Merge branch 'ac2' of ssh://gimli2.cadc.dao.nrc.ca/srv/cadc/git/wopencadc into ac2

301dd27a · Brian Major · 45428647 · 044153d8 · 301dd27a · 301dd27a
Commit 301dd27a authored 9 years ago by Brian Major
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/UserPersistence.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/UserPersistence.java
@@ -120,6 +120,22 @@ public interface UserPersistence<T extends Principal>
        throws UserNotFoundException, TransientException, 
               AccessControlException;
+    /**
+     * Attempt to login the specified user.
+     *
+     * @param userID The userID.
+     * @param password The password.
+     *
+     * @return Boolean
+     * 
+     * @throws UserNotFoundException when the user is not found.
+     * @throws TransientException If an temporary, unexpected problem occurred.
+     * @throws AccessControlException If the operation is not permitted.
+     */
+    Boolean loginUser(String userID, String password)
+            throws UserNotFoundException, TransientException, 
+            AccessControlException;
    /**
     * Updated the user specified by User.
     *

--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java
@@ -177,11 +177,11 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
     *
     * @param username username to verify.
     * @param password password to verify.
-     * @return User
+     * @return Boolean
     * @throws TransientException
     * @throws UserNotFoundException
     */
-    public User<T> loginUser(final String username, final String password)
+    public Boolean loginUser(final String username, final String password)
        throws TransientException, UserNotFoundException
    {
        try
@@ -191,7 +191,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
            if (bindResult != null && bindResult.getResultCode() == ResultCode.SUCCESS)
            {
-                return getUser((T) new HttpPrincipal(username));
+                return Boolean.TRUE;
            }
            else
            {
@@ -200,7 +200,16 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
        }
        catch (LDAPException e)
        {
-            logger.debug("addUser Exception: " + e, e);
+            logger.debug("loginUser Exception: " + e, e);
+            if (e.getResultCode() == ResultCode.INVALID_CREDENTIALS)
+            {
+                throw new AccessControlException("Invalid password");
+            }
+            else if (e.getResultCode() == ResultCode.NO_SUCH_OBJECT)
+            {
+                throw new AccessControlException("Invalid username");
+            }
            throw new RuntimeException("Unexpected LDAP exception", e);
        }

--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserPersistence.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserPersistence.java
@@ -175,7 +175,36 @@ public class LdapUserPersistence<T extends Principal>
            }
        }
    }
+    /**
+     * Get the user specified by userID.
+     *
+     * @param userID The userID.
+     *
+     * @return Boolean.
+     * 
+     * @throws UserNotFoundException when the user is not found.
+     * @throws TransientException If an temporary, unexpected problem occurred.
+     * @throws AccessControlException If the operation is not permitted.
+     */
+    public Boolean loginUser(String userID, String password)
+            throws UserNotFoundException, TransientException, AccessControlException
+    {
+        LdapUserDAO<T> userDAO = null;
+        try
+        {
+            userDAO = new LdapUserDAO<T>(this.config);
+            return userDAO.loginUser(userID, password);
+        }
+        finally
+        {
+            if (userDAO != null)
+            {
+                userDAO.close();
+            }
+        }
+    }
    /**
     * Updated the user specified by User.
     *

--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/LoginServlet.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/LoginServlet.java
+/*
+ ************************************************************************
+ *******************  CANADIAN ASTRONOMY DATA CENTRE  *******************
+ **************  CENTRE CANADIEN DE DONNÉES ASTRONOMIQUES  **************
+ *
+ *  (c) 2014.                            (c) 2014.
+ *  Government of Canada                 Gouvernement du Canada
+ *  National Research Council            Conseil national de recherches
+ *  Ottawa, Canada, K1A 0R6              Ottawa, Canada, K1A 0R6
+ *  All rights reserved                  Tous droits réservés
+ *
+ *  NRC disclaims any warranties,        Le CNRC dénie toute garantie
+ *  expressed, implied, or               énoncée, implicite ou légale,
+ *  statutory, of any kind with          de quelque nature que ce
+ *  respect to the software,             soit, concernant le logiciel,
+ *  including without limitation         y compris sans restriction
+ *  any warranty of merchantability      toute garantie de valeur
+ *  or fitness for a particular          marchande ou de pertinence
+ *  purpose. NRC shall not be            pour un usage particulier.
+ *  liable in any event for any          Le CNRC ne pourra en aucun cas
+ *  damages, whether direct or           être tenu responsable de tout
+ *  indirect, special or general,        dommage, direct ou indirect,
+ *  consequential or incidental,         particulier ou général,
+ *  arising from the use of the          accessoire ou fortuit, résultant
+ *  software.  Neither the name          de l'utilisation du logiciel. Ni
+ *  of the National Research             le nom du Conseil National de
+ *  Council of Canada nor the            Recherches du Canada ni les noms
+ *  names of its contributors may        de ses  participants ne peuvent
+ *  be used to endorse or promote        être utilisés pour approuver ou
+ *  products derived from this           promouvoir les produits dérivés
+ *  software without specific prior      de ce logiciel sans autorisation
+ *  written permission.                  préalable et particulière
+ *                                       par écrit.
+ *
+ *  This file is part of the             Ce fichier fait partie du projet
+ *  OpenCADC project.                    OpenCADC.
+ *
+ *  OpenCADC is free software:           OpenCADC est un logiciel libre ;
+ *  you can redistribute it and/or       vous pouvez le redistribuer ou le
+ *  modify it under the terms of         modifier suivant les termes de
+ *  the GNU Affero General Public        la “GNU Affero General Public
+ *  License as published by the          License” telle que publiée
+ *  Free Software Foundation,            par la Free Software Foundation
+ *  either version 3 of the              : soit la version 3 de cette
+ *  License, or (at your option)         licence, soit (à votre gré)
+ *  any later version.                   toute version ultérieure.
+ *
+ *  OpenCADC is distributed in the       OpenCADC est distribué
+ *  hope that it will be useful,         dans l’espoir qu’il vous
+ *  but WITHOUT ANY WARRANTY;            sera utile, mais SANS AUCUNE
+ *  without even the implied             GARANTIE : sans même la garantie
+ *  warranty of MERCHANTABILITY          implicite de COMMERCIALISABILITÉ
+ *  or FITNESS FOR A PARTICULAR          ni d’ADÉQUATION À UN OBJECTIF
+ *  PURPOSE.  See the GNU Affero         PARTICULIER. Consultez la Licence
+ *  General Public License for           Générale Publique GNU Affero
+ *  more details.                        pour plus de détails.
+ *
+ *  You should have received             Vous devriez avoir reçu une
+ *  a copy of the GNU Affero             copie de la Licence Générale
+ *  General Public License along         Publique GNU Affero avec
+ *  with OpenCADC.  If not, see          OpenCADC ; si ce n’est
+ *  <http://www.gnu.org/licenses/>.      pas le cas, consultez :
+ *                                       <http://www.gnu.org/licenses/>.
+ *
+ *  $Revision: 4 $
+ *
+ ************************************************************************
+ */
+package ca.nrc.cadc.ac.server.web.users;
+import java.io.IOException;
+import java.security.AccessControlException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import org.apache.log4j.Logger;
+import ca.nrc.cadc.ac.server.ldap.LdapUserPersistence;
+import ca.nrc.cadc.auth.HttpPrincipal;
+import ca.nrc.cadc.auth.SSOCookieManager;
+import ca.nrc.cadc.log.ServletLogInfo;
+import ca.nrc.cadc.util.StringUtil;
+@SuppressWarnings("serial")
+public class LoginServlet extends HttpServlet
+{
+    private static final Logger log = Logger.getLogger(LoginServlet.class);
+    private static final String CONTENT_TYPE = "text/plain";
+    /**
+     * Attempt to login for userid/password.
+     */
+	@SuppressWarnings("rawtypes")
+	public void doPost(HttpServletRequest request, HttpServletResponse response)
+        throws IOException
+    {
+        long start = System.currentTimeMillis();
+        ServletLogInfo logInfo = new ServletLogInfo(request);
+        try
+        {
+            log.info(logInfo.start());
+            String userID = request.getParameter("userid");
+            String password = request.getParameter("password");
+            if (StringUtil.hasText(userID))
+            {
+                if (StringUtil.hasText(password))
+                {
+                	if (new LdapUserPersistence().loginUser(userID, password))
+                	{
+	            	    String token = new SSOCookieManager().generate(new HttpPrincipal(userID));
+	            	    response.setContentType(CONTENT_TYPE);
+	            	    response.setContentLength(token.length());
+	            	    response.getWriter().write(token);
+                	}
+                }
+                else
+                {
+                	throw new IllegalArgumentException("Missing password");
+                }
+            }
+            else
+            {
+            	throw new IllegalArgumentException("Missing userid");
+            }
+        }
+        catch (IllegalArgumentException e)
+        {
+            log.debug(e.getMessage(), e);
+            logInfo.setMessage(e.getMessage());
+    	    response.setContentType(CONTENT_TYPE);
+            response.getWriter().write(e.getMessage());
+            response.setStatus(400);
+        }
+        catch (AccessControlException e)
+        {
+            log.debug(e.getMessage(), e);
+            logInfo.setMessage(e.getMessage());
+    	    response.setContentType(CONTENT_TYPE);
+            response.getWriter().write(e.getMessage());
+            response.setStatus(401);
+        }
+        catch (Throwable t)
+        {
+            String message = "Internal Server Error: " + t.getMessage();
+            log.error(message, t);
+            logInfo.setSuccess(false);
+            logInfo.setMessage(message);
+    	    response.setContentType(CONTENT_TYPE);
+            response.getWriter().write(message);
+            response.setStatus(500);
+        }
+        finally
+        {
+            logInfo.setElapsedTime(System.currentTimeMillis() - start);
+            log.info(logInfo.end());
+        }
+    }
+}