From 030a4b6830e6495b5e5d1f57fa71a3b64a7ca21e Mon Sep 17 00:00:00 2001
From: Jeff Burke <Jeff.Burke@nrc-cnrc.gc.ca>
Date: Fri, 12 Sep 2014 09:13:51 -0700
Subject: [PATCH] 1651: updated RequestValidator for parameter name change, add
exceptions to membership queries in GMSClient
---
.../nrc/cadc/ac/server/RequestValidator.java | 54 +++++++-------
.../cadc/ac/server/web/ACSearchRunner.java | 70 ++++++++++---------
.../src/ca/nrc/cadc/ac/client/GMSClient.java | 18 +++--
3 files changed, 73 insertions(+), 69 deletions(-)
diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/RequestValidator.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/RequestValidator.java
index cf031482..34ac1751 100644
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/RequestValidator.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/RequestValidator.java
@@ -84,19 +84,19 @@ public class RequestValidator
{
private static final Logger log = Logger.getLogger(RequestValidator.class);
- private String id;
- private IdentityType type;
+ private String userID;
+ private IdentityType idType;
private Role role;
- private String guri;
+ private String groupID;
public RequestValidator() { }
private void clear()
{
- this.id = null;
- this.type = null;
+ this.userID = null;
+ this.idType = null;
this.role = null;
- this.guri = null;
+ this.groupID = null;
}
public void validate(List<Parameter> paramList)
@@ -108,27 +108,27 @@ public class RequestValidator
"Missing required parameters: ID and TYPE");
}
- // ID
+ // ID
String param = ParameterUtil.findParameterValue("ID", paramList);
if (param == null || param.trim().isEmpty())
{
throw new IllegalArgumentException(
"ID parameter required but not found");
}
- this.id = param.trim();
- log.debug("ID: " + id);
+ this.userID = param.trim();
+ log.debug("ID: " + userID);
- // TYPE
+ // TYPE
param = ParameterUtil.findParameterValue("TYPE", paramList);
if (param == null || param.trim().isEmpty())
{
throw new IllegalArgumentException(
"TYPE parameter required but not found");
}
- this.type = IdentityType.toValue(param);
- log.debug("TYPE: " + type);
+ this.idType = IdentityType.toValue(param);
+ log.debug("TYPE: " + idType);
- // ROLE
+ // ROLE
param = ParameterUtil.findParameterValue("ROLE", paramList);
if (param == null || param.trim().isEmpty())
{
@@ -138,32 +138,26 @@ public class RequestValidator
this.role = Role.toValue(param);
log.debug("ROLE: " + role);
- // GURI
- param = ParameterUtil.findParameterValue("GURI", paramList);
+ // GROUPID
+ param = ParameterUtil.findParameterValue("GROUPID", paramList);
if (param != null)
{
if (param.isEmpty())
throw new IllegalArgumentException(
- "GURI parameter specified without a value");
- this.guri = param.trim();
- }
- log.debug("GURI: " + guri);
-
- if (role != null && guri != null)
- {
- throw new IllegalArgumentException(
- "ROLE and GURI cannot be used in the same search");
+ "GROUPID parameter specified without a value");
+ this.groupID = param.trim();
}
+ log.debug("GROUPID: " + groupID);
}
- public String getId()
+ public String getUserID()
{
- return id;
+ return userID;
}
- public IdentityType getType()
+ public IdentityType getIDType()
{
- return type;
+ return idType;
}
public Role getRole()
@@ -171,9 +165,9 @@ public class RequestValidator
return role;
}
- public String getGUri()
+ public String getGroupID()
{
- return guri;
+ return groupID;
}
}
diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/ACSearchRunner.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/ACSearchRunner.java
index 9fac6d11..0ee2887b 100755
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/ACSearchRunner.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/ACSearchRunner.java
@@ -77,6 +77,7 @@ import ca.nrc.cadc.ac.server.GroupPersistence;
import ca.nrc.cadc.ac.server.PluginFactory;
import ca.nrc.cadc.ac.server.RequestValidator;
import ca.nrc.cadc.ac.server.UserPersistence;
+import ca.nrc.cadc.auth.AuthenticationUtil;
import ca.nrc.cadc.auth.HttpPrincipal;
import ca.nrc.cadc.auth.NumericPrincipal;
import ca.nrc.cadc.auth.OpenIdPrincipal;
@@ -167,13 +168,14 @@ public class ACSearchRunner
RequestValidator rv = new RequestValidator();
rv.validate(job.getParameterList());
-
- Principal userID = getUserPrincipal(rv.getId(), rv.getType());
+
+ Principal userID = AuthenticationUtil.createPrincipal(rv.getUserID(), rv.getIDType().getValue());
+ //Principal userID = getUserPrincipal(rv.getId(), rv.getType());
PluginFactory factory = new PluginFactory();
GroupPersistence dao = factory.getGroupPersistence();
Collection<Group> groups =
- dao.searchGroups(userID, rv.getRole(), rv.getGUri());
+ dao.searchGroups(userID, rv.getRole(), rv.getGroupID());
syncOut.setResponseCode(HttpServletResponse.SC_OK);
GroupsWriter.write(groups, syncOut.getOutputStream());
@@ -288,36 +290,36 @@ public class ACSearchRunner
}
}
- private Principal getUserPrincipal(String userID, IdentityType type)
- {
- if (type == IdentityType.OPENID)
- {
- return new OpenIdPrincipal(userID);
- }
- if (type == IdentityType.UID)
- {
- try
- {
- Long numericId = Long.valueOf(userID);
- return new NumericPrincipal(numericId);
- }
- catch (NumberFormatException e)
- {
- throw new IllegalArgumentException("Illegal UID userID " +
- userID + " because " +
- e.getMessage());
- }
- }
- if (type == IdentityType.USERNAME)
- {
- return new HttpPrincipal(userID);
- }
- if (type == IdentityType.X500)
- {
- return new X500Principal(userID);
- }
- throw new IllegalArgumentException("Unknown user type " +
- type.getValue());
- }
+// private Principal getUserPrincipal(String userID, IdentityType type)
+// {
+// if (type == IdentityType.OPENID)
+// {
+// return new OpenIdPrincipal(userID);
+// }
+// if (type == IdentityType.UID)
+// {
+// try
+// {
+// Long numericId = Long.valueOf(userID);
+// return new NumericPrincipal(numericId);
+// }
+// catch (NumberFormatException e)
+// {
+// throw new IllegalArgumentException("Illegal UID userID " +
+// userID + " because " +
+// e.getMessage());
+// }
+// }
+// if (type == IdentityType.USERNAME)
+// {
+// return new HttpPrincipal(userID);
+// }
+// if (type == IdentityType.X500)
+// {
+// return new X500Principal(userID);
+// }
+// throw new IllegalArgumentException("Unknown user type " +
+// type.getValue());
+// }
}
diff --git a/projects/cadcAccessControl/src/ca/nrc/cadc/ac/client/GMSClient.java b/projects/cadcAccessControl/src/ca/nrc/cadc/ac/client/GMSClient.java
index 666d6bfb..b4be259a 100755
--- a/projects/cadcAccessControl/src/ca/nrc/cadc/ac/client/GMSClient.java
+++ b/projects/cadcAccessControl/src/ca/nrc/cadc/ac/client/GMSClient.java
@@ -655,7 +655,7 @@ public class GMSClient
}
public List<Group> getMemberships(Principal userID, Role role)
- throws IOException
+ throws UserNotFoundException, AccessControlException, IOException
{
if (userID == null || role == null)
{
@@ -692,6 +692,10 @@ public class GMSClient
{
throw new AccessControlException(error.getMessage());
}
+ if (transfer.getResponseCode() == 404)
+ {
+ throw new UserNotFoundException(error.getMessage());
+ }
if (transfer.getResponseCode() == 400)
{
throw new IllegalArgumentException(error.getMessage());
@@ -713,13 +717,13 @@ public class GMSClient
}
public Group getMembership(Principal userID, String groupName)
- throws IOException
+ throws UserNotFoundException, AccessControlException, IOException
{
return getMembership(userID, groupName, Role.MEMBER);
}
public Group getMembership(Principal userID, String groupName, Role role)
- throws IOException
+ throws UserNotFoundException, AccessControlException, IOException
{
if (userID == null || groupName == null || role == null)
{
@@ -757,6 +761,10 @@ public class GMSClient
{
throw new AccessControlException(error.getMessage());
}
+ if (transfer.getResponseCode() == 404)
+ {
+ throw new UserNotFoundException(error.getMessage());
+ }
if (transfer.getResponseCode() == 400)
{
throw new IllegalArgumentException(error.getMessage());
@@ -788,13 +796,13 @@ public class GMSClient
}
public boolean isMember(Principal userID, String groupName)
- throws IOException
+ throws UserNotFoundException, AccessControlException, IOException
{
return isMember(userID, groupName, Role.MEMBER);
}
public boolean isMember(Principal userID, String groupName, Role role)
- throws IOException
+ throws UserNotFoundException, AccessControlException, IOException
{
Group group = getMembership(userID, groupName, role);
return group != null;
--
GitLab