Skip to content
Snippets Groups Projects
Commit 8363572b authored by Jeff Burke's avatar Jeff Burke
Browse files

ac2: don't use PosixDetails in the UserDAO

parent 45d56e37
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java
+ 102
75
View file @ 8363572b
...@@ -124,7 +124,6 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO ...@@ -124,7 +124,6 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
protected static final String LDAP_OBJECT_CLASS = "objectClass"; protected static final String LDAP_OBJECT_CLASS = "objectClass";
protected static final String LDAP_INET_ORG_PERSON = "inetOrgPerson"; protected static final String LDAP_INET_ORG_PERSON = "inetOrgPerson";
protected static final String LDAP_CADC_ACCOUNT = "cadcaccount"; protected static final String LDAP_CADC_ACCOUNT = "cadcaccount";
protected static final String LDAP_POSIX_ACCOUNT = "posixaccount";
protected static final String LDAP_NSACCOUNTLOCK = "nsaccountlock"; protected static final String LDAP_NSACCOUNTLOCK = "nsaccountlock";
protected static final String LDAP_MEMBEROF = "memberOf"; protected static final String LDAP_MEMBEROF = "memberOf";
protected static final String LDAP_ENTRYDN = "entrydn"; protected static final String LDAP_ENTRYDN = "entrydn";
...@@ -139,18 +138,12 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO ...@@ -139,18 +138,12 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
protected static final String LDAP_EMAIL = "email"; protected static final String LDAP_EMAIL = "email";
protected static final String LDAP_INSTITUTE = "institute"; protected static final String LDAP_INSTITUTE = "institute";
protected static final String LDAP_UID = "uid"; protected static final String LDAP_UID = "uid";
protected static final String LDAP_UID_NUMBER = "uidNumber";
protected static final String LDAP_GID_NUMBER = "gidNumber";
protected static final String LDAP_HOME_DIRECTORY = "homeDirectory";
protected static final String LDAP_LOGIN_SHELL = "loginShell";
private String[] userAttribs = new String[] private String[] userAttribs = new String[]
{ {
LDAP_FIRST_NAME, LDAP_LAST_NAME, LDAP_ADDRESS, LDAP_CITY, LDAP_FIRST_NAME, LDAP_LAST_NAME, LDAP_ADDRESS, LDAP_CITY,
LDAP_COUNTRY, LDAP_COUNTRY,
LDAP_EMAIL, LDAP_INSTITUTE, LDAP_UID, LDAP_UID_NUMBER, LDAP_EMAIL, LDAP_INSTITUTE, LDAP_UID
LDAP_GID_NUMBER,
LDAP_HOME_DIRECTORY, LDAP_LOGIN_SHELL
}; };
private String[] memberAttribs = new String[] private String[] memberAttribs = new String[]
{ {
...@@ -251,12 +244,12 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO ...@@ -251,12 +244,12 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
return userIDs; return userIDs;
} }
catch (LDAPException e1) catch (LDAPException e)
{ {
logger.debug("getCadcIDs Exception: " + e1, e1); logger.error("getCadcIDs Exception: " + e, e);
LdapDAO.checkLdapResult(e1.getResultCode()); LdapDAO.checkLdapResult(e.getResultCode());
throw new IllegalStateException("Unexpected exception: " + throw new IllegalStateException("Unexpected exception: " +
e1.getMatchedDN(), e1); e.getMatchedDN(), e);
} }
} }
...@@ -271,6 +264,70 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO ...@@ -271,6 +264,70 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
*/ */
public User<T> addUser(final UserRequest<T> userRequest) public User<T> addUser(final UserRequest<T> userRequest)
throws TransientException, UserAlreadyExistsException throws TransientException, UserAlreadyExistsException
{
DN userDN;
try
{
userDN = getUserRequestsDN(userRequest.getUser().getUserID().getName());
addUser(userRequest, userDN);
// AD: Search results sometimes come incomplete if
// connection is not reset - not sure why.
getConnection().reconnect();
try
{
return getUser(userRequest.getUser().getUserID(), config.getUserRequestsDN());
}
catch (UserNotFoundException e)
{
throw new RuntimeException("BUG: new user " + userDN.toNormalizedString() +
" not found because " + e.getMessage());
}
}
catch (LDAPException e)
{
logger.error("addUser Exception: " + e, e);
LdapUserDAO.checkUserLDAPResult(e.getResultCode());
throw new RuntimeException("Unexpected LDAP exception", e);
}
}
/**
* Package level method for unit testing to add a User directly to the
* Users tree.
*/
User<T> newUser(final UserRequest<T> userRequest)
throws TransientException, UserAlreadyExistsException
{
DN userDN;
try
{
userDN = getUserDN(userRequest.getUser().getUserID().getName());
addUser(userRequest, userDN);
// AD: Search results sometimes come incomplete if
// connection is not reset - not sure why.
getConnection().reconnect();
try
{
return getUser(userRequest.getUser().getUserID(), config.getUsersDN());
}
catch (UserNotFoundException e)
{
throw new RuntimeException("BUG: new user " + userDN.toNormalizedString() +
" not found because " + e.getMessage());
}
}
catch (LDAPException e)
{
logger.error("newUser Exception: " + e, e);
LdapUserDAO.checkUserLDAPResult(e.getResultCode());
throw new RuntimeException("Unexpected LDAP exception", e);
}
}
private void addUser(final UserRequest<T> userRequest, final DN userDN)
throws TransientException, UserAlreadyExistsException
{ {
final User<T> user = userRequest.getUser(); final User<T> user = userRequest.getUser();
final Class userType = user.getUserID().getClass(); final Class userType = user.getUserID().getClass();
...@@ -284,24 +341,22 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO ...@@ -284,24 +341,22 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
try try
{ {
// add new user // add new user
DN userDN = getUserRequestsDN(user.getUserID().getName());
List<Attribute> attributes = new ArrayList<Attribute>(); List<Attribute> attributes = new ArrayList<Attribute>();
addAttribute(attributes, LDAP_OBJECT_CLASS, LDAP_INET_ORG_PERSON); addAttribute(attributes, LDAP_OBJECT_CLASS, LDAP_INET_ORG_PERSON);
addAttribute(attributes, LDAP_OBJECT_CLASS, LDAP_CADC_ACCOUNT); addAttribute(attributes, LDAP_OBJECT_CLASS, LDAP_CADC_ACCOUNT);
addAttribute(attributes, LDAP_COMMON_NAME, user.getUserID() addAttribute(attributes, LDAP_COMMON_NAME, user.getUserID()
.getName()); .getName());
addAttribute(attributes, LDAP_DISTINGUISHED_NAME, userDN addAttribute(attributes, LDAP_DISTINGUISHED_NAME, userDN
.toNormalizedString()); .toNormalizedString());
addAttribute(attributes, LADP_USER_PASSWORD, userRequest addAttribute(attributes, LADP_USER_PASSWORD, userRequest
.getPassword()); .getPassword());
for (UserDetails details : user.details) for (UserDetails details : user.details)
{ {
if (details.getClass() == PersonalDetails.class) if (details.getClass() == PersonalDetails.class)
{ {
PersonalDetails pd = (PersonalDetails) details; PersonalDetails pd = (PersonalDetails) details;
addAttribute(attributes, LDAP_FIRST_NAME, pd addAttribute(attributes, LDAP_FIRST_NAME, pd.getFirstName());
.getFirstName());
addAttribute(attributes, LDAP_LAST_NAME, pd.getLastName()); addAttribute(attributes, LDAP_LAST_NAME, pd.getLastName());
addAttribute(attributes, LDAP_ADDRESS, pd.address); addAttribute(attributes, LDAP_ADDRESS, pd.address);
addAttribute(attributes, LDAP_CITY, pd.city); addAttribute(attributes, LDAP_CITY, pd.city);
...@@ -311,42 +366,18 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO ...@@ -311,42 +366,18 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
} }
else if (details.getClass() == PosixDetails.class) else if (details.getClass() == PosixDetails.class)
{ {
PosixDetails pd = (PosixDetails) details; throw new UnsupportedOperationException(
addAttribute(attributes, LDAP_OBJECT_CLASS, LDAP_POSIX_ACCOUNT); "Support for users PosixDetails not available");
addAttribute(attributes, LDAP_UID, Long
.toString(pd.getUid()));
addAttribute(attributes, LDAP_UID_NUMBER, Long
.toString(pd.getUid()));
addAttribute(attributes, LDAP_GID_NUMBER, Long
.toString(pd.getGid()));
addAttribute(attributes, LDAP_HOME_DIRECTORY, pd
.getHomeDirectory());
addAttribute(attributes, LDAP_LOGIN_SHELL, pd.loginShell);
} }
} }
AddRequest addRequest = new AddRequest(userDN, attributes); AddRequest addRequest = new AddRequest(userDN, attributes);
LDAPResult result = getConnection().add(addRequest); LDAPResult result = getConnection().add(addRequest);
LdapDAO.checkLdapResult(result.getResultCode()); LdapDAO.checkLdapResult(result.getResultCode());
// AD: Search results sometimes come incomplete if
// connection is not reset - not sure why.
getConnection().reconnect();
try
{
return getUser(user.getUserID(), config.getUserRequestsDN());
}
catch (UserNotFoundException e)
{
throw new RuntimeException("BUG: new user " + userDN
.toNormalizedString() +
" not found, result " + result
.getResultCode());
}
} }
catch (LDAPException e) catch (LDAPException e)
{ {
logger.debug("addUser Exception: " + e, e); logger.error("addUser Exception: " + e, e);
LdapUserDAO.checkUserLDAPResult(e.getResultCode()); LdapUserDAO.checkUserLDAPResult(e.getResultCode());
throw new RuntimeException("Unexpected LDAP exception", e); throw new RuntimeException("Unexpected LDAP exception", e);
} }
...@@ -436,18 +467,6 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO ...@@ -436,18 +467,6 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
.getAttributeValue(LDAP_INSTITUTE); .getAttributeValue(LDAP_INSTITUTE);
user.details.add(personaDetails); user.details.add(personaDetails);
Long uid = searchResult.getAttributeValueAsLong(LDAP_UID_NUMBER);
Long gid = searchResult.getAttributeValueAsLong(LDAP_GID_NUMBER);
String homeDirectory = searchResult
.getAttributeValue(LDAP_HOME_DIRECTORY);
if (uid != null && gid != null && homeDirectory != null)
{
PosixDetails posixDetails = new PosixDetails(uid, gid, homeDirectory);
posixDetails.loginShell = searchResult
.getAttributeValue(LDAP_LOGIN_SHELL);
user.details.add(posixDetails);
}
return user; return user;
} }
...@@ -543,23 +562,18 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO ...@@ -543,23 +562,18 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
if (details.getClass() == PersonalDetails.class) if (details.getClass() == PersonalDetails.class)
{ {
PersonalDetails pd = (PersonalDetails) details; PersonalDetails pd = (PersonalDetails) details;
mods.add(new Modification(ModificationType.REPLACE, LDAP_FIRST_NAME, pd.getFirstName())); addModification(mods, LDAP_FIRST_NAME, pd.getFirstName());
mods.add(new Modification(ModificationType.REPLACE, LDAP_LAST_NAME, pd.getLastName())); addModification(mods, LDAP_LAST_NAME, pd.getLastName());
mods.add(new Modification(ModificationType.REPLACE, LDAP_ADDRESS, pd.address)); addModification(mods, LDAP_ADDRESS, pd.address);
mods.add(new Modification(ModificationType.REPLACE, LDAP_CITY, pd.city)); addModification(mods, LDAP_CITY, pd.city);
mods.add(new Modification(ModificationType.REPLACE, LDAP_COUNTRY, pd.country)); addModification(mods, LDAP_COUNTRY, pd.country);
mods.add(new Modification(ModificationType.REPLACE, LDAP_EMAIL, pd.email)); addModification(mods, LDAP_EMAIL, pd.email);
mods.add(new Modification(ModificationType.REPLACE, LDAP_INSTITUTE, pd.institute)); addModification(mods, LDAP_INSTITUTE, pd.institute);
} }
else if (details.getClass() == PosixDetails.class) else if (details.getClass() == PosixDetails.class)
{ {
PosixDetails pd = (PosixDetails) details; throw new UnsupportedOperationException(
mods.add(new Modification(ModificationType.REPLACE, LDAP_OBJECT_CLASS, LDAP_POSIX_ACCOUNT)); "Support for users PosixDetails not available");
mods.add(new Modification(ModificationType.REPLACE, LDAP_UID, Long.toString(pd.getUid())));
mods.add(new Modification(ModificationType.REPLACE, LDAP_UID_NUMBER, Long.toString(pd.getUid())));
mods.add(new Modification(ModificationType.REPLACE, LDAP_GID_NUMBER, Long.toString(pd.getGid())));
mods.add(new Modification(ModificationType.REPLACE, LDAP_HOME_DIRECTORY, pd.getHomeDirectory()));
mods.add(new Modification(ModificationType.REPLACE, LDAP_LOGIN_SHELL, pd.loginShell));
} }
} }
...@@ -571,10 +585,11 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO ...@@ -571,10 +585,11 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
"dn:" + getSubjectDN().toNormalizedString())); "dn:" + getSubjectDN().toNormalizedString()));
LdapDAO.checkLdapResult(getConnection().modify(modifyRequest).getResultCode()); LdapDAO.checkLdapResult(getConnection().modify(modifyRequest).getResultCode());
} }
catch (LDAPException e1) catch (LDAPException e)
{ {
logger.debug("Modify Exception: " + e1, e1); e.printStackTrace();
LdapDAO.checkLdapResult(e1.getResultCode()); logger.debug("Modify Exception: " + e, e);
LdapDAO.checkLdapResult(e.getResultCode());
} }
try try
{ {
...@@ -900,7 +915,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO ...@@ -900,7 +915,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
throw new IllegalArgumentException(userID + " not a valid user ID"); throw new IllegalArgumentException(userID + " not a valid user ID");
} }
void addAttribute(List<Attribute> attributes, final String name, final String value) private void addAttribute(List<Attribute> attributes, final String name, final String value)
{ {
if (value != null && !value.isEmpty()) if (value != null && !value.isEmpty())
{ {
...@@ -908,6 +923,18 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO ...@@ -908,6 +923,18 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
} }
} }
private void addModification(List<Modification> mods, final String name, final String value)
{
if (value != null && !value.isEmpty())
{
mods.add(new Modification(ModificationType.REPLACE, name, value));
}
else
{
mods.add(new Modification(ModificationType.REPLACE, name));
}
}
/** /**
* Checks the Ldap result code, and if the result is not SUCCESS, * Checks the Ldap result code, and if the result is not SUCCESS,
* throws an appropriate exception. This is the place to decide on * throws an appropriate exception. This is the place to decide on
......
projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAOTest.java
+ 72
21
View file @ 8363572b
...@@ -93,7 +93,7 @@ import static org.junit.Assert.assertNotNull; ...@@ -93,7 +93,7 @@ import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue; import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail; import static org.junit.Assert.fail;
public class LdapUserDAOTest extends AbstractLdapDAOTest public class LdapUserDAOTest<T extends Principal> extends AbstractLdapDAOTest
{ {
private static final Logger log = Logger.getLogger(LdapUserDAOTest.class); private static final Logger log = Logger.getLogger(LdapUserDAOTest.class);
...@@ -356,20 +356,50 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest ...@@ -356,20 +356,50 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest
@Test @Test
public void testSetPassword() throws Exception public void testSetPassword() throws Exception
{ {
// LDAPConnection connection =
// new LDAPConnection(SocketFactory.getDefault(), config.getServer(), config.getPort());
// connection.bind(config.getAdminUserDN(), config.getAdminPasswd());
//
// // Create an SSLUtil instance that is configured to trust any certificate.
// SSLUtil sslUtil = new SSLUtil(new TrustAllTrustManager());
// SSLContext sslContext = sslUtil.createSSLContext();
// StartTLSExtendedRequest startTLSRequest = new StartTLSExtendedRequest(sslContext);
// ExtendedResult startTLSResult = connection.processExtendedOperation(startTLSRequest);
// LDAPTestUtils.assertResultCodeEquals(startTLSResult, ResultCode.SUCCESS);
// Create a test user with a known password // Create a test user with a known password
final User<HttpPrincipal> teststUser2; final User<HttpPrincipal> testUser2;
final String username = getUserID(); final String username = getUserID();
final String password = "foo"; final String password = "foo";
final String newPassword = "bar"; final String newPassword = "bar";
User<HttpPrincipal> user = new User<HttpPrincipal>(new HttpPrincipal(username)); HttpPrincipal principal = new HttpPrincipal(username);
user.details.add(new PersonalDetails("firstName", "lastName")); testUser2 = new User<HttpPrincipal>(principal);
UserRequest userRequest = new UserRequest(user, password); testUser2.getIdentities().add(principal);
teststUser2 = getUserDAO().addUser(userRequest); testUser2.details.add(new PersonalDetails("firstName", "lastName"));
final UserRequest userRequest = new UserRequest(testUser2, password);
// add the user
Subject subject = new Subject(); Subject subject = new Subject();
subject.getPrincipals().add(testUser2.getUserID());
Subject.doAs(subject, new PrivilegedExceptionAction<Object>()
{
public Object run()
throws Exception
{
try
{
return getUserDAO().newUser(userRequest);
}
catch (Exception e)
{
fail("exception updating user: " + e.getMessage());
}
return null;
}
});
// authenticate new useranme and password // authenticate new username and password
Subject.doAs(subject, new PrivilegedExceptionAction<Object>() Subject.doAs(subject, new PrivilegedExceptionAction<Object>()
{ {
public Object run() public Object run()
...@@ -388,13 +418,14 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest ...@@ -388,13 +418,14 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest
}); });
// anonymous access should throw exception // anonymous access should throw exception
subject = new Subject();
Subject.doAs(subject, new PrivilegedExceptionAction<Object>() Subject.doAs(subject, new PrivilegedExceptionAction<Object>()
{ {
public Object run() throws Exception public Object run() throws Exception
{ {
try try
{ {
getUserDAO().setPassword(teststUser2, password, newPassword); getUserDAO().setPassword(testUser2, password, newPassword);
fail("should throw exception if subject and user are not the same"); fail("should throw exception if subject and user are not the same");
} }
catch (Exception ignore){} catch (Exception ignore){}
...@@ -403,7 +434,7 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest ...@@ -403,7 +434,7 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest
}); });
// change the password // change the password
subject.getPrincipals().add(teststUser2.getUserID()); subject.getPrincipals().add(testUser2.getUserID());
Subject.doAs(subject, new PrivilegedExceptionAction<Object>() Subject.doAs(subject, new PrivilegedExceptionAction<Object>()
{ {
public Object run() public Object run()
...@@ -411,10 +442,11 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest ...@@ -411,10 +442,11 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest
{ {
try try
{ {
getUserDAO().setPassword(teststUser2, password, newPassword); getUserDAO().setPassword(testUser2, password, newPassword);
} }
catch (Exception e) catch (Exception e)
{ {
e.printStackTrace();
fail("exception setting password: " + e.getMessage()); fail("exception setting password: " + e.getMessage());
} }
return null; return null;
...@@ -441,22 +473,42 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest ...@@ -441,22 +473,42 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest
} }
@Test // @Test
public void testUpdateUser() throws Exception public void testUpdateUser() throws Exception
{ {
// Create a test user with a known password // Create a test user
final User<HttpPrincipal> testUser2; final User<HttpPrincipal> testUser2;
final String username = getUserID(); final String username = getUserID();
final String password = "foo"; final String password = "foo";
final String newPassword = "bar";
User<HttpPrincipal> user = new User<HttpPrincipal>(new HttpPrincipal(username)); HttpPrincipal principal = new HttpPrincipal(username);
user.details.add(new PersonalDetails("firstName", "lastName")); testUser2 = new User<HttpPrincipal>(principal);
UserRequest userRequest = new UserRequest(user, password); testUser2.getIdentities().add(principal);
testUser2 = getUserDAO().addUser(userRequest); testUser2.details.add(new PersonalDetails("firstName", "lastName"));
final UserRequest userRequest = new UserRequest(testUser2, password);
// add the user
Subject subject = new Subject();
subject.getPrincipals().add(testUser2.getUserID());
Subject.doAs(subject, new PrivilegedExceptionAction<Object>()
{
public Object run()
throws Exception
{
try
{
return getUserDAO().newUser(userRequest);
}
catch (Exception e)
{
fail("exception updating user: " + e.getMessage());
}
return null;
}
});
// update the user // update the user
for (UserDetails details : user.details) for (UserDetails details : testUser2.details)
{ {
if (details instanceof PersonalDetails) if (details instanceof PersonalDetails)
{ {
...@@ -468,11 +520,9 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest ...@@ -468,11 +520,9 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest
pd.country = "country2"; pd.country = "country2";
} }
} }
user.details.add(new PosixDetails(123L, 456L, "/dev/null"));
Subject subject = new Subject();
// anonymous access should throw exception // anonymous access should throw exception
subject = new Subject();
Subject.doAs(subject, new PrivilegedExceptionAction<Object>() Subject.doAs(subject, new PrivilegedExceptionAction<Object>()
{ {
public Object run() public Object run()
...@@ -504,6 +554,7 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest ...@@ -504,6 +554,7 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest
} }
catch (Exception e) catch (Exception e)
{ {
e.printStackTrace();
fail("exception updating user: " + e.getMessage()); fail("exception updating user: " + e.getMessage());
} }
return null; return null;
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment