From 7d78c15fd5e71aa853df17cf29f92043d6cd51c3 Mon Sep 17 00:00:00 2001
From: Jeff Burke <Jeff.Burke@nrc-cnrc.gc.ca>
Date: Fri, 8 Jul 2016 13:10:25 -0700
Subject: [PATCH] s1849: updated clients to use the new RegistryClient.
---
cadcAccessControl/build.xml | 2 +-
.../src/ca/nrc/cadc/ac/client/GMSClient.java | 110 +++++++++---------
.../src/ca/nrc/cadc/ac/client/UserClient.java | 67 +++++------
.../ca/nrc/cadc/ac/client/GMSClientTest.java | 33 ++++--
4 files changed, 107 insertions(+), 105 deletions(-)
diff --git a/cadcAccessControl/build.xml b/cadcAccessControl/build.xml
index 8e0cefd4..a356f123 100644
--- a/cadcAccessControl/build.xml
+++ b/cadcAccessControl/build.xml
@@ -117,7 +117,7 @@
<target name="setup-test">
<copy overwrite="true"
- file="${env.CADC_PREFIX}/etc/LocalAuthority.properties"
+ file="${env.A}/etc/LocalAuthority.properties"
tofile="${build}/class/LocalAuthority.properties"/>
</target>
diff --git a/cadcAccessControl/src/ca/nrc/cadc/ac/client/GMSClient.java b/cadcAccessControl/src/ca/nrc/cadc/ac/client/GMSClient.java
index 3de71f50..85b629bc 100755
--- a/cadcAccessControl/src/ca/nrc/cadc/ac/client/GMSClient.java
+++ b/cadcAccessControl/src/ca/nrc/cadc/ac/client/GMSClient.java
@@ -90,6 +90,7 @@ import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSocketFactory;
import javax.security.auth.Subject;
+import ca.nrc.cadc.reg.Standards;
import org.apache.log4j.Logger;
import ca.nrc.cadc.ac.Group;
@@ -124,50 +125,24 @@ public class GMSClient implements TransferListener
{
private static final Logger log = Logger.getLogger(GMSClient.class);
- private static final String GROUPS = "groups";
- private static final String SEARCH = "search";
-
// socket factory to use when connecting
private SSLSocketFactory sslSocketFactory;
private SSLSocketFactory mySocketFactory;
- private RegistryClient registryClient;
-
- private URI gmsServiceURI;
- private URI groupsURI;
- private URI searchURI;
-
- public GMSClient(URI serviceURI)
- {
- this(serviceURI, new RegistryClient());
- }
+ private URI serviceID;
/**
- * Slightly more complete constructor. Tests can override the
- * RegistryClient.
+ * Constructor.
*
- * @param serviceURI The service URI.
- * @param registryClient The Registry Client.
+ * @param serviceID The service ID.
*/
- public GMSClient(URI serviceURI, RegistryClient registryClient)
+ public GMSClient(URI serviceID)
{
- if (serviceURI == null)
- throw new IllegalArgumentException("invalid serviceURI: " + serviceURI);
- if (serviceURI.getFragment() != null)
- throw new IllegalArgumentException("invalid serviceURI (fragment not allowed): " + serviceURI);
-
- this.registryClient = registryClient;
-
- try
- {
- this.gmsServiceURI = serviceURI;
- this.groupsURI = new URI(serviceURI.toASCIIString() + "#" + GROUPS);
- this.searchURI = new URI(serviceURI.toASCIIString() + "#" + SEARCH);
- }
- catch(URISyntaxException ex)
- {
- throw new RuntimeException("BUG: failed to create standardID from serviceURI + fragment", ex);
- }
+ if (serviceID == null)
+ throw new IllegalArgumentException("invalid serviceID: " + serviceID);
+ if (serviceID.getFragment() != null)
+ throw new IllegalArgumentException("invalid serviceID (fragment not allowed): " + serviceID);
+ this.serviceID = serviceID;
}
public void transferEvent(TransferEvent te)
@@ -192,7 +167,6 @@ public class GMSClient implements TransferListener
throw new UnsupportedOperationException("Not yet implemented");
}
-
/**
* Create a new group.
*
@@ -208,7 +182,8 @@ public class GMSClient implements TransferListener
throws GroupAlreadyExistsException, AccessControlException,
UserNotFoundException, WriterException, IOException
{
- URL createGroupURL = registryClient.getServiceURL(groupsURI, "https", "", AuthMethod.CERT);
+ URL createGroupURL = getRegistryClient()
+ .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01_URI, AuthMethod.CERT);
log.debug("createGroupURL request to " + createGroupURL.toString());
// reset the state of the cache
@@ -279,12 +254,13 @@ public class GMSClient implements TransferListener
public Group getGroup(String groupName)
throws GroupNotFoundException, AccessControlException, IOException
{
-
- URL getGroupURL = registryClient.getServiceURL(groupsURI, "https", groupName, AuthMethod.CERT);
+ URL groupsURL = getRegistryClient()
+ .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01_URI, AuthMethod.CERT);
+ URL getGroupURL = new URL(groupsURL.toExternalForm() + "/" + groupName);
log.debug("getGroup request to " + getGroupURL.toString());
+
ByteArrayOutputStream out = new ByteArrayOutputStream();
HttpDownload transfer = new HttpDownload(getGroupURL, out);
-
transfer.setSSLSocketFactory(getSSLSocketFactory());
transfer.run();
@@ -334,7 +310,8 @@ public class GMSClient implements TransferListener
public List<String> getGroupNames()
throws AccessControlException, IOException
{
- URL getGroupNamesURL = registryClient.getServiceURL(groupsURI, "https", "", AuthMethod.CERT);
+ URL getGroupNamesURL = getRegistryClient()
+ .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01_URI, AuthMethod.CERT);
log.debug("getGroupNames request to " + getGroupNamesURL.toString());
@@ -411,7 +388,9 @@ public class GMSClient implements TransferListener
throws IllegalArgumentException, GroupNotFoundException, UserNotFoundException,
AccessControlException, WriterException, IOException
{
- URL updateGroupURL = registryClient.getServiceURL(groupsURI, "https", group.getID(), AuthMethod.CERT);
+ URL groupsURL = getRegistryClient()
+ .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01_URI, AuthMethod.CERT);
+ URL updateGroupURL = new URL(groupsURL.toExternalForm() + "/" + group.getID());
log.debug("updateGroup request to " + updateGroupURL.toString());
// reset the state of the cache
@@ -478,7 +457,9 @@ public class GMSClient implements TransferListener
public void deleteGroup(String groupName)
throws GroupNotFoundException, AccessControlException, IOException
{
- URL deleteGroupURL = registryClient.getServiceURL(groupsURI, "https", groupName, AuthMethod.CERT);
+ URL groupsURL = getRegistryClient()
+ .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01_URI, AuthMethod.CERT);
+ URL deleteGroupURL = new URL(groupsURL.toExternalForm() + "/" + groupName);
log.debug("deleteGroup request to " + deleteGroupURL.toString());
// reset the state of the cache
@@ -545,7 +526,9 @@ public class GMSClient implements TransferListener
{
String path = targetGroupName + "/groupMembers/" + groupMemberName;
- URL addGroupMemberURL = registryClient.getServiceURL(groupsURI, "https", path, AuthMethod.CERT);
+ URL groupsURL = getRegistryClient()
+ .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01_URI, AuthMethod.CERT);
+ URL addGroupMemberURL = new URL(groupsURL.toExternalForm() + "/" + path);
log.debug("addGroupMember request to " + addGroupMemberURL.toString());
// reset the state of the cache
@@ -604,7 +587,9 @@ public class GMSClient implements TransferListener
String userIDType = AuthenticationUtil.getPrincipalType(userID);
String path = targetGroupName + "/userMembers/" + NetUtil.encode(userID.getName()) + "?idType=" + userIDType;
- URL addUserMemberURL = registryClient.getServiceURL(groupsURI, "https", path, AuthMethod.CERT);
+ URL groupsURL = getRegistryClient()
+ .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01_URI, AuthMethod.CERT);
+ URL addUserMemberURL = new URL(groupsURL.toExternalForm() + "/" + path);
log.debug("addUserMember request to " + addUserMemberURL.toString());
@@ -659,7 +644,9 @@ public class GMSClient implements TransferListener
{
String path = targetGroupName + "/groupMembers/" + groupMemberName;
- URL removeGroupMemberURL = registryClient.getServiceURL(groupsURI, "https", path, AuthMethod.CERT);
+ URL groupsURL = getRegistryClient()
+ .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01_URI, AuthMethod.CERT);
+ URL removeGroupMemberURL = new URL(groupsURL.toExternalForm() + "/" + path);
log.debug("removeGroupMember request to " +
removeGroupMemberURL.toString());
@@ -726,7 +713,9 @@ public class GMSClient implements TransferListener
log.debug("removeUserMember: " + targetGroupName + " - " + userID.getName() + " type: " + userIDType);
String path = targetGroupName + "/userMembers/" + NetUtil.encode(userID.getName()) + "?idType=" + userIDType;
- URL removeUserMemberURL = registryClient.getServiceURL(groupsURI, "https", path, AuthMethod.CERT);
+ URL groupsURL = getRegistryClient()
+ .getServiceURL(this.serviceID, Standards.GMS_GROUPS_01_URI, AuthMethod.CERT);
+ URL removeUserMemberURL = new URL(groupsURL.toExternalForm() + "/" + path);
log.debug("removeUserMember: " + removeUserMemberURL.toString());
@@ -836,11 +825,13 @@ public class GMSClient implements TransferListener
//searchGroupURL.append("&IDTYPE=").append(NetUtil.encode(idType));
searchGroupPath.append("&ROLE=").append(NetUtil.encode(roleString));
- URL searchURL = registryClient.getServiceURL(searchURI, "https", searchGroupPath.toString(), AuthMethod.CERT);
+ URL searchURL = getRegistryClient()
+ .getServiceURL(this.serviceID, Standards.GMS_SEARCH_01_URI, AuthMethod.CERT);
+ URL getMembershipsURL = new URL(searchURL.toExternalForm() + "/" + searchGroupPath.toString());
- log.debug("getMemberships request to " + searchURL.toString());
+ log.debug("getMemberships request to " + getMembershipsURL.toString());
ByteArrayOutputStream out = new ByteArrayOutputStream();
- HttpDownload transfer = new HttpDownload(searchURL, out);
+ HttpDownload transfer = new HttpDownload(getMembershipsURL, out);
transfer.setSSLSocketFactory(getSSLSocketFactory());
transfer.run();
@@ -945,11 +936,13 @@ public class GMSClient implements TransferListener
searchGroupPath.append("&ROLE=").append(NetUtil.encode(roleString));
searchGroupPath.append("&GROUPID=").append(NetUtil.encode(groupName));
- URL searchURL = registryClient.getServiceURL(searchURI, "https", searchGroupPath.toString(), AuthMethod.CERT);
+ URL searchURL = getRegistryClient()
+ .getServiceURL(this.serviceID, Standards.GMS_SEARCH_01_URI, AuthMethod.CERT);
+ URL getMembershipURL = new URL(searchURL.toExternalForm() + "/" + searchGroupPath.toString());
- log.debug("getMembership request to " + searchURL.toString());
+ log.debug("getMembership request to " + getMembershipURL.toString());
ByteArrayOutputStream out = new ByteArrayOutputStream();
- HttpDownload transfer = new HttpDownload(searchURL, out);
+ HttpDownload transfer = new HttpDownload(getMembershipURL, out);
transfer.setSSLSocketFactory(getSSLSocketFactory());
transfer.run();
@@ -1102,17 +1095,17 @@ public class GMSClient implements TransferListener
Set<GroupMemberships> gset = subject.getPrivateCredentials(GroupMemberships.class);
if (gset == null || gset.isEmpty())
{
- GroupMemberships mems = new GroupMemberships(gmsServiceURI.toString(), userID);
+ GroupMemberships mems = new GroupMemberships(serviceID.toString(), userID);
subject.getPrivateCredentials().add(mems);
return mems;
}
GroupMemberships mems = gset.iterator().next();
// check to ensure they have the same service URI
- if (!gmsServiceURI.toString().equals(mems.getServiceURI()))
+ if (!serviceID.toString().equals(mems.getServiceURI()))
{
log.debug("Not using cache because of differing service URIs: " +
- "[" + gmsServiceURI.toString() + "][" + mems.getServiceURI() + "]");
+ "[" + serviceID.toString() + "][" + mems.getServiceURI() + "]");
return null;
}
@@ -1182,4 +1175,9 @@ public class GMSClient implements TransferListener
return false;
}
+ protected RegistryClient getRegistryClient()
+ {
+ return new RegistryClient();
+ }
+
}
diff --git a/cadcAccessControl/src/ca/nrc/cadc/ac/client/UserClient.java b/cadcAccessControl/src/ca/nrc/cadc/ac/client/UserClient.java
index 2ec7944f..7032fea1 100644
--- a/cadcAccessControl/src/ca/nrc/cadc/ac/client/UserClient.java
+++ b/cadcAccessControl/src/ca/nrc/cadc/ac/client/UserClient.java
@@ -84,6 +84,8 @@ import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.x500.X500Principal;
+import ca.nrc.cadc.reg.Standards;
+import ca.nrc.cadc.reg.client.LocalAuthority;
import org.apache.log4j.Logger;
import ca.nrc.cadc.ac.ReaderException;
@@ -110,47 +112,22 @@ public class UserClient
{
private static final Logger log = Logger.getLogger(UserClient.class);
- private static final String USERS = "users";
- private static final String USER_REQUESTS = "reqs";
-
- private RegistryClient registryClient;
-
- private URI usersURI;
-
- // to be used when the client can work with
- // user requests
- private URI userReqsURI;
+ private URI serviceID;
/**
* Constructor.
*
- * @param serviceURI The URI of the supporting access control web service
+ * @param serviceID The URI of the supporting access control web service
* obtained from the registry.
*/
- public UserClient(URI serviceURI)
+ public UserClient(URI serviceID)
throws IllegalArgumentException
{
- this(serviceURI, new RegistryClient());
- }
-
- public UserClient(URI serviceURI, RegistryClient registryClient)
- {
- if (serviceURI == null)
+ if (serviceID == null)
throw new IllegalArgumentException("Service URI cannot be null.");
- if (serviceURI.getFragment() != null)
- throw new IllegalArgumentException("invalid serviceURI (fragment not allowed): " + serviceURI);
-
- this.registryClient = registryClient;
-
- try
- {
- this.usersURI = new URI(serviceURI.toASCIIString() + "#" + USERS);
- this.userReqsURI = new URI(serviceURI.toASCIIString() + "#" + USER_REQUESTS);
- }
- catch(URISyntaxException ex)
- {
- throw new RuntimeException("BUG: failed to create standardID from serviceURI + fragment", ex);
- }
+ if (serviceID.getFragment() != null)
+ throw new IllegalArgumentException("invalid serviceURI (fragment not allowed): " + serviceID);
+ this.serviceID = serviceID;
}
/**
@@ -171,10 +148,12 @@ public class UserClient
String path = NetUtil.encode(userID) + "?idType=" + this.getIdType(principal) + "&detail=identity";
// augment subject calls are always https with client certs
- URL getUserURL = registryClient.getServiceURL(usersURI, "https", path, AuthMethod.CERT);
+ URL usersURL = getRegistryClient()
+ .getServiceURL(this.serviceID, Standards.UMS_USERS_01_URI, AuthMethod.CERT);
+ URL getUserURL = new URL(usersURL.toExternalForm() + path);
if (getUserURL == null)
- throw new IllegalArgumentException("No service endpoint for uri " + usersURI);
+ throw new IllegalArgumentException("No service endpoint for uri " + Standards.UMS_USERS_01_URI);
log.debug("augmentSubject request to " + getUserURL.toString());
ByteArrayOutputStream out = new ByteArrayOutputStream();
@@ -209,7 +188,8 @@ public class UserClient
*/
public List<User> getDisplayUsers() throws IOException
{
- URL usersURL = registryClient.getServiceURL(usersURI, "https");
+ URL usersURL = getRegistryClient()
+ .getServiceURL(this.serviceID, Standards.UMS_USERS_01_URI, AuthMethod.CERT);
final List<User> webUsers = new ArrayList<User>();
HttpDownload httpDownload =
new HttpDownload(usersURL,
@@ -273,10 +253,11 @@ public class UserClient
StringBuilder userXML = new StringBuilder();
userWriter.write(user, userXML);
- URL createUserURL = registryClient.getServiceURL(usersURI, "https", null, AuthMethod.CERT);
+ URL createUserURL = getRegistryClient()
+ .getServiceURL(this.serviceID, Standards.UMS_REQS_01_URI, AuthMethod.CERT);
if (createUserURL == null)
- throw new IllegalArgumentException("No service endpoint for uri " + usersURI);
+ throw new IllegalArgumentException("No service endpoint for uri " + Standards.UMS_REQS_01_URI);
log.debug("createUser request to " + createUserURL.toString());
ByteArrayInputStream in = new ByteArrayInputStream(userXML.toString().getBytes());
@@ -336,9 +317,11 @@ public class UserClient
String id = NetUtil.encode(principal.getName());
String path = "/" + id + "?idType=" + AuthenticationUtil.getPrincipalType(principal);
- URL getUserURL = registryClient.getServiceURL(usersURI, "https", path, AuthMethod.CERT);
+ URL usersURL = getRegistryClient()
+ .getServiceURL(this.serviceID, Standards.UMS_USERS_01_URI, AuthMethod.CERT);
+ URL getUserURL = new URL(usersURL.toExternalForm() + path);
if (getUserURL == null)
- throw new IllegalArgumentException("No service endpoint for uri " + usersURI);
+ throw new IllegalArgumentException("No service endpoint for uri " + Standards.UMS_USERS_01_URI);
log.debug("getUser request to " + getUserURL.toString());
ByteArrayOutputStream out = new ByteArrayOutputStream();
@@ -433,4 +416,10 @@ public class UserClient
return idTypeStr;
}
+
+ protected RegistryClient getRegistryClient()
+ {
+ return new RegistryClient();
+ }
+
}
diff --git a/cadcAccessControl/test/src/ca/nrc/cadc/ac/client/GMSClientTest.java b/cadcAccessControl/test/src/ca/nrc/cadc/ac/client/GMSClientTest.java
index c38e2240..fa0b9038 100644
--- a/cadcAccessControl/test/src/ca/nrc/cadc/ac/client/GMSClientTest.java
+++ b/cadcAccessControl/test/src/ca/nrc/cadc/ac/client/GMSClientTest.java
@@ -81,6 +81,8 @@ import java.util.List;
import javax.security.auth.Subject;
+import ca.nrc.cadc.auth.AuthMethod;
+import ca.nrc.cadc.reg.Standards;
import org.apache.log4j.Level;
import org.junit.Assert;
import org.junit.Test;
@@ -112,13 +114,20 @@ public class GMSClientTest
final RegistryClient mockRegistryClient =
createMock(RegistryClient.class);
- final URI serviceURI = URI.create("http://mysite.com/users");
+ final URI serviceID = URI.create("ivo://mysite.com/users");
- expect(mockRegistryClient.getServiceURL(serviceURI, "https")).andReturn(
- new URL("http://mysite.com/users/endpoint"));
+ expect(mockRegistryClient.getServiceURL(serviceID, Standards.UMS_USERS_01_URI, AuthMethod.CERT))
+ .andReturn(new URL("http://mysite.com/users"));
replay(mockRegistryClient);
- GMSClient client = new GMSClient(serviceURI, mockRegistryClient);
+ GMSClient client = new GMSClient(serviceID)
+ {
+ @Override
+ protected RegistryClient getRegistryClient()
+ {
+ return mockRegistryClient;
+ }
+ };
Assert.assertFalse(client.userIsSubject(null, null));
Assert.assertFalse(client.userIsSubject(userID, null));
@@ -141,16 +150,22 @@ public class GMSClientTest
final HttpPrincipal test1UserID = new HttpPrincipal("test");
subject.getPrincipals().add(test1UserID);
- final URI serviceURI = URI.create("http://mysite.com/users");
+ final URI serviceID = URI.create("ivo://mysite.com/users");
final RegistryClient mockRegistryClient =
createMock(RegistryClient.class);
- expect(mockRegistryClient.getServiceURL(serviceURI, "https")).andReturn(
- new URL("http://mysite.com/users/endpoint"));
+ expect(mockRegistryClient.getServiceURL(serviceID, Standards.GMS_GROUPS_01_URI, AuthMethod.CERT ))
+ .andReturn(new URL("http://mysite.com/users"));
replay(mockRegistryClient);
- final GMSClient client = new GMSClient(serviceURI, mockRegistryClient);
-
+ final GMSClient client = new GMSClient(serviceID)
+ {
+ @Override
+ protected RegistryClient getRegistryClient()
+ {
+ return mockRegistryClient;
+ }
+ };
Subject.doAs(subject, new PrivilegedExceptionAction<Object>()
{
--
GitLab