalAuthority localAuthority = new LocalAuthority();
URI umsServiceURI = localAuthority.getServiceURI(Standards.UMS_WHOAMI_01.toString());
URI umsServiceURI = getServiceURI(Standards.UMS_WHOAMI_01);
log.debug("ums service uri: " + umsServiceURI);
final URL serviceURL = registryClient.getServiceURL(umsServiceURI, Standards.UMS_USERS_01, AuthMethod.CERT);
......
......@@ -69,6 +69,7 @@
package ca.nrc.cadc.ac.server.web.groups;
import java.io.IOException;
import java.net.URI;
import java.security.AccessControlException;
import java.security.Principal;
import java.security.PrivilegedActionException;
......@@ -91,6 +92,7 @@ import ca.nrc.cadc.ac.server.GroupPersistence;
import ca.nrc.cadc.ac.server.web.SyncOutput;
import ca.nrc.cadc.auth.HttpPrincipal;
import ca.nrc.cadc.net.TransientException;
import ca.nrc.cadc.reg.client.LocalAuthority;
public abstract class AbstractGroupAction implements PrivilegedExceptionAction<Object>
{
......@@ -126,6 +128,12 @@ public abstract class AbstractGroupAction implements PrivilegedExceptionAction<O
this.groupPersistence = groupPersistence;
}
public URI getServiceURI(URI standard)
{
LocalAuthority localAuthority = new LocalAuthority();
return localAuthority.getServiceURI(standard.toString());
}
public Object run() throws PrivilegedActionException
{
try
......
......@@ -68,12 +68,15 @@
*/
package ca.nrc.cadc.ac.server.web.groups;
import ca.nrc.cadc.ac.Group;
import ca.nrc.cadc.ac.GroupAlreadyExistsException;
import ca.nrc.cadc.ac.server.GroupPersistence;
import java.net.URI;
import java.util.ArrayList;
import java.util.List;
import ca.nrc.cadc.ac.Group;
import ca.nrc.cadc.ac.GroupAlreadyExistsException;
import ca.nrc.cadc.ac.GroupURI;
import ca.nrc.cadc.reg.Standards;
public class AddGroupMemberAction extends AbstractGroupAction
{
private final String groupName;
......@@ -90,7 +93,9 @@ public class AddGroupMemberAction extends AbstractGroupAction
public void doAction() throws Exception
{
Group group = groupPersistence.getGroup(this.groupName);
Group toAdd = new Group(this.groupMemberName);
URI gmsServiceURI = getServiceURI(Standards.GMS_GROUPS_01);
GroupURI toAddID = new GroupURI(gmsServiceURI.toString() + "?" + this.groupMemberName);
Group toAdd = new Group(toAddID);
if (!group.getGroupMembers().add(toAdd))
{
throw new GroupAlreadyExistsException(this.groupMemberName);
......@@ -98,8 +103,8 @@ public class AddGroupMemberAction extends AbstractGroupAction
groupPersistence.modifyGroup(group);
List<String> addedMembers = new ArrayList<String>();
addedMembers.add(toAdd.getID());
logGroupInfo(group.getID(), null, addedMembers);
addedMembers.add(toAdd.getID().getName());
logGroupInfo(group.getID().getName(), null, addedMembers);
}
}
......@@ -113,7 +113,7 @@ public class AddUserMemberAction extends AbstractGroupAction
List<String> addedMembers = new ArrayList<String>();
addedMembers.add(getUseridForLogging(toAdd));
logGroupInfo(group.getID(), null, addedMembers);
logGroupInfo(group.getID().getName(), null, addedMembers);
}
}
......@@ -104,7 +104,7 @@ public class CreateGroupAction extends AbstractGroupAction
addedMembers = new ArrayList<String>();
for (Group gr : group.getGroupMembers())
{
addedMembers.add(gr.getID());
addedMembers.add(gr.getID().getName());
}
for (User usr : group.getUserMembers())
{
......@@ -116,7 +116,7 @@ public class CreateGroupAction extends AbstractGroupAction
addedMembers.add(p.getName());
}
}
logGroupInfo(group.getID(), null, addedMembers);
logGroupInfo(group.getID().getName(), null, addedMembers);
}
}
......@@ -92,7 +92,7 @@ public class DeleteGroupAction extends AbstractGroupAction
this.logInfo.deletedMembers = new ArrayList<String>();
for (Group gr : deletedGroup.getGroupMembers())
{
this.logInfo.deletedMembers.add(gr.getID());
this.logInfo.deletedMembers.add(gr.getID().getName());
}
for (User usr : deletedGroup.getUserMembers())
{
......
