Skip to content
Snippets Groups Projects
Commit 14e720b3 authored by Jeff Burke's avatar Jeff Burke
Browse files

s1651 implemented search

parent ee899a80
No related branches found
No related tags found
No related merge requests found
Showing
with 1560 additions and 244 deletions
...@@ -145,6 +145,7 @@ ...@@ -145,6 +145,7 @@
<!--<test name="ca.nrc.cadc.ac.server.ldap.LdapDAOTestImpl" />--> <!--<test name="ca.nrc.cadc.ac.server.ldap.LdapDAOTestImpl" />-->
<test name="ca.nrc.cadc.ac.server.ldap.LdapGroupDAOTest" /> <test name="ca.nrc.cadc.ac.server.ldap.LdapGroupDAOTest" />
<!--<test name="ca.nrc.cadc.ac.server.web.GroupActionFactoryTest" />--> <!--<test name="ca.nrc.cadc.ac.server.web.GroupActionFactoryTest" />-->
<!--<test name="ca.nrc.cadc.ac.server.ldap.LdapUserDAOTest" />-->
<formatter type="plain" usefile="false" /> <formatter type="plain" usefile="false" />
</junit> </junit>
</target> </target>
......
...@@ -71,8 +71,8 @@ package ca.nrc.cadc.ac.server; ...@@ -71,8 +71,8 @@ package ca.nrc.cadc.ac.server;
import ca.nrc.cadc.ac.Group; import ca.nrc.cadc.ac.Group;
import ca.nrc.cadc.ac.GroupAlreadyExistsException; import ca.nrc.cadc.ac.GroupAlreadyExistsException;
import ca.nrc.cadc.ac.GroupNotFoundException; import ca.nrc.cadc.ac.GroupNotFoundException;
import ca.nrc.cadc.ac.IdentityType;
import ca.nrc.cadc.ac.Role; import ca.nrc.cadc.ac.Role;
import ca.nrc.cadc.ac.User;
import ca.nrc.cadc.ac.UserNotFoundException; import ca.nrc.cadc.ac.UserNotFoundException;
import ca.nrc.cadc.net.TransientException; import ca.nrc.cadc.net.TransientException;
import java.security.AccessControlException; import java.security.AccessControlException;
...@@ -145,35 +145,21 @@ public abstract interface GroupPersistence<T extends Principal> ...@@ -145,35 +145,21 @@ public abstract interface GroupPersistence<T extends Principal>
/** /**
* Obtain a Collection of Groups that fit the given query. * Obtain a Collection of Groups that fit the given query.
* *
* @param user user * @param userID The userID.
* @param role Role of the user, either owner, member, or read/write. * @param role Role of the user, either owner, member, or read/write.
* @param groupID The Group ID.
* *
* @return Collection of Groups matching the query, or empty Collection. * @return Collection of Groups matching the query, or empty Collection.
* Never null. * Never null.
* *
* @throws UserNotFoundException If owner or group members not valid users. * @throws UserNotFoundException If owner or group members not valid users.
* @throws ca.nrc.cadc.ac.GroupNotFoundException
* @throws TransientException If an temporary, unexpected problem occurred. * @throws TransientException If an temporary, unexpected problem occurred.
* @throws AccessControlException If the operation is not permitted. * @throws AccessControlException If the operation is not permitted.
*/ */
public abstract Collection<Group> getGroups(User<T> user, Role role) public abstract Collection<Group> searchGroups(T userID, Role role,
throws UserNotFoundException, TransientException, String groupID)
AccessControlException; throws UserNotFoundException, GroupNotFoundException,
TransientException, AccessControlException;
/**
* Check whether the user is a member of the group.
*
* @param user user
* @param groupID ID of group
*
* @return true or false
*
* @throws GroupNotFoundException If the group was not found.
* @throws TransientException If an temporary, unexpected problem occurred.
* @throws AccessControlException If the operation is not permitted.
* @throws ca.nrc.cadc.ac.UserNotFoundException
*/
public abstract boolean isMember(User<T> user, String groupID)
throws GroupNotFoundException, TransientException,
AccessControlException, UserNotFoundException;
} }
/*
************************************************************************
******************* CANADIAN ASTRONOMY DATA CENTRE *******************
************** CENTRE CANADIEN DE DONNÉES ASTRONOMIQUES **************
*
* (c) 2014. (c) 2014.
* Government of Canada Gouvernement du Canada
* National Research Council Conseil national de recherches
* Ottawa, Canada, K1A 0R6 Ottawa, Canada, K1A 0R6
* All rights reserved Tous droits réservés
*
* NRC disclaims any warranties, Le CNRC dénie toute garantie
* expressed, implied, or énoncée, implicite ou légale,
* statutory, of any kind with de quelque nature que ce
* respect to the software, soit, concernant le logiciel,
* including without limitation y compris sans restriction
* any warranty of merchantability toute garantie de valeur
* or fitness for a particular marchande ou de pertinence
* purpose. NRC shall not be pour un usage particulier.
* liable in any event for any Le CNRC ne pourra en aucun cas
* damages, whether direct or être tenu responsable de tout
* indirect, special or general, dommage, direct ou indirect,
* consequential or incidental, particulier ou général,
* arising from the use of the accessoire ou fortuit, résultant
* software. Neither the name de l'utilisation du logiciel. Ni
* of the National Research le nom du Conseil National de
* Council of Canada nor the Recherches du Canada ni les noms
* names of its contributors may de ses participants ne peuvent
* be used to endorse or promote être utilisés pour approuver ou
* products derived from this promouvoir les produits dérivés
* software without specific prior de ce logiciel sans autorisation
* written permission. préalable et particulière
* par écrit.
*
* This file is part of the Ce fichier fait partie du projet
* OpenCADC project. OpenCADC.
*
* OpenCADC is free software: OpenCADC est un logiciel libre ;
* you can redistribute it and/or vous pouvez le redistribuer ou le
* modify it under the terms of modifier suivant les termes de
* the GNU Affero General Public la “GNU Affero General Public
* License as published by the License” telle que publiée
* Free Software Foundation, par la Free Software Foundation
* either version 3 of the : soit la version 3 de cette
* License, or (at your option) licence, soit (à votre gré)
* any later version. toute version ultérieure.
*
* OpenCADC is distributed in the OpenCADC est distribué
* hope that it will be useful, dans l’espoir qu’il vous
* but WITHOUT ANY WARRANTY; sera utile, mais SANS AUCUNE
* without even the implied GARANTIE : sans même la garantie
* warranty of MERCHANTABILITY implicite de COMMERCIALISABILITÉ
* or FITNESS FOR A PARTICULAR ni d’ADÉQUATION À UN OBJECTIF
* PURPOSE. See the GNU Affero PARTICULIER. Consultez la Licence
* General Public License for Générale Publique GNU Affero
* more details. pour plus de détails.
*
* You should have received Vous devriez avoir reçu une
* a copy of the GNU Affero copie de la Licence Générale
* General Public License along Publique GNU Affero avec
* with OpenCADC. If not, see OpenCADC ; si ce n’est
* <http://www.gnu.org/licenses/>. pas le cas, consultez :
* <http://www.gnu.org/licenses/>.
*
* $Revision: 4 $
*
************************************************************************
*/
package ca.nrc.cadc.ac.server;
import ca.nrc.cadc.ac.IdentityType;
import ca.nrc.cadc.ac.Role;
import ca.nrc.cadc.uws.Parameter;
import ca.nrc.cadc.uws.ParameterUtil;
import java.util.List;
import org.apache.log4j.Logger;
/**
* Request Validator. This class extracts and validates the ID, TYPE, ROLE
* and GURI parameters.
*
*/
public class RequestValidator
{
private static final Logger log = Logger.getLogger(RequestValidator.class);
private String id;
private IdentityType type;
private Role role;
private String guri;
public RequestValidator() { }
private void clear()
{
this.id = null;
this.type = null;
this.role = null;
this.guri = null;
}
public void validate(List<Parameter> paramList)
{
clear();
if (paramList == null || paramList.isEmpty())
{
throw new IllegalArgumentException(
"Missing required parameters: ID and TYPE");
}
// ID
String param = ParameterUtil.findParameterValue("ID", paramList);
if (param == null || param.trim().isEmpty())
{
throw new IllegalArgumentException(
"ID parameter required but not found");
}
this.id = param.trim();
log.debug("ID: " + id);
// TYPE
param = ParameterUtil.findParameterValue("TYPE", paramList);
if (param == null || param.trim().isEmpty())
{
throw new IllegalArgumentException(
"TYPE parameter required but not found");
}
this.type = IdentityType.toValue(param);
log.debug("TYPE: " + type);
// ROLE
param = ParameterUtil.findParameterValue("ROLE", paramList);
if (param == null || param.trim().isEmpty())
{
throw new IllegalArgumentException(
"ROLE parameter required but not found");
}
this.role = Role.toValue(param);
log.debug("ROLE: " + role);
// GURI
param = ParameterUtil.findParameterValue("GURI", paramList);
if (param != null)
{
if (param.isEmpty())
throw new IllegalArgumentException(
"GURI parameter specified without a value");
this.guri = param.trim();
}
log.debug("GURI: " + guri);
if (role != null && guri != null)
{
throw new IllegalArgumentException(
"ROLE and GURI cannot be used in the same search");
}
}
public String getId()
{
return id;
}
public IdentityType getType()
{
return type;
}
public Role getRole()
{
return role;
}
public String getGUri()
{
return guri;
}
}
...@@ -68,11 +68,13 @@ ...@@ -68,11 +68,13 @@
*/ */
package ca.nrc.cadc.ac.server; package ca.nrc.cadc.ac.server;
import ca.nrc.cadc.ac.Group;
import ca.nrc.cadc.ac.User; import ca.nrc.cadc.ac.User;
import ca.nrc.cadc.ac.UserNotFoundException; import ca.nrc.cadc.ac.UserNotFoundException;
import ca.nrc.cadc.net.TransientException; import ca.nrc.cadc.net.TransientException;
import java.security.AccessControlException; import java.security.AccessControlException;
import java.security.Principal; import java.security.Principal;
import java.util.Collection;
public abstract interface UserPersistence<T extends Principal> public abstract interface UserPersistence<T extends Principal>
{ {
...@@ -82,11 +84,41 @@ public abstract interface UserPersistence<T extends Principal> ...@@ -82,11 +84,41 @@ public abstract interface UserPersistence<T extends Principal>
* @param userID The userID. * @param userID The userID.
* *
* @return User instance. * @return User instance.
* @throws UserNotFoundException when the member is not found. *
* @throws UserNotFoundException when the user is not found.
* @throws TransientException If an temporary, unexpected problem occurred. * @throws TransientException If an temporary, unexpected problem occurred.
* @throws AccessControlException If the operation is not permitted. * @throws AccessControlException If the operation is not permitted.
*/ */
public abstract User<T> getUser(T userID) public abstract User<T> getUser(T userID)
throws UserNotFoundException, TransientException, AccessControlException; throws UserNotFoundException, TransientException, AccessControlException;
/**
* Get all groups the user specified by userID belongs to.
*
* @param userID The userID.
*
* @return Collection of Group instances.
*
* @throws UserNotFoundException when the user is not found.
* @throws TransientException If an temporary, unexpected problem occurred.
* @throws AccessControlException If the operation is not permitted.
*/
public abstract Collection<Group> getUserGroups(T userID)
throws UserNotFoundException, TransientException, AccessControlException;
/**
* Check whether the user is a member of the group.
*
* @param userID The userID.
* @param groupID The groupID.
*
* @return true or false
*
* @throws UserNotFoundException If the user is not found.
* @throws TransientException If an temporary, unexpected problem occurred.
* @throws AccessControlException If the operation is not permitted.
*/
public abstract boolean isMember(T userID, String groupID)
throws UserNotFoundException, TransientException,
AccessControlException;
} }
...@@ -71,8 +71,8 @@ package ca.nrc.cadc.ac.server.ldap; ...@@ -71,8 +71,8 @@ package ca.nrc.cadc.ac.server.ldap;
import ca.nrc.cadc.ac.Group; import ca.nrc.cadc.ac.Group;
import ca.nrc.cadc.ac.GroupAlreadyExistsException; import ca.nrc.cadc.ac.GroupAlreadyExistsException;
import ca.nrc.cadc.ac.GroupNotFoundException; import ca.nrc.cadc.ac.GroupNotFoundException;
import ca.nrc.cadc.ac.IdentityType;
import ca.nrc.cadc.ac.Role; import ca.nrc.cadc.ac.Role;
import ca.nrc.cadc.ac.User;
import ca.nrc.cadc.ac.UserNotFoundException; import ca.nrc.cadc.ac.UserNotFoundException;
import ca.nrc.cadc.ac.server.GroupPersistence; import ca.nrc.cadc.ac.server.GroupPersistence;
import ca.nrc.cadc.net.TransientException; import ca.nrc.cadc.net.TransientException;
...@@ -172,34 +172,15 @@ public class LdapGroupPersistence<T extends Principal> ...@@ -172,34 +172,15 @@ public class LdapGroupPersistence<T extends Principal>
} }
} }
public Collection<Group> getGroups(User<T> user, Role role) public Collection<Group> searchGroups(T userID, Role role, String groupID)
throws UserNotFoundException, TransientException, AccessControlException throws UserNotFoundException, GroupNotFoundException,
TransientException, AccessControlException
{ {
LdapGroupDAO<T> groupDAO = null; LdapGroupDAO<T> groupDAO = null;
try try
{ {
groupDAO = new LdapGroupDAO<T>(config, new LdapUserDAO<T>(config)); groupDAO = new LdapGroupDAO<T>(config, new LdapUserDAO<T>(config));
Collection<Group> ret = groupDAO.getGroups(user, role); Collection<Group> ret = groupDAO.searchGroups(userID, role, groupID);
return ret;
}
finally
{
if (groupDAO != null)
{
groupDAO.close();
}
}
}
public boolean isMember(User<T> user, String groupID)
throws GroupNotFoundException, TransientException,
AccessControlException, UserNotFoundException
{
LdapGroupDAO<T> groupDAO = null;
try
{
groupDAO = new LdapGroupDAO<T>(config, new LdapUserDAO<T>(config));
boolean ret = groupDAO.isMember(user, groupID);
return ret; return ret;
} }
finally finally
......
...@@ -68,13 +68,16 @@ ...@@ -68,13 +68,16 @@
*/ */
package ca.nrc.cadc.ac.server.ldap; package ca.nrc.cadc.ac.server.ldap;
import ca.nrc.cadc.ac.Group;
import ca.nrc.cadc.ac.User; import ca.nrc.cadc.ac.User;
import ca.nrc.cadc.ac.UserNotFoundException; import ca.nrc.cadc.ac.UserNotFoundException;
import ca.nrc.cadc.auth.HttpPrincipal; import ca.nrc.cadc.auth.HttpPrincipal;
import ca.nrc.cadc.auth.NumericPrincipal; import ca.nrc.cadc.auth.NumericPrincipal;
import ca.nrc.cadc.net.TransientException; import ca.nrc.cadc.net.TransientException;
import com.unboundid.ldap.sdk.CompareRequest;
import com.unboundid.ldap.sdk.CompareResult;
import com.unboundid.ldap.sdk.DN; import com.unboundid.ldap.sdk.DN;
import com.unboundid.ldap.sdk.LDAPConnection; import com.unboundid.ldap.sdk.Filter;
import com.unboundid.ldap.sdk.LDAPException; import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.SearchRequest; import com.unboundid.ldap.sdk.SearchRequest;
import com.unboundid.ldap.sdk.SearchResultEntry; import com.unboundid.ldap.sdk.SearchResultEntry;
...@@ -84,8 +87,8 @@ import java.security.AccessControlException; ...@@ -84,8 +87,8 @@ import java.security.AccessControlException;
import java.security.Principal; import java.security.Principal;
import java.util.Collection; import java.util.Collection;
import java.util.HashMap; import java.util.HashMap;
import java.util.HashSet;
import java.util.Map; import java.util.Map;
import java.util.Set;
import javax.security.auth.x500.X500Principal; import javax.security.auth.x500.X500Principal;
import org.apache.log4j.Logger; import org.apache.log4j.Logger;
...@@ -107,10 +110,13 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO ...@@ -107,10 +110,13 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
/** /**
* Get the user specified by userID. * Get the user specified by userID.
* *
* @param userID The unique userID. * @param userID The userID.
*
* @return User instance. * @return User instance.
*
* @throws UserNotFoundException when the user is not found. * @throws UserNotFoundException when the user is not found.
* @throws TransientException If an temporary, unexpected problem occurred. * @throws TransientException If an temporary, unexpected problem occurred.
* @throws AccessControlException If the operation is not permitted.
*/ */
public User<T> getUser(T userID) public User<T> getUser(T userID)
throws UserNotFoundException, TransientException, AccessControlException throws UserNotFoundException, TransientException, AccessControlException
...@@ -158,6 +164,169 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO ...@@ -158,6 +164,169 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
return user; return user;
} }
/**
* Get all groups the user specified by userID belongs to.
*
* @param userID The userID.
*
* @return Collection of Group instances.
*
* @throws UserNotFoundException when the user is not found.
* @throws TransientException If an temporary, unexpected problem occurred.
* @throws AccessControlException If the operation is not permitted.
*/
public Collection<Group> getUserGroups(T userID)
throws UserNotFoundException, TransientException, AccessControlException
{
try
{
String searchField = (String) attribType.get(userID.getClass());
if (searchField == null)
{
throw new IllegalArgumentException(
"Unsupported principal type " + userID.getClass());
}
User user = getUser(userID);
Filter filter = Filter.createANDFilter(
Filter.createEqualityFilter(searchField,
user.getUserID().getName()),
Filter.createPresenceFilter("memberOf"));
SearchRequest searchRequest =
new SearchRequest(config.getUsersDN(), SearchScope.SUB,
filter, new String[] {"memberOf"});
searchRequest.addControl(
new ProxiedAuthorizationV1RequestControl(getSubjectDN()));
SearchResultEntry searchResult =
getConnection().searchForEntry(searchRequest);
Collection<Group> groups = new HashSet<Group>();
if (searchResult != null)
{
String[] members =
searchResult.getAttributeValues("memberOf");
if (members != null)
{
for (String member : members)
{
String groupCN = DN.getRDNString(member);
int index = groupCN.indexOf("=");
String groupName = groupCN.substring(index + 1);
// Ignore existing illegal group names.
try
{
groups.add(new Group(groupName, user));
}
catch (IllegalArgumentException ignore) { }
}
}
}
return groups;
}
catch (LDAPException e)
{
// TODO check which LDAP exceptions are transient and which
// ones are
// access control
throw new TransientException("Error getting user groups", e);
}
}
/**
* Check whether the user is a member of the group.
*
* @param userID The userID.
* @param groupID The groupID.
*
* @return true or false
*
* @throws UserNotFoundException If the user is not found.
* @throws TransientException If an temporary, unexpected problem occurred.
* @throws AccessControlException If the operation is not permitted.
*/
public boolean isMemberX(T userID, String groupID)
throws UserNotFoundException, TransientException,
AccessControlException
{
try
{
String searchField = (String) attribType.get(userID.getClass());
if (searchField == null)
{
throw new IllegalArgumentException(
"Unsupported principal type " + userID.getClass());
}
User user = getUser(userID);
Filter filter = Filter.createANDFilter(
Filter.createEqualityFilter(searchField,
user.getUserID().getName()),
Filter.createEqualityFilter("memberOf", groupID));
SearchRequest searchRequest =
new SearchRequest(config.getUsersDN(), SearchScope.SUB,
filter, new String[] {"cn"});
searchRequest.addControl(
new ProxiedAuthorizationV1RequestControl(getSubjectDN()));
SearchResultEntry searchResults =
getConnection().searchForEntry(searchRequest);
if (searchResults == null)
{
return false;
}
return true;
}
catch (LDAPException e1)
{
// TODO check which LDAP exceptions are transient and which
// ones are
// access control
throw new TransientException("Error getting the user", e1);
}
}
public boolean isMember(T userID, String groupID)
throws UserNotFoundException, TransientException,
AccessControlException
{
try
{
String searchField = (String) attribType.get(userID.getClass());
if (searchField == null)
{
throw new IllegalArgumentException(
"Unsupported principal type " + userID.getClass());
}
User user = getUser(userID);
DN userDN = getUserDN(user);
CompareRequest compareRequest =
new CompareRequest(userDN.toNormalizedString(),
"memberOf", groupID);
compareRequest.addControl(
new ProxiedAuthorizationV1RequestControl(getSubjectDN()));
CompareResult compareResult =
getConnection().compare(compareRequest);
return compareResult.compareMatched();
}
catch (LDAPException e)
{
// TODO check which LDAP exceptions are transient and which
// ones are
// access control
throw new TransientException("Error getting the user", e);
}
}
/** /**
* Returns a member user identified by the X500Principal only. * Returns a member user identified by the X500Principal only.
* @param userDN * @param userDN
......
...@@ -68,12 +68,14 @@ ...@@ -68,12 +68,14 @@
*/ */
package ca.nrc.cadc.ac.server.ldap; package ca.nrc.cadc.ac.server.ldap;
import ca.nrc.cadc.ac.Group;
import ca.nrc.cadc.ac.User; import ca.nrc.cadc.ac.User;
import ca.nrc.cadc.ac.UserNotFoundException; import ca.nrc.cadc.ac.UserNotFoundException;
import ca.nrc.cadc.ac.server.UserPersistence; import ca.nrc.cadc.ac.server.UserPersistence;
import ca.nrc.cadc.net.TransientException; import ca.nrc.cadc.net.TransientException;
import java.security.AccessControlException; import java.security.AccessControlException;
import java.security.Principal; import java.security.Principal;
import java.util.Collection;
import org.apache.log4j.Logger; import org.apache.log4j.Logger;
public class LdapUserPersistence<T extends Principal> public class LdapUserPersistence<T extends Principal>
...@@ -94,6 +96,17 @@ public class LdapUserPersistence<T extends Principal> ...@@ -94,6 +96,17 @@ public class LdapUserPersistence<T extends Principal>
} }
} }
/**
* Get the user specified by userID.
