Skip to content
Snippets Groups Projects
Commit 0945f3d9 authored by Brian Major's avatar Brian Major
Browse files

Merge branch 's1651' of /usr/cadc/dev/git/wopencadc into s1651

parents 3310dfa1 79dc8a3a
Branches
Tags
No related merge requests found
Expand all Show whitespace changes
Inline Side-by-side
Showing
with 818 additions and 646 deletions
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapConfig.java
+ 28
12
View file @ 0945f3d9
......@@ -86,9 +86,11 @@ public class LdapConfig
public static final String LDAP_PASSWD = "passwd";
public static final String LDAP_USERS_DN = "usersDn";
public static final String LDAP_GROUPS_DN = "groupsDn";
public static final String LDAP_ADMIN_GROUPS_DN = "adminGroupsDn";
private String usersDN;
private String groupsDN;
private String adminGroupsDN;
private String server;
private int port;
private String adminUserDN;
......@@ -157,17 +159,25 @@ public class LdapConfig
LDAP_GROUPS_DN);
}
String ldapAdminGroupsDn = config.getProperty(LDAP_ADMIN_GROUPS_DN);
if (!StringUtil.hasText(ldapAdminGroupsDn))
{
throw new RuntimeException("failed to read property " +
LDAP_ADMIN_GROUPS_DN);
}
return new LdapConfig(server, Integer.valueOf(port), ldapAdmin,
ldapPasswd, ldapUsersDn, ldapGroupsDn);
ldapPasswd, ldapUsersDn, ldapGroupsDn,
ldapAdminGroupsDn);
}
public LdapConfig(String server, int port, String adminUserDN,
String adminPasswd, String usersDN, String groupsDN)
String adminPasswd, String usersDN, String groupsDN,
String adminGroupsDN)
{
if (!StringUtil.hasText(server))
{
throw new IllegalArgumentException("Illegal LDAP server name: " +
server);
throw new IllegalArgumentException("Illegal LDAP server name");
}
if (port < 0)
{
......@@ -176,23 +186,23 @@ public class LdapConfig
}
if (!StringUtil.hasText(adminUserDN))
{
throw new IllegalArgumentException("Illegal Admin DN: " +
adminUserDN);
throw new IllegalArgumentException("Illegal Admin DN");
}
if (!StringUtil.hasText(adminPasswd))
{
throw new IllegalArgumentException("Illegal Admin password: " +
adminPasswd);
throw new IllegalArgumentException("Illegal Admin password");
}
if (!StringUtil.hasText(usersDN))
{
throw new IllegalArgumentException("Illegal users LDAP DN: " +
usersDN);
throw new IllegalArgumentException("Illegal users LDAP DN");
}
if (!StringUtil.hasText(groupsDN))
{
throw new IllegalArgumentException("Illegal groups LDAP DN: " +
groupsDN);
throw new IllegalArgumentException("Illegal groups LDAP DN");
}
if (!StringUtil.hasText(adminGroupsDN))
{
throw new IllegalArgumentException("Illegal admin groups LDAP DN");
}
this.server = server;
......@@ -201,6 +211,7 @@ public class LdapConfig
this.adminPasswd = adminPasswd;
this.usersDN = usersDN;
this.groupsDN = groupsDN;
this.adminGroupsDN = adminGroupsDN;
}
public String getUsersDN()
......@@ -213,6 +224,11 @@ public class LdapConfig
return this.groupsDN;
}
public String getAdminGroupsDN()
{
return this.adminGroupsDN;
}
public String getServer()
{
return this.server;
......
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java
+ 71
62
View file @ 0945f3d9
......@@ -68,12 +68,25 @@
*/
package ca.nrc.cadc.ac.server.ldap;
import java.security.AccessControlException;
import java.security.Principal;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import javax.security.auth.x500.X500Principal;
import org.apache.log4j.Logger;
import ca.nrc.cadc.ac.Group;
import ca.nrc.cadc.ac.PersonalDetails;
import ca.nrc.cadc.ac.User;
import ca.nrc.cadc.ac.UserNotFoundException;
import ca.nrc.cadc.auth.HttpPrincipal;
import ca.nrc.cadc.auth.NumericPrincipal;
import ca.nrc.cadc.net.TransientException;
import com.unboundid.ldap.sdk.CompareRequest;
import com.unboundid.ldap.sdk.CompareResult;
import com.unboundid.ldap.sdk.DN;
......@@ -82,30 +95,39 @@ import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.SearchRequest;
import com.unboundid.ldap.sdk.SearchResultEntry;
import com.unboundid.ldap.sdk.SearchScope;
import com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV1RequestControl;
import com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV2RequestControl;
import java.security.AccessControlException;
import java.security.Principal;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import javax.security.auth.x500.X500Principal;
import org.apache.log4j.Logger;
public class LdapUserDAO<T extends Principal> extends LdapDAO
{
private static final Logger logger = Logger.getLogger(LdapUserDAO.class);
// Map of identity type to LDAP attribute
private Map<Class<?>, String> attribType = new HashMap<Class<?>, String>();
private Map<Class<?>, String> userLdapAttrib = new HashMap<Class<?>, String>();
// User attributes returned to the GMS
private static final String LDAP_FNAME = "givenname";
private static final String LDAP_LNAME = "sn";
//TODO to add the rest
private String[] userAttribs = new String[]{LDAP_FNAME, LDAP_LNAME};
private String[] memberAttribs = new String[]{LDAP_FNAME, LDAP_LNAME};
public LdapUserDAO(LdapConfig config)
{
super(config);
this.attribType.put(HttpPrincipal.class, "cn");
this.attribType.put(X500Principal.class, "distinguishedname");
this.attribType.put(NumericPrincipal.class, "entryid");
this.userLdapAttrib.put(HttpPrincipal.class, "uid");
this.userLdapAttrib.put(X500Principal.class, "distinguishedname");
// add the id attributes to user and member attributes
String[] princs = userLdapAttrib.values().toArray(new String[userLdapAttrib.values().size()]);
String[] tmp = new String[userAttribs.length + princs.length];
System.arraycopy(princs, 0, tmp, 0, princs.length);
System.arraycopy(userAttribs, 0, tmp, princs.length, userAttribs.length);
userAttribs = tmp;
tmp = new String[memberAttribs.length + princs.length];
System.arraycopy(princs, 0, tmp, 0, princs.length);
System.arraycopy(memberAttribs, 0, tmp, princs.length, memberAttribs.length);
memberAttribs = tmp;
}
/**
......@@ -122,7 +144,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
public User<T> getUser(T userID)
throws UserNotFoundException, TransientException, AccessControlException
{
String searchField = (String) attribType.get(userID.getClass());
String searchField = (String) userLdapAttrib.get(userID.getClass());
if (searchField == null)
{
throw new IllegalArgumentException(
......@@ -135,8 +157,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
try
{
SearchRequest searchRequest = new SearchRequest(config.getUsersDN(),
SearchScope.SUB, searchField,
new String[] {"cn", "entryid", "entrydn", "dn"});
SearchScope.SUB, searchField, userAttribs);
searchRequest.addControl(
new ProxiedAuthorizationV2RequestControl("dn:" +
......@@ -157,12 +178,13 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
}
User<T> user = new User<T>(userID);
user.getIdentities().add(
new HttpPrincipal(searchResult.getAttributeValue("cn")));
user.getIdentities().add(
new NumericPrincipal(
searchResult.getAttributeValueAsInteger("entryid")));
new HttpPrincipal(searchResult.getAttributeValue(userLdapAttrib
.get(HttpPrincipal.class))));
String fname = searchResult.getAttributeValue(LDAP_FNAME);
String lname = searchResult.getAttributeValue(LDAP_LNAME);
user.details.add(new PersonalDetails(fname, lname));
//TODO populate user with the other returned personal or posix attributes
return user;
}
......@@ -182,14 +204,14 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
{
try
{
String searchField = (String) attribType.get(userID.getClass());
String searchField = (String) userLdapAttrib.get(userID.getClass());
if (searchField == null)
{
throw new IllegalArgumentException(
"Unsupported principal type " + userID.getClass());
}
User user = getUser(userID);
User<T> user = getUser(userID);
Filter filter = Filter.createANDFilter(
Filter.createEqualityFilter(searchField,
user.getUserID().getName()),
......@@ -256,14 +278,14 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
{
try
{
String searchField = (String) attribType.get(userID.getClass());
String searchField = (String) userLdapAttrib.get(userID.getClass());
if (searchField == null)
{
throw new IllegalArgumentException(
"Unsupported principal type " + userID.getClass());
}
User user = getUser(userID);
User<T> user = getUser(userID);
Filter filter = Filter.createANDFilter(
Filter.createEqualityFilter(searchField,
user.getUserID().getName()),
......@@ -301,14 +323,14 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
{
try
{
String searchField = (String) attribType.get(userID.getClass());
String searchField = (String) userLdapAttrib.get(userID.getClass());
if (searchField == null)
{
throw new IllegalArgumentException(
"Unsupported principal type " + userID.getClass());
}
User user = getUser(userID);
User<T> user = getUser(userID);
DN userDN = getUserDN(user);
CompareRequest compareRequest =
......@@ -333,16 +355,16 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
}
/**
* Returns a member user identified by the X500Principal only.
* Returns a member user identified by the X500Principal only. The
* returned object has the fields required by the GMS.
* Note that this method binds as a proxy user and not as the
* subject.
* @param userDN
* @param bindAsSubject - true if Ldap commands executed as subject
* (proxy authorization) or false if they are executed as the user
* in the connection.
* @return
* @throws UserNotFoundException
* @throws LDAPException
*/
User<X500Principal> getMember(DN userDN, boolean bindAsSubject)
User<X500Principal> getMember(DN userDN)
throws UserNotFoundException, LDAPException
{
Filter filter =
......@@ -351,50 +373,37 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
SearchRequest searchRequest =
new SearchRequest(this.config.getUsersDN(), SearchScope.SUB,
filter,
(String[]) this.attribType.values().toArray(
new String[this.attribType.values().size()]));
if (bindAsSubject)
{
searchRequest.addControl(
new ProxiedAuthorizationV2RequestControl("dn:" +
getSubjectDN().toNormalizedString()));
}
filter, memberAttribs);
SearchResultEntry searchResult =
getConnection().searchForEntry(searchRequest);
if (searchResult == null)
{
String msg = "User not found " + userDN;
String msg = "Member not found " + userDN;
logger.debug(msg);
throw new UserNotFoundException(msg);
}
User<X500Principal> user = new User<X500Principal>(
new X500Principal(searchResult.getAttributeValue(
(String) attribType.get(X500Principal.class))));
(String) userLdapAttrib.get(X500Principal.class))));
String princ = searchResult.getAttributeValue(
(String) userLdapAttrib.get(HttpPrincipal.class));
if (princ != null)
{
user.getIdentities().add(new HttpPrincipal(princ));
}
String fname = searchResult.getAttributeValue(LDAP_FNAME);
String lname = searchResult.getAttributeValue(LDAP_LNAME);
user.details.add(new PersonalDetails(fname, lname));
return user;
}
/**
* Returns a member user identified by the X500Principal only.
* @param userDN
* @return
* @throws UserNotFoundException
* @throws LDAPException
*/
User<X500Principal> getMember(DN userDN)
throws UserNotFoundException, LDAPException
{
return getMember(userDN, true);
}
DN getUserDN(User<? extends Principal> user)
throws LDAPException, UserNotFoundException
{
String searchField = (String) attribType.get(user.getUserID().getClass());
String searchField = (String) userLdapAttrib.get(user.getUserID().getClass());
if (searchField == null)
{
throw new IllegalArgumentException(
......@@ -408,9 +417,9 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
new SearchRequest(this.config.getUsersDN(), SearchScope.SUB,
searchField, new String[] {"entrydn"});
searchRequest.addControl(
new ProxiedAuthorizationV2RequestControl("dn:" +
getSubjectDN().toNormalizedString()));
// searchRequest.addControl(
// new ProxiedAuthorizationV2RequestControl("dn:" +
// getSubjectDN().toNormalizedString()));
SearchResultEntry searchResult =
getConnection().searchForEntry(searchRequest);
......
projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapDAOTest.java
+ 4
3
View file @ 0945f3d9
......@@ -89,10 +89,11 @@ public class LdapDAOTest
static int port = 389;
static String adminDN = "uid=webproxy,ou=WebProxy,ou=topologymanagement,o=netscaperoot";
static String adminPW = "go4it";
static String userBaseDN = "ou=Users,ou=ds,dc=canfartest,dc=net";
static String groupBaseDN = "ou=Groups,ou=ds,dc=canfartest,dc=net";
static String usersDN = "ou=Users,ou=ds,dc=canfartest,dc=net";
static String groupsDN = "ou=Groups,ou=ds,dc=canfartest,dc=net";
static String adminGroupsDN = "ou=adminGroups,ou=ds,dc=canfartest,dc=net";
LdapConfig config = new LdapConfig(server, port, adminDN, adminPW, userBaseDN, groupBaseDN);
LdapConfig config = new LdapConfig(server, port, adminDN, adminPW, usersDN, groupsDN, adminGroupsDN);
@Test
public void testLdapBindConnection() throws Exception
......
projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java
+ 8
39
View file @ 0945f3d9
......@@ -69,10 +69,11 @@ public class LdapGroupDAOTest
static int port = 389;
static String adminDN = "uid=webproxy,ou=webproxy,ou=topologymanagement,o=netscaperoot";
static String adminPW = "go4it";
static String userBaseDN = "ou=Users,ou=ds,dc=canfartest,dc=net";
static String groupBaseDN = "ou=Groups,ou=ds,dc=canfartest,dc=net";
//static String userBaseDN = "ou=Users,ou=ds,dc=canfar,dc=net";
//static String groupBaseDN = "ou=Groups,ou=ds,dc=canfar,dc=net";
static String usersDN = "ou=Users,ou=ds,dc=canfartest,dc=net";
static String groupsDN = "ou=Groups,ou=ds,dc=canfartest,dc=net";
static String adminGroupsDN = "ou=adminGroups,ou=ds,dc=canfartest,dc=net";
//static String usersDN = "ou=Users,ou=ds,dc=canfar,dc=net";
//static String groupsDN = "ou=Groups,ou=ds,dc=canfar,dc=net";
static String daoTestDN1 = "cn=cadcdaotest1,ou=cadc,o=hia,c=ca";
static String daoTestDN2 = "cn=cadcdaotest2,ou=cadc,o=hia,c=ca";
......@@ -115,7 +116,7 @@ public class LdapGroupDAOTest
anonSubject = new Subject();
anonSubject.getPrincipals().add(unknownUser.getUserID());
config = new LdapConfig(server, port, adminDN, adminPW, userBaseDN, groupBaseDN);
config = new LdapConfig(server, port, adminDN, adminPW, usersDN, groupsDN, adminGroupsDN);
}
LdapGroupDAO<X500Principal> getGroupDAO()
......@@ -158,24 +159,6 @@ public class LdapGroupDAOTest
actualGroup = getGroupDAO().modifyGroup(expectGroup);
assertGroupsEqual(expectGroup, actualGroup);
// groupRead
expectGroup.groupRead = otherGroup;
actualGroup = getGroupDAO().modifyGroup(expectGroup);
assertGroupsEqual(expectGroup, actualGroup);
expectGroup.groupRead = null;
actualGroup = getGroupDAO().modifyGroup(expectGroup);
assertGroupsEqual(expectGroup, actualGroup);
// groupWrite
expectGroup.groupWrite = otherGroup;
actualGroup = getGroupDAO().modifyGroup(expectGroup);
assertGroupsEqual(expectGroup, actualGroup);
expectGroup.groupWrite = null;
actualGroup = getGroupDAO().modifyGroup(expectGroup);
assertGroupsEqual(expectGroup, actualGroup);
// userMembers
expectGroup.getUserMembers().add(daoTestUser2);
actualGroup = getGroupDAO().modifyGroup(expectGroup);
......@@ -196,8 +179,6 @@ public class LdapGroupDAOTest
// delete the group
expectGroup.description = "Happy testing";
expectGroup.groupRead = otherGroup;
expectGroup.groupWrite = otherGroup;
expectGroup.getUserMembers().add(daoTestUser2);
expectGroup.getGroupMembers().add(otherGroup);
......@@ -398,9 +379,9 @@ public class LdapGroupDAOTest
{
getGroupDAO().addGroup(new Group("foo", unknownUser));
fail("addGroup with unknown user should throw " +
"UserNotFoundException");
"AccessControlException");
}
catch (UserNotFoundException ignore) {}
catch (AccessControlException ignore) {}
Group group = getGroupDAO().addGroup(new Group(getGroupID(),
daoTestUser1));
......@@ -476,15 +457,6 @@ public class LdapGroupDAOTest
public Object run() throws Exception
{
getGroupDAO().addGroup(new Group(groupID, daoTestUser1));
// try
// {
// getGroupDAO().modifyGroup(new Group(groupID, unknownUser));
// fail("modifyGroup with unknown user should throw " +
// "UserNotFoundException");
// }
// catch (UserNotFoundException ignore) {}
try
{
getGroupDAO().modifyGroup(new Group("foo", daoTestUser1));
......@@ -651,9 +623,6 @@ public class LdapGroupDAOTest
{
assertTrue(gr2.getUserMembers().contains(user));
}
assertEquals(gr1.groupRead, gr2.groupRead);
assertEquals(gr1.groupWrite, gr2.groupWrite);
assertEquals(gr1.groupWrite, gr2.groupWrite);
assertEquals(gr1.getProperties(), gr2.getProperties());
for (GroupProperty prop : gr1.getProperties())
{
......
projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAOTest.java
+ 118
14
View file @ 0945f3d9
......@@ -68,22 +68,33 @@
*/
package ca.nrc.cadc.ac.server.ldap;
import ca.nrc.cadc.ac.Group;
import ca.nrc.cadc.ac.User;
import ca.nrc.cadc.util.Log4jInit;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
import java.security.Principal;
import java.security.PrivilegedExceptionAction;
import java.util.Collection;
import javax.security.auth.Subject;
import javax.security.auth.x500.X500Principal;
import org.apache.log4j.Level;
import org.apache.log4j.Logger;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
import org.junit.BeforeClass;
import org.junit.Test;
import ca.nrc.cadc.ac.Group;
import ca.nrc.cadc.ac.PersonalDetails;
import ca.nrc.cadc.ac.User;
import ca.nrc.cadc.ac.UserDetails;
import ca.nrc.cadc.auth.HttpPrincipal;
import ca.nrc.cadc.auth.NumericPrincipal;
import ca.nrc.cadc.util.Log4jInit;
import com.unboundid.ldap.sdk.DN;
/**
*
* @author jburke
......@@ -96,12 +107,15 @@ public class LdapUserDAOTest
static int port = 389;
static String adminDN = "uid=webproxy,ou=Webproxy,ou=topologymanagement,o=netscaperoot";
static String adminPW = "go4it";
static String userBaseDN = "ou=Users,ou=ds,dc=canfartest,dc=net";
static String groupBaseDN = "ou=Groups,ou=ds,dc=canfartest,dc=net";
static String usersDN = "ou=Users,ou=ds,dc=canfartest,dc=net";
static String groupsDN = "ou=Groups,ou=ds,dc=canfartest,dc=net";
static String adminGroupsDN = "ou=adminGroups,ou=ds,dc=canfartest,dc=net";
// static String userBaseDN = "ou=Users,ou=ds,dc=canfar,dc=net";
// static String groupBaseDN = "ou=Groups,ou=ds,dc=canfar,dc=net";
static final String testUserDN = "cn=cadcdaotest1,ou=cadc,o=hia,c=ca";
static final String testUserX509DN = "cn=cadcdaotest1,ou=cadc,o=hia,c=ca";
static final String testUserDN = "uid=cadcdaotest1," + usersDN;
static User<X500Principal> testUser;
static LdapConfig config;
......@@ -112,9 +126,12 @@ public class LdapUserDAOTest
{
Log4jInit.setLevel("ca.nrc.cadc.ac", Level.DEBUG);
testUser = new User<X500Principal>(new X500Principal(testUserDN));
testUser = new User<X500Principal>(new X500Principal(testUserX509DN));
config = new LdapConfig(server, port, adminDN, adminPW, userBaseDN, groupBaseDN);
config = new LdapConfig(server, port, adminDN, adminPW, usersDN, groupsDN, adminGroupsDN);
testUser.details.add(new PersonalDetails("CADC", "DAOTest1"));
testUser.getIdentities().add(new HttpPrincipal("CadcDaoTest1"));
}
LdapUserDAO<X500Principal> getUserDAO()
......@@ -138,8 +155,8 @@ public class LdapUserDAOTest
{
try
{
User actual = getUserDAO().getUser(testUser.getUserID());
assertEquals(testUser, actual);
User<X500Principal> actual = getUserDAO().getUser(testUser.getUserID());
check(testUser, actual);
return null;
}
......@@ -149,6 +166,7 @@ public class LdapUserDAOTest
}
}
});
}
/**
......@@ -216,4 +234,90 @@ public class LdapUserDAOTest
});
}
/**
* Test of getMember.
*/
@Test
public void testGetMember() throws Exception
{
Subject subject = new Subject();
subject.getPrincipals().add(testUser.getUserID());
// do everything as owner
Subject.doAs(subject, new PrivilegedExceptionAction<Object>()
{
public Object run() throws Exception
{
try
{
User<X500Principal> actual = getUserDAO().getMember(new DN(testUserDN));
check(testUser, actual);
return null;
}
catch (Exception e)
{
throw new Exception("Problems", e);
}
}
});
// should also work as a different user
subject = new Subject();
subject.getPrincipals().add(new HttpPrincipal("CadcDaoTest2"));
// do everything as owner
Subject.doAs(subject, new PrivilegedExceptionAction<Object>()
{
public Object run() throws Exception
{
try
{
User<X500Principal> actual = getUserDAO().getMember(new DN(testUserDN));
check(testUser, actual);
return null;
}
catch (Exception e)
{
throw new Exception("Problems", e);
}
}
});
}
private static void check(final User<? extends Principal> user1, final User<? extends Principal> user2)
{
assertEquals(user1, user2);
assertEquals(user1.details, user2.details);
assertEquals(user1.details.size(), user2.details.size());
assertEquals(user1.getIdentities(), user2.getIdentities());
for(UserDetails d1 : user1.details)
{
assertTrue(user2.details.contains(d1));
if(d1 instanceof PersonalDetails)
{
PersonalDetails pd1 = (PersonalDetails)d1;
boolean found = false;
for(UserDetails d2 : user2.details)
{
if(d2 instanceof PersonalDetails)
{
PersonalDetails pd2 = (PersonalDetails)d2;
assertEquals(pd1, pd2); // already done in contains above but just in case
assertEquals(pd1.address, pd2.address);
assertEquals(pd1.city, pd2.city);
assertEquals(pd1.country, pd2.country);
assertEquals(pd1.email, pd2.email);
assertEquals(pd1.institute, pd2.institute);
found = true;
}
assertTrue(found);
}
}
}
}
}
projects/cadcAccessControl/src/ca/nrc/cadc/ac/ActivatedGroup.java
+ 9
10
View file @ 0945f3d9
......@@ -68,19 +68,18 @@
*/
package ca.nrc.cadc.ac;
import java.security.Principal;
public class ActivatedGroup extends Group
{
public ActivatedGroup(String groupID)
public ActivatedGroup(Group group)
{
super(groupID);
super(group.getID(), group.getOwner());
this.description = group.description;
this.properties = group.getProperties();
this.lastModified = group.lastModified;
this.getUserMembers().addAll(group.getUserMembers());
this.getGroupMembers().addAll(group.getGroupMembers());
this.getUserAdmins().addAll(group.getUserAdmins());
this.getGroupAdmins().addAll(group.getGroupAdmins());
}
public ActivatedGroup(String groupID, User<? extends Principal> owner)
{
super(groupID, owner);
}
}
projects/cadcAccessControl/src/ca/nrc/cadc/ac/Group.java
+ 24
13
View file @ 0945f3d9
......@@ -88,21 +88,14 @@ public class Group
// group's group members
private Set<Group> groupMembers = new HashSet<Group>();
public String description;
public Date lastModified;
// group's user admins
private Set<User<? extends Principal>> userAdmins = new HashSet<User<? extends Principal>>();
// Access Control properties
/**
* group that can read details of this group
* Note: this class does not enforce any access control rules
*/
public Group groupRead;
// group's group admins
private Set<Group> groupAdmins = new HashSet<Group>();
/**
* group that can read and write details of this group
* Note: this class does not enforce any access control rules
*/
public Group groupWrite;
public String description;
public Date lastModified;
/**
* Ctor.
......@@ -187,6 +180,24 @@ public class Group
return groupMembers;
}
/**
*
* @return individual user admins of this group
*/
public Set<User<? extends Principal>> getUserAdmins()
{
return userAdmins;
}
/**
*
* @return group admins of this group
*/
public Set<Group> getGroupAdmins()
{
return groupAdmins;
}
/* (non-Javadoc)
* @see java.lang.Object#hashCode()
*/
......
projects/cadcAccessControl/src/ca/nrc/cadc/ac/GroupReader.java
+ 18
19
View file @ 0945f3d9
......@@ -263,38 +263,37 @@ public class GroupReader
}
// groupRead
Element groupReadElement = groupElement.getChild("groupRead");
if (groupReadElement != null)
// userMembers
Element userMembersElement = groupElement.getChild("userMembers");
if (userMembersElement != null)
{
Element groupReadGroupElement = groupReadElement.getChild("group");
if (groupReadGroupElement != null)
List<Element> userElements = userMembersElement.getChildren("user");
for (Element userMember : userElements)
{
group.groupRead = parseGroup(groupReadGroupElement);
group.getUserMembers().add(UserReader.parseUser(userMember));
}
}
// groupWrite
Element groupWriteElement = groupElement.getChild("groupWrite");
if (groupWriteElement != null)
// groupAdmins
Element groupAdminsElement = groupElement.getChild("groupAdmins");
if (groupAdminsElement != null)
{
Element groupWriteGroupElement = groupWriteElement.getChild("group");
if (groupWriteGroupElement != null)
List<Element> groupElements = groupAdminsElement.getChildren("group");
for (Element groupMember : groupElements)
{
group.groupWrite = parseGroup(groupWriteGroupElement);
group.getGroupAdmins().add(parseGroup(groupMember));
}
}
// userMembers
Element userMembersElement = groupElement.getChild("userMembers");
if (userMembersElement != null)
// userAdmins
Element userAdminsElement = groupElement.getChild("userAdmins");
if (userAdminsElement != null)
{
List<Element> userElements = userMembersElement.getChildren("user");
List<Element> userElements = userAdminsElement.getChildren("user");
for (Element userMember : userElements)
{
group.getUserMembers().add(UserReader.parseUser(userMember));
group.getUserAdmins().add(UserReader.parseUser(userMember));
}
}
......
projects/cadcAccessControl/src/ca/nrc/cadc/ac/GroupWriter.java
+ 22
16
View file @ 0945f3d9
......@@ -213,22 +213,6 @@ public class GroupWriter
groupElement.addContent(groupMembersElement);
}
// Group groupRead.
if (group.groupRead != null)
{
Element groupReadElement = new Element("groupRead");
groupReadElement.addContent(getGroupElement(group.groupRead, false));
groupElement.addContent(groupReadElement);
}
// Group groupWrite.
if (group.groupWrite != null)
{
Element groupWriteElement = new Element("groupWrite");
groupWriteElement.addContent(getGroupElement(group.groupWrite, false));
groupElement.addContent(groupWriteElement);
}
// Group userMembers
if ((group.getUserMembers() != null) && (!group.getUserMembers().isEmpty()))
{
......@@ -239,6 +223,28 @@ public class GroupWriter
}
groupElement.addContent(userMembersElement);
}
// Group groupAdmins.
if ((group.getGroupAdmins() != null) && (!group.getGroupAdmins().isEmpty()))
{
Element groupAdminsElement = new Element("groupAdmins");
for (Group groupMember : group.getGroupAdmins())
{
groupAdminsElement.addContent(getGroupElement(groupMember, false));
}
groupElement.addContent(groupAdminsElement);
}
// Group userAdmins
if ((group.getUserAdmins() != null) && (!group.getUserAdmins().isEmpty()))
{
Element userAdminsElement = new Element("userAdmins");
for (User<? extends Principal> userMember : group.getUserAdmins())
{
userAdminsElement.addContent(UserWriter.getUserElement(userMember));
}
groupElement.addContent(userAdminsElement);
}
}
return groupElement;
......
projects/cadcAccessControl/test/src/ca/nrc/cadc/ac/GroupReaderWriterTest.java
+ 5
7
View file @ 0945f3d9
......@@ -85,8 +85,8 @@ import org.apache.log4j.Logger;
import org.junit.Test;
import ca.nrc.cadc.auth.HttpPrincipal;
import ca.nrc.cadc.auth.NumericPrincipal;
import ca.nrc.cadc.auth.OpenIdPrincipal;
import static org.junit.Assert.assertTrue;
/**
*
......@@ -161,15 +161,15 @@ public class GroupReaderWriterTest
expected.lastModified = new Date();
expected.properties.add(new GroupProperty("key", "value", true));
Group readGroup = new Group("read", new User<Principal>(new X500Principal("cn=foo,o=ca")));
Group writeGroup = new Group("write", new User<Principal>(new NumericPrincipal(123l)));
Group groupMember = new Group("member", new User<Principal>(new OpenIdPrincipal("bar")));
User<Principal> userMember = new User<Principal>(new HttpPrincipal("baz"));
Group groupAdmin = new Group("admin", new User<Principal>(new X500Principal("cn=foo,o=ca")));
User<Principal> userAdmin = new User<Principal>(new HttpPrincipal("admin"));
expected.groupRead = readGroup;
expected.groupWrite = writeGroup;
expected.getGroupMembers().add(groupMember);
expected.getUserMembers().add(userMember);
expected.getGroupAdmins().add(groupAdmin);
expected.getUserAdmins().add(userAdmin);
StringBuilder xml = new StringBuilder();
GroupWriter.write(expected, xml);
......@@ -181,8 +181,6 @@ public class GroupReaderWriterTest
assertEquals(expected.description, actual.description);
assertEquals(expected.lastModified, actual.lastModified);
assertEquals(expected.getProperties(), actual.getProperties());
assertEquals(expected.groupRead, actual.groupRead);
assertEquals(expected.groupWrite, actual.groupWrite);
assertEquals(expected.getGroupMembers(), actual.getGroupMembers());
assertEquals(expected.getUserMembers(), actual.getUserMembers());
}
......
projects/cadcAccessControl/test/src/ca/nrc/cadc/ac/GroupTest.java
+ 3
5
View file @ 0945f3d9
......@@ -115,17 +115,15 @@ public class GroupTest
assertEquals(group3.hashCode(), group4.hashCode());
assertEquals(group3,group4);
group3.description = "Test group";
group4.getUserAdmins().add(user);
assertEquals(group3.hashCode(), group4.hashCode());
assertEquals(group3,group4);
// group read and write equality tests
group3.groupRead = group4;
group3.getGroupAdmins().add(group4);
assertEquals(group3.hashCode(), group4.hashCode());
assertEquals(group3,group4);
// group write equality tests
group3.groupWrite = group4;
group3.description = "Test group";
assertEquals(group3.hashCode(), group4.hashCode());
assertEquals(group3,group4);
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment