diff --git a/cadcAccessControl-Admin/build.xml b/cadcAccessControl-Admin/build.xml
index 4486ba294d478ed652fbb5b566c0932a4e005bdc..39e69c8983622c44577e9a0aa416b786e6b89168 100644
--- a/cadcAccessControl-Admin/build.xml
+++ b/cadcAccessControl-Admin/build.xml
@@ -93,6 +93,7 @@
<!-- JAR files to be included in classpath and war file -->
<property name="cadcAC" value="${lib}/cadcAccessControl.jar"/>
<property name="cadcAC-Server" value="${lib}/cadcAccessControl-Server.jar"/>
+ <property name="cadcReg" value="${lib}/cadcRegistry.jar"/>
<property name="cadcLog" value="${lib}/cadcLog.jar"/>
<property name="cadcUtil" value="${lib}/cadcUtil.jar"/>
<property name="log4j" value="${ext.lib}/log4j.jar"/>
@@ -102,16 +103,21 @@
<property name="mail" value="${ext.lib}/mail.jar"/>
<property name="cadc" value="${cadcAC}:${cadcAC-Server}:${cadcUtil}"/>
- <property name="client.cadc.jars" value="${cadcAC}:${cadcAC-Server}:${cadcLog}:${cadcUtil}"/>
+ <property name="client.cadc.jars" value="${cadcAC}:${cadcAC-Server}:${cadcLog}:${cadcUtil}:${cadcReg}"/>
<property name="client.external.jars" value="${unboundid}:${log4j}:${servlet-api}:${mail}"/>
<property name="jars" value="${cadc}:${client.cadc.jars}:${client.external.jars}"/>
- <target name="build" depends="compile,manifest">
+ <target name="copyResources" depends="compile">
+ <copy overwrite="true"
+ file="${env.A}/etc/LocalAuthority.properties"
+ tofile="${build}/class/LocalAuthority.properties"/>
+ </target>
+
+ <target name="build" depends="compile,copyResources,manifest">
<jar jarfile="${build}/lib/${project}.jar"
basedir="${build}/class" update="no"
manifest="${build}/tmp/${project}.mf">
- <include name="ca/nrc/cadc/**"/>
</jar>
</target>
diff --git a/cadcAccessControl-Identity/src/ca/nrc/cadc/auth/ACIdentityManager.java b/cadcAccessControl-Identity/src/ca/nrc/cadc/auth/ACIdentityManager.java
index a56987d7f159b3224e2ffd02d8aee6dba02de612..cb0adaf1ba7ba4cab8db04a7a94d39d44588a72f 100644
--- a/cadcAccessControl-Identity/src/ca/nrc/cadc/auth/ACIdentityManager.java
+++ b/cadcAccessControl-Identity/src/ca/nrc/cadc/auth/ACIdentityManager.java
@@ -1,7 +1,6 @@
package ca.nrc.cadc.auth;
import java.io.File;
-import java.net.MalformedURLException;
import java.net.URI;
import java.net.URL;
import java.security.Principal;
@@ -20,6 +19,7 @@ import org.apache.log4j.Logger;
import ca.nrc.cadc.ac.User;
import ca.nrc.cadc.ac.client.UserClient;
import ca.nrc.cadc.profiler.Profiler;
+import ca.nrc.cadc.reg.Standards;
import ca.nrc.cadc.reg.client.LocalAuthority;
import ca.nrc.cadc.reg.client.RegistryClient;
import ca.nrc.cadc.vosi.avail.CheckResource;
@@ -109,7 +109,7 @@ public class ACIdentityManager implements IdentityManager
public NumericPrincipal run() throws Exception
{
LocalAuthority localAuth = new LocalAuthority();
- URI serviceURI = localAuth.getServiceURI("ums");
+ URI serviceURI = localAuth.getServiceURI(Standards.UMS_USERS_01.toString());
UserClient userClient = new UserClient(serviceURI);
User newUser = userClient.createUser(x500Principal);
@@ -205,7 +205,7 @@ public class ACIdentityManager implements IdentityManager
public Object run() throws Exception
{
LocalAuthority localAuth = new LocalAuthority();
- URI serviceURI = localAuth.getServiceURI("ums");
+ URI serviceURI = localAuth.getServiceURI(Standards.UMS_USERS_01.toString());
UserClient userClient = new UserClient(serviceURI);
userClient.augmentSubject(subject);
@@ -231,17 +231,10 @@ public class ACIdentityManager implements IdentityManager
*/
public static CheckResource getAvailabilityCheck()
{
- try
- {
- RegistryClient regClient = new RegistryClient();
- LocalAuthority localAuth = new LocalAuthority();
- URI serviceURI = localAuth.getServiceURI("gms");
- URL availURL = regClient.getServiceURL(serviceURI, "http", "/availability");
- return new CheckWebService(availURL.toExternalForm());
- }
- catch (MalformedURLException e)
- {
- throw new RuntimeException(e);
- }
+ RegistryClient regClient = new RegistryClient();
+ LocalAuthority localAuth = new LocalAuthority();
+ URI serviceURI = localAuth.getServiceURI(Standards.GMS_GROUPS_01.toString());
+ URL availURL = regClient.getServiceURL(serviceURI, Standards.VOSI_AVAILABILITY, AuthMethod.ANON);
+ return new CheckWebService(availURL.toExternalForm());
}
}
diff --git a/cadcAccessControl-Identity/src/ca/nrc/cadc/auth/AuthenticatorImpl.java b/cadcAccessControl-Identity/src/ca/nrc/cadc/auth/AuthenticatorImpl.java
index af6b5a155831905bd62b05cdb129cf5c67543515..1b2ffce71a24b33c8f4a7b5bb0f1104eced13713 100644
--- a/cadcAccessControl-Identity/src/ca/nrc/cadc/auth/AuthenticatorImpl.java
+++ b/cadcAccessControl-Identity/src/ca/nrc/cadc/auth/AuthenticatorImpl.java
@@ -1,6 +1,5 @@
package ca.nrc.cadc.auth;
-import java.net.MalformedURLException;
import java.net.URI;
import java.net.URL;
@@ -10,6 +9,7 @@ import javax.security.auth.x500.X500Principal;
import org.apache.log4j.Logger;
import ca.nrc.cadc.profiler.Profiler;
+import ca.nrc.cadc.reg.Standards;
import ca.nrc.cadc.reg.client.LocalAuthority;
import ca.nrc.cadc.reg.client.RegistryClient;
import ca.nrc.cadc.vosi.avail.CheckResource;
@@ -69,17 +69,10 @@ public class AuthenticatorImpl implements Authenticator
public static CheckResource getAvailabilityCheck()
{
- try
- {
- RegistryClient regClient = new RegistryClient();
- LocalAuthority localAuth = new LocalAuthority();
- URI serviceURI = localAuth.getServiceURI("gms");
- URL availURL = regClient.getServiceURL(serviceURI, "http", "/availability");
- return new CheckWebService(availURL.toExternalForm());
- }
- catch (MalformedURLException e)
- {
- throw new RuntimeException(e);
- }
+ RegistryClient regClient = new RegistryClient();
+ LocalAuthority localAuth = new LocalAuthority();
+ URI serviceURI = localAuth.getServiceURI(Standards.GMS_GROUPS_01.toString());
+ URL availURL = regClient.getServiceURL(serviceURI, Standards.VOSI_AVAILABILITY, AuthMethod.ANON);
+ return new CheckWebService(availURL.toExternalForm());
}
}
diff --git a/cadcAccessControl-Server/build.xml b/cadcAccessControl-Server/build.xml
index af1c7bbb5632e2a0573033db47ffd830fa1ba514..9e3fd5acfab81386027c875f7af73ee0bfa9bdb9 100644
--- a/cadcAccessControl-Server/build.xml
+++ b/cadcAccessControl-Server/build.xml
@@ -116,8 +116,8 @@
<copy overwrite="true" file="test/LdapConfig.test.properties"
todir="${user.home}/config/"/>
<copy overwrite="true"
- file="${env.CADC_PREFIX}/etc/LocalAuthority.properties"
- tofile="${build}/class/LocalAuthority.properties"/>
+ file="${env.A}/etc/LocalAuthority.properties"
+ todir="${build}/test/class/"/>
</target>
<!-- JAR files needed to run the test suite -->
diff --git a/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java b/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java
index 9ebf865785f07b009c00586a316aff69c59262b4..bc9cb5d91a02ebb037af55366c7213c9878067c0 100755
--- a/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java
+++ b/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java
@@ -100,6 +100,7 @@ import ca.nrc.cadc.auth.HttpPrincipal;
import ca.nrc.cadc.auth.NumericPrincipal;
import ca.nrc.cadc.net.TransientException;
import ca.nrc.cadc.profiler.Profiler;
+import ca.nrc.cadc.reg.Standards;
import ca.nrc.cadc.reg.client.LocalAuthority;
import ca.nrc.cadc.util.ObjectUtil;
import ca.nrc.cadc.util.StringUtil;
@@ -739,7 +740,7 @@ public class LdapUserDAO extends LdapDAO
// cache memberOf values in the user
LocalAuthority localAuthority = new LocalAuthority();
- URI gmsServiceURI = localAuthority.getServiceURI("gms");
+ URI gmsServiceURI = localAuthority.getServiceURI(Standards.GMS_GROUPS_01.toString());
GroupMemberships gms = new GroupMemberships(gmsServiceURI.toString(), userID);
user.appData = gms; // add even if empty
@@ -1277,7 +1278,7 @@ public class LdapUserDAO extends LdapDAO
{
UUID uuid = new UUID(0L, Long.parseLong(numericID));
LocalAuthority localAuthority = new LocalAuthority();
- URI umsServiceURI = localAuthority.getServiceURI("ums");
+ URI umsServiceURI = localAuthority.getServiceURI(Standards.UMS_REQS_01.toString());
String uriString = umsServiceURI.toString() + "?" + uuid.toString();
URI uri;
try
diff --git a/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/WhoAmIServlet.java b/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/WhoAmIServlet.java
index 9caff6d55d45577b28998d2061987f496f3ba459..bbd0aee0615f5b66c613ac6102977ba771debd2e 100644
--- a/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/WhoAmIServlet.java
+++ b/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/WhoAmIServlet.java
@@ -79,6 +79,8 @@ import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import ca.nrc.cadc.auth.AuthMethod;
+import ca.nrc.cadc.reg.Standards;
import org.apache.log4j.Logger;
import ca.nrc.cadc.auth.AuthenticationUtil;
@@ -166,13 +168,11 @@ public class WhoAmIServlet extends HttpServlet
final RegistryClient registryClient = getRegistryClient();
LocalAuthority localAuthority = new LocalAuthority();
- URI umsServiceURI = localAuthority.getServiceURI("ums");
-
+ URI umsServiceURI = localAuthority.getServiceURI(Standards.UMS_WHOAMI_01.toString());
log.debug("ums service uri: " + umsServiceURI);
- final URL redirectURL =
- registryClient.getServiceURL(
- URI.create(umsServiceURI.toString() + "#users"), scheme, USER_GET_PATH);
+ final URL serviceURL = registryClient.getServiceURL(umsServiceURI, Standards.UMS_USERS_01, AuthMethod.CERT);
+ final URL redirectURL = new URL(serviceURL.toExternalForm() + USER_GET_PATH);
// Take the first one.
final String redirectUrl =
@@ -181,8 +181,7 @@ public class WhoAmIServlet extends HttpServlet
log.debug("redirecting to " + redirectURI.toASCIIString());
- response.sendRedirect(redirectURI.getPath() + "?"
- + redirectURI.getQuery());
+ response.sendRedirect(redirectURI.getPath() + "?" + redirectURI.getQuery());
}
/**
diff --git a/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/web/WhoAmIServletTest.java b/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/web/WhoAmIServletTest.java
index 63d4d6413d32aafe311a93d7ec81e3c07c95f254..ff7df8ebda7d1c16a077dee907ca460f5d3cf276 100644
--- a/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/web/WhoAmIServletTest.java
+++ b/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/web/WhoAmIServletTest.java
@@ -82,15 +82,31 @@ import javax.security.auth.Subject;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import ca.nrc.cadc.ac.server.web.groups.AddUserMemberActionTest;
+import ca.nrc.cadc.auth.AuthMethod;
+import ca.nrc.cadc.reg.Standards;
+
+import org.apache.log4j.Level;
+import org.apache.log4j.Logger;
+import org.junit.BeforeClass;
import org.junit.Test;
import ca.nrc.cadc.auth.HttpPrincipal;
import ca.nrc.cadc.reg.client.LocalAuthority;
import ca.nrc.cadc.reg.client.RegistryClient;
+import ca.nrc.cadc.util.Log4jInit;
public class WhoAmIServletTest
{
+ private final static Logger log = Logger.getLogger(WhoAmIServletTest.class);
+
+ @BeforeClass
+ public static void setUpClass()
+ {
+ Log4jInit.setLevel("ca.nrc.cadc.ac", Level.INFO);
+ }
+
@Test
public void doGet() throws Exception
{
@@ -133,11 +149,14 @@ public class WhoAmIServletTest
expectLastCall().once();
LocalAuthority localAuthority = new LocalAuthority();
- URI umsServiceURI = localAuthority.getServiceURI("ums");
+ URI umsServiceURI = localAuthority.getServiceURI(Standards.UMS_WHOAMI_01.toString());
+
+// expect(mockRegistry.getServiceURL(URI.create(umsServiceURI.toString() + "#users"),
+// "http", "/%s?idType=HTTP")).
+// andReturn(new URL("http://mysite.com/ac/users/CADCtest?idType=HTTP")).once();
- expect(mockRegistry.getServiceURL(URI.create(umsServiceURI.toString() + "#users"),
- "http", "/%s?idType=HTTP")).
- andReturn(new URL("http://mysite.com/ac/users/CADCtest?idType=HTTP")).once();
+ expect(mockRegistry.getServiceURL(umsServiceURI, Standards.UMS_USERS_01, AuthMethod.CERT))
+ .andReturn(new URL("http://mysite.com/ac/users")).once();
replay(mockRequest, mockResponse, mockRegistry);
diff --git a/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/web/groups/RemoveUserMemberActionTest.java b/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/web/groups/RemoveUserMemberActionTest.java
index ac1960db076b6f6a66d7fa18b14fde362988d7f1..5647059b751b5676cfb33c83bbac35c0a60b5d7b 100644
--- a/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/web/groups/RemoveUserMemberActionTest.java
+++ b/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/web/groups/RemoveUserMemberActionTest.java
@@ -92,6 +92,7 @@ import ca.nrc.cadc.ac.server.UserPersistence;
import ca.nrc.cadc.auth.AuthenticationUtil;
import ca.nrc.cadc.auth.HttpPrincipal;
import ca.nrc.cadc.auth.IdentityType;
+import ca.nrc.cadc.reg.Standards;
import ca.nrc.cadc.reg.client.LocalAuthority;
import ca.nrc.cadc.util.Log4jInit;
import ca.nrc.cadc.util.ObjectUtil;
@@ -118,7 +119,7 @@ public class RemoveUserMemberActionTest
{
User user = new User();
LocalAuthority localAuthority = new LocalAuthority();
- URI umsServiceURI = localAuthority.getServiceURI("ums");
+ URI umsServiceURI = localAuthority.getServiceURI(Standards.UMS_REQS_01.toString());
InternalID internalID = new InternalID(new URI(umsServiceURI.toASCIIString() + "?" + UUID.randomUUID()));
ObjectUtil.setField(user, internalID, "id");
@@ -172,7 +173,7 @@ public class RemoveUserMemberActionTest
{
User user = new User();
LocalAuthority localAuthority = new LocalAuthority();
- URI umsServiceURI = localAuthority.getServiceURI("ums");
+ URI umsServiceURI = localAuthority.getServiceURI(Standards.UMS_REQS_01.toString());
InternalID internalID = new InternalID(new URI(umsServiceURI.toString() + "?" + UUID.randomUUID()));
ObjectUtil.setField(user, internalID, "id");
diff --git a/cadcAccessControl/build.xml b/cadcAccessControl/build.xml
index 8e0cefd4de16e111791d16f73e001e11f30435ae..a356f123f19e40465505e67ea60f29e087f2b3f2 100644
--- a/cadcAccessControl/build.xml
+++ b/cadcAccessControl/build.xml
@@ -117,7 +117,7 @@
<target name="setup-test">
<copy overwrite="true"
- file="${env.CADC_PREFIX}/etc/LocalAuthority.properties"
+ file="${env.A}/etc/LocalAuthority.properties"
tofile="${build}/class/LocalAuthority.properties"/>
</target>
diff --git a/cadcAccessControl/src/ca/nrc/cadc/ac/client/GMSClient.java b/cadcAccessControl/src/ca/nrc/cadc/ac/client/GMSClient.java
index 3de71f50876392551caa7300401e450881a1a557..f8c72e7b342d44ccec2fa869c3a0098e782672a3 100755
--- a/cadcAccessControl/src/ca/nrc/cadc/ac/client/GMSClient.java
+++ b/cadcAccessControl/src/ca/nrc/cadc/ac/client/GMSClient.java
@@ -90,6 +90,7 @@ import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSocketFactory;
import javax.security.auth.Subject;
+import ca.nrc.cadc.reg.Standards;
import org.apache.log4j.Logger;
import ca.nrc.cadc.ac.Group;
@@ -124,50 +125,24 @@ public class GMSClient implements TransferListener
{
private static final Logger log = Logger.getLogger(GMSClient.class);
- private static final String GROUPS = "groups";
- private static final String SEARCH = "search";
-
// socket factory to use when connecting
private SSLSocketFactory sslSocketFactory;
private SSLSocketFactory mySocketFactory;
- private RegistryClient registryClient;
-
- private URI gmsServiceURI;
- private URI groupsURI;
- private URI searchURI;
-
- public GMSClient(URI serviceURI)
- {
- this(serviceURI, new RegistryClient());
- }
+ private URI serviceID;
/**
- * Slightly more complete constructor. Tests can override the
- * RegistryClient.
