Loading projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/UserAlreadyExistsException.java 0 → 100644 +85 −0 Original line number Diff line number Diff line /* ************************************************************************ ******************* CANADIAN ASTRONOMY DATA CENTRE ******************* ************** CENTRE CANADIEN DE DONNÉES ASTRONOMIQUES ************** * * (c) 2015. (c) 2015. * Government of Canada Gouvernement du Canada * National Research Council Conseil national de recherches * Ottawa, Canada, K1A 0R6 Ottawa, Canada, K1A 0R6 * All rights reserved Tous droits réservés * * NRC disclaims any warranties, Le CNRC dénie toute garantie * expressed, implied, or énoncée, implicite ou légale, * statutory, of any kind with de quelque nature que ce * respect to the software, soit, concernant le logiciel, * including without limitation y compris sans restriction * any warranty of merchantability toute garantie de valeur * or fitness for a particular marchande ou de pertinence * purpose. NRC shall not be pour un usage particulier. * liable in any event for any Le CNRC ne pourra en aucun cas * damages, whether direct or être tenu responsable de tout * indirect, special or general, dommage, direct ou indirect, * consequential or incidental, particulier ou général, * arising from the use of the accessoire ou fortuit, résultant * software. Neither the name de l'utilisation du logiciel. Ni * of the National Research le nom du Conseil National de * Council of Canada nor the Recherches du Canada ni les noms * names of its contributors may de ses participants ne peuvent * be used to endorse or promote être utilisés pour approuver ou * products derived from this promouvoir les produits dérivés * software without specific prior de ce logiciel sans autorisation * written permission. préalable et particulière * par écrit. * * This file is part of the Ce fichier fait partie du projet * OpenCADC project. OpenCADC. * * OpenCADC is free software: OpenCADC est un logiciel libre ; * you can redistribute it and/or vous pouvez le redistribuer ou le * modify it under the terms of modifier suivant les termes de * the GNU Affero General Public la “GNU Affero General Public * License as published by the License” telle que publiée * Free Software Foundation, par la Free Software Foundation * either version 3 of the : soit la version 3 de cette * License, or (at your option) licence, soit (à votre gré) * any later version. toute version ultérieure. * * OpenCADC is distributed in the OpenCADC est distribué * hope that it will be useful, dans l’espoir qu’il vous * but WITHOUT ANY WARRANTY; sera utile, mais SANS AUCUNE * without even the implied GARANTIE : sans même la garantie * warranty of MERCHANTABILITY implicite de COMMERCIALISABILITÉ * or FITNESS FOR A PARTICULAR ni d’ADÉQUATION À UN OBJECTIF * PURPOSE. See the GNU Affero PARTICULIER. Consultez la Licence * General Public License for Générale Publique GNU Affero * more details. pour plus de détails. * * You should have received Vous devriez avoir reçu une * a copy of the GNU Affero copie de la Licence Générale * General Public License along Publique GNU Affero avec * with OpenCADC. If not, see OpenCADC ; si ce n’est * <http://www.gnu.org/licenses/>. pas le cas, consultez : * <http://www.gnu.org/licenses/>. * * ************************************************************************ */ package ca.nrc.cadc.ac; public class UserAlreadyExistsException extends Exception { /** * Constructs a new exception with the specified detail message. The * cause is not initialized, and may subsequently be initialized by * a call to {@link #initCause}. * * @param message the detail message. The detail message is saved for * later retrieval by the {@link #getMessage()} method. */ public UserAlreadyExistsException(String message) { super(message); } } projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/UserPersistence.java +3 −1 Original line number Diff line number Diff line Loading @@ -73,6 +73,7 @@ import java.security.Principal; import java.util.Collection; import ca.nrc.cadc.ac.User; import ca.nrc.cadc.ac.UserAlreadyExistsException; import ca.nrc.cadc.ac.UserNotFoundException; import ca.nrc.cadc.ac.UserRequest; import ca.nrc.cadc.net.TransientException; Loading