Loading cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java +44 −30 Original line number Original line Diff line number Diff line Loading @@ -1109,30 +1109,53 @@ public class LdapUserDAO extends LdapDAO } } } } private Principal getPreferredPrincipal(User user) { Principal ret = null; Principal next = null; Iterator<Principal> i = user.getIdentities().iterator(); while (i.hasNext()) { next = i.next(); if (next instanceof NumericPrincipal) { return next; } ret = next; } return ret; } DN getUserDN(User user) DN getUserDN(User user) throws UserNotFoundException, TransientException throws UserNotFoundException, TransientException, LDAPException { { // Could be a DNPrincipal from a memberOf or uniquemember entrydn Principal p = getPreferredPrincipal(user); Principal userID = user.getHttpPrincipal(); if (p == null) String searchField = userLdapAttrib.get(userID.getClass()); { throw new UserNotFoundException("No identities"); } // DN can be formulated if it is the numeric id if (p instanceof NumericPrincipal) return this.getUserDN(p.getName(), config.getUsersDN()); // Otherwise we need to search for the numeric id String searchField = userLdapAttrib.get(p.getClass()); if (searchField == null) if (searchField == null) { { throw new IllegalArgumentException( throw new IllegalArgumentException( "Unsupported principal type " + userID.getClass()); "Unsupported principal type " + p.getClass()); } } // change the DN to be in the 'java' format // change the DN to be in the 'java' format Filter filter; // if (userID instanceof X500Principal) // if (userID instanceof X500Principal) // { // { // X500Principal orderedPrincipal = AuthenticationUtil.getOrderedForm( // X500Principal orderedPrincipal = AuthenticationUtil.getOrderedForm( // (X500Principal) userID); // (X500Principal) userID); // filter = Filter.createEqualityFilter(searchField, orderedPrincipal.toString()); // filter = Filter.createEqualityFilter(searchField, orderedPrincipal.toString()); // } // } // else // { Filter filter = Filter.createEqualityFilter(searchField, p.getName()); filter = Filter.createEqualityFilter(searchField, userID.getName()); // } logger.debug("search filter: " + filter); logger.debug("search filter: " + filter); SearchResultEntry searchResult = null; SearchResultEntry searchResult = null; Loading @@ -1141,7 +1164,7 @@ public class LdapUserDAO extends LdapDAO SearchRequest searchRequest = new SearchRequest( SearchRequest searchRequest = new SearchRequest( config.getUsersDN(), SearchScope.ONE, filter, LDAP_ENTRYDN); config.getUsersDN(), SearchScope.ONE, filter, LDAP_ENTRYDN); searchResult = getReadOnlyConnection().searchForEntry(searchRequest); searchResult = getReadOnlyConnection().searchForEntry(searchRequest); logger.info("getUserDN: got " + userID.getName() + " from " + config.getUsersDN()); logger.debug("getUserDN: got " + p.getName() + " from " + config.getUsersDN()); } } catch (LDAPException e) catch (LDAPException e) { { Loading @@ -1150,26 +1173,17 @@ public class LdapUserDAO extends LdapDAO if (searchResult == null) if (searchResult == null) { { String msg = "User not found " + userID.getName() + " in " + config.getUsersDN(); String msg = "User not found " + p.getName() + " in " + config.getUsersDN(); logger.debug(msg); logger.debug(msg); throw new UserNotFoundException(msg); throw new UserNotFoundException(msg); } } return searchResult.getAttributeValueAsDN(LDAP_ENTRYDN); return searchResult.getAttributeValueAsDN(LDAP_ENTRYDN); } } protected DN getUserDN(final String userID, final String usersDN) protected DN getUserDN(String numericID, String usersDN) throws LDAPException, TransientException throws LDAPException, TransientException { { try return new DN(LDAP_UID + "=" + numericID + "," + usersDN); { return new DN(LDAP_UID + "=" + userID + "," + usersDN); } catch (LDAPException e) { logger.debug("getUserDN Exception: " + e, e); LdapDAO.checkLdapResult(e.getResultCode()); } throw new IllegalArgumentException(userID + " not a valid user ID"); } } private void addAttribute(List<Attribute> attributes, final String name, final String value) private void addAttribute(List<Attribute> attributes, final String name, final String value) Loading cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/groups/AbstractGroupAction.java +22 −19 Original line number Original line Diff line number Diff line Loading @@ -69,12 +69,14 @@ package ca.nrc.cadc.ac.server.web.groups; package ca.nrc.cadc.ac.server.web.groups; import java.io.IOException; import java.io.IOException; import java.lang.reflect.Field; import java.security.AccessControlException; import java.security.AccessControlException; import java.security.Principal; import java.security.PrivilegedActionException; import java.security.PrivilegedActionException; import java.security.PrivilegedExceptionAction; import java.security.PrivilegedExceptionAction; import java.util.Iterator; import java.util.List; import java.util.List; import javax.security.auth.x500.X500Principal; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest; import org.apache.log4j.Logger; import org.apache.log4j.Logger; Loading @@ -83,9 +85,11 @@ import ca.nrc.cadc.ac.GroupAlreadyExistsException; import ca.nrc.cadc.ac.GroupNotFoundException; import ca.nrc.cadc.ac.GroupNotFoundException; import ca.nrc.cadc.ac.MemberAlreadyExistsException; import ca.nrc.cadc.ac.MemberAlreadyExistsException; import ca.nrc.cadc.ac.MemberNotFoundException; import ca.nrc.cadc.ac.MemberNotFoundException; import ca.nrc.cadc.ac.User; import ca.nrc.cadc.ac.UserNotFoundException; import ca.nrc.cadc.ac.UserNotFoundException; import ca.nrc.cadc.ac.server.GroupPersistence; import ca.nrc.cadc.ac.server.GroupPersistence; import ca.nrc.cadc.ac.server.web.SyncOutput; import ca.nrc.cadc.ac.server.web.SyncOutput; import ca.nrc.cadc.auth.HttpPrincipal; import ca.nrc.cadc.net.TransientException; import ca.nrc.cadc.net.TransientException; public abstract class AbstractGroupAction implements PrivilegedExceptionAction<Object> public abstract class AbstractGroupAction implements PrivilegedExceptionAction<Object> Loading Loading @@ -233,27 +237,26 @@ public abstract class AbstractGroupAction implements PrivilegedExceptionAction<O this.logInfo.deletedMembers = deletedMembers; this.logInfo.deletedMembers = deletedMembers; } } // set private field using reflection protected String getUseridForLogging(User u) protected void setField(Object object, Object value, String name) { { try if (u.getIdentities().isEmpty()) { return "anonUser"; Field field = object.getClass().getDeclaredField(name); field.setAccessible(true); Iterator<Principal> i = u.getIdentities().iterator(); field.set(object, value); String ret = null; } Principal next = null; catch (NoSuchFieldException e) while (i.hasNext()) { final String error = object.getClass().getSimpleName() + " field " + name + "not found"; throw new RuntimeException(error, e); } catch (IllegalAccessException e) { { final String error = "unable to update " + name + " in " + next = i.next(); object.getClass().getSimpleName(); if (next instanceof HttpPrincipal) throw new RuntimeException(error, e); return next.getName(); if (next instanceof X500Principal) ret = next.getName(); else if (ret == null) ret = next.getName(); } } return ret; } } } } cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/groups/AddUserMemberAction.java +1 −1 Original line number Original line Diff line number Diff line Loading @@ -107,7 +107,7 @@ public class AddUserMemberAction extends AbstractGroupAction groupPersistence.modifyGroup(group); groupPersistence.modifyGroup(group); List<String> addedMembers = new ArrayList<String>(); List<String> addedMembers = new ArrayList<String>(); addedMembers.add(toAdd.getHttpPrincipal().getName()); addedMembers.add(getUseridForLogging(toAdd)); logGroupInfo(group.getID(), null, addedMembers); logGroupInfo(group.getID(), null, addedMembers); } } Loading cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/groups/ModifyGroupAction.java +2 −2 Original line number Original line Diff line number Diff line Loading @@ -102,7 +102,7 @@ public class ModifyGroupAction extends AbstractGroupAction { { if (!oldGroup.getUserMembers().remove(member)) if (!oldGroup.getUserMembers().remove(member)) { { addedMembers.add(member.getHttpPrincipal().getName()); addedMembers.add(getUseridForLogging(member)); } } } } for (Group gr : group.getGroupMembers()) for (Group gr : group.getGroupMembers()) Loading @@ -119,7 +119,7 @@ public class ModifyGroupAction extends AbstractGroupAction List<String> deletedMembers = new ArrayList<String>(); List<String> deletedMembers = new ArrayList<String>(); for (User member : oldGroup.getUserMembers()) for (User member : oldGroup.getUserMembers()) { { deletedMembers.add(member.getHttpPrincipal().getName()); deletedMembers.add(getUseridForLogging(member)); } } for (Group gr : oldGroup.getGroupMembers()) for (Group gr : oldGroup.getGroupMembers()) { { Loading cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/groups/RemoveUserMemberAction.java +1 −4 Original line number Original line Diff line number Diff line Loading @@ -71,9 +71,6 @@ package ca.nrc.cadc.ac.server.web.groups; import java.security.Principal; import java.security.Principal; import java.util.ArrayList; import java.util.ArrayList; import java.util.List; import java.util.List; import java.util.Set; import javax.security.auth.x500.X500Principal; import ca.nrc.cadc.ac.Group; import ca.nrc.cadc.ac.Group; import ca.nrc.cadc.ac.MemberNotFoundException; import ca.nrc.cadc.ac.MemberNotFoundException; Loading Loading @@ -110,7 +107,7 @@ public class RemoveUserMemberAction extends AbstractGroupAction groupPersistence.modifyGroup(group); groupPersistence.modifyGroup(group); List<String> deletedMembers = new ArrayList<String>(); List<String> deletedMembers = new ArrayList<String>(); deletedMembers.add(toRemove.getHttpPrincipal().getName()); deletedMembers.add(getUseridForLogging(toRemove)); logGroupInfo(group.getID(), deletedMembers, null); logGroupInfo(group.getID(), deletedMembers, null); } } Loading Loading
cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java +44 −30 Original line number Original line Diff line number Diff line Loading @@ -1109,30 +1109,53 @@ public class LdapUserDAO extends LdapDAO } } } } private Principal getPreferredPrincipal(User user) { Principal ret = null; Principal next = null; Iterator<Principal> i = user.getIdentities().iterator(); while (i.hasNext()) { next = i.next(); if (next instanceof NumericPrincipal) { return next; } ret = next; } return ret; } DN getUserDN(User user) DN getUserDN(User user) throws UserNotFoundException, TransientException throws UserNotFoundException, TransientException, LDAPException { { // Could be a DNPrincipal from a memberOf or uniquemember entrydn Principal p = getPreferredPrincipal(user); Principal userID = user.getHttpPrincipal(); if (p == null) String searchField = userLdapAttrib.get(userID.getClass()); { throw new UserNotFoundException("No identities"); } // DN can be formulated if it is the numeric id if (p instanceof NumericPrincipal) return this.getUserDN(p.getName(), config.getUsersDN()); // Otherwise we need to search for the numeric id String searchField = userLdapAttrib.get(p.getClass()); if (searchField == null) if (searchField == null) { { throw new IllegalArgumentException( throw new IllegalArgumentException( "Unsupported principal type " + userID.getClass()); "Unsupported principal type " + p.getClass()); } } // change the DN to be in the 'java' format // change the DN to be in the 'java' format Filter filter; // if (userID instanceof X500Principal) // if (userID instanceof X500Principal) // { // { // X500Principal orderedPrincipal = AuthenticationUtil.getOrderedForm( // X500Principal orderedPrincipal = AuthenticationUtil.getOrderedForm( // (X500Principal) userID); // (X500Principal) userID); // filter = Filter.createEqualityFilter(searchField, orderedPrincipal.toString()); // filter = Filter.createEqualityFilter(searchField, orderedPrincipal.toString()); // } // } // else // { Filter filter = Filter.createEqualityFilter(searchField, p.getName()); filter = Filter.createEqualityFilter(searchField, userID.getName()); // } logger.debug("search filter: " + filter); logger.debug("search filter: " + filter); SearchResultEntry searchResult = null; SearchResultEntry searchResult = null; Loading @@ -1141,7 +1164,7 @@ public class LdapUserDAO extends LdapDAO SearchRequest searchRequest = new SearchRequest( SearchRequest searchRequest = new SearchRequest( config.getUsersDN(), SearchScope.ONE, filter, LDAP_ENTRYDN); config.getUsersDN(), SearchScope.ONE, filter, LDAP_ENTRYDN); searchResult = getReadOnlyConnection().searchForEntry(searchRequest); searchResult = getReadOnlyConnection().searchForEntry(searchRequest); logger.info("getUserDN: got " + userID.getName() + " from " + config.getUsersDN()); logger.debug("getUserDN: got " + p.getName() + " from " + config.getUsersDN()); } } catch (LDAPException e) catch (LDAPException e) { { Loading @@ -1150,26 +1173,17 @@ public class LdapUserDAO extends LdapDAO if (searchResult == null) if (searchResult == null) { { String msg = "User not found " + userID.getName() + " in " + config.getUsersDN(); String msg = "User not found " + p.getName() + " in " + config.getUsersDN(); logger.debug(msg); logger.debug(msg); throw new UserNotFoundException(msg); throw new UserNotFoundException(msg); } } return searchResult.getAttributeValueAsDN(LDAP_ENTRYDN); return searchResult.getAttributeValueAsDN(LDAP_ENTRYDN); } } protected DN getUserDN(final String userID, final String usersDN) protected DN getUserDN(String numericID, String usersDN) throws LDAPException, TransientException throws LDAPException, TransientException { { try return new DN(LDAP_UID + "=" + numericID + "," + usersDN); { return new DN(LDAP_UID + "=" + userID + "," + usersDN); } catch (LDAPException e) { logger.debug("getUserDN Exception: " + e, e); LdapDAO.checkLdapResult(e.getResultCode()); } throw new IllegalArgumentException(userID + " not a valid user ID"); } } private void addAttribute(List<Attribute> attributes, final String name, final String value) private void addAttribute(List<Attribute> attributes, final String name, final String value) Loading
cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/groups/AbstractGroupAction.java +22 −19 Original line number Original line Diff line number Diff line Loading @@ -69,12 +69,14 @@ package ca.nrc.cadc.ac.server.web.groups; package ca.nrc.cadc.ac.server.web.groups; import java.io.IOException; import java.io.IOException; import java.lang.reflect.Field; import java.security.AccessControlException; import java.security.AccessControlException; import java.security.Principal; import java.security.PrivilegedActionException; import java.security.PrivilegedActionException; import java.security.PrivilegedExceptionAction; import java.security.PrivilegedExceptionAction; import java.util.Iterator; import java.util.List; import java.util.List; import javax.security.auth.x500.X500Principal; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest; import org.apache.log4j.Logger; import org.apache.log4j.Logger; Loading @@ -83,9 +85,11 @@ import ca.nrc.cadc.ac.GroupAlreadyExistsException; import ca.nrc.cadc.ac.GroupNotFoundException; import ca.nrc.cadc.ac.GroupNotFoundException; import ca.nrc.cadc.ac.MemberAlreadyExistsException; import ca.nrc.cadc.ac.MemberAlreadyExistsException; import ca.nrc.cadc.ac.MemberNotFoundException; import ca.nrc.cadc.ac.MemberNotFoundException; import ca.nrc.cadc.ac.User; import ca.nrc.cadc.ac.UserNotFoundException; import ca.nrc.cadc.ac.UserNotFoundException; import ca.nrc.cadc.ac.server.GroupPersistence; import ca.nrc.cadc.ac.server.GroupPersistence; import ca.nrc.cadc.ac.server.web.SyncOutput; import ca.nrc.cadc.ac.server.web.SyncOutput; import ca.nrc.cadc.auth.HttpPrincipal; import ca.nrc.cadc.net.TransientException; import ca.nrc.cadc.net.TransientException; public abstract class AbstractGroupAction implements PrivilegedExceptionAction<Object> public abstract class AbstractGroupAction implements PrivilegedExceptionAction<Object> Loading Loading @@ -233,27 +237,26 @@ public abstract class AbstractGroupAction implements PrivilegedExceptionAction<O this.logInfo.deletedMembers = deletedMembers; this.logInfo.deletedMembers = deletedMembers; } } // set private field using reflection protected String getUseridForLogging(User u) protected void setField(Object object, Object value, String name) { { try if (u.getIdentities().isEmpty()) { return "anonUser"; Field field = object.getClass().getDeclaredField(name); field.setAccessible(true); Iterator<Principal> i = u.getIdentities().iterator(); field.set(object, value); String ret = null; } Principal next = null; catch (NoSuchFieldException e) while (i.hasNext()) { final String error = object.getClass().getSimpleName() + " field " + name + "not found"; throw new RuntimeException(error, e); } catch (IllegalAccessException e) { { final String error = "unable to update " + name + " in " + next = i.next(); object.getClass().getSimpleName(); if (next instanceof HttpPrincipal) throw new RuntimeException(error, e); return next.getName(); if (next instanceof X500Principal) ret = next.getName(); else if (ret == null) ret = next.getName(); } } return ret; } } } }
cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/groups/AddUserMemberAction.java +1 −1 Original line number Original line Diff line number Diff line Loading @@ -107,7 +107,7 @@ public class AddUserMemberAction extends AbstractGroupAction groupPersistence.modifyGroup(group); groupPersistence.modifyGroup(group); List<String> addedMembers = new ArrayList<String>(); List<String> addedMembers = new ArrayList<String>(); addedMembers.add(toAdd.getHttpPrincipal().getName()); addedMembers.add(getUseridForLogging(toAdd)); logGroupInfo(group.getID(), null, addedMembers); logGroupInfo(group.getID(), null, addedMembers); } } Loading
cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/groups/ModifyGroupAction.java +2 −2 Original line number Original line Diff line number Diff line Loading @@ -102,7 +102,7 @@ public class ModifyGroupAction extends AbstractGroupAction { { if (!oldGroup.getUserMembers().remove(member)) if (!oldGroup.getUserMembers().remove(member)) { { addedMembers.add(member.getHttpPrincipal().getName()); addedMembers.add(getUseridForLogging(member)); } } } } for (Group gr : group.getGroupMembers()) for (Group gr : group.getGroupMembers()) Loading @@ -119,7 +119,7 @@ public class ModifyGroupAction extends AbstractGroupAction List<String> deletedMembers = new ArrayList<String>(); List<String> deletedMembers = new ArrayList<String>(); for (User member : oldGroup.getUserMembers()) for (User member : oldGroup.getUserMembers()) { { deletedMembers.add(member.getHttpPrincipal().getName()); deletedMembers.add(getUseridForLogging(member)); } } for (Group gr : oldGroup.getGroupMembers()) for (Group gr : oldGroup.getGroupMembers()) { { Loading
cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/groups/RemoveUserMemberAction.java +1 −4 Original line number Original line Diff line number Diff line Loading @@ -71,9 +71,6 @@ package ca.nrc.cadc.ac.server.web.groups; import java.security.Principal; import java.security.Principal; import java.util.ArrayList; import java.util.ArrayList; import java.util.List; import java.util.List; import java.util.Set; import javax.security.auth.x500.X500Principal; import ca.nrc.cadc.ac.Group; import ca.nrc.cadc.ac.Group; import ca.nrc.cadc.ac.MemberNotFoundException; import ca.nrc.cadc.ac.MemberNotFoundException; Loading Loading @@ -110,7 +107,7 @@ public class RemoveUserMemberAction extends AbstractGroupAction groupPersistence.modifyGroup(group); groupPersistence.modifyGroup(group); List<String> deletedMembers = new ArrayList<String>(); List<String> deletedMembers = new ArrayList<String>(); deletedMembers.add(toRemove.getHttpPrincipal().getName()); deletedMembers.add(getUseridForLogging(toRemove)); logGroupInfo(group.getID(), deletedMembers, null); logGroupInfo(group.getID(), deletedMembers, null); } } Loading
