Merge branch 's1651' of ssh://mach16/usr/cadc/dev/git/wopencadc into s1651 (d60502f0) · Commits · OATS-CADC / ac

projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapConfig.java

+45 −3

Original line number	Diff line number	Diff line
		@@ -68,12 +68,14 @@
		*/
		package ca.nrc.cadc.ac.server.ldap;

		import ca.nrc.cadc.util.StringUtil;
		import java.io.IOException;
		import java.net.URL;
		import java.util.Properties;

		import org.apache.log4j.Logger;

		import ca.nrc.cadc.util.StringUtil;

		public class LdapConfig
		{
		private static final Logger logger = Logger.getLogger(LdapConfig.class);
		@@ -88,6 +90,9 @@ public class LdapConfig
		public static final String LDAP_GROUPS_DN = "groupsDn";
		public static final String LDAP_ADMIN_GROUPS_DN = "adminGroupsDn";

		public static final String LDAP_AVAIL_TEST_GROUP = "availabilityTestGroup";
		public static final String LDAP_AVAIL_TEST_CALLING_USER_DN = "availabilityTestCallingUserDN";

		private String usersDN;
		private String groupsDN;
		private String adminGroupsDN;
		@@ -96,6 +101,9 @@ public class LdapConfig
		private String adminUserDN;
		private String adminPasswd;

		private String availabilityTestGroup;
		private String availabilityTestCallingUserDN;

		public static LdapConfig getLdapConfig()
		{
		Properties config = new Properties();
		@@ -166,14 +174,35 @@ public class LdapConfig
		LDAP_ADMIN_GROUPS_DN);
		}

		String availGroup = config.getProperty(LDAP_AVAIL_TEST_GROUP);
		if (!StringUtil.hasText(availGroup))
		{
		throw new RuntimeException("failed to read property " +
		LDAP_AVAIL_TEST_GROUP);
		}

		String availUser = config.getProperty(LDAP_AVAIL_TEST_CALLING_USER_DN);
		if (!StringUtil.hasText(availUser))
		{
		throw new RuntimeException("failed to read property " +
		LDAP_AVAIL_TEST_CALLING_USER_DN);
		}

		return new LdapConfig(server, Integer.valueOf(port), ldapAdmin,
		ldapPasswd, ldapUsersDn, ldapGroupsDn,
		ldapAdminGroupsDn);
		ldapAdminGroupsDn, availGroup, availUser);
		}

		public LdapConfig(String server, int port, String adminUserDN,
		String adminPasswd, String usersDN, String groupsDN,
		String adminGroupsDN)
		{
		this(server, port, adminUserDN, adminPasswd, usersDN, groupsDN, adminGroupsDN, null, null);
		}

		public LdapConfig(String server, int port, String adminUserDN,
		String adminPasswd, String usersDN, String groupsDN,
		String adminGroupsDN, String availGroup, String availUser)
		{
		if (!StringUtil.hasText(server))
		{
		@@ -205,6 +234,7 @@ public class LdapConfig
		throw new IllegalArgumentException("Illegal admin groups LDAP DN");
		}


		this.server = server;
		this.port = port;
		this.adminUserDN = adminUserDN;
		@@ -212,6 +242,8 @@ public class LdapConfig
		this.usersDN = usersDN;
		this.groupsDN = groupsDN;
		this.adminGroupsDN = adminGroupsDN;
		this.availabilityTestGroup = availGroup;
		this.availabilityTestCallingUserDN = availUser;
		}

		public String getUsersDN()
		@@ -249,4 +281,14 @@ public class LdapConfig
		return this.adminPasswd;
		}

		public String getAvailabilityTestGroup()
		{
		return this.availabilityTestGroup;
		}

		public String getAvailabilityTestCallingUserDN()
		{
		return this.availabilityTestCallingUserDN;
		}

		}

projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapDAO.java

+6 −11

Original line number	Diff line number	Diff line
		@@ -196,21 +196,16 @@ public abstract class LdapDAO
		* @param errorMsg
		* @throws TransientException
		*/
		protected static void checkLdapResult(ResultCode code, String errorMsg)
		protected static void checkLdapResult(ResultCode code)
		throws TransientException
		{
		String msg = "";
		if (errorMsg != null)
		{
		msg = "(" + errorMsg + ")";
		}
		if (code == ResultCode.INSUFFICIENT_ACCESS_RIGHTS)
		{
		throw new AccessControlException("Not authorized " + msg);
		throw new AccessControlException("Not authorized ");
		}
		else if (code == ResultCode.INVALID_CREDENTIALS)
		{
		throw new AccessControlException("Invalid credentials " + msg);
		throw new AccessControlException("Invalid credentials ");
		}
		else if ((code == ResultCode.SUCCESS) \|\| (code == ResultCode.NO_SUCH_OBJECT) )
		{
		@@ -218,16 +213,16 @@ public abstract class LdapDAO
		}
		else if (code == ResultCode.PARAM_ERROR)
		{
		throw new IllegalArgumentException("Error in Ldap parameters " + msg);
		throw new IllegalArgumentException("Error in Ldap parameters ");
		}
		else if (code == ResultCode.BUSY \|\|
		code == ResultCode.CONNECT_ERROR )
		{
		throw new TransientException("Connection problems " + msg );
		throw new TransientException("Connection problems ");
		}
		else
		{
		throw new RuntimeException("Ldap error" + msg);
		throw new RuntimeException("Ldap error (" + code.getName() + ")");
		}
		}

projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java

+15 −16

Original line number	Diff line number	Diff line
		@@ -173,7 +173,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
		group.description,
		group.getUserMembers(),
		group.getGroupMembers());
		LdapDAO.checkLdapResult(result.getResultCode(), null);
		LdapDAO.checkLdapResult(result.getResultCode());

		// add group to admin groups tree
		result = addGroup(getAdminGroupDN(group.getID()),
		@@ -181,7 +181,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
		group.description,
		group.getUserAdmins(),
		group.getGroupAdmins());
		LdapDAO.checkLdapResult(result.getResultCode(), null);
		LdapDAO.checkLdapResult(result.getResultCode());

		try
		{
		@@ -195,8 +195,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
		}
		catch (LDAPException e)
		{
		LdapDAO.checkLdapResult(e.getResultCode(),
		e.getDiagnosticMessage());
		LdapDAO.checkLdapResult(e.getResultCode());
		throw new RuntimeException("Unexpected LDAP exception", e);
		}
		}
		@@ -302,7 +301,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
		}
		catch (LDAPException e)
		{
		LdapDAO.checkLdapResult(e.getResultCode(), e.getDiagnosticMessage());
		LdapDAO.checkLdapResult(e.getResultCode());
		throw new RuntimeException("Unexpected LDAP exception", e);
		}
		}
		@@ -391,13 +390,13 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
		}
		else
		{
		LdapDAO.checkLdapResult(e.getResultCode(), e.getMessage());
		LdapDAO.checkLdapResult(e.getResultCode());
		}
		}

		if (searchResult.getEntryCount() == 0)
		{
		LdapDAO.checkLdapResult(searchResult.getResultCode(), null);
		LdapDAO.checkLdapResult(searchResult.getResultCode());
		//access denied
		String msg = "Not authorized to access " + groupID;
		logger.debug(msg);
		@@ -485,7 +484,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
		}
		catch (LDAPException e1)
		{
		LdapDAO.checkLdapResult(e1.getResultCode(), e1.getDiagnosticMessage());
		LdapDAO.checkLdapResult(e1.getResultCode());
		throw new GroupNotFoundException("Not found " + groupID);
		}
		}
		@@ -573,7 +572,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
		new ProxiedAuthorizationV2RequestControl(
		"dn:" + getSubjectDN().toNormalizedString()));
		LdapDAO.checkLdapResult(getConnection().
		modify(modifyRequest).getResultCode(), null);
		modify(modifyRequest).getResultCode());

		// modify the group itself now
		modifyRequest = new ModifyRequest(getGroupDN(group.getID()), mods);
		@@ -582,11 +581,11 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
		new ProxiedAuthorizationV2RequestControl(
		"dn:" + getSubjectDN().toNormalizedString()));
		LdapDAO.checkLdapResult(getConnection().
		modify(modifyRequest).getResultCode(), null);
		modify(modifyRequest).getResultCode());
		}
		catch (LDAPException e1)
		{
		LdapDAO.checkLdapResult(e1.getResultCode(), e1.getDiagnosticMessage());
		LdapDAO.checkLdapResult(e1.getResultCode());
		}
		try
		{
		@@ -655,11 +654,11 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
		new ProxiedAuthorizationV2RequestControl(
		"dn:" + getSubjectDN().toNormalizedString()));
		LDAPResult result = getConnection().modify(modifyRequest);
		LdapDAO.checkLdapResult(result.getResultCode(), null);
		LdapDAO.checkLdapResult(result.getResultCode());
		}
		catch (LDAPException e1)
		{
		LdapDAO.checkLdapResult(e1.getResultCode(), e1.getDiagnosticMessage());
		LdapDAO.checkLdapResult(e1.getResultCode());
		}

		try
		@@ -761,7 +760,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
		}
		catch (LDAPException e1)
		{
		LdapDAO.checkLdapResult(e1.getResultCode(), e1.getDiagnosticMessage());
		LdapDAO.checkLdapResult(e1.getResultCode());
		}
		return groupDNs;
		}
		@@ -851,7 +850,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
		}
		catch (LDAPException e)
		{
		LdapDAO.checkLdapResult(e.getResultCode(), e.getDiagnosticMessage());
		LdapDAO.checkLdapResult(e.getResultCode());
		}
		throw new IllegalArgumentException(groupID + " not a valid group ID");
		}
		@@ -869,7 +868,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
		}
		catch (LDAPException e)
		{
		LdapDAO.checkLdapResult(e.getResultCode(), e.getDiagnosticMessage());
		LdapDAO.checkLdapResult(e.getResultCode());
		}
		throw new IllegalArgumentException(groupID + " not a valid group ID");
		}

projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupPersistence.java

+41 −10

Original line number	Diff line number	Diff line
		@@ -68,18 +68,19 @@
		*/
		package ca.nrc.cadc.ac.server.ldap;

		import java.security.AccessControlException;
		import java.security.Principal;
		import java.util.Collection;

		import org.apache.log4j.Logger;

		import ca.nrc.cadc.ac.Group;
		import ca.nrc.cadc.ac.GroupAlreadyExistsException;
		import ca.nrc.cadc.ac.GroupNotFoundException;
		import ca.nrc.cadc.ac.IdentityType;
		import ca.nrc.cadc.ac.Role;
		import ca.nrc.cadc.ac.UserNotFoundException;
		import ca.nrc.cadc.ac.server.GroupPersistence;
		import ca.nrc.cadc.net.TransientException;
		import java.security.AccessControlException;
		import java.security.Principal;
		import java.util.Collection;
		import org.apache.log4j.Logger;

		public class LdapGroupPersistence<T extends Principal>
		implements GroupPersistence<T>
		@@ -98,9 +99,11 @@ public class LdapGroupPersistence<T extends Principal>
		AccessControlException
		{
		LdapGroupDAO<T> groupDAO = null;
		LdapUserDAO<T> userDAO = null;
		try
		{
		groupDAO = new LdapGroupDAO<T>(config, new LdapUserDAO<T>(config));
		userDAO = new LdapUserDAO<T>(config);
		groupDAO = new LdapGroupDAO<T>(config, userDAO);
		Group ret = groupDAO.getGroup(groupName);
		return ret;
		}
		@@ -110,6 +113,10 @@ public class LdapGroupPersistence<T extends Principal>
		{
		groupDAO.close();
		}
		if (userDAO != null)
		{
		userDAO.close();
		}
		}
		}

		@@ -118,9 +125,11 @@ public class LdapGroupPersistence<T extends Principal>
		AccessControlException, UserNotFoundException
		{
		LdapGroupDAO<T> groupDAO = null;
		LdapUserDAO<T> userDAO = null;
		try
		{
		groupDAO = new LdapGroupDAO<T>(config, new LdapUserDAO<T>(config));
		userDAO = new LdapUserDAO<T>(config);
		groupDAO = new LdapGroupDAO<T>(config, userDAO);
		Group ret = groupDAO.addGroup(group);
		return ret;
		}
		@@ -130,6 +139,10 @@ public class LdapGroupPersistence<T extends Principal>
		{
		groupDAO.close();
		}
		if (userDAO != null)
		{
		userDAO.close();
		}
		}
		}

		@@ -138,9 +151,11 @@ public class LdapGroupPersistence<T extends Principal>
		AccessControlException
		{
		LdapGroupDAO<T> groupDAO = null;
		LdapUserDAO<T> userDAO = null;
		try
		{
		groupDAO = new LdapGroupDAO<T>(config, new LdapUserDAO<T>(config));
		userDAO = new LdapUserDAO<T>(config);
		groupDAO = new LdapGroupDAO<T>(config, userDAO);
		groupDAO.deleteGroup(groupName);
		}
		finally
		@@ -149,6 +164,10 @@ public class LdapGroupPersistence<T extends Principal>
		{
		groupDAO.close();
		}
		if (userDAO != null)
		{
		userDAO.close();
		}
		}
		}

		@@ -157,9 +176,11 @@ public class LdapGroupPersistence<T extends Principal>
		AccessControlException, UserNotFoundException
		{
		LdapGroupDAO<T> groupDAO = null;
		LdapUserDAO<T> userDAO = null;
		try
		{
		groupDAO = new LdapGroupDAO<T>(config, new LdapUserDAO<T>(config));
		userDAO = new LdapUserDAO<T>(config);
		groupDAO = new LdapGroupDAO<T>(config, userDAO);
		Group ret = groupDAO.modifyGroup(group);
		return ret;
		}
		@@ -169,6 +190,10 @@ public class LdapGroupPersistence<T extends Principal>
		{
		groupDAO.close();
		}
		if (userDAO != null)
		{
		userDAO.close();
		}
		}
		}

		@@ -177,9 +202,11 @@ public class LdapGroupPersistence<T extends Principal>
		TransientException, AccessControlException
		{
		LdapGroupDAO<T> groupDAO = null;
		LdapUserDAO<T> userDAO = null;
		try
		{
		groupDAO = new LdapGroupDAO<T>(config, new LdapUserDAO<T>(config));
		userDAO = new LdapUserDAO<T>(config);
		groupDAO = new LdapGroupDAO<T>(config, userDAO);
		Collection<Group> ret = groupDAO.getGroups(userID, role, groupID);
		return ret;
		}
		@@ -189,6 +216,10 @@ public class LdapGroupPersistence<T extends Principal>
		{
		groupDAO.close();
		}
		if (userDAO != null)
		{
		userDAO.close();
		}
		}
		}

projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java

+6 −6

Original line number	Diff line number	Diff line
		@@ -166,7 +166,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
		}
		catch (LDAPException e)
		{
		LdapDAO.checkLdapResult(e.getResultCode(), e.getDiagnosticMessage());
		LdapDAO.checkLdapResult(e.getResultCode());
		}

		if (searchResult == null)
		@@ -196,7 +196,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
		* @return Collection of Group instances.
		*
		* @throws UserNotFoundException when the user is not found.
		* @throws TransientException If an temporary, unexpected problem occurred.
		* @throws TransientException If an temporary, unexpected problem occurred., e.getMessage(
		* @throws AccessControlException If the operation is not permitted.
		*/
		public Collection<DN> getUserGroups(final T userID, final boolean isAdmin)
		@@ -257,7 +257,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
		}
		catch (LDAPException e)
		{
		LdapDAO.checkLdapResult(e.getResultCode(), e.getDiagnosticMessage());
		LdapDAO.checkLdapResult(e.getResultCode());
		}
		return groupDNs;
		}
		@@ -312,7 +312,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
		}
		catch (LDAPException e)
		{
		LdapDAO.checkLdapResult(e.getResultCode(), e.getDiagnosticMessage());
		LdapDAO.checkLdapResult(e.getResultCode());
		}
		return false;
		}
		@@ -347,7 +347,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
		// }
		// catch (LDAPException e)
		// {
		// LdapDAO.checkLdapResult(e.getResultCode(), e.getDiagnosticMessage());
		// LdapDAO.checkLdapResult(e.getResultCode());
		// throw new RuntimeException("Unexpected LDAP exception", e);
		// }
		// }
		@@ -423,7 +423,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO

		} catch (LDAPException e)
		{
		LdapDAO.checkLdapResult(e.getResultCode(), e.getDiagnosticMessage());
		LdapDAO.checkLdapResult(e.getResultCode());
		}