Loading @@ -102,7 +103,8 @@ public interface UserPersistence<T extends Principal> * @throws AccessControlException If the operation is not permitted. */ User<T> addUser(UserRequest<T> user) throws TransientException, AccessControlException; throws TransientException, AccessControlException, UserAlreadyExistsException; /** * Get the user specified by userID. Loading projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapDAO.java +6 −5 Original line number Diff line number Diff line Loading @@ -68,6 +68,7 @@ */ package ca.nrc.cadc.ac.server.ldap; import ca.nrc.cadc.ac.UserAlreadyExistsException; import ca.nrc.cadc.auth.HttpPrincipal; import ca.nrc.cadc.auth.NumericPrincipal; import ca.nrc.cadc.auth.OpenIdPrincipal; Loading @@ -78,6 +79,8 @@ import com.unboundid.ldap.sdk.LDAPException; import com.unboundid.ldap.sdk.ResultCode; import com.unboundid.ldap.sdk.SearchResult; import com.unboundid.ldap.sdk.SearchScope; import java.nio.file.FileAlreadyExistsException; import java.security.AccessControlException; import java.security.AccessController; import java.security.GeneralSecurityException; Loading Loading @@ -242,8 +245,7 @@ public abstract class LdapDAO { throw new AccessControlException("Invalid credentials "); } else if ((code == ResultCode.SUCCESS) || (code == ResultCode.NO_SUCH_OBJECT)) else if ((code == ResultCode.SUCCESS) || (code == ResultCode.NO_SUCH_OBJECT)) { // all good. nothing to do } Loading @@ -251,8 +253,7 @@ public abstract class LdapDAO { throw new IllegalArgumentException("Error in Ldap parameters "); } else if (code == ResultCode.BUSY || code == ResultCode.CONNECT_ERROR) else if (code == ResultCode.BUSY || code == ResultCode.CONNECT_ERROR) { throw new TransientException("Connection problems "); } Loading projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java +134 −93 Original line number Diff line number Diff line Loading @@ -96,6 +96,7 @@ import java.util.Map; import javax.security.auth.x500.X500Principal; import org.apache.log4j.Logger; public class LdapUserDAO<T extends Principal> extends LdapDAO { private static final Logger logger = Logger.getLogger(LdapUserDAO.class); Loading Loading @@ -129,8 +130,10 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO private String[] userAttribs = new String[] { LDAP_FIRST_NAME, LDAP_LAST_NAME, LDAP_ADDRESS, LDAP_CITY, LDAP_COUNTRY, LDAP_EMAIL, LDAP_INSTITUTE, LDAP_UID, LDAP_UID_NUMBER, LDAP_GID_NUMBER, LDAP_FIRST_NAME, LDAP_LAST_NAME, LDAP_ADDRESS, LDAP_CITY, LDAP_COUNTRY, LDAP_EMAIL, LDAP_INSTITUTE, LDAP_UID, LDAP_UID_NUMBER, LDAP_GID_NUMBER, LDAP_HOME_DIRECTORY, LDAP_LOGIN_SHELL }; private String[] memberAttribs = new String[] Loading Loading @@ -161,7 +164,6 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO } /** * * @return * @throws TransientException */ Loading Loading @@ -217,13 +219,15 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO * @return User instance. * @throws TransientException If an temporary, unexpected problem occurred. * @throws AccessControlException If the operation is not permitted. * @throws UserAlreadyExistsException If the user already exists. */ public User<T> addUser(final UserRequest<T> userRequest) throws TransientException throws TransientException, UserAlreadyExistsException { final User<T> user = userRequest.getUser(); final Class userType = user.getUserID().getClass(); String searchField = userLdapAttrib.get(userType); final String searchField = userLdapAttrib.get(userType); if (searchField == null) { throw new IllegalArgumentException("Unsupported principal type " + userType); Loading @@ -236,16 +240,20 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO List<Attribute> attributes = new ArrayList<Attribute>(); addAttribute(attributes, LDAP_OBJECT_CLASS, LDAP_INET_ORG_PERSON); addAttribute(attributes, LDAP_OBJECT_CLASS, LDAP_CADC_ACCOUNT); addAttribute(attributes, LDAP_COMMON_NAME, user.getUserID().getName()); addAttribute(attributes, LDAP_DISTINGUISHED_NAME, userDN.toNormalizedString()); addAttribute(attributes, LADP_USER_PASSWORD, userRequest.getPassword()); addAttribute(attributes, LDAP_COMMON_NAME, user.getUserID() .getName()); addAttribute(attributes, LDAP_DISTINGUISHED_NAME, userDN .toNormalizedString()); addAttribute(attributes, LADP_USER_PASSWORD, userRequest .getPassword()); for (UserDetails details : user.details) { if (details.getClass() == PersonalDetails.class) { PersonalDetails pd = (PersonalDetails) details; addAttribute(attributes, LDAP_FIRST_NAME, pd.getFirstName()); addAttribute(attributes, LDAP_FIRST_NAME, pd .getFirstName()); addAttribute(attributes, LDAP_LAST_NAME, pd.getLastName()); addAttribute(attributes, LDAP_ADDRESS, pd.address); addAttribute(attributes, LDAP_CITY, pd.city); Loading @@ -257,10 +265,14 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO { PosixDetails pd = (PosixDetails) details; addAttribute(attributes, LDAP_OBJECT_CLASS, LDAP_POSIX_ACCOUNT); addAttribute(attributes, LDAP_UID, Long.toString(pd.getUid())); addAttribute(attributes, LDAP_UID_NUMBER, Long.toString(pd.getUid())); addAttribute(attributes, LDAP_GID_NUMBER, Long.toString(pd.getGid())); addAttribute(attributes, LDAP_HOME_DIRECTORY, pd.getHomeDirectory()); addAttribute(attributes, LDAP_UID, Long .toString(pd.getUid())); addAttribute(attributes, LDAP_UID_NUMBER, Long .toString(pd.getUid())); addAttribute(attributes, LDAP_GID_NUMBER, Long .toString(pd.getGid())); addAttribute(attributes, LDAP_HOME_DIRECTORY, pd .getHomeDirectory()); addAttribute(attributes, LDAP_LOGIN_SHELL, pd.loginShell); } } Loading @@ -278,8 +290,10 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO } catch (UserNotFoundException e) { throw new RuntimeException("BUG: new user " + userDN.toNormalizedString() + " not found, result " + result.getResultCode()); throw new RuntimeException("BUG: new user " + userDN .toNormalizedString() + " not found, result " + result .getResultCode()); } } catch (LDAPException e) Loading @@ -287,7 +301,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO System.out.println("LDAPe: " + e); System.out.println("LDAPrc: " + e.getResultCode()); logger.debug("addUser Exception: " + e, e); LdapDAO.checkLdapResult(e.getResultCode()); LdapUserDAO.checkUserLDAPResult(e.getResultCode()); throw new RuntimeException("Unexpected LDAP exception", e); } } Loading @@ -302,13 +316,13 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO * @throws AccessControlException If the operation is not permitted. */ public User<T> getUser(final T userID) throws UserNotFoundException, TransientException, AccessControlException throws UserNotFoundException, TransientException, AccessControlException { return getUser(userID, config.getUsersDN()); } /** * Get the user specified by userID. * Loading @@ -320,7 +334,8 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO * @throws AccessControlException If the operation is not permitted. */ private User<T> getUser(final T userID, final String usersDN) throws UserNotFoundException, TransientException, AccessControlException throws UserNotFoundException, TransientException, AccessControlException { String searchField = userLdapAttrib.get(userID.getClass()); if (searchField == null) Loading Loading @@ -362,7 +377,8 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO } User<T> user = new User<T>(userID); user.getIdentities().add(new HttpPrincipal(searchResult .getAttributeValue(userLdapAttrib.get(HttpPrincipal.class)))); .getAttributeValue(userLdapAttrib .get(HttpPrincipal.class)))); String fname = searchResult.getAttributeValue(LDAP_FIRST_NAME); String lname = searchResult.getAttributeValue(LDAP_LAST_NAME); Loading @@ -371,16 +387,19 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO personaDetails.city = searchResult.getAttributeValue(LDAP_CITY); personaDetails.country = searchResult.getAttributeValue(LDAP_COUNTRY); personaDetails.email = searchResult.getAttributeValue(LDAP_EMAIL); personaDetails.institute = searchResult.getAttributeValue(LDAP_INSTITUTE); personaDetails.institute = searchResult .getAttributeValue(LDAP_INSTITUTE); user.details.add(personaDetails); Long uid = searchResult.getAttributeValueAsLong(LDAP_UID_NUMBER); Long gid = searchResult.getAttributeValueAsLong(LDAP_GID_NUMBER); String homeDirectory = searchResult.getAttributeValue(LDAP_HOME_DIRECTORY); String homeDirectory = searchResult .getAttributeValue(LDAP_HOME_DIRECTORY); if (uid != null && gid != null && homeDirectory != null) { PosixDetails posixDetails = new PosixDetails(uid, gid, homeDirectory); posixDetails.loginShell = searchResult.getAttributeValue(LDAP_LOGIN_SHELL); posixDetails.loginShell = searchResult .getAttributeValue(LDAP_LOGIN_SHELL); user.details.add(posixDetails); } Loading @@ -402,7 +421,6 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO * Get all group names. * * @return A collection of strings * * @throws TransientException If an temporary, unexpected problem occurred. */ public Collection<String> getUserNames() Loading @@ -411,7 +429,8 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO try { Filter filter = Filter.createPresenceFilter(LDAP_COMMON_NAME); String [] attributes = new String[] {LDAP_COMMON_NAME, LDAP_NSACCOUNTLOCK}; String[] attributes = new String[]{LDAP_COMMON_NAME, LDAP_NSACCOUNTLOCK}; SearchRequest searchRequest = new SearchRequest(config.getGroupsDN(), Loading Loading @@ -447,7 +466,8 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO { logger.debug("getGroupNames Exception: " + e1, e1); LdapDAO.checkLdapResult(e1.getResultCode()); throw new IllegalStateException("Unexpected exception: " + e1.getMatchedDN(), e1); throw new IllegalStateException("Unexpected exception: " + e1 .getMatchedDN(), e1); } } Loading @@ -455,9 +475,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO * Updated the user specified by User. * * @param user * * @return User instance. * * @throws UserNotFoundException when the user is not found. * @throws TransientException If an temporary, unexpected problem occurred. * @throws AccessControlException If the operation is not permitted. Loading @@ -473,7 +491,6 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO * Delete the user specified by userID. * * @param userID The userID. * * @throws UserNotFoundException when the user is not found. * @throws TransientException If an temporary, unexpected problem occurred. * @throws AccessControlException If the operation is not permitted. Loading Loading @@ -539,7 +556,8 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO if (searchResult != null) { String[] members = searchResult.getAttributeValues(LDAP_MEMBEROF); String[] members = searchResult .getAttributeValues(LDAP_MEMBEROF); if (members != null) { for (String member : members) Loading Loading @@ -674,7 +692,8 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO { X500Principal orderedPrincipal = AuthenticationUtil.getOrderedForm( (X500Principal) user.getUserID()); searchField = "(" + searchField + "=" + orderedPrincipal.toString() + ")"; searchField = "(" + searchField + "=" + orderedPrincipal .toString() + ")"; } else { Loading Loading @@ -730,7 +749,8 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO { try { return new DN(LDAP_UID + "=" + userID + "," + config.getUserRequestsDN()); return new DN(LDAP_UID + "=" + userID + "," + config .getUserRequestsDN()); } catch (LDAPException e) { Loading @@ -748,4 +768,25 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO } } /** * Checks the Ldap result code, and if the result is not SUCCESS, * throws an appropriate exception. This is the place to decide on * mapping between ldap errors and exception types * * @param code The code returned from an LDAP request. * @throws TransientException * @throws UserAlreadyExistsException */ protected static void checkUserLDAPResult(final ResultCode code) throws TransientException, UserAlreadyExistsException { if (code == ResultCode.ENTRY_ALREADY_EXISTS) { throw new UserAlreadyExistsException("User already exists."); } else { LdapDAO.checkLdapResult(code); } } } projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserPersistence.java +4 −1 Original line number Diff line number Diff line Loading @@ -69,6 +69,7 @@ package ca.nrc.cadc.ac.server.ldap; import ca.nrc.cadc.ac.User; import ca.nrc.cadc.ac.UserAlreadyExistsException; import ca.nrc.cadc.ac.UserNotFoundException; import ca.nrc.cadc.ac.UserRequest; import ca.nrc.cadc.ac.server.UserPersistence; Loading Loading @@ -127,8 +128,10 @@ public class LdapUserPersistence<T extends Principal> * @throws TransientException If an temporary, unexpected problem occurred. * @throws AccessControlException If the operation is not permitted. */ @Override public User<T> addUser(UserRequest<T> user) throws TransientException, AccessControlException throws TransientException, AccessControlException, UserAlreadyExistsException { LdapUserDAO<T> userDAO = null; try Loading Loading
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/UserAlreadyExistsException.java 0 → 100644 +85 −0 Original line number Diff line number Diff line /* ************************************************************************ ******************* CANADIAN ASTRONOMY DATA CENTRE ******************* ************** CENTRE CANADIEN DE DONNÉES ASTRONOMIQUES ************** * * (c) 2015. (c) 2015. * Government of Canada Gouvernement du Canada * National Research Council Conseil national de recherches * Ottawa, Canada, K1A 0R6 Ottawa, Canada, K1A 0R6 * All rights reserved Tous droits réservés * * NRC disclaims any warranties, Le CNRC dénie toute garantie * expressed, implied, or énoncée, implicite ou légale, * statutory, of any kind with de quelque nature que ce * respect to the software, soit, concernant le logiciel, * including without limitation y compris sans restriction * any warranty of merchantability toute garantie de valeur * or fitness for a particular marchande ou de pertinence * purpose. NRC shall not be pour un usage particulier. * liable in any event for any Le CNRC ne pourra en aucun cas * damages, whether direct or être tenu responsable de tout * indirect, special or general, dommage, direct ou indirect, * consequential or incidental, particulier ou général, * arising from the use of the accessoire ou fortuit, résultant * software. Neither the name de l'utilisation du logiciel. Ni * of the National Research le nom du Conseil National de * Council of Canada nor the Recherches du Canada ni les noms * names of its contributors may de ses participants ne peuvent * be used to endorse or promote être utilisés pour approuver ou * products derived from this promouvoir les produits dérivés * software without specific prior de ce logiciel sans autorisation * written permission. préalable et particulière * par écrit. * * This file is part of the Ce fichier fait partie du projet * OpenCADC project. OpenCADC. * * OpenCADC is free software: OpenCADC est un logiciel libre ; * you can redistribute it and/or vous pouvez le redistribuer ou le * modify it under the terms of modifier suivant les termes de * the GNU Affero General Public la “GNU Affero General Public * License as published by the License” telle que publiée * Free Software Foundation, par la Free Software Foundation * either version 3 of the : soit la version 3 de cette * License, or (at your option) licence, soit (à votre gré) * any later version. toute version ultérieure. * * OpenCADC is distributed in the OpenCADC est distribué * hope that it will be useful, dans l’espoir qu’il vous * but WITHOUT ANY WARRANTY; sera utile, mais SANS AUCUNE * without even the implied GARANTIE : sans même la garantie * warranty of MERCHANTABILITY implicite de COMMERCIALISABILITÉ * or FITNESS FOR A PARTICULAR ni d’ADÉQUATION À UN OBJECTIF * PURPOSE. See the GNU Affero PARTICULIER. Consultez la Licence * General Public License for Générale Publique GNU Affero * more details. pour plus de détails. * * You should have received Vous devriez avoir reçu une * a copy of the GNU Affero copie de la Licence Générale * General Public License along Publique GNU Affero avec * with OpenCADC. If not, see OpenCADC ; si ce n’est * <http://www.gnu.org/licenses/>. pas le cas, consultez : * <http://www.gnu.org/licenses/>. * * ************************************************************************ */ package ca.nrc.cadc.ac; public class UserAlreadyExistsException extends Exception { /** * Constructs a new exception with the specified detail message. The * cause is not initialized, and may subsequently be initialized by * a call to {@link #initCause}. * * @param message the detail message. The detail message is saved for * later retrieval by the {@link #getMessage()} method. */ public UserAlreadyExistsException(String message) { super(message); } }
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/UserPersistence.java +3 −1 Original line number Diff line number Diff line Loading @@ -73,6 +73,7 @@ import java.security.Principal; import java.util.Collection; import ca.nrc.cadc.ac.User; import ca.nrc.cadc.ac.UserAlreadyExistsException; import ca.nrc.cadc.ac.UserNotFoundException; import ca.nrc.cadc.ac.UserRequest; import ca.nrc.cadc.net.TransientException; Loading Loading @@ -102,7 +103,8 @@ public interface UserPersistence<T extends Principal> * @throws AccessControlException If the operation is not permitted. */ User<T> addUser(UserRequest<T> user) throws TransientException, AccessControlException; throws TransientException, AccessControlException, UserAlreadyExistsException; /** * Get the user specified by userID. Loading
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapDAO.java +6 −5 Original line number Diff line number Diff line Loading @@ -68,6 +68,7 @@ */ package ca.nrc.cadc.ac.server.ldap; import ca.nrc.cadc.ac.UserAlreadyExistsException; import ca.nrc.cadc.auth.HttpPrincipal; import ca.nrc.cadc.auth.NumericPrincipal; import ca.nrc.cadc.auth.OpenIdPrincipal; Loading @@ -78,6 +79,8 @@ import com.unboundid.ldap.sdk.LDAPException; import com.unboundid.ldap.sdk.ResultCode; import com.unboundid.ldap.sdk.SearchResult; import com.unboundid.ldap.sdk.SearchScope; import java.nio.file.FileAlreadyExistsException; import java.security.AccessControlException; import java.security.AccessController; import java.security.GeneralSecurityException; Loading Loading @@ -242,8 +245,7 @@ public abstract class LdapDAO { throw new AccessControlException("Invalid credentials "); } else if ((code == ResultCode.SUCCESS) || (code == ResultCode.NO_SUCH_OBJECT)) else if ((code == ResultCode.SUCCESS) || (code == ResultCode.NO_SUCH_OBJECT)) { // all good. nothing to do } Loading @@ -251,8 +253,7 @@ public abstract class LdapDAO { throw new IllegalArgumentException("Error in Ldap parameters "); } else if (code == ResultCode.BUSY || code == ResultCode.CONNECT_ERROR) else if (code == ResultCode.BUSY || code == ResultCode.CONNECT_ERROR) { throw new TransientException("Connection problems "); } Loading
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java +134 −93 Original line number Diff line number Diff line Loading @@ -96,6 +96,7 @@ import java.util.Map; import javax.security.auth.x500.X500Principal; import org.apache.log4j.Logger; public class LdapUserDAO<T extends Principal> extends LdapDAO { private static final Logger logger = Logger.getLogger(LdapUserDAO.class); Loading Loading @@ -129,8 +130,10 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO private String[] userAttribs = new String[] { LDAP_FIRST_NAME, LDAP_LAST_NAME, LDAP_ADDRESS, LDAP_CITY, LDAP_COUNTRY, LDAP_EMAIL, LDAP_INSTITUTE, LDAP_UID, LDAP_UID_NUMBER, LDAP_GID_NUMBER, LDAP_FIRST_NAME, LDAP_LAST_NAME, LDAP_ADDRESS, LDAP_CITY, LDAP_COUNTRY, LDAP_EMAIL, LDAP_INSTITUTE, LDAP_UID, LDAP_UID_NUMBER, LDAP_GID_NUMBER, LDAP_HOME_DIRECTORY, LDAP_LOGIN_SHELL }; private String[] memberAttribs = new String[] Loading Loading @@ -161,7 +164,6 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO } /** * * @return * @throws TransientException */ Loading Loading @@ -217,13 +219,15 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO * @return User instance. * @throws TransientException If an temporary, unexpected problem occurred. * @throws AccessControlException If the operation is not permitted. * @throws UserAlreadyExistsException If the user already exists. */ public User<T> addUser(final UserRequest<T> userRequest) throws TransientException throws TransientException, UserAlreadyExistsException { final User<T> user = userRequest.getUser(); final Class userType = user.getUserID().getClass(); String searchField = userLdapAttrib.get(userType); final String searchField = userLdapAttrib.get(userType); if (searchField == null) { throw new IllegalArgumentException("Unsupported principal type " + userType); Loading @@ -236,16 +240,20 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO List<Attribute> attributes = new ArrayList<Attribute>(); addAttribute(attributes, LDAP_OBJECT_CLASS, LDAP_INET_ORG_PERSON); addAttribute(attributes, LDAP_OBJECT_CLASS, LDAP_CADC_ACCOUNT); addAttribute(attributes, LDAP_COMMON_NAME, user.getUserID().getName()); addAttribute(attributes, LDAP_DISTINGUISHED_NAME, userDN.toNormalizedString()); addAttribute(attributes, LADP_USER_PASSWORD, userRequest.getPassword()); addAttribute(attributes, LDAP_COMMON_NAME, user.getUserID() .getName()); addAttribute(attributes, LDAP_DISTINGUISHED_NAME, userDN .toNormalizedString()); addAttribute(attributes, LADP_USER_PASSWORD, userRequest .getPassword()); for (UserDetails details : user.details) { if (details.getClass() == PersonalDetails.class) { PersonalDetails pd = (PersonalDetails) details; addAttribute(attributes, LDAP_FIRST_NAME, pd.getFirstName()); addAttribute(attributes, LDAP_FIRST_NAME, pd .getFirstName()); addAttribute(attributes, LDAP_LAST_NAME, pd.getLastName()); addAttribute(attributes, LDAP_ADDRESS, pd.address); addAttribute(attributes, LDAP_CITY, pd.city); Loading @@ -257,10 +265,14 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO { PosixDetails pd = (PosixDetails) details; addAttribute(attributes, LDAP_OBJECT_CLASS, LDAP_POSIX_ACCOUNT); addAttribute(attributes, LDAP_UID, Long.toString(pd.getUid())); addAttribute(attributes, LDAP_UID_NUMBER, Long.toString(pd.getUid())); addAttribute(attributes, LDAP_GID_NUMBER, Long.toString(pd.getGid())); addAttribute(attributes, LDAP_HOME_DIRECTORY, pd.getHomeDirectory()); addAttribute(attributes, LDAP_UID, Long .toString(pd.getUid())); addAttribute(attributes, LDAP_UID_NUMBER, Long .toString(pd.getUid())); addAttribute(attributes, LDAP_GID_NUMBER, Long .toString(pd.getGid())); addAttribute(attributes, LDAP_HOME_DIRECTORY, pd .getHomeDirectory()); addAttribute(attributes, LDAP_LOGIN_SHELL, pd.loginShell); } } Loading @@ -278,8 +290,10 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO } catch (UserNotFoundException e) { throw new RuntimeException("BUG: new user " + userDN.toNormalizedString() + " not found, result " + result.getResultCode()); throw new RuntimeException("BUG: new user " + userDN .toNormalizedString() + " not found, result " + result .getResultCode()); } } catch (LDAPException e) Loading @@ -287,7 +301,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO System.out.println("LDAPe: " + e); System.out.println("LDAPrc: " + e.getResultCode()); logger.debug("addUser Exception: " + e, e); LdapDAO.checkLdapResult(e.getResultCode()); LdapUserDAO.checkUserLDAPResult(e.getResultCode()); throw new RuntimeException("Unexpected LDAP exception", e); } } Loading @@ -302,13 +316,13 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO * @throws AccessControlException If the operation is not permitted. */ public User<T> getUser(final T userID) throws UserNotFoundException, TransientException, AccessControlException throws UserNotFoundException, TransientException, AccessControlException { return getUser(userID, config.getUsersDN()); } /** * Get the user specified by userID. * Loading @@ -320,7 +334,8 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO * @throws AccessControlException If the operation is not permitted. */ private User<T> getUser(final T userID, final String usersDN) throws UserNotFoundException, TransientException, AccessControlException throws UserNotFoundException, TransientException, AccessControlException { String searchField = userLdapAttrib.get(userID.getClass()); if (searchField == null) Loading Loading @@ -362,7 +377,8 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO } User<T> user = new User<T>(userID); user.getIdentities().add(new HttpPrincipal(searchResult .getAttributeValue(userLdapAttrib.get(HttpPrincipal.class)))); .getAttributeValue(userLdapAttrib .get(HttpPrincipal.class)))); String fname = searchResult.getAttributeValue(LDAP_FIRST_NAME); String lname = searchResult.getAttributeValue(LDAP_LAST_NAME); Loading @@ -371,16 +387,19 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO personaDetails.city = searchResult.getAttributeValue(LDAP_CITY); personaDetails.country = searchResult.getAttributeValue(LDAP_COUNTRY); personaDetails.email = searchResult.getAttributeValue(LDAP_EMAIL); personaDetails.institute = searchResult.getAttributeValue(LDAP_INSTITUTE); personaDetails.institute = searchResult .getAttributeValue(LDAP_INSTITUTE); user.details.add(personaDetails); Long uid = searchResult.getAttributeValueAsLong(LDAP_UID_NUMBER); Long gid = searchResult.getAttributeValueAsLong(LDAP_GID_NUMBER); String homeDirectory = searchResult.getAttributeValue(LDAP_HOME_DIRECTORY); String homeDirectory = searchResult .getAttributeValue(LDAP_HOME_DIRECTORY); if (uid != null && gid != null && homeDirectory != null) { PosixDetails posixDetails = new PosixDetails(uid, gid, homeDirectory); posixDetails.loginShell = searchResult.getAttributeValue(LDAP_LOGIN_SHELL); posixDetails.loginShell = searchResult .getAttributeValue(LDAP_LOGIN_SHELL); user.details.add(posixDetails); } Loading @@ -402,7 +421,6 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO * Get all group names. * * @return A collection of strings * * @throws TransientException If an temporary, unexpected problem occurred. */ public Collection<String> getUserNames() Loading @@ -411,7 +429,8 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO try { Filter filter = Filter.createPresenceFilter(LDAP_COMMON_NAME); String [] attributes = new String[] {LDAP_COMMON_NAME, LDAP_NSACCOUNTLOCK}; String[] attributes = new String[]{LDAP_COMMON_NAME, LDAP_NSACCOUNTLOCK}; SearchRequest searchRequest = new SearchRequest(config.getGroupsDN(), Loading Loading @@ -447,7 +466,8 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO { logger.debug("getGroupNames Exception: " + e1, e1); LdapDAO.checkLdapResult(e1.getResultCode()); throw new IllegalStateException("Unexpected exception: " + e1.getMatchedDN(), e1); throw new IllegalStateException("Unexpected exception: " + e1 .getMatchedDN(), e1); } } Loading @@ -455,9 +475,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO * Updated the user specified by User. * * @param user * * @return User instance. * * @throws UserNotFoundException when the user is not found. * @throws TransientException If an temporary, unexpected problem occurred. * @throws AccessControlException If the operation is not permitted. Loading @@ -473,7 +491,6 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO * Delete the user specified by userID. * * @param userID The userID. * * @throws UserNotFoundException when the user is not found. * @throws TransientException If an temporary, unexpected problem occurred. * @throws AccessControlException If the operation is not permitted. Loading Loading @@ -539,7 +556,8 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO if (searchResult != null) { String[] members = searchResult.getAttributeValues(LDAP_MEMBEROF); String[] members = searchResult .getAttributeValues(LDAP_MEMBEROF); if (members != null) { for (String member : members) Loading Loading @@ -674,7 +692,8 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO { X500Principal orderedPrincipal = AuthenticationUtil.getOrderedForm( (X500Principal) user.getUserID()); searchField = "(" + searchField + "=" + orderedPrincipal.toString() + ")"; searchField = "(" + searchField + "=" + orderedPrincipal .toString() + ")"; } else { Loading Loading @@ -730,7 +749,8 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO { try { return new DN(LDAP_UID + "=" + userID + "," + config.getUserRequestsDN()); return new DN(LDAP_UID + "=" + userID + "," + config .getUserRequestsDN()); } catch (LDAPException e) { Loading @@ -748,4 +768,25 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO } } /** * Checks the Ldap result code, and if the result is not SUCCESS, * throws an appropriate exception. This is the place to decide on * mapping between ldap errors and exception types * * @param code The code returned from an LDAP request. * @throws TransientException * @throws UserAlreadyExistsException */ protected static void checkUserLDAPResult(final ResultCode code) throws TransientException, UserAlreadyExistsException { if (code == ResultCode.ENTRY_ALREADY_EXISTS) { throw new UserAlreadyExistsException("User already exists."); } else { LdapDAO.checkLdapResult(code); } } }
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserPersistence.java +4 −1 Original line number Diff line number Diff line Loading @@ -69,6 +69,7 @@ package ca.nrc.cadc.ac.server.ldap; import ca.nrc.cadc.ac.User; import ca.nrc.cadc.ac.UserAlreadyExistsException; import ca.nrc.cadc.ac.UserNotFoundException; import ca.nrc.cadc.ac.UserRequest; import ca.nrc.cadc.ac.server.UserPersistence; Loading Loading @@ -127,8 +128,10 @@ public class LdapUserPersistence<T extends Principal> * @throws TransientException If an temporary, unexpected problem occurred. * @throws AccessControlException If the operation is not permitted. */ @Override public User<T> addUser(UserRequest<T> user) throws TransientException, AccessControlException throws TransientException, AccessControlException, UserAlreadyExistsException { LdapUserDAO<T> userDAO = null; try Loading
