Modifications to credentials provided when running the ac admin tool.

87db79f4 · Brian Major · 6d723106 · 87db79f4 · 87db79f4 · 87db79f4
Commit 87db79f4 authored 8 years ago by Brian Major
--- a/cadc-access-control-admin/src/main/java/ca/nrc/cadc/ac/admin/AbstractCommand.java
+++ b/cadc-access-control-admin/src/main/java/ca/nrc/cadc/ac/admin/AbstractCommand.java
@@ -89,7 +89,6 @@ public abstract class AbstractCommand implements PrivilegedAction<Object>
    private UserPersistence userPersistence;
    protected abstract void doRun()
            throws AccessControlException, TransientException;

--- a/cadc-access-control-admin/src/main/java/ca/nrc/cadc/ac/admin/CommandRunner.java
+++ b/cadc-access-control-admin/src/main/java/ca/nrc/cadc/ac/admin/CommandRunner.java
@@ -78,11 +78,8 @@ import org.apache.log4j.Logger;
 import ca.nrc.cadc.ac.UserNotFoundException;
 import ca.nrc.cadc.ac.server.UserPersistence;
-import ca.nrc.cadc.auth.AuthenticationUtil;
+import ca.nrc.cadc.auth.AuthMethod;
-import ca.nrc.cadc.auth.DelegationToken;
+import ca.nrc.cadc.auth.HttpPrincipal;
-import ca.nrc.cadc.auth.PrincipalExtractor;
-import ca.nrc.cadc.auth.SSOCookieCredential;
-import ca.nrc.cadc.auth.X509CertificateChain;
 import ca.nrc.cadc.net.TransientException;
@@ -116,6 +113,7 @@ public class CommandRunner
        {
            Principal userIDPrincipal = ((AbstractUserCommand) command).getPrincipal();
            operatorSubject.getPrincipals().add(userIDPrincipal);
+            operatorSubject.getPublicCredentials().add(AuthMethod.PASSWORD);
        }
        else
        {
@@ -130,48 +128,12 @@ public class CommandRunner
                throw new IllegalArgumentException("Certificate required");
            operatorSubject.getPrincipals().addAll(subjectFromCert.getPrincipals());
+            operatorSubject.getPrincipals().add(new HttpPrincipal("authorizedUser"));
            operatorSubject.getPublicCredentials().addAll(subjectFromCert.getPublicCredentials());
+            operatorSubject.getPublicCredentials().add(AuthMethod.CERT);
        }
-        // run as the user
+        LOGGER.debug("running as: " + operatorSubject);
-        AnonPrincipalExtractor principalExtractor = new AnonPrincipalExtractor(operatorSubject);
+        Subject.doAs(operatorSubject, command);
-        Subject subject = AuthenticationUtil.getSubject(principalExtractor);
-        LOGGER.debug("running as: " + subject);
-        Subject.doAs(subject, command);
-    }
-    class AnonPrincipalExtractor implements PrincipalExtractor
-    {
-        Subject s;
-        AnonPrincipalExtractor(Subject s)
-        {
-            this.s = s;
-        }
-        public Set<Principal> getPrincipals()
-        {
-            return s.getPrincipals();
-        }
-        public X509CertificateChain getCertificateChain()
-        {
-            LOGGER.debug("getCerfiticateChain called");
-            for (Object o : s.getPublicCredentials())
-            {
-                if (o instanceof X509CertificateChain)
-                {
-                    LOGGER.debug("returning certificate chain.");
-                    return (X509CertificateChain) o;
-                }
-            }
-            return null;
-        }
-        public DelegationToken getDelegationToken()
-        {
-            return null;
-        }
-        public SSOCookieCredential getSSOCookieCredential()
-        {
-            return null;
-        }
    }
 }
--- a/cadc-access-control-admin/src/main/java/ca/nrc/cadc/ac/admin/ListUserRequests.java
+++ b/cadc-access-control-admin/src/main/java/ca/nrc/cadc/ac/admin/ListUserRequests.java
@@ -92,4 +92,5 @@ public class ListUserRequests extends AbstractListUsers
    {
    	return this.getUserPersistence().getUserRequests();
    }
 }
--- a/cadc-access-control-admin/src/main/java/ca/nrc/cadc/ac/admin/ListUsers.java
+++ b/cadc-access-control-admin/src/main/java/ca/nrc/cadc/ac/admin/ListUsers.java
@@ -92,4 +92,5 @@ public class ListUsers extends AbstractListUsers
    {
    	return this.getUserPersistence().getUsers();
    }
 }
--- a/cadc-access-control-admin/src/main/java/ca/nrc/cadc/ac/admin/RejectUser.java
+++ b/cadc-access-control-admin/src/main/java/ca/nrc/cadc/ac/admin/RejectUser.java
--- a/cadc-access-control-admin/src/main/java/ca/nrc/cadc/ac/admin/ViewUser.java
+++ b/cadc-access-control-admin/src/main/java/ca/nrc/cadc/ac/admin/ViewUser.java
@@ -106,7 +106,7 @@ public class ViewUser extends AbstractUserCommand
            User user = this.getUserPersistence().getUser(this.getPrincipal());
            this.printUser(user);
        }
-        catch (UserNotFoundException e)
+        catch (AccessControlException | UserNotFoundException e)
        {
            // Not in the main tree, try the pending tree
            User user = this.getUserPersistence().getUserRequest(this.getPrincipal());