Loading cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/UserPersistence.java +13 −0 Original line number Diff line number Diff line Loading @@ -238,6 +238,19 @@ public interface UserPersistence throws UserNotFoundException, TransientException, AccessControlException; /** * Deactivate the user with the specified Principal from the active users tree. * * @param userID A Principal of the User. * * @throws UserNotFoundException when the user is not found. * @throws TransientException If an temporary, unexpected problem occurred. * @throws AccessControlException If the operation is not permitted. */ void deactivateUser(Principal userID) throws UserNotFoundException, TransientException, AccessControlException; /** * Delete the user with the specified Principal from the pending users tree. * Loading cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java +2 −2 Original line number Diff line number Diff line Loading @@ -1069,11 +1069,11 @@ public class LdapUserDAO extends LdapDAO * @throws TransientException If an temporary, unexpected problem occurred. * @throws AccessControlException If the operation is not permitted. */ public void deleteUser(final Principal userID) public void deleteUser(final Principal userID, boolean markDelete) throws UserNotFoundException, TransientException, AccessControlException { deleteUser(userID, config.getUsersDN(), true); deleteUser(userID, config.getUsersDN(), markDelete); } /** Loading cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserPersistence.java +31 −2 Original line number Diff line number Diff line Loading @@ -402,7 +402,7 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste * @throws TransientException If an temporary, unexpected problem occurred. * @throws AccessControlException If the operation is not permitted. */ public void deleteUser(Principal userID) public void deactivateUser(Principal userID) throws UserNotFoundException, TransientException, AccessControlException { Loading @@ -415,7 +415,36 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste try { userDAO = getLdapUserDao(conns); userDAO.deleteUser(userID); userDAO.deleteUser(userID, true); } finally { conns.releaseConnections(); } } /** * Delete the user specified by userID. * * @param userID The userID. * * @throws UserNotFoundException when the user is not found. * @throws TransientException If an temporary, unexpected problem occurred. * @throws AccessControlException If the operation is not permitted. */ public void deleteUser(Principal userID) throws UserNotFoundException, TransientException, AccessControlException { // admin API: permission checks done in action layer // and in ACIs. LdapUserDAO userDAO = null; LdapConnections conns = new LdapConnections(this); try { userDAO = getLdapUserDao(conns); userDAO.deleteUser(userID, false); } finally { Loading cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/UserServlet.java +12 −6 Original line number Diff line number Diff line Loading @@ -84,12 +84,12 @@ import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import ca.nrc.cadc.ac.server.web.users.CreateUserAction; import org.apache.log4j.Logger; import ca.nrc.cadc.ac.server.PluginFactory; import ca.nrc.cadc.ac.server.UserPersistence; import ca.nrc.cadc.ac.server.web.users.AbstractUserAction; import ca.nrc.cadc.ac.server.web.users.CreateUserAction; import ca.nrc.cadc.ac.server.web.users.GetUserAction; import ca.nrc.cadc.ac.server.web.users.UserActionFactory; import ca.nrc.cadc.ac.server.web.users.UserLogInfo; Loading Loading @@ -186,6 +186,17 @@ public class UserServlet extends HttpServlet Subject subject; Subject privilegedSubject = getPrivilegedSubject(request); log.debug("privileged subject: " + privilegedSubject); if (privilegedSubject != null) { action.setIsPrivilegedUser(true); action.setPrivilegedSubject(true); logInfo.setSubject(privilegedSubject); } else { action.setIsPrivilegedUser(false); action.setPrivilegedSubject(false); } // If the calling subject is not a PrivilegedSubject, // AND it is a PUT request, throw an AccessControlException Loading @@ -194,7 +205,6 @@ public class UserServlet extends HttpServlet profiler.checkpoint("check non-privileged user"); if (privilegedSubject == null) { action.setPrivilegedSubject(false); subject = AuthenticationUtil.getSubject(request); logInfo.setSubject(subject); log.debug("augmented subject: " + subject); Loading @@ -202,7 +212,6 @@ public class UserServlet extends HttpServlet } else { action.setPrivilegedSubject(true); log.debug("subject not augmented: " + privilegedSubject); subject = privilegedSubject; logInfo.setSubject(privilegedSubject); Loading @@ -214,11 +223,8 @@ public class UserServlet extends HttpServlet // AND it is a GET request, do not augment the subject. else if (action instanceof GetUserAction && privilegedSubject != null) { profiler.checkpoint("check privileged user"); subject = Subject.getSubject(AccessController.getContext()); log.debug("subject not augmented: " + subject); action.setAugmentUser(true); logInfo.setSubject(privilegedSubject); profiler.checkpoint("set privileged user"); } else Loading cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/AbstractUserAction.java +7 −11 Original line number Diff line number Diff line Loading @@ -72,27 +72,23 @@ import java.io.IOException; import java.io.InputStream; import java.io.Writer; import java.security.AccessControlException; import java.security.Principal; import java.security.PrivilegedExceptionAction; import java.util.Collection; import ca.nrc.cadc.ac.WriterException; import org.apache.log4j.Logger; import ca.nrc.cadc.ac.ReaderException; import ca.nrc.cadc.ac.User; import ca.nrc.cadc.ac.UserAlreadyExistsException; import ca.nrc.cadc.ac.UserNotFoundException; import ca.nrc.cadc.ac.UserRequest; import ca.nrc.cadc.ac.WriterException; import ca.nrc.cadc.ac.json.JsonUserListWriter; import ca.nrc.cadc.ac.json.JsonUserReader; import ca.nrc.cadc.ac.json.JsonUserRequestReader; import ca.nrc.cadc.ac.json.JsonUserWriter; import ca.nrc.cadc.ac.server.UserPersistence; import ca.nrc.cadc.ac.server.web.SyncOutput; import ca.nrc.cadc.ac.xml.UserListWriter; import ca.nrc.cadc.ac.xml.UserReader; import ca.nrc.cadc.ac.xml.UserRequestReader; import ca.nrc.cadc.ac.xml.UserWriter; import ca.nrc.cadc.net.TransientException; import ca.nrc.cadc.profiler.Profiler; Loading @@ -104,7 +100,7 @@ public abstract class AbstractUserAction implements PrivilegedExceptionAction<Ob public static final String JSON_CONTENT_TYPE = "application/json"; private Profiler profiler = new Profiler(AbstractUserAction.class); protected boolean isAugmentUser; protected boolean isPrivilegedUser; protected boolean isPrivilegedSubject; protected UserLogInfo logInfo; protected SyncOutput syncOut; Loading @@ -114,19 +110,19 @@ public abstract class AbstractUserAction implements PrivilegedExceptionAction<Ob AbstractUserAction() { this.isAugmentUser = false; this.isPrivilegedUser = false; } public abstract void doAction() throws Exception; public void setAugmentUser(final boolean isAugmentUser) public void setIsPrivilegedUser(boolean isPrivilegedUser) { this.isAugmentUser = isAugmentUser; this.isPrivilegedUser = isPrivilegedUser; } public boolean isAugmentUser() public boolean isPrivilegedUser() { return this.isAugmentUser; return this.isPrivilegedUser; } public void setPrivilegedSubject(final boolean isPrivilegedSubject) Loading Loading
cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/UserPersistence.java +13 −0 Original line number Diff line number Diff line Loading @@ -238,6 +238,19 @@ public interface UserPersistence throws UserNotFoundException, TransientException, AccessControlException; /** * Deactivate the user with the specified Principal from the active users tree. * * @param userID A Principal of the User. * * @throws UserNotFoundException when the user is not found. * @throws TransientException If an temporary, unexpected problem occurred. * @throws AccessControlException If the operation is not permitted. */ void deactivateUser(Principal userID) throws UserNotFoundException, TransientException, AccessControlException; /** * Delete the user with the specified Principal from the pending users tree. * Loading
cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java +2 −2 Original line number Diff line number Diff line Loading @@ -1069,11 +1069,11 @@ public class LdapUserDAO extends LdapDAO * @throws TransientException If an temporary, unexpected problem occurred. * @throws AccessControlException If the operation is not permitted. */ public void deleteUser(final Principal userID) public void deleteUser(final Principal userID, boolean markDelete) throws UserNotFoundException, TransientException, AccessControlException { deleteUser(userID, config.getUsersDN(), true); deleteUser(userID, config.getUsersDN(), markDelete); } /** Loading
cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserPersistence.java +31 −2 Original line number Diff line number Diff line Loading @@ -402,7 +402,7 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste * @throws TransientException If an temporary, unexpected problem occurred. * @throws AccessControlException If the operation is not permitted. */ public void deleteUser(Principal userID) public void deactivateUser(Principal userID) throws UserNotFoundException, TransientException, AccessControlException { Loading @@ -415,7 +415,36 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste try { userDAO = getLdapUserDao(conns); userDAO.deleteUser(userID); userDAO.deleteUser(userID, true); } finally { conns.releaseConnections(); } } /** * Delete the user specified by userID. * * @param userID The userID. * * @throws UserNotFoundException when the user is not found. * @throws TransientException If an temporary, unexpected problem occurred. * @throws AccessControlException If the operation is not permitted. */ public void deleteUser(Principal userID) throws UserNotFoundException, TransientException, AccessControlException { // admin API: permission checks done in action layer // and in ACIs. LdapUserDAO userDAO = null; LdapConnections conns = new LdapConnections(this); try { userDAO = getLdapUserDao(conns); userDAO.deleteUser(userID, false); } finally { Loading
cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/UserServlet.java +12 −6 Original line number Diff line number Diff line Loading @@ -84,12 +84,12 @@ import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import ca.nrc.cadc.ac.server.web.users.CreateUserAction; import org.apache.log4j.Logger; import ca.nrc.cadc.ac.server.PluginFactory; import ca.nrc.cadc.ac.server.UserPersistence; import ca.nrc.cadc.ac.server.web.users.AbstractUserAction; import ca.nrc.cadc.ac.server.web.users.CreateUserAction; import ca.nrc.cadc.ac.server.web.users.GetUserAction; import ca.nrc.cadc.ac.server.web.users.UserActionFactory; import ca.nrc.cadc.ac.server.web.users.UserLogInfo; Loading Loading @@ -186,6 +186,17 @@ public class UserServlet extends HttpServlet Subject subject; Subject privilegedSubject = getPrivilegedSubject(request); log.debug("privileged subject: " + privilegedSubject); if (privilegedSubject != null) { action.setIsPrivilegedUser(true); action.setPrivilegedSubject(true); logInfo.setSubject(privilegedSubject); } else { action.setIsPrivilegedUser(false); action.setPrivilegedSubject(false); } // If the calling subject is not a PrivilegedSubject, // AND it is a PUT request, throw an AccessControlException Loading @@ -194,7 +205,6 @@ public class UserServlet extends HttpServlet profiler.checkpoint("check non-privileged user"); if (privilegedSubject == null) { action.setPrivilegedSubject(false); subject = AuthenticationUtil.getSubject(request); logInfo.setSubject(subject); log.debug("augmented subject: " + subject); Loading @@ -202,7 +212,6 @@ public class UserServlet extends HttpServlet } else { action.setPrivilegedSubject(true); log.debug("subject not augmented: " + privilegedSubject); subject = privilegedSubject; logInfo.setSubject(privilegedSubject); Loading @@ -214,11 +223,8 @@ public class UserServlet extends HttpServlet // AND it is a GET request, do not augment the subject. else if (action instanceof GetUserAction && privilegedSubject != null) { profiler.checkpoint("check privileged user"); subject = Subject.getSubject(AccessController.getContext()); log.debug("subject not augmented: " + subject); action.setAugmentUser(true); logInfo.setSubject(privilegedSubject); profiler.checkpoint("set privileged user"); } else Loading
cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/AbstractUserAction.java +7 −11 Original line number Diff line number Diff line Loading @@ -72,27 +72,23 @@ import java.io.IOException; import java.io.InputStream; import java.io.Writer; import java.security.AccessControlException; import java.security.Principal; import java.security.PrivilegedExceptionAction; import java.util.Collection; import ca.nrc.cadc.ac.WriterException; import org.apache.log4j.Logger; import ca.nrc.cadc.ac.ReaderException; import ca.nrc.cadc.ac.User; import ca.nrc.cadc.ac.UserAlreadyExistsException; import ca.nrc.cadc.ac.UserNotFoundException; import ca.nrc.cadc.ac.UserRequest; import ca.nrc.cadc.ac.WriterException; import ca.nrc.cadc.ac.json.JsonUserListWriter; import ca.nrc.cadc.ac.json.JsonUserReader; import ca.nrc.cadc.ac.json.JsonUserRequestReader; import ca.nrc.cadc.ac.json.JsonUserWriter; import ca.nrc.cadc.ac.server.UserPersistence; import ca.nrc.cadc.ac.server.web.SyncOutput; import ca.nrc.cadc.ac.xml.UserListWriter; import ca.nrc.cadc.ac.xml.UserReader; import ca.nrc.cadc.ac.xml.UserRequestReader; import ca.nrc.cadc.ac.xml.UserWriter; import ca.nrc.cadc.net.TransientException; import ca.nrc.cadc.profiler.Profiler; Loading @@ -104,7 +100,7 @@ public abstract class AbstractUserAction implements PrivilegedExceptionAction<Ob public static final String JSON_CONTENT_TYPE = "application/json"; private Profiler profiler = new Profiler(AbstractUserAction.class); protected boolean isAugmentUser; protected boolean isPrivilegedUser; protected boolean isPrivilegedSubject; protected UserLogInfo logInfo; protected SyncOutput syncOut; Loading @@ -114,19 +110,19 @@ public abstract class AbstractUserAction implements PrivilegedExceptionAction<Ob AbstractUserAction() { this.isAugmentUser = false; this.isPrivilegedUser = false; } public abstract void doAction() throws Exception; public void setAugmentUser(final boolean isAugmentUser) public void setIsPrivilegedUser(boolean isPrivilegedUser) { this.isAugmentUser = isAugmentUser; this.isPrivilegedUser = isPrivilegedUser; } public boolean isAugmentUser() public boolean isPrivilegedUser() { return this.isAugmentUser; return this.isPrivilegedUser; } public void setPrivilegedSubject(final boolean isPrivilegedSubject) Loading
