Merge branch 'release_candidate'

    <!-- Why do the tests need this configuration in two places? -->

    <!-- jenkinsd 2015.07.20 -->

    <!--

    <copy overwrite="true" file="test/LdapConfig.test.properties"

          todir="build/test/class"/>

    <mkdir dir="${user.home}/config" />

    <copy overwrite="true" file="test/LdapConfig.test.properties"

          todir="${user.home}/config/"/>

    -->

  </target>

  <!-- JAR files needed to run the test suite -->

     * @throws TransientException If an temporary, unexpected problem occurred.

     * @throws AccessControlException If the operation is not permitted.

     */

    Collection<Group> getGroups(T userID, Role role, String groupID)

    Collection<Group> getGroups(Role role, String groupID)

        throws UserNotFoundException, GroupNotFoundException,

               TransientException, AccessControlException;

{

    private static final Logger log = Logger.getLogger(RequestValidator.class);

    private Principal principal;

    //private Principal principal;

    private Role role;

    private String groupID;

    private void clear()

    {

        this.principal = null;

        //this.principal = null;

        this.role = null;

        this.groupID = null;

    }

        }

        // ID

        String param = ParameterUtil.findParameterValue("ID", paramList);

        if (param == null || param.trim().isEmpty())

        {

            throw new IllegalArgumentException(

                    "ID parameter required but not found");

        }

        String userID = param.trim();

        log.debug("ID: " + userID);

        //String param = ParameterUtil.findParameterValue("ID", paramList);

        //if (param == null || param.trim().isEmpty())

        //{

        //    throw new IllegalArgumentException(

        //            "ID parameter required but not found");

        //}

        //String userID = param.trim();

        //log.debug("ID: " + userID);

        // TYPE

        param = ParameterUtil.findParameterValue("IDTYPE", paramList);

        if (param == null || param.trim().isEmpty())

        {

            throw new IllegalArgumentException(

                    "IDTYPE parameter required but not found");

        }

        principal = 

            AuthenticationUtil.createPrincipal(userID, 

                                               param.trim());

        log.debug("TYPE: " + param.trim());

        //param = ParameterUtil.findParameterValue("IDTYPE", paramList);

        //if (param == null || param.trim().isEmpty())

        //{

        //    throw new IllegalArgumentException(

        //            "IDTYPE parameter required but not found");

        //}

        //principal = 

        //    AuthenticationUtil.createPrincipal(userID, 

        //                                       param.trim());

        //log.debug("TYPE: " + param.trim());

        // ROLE

        param = ParameterUtil.findParameterValue("ROLE", paramList);

        String param = ParameterUtil.findParameterValue("ROLE", paramList);

        if (param == null || param.trim().isEmpty())

        {

            throw new IllegalArgumentException(

        log.debug("GROUPID: " + groupID);

    }

    public Principal getPrincipal()

    {

        return principal;

    }

    //public Principal getPrincipal()

    //{

    //    return principal;

    //}

    public Role getRole()

    {

import ca.nrc.cadc.ac.UserAlreadyExistsException;

import ca.nrc.cadc.ac.UserNotFoundException;

import ca.nrc.cadc.ac.UserRequest;

import ca.nrc.cadc.auth.HttpPrincipal;

import ca.nrc.cadc.net.TransientException;

import com.unboundid.ldap.sdk.DN;

import java.security.AccessControlException;

import java.security.Principal;

     *

     * @param user      The user request to put into the active users tree.

     *

     * @return User instance.

     *

     * @throws TransientException If an temporary, unexpected problem occurred.

     * @throws AccessControlException If the operation is not permitted.

     * @throws ca.nrc.cadc.ac.UserAlreadyExistsException

     */

    void addUser(UserRequest<T> user)

        throws TransientException, AccessControlException,

     *

     * @param user      The user request to put into the pending users tree.

     *

     * @return User instance.

     *

     * @throws TransientException If an temporary, unexpected problem occurred.

     * @throws AccessControlException If the operation is not permitted.

     * @throws ca.nrc.cadc.ac.UserAlreadyExistsException

     */

    void addPendingUser(UserRequest<T> user)

        throws TransientException, AccessControlException,

    /**

     * Update a user's password. The given user and authenticating user must match.

     *

     * @param user

     * @param userID

     * @param oldPassword   current password.

     * @param newPassword   new password.

     * @throws UserNotFoundException If the given user does not exist.

     * @throws TransientException   If an temporary, unexpected problem occurred.

     * @throws AccessControlException If the operation is not permitted.

     */

    void setPassword(User<T> user, final String oldPassword, final String newPassword)

    void setPassword(HttpPrincipal userID, String oldPassword, String newPassword)

        throws UserNotFoundException, TransientException, AccessControlException;

}

        connections.releaseConnections();

    }

    protected DN getSubjectDN()

        throws LDAPException

    {

        if (subjDN == null)

        {

            Subject callerSubject = Subject.getSubject(AccessController.getContext());

            if (callerSubject == null)

            {

                throw new AccessControlException("Caller not authenticated.");

            }

            Set<Principal> principals = callerSubject.getPrincipals();

            if (principals.isEmpty())

            {

                throw new AccessControlException("Caller not authenticated.");

            }

            for (Principal p : principals)

            {

                if (p instanceof DNPrincipal)

                {

                    subjDN = new DN(p.getName());

                }

            }

            if (subjDN == null)

            {

                throw new AccessControlException("Identity of caller unknown.");

            }

        }

        return subjDN;

    }

    /**

     * Checks the Ldap result code, and if the result is not SUCCESS,

     * throws an appropriate exception. This is the place to decide on

            throws TransientException

    {

    	logger.debug("Ldap result: " + code);

        checkLdapResult(code, false);

    }

    	if (code == ResultCode.SUCCESS || code == ResultCode.NO_SUCH_OBJECT)

    protected static void checkLdapResult(ResultCode code, boolean ignoreNoSuchAttribute)

            throws TransientException

    {

    	if ( code == ResultCode.SUCCESS 

                || code == ResultCode.NO_SUCH_OBJECT

                || (ignoreNoSuchAttribute && code == ResultCode.NO_SUCH_ATTRIBUTE) )

        {

            return;

        }