Story ac2. Added super user support to UserAction.

1ecd0c53 · Alinga Yeung · 4c0353bc · 1ecd0c53 · 1ecd0c53 · 1ecd0c53
Commit 1ecd0c53 authored 9 years ago by Alinga Yeung
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/AbstractUserAction.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/AbstractUserAction.java
@@ -103,6 +103,7 @@ public abstract class AbstractUserAction implements PrivilegedExceptionAction<Ob
    static final String DEFAULT_CONTENT_TYPE = "text/xml";
    static final String JSON_CONTENT_TYPE = "application/json";
+    protected String augmentUserDN;
    protected UserLogInfo logInfo;
    protected HttpServletResponse response;
    protected String acceptedContentType = DEFAULT_CONTENT_TYPE;
@@ -113,6 +114,16 @@ public abstract class AbstractUserAction implements PrivilegedExceptionAction<Ob
    public abstract void doAction() throws Exception;
+    public void setAugmentUserDN(final String dn)
+    {
+    	this.augmentUserDN = dn;
+    }
+    public String getAugmentUserDN()
+    {
+    	return this.augmentUserDN;
+    }
    public void setLogInfo(UserLogInfo logInfo)
    {
        this.logInfo = logInfo;

--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/GetUserAction.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/GetUserAction.java
@@ -71,11 +71,19 @@ import ca.nrc.cadc.ac.User;
 import ca.nrc.cadc.ac.UserNotFoundException;
 import ca.nrc.cadc.ac.server.UserPersistence;
+import java.security.AccessControlContext;
+import java.security.AccessController;
 import java.security.Principal;
+import java.security.PrivilegedExceptionAction;
+import javax.security.auth.Subject;
+import org.apache.log4j.Logger;
 public class GetUserAction extends AbstractUserAction
 {
+    private static final Logger log = Logger.getLogger(GetUserAction.class);
    private final Principal userID;
    GetUserAction(Principal userID)
@@ -84,22 +92,64 @@ public class GetUserAction extends AbstractUserAction
        this.userID = userID;
    }
-    public void doAction() throws Exception
+	public void doAction() throws Exception
    {
-        final UserPersistence<Principal> userPersistence = getUserPersistence();
        User<Principal> user;
-        try
+        if (isServops())
        {
-            user = userPersistence.getUser(userID);
+        	Subject subject = new Subject();
+        	subject.getPrincipals().add(this.userID);
+        	user = (User<Principal>) Subject.doAs(subject, new PrivilegedExceptionAction<Object>()
+        	{
+				@Override
+				public Object run() throws Exception 
+				{
+					return getUser(userID);
+				}
+        	});
        }
-        catch (UserNotFoundException e)
+        else
        {
-            user = userPersistence.getPendingUser(userID);
+        	user = getUser(this.userID);
        }
        writeUser(user);
    }
+    protected User<Principal> getUser(Principal principal) throws Exception
+    {
+        final UserPersistence<Principal> userPersistence = getUserPersistence();
+    	User<Principal> user;
+    	try
+        {
+            user = userPersistence.getUser(principal);
+        }
+        catch (UserNotFoundException e)
+        {
+            user = userPersistence.getPendingUser(principal);
+        }
+    	return user;
+    }
+    protected boolean isServops()
+    {
+    	log.debug("alinga-- isServops(): augmentUserDN = " + this.augmentUserDN);
+    	boolean isServops = false;
+        AccessControlContext acc = AccessController.getContext();
+        Subject subject = Subject.getSubject(acc);
+        for (Principal principal : subject.getPrincipals())
+        {
+        	if (principal.getName().equals(this.getAugmentUserDN()))
+        	{
+        		isServops = true;
+        		break;
+        	}
+        }
+        return isServops;
+    }
 }
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/UserServlet.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/UserServlet.java
@@ -72,11 +72,14 @@ import java.io.IOException;
 import java.security.PrivilegedActionException;
 import javax.security.auth.Subject;
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletException;
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import ca.nrc.cadc.util.StringUtil;
 import org.apache.log4j.Logger;
 import ca.nrc.cadc.auth.AuthenticationUtil;
@@ -86,6 +89,23 @@ public class UserServlet extends HttpServlet
    private static final long serialVersionUID = 5289130885807305288L;
    private static final Logger log = Logger.getLogger(UserServlet.class);
+    private String augmentUserDN;
+    @Override
+    public void init(final ServletConfig config) throws ServletException
+    {
+        super.init(config);
+        try
+        {
+        	this.augmentUserDN = config.getInitParameter(UserServlet.class.getName() + ".augmentUserDN");
+            log.info("augmentUserDN: " + augmentUserDN);
+        }
+        catch(Exception ex)
+        {
+            log.error("failed to init: " + ex);
+        }
+    }
    /**
     * Create a UserAction and run the action safely.
@@ -104,6 +124,7 @@ public class UserServlet extends HttpServlet
            AbstractUserAction action = factory.createAction(request);
+            action.setAugmentUserDN(this.augmentUserDN);
            action.setLogInfo(logInfo);
            action.setResponse(response);
            action.setAcceptedContentType(getAcceptedContentType(request));