diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/AbstractUserAction.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/AbstractUserAction.java
index 1c7f0e126dc41e6718bc543ed6562889abe8266d..cba19dfd44ed5b1d763be1989536c8c985f8d579 100644
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/AbstractUserAction.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/AbstractUserAction.java
@@ -103,6 +103,7 @@ public abstract class AbstractUserAction implements PrivilegedExceptionAction<Ob
static final String DEFAULT_CONTENT_TYPE = "text/xml";
static final String JSON_CONTENT_TYPE = "application/json";
+ protected String augmentUserDN;
protected UserLogInfo logInfo;
protected HttpServletResponse response;
protected String acceptedContentType = DEFAULT_CONTENT_TYPE;
@@ -113,6 +114,16 @@ public abstract class AbstractUserAction implements PrivilegedExceptionAction<Ob
public abstract void doAction() throws Exception;
+ public void setAugmentUserDN(final String dn)
+ {
+ this.augmentUserDN = dn;
+ }
+
+ public String getAugmentUserDN()
+ {
+ return this.augmentUserDN;
+ }
+
public void setLogInfo(UserLogInfo logInfo)
{
this.logInfo = logInfo;
diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/GetUserAction.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/GetUserAction.java
index 8d95d94616bc1c032081faa526779c9451f00319..4793c719fb078488473eaca1bbb215c17a9a2aac 100644
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/GetUserAction.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/GetUserAction.java
@@ -71,11 +71,19 @@ import ca.nrc.cadc.ac.User;
import ca.nrc.cadc.ac.UserNotFoundException;
import ca.nrc.cadc.ac.server.UserPersistence;
+import java.security.AccessControlContext;
+import java.security.AccessController;
import java.security.Principal;
+import java.security.PrivilegedExceptionAction;
+
+import javax.security.auth.Subject;
+
+import org.apache.log4j.Logger;
public class GetUserAction extends AbstractUserAction
{
+ private static final Logger log = Logger.getLogger(GetUserAction.class);
private final Principal userID;
GetUserAction(Principal userID)
@@ -84,22 +92,64 @@ public class GetUserAction extends AbstractUserAction
this.userID = userID;
}
- public void doAction() throws Exception
+ public void doAction() throws Exception
{
- final UserPersistence<Principal> userPersistence = getUserPersistence();
-
User<Principal> user;
-
- try
+
+ if (isServops())
{
- user = userPersistence.getUser(userID);
+ Subject subject = new Subject();
+ subject.getPrincipals().add(this.userID);
+ user = (User<Principal>) Subject.doAs(subject, new PrivilegedExceptionAction<Object>()
+ {
+ @Override
+ public Object run() throws Exception
+ {
+ return getUser(userID);
+ }
+
+ });
}
- catch (UserNotFoundException e)
+ else
{
- user = userPersistence.getPendingUser(userID);
+ user = getUser(this.userID);
}
writeUser(user);
}
+ protected User<Principal> getUser(Principal principal) throws Exception
+ {
+ final UserPersistence<Principal> userPersistence = getUserPersistence();
+ User<Principal> user;
+
+ try
+ {
+ user = userPersistence.getUser(principal);
+ }
+ catch (UserNotFoundException e)
+ {
+ user = userPersistence.getPendingUser(principal);
+ }
+
+ return user;
+ }
+
+ protected boolean isServops()
+ {
+ log.debug("alinga-- isServops(): augmentUserDN = " + this.augmentUserDN);
+ boolean isServops = false;
+ AccessControlContext acc = AccessController.getContext();
+ Subject subject = Subject.getSubject(acc);
+ for (Principal principal : subject.getPrincipals())
+ {
+ if (principal.getName().equals(this.getAugmentUserDN()))
+ {
+ isServops = true;
+ break;
+ }
+ }
+
+ return isServops;
+ }
}
diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/UserServlet.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/UserServlet.java
index 2f2ee87959923bf690cc69d6d42f1f82b30e1b78..5feba14cfa175ac11e064ae42641170ec524fce7 100644
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/UserServlet.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/UserServlet.java
@@ -72,11 +72,14 @@ import java.io.IOException;
import java.security.PrivilegedActionException;
import javax.security.auth.Subject;
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import ca.nrc.cadc.util.StringUtil;
+
import org.apache.log4j.Logger;
import ca.nrc.cadc.auth.AuthenticationUtil;
@@ -86,6 +89,23 @@ public class UserServlet extends HttpServlet
private static final long serialVersionUID = 5289130885807305288L;
private static final Logger log = Logger.getLogger(UserServlet.class);
+ private String augmentUserDN;
+
+ @Override
+ public void init(final ServletConfig config) throws ServletException
+ {
+ super.init(config);
+
+ try
+ {
+ this.augmentUserDN = config.getInitParameter(UserServlet.class.getName() + ".augmentUserDN");
+ log.info("augmentUserDN: " + augmentUserDN);
+ }
+ catch(Exception ex)
+ {
+ log.error("failed to init: " + ex);
+ }
+ }
/**
* Create a UserAction and run the action safely.
@@ -104,6 +124,7 @@ public class UserServlet extends HttpServlet
AbstractUserAction action = factory.createAction(request);
+ action.setAugmentUserDN(this.augmentUserDN);
action.setLogInfo(logInfo);
action.setResponse(response);
action.setAcceptedContentType(getAcceptedContentType(request));