issue-11 - allow users with only one type of identity

sourceCompatibility = 1.7

sourceCompatibility = 1.7

group = 'org.opencadc'

group = 'org.opencadc'

version = '1.0.1'

version = '1.0.2'

dependencies {

dependencies {

    compile 'log4j:log4j:1.2.+'

    compile 'log4j:log4j:1.2.+'

import java.net.URL;

import java.net.URL;

import javax.security.auth.Subject;

import javax.security.auth.Subject;

import javax.security.auth.x500.X500Principal;

import org.apache.log4j.Logger;

import org.apache.log4j.Logger;

            identityManager.augmentSubject(subject);

            identityManager.augmentSubject(subject);

            prof.checkpoint("AuthenticatorImpl.augmentSubject()");

            prof.checkpoint("AuthenticatorImpl.augmentSubject()");

            if (subject.getPrincipals(HttpPrincipal.class).isEmpty()) // no matching cadc account

            if (subject.getPrincipals(NumericPrincipal.class).isEmpty()) // no matching internal account

            {

                // check to see if they connected with an client certificate at least

                // they should be able to use services with only a client certificate

                if (subject.getPrincipals(X500Principal.class).isEmpty())

            {

            {

                // if the caller had an invalid or forged CADC_SSO cookie, we could get

                // if the caller had an invalid or forged CADC_SSO cookie, we could get

                // in here and then not match any known identity: drop to anon

                // in here and then not match any known identity: drop to anon

                    log.debug("HttpPrincipal not found - dropping to anon: " + subject);

                log.debug("NumericPrincipal not found - dropping to anon: " + subject);

                subject = AuthenticationUtil.getAnonSubject();

                subject = AuthenticationUtil.getAnonSubject();

            }

            }

        }

        }

        }

        return subject;

        return subject;

    }

    }

sourceCompatibility = 1.7

sourceCompatibility = 1.7

group = 'org.opencadc'

group = 'org.opencadc'

version = '1.0.1'

version = '1.0.2'

dependencies {

dependencies {

    compile 'log4j:log4j:1.2.+'

    compile 'log4j:log4j:1.2.+'

package ca.nrc.cadc.auth;

package ca.nrc.cadc.auth;

import javax.security.auth.Subject;

import org.apache.log4j.Logger;

import ca.nrc.cadc.ac.Group;

import ca.nrc.cadc.ac.Group;

import ca.nrc.cadc.ac.Role;

import ca.nrc.cadc.ac.Role;

import ca.nrc.cadc.ac.User;

import ca.nrc.cadc.ac.User;

import ca.nrc.cadc.ac.server.PluginFactory;

import ca.nrc.cadc.ac.server.PluginFactory;

import ca.nrc.cadc.ac.server.UserPersistence;

import ca.nrc.cadc.ac.server.UserPersistence;

import ca.nrc.cadc.profiler.Profiler;

import ca.nrc.cadc.profiler.Profiler;

import org.apache.log4j.Logger;

import javax.security.auth.Subject;

import java.security.Principal;

/**

/**

 * Implementation of default Authenticator for AuthenticationUtil in cadcUtil.

 * Implementation of default Authenticator for AuthenticationUtil in cadcUtil.

            // if the caller had an invalid or forged CADC_SSO cookie, we could get

            // if the caller had an invalid or forged CADC_SSO cookie, we could get

            // in here and then not match any known identity: drop to anon

            // in here and then not match any known identity: drop to anon

            if ( subject.getPrincipals(HttpPrincipal.class).isEmpty() ) // no matching cadc account

            if ( subject.getPrincipals(NumericPrincipal.class).isEmpty() ) // no matching internal account

            {

            {

                log.debug("HttpPrincipal not found - dropping to anon: " + subject);

                log.debug("NumericPrincipal not found - dropping to anon: " + subject);

                subject = AuthenticationUtil.getAnonSubject();

                subject = AuthenticationUtil.getAnonSubject();

            }

            }

        }

        }