Skip to content
Snippets Groups Projects
Commit 80013b44 authored by Brian Major's avatar Brian Major
Browse files

s1890 - progress towards numericID change

parent a64aa065
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java
+ 31
28
View file @ 80013b44
......@@ -68,6 +68,25 @@
*/
package ca.nrc.cadc.ac.server.ldap;
import java.lang.reflect.Field;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.AccessControlException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Random;
import java.util.Set;
import java.util.UUID;
import javax.security.auth.x500.X500Principal;
import org.apache.log4j.Logger;
import ca.nrc.cadc.ac.AC;
import ca.nrc.cadc.ac.Group;
import ca.nrc.cadc.ac.InternalID;
......@@ -78,13 +97,13 @@ import ca.nrc.cadc.ac.UserAlreadyExistsException;
import ca.nrc.cadc.ac.UserNotFoundException;
import ca.nrc.cadc.ac.UserRequest;
import ca.nrc.cadc.ac.client.GroupMemberships;
import ca.nrc.cadc.auth.AuthenticationUtil;
import ca.nrc.cadc.auth.DNPrincipal;
import ca.nrc.cadc.auth.HttpPrincipal;
import ca.nrc.cadc.auth.NumericPrincipal;
import ca.nrc.cadc.net.TransientException;
import ca.nrc.cadc.profiler.Profiler;
import ca.nrc.cadc.util.StringUtil;
import com.unboundid.ldap.sdk.AddRequest;
import com.unboundid.ldap.sdk.Attribute;
import com.unboundid.ldap.sdk.BindRequest;
......@@ -108,23 +127,6 @@ import com.unboundid.ldap.sdk.SearchScope;
import com.unboundid.ldap.sdk.SimpleBindRequest;
import com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedRequest;
import com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedResult;
import org.apache.log4j.Logger;
import javax.security.auth.x500.X500Principal;
import java.lang.reflect.Field;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.AccessControlException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Random;
import java.util.Set;
import java.util.UUID;
/**
......@@ -153,7 +155,6 @@ public class LdapUserDAO extends LdapDAO
protected static final String LDAP_ENTRYDN = "entrydn";
protected static final String LDAP_COMMON_NAME = "cn";
protected static final String LDAP_DISTINGUISHED_NAME = "distinguishedName";
protected static final String LDAP_NUMERICID = "numericid";
protected static final String LADP_USER_PASSWORD = "userPassword";
protected static final String LDAP_FIRST_NAME = "givenName";
protected static final String LDAP_LAST_NAME = "sn";
......@@ -176,16 +177,16 @@ public class LdapUserDAO extends LdapDAO
};
private String[] identityAttribs = new String[]
{
LDAP_UID, LDAP_DISTINGUISHED_NAME, LDAP_NUMERICID, LDAP_ENTRYDN,
LDAP_UID, LDAP_DISTINGUISHED_NAME, LDAP_ENTRYDN,
LDAP_MEMBEROF // for group cache
};
public LdapUserDAO(LdapConnections connections)
{
super(connections);
this.userLdapAttrib.put(HttpPrincipal.class, LDAP_UID);
this.userLdapAttrib.put(HttpPrincipal.class, LDAP_COMMON_NAME);
this.userLdapAttrib.put(X500Principal.class, LDAP_DISTINGUISHED_NAME);
this.userLdapAttrib.put(NumericPrincipal.class, LDAP_NUMERICID);
this.userLdapAttrib.put(NumericPrincipal.class, LDAP_UID);
this.userLdapAttrib.put(DNPrincipal.class, LDAP_ENTRYDN);
// add the id attributes to user and member attributes
......@@ -361,6 +362,8 @@ public class LdapUserDAO extends LdapDAO
throw new IllegalArgumentException("Unsupported principal type " + userType);
}
String numericID = String.valueOf(genNextNumericId());
try
{
List<Attribute> attributes = new ArrayList<Attribute>();
......@@ -372,7 +375,7 @@ public class LdapUserDAO extends LdapDAO
addAttribute(attributes, LDAP_COMMON_NAME, userID.getName());
}
addAttribute(attributes, LADP_USER_PASSWORD, new String(userRequest.getPassword()));
addAttribute(attributes, LDAP_UID, String.valueOf(genNextNumericId()));
addAttribute(attributes, LDAP_UID, numericID);
for (Principal princ : user.getIdentities())
{
......@@ -398,7 +401,7 @@ public class LdapUserDAO extends LdapDAO
throw new UnsupportedOperationException("Support for users PosixDetails not available");
}
DN userDN = getUserDN(userID.getName(), usersDN);
DN userDN = getUserDN(numericID, usersDN);
AddRequest addRequest = new AddRequest(userDN, attributes);
LDAPResult result = getReadWriteConnection().add(addRequest);
LdapDAO.checkLdapResult(result.getResultCode());
......@@ -569,7 +572,7 @@ public class LdapUserDAO extends LdapDAO
logger.info("got " + userID.getName() + " from " + usersDN);
return user;
}
/**
* Get the user specified by the email address exists.
*
......@@ -652,7 +655,7 @@ public class LdapUserDAO extends LdapDAO
throw new AccessControlException("Permission denied");
}
String userIDString = searchResult.getAttributeValue(LDAP_UID);
String userIDString = searchResult.getAttributeValue(LDAP_COMMON_NAME);
HttpPrincipal userID = new HttpPrincipal(userIDString);
User user = new User();
user.getIdentities().add(userID);
......@@ -725,7 +728,7 @@ public class LdapUserDAO extends LdapDAO
user.getIdentities().add(new HttpPrincipal(
searchResult.getAttributeValue(LDAP_UID)));
String numericID = searchResult.getAttributeValue(LDAP_NUMERICID);
String numericID = searchResult.getAttributeValue(LDAP_UID);
logger.debug("numericID is " + numericID);
InternalID internalID = getInternalID(numericID);
......@@ -1025,7 +1028,7 @@ public class LdapUserDAO extends LdapDAO
LdapDAO.checkLdapResult(e.getResultCode());
}
}
/**
* Update a user's password. The given user and authenticating user must match.
*
......
cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java
+ 48
7
View file @ 80013b44
......@@ -77,10 +77,7 @@ import java.security.PrivilegedExceptionAction;
import java.util.Collection;
import javax.security.auth.Subject;
import javax.security.auth.x500.X500Principal;
import ca.nrc.cadc.ac.server.TestUtil;
import ca.nrc.cadc.auth.NumericPrincipal;
import org.apache.log4j.Level;
import org.apache.log4j.Logger;
import org.junit.Assert;
......@@ -90,8 +87,11 @@ import org.junit.Test;
import ca.nrc.cadc.ac.Group;
import ca.nrc.cadc.ac.GroupNotFoundException;
import ca.nrc.cadc.ac.GroupProperty;
import ca.nrc.cadc.ac.PersonalDetails;
import ca.nrc.cadc.ac.User;
import ca.nrc.cadc.auth.DNPrincipal;
import ca.nrc.cadc.ac.UserNotFoundException;
import ca.nrc.cadc.ac.UserRequest;
import ca.nrc.cadc.ac.server.TestUtil;
import ca.nrc.cadc.auth.HttpPrincipal;
import ca.nrc.cadc.util.Log4jInit;
......@@ -126,9 +126,50 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest
HttpPrincipal httpPrincipal2 = new HttpPrincipal("CadcDaoTest2");
HttpPrincipal httpPrincipal3 = new HttpPrincipal("CadcDaoTest3");
daoTestUser1 = getUserDAO().getUser(httpPrincipal1);
daoTestUser2 = getUserDAO().getUser(httpPrincipal2);
daoTestUser3 = getUserDAO().getUser(httpPrincipal3);
try
{
daoTestUser1 = getUserDAO().getUser(httpPrincipal1);
}
catch (UserNotFoundException e)
{
User user = new User();
user.getIdentities().add(httpPrincipal1);
PersonalDetails pd = new PersonalDetails("CadcDaoTest1", "CadcDaoTest1");
user.personalDetails = pd;
UserRequest request = new UserRequest(user, "password".toCharArray());
getUserDAO().addUser(request);
daoTestUser1 = getUserDAO().getUser(httpPrincipal1);
}
try
{
daoTestUser2 = getUserDAO().getUser(httpPrincipal2);
}
catch (UserNotFoundException e)
{
User user = new User();
user.getIdentities().add(httpPrincipal2);
PersonalDetails pd = new PersonalDetails("CadcDaoTest2", "CadcDaoTest2");
user.personalDetails = pd;
UserRequest request = new UserRequest(user, "password".toCharArray());
getUserDAO().addUser(request);
daoTestUser1 = getUserDAO().getUser(httpPrincipal2);
}
try
{
daoTestUser3 = getUserDAO().getUser(httpPrincipal3);
}
catch (UserNotFoundException e)
{
User user = new User();
user.getIdentities().add(httpPrincipal3);
PersonalDetails pd = new PersonalDetails("CadcDaoTest3", "CadcDaoTest3");
user.personalDetails = pd;
UserRequest request = new UserRequest(user, "password".toCharArray());
getUserDAO().addUser(request);
daoTestUser1 = getUserDAO().getUser(httpPrincipal3);
}
augmentedDaoTestUser1 = getUserDAO().getAugmentedUser(httpPrincipal1);
daoTestUser1Subject = new Subject();
......
cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAOTest.java
+ 36
34
View file @ 80013b44
......@@ -68,24 +68,12 @@
*/
package ca.nrc.cadc.ac.server.ldap;
import ca.nrc.cadc.ac.PersonalDetails;
import ca.nrc.cadc.ac.User;
import ca.nrc.cadc.ac.UserAlreadyExistsException;
import ca.nrc.cadc.ac.UserNotFoundException;
import ca.nrc.cadc.ac.UserRequest;
import ca.nrc.cadc.auth.DNPrincipal;
import ca.nrc.cadc.auth.HttpPrincipal;
import ca.nrc.cadc.auth.NumericPrincipal;
import ca.nrc.cadc.auth.SSLUtil;
import ca.nrc.cadc.util.Log4jInit;
import com.unboundid.ldap.sdk.DN;
import org.apache.log4j.Level;
import org.apache.log4j.Logger;
import org.junit.BeforeClass;
import org.junit.Test;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
import javax.security.auth.Subject;
import javax.security.auth.x500.X500Principal;
import java.io.File;
import java.security.AccessControlException;
import java.security.Principal;
......@@ -95,11 +83,25 @@ import java.util.Collection;
import java.util.Random;
import java.util.UUID;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
import javax.security.auth.Subject;
import javax.security.auth.x500.X500Principal;
import org.apache.log4j.Level;
import org.apache.log4j.Logger;
import org.junit.BeforeClass;
import org.junit.Test;
import ca.nrc.cadc.ac.PersonalDetails;
import ca.nrc.cadc.ac.User;
import ca.nrc.cadc.ac.UserNotFoundException;
import ca.nrc.cadc.ac.UserRequest;
import ca.nrc.cadc.auth.DNPrincipal;
import ca.nrc.cadc.auth.HttpPrincipal;
import ca.nrc.cadc.auth.NumericPrincipal;
import ca.nrc.cadc.auth.SSLUtil;
import ca.nrc.cadc.util.Log4jInit;
import com.unboundid.ldap.sdk.DN;
public class LdapUserDAOTest extends AbstractLdapDAOTest
{
......@@ -372,17 +374,17 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest
expected.personalDetails.email = email;
final UserRequest userRequest = new UserRequest(expected, password.toCharArray());
return userRequest;
}
private void addUser(final HttpPrincipal userID, final UserRequest userRequest)
throws Exception
{
DNPrincipal dnPrincipal = new DNPrincipal("uid=" + userID.getName() + "," + config.getUsersDN());
Subject subject = new Subject();
subject.getPrincipals().add(dnPrincipal);
// do everything as owner
Subject.doAs(subject, new PrivilegedExceptionAction<Object>()
{
......@@ -392,7 +394,7 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest
{
final LdapUserDAO userDAO = getUserDAO();
userDAO.addUser(userRequest);
return null;
}
catch (Exception e)
......@@ -402,14 +404,14 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest
}
});
}
private void deleteUser(final HttpPrincipal userID)
throws Exception
{
DNPrincipal dnPrincipal = new DNPrincipal("uid=" + userID.getName() + "," + config.getUsersDN());
Subject subject = new Subject();
subject.getPrincipals().add(dnPrincipal);
// do everything as owner
Subject.doAs(subject, new PrivilegedExceptionAction<Object>()
{
......@@ -419,7 +421,7 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest
{
final LdapUserDAO userDAO = getUserDAO();
userDAO.deleteUser(userID);
return null;
}
catch (Exception e)
......@@ -434,7 +436,7 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest
throws PrivilegedActionException
{
// do as servops
Subject servops = SSLUtil.createSubject(new File(SERVOPS_PEM));
Subject servops = SSLUtil.createSubject(new File(SERVOPS_PEM));
Subject.doAs(servops, new PrivilegedExceptionAction<Object>()
{
public Object run() throws Exception
......@@ -458,7 +460,7 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest
}
});
}
/**
* Test of getUserByEmailAddress method, of class LdapUserDAO.
*/
......@@ -471,7 +473,7 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest
final HttpPrincipal userID = new HttpPrincipal(username);
final UserRequest userRequest = createUserRequest(userID, emailAddress);
addUser(userID, userRequest);
try
{
// case 1: only one user matches the email address
......@@ -481,9 +483,9 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest
{
deleteUser(userID);
}
}
@Test
public void testGetPendingUser() throws Exception
{
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment