From 5f7a7eaeb13a6e800ec28c6e388a50195eb0f32d Mon Sep 17 00:00:00 2001
From: Jeff Burke <Jeff.Burke@nrc-cnrc.gc.ca>
Date: Thu, 21 Aug 2014 09:22:28 -0700
Subject: [PATCH] s1651: unit test for testing group ownership
---
.../nrc/cadc/ac/server/GroupPersistence.java | 7 +-
.../nrc/cadc/ac/server/ldap/LdapGroupDAO.java | 68 ++++++--
.../ac/server/ldap/LdapGroupPersistence.java | 30 ++--
.../ac/server/ldap/LdapUserPersistence.java | 6 +-
.../ac/server/web/AddGroupMemberAction.java | 9 +-
.../ac/server/web/AddUserMemberAction.java | 11 +-
.../cadc/ac/server/web/CreateGroupAction.java | 6 +-
.../cadc/ac/server/web/DeleteGroupAction.java | 4 +-
.../cadc/ac/server/web/GetGroupAction.java | 2 +-
.../cadc/ac/server/web/ModifyGroupAction.java | 8 +-
.../server/web/RemoveGroupMemberAction.java | 6 +-
.../ac/server/web/RemoveUserMemberAction.java | 9 +-
.../cadc/ac/server/ldap/LdapGroupDAOTest.java | 154 ++++++++++++------
.../src/ca/nrc/cadc/ac/AC.java | 2 +-
14 files changed, 210 insertions(+), 112 deletions(-)
diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/GroupPersistence.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/GroupPersistence.java
index f801d777..70556c68 100755
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/GroupPersistence.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/GroupPersistence.java
@@ -145,7 +145,7 @@ public abstract interface GroupPersistence<T extends Principal>
/**
* Obtain a Collection of Groups that fit the given query.
*
- * @param user<T> ID of user
+ * @param user user
* @param role Role of the user, either owner, member, or read/write.
*
* @return Collection of Groups matching the query, or empty Collection.
@@ -162,7 +162,7 @@ public abstract interface GroupPersistence<T extends Principal>
/**
* Check whether the user is a member of the group.
*
- * @param user<T> ID of user
+ * @param user user
* @param groupID ID of group
*
* @return true or false
@@ -170,9 +170,10 @@ public abstract interface GroupPersistence<T extends Principal>
* @throws GroupNotFoundException If the group was not found.
* @throws TransientException If an temporary, unexpected problem occurred.
* @throws AccessControlException If the operation is not permitted.
+ * @throws ca.nrc.cadc.ac.UserNotFoundException
*/
public abstract boolean isMember(User<T> user, String groupID)
throws GroupNotFoundException, TransientException,
- AccessControlException;
+ AccessControlException, UserNotFoundException;
}
diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java
index 738710f9..d61df2a5 100755
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java
@@ -68,7 +68,6 @@
*/
package ca.nrc.cadc.ac.server.ldap;
-import ca.nrc.cadc.ac.AC;
import ca.nrc.cadc.ac.Group;
import ca.nrc.cadc.ac.GroupAlreadyExistsException;
import ca.nrc.cadc.ac.GroupNotFoundException;
@@ -87,6 +86,7 @@ import com.unboundid.ldap.sdk.ModificationType;
import com.unboundid.ldap.sdk.ModifyDNRequest;
import com.unboundid.ldap.sdk.ModifyRequest;
import com.unboundid.ldap.sdk.SearchRequest;
+import com.unboundid.ldap.sdk.SearchResult;
import com.unboundid.ldap.sdk.SearchResultEntry;
import com.unboundid.ldap.sdk.SearchScope;
import com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV2RequestControl;
@@ -232,7 +232,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
}
List<String> members = new ArrayList<String>();
- for (User member : group.getUserMembers())
+ for (User<?> member : group.getUserMembers())
{
DN memberDN = this.userPersist.getUserDN(member);
members.add(memberDN.toNormalizedString());
@@ -323,39 +323,73 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
* readGrDN.toNormalizedString()) the query, or empty
* Collection. Never null.
* @throws TransientException If an temporary, unexpected problem occurred.
- * @throws ca.nrc.cadc.ac.UserNotFoundException
+ * @throws UserNotFoundException
*/
public Collection<Group> getGroups(User<T> user, Role role)
throws TransientException, AccessControlException,
UserNotFoundException
{
try
- {
- Filter filter;
- switch (role)
+ {
+ DN userDN = userPersist.getUserDN(user);
+ Filter filter = null;
+ if (role == Role.OWNER)
{
- case AC.ID_TYPE_X500:
-
-
-
+ filter = Filter.createEqualityFilter("owner", userDN.toString());
+ }
+ else if (role == Role.MEMBER)
+ {
+ throw new IllegalArgumentException("Member role not implemented");
+ }
+ else if (role == Role.RW)
+ {
+ throw new IllegalArgumentException("RW role not implemented");
}
SearchRequest searchRequest = new SearchRequest(
- config.getGroupsDN(), SearchScope.SUB,
- "(cn=" + groupID + ")", new String[] {"entrydn", "entryid",
- "cn", "description", "owner", "uniquemember", "aci",
- "modifytimestamp"});
+ config.getGroupsDN(), SearchScope.SUB, filter,
+ new String[] {"cn", "description",
+ "owner", "modifytimestamp"});
+
+ searchRequest.addControl(
+ new ProxiedAuthorizationV2RequestControl("dn:" +
+ getSubjectDN().toNormalizedString()));
+
+ Collection<Group> groups = new ArrayList<Group>();
+ SearchResult results = getConnection().search(searchRequest);
+ for (SearchResultEntry result : results.getSearchEntries())
+ {
+ String groupName = result.getAttributeValue("cn");
+ DN groupOwner = result.getAttributeValueAsDN("owner");
+
+ User<X500Principal> owner;
+ try
+ {
+ owner = userPersist.getMember(groupOwner);
+ }
+ catch (UserNotFoundException e)
+ {
+ throw new RuntimeException("BUG: group owner not found");
+ }
+
+ Group group = new Group(groupName, owner);
+ group.description = result.getAttributeValue("description");
+ group.lastModified = result.getAttributeValueAsDate("modifytimestamp");
+ groups.add(group);
+ }
+
+ return groups;
}
catch (LDAPException e1)
{
// TODO check which LDAP exceptions are transient and which
// ones are
// access control
- throw new TransientException("Error getting the group", e1);
+ throw new TransientException("Error getting groups", e1);
}
}
- public boolean isMember(User<T> member, String groupID)
+ public boolean isMember(User<T> user, String groupID)
throws UserNotFoundException, TransientException,
AccessControlException
{
@@ -601,7 +635,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
}
List<String> delMembers = new ArrayList<String>();
- for (User member : oldGroup.getUserMembers())
+ for (User<?> member : oldGroup.getUserMembers())
{
DN memberDN;
try
diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupPersistence.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupPersistence.java
index 2704962f..65386490 100755
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupPersistence.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupPersistence.java
@@ -97,10 +97,10 @@ public class LdapGroupPersistence<T extends Principal>
throws GroupNotFoundException, TransientException,
AccessControlException
{
- LdapGroupDAO groupDAO = null;
+ LdapGroupDAO<T> groupDAO = null;
try
{
- groupDAO = new LdapGroupDAO(config, new LdapUserDAO(config));
+ groupDAO = new LdapGroupDAO<T>(config, new LdapUserDAO<T>(config));
Group ret = groupDAO.getGroup(groupName);
return ret;
}
@@ -117,10 +117,10 @@ public class LdapGroupPersistence<T extends Principal>
throws GroupAlreadyExistsException, TransientException,
AccessControlException, UserNotFoundException
{
- LdapGroupDAO groupDAO = null;
+ LdapGroupDAO<T> groupDAO = null;
try
{
- groupDAO = new LdapGroupDAO(config, new LdapUserDAO(config));
+ groupDAO = new LdapGroupDAO<T>(config, new LdapUserDAO<T>(config));
Group ret = groupDAO.addGroup(group);
return ret;
}
@@ -137,10 +137,10 @@ public class LdapGroupPersistence<T extends Principal>
throws GroupNotFoundException, TransientException,
AccessControlException
{
- LdapGroupDAO groupDAO = null;
+ LdapGroupDAO<T> groupDAO = null;
try
{
- groupDAO = new LdapGroupDAO(config, new LdapUserDAO(config));
+ groupDAO = new LdapGroupDAO<T>(config, new LdapUserDAO<T>(config));
groupDAO.deleteGroup(groupName);
}
finally
@@ -156,10 +156,10 @@ public class LdapGroupPersistence<T extends Principal>
throws GroupNotFoundException, TransientException,
AccessControlException, UserNotFoundException
{
- LdapGroupDAO groupDAO = null;
+ LdapGroupDAO<T> groupDAO = null;
try
{
- groupDAO = new LdapGroupDAO(config, new LdapUserDAO(config));
+ groupDAO = new LdapGroupDAO<T>(config, new LdapUserDAO<T>(config));
Group ret = groupDAO.modifyGroup(group);
return ret;
}
@@ -175,10 +175,10 @@ public class LdapGroupPersistence<T extends Principal>
public Collection<Group> getGroups(User<T> user, Role role)
throws UserNotFoundException, TransientException, AccessControlException
{
- LdapGroupDAO groupDAO = null;
+ LdapGroupDAO<T> groupDAO = null;
try
{
- groupDAO = new LdapGroupDAO(config, new LdapUserDAO(config));
+ groupDAO = new LdapGroupDAO<T>(config, new LdapUserDAO<T>(config));
Collection<Group> ret = groupDAO.getGroups(user, role);
return ret;
}
@@ -191,15 +191,15 @@ public class LdapGroupPersistence<T extends Principal>
}
}
- public boolean isMember(User<T> member, String groupID)
+ public boolean isMember(User<T> user, String groupID)
throws GroupNotFoundException, TransientException,
- AccessControlException
+ AccessControlException, UserNotFoundException
{
- LdapGroupDAO groupDAO = null;
+ LdapGroupDAO<T> groupDAO = null;
try
{
- groupDAO = new LdapGroupDAO(config, new LdapUserDAO(config));
- boolean ret = groupDAO.isMember(member, groupID);
+ groupDAO = new LdapGroupDAO<T>(config, new LdapUserDAO<T>(config));
+ boolean ret = groupDAO.isMember(user, groupID);
return ret;
}
finally
diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserPersistence.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserPersistence.java
index ebdd209e..4305fbe9 100755
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserPersistence.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserPersistence.java
@@ -97,11 +97,11 @@ public class LdapUserPersistence<T extends Principal>
public User<T> getUser(T userID)
throws UserNotFoundException, TransientException, AccessControlException
{
- LdapUserDAO userDAO = null;
+ LdapUserDAO<T> userDAO = null;
try
{
- userDAO = new LdapUserDAO(this.config);
- User ret = userDAO.getUser(userID);
+ userDAO = new LdapUserDAO<T>(this.config);
+ User<T> ret = userDAO.getUser(userID);
return ret;
}
finally
diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/AddGroupMemberAction.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/AddGroupMemberAction.java
index 8dda2df4..9577061c 100755
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/AddGroupMemberAction.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/AddGroupMemberAction.java
@@ -77,10 +77,11 @@ import java.util.Set;
public class AddGroupMemberAction extends GroupsAction
{
- private String groupName;
- private String groupMemberName;
+ private final String groupName;
+ private final String groupMemberName;
- AddGroupMemberAction(GroupLogInfo logInfo, String groupName, String groupMemberName)
+ AddGroupMemberAction(GroupLogInfo logInfo, String groupName,
+ String groupMemberName)
{
super(logInfo);
this.groupName = groupName;
@@ -99,7 +100,7 @@ public class AddGroupMemberAction extends GroupsAction
}
groupPersistence.modifyGroup(group);
- List addedMembers = new ArrayList();
+ List<String> addedMembers = new ArrayList<String>();
addedMembers.add(toAdd.getID());
logGroupInfo(group.getID(), null, addedMembers);
return null;
diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/AddUserMemberAction.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/AddUserMemberAction.java
index 22e55998..3862f48e 100755
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/AddUserMemberAction.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/AddUserMemberAction.java
@@ -81,11 +81,12 @@ import java.util.Set;
public class AddUserMemberAction extends GroupsAction
{
- private String groupName;
- private String userID;
- private String userIDType;
+ private final String groupName;
+ private final String userID;
+ private final String userIDType;
- AddUserMemberAction(GroupLogInfo logInfo, String groupName, String userID, String userIDType)
+ AddUserMemberAction(GroupLogInfo logInfo, String groupName, String userID,
+ String userIDType)
{
super(logInfo);
this.groupName = groupName;
@@ -107,7 +108,7 @@ public class AddUserMemberAction extends GroupsAction
}
groupPersistence.modifyGroup(group);
- List addedMembers = new ArrayList();
+ List<String> addedMembers = new ArrayList<String>();
addedMembers.add(toAdd.getUserID().getName());
logGroupInfo(group.getID(), null, addedMembers);
return null;
diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/CreateGroupAction.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/CreateGroupAction.java
index 16a7477a..15689805 100755
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/CreateGroupAction.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/CreateGroupAction.java
@@ -82,7 +82,7 @@ import javax.servlet.http.HttpServletResponse;
public class CreateGroupAction extends GroupsAction
{
- private InputStream inputStream;
+ private final InputStream inputStream;
CreateGroupAction(GroupLogInfo logInfo, InputStream inputStream)
{
@@ -99,10 +99,10 @@ public class CreateGroupAction extends GroupsAction
this.response.setContentType("application/xml");
GroupWriter.write(newGroup, this.response.getOutputStream());
- List addedMembers = null;
+ List<String> addedMembers = null;
if ((newGroup.getUserMembers().size() > 0) || (newGroup.getGroupMembers().size() > 0))
{
- addedMembers = new ArrayList();
+ addedMembers = new ArrayList<String>();
for (Group gr : newGroup.getGroupMembers())
{
addedMembers.add(gr.getID());
diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/DeleteGroupAction.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/DeleteGroupAction.java
index 0ea035fa..88504632 100755
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/DeleteGroupAction.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/DeleteGroupAction.java
@@ -78,7 +78,7 @@ import java.util.Set;
public class DeleteGroupAction extends GroupsAction
{
- private String groupName;
+ private final String groupName;
DeleteGroupAction(GroupLogInfo logInfo, String groupName)
{
@@ -94,7 +94,7 @@ public class DeleteGroupAction extends GroupsAction
groupPersistence.deleteGroup(this.groupName);
if ((deletedGroup.getUserMembers().size() > 0) || (deletedGroup.getGroupMembers().size() > 0))
{
- this.logInfo.addedMembers = new ArrayList();
+ this.logInfo.addedMembers = new ArrayList<String>();
for (Group gr : deletedGroup.getGroupMembers())
{
this.logInfo.deletedMembers.add(gr.getID());
diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/GetGroupAction.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/GetGroupAction.java
index d4d50f1d..9854b25d 100755
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/GetGroupAction.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/GetGroupAction.java
@@ -74,7 +74,7 @@ import javax.servlet.http.HttpServletResponse;
public class GetGroupAction extends GroupsAction
{
- private String groupName;
+ private final String groupName;
GetGroupAction(GroupLogInfo logInfo, String groupName)
{
diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/ModifyGroupAction.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/ModifyGroupAction.java
index 6755d009..9e5221c4 100755
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/ModifyGroupAction.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/ModifyGroupAction.java
@@ -81,8 +81,8 @@ import javax.servlet.http.HttpServletResponse;
public class ModifyGroupAction extends GroupsAction
{
- private String groupName;
- private InputStream inputStream;
+ private final String groupName;
+ private final InputStream inputStream;
ModifyGroupAction(GroupLogInfo logInfo, String groupName, InputStream inputStream)
{
@@ -100,7 +100,7 @@ public class ModifyGroupAction extends GroupsAction
Group modifiedGroup = groupPersistence.modifyGroup(group);
this.response.sendRedirect(modifiedGroup.getID());
- List addedMembers = new ArrayList();
+ List<String> addedMembers = new ArrayList<String>();
for (User member : group.getUserMembers())
{
if (!oldGroup.getUserMembers().remove(member))
@@ -119,7 +119,7 @@ public class ModifyGroupAction extends GroupsAction
{
addedMembers = null;
}
- List deletedMembers = new ArrayList();
+ List<String> deletedMembers = new ArrayList<String>();
for (User member : oldGroup.getUserMembers())
{
deletedMembers.add(member.getUserID().getName());
diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/RemoveGroupMemberAction.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/RemoveGroupMemberAction.java
index 281f06d3..39e14891 100755
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/RemoveGroupMemberAction.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/RemoveGroupMemberAction.java
@@ -77,8 +77,8 @@ import java.util.Set;
public class RemoveGroupMemberAction extends GroupsAction
{
- private String groupName;
- private String groupMemberName;
+ private final String groupName;
+ private final String groupMemberName;
RemoveGroupMemberAction(GroupLogInfo logInfo, String groupName, String groupMemberName)
{
@@ -99,7 +99,7 @@ public class RemoveGroupMemberAction extends GroupsAction
}
groupPersistence.modifyGroup(group);
- List deletedMembers = new ArrayList();
+ List<String> deletedMembers = new ArrayList<String>();
deletedMembers.add(toRemove.getID());
logGroupInfo(group.getID(), deletedMembers, null);
return null;
diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/RemoveUserMemberAction.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/RemoveUserMemberAction.java
index d5aa14ae..67b34292 100755
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/RemoveUserMemberAction.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/RemoveUserMemberAction.java
@@ -77,13 +77,12 @@ import ca.nrc.cadc.auth.AuthenticationUtil;
import java.security.Principal;
import java.util.ArrayList;
import java.util.List;
-import java.util.Set;
public class RemoveUserMemberAction extends GroupsAction
{
- private String groupName;
- private String userID;
- private String userIDType;
+ private final String groupName;
+ private final String userID;
+ private final String userIDType;
RemoveUserMemberAction(GroupLogInfo logInfo, String groupName, String userID, String userIDType)
{
@@ -107,7 +106,7 @@ public class RemoveUserMemberAction extends GroupsAction
}
groupPersistence.modifyGroup(group);
- List deletedMembers = new ArrayList();
+ List<String> deletedMembers = new ArrayList<String>();
deletedMembers.add(toRemove.getUserID().getName());
logGroupInfo(group.getID(), deletedMembers, null);
return null;
diff --git a/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java b/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java
index 7ac6defc..82132438 100644
--- a/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java
+++ b/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java
@@ -46,21 +46,50 @@ import org.junit.Test;
import ca.nrc.cadc.ac.Group;
import ca.nrc.cadc.ac.GroupProperty;
+import ca.nrc.cadc.ac.Role;
import ca.nrc.cadc.ac.User;
+import ca.nrc.cadc.util.Log4jInit;
+import java.util.Collection;
+import org.apache.log4j.Level;
+import org.apache.log4j.Logger;
+import static org.junit.Assert.fail;
+import org.junit.BeforeClass;
public class LdapGroupDAOTest
{
- final String groupID1 = "acs-daotest-group1-" + System.currentTimeMillis();
- final String groupID2 = "acs-daotest-group2-" + System.currentTimeMillis();
+ private static final Logger log = Logger.getLogger(LdapGroupDAOTest.class);
- LdapConfig config = new LdapConfig(
- "199.116.235.122",
-// "mach275.cadc.dao.nrc.ca",
- 389,
+ static User<X500Principal> authtest1;
+ static User<X500Principal> authtest2;
+ static User<X500Principal> regtest1;
+
+ static String groupID1;
+ static String groupID2;
+
+ static LdapConfig config;
+
+ @BeforeClass
+ public static void setUpBeforeClass()
+ throws Exception
+ {
+ Log4jInit.setLevel("ca.nrc.cadc.ac", Level.DEBUG);
+
+ groupID1 = "acs-daotest-group1-" + System.currentTimeMillis();
+ groupID2 = "acs-daotest-group2-" + System.currentTimeMillis();
+
+ authtest1 = new User<X500Principal>(
+ new X500Principal("cn=cadc authtest1 10627,ou=cadc,o=hia"));
+ authtest2 = new User<X500Principal>(
+ new X500Principal("cn=cadc authtest2 10635,ou=cadc,o=hia"));
+ regtest1 = new User<X500Principal>(
+ new X500Principal("CN=CADC Regtest1 10577,OU=CADC,O=HIA"));
+
+ config = new LdapConfig("mach275.cadc.dao.nrc.ca", 389,
"uid=webproxy,ou=administrators,ou=topologymanagement,o=netscaperoot",
"go4it", "ou=Users,ou=ds,dc=canfar,dc=net",
"ou=TestGroups,ou=ds,dc=canfar,dc=net",
"ou=DeletedGroups,ou=ds,dc=canfar,dc=net");
+ }
LdapGroupDAO<X500Principal> getGroupDAO()
{
@@ -68,19 +97,11 @@ public class LdapGroupDAOTest
new LdapUserDAO<X500Principal>(config));
}
- @Test
+// @Test
public void testOneGroup() throws Exception
{
-
- final User<X500Principal> owner = new User<X500Principal>(
- new X500Principal("cn=cadc authtest1 10627,ou=cadc,o=hia"));
- final User<X500Principal> authtest2 = new User<X500Principal>(
- new X500Principal("CN=cadc authtest2 10635,OU=cadc,O=hia"));
- final User<X500Principal> regtest1 = new User<X500Principal>(
- new X500Principal("CN=CADC Regtest1 10577,OU=CADC,O=HIA"));
-
Subject subject = new Subject();
- subject.getPrincipals().add(owner.getUserID());
+ subject.getPrincipals().add(authtest1.getUserID());
// do everything as owner
Subject.doAs(subject, new PrivilegedExceptionAction<Object>()
@@ -89,12 +110,12 @@ public class LdapGroupDAOTest
{
try
{
- Group expectGroup = new Group(groupID1, owner);
+ Group expectGroup = new Group(groupID1, authtest1);
Group actualGroup = getGroupDAO().addGroup(expectGroup);
assertGroupsEqual(expectGroup, actualGroup);
-// Group otherGroup = new Group(groupID2, authtest2);
-// otherGroup = getGroupDAO().addGroup(otherGroup);
+ Group otherGroup = new Group(groupID2, authtest1);
+ otherGroup = getGroupDAO().addGroup(otherGroup);
// modify group fields
// description
@@ -102,30 +123,30 @@ public class LdapGroupDAOTest
actualGroup = getGroupDAO().modifyGroup(expectGroup);
assertGroupsEqual(expectGroup, actualGroup);
-// // groupRead
-// expectGroup.groupRead = otherGroup;
-// actualGroup = getGroupDAO().modifyGroup(expectGroup);
-// assertGroupsEqual(expectGroup, actualGroup);
-//
-// // groupWrite
-// expectGroup.groupWrite = otherGroup;
-// actualGroup = getGroupDAO().modifyGroup(expectGroup);
-// assertGroupsEqual(expectGroup, actualGroup);
+ // groupRead
+ expectGroup.groupRead = otherGroup;
+ actualGroup = getGroupDAO().modifyGroup(expectGroup);
+ assertGroupsEqual(expectGroup, actualGroup);
+
+ // groupWrite
+ expectGroup.groupWrite = otherGroup;
+ actualGroup = getGroupDAO().modifyGroup(expectGroup);
+ assertGroupsEqual(expectGroup, actualGroup);
// publicRead
expectGroup.publicRead = true;
actualGroup = getGroupDAO().modifyGroup(expectGroup);
assertGroupsEqual(expectGroup, actualGroup);
-// // userMembers
-// expectGroup.getUserMembers().add(authtest2);
-// actualGroup = getGroupDAO().modifyGroup(expectGroup);
-// assertGroupsEqual(expectGroup, actualGroup);
-//
-// // groupMembers
-// expectGroup.getGroupMembers().add(otherGroup);
-// actualGroup = getGroupDAO().modifyGroup(expectGroup);
-// assertGroupsEqual(expectGroup, actualGroup);
+ // userMembers
+ expectGroup.getUserMembers().add(authtest2);
+ actualGroup = getGroupDAO().modifyGroup(expectGroup);
+ assertGroupsEqual(expectGroup, actualGroup);
+
+ // groupMembers
+ expectGroup.getGroupMembers().add(otherGroup);
+ actualGroup = getGroupDAO().modifyGroup(expectGroup);
+ assertGroupsEqual(expectGroup, actualGroup);
return null;
}
catch (Exception e)
@@ -139,14 +160,8 @@ public class LdapGroupDAOTest
// @Test
public void testMultipleGroups() throws Exception
{
-
- final User<X500Principal> owner = new User<X500Principal>(
- new X500Principal("cn=cadc authtest1 10627,ou=cadc,o=hia"));
- final User<X500Principal> authtest2 = new User<X500Principal>(
- new X500Principal("cn=cadc authtest2 10635,ou=cadc,o=hia"));
-
Subject subject = new Subject();
- subject.getPrincipals().add(owner.getUserID());
+ subject.getPrincipals().add(authtest1.getUserID());
// do everything as owner
Subject.doAs(subject, new PrivilegedExceptionAction<Object>()
@@ -155,11 +170,11 @@ public class LdapGroupDAOTest
{
try
{
- Group expectGroup = new Group(groupID1, owner);
+ Group expectGroup = new Group(groupID1, authtest1);
Group actualGroup = getGroupDAO().addGroup(expectGroup);
assertGroupsEqual(expectGroup, actualGroup);
- Group otherGroup = new Group(groupID2, authtest2);
+ Group otherGroup = new Group(groupID2, authtest1);
otherGroup = getGroupDAO().addGroup(otherGroup);
// modify group fields
@@ -201,6 +216,53 @@ public class LdapGroupDAOTest
}
});
}
+
+ @Test
+ public void testGetGroups() throws Exception
+ {
+ Subject subject = new Subject();
+ subject.getPrincipals().add(authtest1.getUserID());
+
+ // do everything as owner
+ Subject.doAs(subject, new PrivilegedExceptionAction<Object>()
+ {
+ public Object run() throws Exception
+ {
+ try
+ {
+ Group expectGroup = new Group(groupID1, authtest1);
+ Group actualGroup = getGroupDAO().addGroup(expectGroup);
+ assertGroupsEqual(expectGroup, actualGroup);
+ System.out.println("new group: " + groupID1);
+
+ Collection<Group> groups = getGroupDAO().getGroups(authtest1, Role.OWNER);
+ System.out.println("# groups found: " + groups.size());
+ boolean found = false;
+ for (Group group : groups)
+ {
+ System.out.println("found group: " + group.getID());
+ if (!group.getOwner().equals(authtest1))
+ {
+ fail("returned group with wrong owner");
+ }
+ if (group.getID().equals(groupID1))
+ {
+ found = true;
+ }
+ }
+ if (!found)
+ {
+ fail("");
+ }
+ }
+ catch (Exception e)
+ {
+ throw new Exception("Problems", e);
+ }
+ return null;
+ }
+ });
+ }
private void assertGroupsEqual(Group gr1, Group gr2)
{
diff --git a/projects/cadcAccessControl/src/ca/nrc/cadc/ac/AC.java b/projects/cadcAccessControl/src/ca/nrc/cadc/ac/AC.java
index 782a0529..c80bc419 100755
--- a/projects/cadcAccessControl/src/ca/nrc/cadc/ac/AC.java
+++ b/projects/cadcAccessControl/src/ca/nrc/cadc/ac/AC.java
@@ -69,7 +69,7 @@
package ca.nrc.cadc.ac;
/**
- * Holder of commonly used consts in GMS
+ * Holder of commonly used consts in cadcAccessControl
*/
public class AC
{
--
GitLab