Commit f6757bd1 authored by bmajor's avatar bmajor Committed by GitHub
Browse files

Merge pull request #12 from brianmajor/issue-11

issue-11 - allow users with only one type of identity
parents 139f08d0 f5aff687
......@@ -13,7 +13,7 @@ repositories {
sourceCompatibility = 1.7
group = 'org.opencadc'
version = '1.0.1'
version = '1.0.2'
dependencies {
compile 'log4j:log4j:1.2.+'
......
......@@ -4,7 +4,6 @@ import java.net.URI;
import java.net.URL;
import javax.security.auth.Subject;
import javax.security.auth.x500.X500Principal;
import org.apache.log4j.Logger;
......@@ -50,17 +49,12 @@ public class AuthenticatorImpl implements Authenticator
identityManager.augmentSubject(subject);
prof.checkpoint("AuthenticatorImpl.augmentSubject()");
if (subject.getPrincipals(HttpPrincipal.class).isEmpty()) // no matching cadc account
if (subject.getPrincipals(NumericPrincipal.class).isEmpty()) // no matching internal account
{
// check to see if they connected with an client certificate at least
// they should be able to use services with only a client certificate
if (subject.getPrincipals(X500Principal.class).isEmpty())
{
// if the caller had an invalid or forged CADC_SSO cookie, we could get
// in here and then not match any known identity: drop to anon
log.debug("HttpPrincipal not found - dropping to anon: " + subject);
subject = AuthenticationUtil.getAnonSubject();
}
// if the caller had an invalid or forged CADC_SSO cookie, we could get
// in here and then not match any known identity: drop to anon
log.debug("NumericPrincipal not found - dropping to anon: " + subject);
subject = AuthenticationUtil.getAnonSubject();
}
}
......
......@@ -13,7 +13,7 @@ repositories {
sourceCompatibility = 1.7
group = 'org.opencadc'
version = '1.0.1'
version = '1.0.2'
dependencies {
compile 'log4j:log4j:1.2.+'
......
......@@ -69,6 +69,10 @@
package ca.nrc.cadc.auth;
import javax.security.auth.Subject;
import org.apache.log4j.Logger;
import ca.nrc.cadc.ac.Group;
import ca.nrc.cadc.ac.Role;
import ca.nrc.cadc.ac.User;
......@@ -77,11 +81,6 @@ import ca.nrc.cadc.ac.client.GroupMemberships;
import ca.nrc.cadc.ac.server.PluginFactory;
import ca.nrc.cadc.ac.server.UserPersistence;
import ca.nrc.cadc.profiler.Profiler;
import org.apache.log4j.Logger;
import javax.security.auth.Subject;
import java.security.Principal;
/**
* Implementation of default Authenticator for AuthenticationUtil in cadcUtil.
......@@ -119,9 +118,9 @@ public class AuthenticatorImpl implements Authenticator
// if the caller had an invalid or forged CADC_SSO cookie, we could get
// in here and then not match any known identity: drop to anon
if ( subject.getPrincipals(HttpPrincipal.class).isEmpty() ) // no matching cadc account
if ( subject.getPrincipals(NumericPrincipal.class).isEmpty() ) // no matching internal account
{
log.debug("HttpPrincipal not found - dropping to anon: " + subject);
log.debug("NumericPrincipal not found - dropping to anon: " + subject);
subject = AuthenticationUtil.getAnonSubject();
}
}
......@@ -162,7 +161,7 @@ public class AuthenticatorImpl implements Authenticator
catch(Exception bug)
{
throw new RuntimeException("BUG: found User.appData but could not store in Subject as GroupMemberships cache", bug);
}
}
user.appData = null; // avoid loop that prevents GC???
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment