Merge branch 'master' of ssh://gimli2/srv/cadc/git/wopencadc

projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java

@@ -83,6 +83,7 @@ import org.apache.log4j.Logger;
 import ca.nrc.cadc.ac.PersonalDetails;
 import ca.nrc.cadc.ac.User;
 import ca.nrc.cadc.ac.UserNotFoundException;
+import ca.nrc.cadc.auth.AuthenticationUtil;
 import ca.nrc.cadc.auth.HttpPrincipal;
 import ca.nrc.cadc.net.TransientException;
 
@@ -405,9 +406,21 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
                     "Unsupported principal type " + user.getUserID()
                             .getClass());
         }
-
-        searchField = "(" + searchField + "=" +
-                      user.getUserID().getName() + ")";
+        
+        // change the DN to be in the 'java' format
+        if (user.getUserID() instanceof X500Principal)
+        {
+            X500Principal orderedPrincipal = AuthenticationUtil.getOrderedForm(
+                (X500Principal) user.getUserID());
+            searchField = "(" + searchField + "=" + orderedPrincipal.toString() + ")";
+        }
+        else
+        {
+            searchField = "(" + searchField + "=" + user.getUserID().getName()
+                    + ")";
+        }
+        
+        logger.debug("Search field is: " + searchField);
 
         SearchResultEntry searchResult = null;
         try

projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/GroupsActionFactory.java

@@ -137,15 +137,22 @@ public class GroupsActionFactory
             }
             else if (method.equals("POST"))
             {
-                final URL requestURL =
-                        new URL(request.getRequestURL().toString());
-                final String redirectURI = requestURL.getProtocol() + "://"
-                                           + requestURL.getHost() + ":"
-                                           + requestURL.getPort()
-                                           + request.getContextPath()
-                                           + request.getServletPath()
-                                           + "/" + path;
-                action = new ModifyGroupAction(logInfo, groupName, redirectURI,
+                final URL requestURL = new URL(request.getRequestURL().toString());
+                final StringBuilder sb = new StringBuilder();
+                sb.append(requestURL.getProtocol());
+                sb.append("://");
+                sb.append(requestURL.getHost());
+                if (requestURL.getPort() > 0)
+                {
+                    sb.append(":");
+                    sb.append(requestURL.getPort());
+                }
+                sb.append(request.getContextPath());
+                sb.append(request.getServletPath());
+                sb.append("/");
+                sb.append(path);
+
+                action = new ModifyGroupAction(logInfo, groupName, sb.toString(),
                                                request.getInputStream());
             }
         }

projects/cadcAccessControl-Server/test/LdapConfig.test.properties

+# This are the configuration fields required by the Ldap ldap-dao unit tests
+server = proc5-03.cadc.dao.nrc.ca
+port = 636
+proxyUser = webproxy
+usersDn = ou=Users,ou=ds,dc=canfar,dc=net
+groupsDn = ou=Groups,ou=ds,dc=canfar,dc=net
+adminGroupsDn = ou=adminGroups,ou=ds,dc=canfar,dc=net
\ No newline at end of file

projects/cadcAccessControl/src/ca/nrc/cadc/ac/User.java

@@ -72,6 +72,11 @@ import java.security.Principal;
 import java.util.HashSet;
 import java.util.Set;
 
+import ca.nrc.cadc.auth.AuthenticationUtil;
+
+import javax.security.auth.x500.X500Principal;
+
+
 public class User<T extends Principal>
 {
     private T userID;
@@ -130,11 +135,18 @@ public class User<T extends Principal>
             return false;
         }
         User other = (User) obj;
-        if (!userID.equals(other.userID))
+        if (userID instanceof X500Principal)
         {
-            return false;
+            return AuthenticationUtil.equals(userID, other.userID);
+        }
+        else
+        {
+            if (!userID.equals(other.userID))
+            {
+                return false;
+            }
+            return true;
         }
-        return true;
     }
 
     @Override