diff --git a/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java b/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java index e2f4371fe2818f086db178aca0b5b95370ba4494..9fb16743fbb52a67faf47f47c66b117914b921b1 100755 --- a/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java +++ b/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java @@ -815,7 +815,7 @@ public class LdapUserDAO extends LdapDAO logger.debug("search filter: " + filter); final String[] attributes = new String[] - { LDAP_UID, LDAP_FIRST_NAME, LDAP_LAST_NAME }; + { LDAP_USER_NAME, LDAP_FIRST_NAME, LDAP_LAST_NAME }; final SearchRequest searchRequest = new SearchRequest(usersDN, SearchScope.ONE, filter, attributes); @@ -831,10 +831,10 @@ public class LdapUserDAO extends LdapDAO next.getAttributeValue(LDAP_FIRST_NAME); final String lastName = next.getAttributeValue(LDAP_LAST_NAME).trim(); - final String uid = next.getAttributeValue(LDAP_UID); + final String username = next.getAttributeValue(LDAP_USER_NAME); User user = new User(); - user.getIdentities().add(new HttpPrincipal(uid)); + user.getIdentities().add(new HttpPrincipal(username)); // Only add Personal Details if it is relevant. if (StringUtil.hasLength(firstName) && diff --git a/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/groups/CreateGroupAction.java b/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/groups/CreateGroupAction.java index 37c3e1335499e464880c68141f041b724df29e89..d58b5b791a82f3864527ee49834c537e419c3212 100755 --- a/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/groups/CreateGroupAction.java +++ b/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/groups/CreateGroupAction.java @@ -107,7 +107,7 @@ public class CreateGroupAction extends AbstractGroupAction } for (User usr : group.getUserMembers()) { - addedMembers.add(usr.getHttpPrincipal().getName()); + addedMembers.add(usr.getX500Principal().getName()); } } logGroupInfo(group.getID(), null, addedMembers); diff --git a/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/groups/RemoveUserMemberAction.java b/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/groups/RemoveUserMemberAction.java index 8d08c6fb61ff369567382cd6c4c27c7666e51f2f..8abb5a7a6a2d2ed80b4a436baa8285947e28f3ed 100755 --- a/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/groups/RemoveUserMemberAction.java +++ b/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/groups/RemoveUserMemberAction.java @@ -78,6 +78,7 @@ import ca.nrc.cadc.ac.User; import ca.nrc.cadc.ac.server.PluginFactory; import ca.nrc.cadc.ac.server.UserPersistence; import ca.nrc.cadc.auth.AuthenticationUtil; +import ca.nrc.cadc.util.ObjectUtil; public class RemoveUserMemberAction extends AbstractGroupAction { @@ -102,6 +103,7 @@ public class RemoveUserMemberAction extends AbstractGroupAction User user = getUserPersistence().getAugmentedUser(userPrincipal); User toRemove = new User(); + ObjectUtil.setField(toRemove, user.getID(), "id"); toRemove.getIdentities().addAll(user.getIdentities()); if (!group.getUserMembers().remove(toRemove)) diff --git a/cadcAccessControl/src/ca/nrc/cadc/ac/User.java b/cadcAccessControl/src/ca/nrc/cadc/ac/User.java index 19a1b2cd6e8fdaa05652ada5013ffcd2bcfb6568..827f3df6c1f3e36c64fed54d8567ba9835c83aa1 100644 --- a/cadcAccessControl/src/ca/nrc/cadc/ac/User.java +++ b/cadcAccessControl/src/ca/nrc/cadc/ac/User.java @@ -68,6 +68,7 @@ */ package ca.nrc.cadc.ac; +import java.io.PrintWriter; import java.security.Principal; import java.util.Comparator; import java.util.Date; @@ -77,8 +78,12 @@ import java.util.TreeSet; import ca.nrc.cadc.auth.HttpPrincipal; +import javax.security.auth.x500.X500Principal; + public class User { + // How on God's green earth is this used? Where is it set? + // jenkinsd 2016.03.24 private InternalID id; private Set<Principal> identities = new TreeSet<Principal>(new PrincipalComparator()); @@ -141,6 +146,14 @@ public class User return null; } + public X500Principal getX500Principal() + { + final Set<X500Principal> identities = + getIdentities(X500Principal.class); + return identities.isEmpty() ? null : identities.iterator().next(); + } + + /** * A User is considered consistent if the User's set of identities are a superset * of this Users set of identities. diff --git a/cadcAccessControl/src/ca/nrc/cadc/ac/client/UserClient.java b/cadcAccessControl/src/ca/nrc/cadc/ac/client/UserClient.java index 8e2780087f960fd4d48077f0ad87b3945a2888e0..baebd04836031f517ae436300392b8e039f39b16 100644 --- a/cadcAccessControl/src/ca/nrc/cadc/ac/client/UserClient.java +++ b/cadcAccessControl/src/ca/nrc/cadc/ac/client/UserClient.java @@ -117,8 +117,8 @@ public class UserClient /** * Constructor. * - * @param baseURL The URL of the supporting access control web service - * obtained from the registry. + * @param serviceURI The URI of the supporting access control web service + * obtained from the registry. */ public UserClient(URI serviceURI) throws IllegalArgumentException @@ -129,7 +129,7 @@ public class UserClient public UserClient(URI serviceURI, RegistryClient registryClient) { if (serviceURI == null) - throw new IllegalArgumentException("invalid serviceURI: " + serviceURI); + throw new IllegalArgumentException("Service URI cannot be null."); if (serviceURI.getFragment() != null) throw new IllegalArgumentException("invalid serviceURI (fragment not allowed): " + serviceURI); @@ -204,7 +204,9 @@ public class UserClient { URL usersURL = registryClient.getServiceURL(usersURI, "https"); final List<User> webUsers = new ArrayList<User>(); - HttpDownload httpDownload = new HttpDownload(usersURL, new JsonUserListInputStreamWrapper(webUsers)); + HttpDownload httpDownload = + new HttpDownload(usersURL, + new JsonUserListInputStreamWrapper(webUsers)); httpDownload.setRequestProperty("Accept", "application/json"); httpDownload.run();