Loading projects/cadcAccessControl-Server/build.xml +2 −2 Original line number Diff line number Diff line Loading @@ -69,7 +69,7 @@ <!DOCTYPE project> <project default="build" basedir="."> <project name="cadcAccessControl-Server" default="build" basedir="."> <property environment="env"/> <property file="local.build.properties" /> Loading projects/cadcAccessControl-Server/config/.dbrc_example 0 → 100644 +2 −0 Original line number Diff line number Diff line #server proxyuser proxyUserDN password driver serverURL <server hostname> <proxyUser in LdapConfig.properties> <proxyUserLdapDN> <password> N/A N/A projects/cadcAccessControl-Server/config/LdapConfig.properties +7 −9 Original line number Diff line number Diff line # This are the configuration fields required by the Ldap ldap-dao unit tests server = mach275.cadc.dao.nrc.ca port = 389 admin = uid=webproxy,ou=administrators,ou=topologymanagement,o=netscaperoot passwd = go4it usersDn = ou=Users,ou=ds,dc=canfar,dc=net groupsDn = ou=Groups,ou=ds,dc=canfar,dc=net deletedGroupsDN = ou=DeletedGroups,ou=ds,dc=canfar,dc=net testGroupsDN = ou=TestGroups,ou=ds,dc=canfar,dc=net No newline at end of file # This are the configuration fields required by the Ldap server = <name of server> port = <389 or 636> proxyUser = <name of proxy user> usersDn = <DN of users branch> groupsDn = <DN of groups branch> adminGroupsDn = <DN of admin groups> projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/GroupPersistence.java +4 −1 Original line number Diff line number Diff line Loading @@ -118,10 +118,13 @@ public abstract interface GroupPersistence<T extends Principal> * @throws TransientException If an temporary, unexpected problem occurred. * @throws AccessControlException If the operation is not permitted. * @throws UserNotFoundException If owner or a member not valid user. * @throws GroupNotFoundException if one of the groups in group members or * group admins does not exist in the server. */ public abstract Group addGroup(Group group) throws GroupAlreadyExistsException, TransientException, AccessControlException, UserNotFoundException; AccessControlException, UserNotFoundException, GroupNotFoundException; /** * Deletes the group. Loading projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapConfig.java +97 −91 Original line number Diff line number Diff line Loading @@ -68,14 +68,24 @@ */ package ca.nrc.cadc.ac.server.ldap; import java.io.FileNotFoundException; import java.io.IOException; import java.net.URL; import java.util.Properties; import java.util.List; import org.apache.log4j.Logger; import ca.nrc.cadc.db.ConnectionConfig; import ca.nrc.cadc.db.DBConfig; import ca.nrc.cadc.util.MultiValuedProperties; import ca.nrc.cadc.util.PropertiesReader; import ca.nrc.cadc.util.StringUtil; /** * Reads and stores the LDAP configuration information. The information * * @author adriand * */ public class LdapConfig { private static final Logger logger = Logger.getLogger(LdapConfig.class); Loading @@ -84,15 +94,11 @@ public class LdapConfig ".properties"; public static final String LDAP_SERVER = "server"; public static final String LDAP_PORT = "port"; public static final String LDAP_ADMIN = "admin"; public static final String LDAP_PASSWD = "passwd"; public static final String LDAP_SERVER_PROXY_USER = "proxyUser"; public static final String LDAP_USERS_DN = "usersDn"; public static final String LDAP_GROUPS_DN = "groupsDn"; public static final String LDAP_ADMIN_GROUPS_DN = "adminGroupsDn"; public static final String LDAP_AVAIL_TEST_GROUP = "availabilityTestGroup"; public static final String LDAP_AVAIL_TEST_CALLING_USER_DN = "availabilityTestCallingUserDN"; private final static int SECURE_PORT = 636; private String usersDN; Loading @@ -100,111 +106,110 @@ public class LdapConfig private String adminGroupsDN; private String server; private int port; private String adminUserDN; private String adminPasswd; private String availabilityTestGroup; private String availabilityTestCallingUserDN; private String proxyUserDN; private String proxyPasswd; public static LdapConfig getLdapConfig() { Properties config = new Properties(); URL url = null; try public String getProxyUserDN() { url = LdapConfig.class.getClassLoader().getResource(CONFIG); logger.debug("Using config from: " + url); if (url != null) { config.load(url.openStream()); return proxyUserDN; } else public String getProxyPasswd() { throw new IOException("File not found"); return proxyPasswd; } public static LdapConfig getLdapConfig() { return getLdapConfig(CONFIG); } catch (Exception ex) public static LdapConfig getLdapConfig(final String ldapProperties) { throw new RuntimeException("failed to read " + CONFIG + " from " + url, ex); PropertiesReader pr = new PropertiesReader(ldapProperties); MultiValuedProperties config = pr.getAllProperties(); if (config.keySet() == null) { throw new RuntimeException("failed to read any LDAP property "); } String server = config.getProperty(LDAP_SERVER); if (!StringUtil.hasText(server)) List<String> prop = config.getProperty(LDAP_SERVER); if ((prop == null) || (prop.size() != 1)) { throw new RuntimeException("failed to read property " + LDAP_SERVER); } String server = prop.get(0); String port = config.getProperty(LDAP_PORT); if (!StringUtil.hasText(port)) prop = config.getProperty(LDAP_PORT); if ((prop == null) || (prop.size() != 1)) { throw new RuntimeException("failed to read property " + LDAP_PORT); } int port = Integer.valueOf(prop.get(0)); String ldapAdmin = config.getProperty(LDAP_ADMIN); if (!StringUtil.hasText(ldapAdmin)) { throw new RuntimeException("failed to read property " + LDAP_ADMIN); } String ldapPasswd = config.getProperty(LDAP_PASSWD); if (!StringUtil.hasText(ldapPasswd)) prop = config.getProperty(LDAP_SERVER_PROXY_USER); if ((prop == null) || (prop.size() != 1)) { throw new RuntimeException("failed to read property " + LDAP_PASSWD); LDAP_SERVER_PROXY_USER); } String ldapProxy = prop.get(0); String ldapUsersDn = config.getProperty(LDAP_USERS_DN); if (!StringUtil.hasText(ldapUsersDn)) prop = config.getProperty(LDAP_USERS_DN); if ((prop == null) || (prop.size() != 1)) { throw new RuntimeException("failed to read property " + LDAP_USERS_DN); } String ldapUsersDn = prop.get(0); String ldapGroupsDn = config.getProperty(LDAP_GROUPS_DN); if (!StringUtil.hasText(ldapGroupsDn)) prop = config.getProperty(LDAP_GROUPS_DN); if ((prop == null) || (prop.size() != 1)) { throw new RuntimeException("failed to read property " + LDAP_GROUPS_DN); } String ldapGroupsDn = prop.get(0); String ldapAdminGroupsDn = config.getProperty(LDAP_ADMIN_GROUPS_DN); if (!StringUtil.hasText(ldapAdminGroupsDn)) prop = config.getProperty(LDAP_ADMIN_GROUPS_DN); if ((prop == null) || (prop.size() != 1)) { throw new RuntimeException("failed to read property " + LDAP_ADMIN_GROUPS_DN); } String ldapAdminGroupsDn = prop.get(0); String availGroup = config.getProperty(LDAP_AVAIL_TEST_GROUP); if (!StringUtil.hasText(availGroup)) DBConfig dbConfig; try { throw new RuntimeException("failed to read property " + LDAP_AVAIL_TEST_GROUP); dbConfig = new DBConfig(); } String availUser = config.getProperty(LDAP_AVAIL_TEST_CALLING_USER_DN); if (!StringUtil.hasText(availUser)) catch (FileNotFoundException e) { throw new RuntimeException("failed to read property " + LDAP_AVAIL_TEST_CALLING_USER_DN); throw new RuntimeException("failed to find .dbrc file "); } return new LdapConfig(server, Integer.valueOf(port), ldapAdmin, ldapPasswd, ldapUsersDn, ldapGroupsDn, ldapAdminGroupsDn, availGroup, availUser); catch (IOException e) { throw new RuntimeException("failed to read .dbrc file "); } public LdapConfig(String server, int port, String adminUserDN, String adminPasswd, String usersDN, String groupsDN, String adminGroupsDN) ConnectionConfig cc = dbConfig.getConnectionConfig(server, ldapProxy); if ( (cc == null) || (cc.getUsername() == null) || (cc.getPassword() == null)) { this(server, port, adminUserDN, adminPasswd, usersDN, groupsDN, adminGroupsDN, null, null); throw new RuntimeException("failed to find connection info in ~/.dbrc"); } public LdapConfig(String server, int port, String adminUserDN, String adminPasswd, String usersDN, String groupsDN, String adminGroupsDN, String availGroup, String availUser) return new LdapConfig(server, Integer.valueOf(port), cc.getUsername(), cc.getPassword(), ldapUsersDn, ldapGroupsDn, ldapAdminGroupsDn); } public LdapConfig(String server, int port, String proxyUserDN, String proxyPasswd, String usersDN, String groupsDN, String adminGroupsDN) { if (!StringUtil.hasText(server)) { Loading @@ -215,11 +220,11 @@ public class LdapConfig throw new IllegalArgumentException("Illegal LDAP server port: " + port); } if (!StringUtil.hasText(adminUserDN)) if (!StringUtil.hasText(proxyUserDN)) { throw new IllegalArgumentException("Illegal Admin DN"); } if (!StringUtil.hasText(adminPasswd)) if (!StringUtil.hasText(proxyPasswd)) { throw new IllegalArgumentException("Illegal Admin password"); } Loading @@ -236,16 +241,14 @@ public class LdapConfig throw new IllegalArgumentException("Illegal admin groups LDAP DN"); } this.server = server; this.port = port; this.adminUserDN = adminUserDN; this.adminPasswd = adminPasswd; this.proxyUserDN = proxyUserDN; this.proxyPasswd = proxyPasswd; this.usersDN = usersDN; this.groupsDN = groupsDN; this.adminGroupsDN = adminGroupsDN; this.availabilityTestGroup = availGroup; this.availabilityTestCallingUserDN = availUser; logger.debug(toString()); } public String getUsersDN() Loading Loading @@ -280,22 +283,25 @@ public class LdapConfig public String getAdminUserDN() { return this.adminUserDN; return this.proxyUserDN; } public String getAdminPasswd() { return this.adminPasswd; return this.proxyPasswd; } public String getAvailabilityTestGroup() public String toString() { return this.availabilityTestGroup; StringBuilder sb = new StringBuilder(); sb.append("server = "); sb.append(server); sb.append(" port = "); sb.append(port); sb.append(" proxyUserDN = "); sb.append(proxyUserDN); sb.append(" proxyPasswd = "); sb.append(proxyPasswd); return sb.toString(); } public String getAvailabilityTestCallingUserDN() { return this.availabilityTestCallingUserDN; } } Loading
projects/cadcAccessControl-Server/build.xml +2 −2 Original line number Diff line number Diff line Loading @@ -69,7 +69,7 @@ <!DOCTYPE project> <project default="build" basedir="."> <project name="cadcAccessControl-Server" default="build" basedir="."> <property environment="env"/> <property file="local.build.properties" /> Loading
projects/cadcAccessControl-Server/config/.dbrc_example 0 → 100644 +2 −0 Original line number Diff line number Diff line #server proxyuser proxyUserDN password driver serverURL <server hostname> <proxyUser in LdapConfig.properties> <proxyUserLdapDN> <password> N/A N/A
projects/cadcAccessControl-Server/config/LdapConfig.properties +7 −9 Original line number Diff line number Diff line # This are the configuration fields required by the Ldap ldap-dao unit tests server = mach275.cadc.dao.nrc.ca port = 389 admin = uid=webproxy,ou=administrators,ou=topologymanagement,o=netscaperoot passwd = go4it usersDn = ou=Users,ou=ds,dc=canfar,dc=net groupsDn = ou=Groups,ou=ds,dc=canfar,dc=net deletedGroupsDN = ou=DeletedGroups,ou=ds,dc=canfar,dc=net testGroupsDN = ou=TestGroups,ou=ds,dc=canfar,dc=net No newline at end of file # This are the configuration fields required by the Ldap server = <name of server> port = <389 or 636> proxyUser = <name of proxy user> usersDn = <DN of users branch> groupsDn = <DN of groups branch> adminGroupsDn = <DN of admin groups>
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/GroupPersistence.java +4 −1 Original line number Diff line number Diff line Loading @@ -118,10 +118,13 @@ public abstract interface GroupPersistence<T extends Principal> * @throws TransientException If an temporary, unexpected problem occurred. * @throws AccessControlException If the operation is not permitted. * @throws UserNotFoundException If owner or a member not valid user. * @throws GroupNotFoundException if one of the groups in group members or * group admins does not exist in the server. */ public abstract Group addGroup(Group group) throws GroupAlreadyExistsException, TransientException, AccessControlException, UserNotFoundException; AccessControlException, UserNotFoundException, GroupNotFoundException; /** * Deletes the group. Loading
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapConfig.java +97 −91 Original line number Diff line number Diff line Loading @@ -68,14 +68,24 @@ */ package ca.nrc.cadc.ac.server.ldap; import java.io.FileNotFoundException; import java.io.IOException; import java.net.URL; import java.util.Properties; import java.util.List; import org.apache.log4j.Logger; import ca.nrc.cadc.db.ConnectionConfig; import ca.nrc.cadc.db.DBConfig; import ca.nrc.cadc.util.MultiValuedProperties; import ca.nrc.cadc.util.PropertiesReader; import ca.nrc.cadc.util.StringUtil; /** * Reads and stores the LDAP configuration information. The information * * @author adriand * */ public class LdapConfig { private static final Logger logger = Logger.getLogger(LdapConfig.class); Loading @@ -84,15 +94,11 @@ public class LdapConfig ".properties"; public static final String LDAP_SERVER = "server"; public static final String LDAP_PORT = "port"; public static final String LDAP_ADMIN = "admin"; public static final String LDAP_PASSWD = "passwd"; public static final String LDAP_SERVER_PROXY_USER = "proxyUser"; public static final String LDAP_USERS_DN = "usersDn"; public static final String LDAP_GROUPS_DN = "groupsDn"; public static final String LDAP_ADMIN_GROUPS_DN = "adminGroupsDn"; public static final String LDAP_AVAIL_TEST_GROUP = "availabilityTestGroup"; public static final String LDAP_AVAIL_TEST_CALLING_USER_DN = "availabilityTestCallingUserDN"; private final static int SECURE_PORT = 636; private String usersDN; Loading @@ -100,111 +106,110 @@ public class LdapConfig private String adminGroupsDN; private String server; private int port; private String adminUserDN; private String adminPasswd; private String availabilityTestGroup; private String availabilityTestCallingUserDN; private String proxyUserDN; private String proxyPasswd; public static LdapConfig getLdapConfig() { Properties config = new Properties(); URL url = null; try public String getProxyUserDN() { url = LdapConfig.class.getClassLoader().getResource(CONFIG); logger.debug("Using config from: " + url); if (url != null) { config.load(url.openStream()); return proxyUserDN; } else public String getProxyPasswd() { throw new IOException("File not found"); return proxyPasswd; } public static LdapConfig getLdapConfig() { return getLdapConfig(CONFIG); } catch (Exception ex) public static LdapConfig getLdapConfig(final String ldapProperties) { throw new RuntimeException("failed to read " + CONFIG + " from " + url, ex); PropertiesReader pr = new PropertiesReader(ldapProperties); MultiValuedProperties config = pr.getAllProperties(); if (config.keySet() == null) { throw new RuntimeException("failed to read any LDAP property "); } String server = config.getProperty(LDAP_SERVER); if (!StringUtil.hasText(server)) List<String> prop = config.getProperty(LDAP_SERVER); if ((prop == null) || (prop.size() != 1)) { throw new RuntimeException("failed to read property " + LDAP_SERVER); } String server = prop.get(0); String port = config.getProperty(LDAP_PORT); if (!StringUtil.hasText(port)) prop = config.getProperty(LDAP_PORT); if ((prop == null) || (prop.size() != 1)) { throw new RuntimeException("failed to read property " + LDAP_PORT); } int port = Integer.valueOf(prop.get(0)); String ldapAdmin = config.getProperty(LDAP_ADMIN); if (!StringUtil.hasText(ldapAdmin)) { throw new RuntimeException("failed to read property " + LDAP_ADMIN); } String ldapPasswd = config.getProperty(LDAP_PASSWD); if (!StringUtil.hasText(ldapPasswd)) prop = config.getProperty(LDAP_SERVER_PROXY_USER); if ((prop == null) || (prop.size() != 1)) { throw new RuntimeException("failed to read property " + LDAP_PASSWD); LDAP_SERVER_PROXY_USER); } String ldapProxy = prop.get(0); String ldapUsersDn = config.getProperty(LDAP_USERS_DN); if (!StringUtil.hasText(ldapUsersDn)) prop = config.getProperty(LDAP_USERS_DN); if ((prop == null) || (prop.size() != 1)) { throw new RuntimeException("failed to read property " + LDAP_USERS_DN); } String ldapUsersDn = prop.get(0); String ldapGroupsDn = config.getProperty(LDAP_GROUPS_DN); if (!StringUtil.hasText(ldapGroupsDn)) prop = config.getProperty(LDAP_GROUPS_DN); if ((prop == null) || (prop.size() != 1)) { throw new RuntimeException("failed to read property " + LDAP_GROUPS_DN); } String ldapGroupsDn = prop.get(0); String ldapAdminGroupsDn = config.getProperty(LDAP_ADMIN_GROUPS_DN); if (!StringUtil.hasText(ldapAdminGroupsDn)) prop = config.getProperty(LDAP_ADMIN_GROUPS_DN); if ((prop == null) || (prop.size() != 1)) { throw new RuntimeException("failed to read property " + LDAP_ADMIN_GROUPS_DN); } String ldapAdminGroupsDn = prop.get(0); String availGroup = config.getProperty(LDAP_AVAIL_TEST_GROUP); if (!StringUtil.hasText(availGroup)) DBConfig dbConfig; try { throw new RuntimeException("failed to read property " + LDAP_AVAIL_TEST_GROUP); dbConfig = new DBConfig(); } String availUser = config.getProperty(LDAP_AVAIL_TEST_CALLING_USER_DN); if (!StringUtil.hasText(availUser)) catch (FileNotFoundException e) { throw new RuntimeException("failed to read property " + LDAP_AVAIL_TEST_CALLING_USER_DN); throw new RuntimeException("failed to find .dbrc file "); } return new LdapConfig(server, Integer.valueOf(port), ldapAdmin, ldapPasswd, ldapUsersDn, ldapGroupsDn, ldapAdminGroupsDn, availGroup, availUser); catch (IOException e) { throw new RuntimeException("failed to read .dbrc file "); } public LdapConfig(String server, int port, String adminUserDN, String adminPasswd, String usersDN, String groupsDN, String adminGroupsDN) ConnectionConfig cc = dbConfig.getConnectionConfig(server, ldapProxy); if ( (cc == null) || (cc.getUsername() == null) || (cc.getPassword() == null)) { this(server, port, adminUserDN, adminPasswd, usersDN, groupsDN, adminGroupsDN, null, null); throw new RuntimeException("failed to find connection info in ~/.dbrc"); } public LdapConfig(String server, int port, String adminUserDN, String adminPasswd, String usersDN, String groupsDN, String adminGroupsDN, String availGroup, String availUser) return new LdapConfig(server, Integer.valueOf(port), cc.getUsername(), cc.getPassword(), ldapUsersDn, ldapGroupsDn, ldapAdminGroupsDn); } public LdapConfig(String server, int port, String proxyUserDN, String proxyPasswd, String usersDN, String groupsDN, String adminGroupsDN) { if (!StringUtil.hasText(server)) { Loading @@ -215,11 +220,11 @@ public class LdapConfig throw new IllegalArgumentException("Illegal LDAP server port: " + port); } if (!StringUtil.hasText(adminUserDN)) if (!StringUtil.hasText(proxyUserDN)) { throw new IllegalArgumentException("Illegal Admin DN"); } if (!StringUtil.hasText(adminPasswd)) if (!StringUtil.hasText(proxyPasswd)) { throw new IllegalArgumentException("Illegal Admin password"); } Loading @@ -236,16 +241,14 @@ public class LdapConfig throw new IllegalArgumentException("Illegal admin groups LDAP DN"); } this.server = server; this.port = port; this.adminUserDN = adminUserDN; this.adminPasswd = adminPasswd; this.proxyUserDN = proxyUserDN; this.proxyPasswd = proxyPasswd; this.usersDN = usersDN; this.groupsDN = groupsDN; this.adminGroupsDN = adminGroupsDN; this.availabilityTestGroup = availGroup; this.availabilityTestCallingUserDN = availUser; logger.debug(toString()); } public String getUsersDN() Loading Loading @@ -280,22 +283,25 @@ public class LdapConfig public String getAdminUserDN() { return this.adminUserDN; return this.proxyUserDN; } public String getAdminPasswd() { return this.adminPasswd; return this.proxyPasswd; } public String getAvailabilityTestGroup() public String toString() { return this.availabilityTestGroup; StringBuilder sb = new StringBuilder(); sb.append("server = "); sb.append(server); sb.append(" port = "); sb.append(port); sb.append(" proxyUserDN = "); sb.append(proxyUserDN); sb.append(" proxyPasswd = "); sb.append(proxyPasswd); return sb.toString(); } public String getAvailabilityTestCallingUserDN() { return this.availabilityTestCallingUserDN; } }