+ * Constructor.
*
- * @param serviceURI The service URI.
- * @param registryClient The Registry Client.
+ * @param serviceID The service ID.
*/
- public GMSClient(URI serviceURI, RegistryClient registryClient)
+ public GMSClient(URI serviceID)
{
- if (serviceURI == null)
- throw new IllegalArgumentException("invalid serviceURI: " + serviceURI);
- if (serviceURI.getFragment() != null)
- throw new IllegalArgumentException("invalid serviceURI (fragment not allowed): " + serviceURI);
-
- this.registryClient = registryClient;
-
- try
- {
- this.gmsServiceURI = serviceURI;
- this.groupsURI = new URI(serviceURI.toASCIIString() + "#" + GROUPS);
- this.searchURI = new URI(serviceURI.toASCIIString() + "#" + SEARCH);
- }
- catch(URISyntaxException ex)
- {
- throw new RuntimeException("BUG: failed to create standardID from serviceURI + fragment", ex);
- }
+ if (serviceID == null)
+ throw new IllegalArgumentException("invalid serviceID: " + serviceID);
+ if (serviceID.getFragment() != null)
+ throw new IllegalArgumentException("invalid serviceID (fragment not allowed): " + serviceID);
+ this.serviceID = serviceID;
}
public void transferEvent(TransferEvent te)
@@ -192,7 +167,6 @@ public class GMSClient implements TransferListener
throw new UnsupportedOperationException("Not yet implemented");
}
-
/**
* Create a new group.
*
@@ -208,7 +182,8 @@ public class GMSClient implements TransferListener
throws GroupAlreadyExistsException, AccessControlException,
UserNotFoundException, WriterException, IOException
{
- URL createGroupURL = registryClient.getServiceURL(groupsURI, "https", "", AuthMethod.CERT);
+ URL createGroupURL = getRegistryClient()
+ .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01, AuthMethod.CERT);
log.debug("createGroupURL request to " + createGroupURL.toString());
// reset the state of the cache
@@ -279,12 +254,13 @@ public class GMSClient implements TransferListener
public Group getGroup(String groupName)
throws GroupNotFoundException, AccessControlException, IOException
{
-
- URL getGroupURL = registryClient.getServiceURL(groupsURI, "https", groupName, AuthMethod.CERT);
+ URL groupsURL = getRegistryClient()
+ .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01, AuthMethod.CERT);
+ URL getGroupURL = new URL(groupsURL.toExternalForm() + "/" + groupName);
log.debug("getGroup request to " + getGroupURL.toString());
+
ByteArrayOutputStream out = new ByteArrayOutputStream();
HttpDownload transfer = new HttpDownload(getGroupURL, out);
-
transfer.setSSLSocketFactory(getSSLSocketFactory());
transfer.run();
@@ -334,7 +310,8 @@ public class GMSClient implements TransferListener
public List<String> getGroupNames()
throws AccessControlException, IOException
{
- URL getGroupNamesURL = registryClient.getServiceURL(groupsURI, "https", "", AuthMethod.CERT);
+ URL getGroupNamesURL = getRegistryClient()
+ .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01, AuthMethod.CERT);
log.debug("getGroupNames request to " + getGroupNamesURL.toString());
@@ -411,7 +388,9 @@ public class GMSClient implements TransferListener
throws IllegalArgumentException, GroupNotFoundException, UserNotFoundException,
AccessControlException, WriterException, IOException
{
- URL updateGroupURL = registryClient.getServiceURL(groupsURI, "https", group.getID(), AuthMethod.CERT);
+ URL groupsURL = getRegistryClient()
+ .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01, AuthMethod.CERT);
+ URL updateGroupURL = new URL(groupsURL.toExternalForm() + "/" + group.getID());
log.debug("updateGroup request to " + updateGroupURL.toString());
// reset the state of the cache
@@ -478,7 +457,9 @@ public class GMSClient implements TransferListener
public void deleteGroup(String groupName)
throws GroupNotFoundException, AccessControlException, IOException
{
- URL deleteGroupURL = registryClient.getServiceURL(groupsURI, "https", groupName, AuthMethod.CERT);
+ URL groupsURL = getRegistryClient()
+ .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01, AuthMethod.CERT);
+ URL deleteGroupURL = new URL(groupsURL.toExternalForm() + "/" + groupName);
log.debug("deleteGroup request to " + deleteGroupURL.toString());
// reset the state of the cache
@@ -544,8 +525,10 @@ public class GMSClient implements TransferListener
AccessControlException, IOException
{
- String path = targetGroupName + "/groupMembers/" + groupMemberName;
- URL addGroupMemberURL = registryClient.getServiceURL(groupsURI, "https", path, AuthMethod.CERT);
+ String path = "/" + targetGroupName + "/groupMembers/" + groupMemberName;
+ URL groupsURL = getRegistryClient()
+ .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01, AuthMethod.CERT);
+ URL addGroupMemberURL = new URL(groupsURL.toExternalForm() + path);
log.debug("addGroupMember request to " + addGroupMemberURL.toString());
// reset the state of the cache
@@ -603,8 +586,10 @@ public class GMSClient implements TransferListener
log.debug("addUserMember: " + targetGroupName + " + " + userID.getName());
String userIDType = AuthenticationUtil.getPrincipalType(userID);
- String path = targetGroupName + "/userMembers/" + NetUtil.encode(userID.getName()) + "?idType=" + userIDType;
- URL addUserMemberURL = registryClient.getServiceURL(groupsURI, "https", path, AuthMethod.CERT);
+ String path = "/" + targetGroupName + "/userMembers/" + NetUtil.encode(userID.getName()) + "?idType=" + userIDType;
+ URL groupsURL = getRegistryClient()
+ .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01, AuthMethod.CERT);
+ URL addUserMemberURL = new URL(groupsURL.toExternalForm() + path);
log.debug("addUserMember request to " + addUserMemberURL.toString());
@@ -658,8 +643,10 @@ public class GMSClient implements TransferListener
throws GroupNotFoundException, AccessControlException, IOException
{
- String path = targetGroupName + "/groupMembers/" + groupMemberName;
- URL removeGroupMemberURL = registryClient.getServiceURL(groupsURI, "https", path, AuthMethod.CERT);
+ String path = "/" + targetGroupName + "/groupMembers/" + groupMemberName;
+ URL groupsURL = getRegistryClient()
+ .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01, AuthMethod.CERT);
+ URL removeGroupMemberURL = new URL(groupsURL.toExternalForm() + path);
log.debug("removeGroupMember request to " +
removeGroupMemberURL.toString());
@@ -725,8 +712,10 @@ public class GMSClient implements TransferListener
String userIDType = AuthenticationUtil.getPrincipalType(userID);
log.debug("removeUserMember: " + targetGroupName + " - " + userID.getName() + " type: " + userIDType);
- String path = targetGroupName + "/userMembers/" + NetUtil.encode(userID.getName()) + "?idType=" + userIDType;
- URL removeUserMemberURL = registryClient.getServiceURL(groupsURI, "https", path, AuthMethod.CERT);
+ String path = "/" + targetGroupName + "/userMembers/" + NetUtil.encode(userID.getName()) + "?idType=" + userIDType;
+ URL groupsURL = getRegistryClient()
+ .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01, AuthMethod.CERT);
+ URL removeUserMemberURL = new URL(groupsURL.toExternalForm() + path);
log.debug("removeUserMember: " + removeUserMemberURL.toString());
@@ -836,11 +825,13 @@ public class GMSClient implements TransferListener
//searchGroupURL.append("&IDTYPE=").append(NetUtil.encode(idType));
searchGroupPath.append("&ROLE=").append(NetUtil.encode(roleString));
- URL searchURL = registryClient.getServiceURL(searchURI, "https", searchGroupPath.toString(), AuthMethod.CERT);
+ URL searchURL = getRegistryClient()
+ .getServiceURL(this.serviceID, Standards.GMS_SEARCH_01, AuthMethod.CERT);
+ URL getMembershipsURL = new URL(searchURL.toExternalForm() + searchGroupPath.toString());
- log.debug("getMemberships request to " + searchURL.toString());
+ log.debug("getMemberships request to " + getMembershipsURL.toString());
ByteArrayOutputStream out = new ByteArrayOutputStream();
- HttpDownload transfer = new HttpDownload(searchURL, out);
+ HttpDownload transfer = new HttpDownload(getMembershipsURL, out);
transfer.setSSLSocketFactory(getSSLSocketFactory());
transfer.run();
@@ -945,11 +936,13 @@ public class GMSClient implements TransferListener
searchGroupPath.append("&ROLE=").append(NetUtil.encode(roleString));
searchGroupPath.append("&GROUPID=").append(NetUtil.encode(groupName));
- URL searchURL = registryClient.getServiceURL(searchURI, "https", searchGroupPath.toString(), AuthMethod.CERT);
+ URL searchURL = getRegistryClient()
+ .getServiceURL(this.serviceID, Standards.GMS_SEARCH_01, AuthMethod.CERT);
+ URL getMembershipURL = new URL(searchURL.toExternalForm() + searchGroupPath.toString());
- log.debug("getMembership request to " + searchURL.toString());
+ log.debug("getMembership request to " + getMembershipURL.toString());
ByteArrayOutputStream out = new ByteArrayOutputStream();
- HttpDownload transfer = new HttpDownload(searchURL, out);
+ HttpDownload transfer = new HttpDownload(getMembershipURL, out);
transfer.setSSLSocketFactory(getSSLSocketFactory());
transfer.run();
@@ -1102,17 +1095,17 @@ public class GMSClient implements TransferListener
Set<GroupMemberships> gset = subject.getPrivateCredentials(GroupMemberships.class);
if (gset == null || gset.isEmpty())
{
- GroupMemberships mems = new GroupMemberships(gmsServiceURI.toString(), userID);
+ GroupMemberships mems = new GroupMemberships(serviceID.toString(), userID);
subject.getPrivateCredentials().add(mems);
return mems;
}
GroupMemberships mems = gset.iterator().next();
// check to ensure they have the same service URI
- if (!gmsServiceURI.toString().equals(mems.getServiceURI()))
+ if (!serviceID.toString().equals(mems.getServiceURI()))
{
log.debug("Not using cache because of differing service URIs: " +
- "[" + gmsServiceURI.toString() + "][" + mems.getServiceURI() + "]");
+ "[" + serviceID.toString() + "][" + mems.getServiceURI() + "]");
return null;
}
@@ -1182,4 +1175,9 @@ public class GMSClient implements TransferListener
return false;
}
+ protected RegistryClient getRegistryClient()
+ {
+ return new RegistryClient();
+ }
+
}
diff --git a/cadcAccessControl/src/ca/nrc/cadc/ac/client/UserClient.java b/cadcAccessControl/src/ca/nrc/cadc/ac/client/UserClient.java
index 2ec7944f777c2dd97f0e5ede9335fd1ec80710e9..5c46a1d8cbe06a78fd6df88ce9fc07ea927b381f 100644
--- a/cadcAccessControl/src/ca/nrc/cadc/ac/client/UserClient.java
+++ b/cadcAccessControl/src/ca/nrc/cadc/ac/client/UserClient.java
@@ -84,6 +84,8 @@ import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.x500.X500Principal;
+import ca.nrc.cadc.reg.Standards;
+import ca.nrc.cadc.reg.client.LocalAuthority;
import org.apache.log4j.Logger;
import ca.nrc.cadc.ac.ReaderException;
@@ -110,47 +112,22 @@ public class UserClient
{
private static final Logger log = Logger.getLogger(UserClient.class);
- private static final String USERS = "users";
- private static final String USER_REQUESTS = "reqs";
-
- private RegistryClient registryClient;
-
- private URI usersURI;
-
- // to be used when the client can work with
- // user requests
- private URI userReqsURI;
+ private URI serviceID;
/**
* Constructor.
*
- * @param serviceURI The URI of the supporting access control web service
+ * @param serviceID The URI of the supporting access control web service
* obtained from the registry.
*/
- public UserClient(URI serviceURI)
+ public UserClient(URI serviceID)
throws IllegalArgumentException
{
- this(serviceURI, new RegistryClient());
- }
-
- public UserClient(URI serviceURI, RegistryClient registryClient)
- {
- if (serviceURI == null)
+ if (serviceID == null)
throw new IllegalArgumentException("Service URI cannot be null.");
- if (serviceURI.getFragment() != null)
- throw new IllegalArgumentException("invalid serviceURI (fragment not allowed): " + serviceURI);
-
- this.registryClient = registryClient;
-
- try
- {
- this.usersURI = new URI(serviceURI.toASCIIString() + "#" + USERS);
- this.userReqsURI = new URI(serviceURI.toASCIIString() + "#" + USER_REQUESTS);
- }
- catch(URISyntaxException ex)
- {
- throw new RuntimeException("BUG: failed to create standardID from serviceURI + fragment", ex);
- }
+ if (serviceID.getFragment() != null)
+ throw new IllegalArgumentException("invalid serviceURI (fragment not allowed): " + serviceID);
+ this.serviceID = serviceID;
}
/**
@@ -168,13 +145,15 @@ public class UserClient
{
String userID = principal.getName();
- String path = NetUtil.encode(userID) + "?idType=" + this.getIdType(principal) + "&detail=identity";
+ String path = "/" + NetUtil.encode(userID) + "?idType=" + this.getIdType(principal) + "&detail=identity";
// augment subject calls are always https with client certs
- URL getUserURL = registryClient.getServiceURL(usersURI, "https", path, AuthMethod.CERT);
+ URL usersURL = getRegistryClient()
+ .getServiceURL(this.serviceID, Standards.UMS_USERS_01, AuthMethod.CERT);
+ URL getUserURL = new URL(usersURL.toExternalForm() + path);
if (getUserURL == null)
- throw new IllegalArgumentException("No service endpoint for uri " + usersURI);
+ throw new IllegalArgumentException("No service endpoint for uri " + Standards.UMS_USERS_01);
log.debug("augmentSubject request to " + getUserURL.toString());
ByteArrayOutputStream out = new ByteArrayOutputStream();
@@ -209,7 +188,8 @@ public class UserClient
*/
public List<User> getDisplayUsers() throws IOException
{
- URL usersURL = registryClient.getServiceURL(usersURI, "https");
+ URL usersURL = getRegistryClient()
+ .getServiceURL(this.serviceID, Standards.UMS_USERS_01, AuthMethod.CERT);
final List<User> webUsers = new ArrayList<User>();
HttpDownload httpDownload =
new HttpDownload(usersURL,
@@ -273,10 +253,11 @@ public class UserClient
StringBuilder userXML = new StringBuilder();
userWriter.write(user, userXML);
- URL createUserURL = registryClient.getServiceURL(usersURI, "https", null, AuthMethod.CERT);
+ URL createUserURL = getRegistryClient()
+ .getServiceURL(this.serviceID, Standards.UMS_USERS_01, AuthMethod.CERT);
if (createUserURL == null)
- throw new IllegalArgumentException("No service endpoint for uri " + usersURI);
+ throw new IllegalArgumentException("No service endpoint for uri " + Standards.UMS_REQS_01);
log.debug("createUser request to " + createUserURL.toString());
ByteArrayInputStream in = new ByteArrayInputStream(userXML.toString().getBytes());
@@ -336,9 +317,11 @@ public class UserClient
String id = NetUtil.encode(principal.getName());
String path = "/" + id + "?idType=" + AuthenticationUtil.getPrincipalType(principal);
- URL getUserURL = registryClient.getServiceURL(usersURI, "https", path, AuthMethod.CERT);
+ URL usersURL = getRegistryClient()
+ .getServiceURL(this.serviceID, Standards.UMS_USERS_01, AuthMethod.CERT);
+ URL getUserURL = new URL(usersURL.toExternalForm() + path);
if (getUserURL == null)
- throw new IllegalArgumentException("No service endpoint for uri " + usersURI);
+ throw new IllegalArgumentException("No service endpoint for uri " + Standards.UMS_USERS_01);
log.debug("getUser request to " + getUserURL.toString());
ByteArrayOutputStream out = new ByteArrayOutputStream();
@@ -433,4 +416,10 @@ public class UserClient
return idTypeStr;
}
+
+ protected RegistryClient getRegistryClient()
+ {
+ return new RegistryClient();
+ }
+
}
diff --git a/cadcAccessControl/src/ca/nrc/cadc/ac/xml/AbstractReaderWriter.java b/cadcAccessControl/src/ca/nrc/cadc/ac/xml/AbstractReaderWriter.java
index 3940001c3fbda7a85575baa46a936ea296d9db37..6d8f00581fa07899ed5f87205fd2f3fd8c20c53f 100644
--- a/cadcAccessControl/src/ca/nrc/cadc/ac/xml/AbstractReaderWriter.java
+++ b/cadcAccessControl/src/ca/nrc/cadc/ac/xml/AbstractReaderWriter.java
@@ -104,6 +104,7 @@ import ca.nrc.cadc.auth.IdentityType;
import ca.nrc.cadc.auth.NumericPrincipal;
import ca.nrc.cadc.auth.OpenIdPrincipal;
import ca.nrc.cadc.date.DateUtil;
+import ca.nrc.cadc.reg.Standards;
import ca.nrc.cadc.reg.client.LocalAuthority;
/**
@@ -156,7 +157,7 @@ public abstract class AbstractReaderWriter
public AbstractReaderWriter()
{
LocalAuthority localAuthority = new LocalAuthority();
- URI serviceURI = localAuthority.getServiceURI("gms");
+ URI serviceURI = localAuthority.getServiceURI(Standards.GMS_GROUPS_01.toString());
gmsServiceURI = serviceURI.toString();
}
diff --git a/cadcAccessControl/test/src/ca/nrc/cadc/ac/client/GMSClientTest.java b/cadcAccessControl/test/src/ca/nrc/cadc/ac/client/GMSClientTest.java
index c38e2240a0e49ef912a14ccccb285dd6a27f6201..e8e9b659a9f72fd622b0953cb11af17c7128dfaa 100644
--- a/cadcAccessControl/test/src/ca/nrc/cadc/ac/client/GMSClientTest.java
+++ b/cadcAccessControl/test/src/ca/nrc/cadc/ac/client/GMSClientTest.java
@@ -81,6 +81,8 @@ import java.util.List;
import javax.security.auth.Subject;
+import ca.nrc.cadc.auth.AuthMethod;
+import ca.nrc.cadc.reg.Standards;
import org.apache.log4j.Level;
import org.junit.Assert;
import org.junit.Test;
@@ -112,13 +114,20 @@ public class GMSClientTest
final RegistryClient mockRegistryClient =
createMock(RegistryClient.class);
- final URI serviceURI = URI.create("http://mysite.com/users");
+ final URI serviceID = URI.create("ivo://mysite.com/users");
- expect(mockRegistryClient.getServiceURL(serviceURI, "https")).andReturn(
- new URL("http://mysite.com/users/endpoint"));
+ expect(mockRegistryClient.getServiceURL(serviceID, Standards.UMS_USERS_01, AuthMethod.CERT))
+ .andReturn(new URL("http://mysite.com/users"));
replay(mockRegistryClient);
- GMSClient client = new GMSClient(serviceURI, mockRegistryClient);
+ GMSClient client = new GMSClient(serviceID)
+ {
+ @Override
+ protected RegistryClient getRegistryClient()
+ {
+ return mockRegistryClient;
+ }
+ };
Assert.assertFalse(client.userIsSubject(null, null));
Assert.assertFalse(client.userIsSubject(userID, null));
@@ -141,16 +150,22 @@ public class GMSClientTest
final HttpPrincipal test1UserID = new HttpPrincipal("test");
subject.getPrincipals().add(test1UserID);
- final URI serviceURI = URI.create("http://mysite.com/users");
+ final URI serviceID = URI.create("ivo://mysite.com/users");
final RegistryClient mockRegistryClient =
createMock(RegistryClient.class);
- expect(mockRegistryClient.getServiceURL(serviceURI, "https")).andReturn(
- new URL("http://mysite.com/users/endpoint"));
+ expect(mockRegistryClient.getServiceURL(serviceID, Standards.GMS_GROUPS_01, AuthMethod.CERT ))
+ .andReturn(new URL("http://mysite.com/users"));
replay(mockRegistryClient);
- final GMSClient client = new GMSClient(serviceURI, mockRegistryClient);
-
+ final GMSClient client = new GMSClient(serviceID)
+ {
+ @Override
+ protected RegistryClient getRegistryClient()
+ {
+ return mockRegistryClient;
+ }
+ };
Subject.doAs(subject, new PrivilegedExceptionAction<Object>()
{
diff --git a/cadcAccessControl/test/src/ca/nrc/cadc/ac/client/UserClientTest.java b/cadcAccessControl/test/src/ca/nrc/cadc/ac/client/UserClientTest.java
index 8217c0857dee9d9f1dea42d2b4cf1ec33bc0ca2b..4aa6144492cbfa9011c3eae711e42264e322414a 100644
--- a/cadcAccessControl/test/src/ca/nrc/cadc/ac/client/UserClientTest.java
+++ b/cadcAccessControl/test/src/ca/nrc/cadc/ac/client/UserClientTest.java
@@ -86,6 +86,7 @@ import org.junit.Test;
import ca.nrc.cadc.auth.HttpPrincipal;
import ca.nrc.cadc.auth.NumericPrincipal;
+import ca.nrc.cadc.reg.Standards;
import ca.nrc.cadc.reg.client.LocalAuthority;
import ca.nrc.cadc.util.Log4jInit;
@@ -101,7 +102,7 @@ public class UserClientTest
{
Log4jInit.setLevel("ca.nrc.cadc.ac", Level.INFO);
LocalAuthority localAuthority = new LocalAuthority();
- umsServiceURI = localAuthority.getServiceURI("ums");
+ umsServiceURI = localAuthority.getServiceURI(Standards.UMS_USERS_01.toString());
}
@Test
diff --git a/cadcTomcat/build.xml b/cadcTomcat/build.xml
index ec069e38555e77118b099541ac877b59b3d6f8d7..10ba07f943c3d5a215cfb98b7d402531de1a6399 100644
--- a/cadcTomcat/build.xml
+++ b/cadcTomcat/build.xml
@@ -86,7 +86,7 @@
<!-- developer convenience: place for extra targets and properties -->
<import file="extras.xml" optional="true" />
- <property name="cadc" value="${lib}/cadcUtil.jar" />
+ <property name="cadc" value="${lib}/cadcUtil.jar:${lib}/cadcRegistry.jar" />
<property name="log4j" value="${ext.lib}/log4j.jar" />
<property name="tomcat" value="${ext.lib}/catalina.jar:${ext.lib}/tomcat-util.jar:${ext.lib}/tomcat-coyote.jar" />
<property name="jars" value="${cadc}:${log4j}:${tomcat}" />
@@ -136,7 +136,7 @@
</classpath>
<test name="ca.nrc.cadc.tomcat.CadcBasicAuthenticatorTest"/>
- <test name="ca.nrc.cadc.tomcat.RealmRegistryClientTest"/>
+ <test name="ca.nrc.cadc.tomcat.AuthenticationLookupTest"/>
<formatter type="plain" usefile="false"/>
</junit>
</target>
diff --git a/cadcTomcat/src/ca/nrc/cadc/tomcat/RealmRegistryClient.java b/cadcTomcat/src/ca/nrc/cadc/tomcat/AuthenticationLookup.java
similarity index 60%
rename from cadcTomcat/src/ca/nrc/cadc/tomcat/RealmRegistryClient.java
rename to cadcTomcat/src/ca/nrc/cadc/tomcat/AuthenticationLookup.java
index ae3032899be9cbd5ee5a2e27bc99165c10f11660..c8d7a1b109fcb6a5c0cc200229c32aa072cbd088 100644
--- a/cadcTomcat/src/ca/nrc/cadc/tomcat/RealmRegistryClient.java
+++ b/cadcTomcat/src/ca/nrc/cadc/tomcat/AuthenticationLookup.java
@@ -69,21 +69,13 @@
package ca.nrc.cadc.tomcat;
-import java.io.File;
-import java.io.IOException;
-import java.io.InputStream;
import java.net.InetAddress;
import java.net.MalformedURLException;
-import java.net.URI;
import java.net.URL;
import java.net.UnknownHostException;
-import java.util.List;
import org.apache.log4j.Logger;
-import java.util.ArrayList;
-import java.util.ListIterator;
-
/**
* A very simple caching IVOA Registry client. All the lookups done by this client use a properties
@@ -102,52 +94,26 @@ import java.util.ListIterator;
* <pre>
* ca.nrc.cadc.reg.client.RegistryClient.host=www.example.com
* </pre>
- *
+ * <p>
* This class is a forked and trimmed version of ca.nrc.cadc.reg.client.RegistryClient. It was forked
* to allow the realm implementation to be deployed without library dependencies.
*
* @author pdowler
*/
-public class RealmRegistryClient
+public class AuthenticationLookup
{
- private static Logger log = Logger.getLogger(RealmRegistryClient.class);
+ private static Logger log = Logger.getLogger(AuthenticationLookup.class);
- private static final String CACHE_FILENAME = "RegistryClient.properties";
private static final String LOCAL_PROPERTY = "ca.nrc.cadc.reg.client.RegistryClient.local";
private static final String HOST_PROPERTY = "ca.nrc.cadc.reg.client.RegistryClient.host";
private static final String SHORT_HOST_PROPERTY = "ca.nrc.cadc.reg.client.RegistryClient.shortHostname";
- private URL url;
- private RealmMultiValuedProperties mvp;
-
private String hostname;
private String shortHostname;
- /**
- * Constructor. Uses a properties file called RegistryClient.properties found in the classpath.
- */
- public RealmRegistryClient()
- {
- try
- {
- File conf = new File(System.getProperty("user.home") + "/config", CACHE_FILENAME);
- URL furl;
- if (conf.exists())
- furl = new URL("file://" + conf.getAbsolutePath());
- else
- furl = RealmRegistryClient.class.getResource("/"+CACHE_FILENAME);
-
- init(furl, false);
- }
- catch(Exception ex)
- {
- throw new RuntimeException("failed to find URL to " + CACHE_FILENAME, ex);
- }
- }
- private void init(URL url, boolean unused)
+ private void init()
{
- this.url = url;
try
{
String localP = System.getProperty(LOCAL_PROPERTY);
@@ -157,10 +123,12 @@ public class RealmRegistryClient
log.debug(" local: " + localP);
log.debug(" host: " + hostP);
log.debug("shortHost: " + shortHostP);
- if ( "true".equals(localP) )
+ if ("true".equals(localP))
{
- log.debug(LOCAL_PROPERTY + " is set, assuming localhost runs the service");
- this.hostname = InetAddress.getLocalHost().getCanonicalHostName();
+ log.debug(LOCAL_PROPERTY
+ + " is set, assuming localhost runs the service");
+ this.hostname = InetAddress.getLocalHost()
+ .getCanonicalHostName();
}
if (shortHostP != null)
@@ -176,66 +144,36 @@ public class RealmRegistryClient
{
hostP = hostP.trim();
if (hostP.length() > 0)
+ {
this.hostname = hostP;
+ }
}
}
- catch(UnknownHostException ex)
+ catch (UnknownHostException ex)
{
- log.warn("failed to find localhost name via name resolution (" + ex.toString() + "): using localhost");
+ log.warn("failed to find localhost name via name resolution ("
+ + ex.toString() + "): using localhost");
this.hostname = "localhost";
}
}
- public URL getServiceURL(URI serviceID, String protocol, String path)
- throws MalformedURLException
+ public URL configureAuthenticationServiceURL(URL serviceURL)
+ throws MalformedURLException
{
init();
- log.debug("getServiceURL: " + serviceID + "," + protocol + "," + path);
-
- //List<URL> urls = lookup.get(serviceID);
- List<String> strs = mvp.getProperty(serviceID.toString());
- if (strs == null || strs.isEmpty() )
- {
- return null; // no matching serviceURI
- }
- List<Service> srvs = new ArrayList<Service>(strs.size());
- for (String s : strs)
- {
- srvs.add(new Service(s));
- }
-
- String testproto = protocol + "://";
- ListIterator<Service> iter = srvs.listIterator();
- while ( iter.hasNext() )
- {
- Service srv = iter.next();
- boolean noMatch = false;
- if (protocol != null && !srv.url.startsWith(testproto))
- noMatch = true; // wrong protocol
- if (noMatch)
- {
- iter.remove();
- log.debug("getServiceURL: constraints not matched: " + srv + " vs " + protocol);
- }
- else
- log.debug("getServiceURL: found match: " + srv + " vs " + protocol);
- }
- if (srvs.isEmpty())
- return null;
-
- Service srv = srvs.get(0); // first match
+ log.debug("configureAuthenticationServiceURL: " + serviceURL + ","
+ + serviceURL.getProtocol() + "," + serviceURL.getPath());
- StringBuilder sb = new StringBuilder();
+ final StringBuilder sb = new StringBuilder();
if (hostname != null || shortHostname != null)
{
- URL ret = new URL(srv.url);
- sb.append(ret.getProtocol());
+ sb.append(serviceURL.getProtocol());
sb.append("://");
if (shortHostname != null)
{
String hname = shortHostname;
- String fqhn = ret.getHost();
+ String fqhn = serviceURL.getHost();
int i = fqhn.indexOf('.');
if (i > 0)
{
@@ -248,78 +186,19 @@ public class RealmRegistryClient
{
sb.append(hostname);
}
- int p = ret.getPort();
- if (p > 0 && p != ret.getDefaultPort())
+ int p = serviceURL.getPort();
+ if (p > 0 && p != serviceURL.getDefaultPort())
{
sb.append(":");
sb.append(p);
}
- sb.append(ret.getPath());
+ sb.append(serviceURL.getPath());
}
else
- sb.append(srv.url);
-
- if (path != null)
- sb.append(path);
-
- return new URL(sb.toString());
- }
-
- private class Service
- {
- String str;
- String url;
-
- public String toString() { return str; }
- Service(String s)
{
- this.str = s;
- String[] parts = s.split(" ");
- this.url = parts[0];
+ sb.append(serviceURL);
}
- }
- private void init()
- {
- if (mvp != null)
- return;
-
- InputStream istream = null;
- try
- {
- // find the cache resource from the url
- if (url == null)
- throw new RuntimeException("failed to find cache resource.");
- // read the properties
- log.debug("init: reading config from " + url);
- istream = url.openStream();
- this.mvp = new RealmMultiValuedProperties();
- mvp.load(istream);
-
- if (log.isDebugEnabled())
- {
- for (String k : mvp.keySet())
- {
- List<String> values = mvp.getProperty(k);
- for (String v : values)
- {
- log.debug(k + " = " + v);
- }
- }
- }
- }
- catch(IOException ex)
- {
- throw new RuntimeException("failed to load resource: " + CACHE_FILENAME, ex);
- }
- finally
- {
- if (istream != null)
- try { istream.close(); }
- catch(Throwable t)
- {
- log.warn("failed to close " + url, t);
- }
- }
+ return new URL(sb.toString());
}
}
diff --git a/cadcTomcat/src/ca/nrc/cadc/tomcat/CadcBasicAuthenticator.java b/cadcTomcat/src/ca/nrc/cadc/tomcat/CadcBasicAuthenticator.java
index e4866d8fe6178cf4585a455d51e00f527006c1f6..87e2a8eefaa68f5d354d4b4b503f0de0b46a6e90 100644
--- a/cadcTomcat/src/ca/nrc/cadc/tomcat/CadcBasicAuthenticator.java
+++ b/cadcTomcat/src/ca/nrc/cadc/tomcat/CadcBasicAuthenticator.java
@@ -71,11 +71,9 @@ package ca.nrc.cadc.tomcat;
import java.io.IOException;
import java.net.HttpURLConnection;
-import java.net.URI;
-import java.net.URISyntaxException;
import java.net.URL;
import java.security.Principal;
-import java.util.Arrays;
+import java.util.Collections;
import java.util.List;
import org.apache.catalina.realm.GenericPrincipal;
@@ -83,11 +81,12 @@ import org.apache.catalina.realm.RealmBase;
import org.apache.log4j.Level;
import org.apache.log4j.Logger;
+
/**
* Custom class for Tomcat realm authentication.
- *
+ * <p>
* This class was written against the Apache Tomcat 7 (7.0.33.0) API
- *
+ * <p>
* Authentication checks are performed as REST calls to servers
* implementing the cadcAccessControl-Server code.
*
@@ -97,7 +96,9 @@ public class CadcBasicAuthenticator extends RealmBase
{
private static Logger log = Logger.getLogger(CadcBasicAuthenticator.class);
- private static final String AC_URI = "ivo://cadc.nrc.ca/ums";
+
+ private String loginURL;
+
static
{
@@ -105,6 +106,17 @@ public class CadcBasicAuthenticator extends RealmBase
Logger.getLogger("ca.nrc.cadc.tomcat").setLevel(Level.INFO);
}
+ /**
+ * Set the login URL for the current host. Used by the realm configuration.
+ *
+ * @param loginURL The String login URL.
+ */
+ public void setLoginURL(final String loginURL)
+ {
+ this.loginURL = loginURL;
+ }
+
+
@Override
protected String getName()
{
@@ -139,7 +151,7 @@ public class CadcBasicAuthenticator extends RealmBase
if (valid)
{
// authentication ok, add public role
- List<String> roles = Arrays.asList("public");
+ List<String> roles = Collections.singletonList("public");
// Don't want to return the password here in the principal
// in case it makes it into the servlet somehow
@@ -151,7 +163,8 @@ public class CadcBasicAuthenticator extends RealmBase
catch (Throwable t)
{
success = false;
- String message = "Could not do http basic authentication: " + t.getMessage();
+ String message = "Could not do http basic authentication: "
+ + t.getMessage();
log.error(message, t);
throw new IllegalStateException(message, t);
}
@@ -159,28 +172,30 @@ public class CadcBasicAuthenticator extends RealmBase
{
long duration = System.currentTimeMillis() - start;
- StringBuilder json = new StringBuilder();
- json.append("{");
- json.append("\"method\":\"AUTH\",");
- json.append("\"user\":\"" + username + "\",");
- json.append("\"success\":" + success + ",");
- json.append("\"time\":" + duration);
- json.append("}");
+ // Converted from StringBuilder as it was unnecessary.
+ // jenkinsd 2016.08.09
+ String json = "{" +
+ "\"method\":\"AUTH\"," +
+ "\"user\":\"" + username + "\"," +
+ "\"success\":" + success + "," +
+ "\"time\":" + duration +
+ "}";
- log.info(json.toString());
+ log.info(json);
}
}
boolean login(String username, String credentials)
- throws URISyntaxException, IOException
+ throws IOException
{
- RealmRegistryClient registryClient = new RealmRegistryClient();
- URL loginURL = registryClient.getServiceURL(
- new URI(AC_URI + "#login"), "http", "");
-
+ AuthenticationLookup registryClient = new AuthenticationLookup();
+ URL authServiceURL =
+ registryClient.configureAuthenticationServiceURL(
+ new URL(loginURL));
String post = "username=" + username + "&password=" + credentials;
- HttpURLConnection conn = (HttpURLConnection) loginURL.openConnection();
+ HttpURLConnection conn =
+ (HttpURLConnection) authServiceURL.openConnection();
conn.setRequestMethod("POST");
conn.setDoOutput(true);
@@ -190,7 +205,7 @@ public class CadcBasicAuthenticator extends RealmBase
int responseCode = conn.getResponseCode();
log.debug("Http POST to /ac/login returned " +
- responseCode + " for user " + username);
+ responseCode + " for user " + username);
if (responseCode != 200)
{
@@ -199,7 +214,8 @@ public class CadcBasicAuthenticator extends RealmBase
{
// not an unauthorized, so log the
// possible server side error
- String errorMessage = "Error calling /ac/login, error code: " + responseCode;
+ String errorMessage = "Error calling /ac/login, error code: "
+ + responseCode;
throw new IllegalStateException(errorMessage);
}
@@ -211,5 +227,4 @@ public class CadcBasicAuthenticator extends RealmBase
}
-
}
diff --git a/cadcTomcat/test/src/ca/nrc/cadc/tomcat/RealmRegistryClientTest.java b/cadcTomcat/test/src/ca/nrc/cadc/tomcat/AuthenticationLookupTest.java
similarity index 60%
rename from cadcTomcat/test/src/ca/nrc/cadc/tomcat/RealmRegistryClientTest.java
rename to cadcTomcat/test/src/ca/nrc/cadc/tomcat/AuthenticationLookupTest.java
index e77b56f73df4eae48b36f1436b81120d29855884..6165fc33001c7371e15d019b7cc46050c2c4b4e4 100644
--- a/cadcTomcat/test/src/ca/nrc/cadc/tomcat/RealmRegistryClientTest.java
+++ b/cadcTomcat/test/src/ca/nrc/cadc/tomcat/AuthenticationLookupTest.java
@@ -70,6 +70,7 @@
package ca.nrc.cadc.tomcat;
import java.net.InetAddress;
+import java.net.MalformedURLException;
import java.net.URI;
import java.net.URL;
@@ -84,12 +85,12 @@ import org.junit.Test;
/**
- *
* @author pdowler
*/
-public class RealmRegistryClientTest
+public class AuthenticationLookupTest
{
- private static Logger log = Logger.getLogger(RealmRegistryClientTest.class);
+ private static Logger log = Logger
+ .getLogger(AuthenticationLookupTest.class);
static
{
@@ -130,120 +131,58 @@ public class RealmRegistryClientTest
{
}
- static String DUMMY_URI = "ivo://example.com/srv";
- static String DUMMY_URL = "http://www.example.com/current/path/to/my/service";
- static String DUMMY_CERT_URL = "https://www.example.com/current/path/to/my/service";
- static String DUMMY_PASSWORD_URL = "http://www.example.com/current/path/to/my/auth-service";
- static String DUMMY_TOKEN_URL = DUMMY_URL;
- static String DUMMY_COOKIE_URL = DUMMY_URL;
+ static URL DUMMY_URL;
- @Test
- public void testNotFound() throws Exception
+ static
{
try
{
- RealmRegistryClient rc = new RealmRegistryClient();
-
- URL url = rc.getServiceURL(new URI("ivo://foo/bar"), null, null);
- Assert.assertNull(url);
+ DUMMY_URL = new URL(
+ "http://www.example.com/current/path/to/my/service");
}
- catch(Exception unexpected)
+ catch (MalformedURLException e)
{
- log.error("unexpected exception", unexpected);
- Assert.fail("unexpected exception: " + unexpected);
+ // Will never happen.
}
}
+
@Test
public void testFound() throws Exception
{
- try
- {
- RealmRegistryClient rc = new RealmRegistryClient();
+ AuthenticationLookup authLookup = new AuthenticationLookup();
- URL expected = new URL(DUMMY_URL);
- URL url = rc.getServiceURL(new URI(DUMMY_URI), null, null);
- Assert.assertEquals(expected, url);
- }
- catch(Exception unexpected)
- {
- log.error("unexpected exception", unexpected);
- Assert.fail("unexpected exception: " + unexpected);
- }
+ URL url = authLookup.configureAuthenticationServiceURL(DUMMY_URL);
+ Assert.assertEquals(DUMMY_URL, url);
}
- @Test
- public void testFoundViaConfigFile() throws Exception
- {
- String home = System.getProperty("user.home");
- try
- {
- String fakeHome = System.getProperty("user.dir") + "/test";
- log.debug("setting user.home = " + fakeHome);
- System.setProperty("user.home", fakeHome);
- RealmRegistryClient rc = new RealmRegistryClient();
-
- URL expected = new URL("http://alt.example.com/current/path/to/my/service");
- URL url = rc.getServiceURL(new URI("ivo://example.com/srv"), "http", null);
- Assert.assertEquals(expected, url);
- }
- catch(Exception unexpected)
- {
- log.error("unexpected exception", unexpected);
- Assert.fail("unexpected exception: " + unexpected);
- }
- finally
- {
- // reset
- System.setProperty("user.home", home);
- }
- }
-
-
- @Test
- public void testFoundWithProtocol() throws Exception
- {
- try
- {
- RealmRegistryClient rc = new RealmRegistryClient();
-
- URL expected = new URL(DUMMY_URL);
- URL url = rc.getServiceURL(new URI(DUMMY_URI), "http", null);
- Assert.assertEquals(expected, url);
-
- expected = new URL(DUMMY_CERT_URL);
- url = rc.getServiceURL(new URI(DUMMY_URI), "https", null);
- Assert.assertEquals(expected, url);
- }
- catch(Exception unexpected)
- {
- log.error("unexpected exception", unexpected);
- Assert.fail("unexpected exception: " + unexpected);
- }
- }
@Test
public void testFoundLocal() throws Exception
{
try
{
- System.setProperty("ca.nrc.cadc.reg.client.RegistryClient.local", "true");
- RealmRegistryClient rc = new RealmRegistryClient();
+ System.setProperty("ca.nrc.cadc.reg.client.RegistryClient.local",
+ "true");
+ AuthenticationLookup authLookup = new AuthenticationLookup();
- String localhost = InetAddress.getLocalHost().getCanonicalHostName();
- URL expected = new URL("http://" + localhost + "/current/path/to/my/service");
+ String localhost = InetAddress.getLocalHost()
+ .getCanonicalHostName();
+ URL expected = new URL("http://" + localhost
+ + "/current/path/to/my/service");
- URL url = rc.getServiceURL(new URI(DUMMY_URI), null, null);
+ URL url = authLookup.configureAuthenticationServiceURL(DUMMY_URL);
Assert.assertEquals(expected, url);
}
- catch(Exception unexpected)
+ catch (Exception unexpected)
{
log.error("unexpected exception", unexpected);
Assert.fail("unexpected exception: " + unexpected);
}
finally
{
- System.setProperty("ca.nrc.cadc.reg.client.RegistryClient.local", "false");
+ System.setProperty("ca.nrc.cadc.reg.client.RegistryClient.local",
+ "false");
}
}
@@ -252,23 +191,27 @@ public class RealmRegistryClientTest
{
try
{
- System.setProperty("ca.nrc.cadc.reg.client.RegistryClient.host", "foo.bar.com");
- RealmRegistryClient rc = new RealmRegistryClient();
+ System.setProperty("ca.nrc.cadc.reg.client.RegistryClient.host",
+ "foo.bar.com");
+ AuthenticationLookup authLookup = new AuthenticationLookup();
- URL url = rc.getServiceURL(new URI(DUMMY_URI), null, null);
- Assert.assertEquals("http://foo.bar.com/current/path/to/my/service", url.toExternalForm());
+ URL url = authLookup.configureAuthenticationServiceURL(DUMMY_URL);
+ Assert.assertEquals("http://foo.bar.com/current/path/to/my/service",
+ url.toExternalForm());
- url = rc.getServiceURL(new URI(DUMMY_URI), null, null);
- Assert.assertEquals("http://foo.bar.com/current/path/to/my/service", url.toExternalForm());
+ url = authLookup.configureAuthenticationServiceURL(DUMMY_URL);
+ Assert.assertEquals("http://foo.bar.com/current/path/to/my/service",
+ url.toExternalForm());
}
- catch(Exception unexpected)
+ catch (Exception unexpected)
{
log.error("unexpected exception", unexpected);
Assert.fail("unexpected exception: " + unexpected);
}
finally
{
- System.setProperty("ca.nrc.cadc.reg.client.RegistryClient.host", "");
+ System.setProperty("ca.nrc.cadc.reg.client.RegistryClient.host",
+ "");
}
}
@@ -277,21 +220,26 @@ public class RealmRegistryClientTest
{
try
{
- System.setProperty("ca.nrc.cadc.reg.client.RegistryClient.shortHostname", "foo");
- RealmRegistryClient rc = new RealmRegistryClient();
+ System.setProperty(
+ "ca.nrc.cadc.reg.client.RegistryClient.shortHostname",
+ "foo");
+ AuthenticationLookup authLookup = new AuthenticationLookup();
- URL url = rc.getServiceURL(new URI(DUMMY_URI), null, null);
- Assert.assertEquals("http://foo.example.com/current/path/to/my/service", url.toExternalForm());
+ URL url = authLookup.configureAuthenticationServiceURL(DUMMY_URL);
+ Assert.assertEquals(
+ "http://foo.example.com/current/path/to/my/service",
+ url.toExternalForm());
}
- catch(Exception unexpected)
+ catch (Exception unexpected)
{
log.error("unexpected exception", unexpected);
Assert.fail("unexpected exception: " + unexpected);
}
finally
{
- System.setProperty("ca.nrc.cadc.reg.client.RegistryClient.shortHostname", "");
+ System.setProperty(
+ "ca.nrc.cadc.reg.client.RegistryClient.shortHostname", "");
}
}
}
diff --git a/cadcTomcat/test/src/ca/nrc/cadc/tomcat/CadcBasicAuthenticatorTest.java b/cadcTomcat/test/src/ca/nrc/cadc/tomcat/CadcBasicAuthenticatorTest.java
index 1e713b84654289f9866abf59eab3120fa50feb72..c791fbccb0e50961e33133fae7d1ad260128b371 100644
--- a/cadcTomcat/test/src/ca/nrc/cadc/tomcat/CadcBasicAuthenticatorTest.java
+++ b/cadcTomcat/test/src/ca/nrc/cadc/tomcat/CadcBasicAuthenticatorTest.java
@@ -71,7 +71,6 @@
package ca.nrc.cadc.tomcat;
import java.io.IOException;
-import java.net.URISyntaxException;
import junit.framework.Assert;
@@ -80,10 +79,12 @@ import org.apache.log4j.Level;
import org.apache.log4j.Logger;
import org.junit.Test;
+
public class CadcBasicAuthenticatorTest
{
- private static Logger log = Logger.getLogger(CadcBasicAuthenticatorTest.class);
+ private static Logger log =
+ Logger.getLogger(CadcBasicAuthenticatorTest.class);
static
{
@@ -97,7 +98,8 @@ public class CadcBasicAuthenticatorTest
try
{
TestAuthenticator auth = new TestAuthenticator(true);
- GenericPrincipal p = (GenericPrincipal) auth.authenticate("user", "pass");
+ GenericPrincipal p = (GenericPrincipal) auth.authenticate("user",
+ "pass");
Assert.assertNotNull(p);
Assert.assertEquals("wrong num roles", 1, p.getRoles().length);
@@ -117,7 +119,8 @@ public class CadcBasicAuthenticatorTest
try
{
TestAuthenticator auth = new TestAuthenticator(false);
- GenericPrincipal p = (GenericPrincipal) auth.authenticate("user", "pass");
+ GenericPrincipal p = (GenericPrincipal) auth.authenticate("user",
+ "pass");
Assert.assertNull(p);
}
@@ -138,8 +141,7 @@ public class CadcBasicAuthenticatorTest
}
@Override
- boolean login(String username, String credentials)
- throws URISyntaxException, IOException
+ boolean login(String username, String credentials) throws IOException
{
return authenticate;
}