Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
OATS-CADC
ac
Commits
f5aff687
Commit
f5aff687
authored
Sep 29, 2016
by
Brian Major
Browse files
issue-11 - allow users with only one type of identity
parent
139f08d0
Changes
4
Hide whitespace changes
Inline
Side-by-side
cadc-access-control-identity/build.gradle
View file @
f5aff687
...
...
@@ -13,7 +13,7 @@ repositories {
sourceCompatibility
=
1.7
group
=
'org.opencadc'
version
=
'1.0.
1
'
version
=
'1.0.
2
'
dependencies
{
compile
'log4j:log4j:1.2.+'
...
...
cadc-access-control-identity/src/main/java/ca/nrc/cadc/auth/AuthenticatorImpl.java
View file @
f5aff687
...
...
@@ -4,7 +4,6 @@ import java.net.URI;
import
java.net.URL
;
import
javax.security.auth.Subject
;
import
javax.security.auth.x500.X500Principal
;
import
org.apache.log4j.Logger
;
...
...
@@ -50,17 +49,12 @@ public class AuthenticatorImpl implements Authenticator
identityManager
.
augmentSubject
(
subject
);
prof
.
checkpoint
(
"AuthenticatorImpl.augmentSubject()"
);
if
(
subject
.
getPrincipals
(
Http
Principal
.
class
).
isEmpty
())
// no matching
cadc
account
if
(
subject
.
getPrincipals
(
Numeric
Principal
.
class
).
isEmpty
())
// no matching
internal
account
{
// check to see if they connected with an client certificate at least
// they should be able to use services with only a client certificate
if
(
subject
.
getPrincipals
(
X500Principal
.
class
).
isEmpty
())
{
// if the caller had an invalid or forged CADC_SSO cookie, we could get
// in here and then not match any known identity: drop to anon
log
.
debug
(
"HttpPrincipal not found - dropping to anon: "
+
subject
);
subject
=
AuthenticationUtil
.
getAnonSubject
();
}
// if the caller had an invalid or forged CADC_SSO cookie, we could get
// in here and then not match any known identity: drop to anon
log
.
debug
(
"NumericPrincipal not found - dropping to anon: "
+
subject
);
subject
=
AuthenticationUtil
.
getAnonSubject
();
}
}
...
...
cadc-access-control-server/build.gradle
View file @
f5aff687
...
...
@@ -13,7 +13,7 @@ repositories {
sourceCompatibility
=
1.7
group
=
'org.opencadc'
version
=
'1.0.
1
'
version
=
'1.0.
2
'
dependencies
{
compile
'log4j:log4j:1.2.+'
...
...
cadc-access-control-server/src/main/java/ca/nrc/cadc/auth/AuthenticatorImpl.java
View file @
f5aff687
...
...
@@ -69,6 +69,10 @@
package
ca.nrc.cadc.auth
;
import
javax.security.auth.Subject
;
import
org.apache.log4j.Logger
;
import
ca.nrc.cadc.ac.Group
;
import
ca.nrc.cadc.ac.Role
;
import
ca.nrc.cadc.ac.User
;
...
...
@@ -77,11 +81,6 @@ import ca.nrc.cadc.ac.client.GroupMemberships;
import
ca.nrc.cadc.ac.server.PluginFactory
;
import
ca.nrc.cadc.ac.server.UserPersistence
;
import
ca.nrc.cadc.profiler.Profiler
;
import
org.apache.log4j.Logger
;
import
javax.security.auth.Subject
;
import
java.security.Principal
;
/**
* Implementation of default Authenticator for AuthenticationUtil in cadcUtil.
...
...
@@ -119,9 +118,9 @@ public class AuthenticatorImpl implements Authenticator
// if the caller had an invalid or forged CADC_SSO cookie, we could get
// in here and then not match any known identity: drop to anon
if
(
subject
.
getPrincipals
(
Http
Principal
.
class
).
isEmpty
()
)
// no matching
cadc
account
if
(
subject
.
getPrincipals
(
Numeric
Principal
.
class
).
isEmpty
()
)
// no matching
internal
account
{
log
.
debug
(
"
Http
Principal not found - dropping to anon: "
+
subject
);
log
.
debug
(
"
Numeric
Principal not found - dropping to anon: "
+
subject
);
subject
=
AuthenticationUtil
.
getAnonSubject
();
}
}
...
...
@@ -162,7 +161,7 @@ public class AuthenticatorImpl implements Authenticator
catch
(
Exception
bug
)
{
throw
new
RuntimeException
(
"BUG: found User.appData but could not store in Subject as GroupMemberships cache"
,
bug
);
}
}
user
.
appData
=
null
;
// avoid loop that prevents GC???
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment