diff --git a/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java b/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java
index cec987e802b558fa6ddb4cd58b7e7e964aa1039a..e0773cefe5011fef6e490ec3792761edf3aecb22 100755
--- a/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java
+++ b/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java
@@ -195,7 +195,6 @@ public class LdapGroupDAO extends LdapDAO
}
else
{
-
// add group to groups tree
LDAPResult result = addGroup(getGroupDN(group.getID()),
group.getID(), ownerDN,
@@ -211,7 +210,6 @@ public class LdapGroupDAO extends LdapDAO
group.getUserAdmins(),
group.getGroupAdmins());
LdapDAO.checkLdapResult(result.getResultCode());
-
}
}
catch (LDAPException e)
@@ -231,8 +229,7 @@ public class LdapGroupDAO extends LdapDAO
{
// add new group
List<Attribute> attributes = new ArrayList<Attribute>();
- Attribute ownerAttribute =
- new Attribute(LDAP_OWNER, ownerDN.toNormalizedString());
+ Attribute ownerAttribute = new Attribute(LDAP_OWNER, ownerDN.toNormalizedString());
attributes.add(ownerAttribute);
attributes.add(new Attribute(LDAP_OBJECT_CLASS, LDAP_GROUP_OF_UNIQUE_NAMES));
attributes.add(new Attribute(LDAP_OBJECT_CLASS, LDAP_INET_USER));
@@ -261,16 +258,12 @@ public class LdapGroupDAO extends LdapDAO
}
if (!members.isEmpty())
{
- attributes.add(new Attribute(LDAP_UNIQUE_MEMBER,
- (String[]) members
- .toArray(new String[members
- .size()])));
+ attributes.add(
+ new Attribute(LDAP_UNIQUE_MEMBER,
+ (String[]) members.toArray(new String[members.size()])));
}
AddRequest addRequest = new AddRequest(groupDN, attributes);
- //addRequest.addControl(
- // new ProxiedAuthorizationV2RequestControl(
- // "dn:" + getSubjectDN().toNormalizedString()));
logger.debug("addGroup: " + groupDN);
return getReadWriteConnection().add(addRequest);
@@ -299,16 +292,11 @@ public class LdapGroupDAO extends LdapDAO
DN groupDN = getGroupDN(group.getID());
SearchRequest searchRequest =
- new SearchRequest(groupDN.toNormalizedString(), SearchScope.BASE, filter,
- new String[]{LDAP_NSACCOUNTLOCK});
+ new SearchRequest(groupDN.toNormalizedString(), SearchScope.BASE,
+ filter, new String[]{LDAP_NSACCOUNTLOCK});
- //searchRequest.addControl(
- // new ProxiedAuthorizationV2RequestControl("dn:" +
- // getSubjectDN()
- // .toNormalizedString()));
-
- SearchResultEntry searchResult = getReadWriteConnection()
- .searchForEntry(searchRequest);
+ SearchResultEntry searchResult =
+ getReadWriteConnection().searchForEntry(searchRequest);
if (searchResult == null)
{
@@ -376,19 +364,17 @@ public class LdapGroupDAO extends LdapDAO
}
if ((groupNames.size() % 100) == 0)
{
-
- logger.debug("found: " + groupNames
- .size() + " " + dt + "ms");
+ logger.debug("found: " + groupNames.size() +
+ " " + dt + "ms");
t1 = t2;
}
}
public void searchReferenceReturned(SearchResultReference srr)
{
- throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+ throw new UnsupportedOperationException("Not supported yet.");
}
- }, config
- .getGroupsDN(), SearchScope.ONE, filter, PUB_GROUP_ATTRS);
+ }, config.getGroupsDN(), SearchScope.ONE, filter, PUB_GROUP_ATTRS);
SearchResult searchResult = null;
try
@@ -419,8 +405,8 @@ public class LdapGroupDAO extends LdapDAO
{
logger.debug("getGroupNames Exception: " + e1, e1);
LdapDAO.checkLdapResult(e1.getResultCode());
- throw new IllegalStateException("Unexpected exception: " + e1
- .getMatchedDN(), e1);
+ throw new IllegalStateException("Unexpected exception: " +
+ e1.getMatchedDN(), e1);
}
}
@@ -453,7 +439,7 @@ public class LdapGroupDAO extends LdapDAO
return group;
}
- // groupID is here so exceptions and loggiong have plain groupID instead of DN
+ // groupID is here so exceptions and logging have plain groupID instead of DN
private Group getGroup(final DN groupDN, final String xgroupID, String[] attributes)
throws GroupNotFoundException, TransientException,
AccessControlException
@@ -481,8 +467,8 @@ public class LdapGroupDAO extends LdapDAO
if (searchEntry == null)
{
- String msg = "Group not found " + loggableGroupID;
- logger.debug(msg + " cause: null");
+ String msg = "Group not found " + loggableGroupID + " cause: null";
+ logger.debug(msg);
throw new GroupNotFoundException(loggableGroupID);
}
@@ -499,7 +485,7 @@ public class LdapGroupDAO extends LdapDAO
User user;
try
{
- user = userDAO.getX500User(memberDN);
+ user = userDAO.getUser(new DNPrincipal(member));
ldapGroup.getUserMembers().add(user);
}
catch (UserNotFoundException e)
@@ -621,34 +607,24 @@ public class LdapGroupDAO extends LdapDAO
}
// modify the admin group
- adminMods.add(new Modification(ModificationType.REPLACE, LDAP_UNIQUE_MEMBER,
- (String[]) newAdmins
- .toArray(new String[newAdmins
- .size()])));
+ adminMods.add(
+ new Modification(ModificationType.REPLACE, LDAP_UNIQUE_MEMBER,
+ (String[]) newAdmins.toArray(new String[newAdmins.size()])));
ModifyRequest adminModify =
new ModifyRequest(getAdminGroupDN(group.getID()), adminMods);
- //adminModify.addControl(
- // new ProxiedAuthorizationV2RequestControl(
- // "dn:" + getSubjectDN().toNormalizedString()));
-
LdapDAO.checkLdapResult(
getReadWriteConnection().modify(adminModify).getResultCode());
// modify the group itself
- mods.add(new Modification(ModificationType.REPLACE, LDAP_UNIQUE_MEMBER,
- (String[]) newMembers
- .toArray(new String[newMembers
- .size()])));
+ mods.add(
+ new Modification(ModificationType.REPLACE, LDAP_UNIQUE_MEMBER,
+ (String[]) newMembers.toArray(new String[newMembers.size()])));
ModifyRequest modifyRequest =
new ModifyRequest(getGroupDN(group.getID()), mods);
- //modifyRequest.addControl(
- // new ProxiedAuthorizationV2RequestControl(
- // "dn:" + getSubjectDN().toNormalizedString()));
-
LdapDAO.checkLdapResult(
getReadWriteConnection().modify(modifyRequest).getResultCode());
}
@@ -670,8 +646,8 @@ public class LdapGroupDAO extends LdapDAO
}
catch (GroupNotFoundException e)
{
- throw new RuntimeException("BUG: modified group not found (" + group
- .getID() + ")");
+ throw new RuntimeException("BUG: modified group not found (" +
+ group.getID() + ")");
}
}
@@ -757,13 +733,7 @@ public class LdapGroupDAO extends LdapDAO
SearchRequest searchRequest = new SearchRequest(
config.getGroupsDN(), SearchScope.SUB, filter, GROUP_ATTRS);
- //searchRequest.addControl(
- // new ProxiedAuthorizationV2RequestControl("dn:" +
- // getSubjectDN()
- // .toNormalizedString()));
-
- SearchResult results = getReadOnlyConnection()
- .search(searchRequest);
+ SearchResult results = getReadOnlyConnection().search(searchRequest);
for (SearchResultEntry result : results.getSearchEntries())
{
ret.add(createGroupFromSearchResult(result, GROUP_ATTRS));
@@ -793,26 +763,25 @@ public class LdapGroupDAO extends LdapDAO
return new Group(groupName);
}
- DN ownerDN = result.getAttributeValueAsDN(LDAP_OWNER);
+ String ownerDN = result.getAttributeValue(LDAP_OWNER);
if (ownerDN == null)
{
throw new AccessControlException(groupName);
}
try
{
- User owner = userDAO.getX500User(ownerDN);
- Group g = new Group(groupName);
- setField(g, owner, LDAP_OWNER);
+ User owner = userDAO.getUser(new DNPrincipal(ownerDN));
+ Group group = new Group(groupName);
+ setField(group, owner, LDAP_OWNER);
if (result.hasAttribute(LDAP_DESCRIPTION))
{
- g.description = result.getAttributeValue(LDAP_DESCRIPTION);
+ group.description = result.getAttributeValue(LDAP_DESCRIPTION);
}
if (result.hasAttribute(LDAP_MODIFY_TIMESTAMP))
{
- g.lastModified = result
- .getAttributeValueAsDate(LDAP_MODIFY_TIMESTAMP);
+ group.lastModified = result.getAttributeValueAsDate(LDAP_MODIFY_TIMESTAMP);
}
- return g;
+ return group;
}
catch (UserNotFoundException ex)
{
diff --git a/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupPersistence.java b/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupPersistence.java
index 306e42bfa0efcecded209baa5904eaefcde1191f..7edcb42cb6a15aa16591af6bb523311af016f376 100755
--- a/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupPersistence.java
+++ b/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupPersistence.java
@@ -175,13 +175,14 @@ public class LdapGroupPersistence extends LdapPersistence implements GroupPersis
GroupNotFoundException
{
Subject caller = AuthenticationUtil.getCurrentSubject();
- Principal owner = getUser(caller);
- setField(group, owner, "owner");
+ Principal userID = getUser(caller);
LdapConnections conns = new LdapConnections(this);
try
{
LdapUserDAO userDAO = new LdapUserDAO(conns);
+ User owner = userDAO.getAugmentedUser(userID);
+ setField(group, owner, "owner");
LdapGroupDAO groupDAO = new LdapGroupDAO(conns, userDAO);
groupDAO.addGroup(group);
}
diff --git a/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java b/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java
index f13d3f53a36337759fcdc1b921b5ec1b4670ca40..c94f68747c7a16b23016bdbb908386c4eeff1ae9 100755
--- a/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java
+++ b/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java
@@ -186,6 +186,7 @@ public class LdapUserDAO extends LdapDAO
this.userLdapAttrib.put(HttpPrincipal.class, LDAP_UID);
this.userLdapAttrib.put(X500Principal.class, LDAP_DISTINGUISHED_NAME);
this.userLdapAttrib.put(NumericPrincipal.class, LDAP_NUMERICID);
+ this.userLdapAttrib.put(DNPrincipal.class, LDAP_ENTRYDN);
// add the id attributes to user and member attributes
String[] princs = userLdapAttrib.values()
diff --git a/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java b/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java
index 796a493d24301ffba489cf6661c965881f5390bf..25ae567285032d61301461207259a3b6163071a5 100644
--- a/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java
+++ b/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java
@@ -80,6 +80,7 @@ import javax.security.auth.Subject;
import javax.security.auth.x500.X500Principal;
import ca.nrc.cadc.ac.server.TestUtil;
+import ca.nrc.cadc.auth.NumericPrincipal;
import org.apache.log4j.Level;
import org.apache.log4j.Logger;
import org.junit.Assert;
@@ -98,41 +99,14 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest
{
private static final Logger log = Logger.getLogger(LdapGroupDAOTest.class);
- static String user1Username = "CadcDaoTest1";
- static String user2Username = "CadcDaoTest2";
- static String user3Username = "CadcDaoTest3";
-
- static String user1UID = "cadcdaotest1";
- static String user2UID = "cadcdaotest2";
- static String user3UID = "cadcdaotest3";
-
- static String user1DN = "cn=" + user1UID + ",ou=cadc,o=hia,c=ca";
- static String user2DN = "cn=" + user2UID + ",ou=cadc,o=hia,c=ca";
- static String user3DN = "cn=" + user3UID + ",ou=cadc,o=hia,c=ca";
- static String unknownDN = "cn=foo,ou=cadc,o=hia,c=ca";
-
- static String user1EntryDN = "uid=cadcdaotest1,ou=users,ou=ds,dc=testcanfar";
- static String user2EntryDN = "uid=cadcdaotest2,ou=users,ou=ds,dc=testcanfar";
- static String user3EntryDN = "uid=cadcdaotest3,ou=users,ou=ds,dc=testcanfar";
-
- static HttpPrincipal user1HttpPrincipal;
- static HttpPrincipal user2HttpPrincipal;
- static HttpPrincipal user3HttpPrincipal;
-
- static DNPrincipal user1DNPrincipal;
- static DNPrincipal user2DNPrincipal;
- static DNPrincipal user3DNPrincipal;
-
- static X500Principal user1X500Principal;
- static X500Principal user2X500Principal;
- static X500Principal user3X500Principal;
- static X500Principal unknownPrincipal;
-
static User daoTestUser1;
static User daoTestUser2;
static User daoTestUser3;
static User unknownUser;
+ static User augmentedDaoTestUser1;
+ static User augmentedDaoTestUser2;
+
static Subject daoTestUser1Subject;
static Subject daoTestUser2Subject;
static Subject anonSubject;
@@ -148,47 +122,36 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest
// get the configuration of the development server from and config files...
config = getLdapConfig();
- user1HttpPrincipal = new HttpPrincipal(user1Username);
- user2HttpPrincipal = new HttpPrincipal(user2Username);
- user3HttpPrincipal = new HttpPrincipal(user3Username);
-
- user1X500Principal = new X500Principal(user1DN);
- user2X500Principal = new X500Principal(user2DN);
- user3X500Principal = new X500Principal(user3DN);
- unknownPrincipal = new X500Principal(unknownDN);
-
- user1DNPrincipal = new DNPrincipal(user1EntryDN);
- user2DNPrincipal = new DNPrincipal(user2EntryDN);
-
- daoTestUser1 = new User();
- daoTestUser1.getIdentities().add(user1X500Principal);
- daoTestUser1.getIdentities().add(user1DNPrincipal);
- daoTestUser1.getIdentities().add(user1HttpPrincipal);
- daoTestUser2 = new User();
- daoTestUser2.getIdentities().add(user2X500Principal);
- daoTestUser2.getIdentities().add(user2DNPrincipal);
- daoTestUser2.getIdentities().add(user2HttpPrincipal);
- daoTestUser3 = new User();
- daoTestUser3.getIdentities().add(user3X500Principal);
- daoTestUser3.getIdentities().add(user3DNPrincipal);
- daoTestUser3.getIdentities().add(user3HttpPrincipal);
- unknownUser = new User();
- unknownUser.getIdentities().add(unknownPrincipal);
+ HttpPrincipal httpPrincipal1 = new HttpPrincipal("CadcDaoTest1");
+ HttpPrincipal httpPrincipal2 = new HttpPrincipal("CadcDaoTest2");
+ HttpPrincipal httpPrincipal3 = new HttpPrincipal("CadcDaoTest3");
+
+ daoTestUser1 = getUserDAO().getUser(httpPrincipal1);
+ daoTestUser2 = getUserDAO().getUser(httpPrincipal2);
+ daoTestUser3 = getUserDAO().getUser(httpPrincipal3);
+ augmentedDaoTestUser1 = getUserDAO().getAugmentedUser(httpPrincipal1);
daoTestUser1Subject = new Subject();
- daoTestUser1Subject.getPrincipals().add(user1X500Principal);
- daoTestUser1Subject.getPrincipals().add(user1DNPrincipal);
- daoTestUser1Subject.getPrincipals().add(user1HttpPrincipal);
+ daoTestUser1Subject.getPrincipals().addAll(augmentedDaoTestUser1.getIdentities());
+ augmentedDaoTestUser2 = getUserDAO().getAugmentedUser(httpPrincipal2);
daoTestUser2Subject = new Subject();
- daoTestUser2Subject.getPrincipals().add(user2X500Principal);
- daoTestUser2Subject.getPrincipals().add(user2DNPrincipal);
- daoTestUser2Subject.getPrincipals().add(user2HttpPrincipal);
+ daoTestUser2Subject.getPrincipals().addAll(augmentedDaoTestUser2.getIdentities());
+
+ HttpPrincipal unknownPrincipal = new HttpPrincipal("foo");
+ unknownUser = new User();
+ unknownUser.getIdentities().add(unknownPrincipal);
anonSubject = new Subject();
anonSubject.getPrincipals().add(unknownPrincipal);
}
+ static LdapUserDAO getUserDAO() throws Exception
+ {
+ LdapConnections connections = new LdapConnections(config);
+ return new LdapUserDAO(connections);
+ }
+
LdapGroupDAO getGroupDAO() throws Exception
{
LdapConnections connections = new LdapConnections(config);
@@ -212,7 +175,7 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest
try
{
Group expectGroup = new Group(getGroupID());
- TestUtil.setField(expectGroup, daoTestUser1, "owner");
+ TestUtil.setField(expectGroup, augmentedDaoTestUser1, "owner");
getGroupDAO().addGroup(expectGroup);
Group actualGroup = getGroupDAO().getGroup(expectGroup.getID(), true);
log.info("addGroup: " + expectGroup.getID());
@@ -227,7 +190,7 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest
assertGroupsEqual(expectGroup, actualGroup);
Group otherGroup = new Group(getGroupID());
- TestUtil.setField(otherGroup, daoTestUser1, "owner");
+ TestUtil.setField(otherGroup, augmentedDaoTestUser1, "owner");
getGroupDAO().addGroup(otherGroup);
otherGroup = getGroupDAO().getGroup(otherGroup.getID(), true);
log.info("addGroup: " + otherGroup.getID());
@@ -252,7 +215,7 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest
// the the returned result should contain only
// one entry (the dn one)
User duplicateIdentity = new User();
- duplicateIdentity.getIdentities().add(new HttpPrincipal(user2UID));
+ duplicateIdentity.getIdentities().add(daoTestUser2.getHttpPrincipal());
expectGroup.getUserMembers().add(daoTestUser2);
expectGroup.getUserMembers().add(duplicateIdentity);
actualGroup = getGroupDAO().modifyGroup(expectGroup);
@@ -287,7 +250,7 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest
// groupAdmins
Group adminGroup = new Group(getGroupID());
- TestUtil.setField(adminGroup, daoTestUser1, "owner");
+ TestUtil.setField(adminGroup, augmentedDaoTestUser1, "owner");
getGroupDAO().addGroup(adminGroup);
adminGroup = getGroupDAO().getGroup(adminGroup.getID(), true);
expectGroup.getGroupAdmins().add(adminGroup);
@@ -320,6 +283,7 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest
// reactivate the group
Group reactGroup = new Group(expectGroup.getID());
+ TestUtil.setField(reactGroup, augmentedDaoTestUser1, "owner");
getGroupDAO().addGroup(reactGroup);
log.info("create (reactivate) group: " + expectGroup.getID());
actualGroup = getGroupDAO().getGroup(expectGroup.getID(), true);
@@ -332,7 +296,7 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest
// create another group and make expected group
// member of that group. Delete expected group after
Group expectGroup2 = new Group(getGroupID());
- TestUtil.setField(expectGroup, daoTestUser1, "owner");
+ TestUtil.setField(expectGroup2, augmentedDaoTestUser1, "owner");
expectGroup2.getGroupAdmins().add(actualGroup);
expectGroup2.getGroupMembers().add(actualGroup);
getGroupDAO().addGroup(expectGroup2);