Commit f6757bd1 authored by bmajor's avatar bmajor Committed by GitHub
Browse files

Merge pull request #12 from brianmajor/issue-11

issue-11 - allow users with only one type of identity
parents 139f08d0 f5aff687
...@@ -13,7 +13,7 @@ repositories { ...@@ -13,7 +13,7 @@ repositories {
sourceCompatibility = 1.7 sourceCompatibility = 1.7
group = 'org.opencadc' group = 'org.opencadc'
version = '1.0.1' version = '1.0.2'
dependencies { dependencies {
compile 'log4j:log4j:1.2.+' compile 'log4j:log4j:1.2.+'
......
...@@ -4,7 +4,6 @@ import java.net.URI; ...@@ -4,7 +4,6 @@ import java.net.URI;
import java.net.URL; import java.net.URL;
import javax.security.auth.Subject; import javax.security.auth.Subject;
import javax.security.auth.x500.X500Principal;
import org.apache.log4j.Logger; import org.apache.log4j.Logger;
...@@ -50,17 +49,12 @@ public class AuthenticatorImpl implements Authenticator ...@@ -50,17 +49,12 @@ public class AuthenticatorImpl implements Authenticator
identityManager.augmentSubject(subject); identityManager.augmentSubject(subject);
prof.checkpoint("AuthenticatorImpl.augmentSubject()"); prof.checkpoint("AuthenticatorImpl.augmentSubject()");
if (subject.getPrincipals(HttpPrincipal.class).isEmpty()) // no matching cadc account if (subject.getPrincipals(NumericPrincipal.class).isEmpty()) // no matching internal account
{ {
// check to see if they connected with an client certificate at least // if the caller had an invalid or forged CADC_SSO cookie, we could get
// they should be able to use services with only a client certificate // in here and then not match any known identity: drop to anon
if (subject.getPrincipals(X500Principal.class).isEmpty()) log.debug("NumericPrincipal not found - dropping to anon: " + subject);
{ subject = AuthenticationUtil.getAnonSubject();
// if the caller had an invalid or forged CADC_SSO cookie, we could get
// in here and then not match any known identity: drop to anon
log.debug("HttpPrincipal not found - dropping to anon: " + subject);
subject = AuthenticationUtil.getAnonSubject();
}
} }
} }
......
...@@ -13,7 +13,7 @@ repositories { ...@@ -13,7 +13,7 @@ repositories {
sourceCompatibility = 1.7 sourceCompatibility = 1.7
group = 'org.opencadc' group = 'org.opencadc'
version = '1.0.1' version = '1.0.2'
dependencies { dependencies {
compile 'log4j:log4j:1.2.+' compile 'log4j:log4j:1.2.+'
......
...@@ -69,6 +69,10 @@ ...@@ -69,6 +69,10 @@
package ca.nrc.cadc.auth; package ca.nrc.cadc.auth;
import javax.security.auth.Subject;
import org.apache.log4j.Logger;
import ca.nrc.cadc.ac.Group; import ca.nrc.cadc.ac.Group;
import ca.nrc.cadc.ac.Role; import ca.nrc.cadc.ac.Role;
import ca.nrc.cadc.ac.User; import ca.nrc.cadc.ac.User;
...@@ -77,11 +81,6 @@ import ca.nrc.cadc.ac.client.GroupMemberships; ...@@ -77,11 +81,6 @@ import ca.nrc.cadc.ac.client.GroupMemberships;
import ca.nrc.cadc.ac.server.PluginFactory; import ca.nrc.cadc.ac.server.PluginFactory;
import ca.nrc.cadc.ac.server.UserPersistence; import ca.nrc.cadc.ac.server.UserPersistence;
import ca.nrc.cadc.profiler.Profiler; import ca.nrc.cadc.profiler.Profiler;
import org.apache.log4j.Logger;
import javax.security.auth.Subject;
import java.security.Principal;
/** /**
* Implementation of default Authenticator for AuthenticationUtil in cadcUtil. * Implementation of default Authenticator for AuthenticationUtil in cadcUtil.
...@@ -119,9 +118,9 @@ public class AuthenticatorImpl implements Authenticator ...@@ -119,9 +118,9 @@ public class AuthenticatorImpl implements Authenticator
// if the caller had an invalid or forged CADC_SSO cookie, we could get // if the caller had an invalid or forged CADC_SSO cookie, we could get
// in here and then not match any known identity: drop to anon // in here and then not match any known identity: drop to anon
if ( subject.getPrincipals(HttpPrincipal.class).isEmpty() ) // no matching cadc account if ( subject.getPrincipals(NumericPrincipal.class).isEmpty() ) // no matching internal account
{ {
log.debug("HttpPrincipal not found - dropping to anon: " + subject); log.debug("NumericPrincipal not found - dropping to anon: " + subject);
subject = AuthenticationUtil.getAnonSubject(); subject = AuthenticationUtil.getAnonSubject();
} }
} }
...@@ -162,7 +161,7 @@ public class AuthenticatorImpl implements Authenticator ...@@ -162,7 +161,7 @@ public class AuthenticatorImpl implements Authenticator
catch(Exception bug) catch(Exception bug)
{ {
throw new RuntimeException("BUG: found User.appData but could not store in Subject as GroupMemberships cache", bug); throw new RuntimeException("BUG: found User.appData but could not store in Subject as GroupMemberships cache", bug);
} }
} }
user.appData = null; // avoid loop that prevents GC??? user.appData = null; // avoid loop that prevents GC???
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment