Skip to content
Snippets Groups Projects
Commit 683a0f73 authored by Brian Major's avatar Brian Major
Browse files

s1885 - allow quotes around privileged user identities in web.xml

parent 1637be8e
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/UserServlet.java
+ 24
9
View file @ 683a0f73
...@@ -75,6 +75,8 @@ import java.security.PrivilegedActionException; ...@@ -75,6 +75,8 @@ import java.security.PrivilegedActionException;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.List; import java.util.List;
import java.util.Set; import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.security.auth.Subject; import javax.security.auth.Subject;
import javax.security.auth.x500.X500Principal; import javax.security.auth.x500.X500Principal;
...@@ -104,7 +106,7 @@ public class UserServlet extends HttpServlet ...@@ -104,7 +106,7 @@ public class UserServlet extends HttpServlet
private static final long serialVersionUID = 5289130885807305288L; private static final long serialVersionUID = 5289130885807305288L;
private static final Logger log = Logger.getLogger(UserServlet.class); private static final Logger log = Logger.getLogger(UserServlet.class);
private List<Subject> privilegedSubjects; protected List<Subject> privilegedSubjects;
private UserPersistence userPersistence; private UserPersistence userPersistence;
...@@ -121,24 +123,37 @@ public class UserServlet extends HttpServlet ...@@ -121,24 +123,37 @@ public class UserServlet extends HttpServlet
String httpUsers = config.getInitParameter(UserServlet.class.getName() + ".PrivilegedHttpPrincipals"); String httpUsers = config.getInitParameter(UserServlet.class.getName() + ".PrivilegedHttpPrincipals");
log.debug("PrivilegedHttpUsers: " + httpUsers); log.debug("PrivilegedHttpUsers: " + httpUsers);
String[] x500List = new String[0]; List<String> x500List = new ArrayList<String>();
String[] httpList = new String[0]; List<String> httpList = new ArrayList<String>();
if (x500Users != null && httpUsers != null) if (x500Users != null && httpUsers != null)
{ {
x500List = x500Users.split(" "); Pattern pattern = Pattern.compile("([^\"]\\S*|\".+?\")\\s*");
httpList = httpUsers.split(" "); Matcher x500Matcher = pattern.matcher(x500Users);
Matcher httpMatcher = pattern.matcher(httpUsers);
if (x500List.length != httpList.length) while (x500Matcher.find())
{
String next = x500Matcher.group(1);
x500List.add(next.replace("\"", ""));
}
while (httpMatcher.find())
{
String next = httpMatcher.group(1);
httpList.add(next.replace("\"", ""));
}
if (x500List.size() != httpList.size())
{ {
throw new RuntimeException("Init exception: Lists of augment subject principals not equivalent in length"); throw new RuntimeException("Init exception: Lists of augment subject principals not equivalent in length");
} }
privilegedSubjects = new ArrayList<Subject>(x500Users.length()); privilegedSubjects = new ArrayList<Subject>(x500Users.length());
for (int i=0; i<x500List.length; i++) for (int i=0; i<x500List.size(); i++)
{ {
Subject s = new Subject(); Subject s = new Subject();
s.getPrincipals().add(new X500Principal(x500List[i])); s.getPrincipals().add(new X500Principal(x500List.get(i)));
s.getPrincipals().add(new HttpPrincipal(httpList[i])); s.getPrincipals().add(new HttpPrincipal(httpList.get(i)));
privilegedSubjects.add(s); privilegedSubjects.add(s);
} }
......
cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/web/UserServletTest.java
+ 138
3
View file @ 683a0f73
package ca.nrc.cadc.ac.server.web; package ca.nrc.cadc.ac.server.web;
import static org.easymock.EasyMock.createMock;
import static org.easymock.EasyMock.expect;
import static org.easymock.EasyMock.replay;
import static org.easymock.EasyMock.verify;
import static org.junit.Assert.assertEquals;
import java.util.List;
import javax.security.auth.Subject;
import javax.servlet.ServletConfig;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import ca.nrc.cadc.ac.server.web.UserServlet; import junit.framework.Assert;
import org.apache.log4j.Level;
import org.apache.log4j.Logger;
import org.easymock.EasyMock;
import org.junit.Test; import org.junit.Test;
import static org.easymock.EasyMock.*;
import static org.junit.Assert.*; import ca.nrc.cadc.db.StandaloneContextFactory;
import ca.nrc.cadc.util.Log4jInit;
public class UserServletTest public class UserServletTest
{ {
private static final Logger log = Logger.getLogger(UserServletTest.class);
public UserServletTest()
{
Log4jInit.setLevel("ca.nrc.cadc.ac", Level.INFO);
}
@Test @Test
public void getAcceptedContentTypeJSON() throws Exception public void getAcceptedContentTypeJSON() throws Exception
{ {
...@@ -45,4 +67,117 @@ public class UserServletTest ...@@ -45,4 +67,117 @@ public class UserServletTest
verify(mockRequest); verify(mockRequest);
} }
@Test
public void testPrivilegedUsers1()
{
try
{
StandaloneContextFactory.initJNDI();
UserServlet userServlet = new UserServlet();
ServletConfig config = EasyMock.createMock(ServletConfig.class);
EasyMock.expect(config.getInitParameter(
UserServlet.class.getName() + ".PrivilegedX500Principals")).
andReturn("cn=user1,ou=cadc,o=hia,c=ca cn=user2,ou=cadc,o=hia,c=ca");
EasyMock.expect(config.getInitParameter(
UserServlet.class.getName() + ".PrivilegedHttpPrincipals")).
andReturn("user1 user2");
EasyMock.replay(config);
userServlet.init(config);
List<Subject> subjects = userServlet.privilegedSubjects;
Assert.assertTrue(subjects.size() == 2);
EasyMock.verify(config);
}
catch (Exception e)
{
log.error("Unexpected", e);
Assert.fail(e.getMessage());
}
}
@Test
public void testPrivilegedUsers2()
{
try
{
StandaloneContextFactory.initJNDI();
UserServlet userServlet = new UserServlet();
ServletConfig config = EasyMock.createMock(ServletConfig.class);
EasyMock.expect(config.getInitParameter(
UserServlet.class.getName() + ".PrivilegedX500Principals")).
andReturn("\"cn=user1, ou=cadc, o=hia,c=ca\" \"cn=user2, ou=cadc,o=hia,c=ca\"");
EasyMock.expect(config.getInitParameter(
UserServlet.class.getName() + ".PrivilegedHttpPrincipals")).
andReturn("user1 \"user2\"");
EasyMock.replay(config);
userServlet.init(config);
List<Subject> subjects = userServlet.privilegedSubjects;
Assert.assertTrue(subjects.size() == 2);
EasyMock.verify(config);
}
catch (Exception e)
{
log.error("Unexpected", e);
Assert.fail(e.getMessage());
}
}
@Test
public void testPrivilegedUsers3()
{
try
{
StandaloneContextFactory.initJNDI();
UserServlet userServlet = new UserServlet();
ServletConfig config = EasyMock.createMock(ServletConfig.class);
EasyMock.expect(config.getInitParameter(
UserServlet.class.getName() + ".PrivilegedX500Principals")).
andReturn("\"cn=user1, ou=cadc, o=hia,c=ca\"");
EasyMock.expect(config.getInitParameter(
UserServlet.class.getName() + ".PrivilegedHttpPrincipals")).
andReturn("user1");
EasyMock.replay(config);
userServlet.init(config);
List<Subject> subjects = userServlet.privilegedSubjects;
Assert.assertTrue(subjects.size() == 1);
EasyMock.verify(config);
}
catch (Exception e)
{
log.error("Unexpected", e);
Assert.fail(e.getMessage());
}
}
@Test
public void testPrivilegedUsers4()
{
try
{
StandaloneContextFactory.initJNDI();
UserServlet userServlet = new UserServlet();
ServletConfig config = EasyMock.createMock(ServletConfig.class);
EasyMock.expect(config.getInitParameter(
UserServlet.class.getName() + ".PrivilegedX500Principals")).
andReturn("\"cn=user1, ou=cadc, o=hia,c=ca\" \"cn=user2, ou=cadc,o=hia,c=ca\"");
EasyMock.expect(config.getInitParameter(
UserServlet.class.getName() + ".PrivilegedHttpPrincipals")).
andReturn("user1 \"user2\" user3");
EasyMock.replay(config);
try
{
userServlet.init(config);
Assert.fail("Should have thrown an error");
}
catch (ExceptionInInitializerError e)
{
// expected
}
}
catch (Exception e)
{
log.error("Unexpected", e);
Assert.fail(e.getMessage());
}
}
} }
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment