Skip to content
Snippets Groups Projects
Commit 87db79f4 authored by Brian Major's avatar Brian Major
Browse files

Modifications to credentials provided when running the ac admin tool.

parent 6d723106
No related branches found
No related tags found
No related merge requests found
......@@ -89,7 +89,6 @@ public abstract class AbstractCommand implements PrivilegedAction<Object>
private UserPersistence userPersistence;
protected abstract void doRun()
throws AccessControlException, TransientException;
......
......@@ -78,11 +78,8 @@ import org.apache.log4j.Logger;
import ca.nrc.cadc.ac.UserNotFoundException;
import ca.nrc.cadc.ac.server.UserPersistence;
import ca.nrc.cadc.auth.AuthenticationUtil;
import ca.nrc.cadc.auth.DelegationToken;
import ca.nrc.cadc.auth.PrincipalExtractor;
import ca.nrc.cadc.auth.SSOCookieCredential;
import ca.nrc.cadc.auth.X509CertificateChain;
import ca.nrc.cadc.auth.AuthMethod;
import ca.nrc.cadc.auth.HttpPrincipal;
import ca.nrc.cadc.net.TransientException;
......@@ -116,6 +113,7 @@ public class CommandRunner
{
Principal userIDPrincipal = ((AbstractUserCommand) command).getPrincipal();
operatorSubject.getPrincipals().add(userIDPrincipal);
operatorSubject.getPublicCredentials().add(AuthMethod.PASSWORD);
}
else
{
......@@ -130,48 +128,12 @@ public class CommandRunner
throw new IllegalArgumentException("Certificate required");
operatorSubject.getPrincipals().addAll(subjectFromCert.getPrincipals());
operatorSubject.getPrincipals().add(new HttpPrincipal("authorizedUser"));
operatorSubject.getPublicCredentials().addAll(subjectFromCert.getPublicCredentials());
operatorSubject.getPublicCredentials().add(AuthMethod.CERT);
}
// run as the user
AnonPrincipalExtractor principalExtractor = new AnonPrincipalExtractor(operatorSubject);
Subject subject = AuthenticationUtil.getSubject(principalExtractor);
LOGGER.debug("running as: " + subject);
Subject.doAs(subject, command);
}
class AnonPrincipalExtractor implements PrincipalExtractor
{
Subject s;
AnonPrincipalExtractor(Subject s)
{
this.s = s;
}
public Set<Principal> getPrincipals()
{
return s.getPrincipals();
}
public X509CertificateChain getCertificateChain()
{
LOGGER.debug("getCerfiticateChain called");
for (Object o : s.getPublicCredentials())
{
if (o instanceof X509CertificateChain)
{
LOGGER.debug("returning certificate chain.");
return (X509CertificateChain) o;
}
}
return null;
}
public DelegationToken getDelegationToken()
{
return null;
}
public SSOCookieCredential getSSOCookieCredential()
{
return null;
}
LOGGER.debug("running as: " + operatorSubject);
Subject.doAs(operatorSubject, command);
}
}
......@@ -92,4 +92,5 @@ public class ListUserRequests extends AbstractListUsers
{
return this.getUserPersistence().getUserRequests();
}
}
......@@ -92,4 +92,5 @@ public class ListUsers extends AbstractListUsers
{
return this.getUserPersistence().getUsers();
}
}
......@@ -106,7 +106,7 @@ public class ViewUser extends AbstractUserCommand
User user = this.getUserPersistence().getUser(this.getPrincipal());
this.printUser(user);
}
catch (UserNotFoundException e)
catch (AccessControlException | UserNotFoundException e)
{
// Not in the main tree, try the pending tree
User user = this.getUserPersistence().getUserRequest(this.getPrincipal());
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment