s1728: move WhoAmIServlet from ac_ws to cadcAccessControl-Server, put all...

s1728: move WhoAmIServlet from ac_ws to cadcAccessControl-Server, put all servlets in the same package, fix unit tests.

s1728: move WhoAmIServlet from ac_ws to cadcAccessControl-Server, put all...
773fa9a3 · Jeff Burke · e5791a3e · 773fa9a3 · 773fa9a3 · 773fa9a3
Commit 773fa9a3 authored 9 years ago by Jeff Burke
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/groups/ACSearchRunner.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/groups/ACSearchRunner.java
@@ -66,7 +66,7 @@
 *
 ************************************************************************
 */
-package ca.nrc.cadc.ac.server.web.groups;
+package ca.nrc.cadc.ac.server.web;

 import ca.nrc.cadc.ac.Group;
 import ca.nrc.cadc.ac.GroupNotFoundException;

--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/groups/GroupServlet.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/groups/GroupServlet.java
@@ -66,7 +66,7 @@
 *
 ************************************************************************
 */
-package ca.nrc.cadc.ac.server.web.groups;
+package ca.nrc.cadc.ac.server.web;

 import java.io.IOException;
 import java.security.PrivilegedActionException;
@@ -76,9 +76,11 @@ import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

+import ca.nrc.cadc.ac.server.web.groups.AbstractGroupAction;
+import ca.nrc.cadc.ac.server.web.groups.GroupLogInfo;
+import ca.nrc.cadc.ac.server.web.groups.GroupsActionFactory;
 import org.apache.log4j.Logger;

-import ca.nrc.cadc.ac.server.web.SyncOutput;
 import ca.nrc.cadc.auth.AuthenticationUtil;

 /**

--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/LoginServlet.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/LoginServlet.java
@@ -66,7 +66,7 @@
 *
 ************************************************************************
 */
-package ca.nrc.cadc.ac.server.web.users;
+package ca.nrc.cadc.ac.server.web;

 import java.io.IOException;
 import java.security.AccessControlException;

--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/PasswordServlet.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/PasswordServlet.java
@@ -66,33 +66,25 @@
 *
 ************************************************************************
 */
-package ca.nrc.cadc.ac.server.web.users;
-
-import java.io.IOException;
-import java.security.AccessControlException;
-import java.security.Principal;
-import java.security.PrivilegedExceptionAction;
-import java.util.Set;
-import java.util.TreeSet;
-
-import javax.security.auth.Subject;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import ca.nrc.cadc.ac.UserNotFoundException;
-import ca.nrc.cadc.ac.server.ldap.LdapUserDAO;
-import ca.nrc.cadc.net.TransientException;
-import org.apache.log4j.Logger;
+package ca.nrc.cadc.ac.server.web;

 import ca.nrc.cadc.ac.User;
+import ca.nrc.cadc.ac.UserNotFoundException;
 import ca.nrc.cadc.ac.server.ldap.LdapUserPersistence;
 import ca.nrc.cadc.auth.AuthenticationUtil;
-import ca.nrc.cadc.auth.HttpPrincipal;
 import ca.nrc.cadc.log.ServletLogInfo;
 import ca.nrc.cadc.util.StringUtil;
-import org.omg.CORBA.UserException;
+import org.apache.log4j.Logger;

+import javax.security.auth.Subject;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.security.AccessControlException;
+import java.security.Principal;
+import java.security.PrivilegedExceptionAction;
+import java.util.TreeSet;

 /**
 * Servlet to handle password changes.  Passwords are an integral part of the
@@ -106,7 +98,6 @@ public class PasswordServlet extends HttpServlet
 {
    private static final Logger log = Logger.getLogger(PasswordServlet.class);

-
    /**
     * Attempt to change password.
     *

--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/UserServlet.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/UserServlet.java
@@ -66,13 +66,14 @@
 *
 ************************************************************************
 */
-package ca.nrc.cadc.ac.server.web.users;
+package ca.nrc.cadc.ac.server.web;

-import ca.nrc.cadc.ac.server.web.SyncOutput;
+import ca.nrc.cadc.ac.server.web.users.AbstractUserAction;
+import ca.nrc.cadc.ac.server.web.users.GetUserAction;
+import ca.nrc.cadc.ac.server.web.users.UserActionFactory;
+import ca.nrc.cadc.ac.server.web.users.UserLogInfo;
 import ca.nrc.cadc.auth.AuthenticationUtil;
 import ca.nrc.cadc.auth.ServletPrincipalExtractor;
-import ca.nrc.cadc.auth.X509CertificateChain;
-import ca.nrc.cadc.util.ArrayUtil;
 import ca.nrc.cadc.util.StringUtil;
 import org.apache.log4j.Logger;

@@ -87,8 +88,6 @@ import java.io.IOException;
 import java.security.AccessController;
 import java.security.Principal;
 import java.security.PrivilegedActionException;
-import java.security.cert.X509Certificate;
-import java.util.Arrays;
 import java.util.Set;

 public class UserServlet extends HttpServlet

--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/WhoAmIServlet.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/WhoAmIServlet.java
+/*
+ ************************************************************************
+ *******************  CANADIAN ASTRONOMY DATA CENTRE  *******************
+ **************  CENTRE CANADIEN DE DONNÉES ASTRONOMIQUES  **************
+ *
+ *  (c) 2015.                            (c) 2015.
+ *  Government of Canada                 Gouvernement du Canada
+ *  National Research Council            Conseil national de recherches
+ *  Ottawa, Canada, K1A 0R6              Ottawa, Canada, K1A 0R6
+ *  All rights reserved                  Tous droits réservés
+ *
+ *  NRC disclaims any warranties,        Le CNRC dénie toute garantie
+ *  expressed, implied, or               énoncée, implicite ou légale,
+ *  statutory, of any kind with          de quelque nature que ce
+ *  respect to the software,             soit, concernant le logiciel,
+ *  including without limitation         y compris sans restriction
+ *  any warranty of merchantability      toute garantie de valeur
+ *  or fitness for a particular          marchande ou de pertinence
+ *  purpose. NRC shall not be            pour un usage particulier.
+ *  liable in any event for any          Le CNRC ne pourra en aucun cas
+ *  damages, whether direct or           être tenu responsable de tout
+ *  indirect, special or general,        dommage, direct ou indirect,
+ *  consequential or incidental,         particulier ou général,
+ *  arising from the use of the          accessoire ou fortuit, résultant
+ *  software.  Neither the name          de l'utilisation du logiciel. Ni
+ *  of the National Research             le nom du Conseil National de
+ *  Council of Canada nor the            Recherches du Canada ni les noms
+ *  names of its contributors may        de ses  participants ne peuvent
+ *  be used to endorse or promote        être utilisés pour approuver ou
+ *  products derived from this           promouvoir les produits dérivés
+ *  software without specific prior      de ce logiciel sans autorisation
+ *  written permission.                  préalable et particulière
+ *                                       par écrit.
+ *
+ *  This file is part of the             Ce fichier fait partie du projet
+ *  OpenCADC project.                    OpenCADC.
+ *
+ *  OpenCADC is free software:           OpenCADC est un logiciel libre ;
+ *  you can redistribute it and/or       vous pouvez le redistribuer ou le
+ *  modify it under the terms of         modifier suivant les termes de
+ *  the GNU Affero General Public        la “GNU Affero General Public
+ *  License as published by the          License” telle que publiée
+ *  Free Software Foundation,            par la Free Software Foundation
+ *  either version 3 of the              : soit la version 3 de cette
+ *  License, or (at your option)         licence, soit (à votre gré)
+ *  any later version.                   toute version ultérieure.
+ *
+ *  OpenCADC is distributed in the       OpenCADC est distribué
+ *  hope that it will be useful,         dans l’espoir qu’il vous
+ *  but WITHOUT ANY WARRANTY;            sera utile, mais SANS AUCUNE
+ *  without even the implied             GARANTIE : sans même la garantie
+ *  warranty of MERCHANTABILITY          implicite de COMMERCIALISABILITÉ
+ *  or FITNESS FOR A PARTICULAR          ni d’ADÉQUATION À UN OBJECTIF
+ *  PURPOSE.  See the GNU Affero         PARTICULIER. Consultez la Licence
+ *  General Public License for           Générale Publique GNU Affero
+ *  more details.                        pour plus de détails.
+ *
+ *  You should have received             Vous devriez avoir reçu une
+ *  a copy of the GNU Affero             copie de la Licence Générale
+ *  General Public License along         Publique GNU Affero avec
+ *  with OpenCADC.  If not, see          OpenCADC ; si ce n’est
+ *  <http://www.gnu.org/licenses/>.      pas le cas, consultez :
+ *                                       <http://www.gnu.org/licenses/>.
+ *
+ *
+ ************************************************************************
+ */
+
+package ca.nrc.cadc.ac.server.web;
+
+import ca.nrc.cadc.ac.AC;
+import ca.nrc.cadc.auth.AuthenticationUtil;
+import ca.nrc.cadc.auth.HttpPrincipal;
+import ca.nrc.cadc.log.ServletLogInfo;
+import ca.nrc.cadc.reg.client.RegistryClient;
+import org.apache.log4j.Logger;
+
+import javax.security.auth.Subject;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.net.URI;
+import java.net.URL;
+import java.util.Set;
+
+/**
+ * Servlet to handle GET requests asking for the current User.  This servlet
+ * will implement the /whoami functionality to return details about the
+ * currently authenticated user, or rather, the user whose Subject is currently
+ * found in this context.
+ */
+public class WhoAmIServlet extends HttpServlet
+{
+    private static final Logger log = Logger.getLogger(WhoAmIServlet.class);
+
+    static final String USER_GET_PATH = "/users/%s?idType=HTTP";
+
+    /**
+     * Handle a /whoami GET operation.
+     *
+     * @param request  The HTTP Request.
+     * @param response The HTTP Response.
+     * @throws ServletException Anything goes wrong at the Servlet level.
+     * @throws IOException      Any reading/writing errors.
+     */
+    @Override
+    protected void doGet(final HttpServletRequest request,
+                         final HttpServletResponse response)
+            throws ServletException, IOException
+    {
+        final long start = System.currentTimeMillis();
+        final ServletLogInfo logInfo = new ServletLogInfo(request);
+        log.info(logInfo.start());
+        try
+        {
+            final Subject currentSubject = getSubject(request);
+            final Set<HttpPrincipal> currentWebPrincipals =
+                    currentSubject.getPrincipals(HttpPrincipal.class);
+
+            if (currentWebPrincipals.isEmpty())
+            {
+                response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+            }
+            else
+            {
+                redirect(response, currentWebPrincipals.toArray(
+                        new HttpPrincipal[1])[0]);
+            }
+        }
+        catch (IllegalArgumentException e)
+        {
+            log.debug(e.getMessage(), e);
+            logInfo.setMessage(e.getMessage());
+            response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
+        }
+        catch (Throwable t)
+        {
+            String message = "Internal Server Error: " + t.getMessage();
+            log.error(message, t);
+            logInfo.setSuccess(false);
+            logInfo.setMessage(message);
+            response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+        }
+        finally
+        {
+            logInfo.setElapsedTime(System.currentTimeMillis() - start);
+            log.info(logInfo.end());
+        }
+    }
+
+    /**
+     * Forward on to the Service's user endpoint.
+     *
+     * @param response     The HTTP response.
+     * @param webPrincipal The HttpPrincipal instance.
+     */
+    void redirect(final HttpServletResponse response,
+                  final HttpPrincipal webPrincipal) throws IOException
+    {
+        final RegistryClient registryClient = getRegistryClient();
+        final URL redirectURL =
+                registryClient.getServiceURL(
+                        URI.create(AC.GMS_SERVICE_URI), "http", USER_GET_PATH);
+
+        // Take the first one.
+        response.sendRedirect(String.format(redirectURL.toExternalForm(),
+            webPrincipal.getName()));
+    }
+
+    /**
+     * Tests will need to override this method so as not to rely on the
+     * environment.
+     *
+     * @return      Registry Client instance.
+     */
+    RegistryClient getRegistryClient()
+    {
+        return new RegistryClient();
+    }
+
+    /**
+     * Get and augment the Subject. Tests can override this method.
+     *
+     * @param request Servlet request
+     * @return augmented Subject
+     */
+    Subject getSubject(final HttpServletRequest request)
+    {
+        return AuthenticationUtil.getSubject(request);
+    }
+}
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/groups/AbstractGroupAction.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/groups/AbstractGroupAction.java
@@ -101,17 +101,17 @@ public abstract class AbstractGroupAction implements PrivilegedExceptionAction<O

    abstract void doAction() throws Exception;

-    void setLogInfo(GroupLogInfo logInfo)
+    public void setLogInfo(GroupLogInfo logInfo)
    {
        this.logInfo = logInfo;
    }

-    void setHttpServletRequest(HttpServletRequest request)
+    public void setHttpServletRequest(HttpServletRequest request)
    {
        this.request = request;
    }

-    void setSyncOut(SyncOutput syncOut)
+    public void setSyncOut(SyncOutput syncOut)
    {
        this.syncOut = syncOut;
    }

--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/AbstractUserAction.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/AbstractUserAction.java
@@ -105,8 +105,8 @@ import java.util.Set;
 public abstract class AbstractUserAction implements PrivilegedExceptionAction<Object>
 {
    private static final Logger log = Logger.getLogger(AbstractUserAction.class);
-    static final String DEFAULT_CONTENT_TYPE = "text/xml";
-    static final String JSON_CONTENT_TYPE = "application/json";
+    public static final String DEFAULT_CONTENT_TYPE = "text/xml";
+    public static final String JSON_CONTENT_TYPE = "application/json";

    protected boolean isAugmentUser;
    protected UserLogInfo logInfo;

--- a/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/web/users/UserServletTest.java
+++ b/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/web/users/UserServletTest.java
-package ca.nrc.cadc.ac.server.web.users;
+package ca.nrc.cadc.ac.server.web;


 import javax.servlet.http.HttpServletRequest;

+import ca.nrc.cadc.ac.server.web.UserServlet;
 import org.junit.Test;
 import static org.easymock.EasyMock.*;
 import static org.junit.Assert.*;

--- a/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/web/WhoAmIServletTest.java
+++ b/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/web/WhoAmIServletTest.java
+/*
+ ************************************************************************
+ *******************  CANADIAN ASTRONOMY DATA CENTRE  *******************
+ **************  CENTRE CANADIEN DE DONNÉES ASTRONOMIQUES  **************
+ *
+ *  (c) 2015.                            (c) 2015.
+ *  Government of Canada                 Gouvernement du Canada
+ *  National Research Council            Conseil national de recherches
+ *  Ottawa, Canada, K1A 0R6              Ottawa, Canada, K1A 0R6
+ *  All rights reserved                  Tous droits réservés
+ *
+ *  NRC disclaims any warranties,        Le CNRC dénie toute garantie
+ *  expressed, implied, or               énoncée, implicite ou légale,
+ *  statutory, of any kind with          de quelque nature que ce
+ *  respect to the software,             soit, concernant le logiciel,
+ *  including without limitation         y compris sans restriction
+ *  any warranty of merchantability      toute garantie de valeur
+ *  or fitness for a particular          marchande ou de pertinence
+ *  purpose. NRC shall not be            pour un usage particulier.
+ *  liable in any event for any          Le CNRC ne pourra en aucun cas
+ *  damages, whether direct or           être tenu responsable de tout
+ *  indirect, special or general,        dommage, direct ou indirect,
+ *  consequential or incidental,         particulier ou général,
+ *  arising from the use of the          accessoire ou fortuit, résultant
+ *  software.  Neither the name          de l'utilisation du logiciel. Ni
+ *  of the National Research             le nom du Conseil National de
+ *  Council of Canada nor the            Recherches du Canada ni les noms
+ *  names of its contributors may        de ses  participants ne peuvent
+ *  be used to endorse or promote        être utilisés pour approuver ou
+ *  products derived from this           promouvoir les produits dérivés
+ *  software without specific prior      de ce logiciel sans autorisation
+ *  written permission.                  préalable et particulière
+ *                                       par écrit.
+ *
+ *  This file is part of the             Ce fichier fait partie du projet
+ *  OpenCADC project.                    OpenCADC.
+ *
+ *  OpenCADC is free software:           OpenCADC est un logiciel libre ;
+ *  you can redistribute it and/or       vous pouvez le redistribuer ou le
+ *  modify it under the terms of         modifier suivant les termes de
+ *  the GNU Affero General Public        la “GNU Affero General Public
+ *  License as published by the          License” telle que publiée
+ *  Free Software Foundation,            par la Free Software Foundation
+ *  either version 3 of the              : soit la version 3 de cette
+ *  License, or (at your option)         licence, soit (à votre gré)
+ *  any later version.                   toute version ultérieure.
+ *
+ *  OpenCADC is distributed in the       OpenCADC est distribué
+ *  hope that it will be useful,         dans l’espoir qu’il vous
+ *  but WITHOUT ANY WARRANTY;            sera utile, mais SANS AUCUNE
+ *  without even the implied             GARANTIE : sans même la garantie
+ *  warranty of MERCHANTABILITY          implicite de COMMERCIALISABILITÉ
+ *  or FITNESS FOR A PARTICULAR          ni d’ADÉQUATION À UN OBJECTIF
+ *  PURPOSE.  See the GNU Affero         PARTICULIER. Consultez la Licence
+ *  General Public License for           Générale Publique GNU Affero
+ *  more details.                        pour plus de détails.
+ *
+ *  You should have received             Vous devriez avoir reçu une
+ *  a copy of the GNU Affero             copie de la Licence Générale
+ *  General Public License along         Publique GNU Affero avec
+ *  with OpenCADC.  If not, see          OpenCADC ; si ce n’est
+ *  <http://www.gnu.org/licenses/>.      pas le cas, consultez :
+ *                                       <http://www.gnu.org/licenses/>.
+ *
+ *
+ ************************************************************************
+ */
+
+package ca.nrc.cadc.ac.server.web;
+
+import ca.nrc.cadc.ac.AC;
+import ca.nrc.cadc.auth.HttpPrincipal;
+import ca.nrc.cadc.reg.client.RegistryClient;
+import org.junit.Test;
+
+import javax.security.auth.Subject;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import java.net.URI;
+import java.net.URL;
+import java.security.PrivilegedExceptionAction;
+
+import static org.easymock.EasyMock.*;
+
+
+public class WhoAmIServletTest
+{
+    @Test
+    public void doGet() throws Exception
+    {
+        final Subject subject = new Subject();
+        subject.getPrincipals().add(new HttpPrincipal("CADCtest"));
+
+        final RegistryClient mockRegistry = createMock(RegistryClient.class);
+        final WhoAmIServlet testSubject = new WhoAmIServlet()
+        {
+            /**
+             * Tests will need to override this method so as not to rely on the
+             * environment.
+             *
+             * @return Registry Client instance.
+             */
+            @Override
+            RegistryClient getRegistryClient()
+            {
+                return mockRegistry;
+            }
+
+            @Override
+            Subject getSubject(final HttpServletRequest request)
+            {
+                return subject;
+            }
+        };
+
+        final HttpServletRequest mockRequest =
+                createMock(HttpServletRequest.class);
+        final HttpServletResponse mockResponse =
+                createMock(HttpServletResponse.class);
+
+        expect(mockRequest.getPathInfo()).andReturn("users/CADCtest").once();
+        expect(mockRequest.getMethod()).andReturn("GET").once();
+        expect(mockRequest.getRemoteAddr()).andReturn("mysite.com").once();
+
+        mockResponse.sendRedirect("https://mysite.com/ac/users/CADCtest?idType=HTTP");
+        expectLastCall().once();
+
+        expect(mockRegistry.getServiceURL(URI.create(AC.GMS_SERVICE_URI),
+                                          "http", "/users/%s?idType=HTTP")).
+                andReturn(new URL("https://mysite.com/ac/users/CADCtest?idType=HTTP")).once();
+
+        replay(mockRequest, mockResponse, mockRegistry);
+
+
+        Subject.doAs(subject, new PrivilegedExceptionAction<Void>()
+        {
+            @Override
+            public Void run() throws Exception
+            {
+                testSubject.doGet(mockRequest, mockResponse);
+                return null;
+            }
+        });
+
+        verify(mockRequest, mockResponse, mockRegistry);
+    }
+}