*
* @param userID The userID.
*
* @return User instance.
*
* @throws UserNotFoundException when the user is not found.
* @throws TransientException If an temporary, unexpected problem occurred.
* @throws AccessControlException If the operation is not permitted.
*/
public User<T> getUser(T userID) public User<T> getUser(T userID)
throws UserNotFoundException, TransientException, AccessControlException throws UserNotFoundException, TransientException, AccessControlException
{ {
...@@ -113,4 +126,66 @@ public class LdapUserPersistence<T extends Principal> ...@@ -113,4 +126,66 @@ public class LdapUserPersistence<T extends Principal>
} }
} }
/**
* Get all groups the user specified by userID belongs to.
*
* @param userID The userID.
*
* @return Collection of Group instances.
*
* @throws UserNotFoundException when the user is not found.
* @throws TransientException If an temporary, unexpected problem occurred.
* @throws AccessControlException If the operation is not permitted.
*/
public Collection<Group> getUserGroups(T userID)
throws UserNotFoundException, TransientException, AccessControlException
{
LdapUserDAO<T> userDAO = null;
try
{
userDAO = new LdapUserDAO<T>(this.config);
Collection<Group> ret = userDAO.getUserGroups(userID);
return ret;
}
finally
{
if (userDAO != null)
{
userDAO.close();
}
}
}
/**
* Check whether the user is a member of the group.
*
* @param userID The userID.
* @param groupID The groupID.
*
* @return true or false
*
* @throws UserNotFoundException If the user is not found.
* @throws TransientException If an temporary, unexpected problem occurred.
* @throws AccessControlException If the operation is not permitted.
*/
public boolean isMember(T userID, String groupID)
throws UserNotFoundException, TransientException,
AccessControlException
{
LdapUserDAO<T> userDAO = null;
try
{
userDAO = new LdapUserDAO<T>(this.config);
boolean ret = userDAO.isMember(userID, groupID);
return ret;
}
finally
{
if (userDAO != null)
{
userDAO.close();
}
}
}
} }
...@@ -68,17 +68,47 @@ ...@@ -68,17 +68,47 @@
*/ */
package ca.nrc.cadc.ac.server.web; package ca.nrc.cadc.ac.server.web;
import ca.nrc.cadc.ac.Group;
import ca.nrc.cadc.ac.GroupNotFoundException;
import ca.nrc.cadc.ac.GroupsWriter;
import ca.nrc.cadc.ac.IdentityType;
import ca.nrc.cadc.ac.UserNotFoundException;
import ca.nrc.cadc.ac.server.GroupPersistence;
import ca.nrc.cadc.ac.server.PluginFactory;
import ca.nrc.cadc.ac.server.RequestValidator;
import ca.nrc.cadc.ac.server.UserPersistence;
import ca.nrc.cadc.auth.HttpPrincipal;
import ca.nrc.cadc.auth.NumericPrincipal;
import ca.nrc.cadc.auth.OpenIdPrincipal;
import ca.nrc.cadc.net.TransientException;
import ca.nrc.cadc.uws.ErrorSummary;
import ca.nrc.cadc.uws.ErrorType;
import ca.nrc.cadc.uws.ExecutionPhase;
import ca.nrc.cadc.uws.Job; import ca.nrc.cadc.uws.Job;
import ca.nrc.cadc.uws.server.JobNotFoundException;
import ca.nrc.cadc.uws.server.JobPersistenceException;
import ca.nrc.cadc.uws.server.JobRunner; import ca.nrc.cadc.uws.server.JobRunner;
import ca.nrc.cadc.uws.server.JobUpdater; import ca.nrc.cadc.uws.server.JobUpdater;
import ca.nrc.cadc.uws.server.SyncOutput; import ca.nrc.cadc.uws.server.SyncOutput;
import ca.nrc.cadc.uws.util.JobLogInfo;
import java.io.IOException;
import java.security.AccessControlException;
import java.security.Principal;
import java.util.Collection;
import java.util.Date;
import javax.security.auth.x500.X500Principal;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
public class ACSearchRunner public class ACSearchRunner
implements JobRunner implements JobRunner
{ {
private static Logger log = Logger.getLogger(ACSearchRunner.class);
private JobUpdater jobUpdater; private JobUpdater jobUpdater;
private SyncOutput syncOut; private SyncOutput syncOut;
private Job job; private Job job;
private JobLogInfo logInfo;
@Override @Override
public void setJobUpdater(JobUpdater jobUpdater) public void setJobUpdater(JobUpdater jobUpdater)
...@@ -101,7 +131,193 @@ public class ACSearchRunner ...@@ -101,7 +131,193 @@ public class ACSearchRunner
@Override @Override
public void run() public void run()
{ {
// TODO Run the search query against GroupPersistence log.debug("RUN ACSearchRunner: " + job.ownerSubject);
logInfo = new JobLogInfo(job);
String startMessage = logInfo.start();
log.info(startMessage);
long t1 = System.currentTimeMillis();
search();
long t2 = System.currentTimeMillis();
logInfo.setElapsedTime(t2 - t1);
String endMessage = logInfo.end();
log.info(endMessage);
}
private void search()
{
try
{
ExecutionPhase ep =
jobUpdater.setPhase(job.getID(), ExecutionPhase.QUEUED,
ExecutionPhase.EXECUTING, new Date());
if ( !ExecutionPhase.EXECUTING.equals(ep) )
{
String message = job.getID() +
": QUEUED -> EXECUTING [FAILED] -- DONE";
logInfo.setSuccess(false);
logInfo.setMessage(message);
return;
}
log.debug(job.getID() + ": QUEUED -> EXECUTING [OK]");
RequestValidator rv = new RequestValidator();
rv.validate(job.getParameterList());
Principal userID = getUserPrincipal(rv.getId(), rv.getType());
PluginFactory factory = new PluginFactory();
GroupPersistence dao = factory.getGroupPersistence();
Collection<Group> groups =
dao.searchGroups(userID, rv.getRole(), rv.getGUri());
syncOut.setResponseCode(HttpServletResponse.SC_OK);
GroupsWriter.write(groups, syncOut.getOutputStream());
// Mark the Job as completed.
jobUpdater.setPhase(job.getID(), ExecutionPhase.EXECUTING,
ExecutionPhase.COMPLETED, new Date());
}
catch (TransientException t)
{
logInfo.setSuccess(false);
logInfo.setMessage(t.getMessage());
log.debug("FAIL", t);
syncOut.setResponseCode(400);
ErrorSummary errorSummary =
new ErrorSummary(t.getMessage(), ErrorType.FATAL);
try
{
jobUpdater.setPhase(job.getID(), ExecutionPhase.EXECUTING,
ExecutionPhase.ERROR, errorSummary,
new Date());
}
catch(Throwable oops)
{
log.debug("failed to set final error status after " + t, oops);
}
}
catch (UserNotFoundException t)
{
logInfo.setSuccess(false);
logInfo.setMessage(t.getMessage());
log.debug("FAIL", t);
syncOut.setResponseCode(404);
ErrorSummary errorSummary =
new ErrorSummary(t.getMessage(), ErrorType.FATAL);
try
{
jobUpdater.setPhase(job.getID(), ExecutionPhase.EXECUTING,
ExecutionPhase.ERROR, errorSummary,
new Date());
}
catch(Throwable oops)
{
log.debug("failed to set final error status after " + t, oops);
}
}
catch (GroupNotFoundException t)
{
logInfo.setSuccess(false);
logInfo.setMessage(t.getMessage());
log.debug("FAIL", t);
syncOut.setResponseCode(404);
ErrorSummary errorSummary =
new ErrorSummary(t.getMessage(), ErrorType.FATAL);
try
{
jobUpdater.setPhase(job.getID(), ExecutionPhase.EXECUTING,
ExecutionPhase.ERROR, errorSummary,
new Date());
}
catch(Throwable oops)
{
log.debug("failed to set final error status after " + t, oops);
}
}
catch (AccessControlException t)
{
logInfo.setSuccess(false);
logInfo.setMessage(t.getMessage());
log.debug("FAIL", t);
syncOut.setResponseCode(401);
ErrorSummary errorSummary =
new ErrorSummary(t.getMessage(), ErrorType.FATAL);
try
{
jobUpdater.setPhase(job.getID(), ExecutionPhase.EXECUTING,
ExecutionPhase.ERROR, errorSummary,
new Date());
}
catch(Throwable oops)
{
log.debug("failed to set final error status after " + t, oops);
}
}
catch (Throwable t)
{
logInfo.setSuccess(false);
logInfo.setMessage(t.getMessage());
log.debug("FAIL", t);
syncOut.setResponseCode(400);
ErrorSummary errorSummary =
new ErrorSummary(t.getMessage(), ErrorType.FATAL);
try
{
jobUpdater.setPhase(job.getID(), ExecutionPhase.EXECUTING,
ExecutionPhase.ERROR, errorSummary,
new Date());
}
catch(Throwable oops)
{
log.debug("failed to set final error status after " + t, oops);
}
}
}
private Principal getUserPrincipal(String userID, IdentityType type)
{
if (type == IdentityType.OPENID)
{
return new OpenIdPrincipal(userID);
}
if (type == IdentityType.UID)
{
try
{
Long numericId = Long.valueOf(userID);
return new NumericPrincipal(numericId);
}
catch (NumberFormatException e)
{
throw new IllegalArgumentException("Illegal UID userID " +
userID + " because " +
e.getMessage());
}
}
if (type == IdentityType.USERNAME)
{
return new HttpPrincipal(userID);
}
if (type == IdentityType.X500)
{
return new X500Principal(userID);
}
throw new IllegalArgumentException("Unknown user type " +
type.getValue());
} }
} }
...@@ -34,6 +34,7 @@ ...@@ -34,6 +34,7 @@
package ca.nrc.cadc.ac.server.ldap; package ca.nrc.cadc.ac.server.ldap;
import ca.nrc.cadc.ac.ActivatedGroup;
import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue; import static org.junit.Assert.assertTrue;
...@@ -45,6 +46,7 @@ import javax.security.auth.x500.X500Principal; ...@@ -45,6 +46,7 @@ import javax.security.auth.x500.X500Principal;
import org.junit.Test; import org.junit.Test;
import ca.nrc.cadc.ac.Group; import ca.nrc.cadc.ac.Group;
import ca.nrc.cadc.ac.GroupNotFoundException;
import ca.nrc.cadc.ac.GroupProperty; import ca.nrc.cadc.ac.GroupProperty;
import ca.nrc.cadc.ac.Role; import ca.nrc.cadc.ac.Role;
import ca.nrc.cadc.ac.User; import ca.nrc.cadc.ac.User;
...@@ -59,13 +61,11 @@ public class LdapGroupDAOTest ...@@ -59,13 +61,11 @@ public class LdapGroupDAOTest
{ {
private static final Logger log = Logger.getLogger(LdapGroupDAOTest.class); private static final Logger log = Logger.getLogger(LdapGroupDAOTest.class);
static User<X500Principal> cadctest;
static User<X500Principal> authtest1; static User<X500Principal> authtest1;
static User<X500Principal> authtest2; static User<X500Principal> authtest2;
static User<X500Principal> regtest1; static User<X500Principal> regtest1;
static String groupID1;
static String groupID2;
static LdapConfig config; static LdapConfig config;
@BeforeClass @BeforeClass
...@@ -74,9 +74,8 @@ public class LdapGroupDAOTest ...@@ -74,9 +74,8 @@ public class LdapGroupDAOTest
{ {
Log4jInit.setLevel("ca.nrc.cadc.ac", Level.DEBUG); Log4jInit.setLevel("ca.nrc.cadc.ac", Level.DEBUG);
groupID1 = "acs-daotest-group1-" + System.currentTimeMillis(); cadctest = new User<X500Principal>(
groupID2 = "acs-daotest-group2-" + System.currentTimeMillis(); new X500Principal("CN=CADCtest_636,OU=CADC,O=HIA,C=CA"));
authtest1 = new User<X500Principal>( authtest1 = new User<X500Principal>(
new X500Principal("cn=cadc authtest1 10627,ou=cadc,o=hia")); new X500Principal("cn=cadc authtest1 10627,ou=cadc,o=hia"));
authtest2 = new User<X500Principal>( authtest2 = new User<X500Principal>(
...@@ -97,7 +96,12 @@ public class LdapGroupDAOTest ...@@ -97,7 +96,12 @@ public class LdapGroupDAOTest
new LdapUserDAO<X500Principal>(config)); new LdapUserDAO<X500Principal>(config));
} }
// @Test String getGroupID()
{
return "acs-daotest-group1-" + System.currentTimeMillis();
}
@Test
public void testOneGroup() throws Exception public void testOneGroup() throws Exception
{ {
Subject subject = new Subject(); Subject subject = new Subject();
...@@ -110,12 +114,14 @@ public class LdapGroupDAOTest ...@@ -110,12 +114,14 @@ public class LdapGroupDAOTest
{ {
try try
{ {
Group expectGroup = new Group(groupID1, authtest1); Group expectGroup = new Group(getGroupID(), authtest1);
Group actualGroup = getGroupDAO().addGroup(expectGroup); Group actualGroup = getGroupDAO().addGroup(expectGroup);
log.debug("addGroup: " + expectGroup.getID());
assertGroupsEqual(expectGroup, actualGroup); assertGroupsEqual(expectGroup, actualGroup);
Group otherGroup = new Group(groupID2, authtest1); Group otherGroup = new Group(getGroupID(), authtest1);
otherGroup = getGroupDAO().addGroup(otherGroup); otherGroup = getGroupDAO().addGroup(otherGroup);
log.debug("addGroup: " + otherGroup.getID());
// modify group fields // modify group fields
// description // description
...@@ -123,6 +129,10 @@ public class LdapGroupDAOTest ...@@ -123,6 +129,10 @@ public class LdapGroupDAOTest
actualGroup = getGroupDAO().modifyGroup(expectGroup); actualGroup = getGroupDAO().modifyGroup(expectGroup);
assertGroupsEqual(expectGroup, actualGroup); assertGroupsEqual(expectGroup, actualGroup);
expectGroup.description = null;
actualGroup = getGroupDAO().modifyGroup(expectGroup);
assertGroupsEqual(expectGroup, actualGroup);
// groupRead // groupRead
expectGroup.groupRead = otherGroup; expectGroup.groupRead = otherGroup;
actualGroup = getGroupDAO().modifyGroup(expectGroup); actualGroup = getGroupDAO().modifyGroup(expectGroup);
...@@ -138,87 +148,59 @@ public class LdapGroupDAOTest ...@@ -138,87 +148,59 @@ public class LdapGroupDAOTest
actualGroup = getGroupDAO().modifyGroup(expectGroup); actualGroup = getGroupDAO().modifyGroup(expectGroup);
assertGroupsEqual(expectGroup, actualGroup); assertGroupsEqual(expectGroup, actualGroup);
// userMembers expectGroup.publicRead = false;
expectGroup.getUserMembers().add(authtest2);
actualGroup = getGroupDAO().modifyGroup(expectGroup); actualGroup = getGroupDAO().modifyGroup(expectGroup);
assertGroupsEqual(expectGroup, actualGroup); assertGroupsEqual(expectGroup, actualGroup);
// groupMembers // userMembers
expectGroup.getGroupMembers().add(otherGroup); expectGroup.getUserMembers().add(authtest2);
actualGroup = getGroupDAO().modifyGroup(expectGroup); actualGroup = getGroupDAO().modifyGroup(expectGroup);
assertGroupsEqual(expectGroup, actualGroup); assertGroupsEqual(expectGroup, actualGroup);
return null;
}
catch (Exception e)
{
throw new Exception("Problems", e);
}
}
});
}
// @Test
public void testMultipleGroups() throws Exception
{
Subject subject = new Subject();
subject.getPrincipals().add(authtest1.getUserID());
// do everything as owner
Subject.doAs(subject, new PrivilegedExceptionAction<Object>()
{
public Object run() throws Exception
{
try
{
Group expectGroup = new Group(groupID1, authtest1);
Group actualGroup = getGroupDAO().addGroup(expectGroup);
assertGroupsEqual(expectGroup, actualGroup);
Group otherGroup = new Group(groupID2, authtest1);
otherGroup = getGroupDAO().addGroup(otherGroup);
// modify group fields expectGroup.getUserMembers().remove(authtest2);
// description
expectGroup.description = "Happy testing";
actualGroup = getGroupDAO().modifyGroup(expectGroup); actualGroup = getGroupDAO().modifyGroup(expectGroup);
assertGroupsEqual(expectGroup, actualGroup); assertGroupsEqual(expectGroup, actualGroup);
// groupRead // groupMembers
expectGroup.groupRead = otherGroup; expectGroup.getGroupMembers().add(otherGroup);
actualGroup = getGroupDAO().modifyGroup(expectGroup); actualGroup = getGroupDAO().modifyGroup(expectGroup);
assertGroupsEqual(expectGroup, actualGroup); assertGroupsEqual(expectGroup, actualGroup);
// groupWrite expectGroup.getGroupMembers().remove(otherGroup);
expectGroup.groupWrite = otherGroup;
actualGroup = getGroupDAO().modifyGroup(expectGroup); actualGroup = getGroupDAO().modifyGroup(expectGroup);
assertGroupsEqual(expectGroup, actualGroup); assertGroupsEqual(expectGroup, actualGroup);
// publicRead // delete the group
expectGroup.publicRead = true; getGroupDAO().deleteGroup(expectGroup.getID());
actualGroup = getGroupDAO().modifyGroup(expectGroup); try
assertGroupsEqual(expectGroup, actualGroup); {
getGroupDAO().getGroup(expectGroup.getID());
fail("get on deleted group should throw exception");
}
catch (GroupNotFoundException ignore) {}
// userMembers // reactivate the group
expectGroup.getUserMembers().add(authtest2); actualGroup = getGroupDAO().addGroup(expectGroup);
actualGroup = getGroupDAO().modifyGroup(expectGroup); assertTrue(actualGroup instanceof ActivatedGroup);
assertGroupsEqual(expectGroup, actualGroup); assertGroupsEqual(expectGroup, actualGroup);
// groupMembers // get the activated group
expectGroup.getGroupMembers().add(otherGroup); actualGroup = getGroupDAO().getGroup(expectGroup.getID());
actualGroup = getGroupDAO().modifyGroup(expectGroup);
assertGroupsEqual(expectGroup, actualGroup); assertGroupsEqual(expectGroup, actualGroup);
return null; return null;
} }
catch (Exception e) catch (Exception e)
{ {
e.printStackTrace();
throw new Exception("Problems", e); throw new Exception("Problems", e);
} }
} }
}); });
} }
@Test // @Test
public void testGetGroups() throws Exception public void testSearchOwnerGroups() throws Exception
{ {
Subject subject = new Subject(); Subject subject = new Subject();
subject.getPrincipals().add(authtest1.getUserID()); subject.getPrincipals().add(authtest1.getUserID());
...@@ -230,12 +212,14 @@ public class LdapGroupDAOTest ...@@ -230,12 +212,14 @@ public class LdapGroupDAOTest
{ {
try try
{ {
Group expectGroup = new Group(groupID1, authtest1); Group expectGroup = new Group(getGroupID(), authtest1);
Group actualGroup = getGroupDAO().addGroup(expectGroup); Group actualGroup = getGroupDAO().addGroup(expectGroup);
assertGroupsEqual(expectGroup, actualGroup); assertGroupsEqual(expectGroup, actualGroup);
System.out.println("new group: " + groupID1); System.out.println("new group: " + expectGroup.getID());
Collection<Group> groups = getGroupDAO().getGroups(authtest1, Role.OWNER); Collection<Group> groups =
getGroupDAO().searchGroups(authtest1.getUserID(),
Role.OWNER, null);
System.out.println("# groups found: " + groups.size()); System.out.println("# groups found: " + groups.size());
boolean found = false; boolean found = false;
for (Group group : groups) for (Group group : groups)
...@@ -245,7 +229,7 @@ public class LdapGroupDAOTest ...@@ -245,7 +229,7 @@ public class LdapGroupDAOTest
{ {
fail("returned group with wrong owner"); fail("returned group with wrong owner");
} }
if (group.getID().equals(groupID1)) if (group.getID().equals(expectGroup.getID()))
{ {
found = true; found = true;
} }
...@@ -254,6 +238,95 @@ public class LdapGroupDAOTest ...@@ -254,6 +238,95 @@ public class LdapGroupDAOTest
{ {
fail(""); fail("");
} }
getGroupDAO().deleteGroup(expectGroup.getID());
}
catch (Exception e)
{
throw new Exception("Problems", e);
}
return null;
}
});
}
// @Test
public void testSearchMemberGroups() throws Exception
{
Subject subject = new Subject();
subject.getPrincipals().add(cadctest.getUserID());
// do everything as owner
Subject.doAs(subject, new PrivilegedExceptionAction<Object>()
{
public Object run() throws Exception
{
try
{
Collection<Group> groups =
getGroupDAO().searchGroups(cadctest.getUserID(),
Role.MEMBER, null);
System.out.println("# groups found: " + groups.size());
// boolean found = false;
// for (Group group : groups)
// {
// System.out.println("found group: " + group.getID());
// if (!group.getOwner().equals(cadctest))
// {
// fail("returned group with wrong owner");
// }
// if (group.getID().equals(groupID1))
// {
// found = true;
// }
// }
// if (!found)
// {
// fail("");
// }
}
catch (Exception e)
{
throw new Exception("Problems", e);
}
return null;
}
});
}
// @Test
public void testSearchRWGroups() throws Exception
{
Subject subject = new Subject();
subject.getPrincipals().add(authtest1.getUserID());
// do everything as owner
Subject.doAs(subject, new PrivilegedExceptionAction<Object>()
{
public Object run() throws Exception
{
try
{
Collection<Group> groups =
getGroupDAO().searchGroups(authtest1.getUserID(),
Role.RW, null);
System.out.println("# groups found: " + groups.size());
// boolean found = false;
// for (Group group : groups)
// {
// System.out.println("found group: " + group.getID());
// if (!group.getOwner().equals(authtest1))
// {
// fail("returned group with wrong owner");
// }
// if (group.getID().equals(groupID1))
// {
// found = true;
// }
// }
// if (!found)
// {
// fail("");
// }
} }
catch (Exception e) catch (Exception e)
{ {
......
/*
************************************************************************
******************* CANADIAN ASTRONOMY DATA CENTRE *******************
************** CENTRE CANADIEN DE DONNÉES ASTRONOMIQUES **************
*
* (c) 2014. (c) 2014.
* Government of Canada Gouvernement du Canada
* National Research Council Conseil national de recherches
* Ottawa, Canada, K1A 0R6 Ottawa, Canada, K1A 0R6
* All rights reserved Tous droits réservés
*
* NRC disclaims any warranties, Le CNRC dénie toute garantie
* expressed, implied, or énoncée, implicite ou légale,
* statutory, of any kind with de quelque nature que ce
* respect to the software, soit, concernant le logiciel,
* including without limitation y compris sans restriction
* any warranty of merchantability toute garantie de valeur
* or fitness for a particular marchande ou de pertinence
* purpose. NRC shall not be pour un usage particulier.
* liable in any event for any Le CNRC ne pourra en aucun cas
* damages, whether direct or être tenu responsable de tout
* indirect, special or general, dommage, direct ou indirect,
* consequential or incidental, particulier ou général,
* arising from the use of the accessoire ou fortuit, résultant
* software. Neither the name de l'utilisation du logiciel. Ni
* of the National Research le nom du Conseil National de
* Council of Canada nor the Recherches du Canada ni les noms
* names of its contributors may de ses participants ne peuvent
* be used to endorse or promote être utilisés pour approuver ou
* products derived from this promouvoir les produits dérivés
* software without specific prior de ce logiciel sans autorisation
* written permission. préalable et particulière
* par écrit.
*
* This file is part of the Ce fichier fait partie du projet
* OpenCADC project. OpenCADC.
*
* OpenCADC is free software: OpenCADC est un logiciel libre ;
* you can redistribute it and/or vous pouvez le redistribuer ou le
* modify it under the terms of modifier suivant les termes de
* the GNU Affero General Public la “GNU Affero General Public
* License as published by the License” telle que publiée
* Free Software Foundation, par la Free Software Foundation
* either version 3 of the : soit la version 3 de cette
* License, or (at your option) licence, soit (à votre gré)
* any later version. toute version ultérieure.
*
* OpenCADC is distributed in the OpenCADC est distribué
* hope that it will be useful, dans l’espoir qu’il vous
* but WITHOUT ANY WARRANTY; sera utile, mais SANS AUCUNE
* without even the implied GARANTIE : sans même la garantie
* warranty of MERCHANTABILITY implicite de COMMERCIALISABILITÉ
* or FITNESS FOR A PARTICULAR ni d’ADÉQUATION À UN OBJECTIF
* PURPOSE. See the GNU Affero PARTICULIER. Consultez la Licence
* General Public License for Générale Publique GNU Affero
* more details. pour plus de détails.
*
* You should have received Vous devriez avoir reçu une
* a copy of the GNU Affero copie de la Licence Générale
* General Public License along Publique GNU Affero avec
* with OpenCADC. If not, see OpenCADC ; si ce n’est
* <http://www.gnu.org/licenses/>. pas le cas, consultez :
* <http://www.gnu.org/licenses/>.
*
* $Revision: 4 $
*
************************************************************************
*/
package ca.nrc.cadc.ac.server.ldap;
import ca.nrc.cadc.ac.Group;
import ca.nrc.cadc.ac.User;
import ca.nrc.cadc.util.Log4jInit;
import java.security.PrivilegedExceptionAction;
import java.util.Collection;
import javax.security.auth.Subject;
import javax.security.auth.x500.X500Principal;
import org.apache.log4j.Level;
import org.apache.log4j.Logger;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
import org.junit.BeforeClass;
import org.junit.Test;
/**
*
* @author jburke
*/
public class LdapUserDAOTest
{
private static final Logger log = Logger.getLogger(LdapUserDAOTest.class);
static final String cadcTestDN = "CN=CADCtest_636,OU=CADC,O=HIA,C=CA";
static User<X500Principal> cadcTest;
static LdapConfig config;
@BeforeClass
public static void setUpBeforeClass()
throws Exception
{
Log4jInit.setLevel("ca.nrc.cadc.ac", Level.DEBUG);
cadcTest = new User<X500Principal>(new X500Principal(cadcTestDN));
config = new LdapConfig("mach275.cadc.dao.nrc.ca", 389,
"uid=webproxy,ou=administrators,ou=topologymanagement,o=netscaperoot",
"go4it",
"ou=Users,ou=ds,dc=canfar,dc=net",
"ou=TestGroups,ou=ds,dc=canfar,dc=net",
"ou=DeletedGroups,ou=ds,dc=canfar,dc=net");
}
LdapUserDAO<X500Principal> getUserDAO()
{
return new LdapUserDAO<X500Principal>(config);
}
/**
* Test of getUser method, of class LdapUserDAO.
*/
// @Test
public void testGetUser() throws Exception
{
Subject subject = new Subject();
subject.getPrincipals().add(cadcTest.getUserID());
// do everything as owner
Subject.doAs(subject, new PrivilegedExceptionAction<Object>()
{
public Object run() throws Exception
{
try
{
User actual = getUserDAO().getUser(cadcTest.getUserID());
assertEquals(cadcTest, actual);
return null;
}
catch (Exception e)
{
throw new Exception("Problems", e);
}
}
});
}
/**
* Test of getUserGroups method, of class LdapUserDAO.
*/
// @Test
public void testGetUserGroups() throws Exception
{
Subject subject = new Subject();
subject.getPrincipals().add(cadcTest.getUserID());
// do everything as owner
Subject.doAs(subject, new PrivilegedExceptionAction<Object>()
{
public Object run() throws Exception
{
try
{
Collection<Group> groups = getUserDAO().getUserGroups(cadcTest.getUserID());
assertNotNull(groups);
assertTrue(!groups.isEmpty());
for (Group group : groups)
log.debug(group);
return null;
}
catch (Exception e)
{
throw new Exception("Problems", e);
}
}
});
}
/**
* Test of getUserGroups method, of class LdapUserDAO.
*/
@Test
public void testIsMember() throws Exception
{
Subject subject = new Subject();
subject.getPrincipals().add(cadcTest.getUserID());
// do everything as owner
Subject.doAs(subject, new PrivilegedExceptionAction<Object>()
{
public Object run() throws Exception
{
try
{
boolean isMember = getUserDAO().isMember(cadcTest.getUserID(), "foo");
assertFalse(isMember);
String groupID = "cn=cadcsw,cn=groups,ou=ds,dc=canfar,dc=net";
isMember = getUserDAO().isMember(cadcTest.getUserID(), groupID);
assertTrue(isMember);
return null;
}
catch (Exception e)
{
throw new Exception("Problems", e);
}
}
});
}
}
...@@ -90,8 +90,8 @@ public class AC ...@@ -90,8 +90,8 @@ public class AC
// Group URI attribute once the group name is appended // Group URI attribute once the group name is appended
public static final String GROUP_URI = "ivo://cadc.nrc.ca/gms#"; public static final String GROUP_URI = "ivo://cadc.nrc.ca/gms#";
public static final String ID_TYPE_X500 = "X500"; // public static final String ID_TYPE_X500 = "X500";
public static final String ID_TYPE_OPENID = "OpenID"; // public static final String ID_TYPE_OPENID = "OpenID";
public static final String ID_TYPE_USERNAME = "HTTP"; // public static final String ID_TYPE_USERNAME = "HTTP";
public static final String ID_TYPE_UID = "UID"; // public static final String ID_TYPE_UID = "UID";
} }
/*
************************************************************************
******************* CANADIAN ASTRONOMY DATA CENTRE *******************
************** CENTRE CANADIEN DE DONNÉES ASTRONOMIQUES **************
*
* (c) 2014. (c) 2014.
* Government of Canada Gouvernement du Canada
* National Research Council Conseil national de recherches
* Ottawa, Canada, K1A 0R6 Ottawa, Canada, K1A 0R6
* All rights reserved Tous droits réservés
*
* NRC disclaims any warranties, Le CNRC dénie toute garantie
* expressed, implied, or énoncée, implicite ou légale,
* statutory, of any kind with de quelque nature que ce
* respect to the software, soit, concernant le logiciel,
* including without limitation y compris sans restriction
* any warranty of merchantability toute garantie de valeur
* or fitness for a particular marchande ou de pertinence
* purpose. NRC shall not be pour un usage particulier.
* liable in any event for any Le CNRC ne pourra en aucun cas
* damages, whether direct or être tenu responsable de tout
* indirect, special or general, dommage, direct ou indirect,
* consequential or incidental, particulier ou général,
* arising from the use of the accessoire ou fortuit, résultant
* software. Neither the name de l'utilisation du logiciel. Ni
* of the National Research le nom du Conseil National de
* Council of Canada nor the Recherches du Canada ni les noms
* names of its contributors may de ses participants ne peuvent
* be used to endorse or promote être utilisés pour approuver ou
* products derived from this promouvoir les produits dérivés
* software without specific prior de ce logiciel sans autorisation
* written permission. préalable et particulière
* par écrit.
*
* This file is part of the Ce fichier fait partie du projet
* OpenCADC project. OpenCADC.
*
* OpenCADC is free software: OpenCADC est un logiciel libre ;
* you can redistribute it and/or vous pouvez le redistribuer ou le
* modify it under the terms of modifier suivant les termes de
* the GNU Affero General Public la “GNU Affero General Public
* License as published by the License” telle que publiée
* Free Software Foundation, par la Free Software Foundation
* either version 3 of the : soit la version 3 de cette
* License, or (at your option) licence, soit (à votre gré)
* any later version. toute version ultérieure.
*
* OpenCADC is distributed in the OpenCADC est distribué
* hope that it will be useful, dans l’espoir qu’il vous
* but WITHOUT ANY WARRANTY; sera utile, mais SANS AUCUNE
* without even the implied GARANTIE : sans même la garantie
* warranty of MERCHANTABILITY implicite de COMMERCIALISABILITÉ
* or FITNESS FOR A PARTICULAR ni d’ADÉQUATION À UN OBJECTIF
* PURPOSE. See the GNU Affero PARTICULIER. Consultez la Licence
* General Public License for Générale Publique GNU Affero
* more details. pour plus de détails.
*
* You should have received Vous devriez avoir reçu une
* a copy of the GNU Affero copie de la Licence Générale
* General Public License along Publique GNU Affero avec
* with OpenCADC. If not, see OpenCADC ; si ce n’est
* <http://www.gnu.org/licenses/>. pas le cas, consultez :
* <http://www.gnu.org/licenses/>.
*
* $Revision: 4 $
*
************************************************************************
*/
package ca.nrc.cadc.ac;
import java.security.Principal;
/**
*
* @author jburke
*/
public class ActivatedGroup extends Group
{
public ActivatedGroup(String groupID, User<? extends Principal> owner)
{
super(groupID, owner);
}
}
...@@ -7,7 +7,7 @@ import java.io.OutputStream; ...@@ -7,7 +7,7 @@ import java.io.OutputStream;
import java.io.OutputStreamWriter; import java.io.OutputStreamWriter;
import java.io.UnsupportedEncodingException; import java.io.UnsupportedEncodingException;
import java.io.Writer; import java.io.Writer;
import java.util.List; import java.util.Collection;
import org.jdom2.Document; import org.jdom2.Document;
import org.jdom2.Element; import org.jdom2.Element;
import org.jdom2.output.Format; import org.jdom2.output.Format;
...@@ -22,7 +22,7 @@ public class GroupsWriter ...@@ -22,7 +22,7 @@ public class GroupsWriter
* @throws java.io.IOException * @throws java.io.IOException
* @throws ca.nrc.cadc.ac.WriterException * @throws ca.nrc.cadc.ac.WriterException
*/ */
public static void write(List<Group> groups, StringBuilder builder) public static void write(Collection<Group> groups, StringBuilder builder)
throws IOException, WriterException throws IOException, WriterException
{ {
write(groups, new StringBuilderWriter(builder)); write(groups, new StringBuilderWriter(builder));
...@@ -36,7 +36,7 @@ public class GroupsWriter ...@@ -36,7 +36,7 @@ public class GroupsWriter
* @throws IOException if the writer fails to write. * @throws IOException if the writer fails to write.
* @throws ca.nrc.cadc.ac.WriterException * @throws ca.nrc.cadc.ac.WriterException
*/ */
public static void write(List<Group> groups, OutputStream out) public static void write(Collection<Group> groups, OutputStream out)
throws IOException, WriterException throws IOException, WriterException
{ {
OutputStreamWriter outWriter; OutputStreamWriter outWriter;
...@@ -59,7 +59,7 @@ public class GroupsWriter ...@@ -59,7 +59,7 @@ public class GroupsWriter
* @throws IOException if the writer fails to write. * @throws IOException if the writer fails to write.
* @throws ca.nrc.cadc.ac.WriterException * @throws ca.nrc.cadc.ac.WriterException
*/ */
public static void write(List<Group> groups, Writer writer) public static void write(Collection<Group> groups, Writer writer)
throws IOException, WriterException throws IOException, WriterException
{ {
if (groups == null) if (groups == null)
...@@ -76,7 +76,7 @@ public class GroupsWriter ...@@ -76,7 +76,7 @@ public class GroupsWriter
* @return Element of list of Group's. * @return Element of list of Group's.
* @throws ca.nrc.cadc.ac.WriterException * @throws ca.nrc.cadc.ac.WriterException
*/ */
public static Element getGroupsElement(List<Group> groups) public static Element getGroupsElement(Collection<Group> groups)
throws WriterException throws WriterException
{ {
Element groupsElement = new Element("groups"); Element groupsElement = new Element("groups");
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment