Story 1657 rework. Updated based on Brian's review comments. Moved...

  <property name="cadcUtil" value="${lib}/cadcUtil.jar"/>

  <property name="cadcUWS" value="${lib}/cadcUWS.jar"/>

  <property name="wsUtil" value="${lib}/wsUtil.jar"/>

  <property name="wsUtil-augment" value="${lib}/wsUtil-augment.jar"/>

  <property name="javacsv" value="${ext.lib}/javacsv.jar"/>

  <property name="jdom2" value="${ext.lib}/jdom2.jar"/>

  <property name="xerces" value="${ext.lib}/xerces.jar"/>

  <property name="jars"

            value="${javacsv}:${jdom2}:${log4j}:${servlet}:${unboundid}:${xerces}:${cadcAccessControl}:${cadcLog}:${cadcRegistry}:${cadcUtil}:${cadcUWS}:${wsUtil}"/>

            value="${javacsv}:${jdom2}:${log4j}:${servlet}:${unboundid}:${xerces}:${cadcAccessControl}:${cadcLog}:${cadcRegistry}:${cadcUtil}:${cadcUWS}:${wsUtil}:${wsUtil-augment}"/>

  <target name="build" depends="compile">

    <jar jarfile="${build}/lib/${project}.jar"

import ca.nrc.cadc.ac.User;

import ca.nrc.cadc.ac.UserNotFoundException;

import ca.nrc.cadc.ac.server.UserPersistence;

import ca.nrc.cadc.auth.HttpPrincipal;

import ca.nrc.cadc.auth.NumericPrincipal;

import java.security.AccessControlContext;

import java.security.AccessController;

import org.apache.log4j.Logger;

import com.sun.security.auth.X500Principal;

public class GetUserAction extends AbstractUserAction

{

	public void doAction() throws Exception

    {

		log.debug("alinga-- GetUserAction.doAction(): enter");

        User<Principal> user;

        if (isServops())

        if (isAugmentUser())

        {

    		log.debug("alinga-- GetUserAction.doAction(): is an augment user");

    		Subject subject = new Subject();

        	subject.getPrincipals().add(this.userID);

        	user = (User<Principal>) Subject.doAs(subject, new PrivilegedExceptionAction<Object>()

        	user = Subject.doAs(subject, new PrivilegedExceptionAction<User<Principal>>()

        	{

				@Override

				public Object run() throws Exception 

				public User<Principal> run() throws Exception 

				{

					return getUser(userID);

				}

        }

        else

        {

    		log.debug("alinga-- GetUserAction.doAction(): is not an augment user");

        	user = getUser(this.userID);

        }

        writeUser(user);

		log.debug("alinga-- GetUserAction.doAction(): exit");

    }

    protected User<Principal> getUser(Principal principal) throws Exception

    	try

        {

            user = userPersistence.getUser(principal);

        }

        catch (UserNotFoundException e)

        {

            user = userPersistence.getPendingUser(principal);

        }

        if (detail != null)

        {

            // Only return user principals

                throw new IllegalArgumentException("Illegal detail parameter " + detail);

            }

        }

        }

        catch (UserNotFoundException e)

        {

            user = userPersistence.getPendingUser(principal);

        }

        return user;

    }

    protected boolean isServops()

    protected boolean isAugmentUser()

    {

    	boolean isServops = false;

        AccessControlContext acc = AccessController.getContext();

        Subject subject = Subject.getSubject(acc);

        if (subject != null)

        {

        	for (Principal principal : subject.getPrincipals())

        	log.debug("alinga-- GetUserAction.isAugmentUser(): subject is not null.");        	

        	for (Principal principal : subject.getPrincipals(X500Principal.class))

        	{

        		log.debug("alinga-- GetUserAction.isAugmentUser(): principal = " + principal);

        		log.debug("alinga-- GetUserAction.isAugmentUser(): principal name = " + principal.getName());

        		log.debug("alinga-- GetUserAction.isAugmentUser(): augmentUserDN = " + this.getAugmentUserDN());

            	if (principal instanceof X500Principal)

            	{

            		log.debug("alinga-- UserClientTest constructor(): servops is X500Principal.");

            	}

            	else if (principal instanceof HttpPrincipal)

            	{

            		log.debug("alinga-- UserClientTest constructor(): servops is X500Principal.");

            	}

            	else if (principal instanceof NumericPrincipal)

            	{

            		log.debug("alinga-- UserClientTest constructor(): servops is X500Principal.");

            	}

            	else

            	{

            		log.debug("alinga-- UserClientTest constructor(): servops is unknown principal.");

            	}

            	if (principal.getName().equals(this.getAugmentUserDN()))

        		{

        			isServops = true;

        			break;

        			return true;

        		}

        	}

        }

        return isServops;

        return false;

    }

}

 */

package ca.nrc.cadc.ac.server.web.users;

import ca.nrc.cadc.ac.IdentityType;

import ca.nrc.cadc.ac.User;

import ca.nrc.cadc.ac.server.web.WebUtil;

import ca.nrc.cadc.auth.CookiePrincipal;

import ca.nrc.cadc.auth.HttpPrincipal;

import ca.nrc.cadc.auth.IdentityType;

import ca.nrc.cadc.auth.NumericPrincipal;

import ca.nrc.cadc.auth.OpenIdPrincipal;

import java.io.IOException;

import java.net.URL;

import java.security.Principal;

import javax.security.auth.x500.X500Principal;

import javax.servlet.http.HttpServletRequest;

import ca.nrc.cadc.ac.Role;

import ca.nrc.cadc.ac.server.web.groups.AddUserMemberActionTest;

import ca.nrc.cadc.auth.AuthenticationUtil;

import ca.nrc.cadc.auth.IdentityType;

import ca.nrc.cadc.util.Log4jInit;

import ca.nrc.cadc.uws.Parameter;

import java.util.ArrayList;

import java.util.List;

import org.apache.log4j.Level;

import org.apache.log4j.Logger;

import org.junit.BeforeClass;

import org.junit.Test;

import static org.junit.Assert.*;

/**

            paramList.clear();

            paramList.add(new Parameter("ID", "foo"));

            paramList.add(new Parameter("IDTYPE", AuthenticationUtil.AUTH_TYPE_HTTP));

            paramList.add(new Parameter("IDTYPE", IdentityType.USERNAME.getValue()));

            paramList.add(new Parameter("ROLE", "foo"));

            try

            {

            paramList.clear();

            paramList.add(new Parameter("ID", "foo"));

            paramList.add(new Parameter("IDTYPE", AuthenticationUtil.AUTH_TYPE_HTTP));

            paramList.add(new Parameter("IDTYPE", IdentityType.USERNAME.getValue()));

            paramList.add(new Parameter("ROLE", "foo"));

            paramList.add(new Parameter("GROUPID", ""));

            try

            paramList.clear();

            paramList.add(new Parameter("ID", "foo"));

            paramList.add(new Parameter("IDTYPE", AuthenticationUtil.AUTH_TYPE_HTTP));

            paramList.add(new Parameter("IDTYPE", IdentityType.USERNAME.getValue()));

            paramList.add(new Parameter("ROLE", Role.MEMBER.getValue()));

            rv.validate(paramList);

import ca.nrc.cadc.ac.server.GroupPersistence;

import ca.nrc.cadc.ac.server.UserPersistence;

import ca.nrc.cadc.auth.AuthenticationUtil;

import ca.nrc.cadc.auth.IdentityType;

import ca.nrc.cadc.util.Log4jInit;

import java.security.Principal;

import org.apache.log4j.Level;

        try

        {

            String userID = "foo";

            String userIDType = AuthenticationUtil.AUTH_TYPE_HTTP;

            String userIDType = IdentityType.USERNAME.getValue();

            Principal userPrincipal = AuthenticationUtil.createPrincipal(userID, userIDType);

            User<Principal> user = new User<Principal>(userPrincipal);

        try

        {

            String userID = "foo";

            String userIDType = AuthenticationUtil.AUTH_TYPE_HTTP;

            String userIDType = IdentityType.USERNAME.getValue();

            Principal userPrincipal = AuthenticationUtil.createPrincipal(userID, userIDType);

            User<Principal> user = new User<Principal>(userPrincipal);