......@@ -114,7 +114,7 @@ public class ModifyGroupAction extends AbstractGroupAction
{
if (!oldGroup.getGroupMembers().remove(gr))
{
addedMembers.add(gr.getID());
addedMembers.add(gr.getID().getName());
}
}
if (addedMembers.isEmpty())
......@@ -128,13 +128,13 @@ public class ModifyGroupAction extends AbstractGroupAction
}
for (Group gr : oldGroup.getGroupMembers())
{
deletedMembers.add(gr.getID());
deletedMembers.add(gr.getID().getName());
}
if (deletedMembers.isEmpty())
{
deletedMembers = null;
}
logGroupInfo(group.getID(), deletedMembers, addedMembers);
logGroupInfo(group.getID().getName(), deletedMembers, addedMembers);
profiler.checkpoint("log GroupInfo");
syncOut.setHeader("Location", request);
......
......@@ -68,14 +68,21 @@
*/
package ca.nrc.cadc.ac.server.web.groups;
import ca.nrc.cadc.ac.Group;
import ca.nrc.cadc.ac.GroupNotFoundException;
import java.net.URI;
import java.util.ArrayList;
import java.util.List;
import org.apache.log4j.Logger;
import ca.nrc.cadc.ac.Group;
import ca.nrc.cadc.ac.GroupNotFoundException;
import ca.nrc.cadc.ac.GroupURI;
import ca.nrc.cadc.reg.Standards;
public class RemoveGroupMemberAction extends AbstractGroupAction
{
private final static Logger log = Logger.getLogger(RemoveGroupMemberAction.class);
private final String groupName;
private final String groupMemberName;
......@@ -89,7 +96,12 @@ public class RemoveGroupMemberAction extends AbstractGroupAction
public void doAction() throws Exception
{
Group group = groupPersistence.getGroup(this.groupName);
Group toRemove = new Group(this.groupMemberName);
URI gmsServiceURI = getServiceURI(Standards.GMS_GROUPS_01);
GroupURI toRemoveID = new GroupURI(gmsServiceURI.toString() + "?" + this.groupMemberName);
Group toRemove = new Group(toRemoveID);
log.debug("group member count: " + group.getGroupMembers().size());
log.debug("contains one to remove: " + group.getGroupMembers().contains(toRemove));
if (!group.getGroupMembers().remove(toRemove))
{
......@@ -98,8 +110,8 @@ public class RemoveGroupMemberAction extends AbstractGroupAction
groupPersistence.modifyGroup(group);
List<String> deletedMembers = new ArrayList<String>();
deletedMembers.add(toRemove.getID());
logGroupInfo(group.getID(), deletedMembers, null);
deletedMembers.add(toRemove.getID().getName());
logGroupInfo(group.getID().getName(), deletedMembers, null);
}
}
......@@ -110,7 +110,7 @@ public class RemoveUserMemberAction extends AbstractGroupAction
List<String> deletedMembers = new ArrayList<String>();
deletedMembers.add(getUseridForLogging(user));
logGroupInfo(group.getID(), deletedMembers, null);
logGroupInfo(group.getID().getName(), deletedMembers, null);
}
protected UserPersistence getUserPersistence()
......
......@@ -87,6 +87,7 @@ import org.junit.Test;
import ca.nrc.cadc.ac.Group;
import ca.nrc.cadc.ac.GroupNotFoundException;
import ca.nrc.cadc.ac.GroupProperty;
import ca.nrc.cadc.ac.GroupURI;
import ca.nrc.cadc.ac.User;
import ca.nrc.cadc.util.Log4jInit;
import ca.nrc.cadc.util.PropertiesReader;
......@@ -130,17 +131,17 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest
{
try
{
Group expectGroup = new Group(getGroupID());
Group expectGroup = new Group(new GroupURI("ivo://example.org/gms?" + getGroupID()));
setField(expectGroup, cadcDaoTest1_AugmentedUser, "owner");
getGroupDAO().addGroup(expectGroup);