diff --git a/projects/cadcAccessControl-Server/build.xml b/projects/cadcAccessControl-Server/build.xml
index b5ad9f91fe28e1e3606f3b6ab652d333b722271e..a5fea3d97328b8ea86663092f3136e7528463a7b 100644
--- a/projects/cadcAccessControl-Server/build.xml
+++ b/projects/cadcAccessControl-Server/build.xml
@@ -148,7 +148,7 @@
<pathelement path="${jars}:${testingJars}"/>
</classpath>
<sysproperty key="ca.nrc.cadc.util.PropertiesReader.dir" value="test"/>
- <test name="ca.nrc.cadc.ac.server.web.users.UserActionFactoryTest" />
+ <test name="ca.nrc.cadc.ac.server.ldap.LdapUserDAOTest" />
<formatter type="plain" usefile="false" />
</junit>
</target>
diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/UserPersistence.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/UserPersistence.java
index 070080806602418dc3d0b5cacfc8849e375b0869..a384111bc699d2365af43f5f19b25bf123ba7570 100755
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/UserPersistence.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/UserPersistence.java
@@ -133,7 +133,22 @@ public interface UserPersistence<T extends Principal>
User<T> getPendingUser(T userID)
throws UserNotFoundException, TransientException,
AccessControlException;
-
+
+ /**
+ * Get the user specified by userID with all of the users identities.
+ *
+ * @param userID The userID.
+ *
+ * @return User instance.
+ *
+ * @throws UserNotFoundException when the user is not found.
+ * @throws TransientException If an temporary, unexpected problem occurred.
+ * @throws AccessControlException If the operation is not permitted.
+ */
+ User<T> getAugmentedUser(T userID)
+ throws UserNotFoundException, TransientException,
+ AccessControlException;
+
/**
* Attempt to login the specified user.
*
@@ -148,7 +163,7 @@ public interface UserPersistence<T extends Principal>
*/
Boolean doLogin(String userID, String password)
throws UserNotFoundException, TransientException,
- AccessControlException;
+ AccessControlException;
/**
* Updated the user specified by User.
diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapDAO.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapDAO.java
index dae9d245d651331b3a0994cbbfa5d63141c60eaf..9df8ef92109a19d612bd3aab99630494bce9a301 100755
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapDAO.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapDAO.java
@@ -68,22 +68,17 @@
*/
package ca.nrc.cadc.ac.server.ldap;
-import ca.nrc.cadc.auth.HttpPrincipal;
-import ca.nrc.cadc.auth.NumericPrincipal;
-import ca.nrc.cadc.auth.OpenIdPrincipal;
+import ca.nrc.cadc.auth.DNPrincipal;
import ca.nrc.cadc.net.TransientException;
import com.unboundid.ldap.sdk.DN;
import com.unboundid.ldap.sdk.LDAPConnection;
import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.ResultCode;
-import com.unboundid.ldap.sdk.SearchResult;
-import com.unboundid.ldap.sdk.SearchScope;
import org.apache.log4j.Logger;
import javax.net.SocketFactory;
import javax.net.ssl.SSLSocketFactory;
import javax.security.auth.Subject;
-import javax.security.auth.x500.X500Principal;
import java.security.AccessControlException;
import java.security.AccessController;
import java.security.GeneralSecurityException;
@@ -159,12 +154,12 @@ public abstract class LdapDAO
}
}
- protected DN getSubjectDN() throws LDAPException
+ protected DN getSubjectDN()
+ throws LDAPException
{
if (subjDN == null)
{
- Subject callerSubject =
- Subject.getSubject(AccessController.getContext());
+ Subject callerSubject = getSubject();
if (callerSubject == null)
{
throw new AccessControlException("Caller not authenticated.");
@@ -176,48 +171,18 @@ public abstract class LdapDAO
throw new AccessControlException("Caller not authenticated.");
}
- String ldapField = null;
for (Principal p : principals)
{
- if (p instanceof HttpPrincipal)
+ if (p instanceof DNPrincipal)
{
- ldapField = "(uid=" + p.getName() + ")";
- break;
- }
- if (p instanceof NumericPrincipal)
- {
- ldapField = "(numericid=" + p.getName() + ")";
- break;
- }
- if (p instanceof X500Principal)
- {
- ldapField = "(distinguishedname=" + p.getName() + ")";
- break;
- }
- if (p instanceof OpenIdPrincipal)
- {
- ldapField = "(openid=" + p.getName() + ")";
- break;
+ subjDN = new DN(p.getName());
}
}
- if (ldapField == null)
+ if (subjDN == null)
{
throw new AccessControlException("Identity of caller unknown.");
}
-
- SearchResult searchResult =
- getConnection().search(config.getUsersDN(), SearchScope.ONE,
- ldapField, "entrydn");
-
- if (searchResult.getEntryCount() < 1)
- {
- throw new AccessControlException(
- "No LDAP account when search with rule " + ldapField);
- }
-
- subjDN = (searchResult.getSearchEntries().get(0))
- .getAttributeValueAsDN("entrydn");
}
return subjDN;
}
@@ -268,4 +233,9 @@ public abstract class LdapDAO
throw new RuntimeException("Ldap error (" + code.getName() + ")");
}
+ protected Subject getSubject()
+ {
+ return Subject.getSubject(AccessController.getContext());
+ }
+
}
diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java
index 5108b0828c2c1618262d3aa22e63eedc69057829..a0ff3e64d3a2c86e603bb704d59e83366adcf4e6 100755
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java
@@ -80,6 +80,7 @@ import java.util.Random;
import javax.security.auth.x500.X500Principal;
+import ca.nrc.cadc.auth.DNPrincipal;
import org.apache.log4j.Logger;
import ca.nrc.cadc.ac.PersonalDetails;
@@ -156,6 +157,10 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
{
LDAP_FIRST_NAME, LDAP_LAST_NAME
};
+ private String[] identityAttribs = new String[]
+ {
+ LDAP_UID, LDAP_DISTINGUISHED_NAME, LDAP_NUMERICID, LDAP_ENTRYDN
+ };
public LdapUserDAO(LdapConfig config)
{
@@ -545,6 +550,61 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
return user;
}
+ public User<T> getAugmentedUser(final T userID)
+ throws UserNotFoundException, TransientException,
+ AccessControlException
+ {
+ String searchField = userLdapAttrib.get(userID.getClass());
+ if (searchField == null)
+ {
+ throw new IllegalArgumentException(
+ "Unsupported principal type " + userID.getClass());
+ }
+
+ try
+ {
+ Filter filter =
+ Filter.createNOTFilter(Filter.createPresenceFilter("nsaccountlock"));
+ filter =
+ Filter.createANDFilter(filter,
+ Filter.createEqualityFilter(searchField, userID.getName()));
+
+ SearchRequest searchRequest =
+ new SearchRequest(config.getUsersDN(), SearchScope.ONE,
+ filter, identityAttribs);
+
+ searchRequest.addControl(
+ new ProxiedAuthorizationV2RequestControl(
+ "dn:" + getSubjectDN().toNormalizedString()));
+
+ SearchResultEntry searchResult = getConnection().searchForEntry(searchRequest);
+
+ if (searchResult == null)
+ {
+ String msg = "User not found " + userID.toString();
+ logger.debug(msg);
+ throw new UserNotFoundException(msg);
+ }
+
+ User<T> user = new User<T>(userID);
+ user.getIdentities().add(new HttpPrincipal(
+ searchResult.getAttributeValue(LDAP_UID)));
+ user.getIdentities().add(new NumericPrincipal(
+ searchResult.getAttributeValueAsLong(LDAP_NUMERICID)));
+ user.getIdentities().add(new X500Principal(
+ searchResult.getAttributeValue(LDAP_DISTINGUISHED_NAME)));
+ user.getIdentities().add(new DNPrincipal(
+ searchResult.getAttributeValue(LDAP_ENTRYDN)));
+ return user;
+ }
+ catch (LDAPException e)
+ {
+ logger.debug("getGroup Exception: " + e, e);
+ LdapDAO.checkLdapResult(e.getResultCode());
+ throw new RuntimeException("BUG: checkLdapResult didn't throw an exception");
+ }
+ }
+
/**
* Obtain whether the given DN tree requires authentication.
*
diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserPersistence.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserPersistence.java
index fd8b41ec1abb427b629fc026f53eda34b767937a..1489d221cccae4f434e8a720a0b53375656c9cbc 100755
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserPersistence.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserPersistence.java
@@ -202,6 +202,36 @@ public class LdapUserPersistence<T extends Principal>
}
}
+ /**
+ * Get the user specified by userID with all of the users identities.
+ *
+ * @param userID The userID.
+ *
+ * @return User instance.
+ *
+ * @throws UserNotFoundException when the user is not found.
+ * @throws TransientException If an temporary, unexpected problem occurred.
+ * @throws AccessControlException If the operation is not permitted.
+ */
+ public User<T> getAugmentedUser(T userID)
+ throws UserNotFoundException, TransientException,
+ AccessControlException
+ {
+ LdapUserDAO<T> userDAO = null;
+ try
+ {
+ userDAO = new LdapUserDAO<T>(this.config);
+ return userDAO.getAugmentedUser(userID);
+ }
+ finally
+ {
+ if (userDAO != null)
+ {
+ userDAO.close();
+ }
+ }
+ }
+
/**
* Get the user specified by userID.
*
diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/GetUserAction.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/GetUserAction.java
index 92a345af5cc7383779cab27f99f37d8819dc8ee0..70cf6b0dfc454f82f6817b42eb217d97d6961016 100644
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/GetUserAction.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/GetUserAction.java
@@ -100,7 +100,7 @@ public class GetUserAction extends AbstractUserAction
{
User<Principal> user;
- if (isServops())
+ if (isSubjectUser(this.augmentUserDN))
{
Subject subject = new Subject();
subject.getPrincipals().add(this.userID);
@@ -124,64 +124,75 @@ public class GetUserAction extends AbstractUserAction
protected User<Principal> getUser(Principal principal) throws Exception
{
- final UserPersistence<Principal> userPersistence = getUserPersistence();
- User<Principal> user;
-
- try
+ User<Principal> user;
+
+ // For detail=identity, if the calling user is the same as the requested user,
+ // the calling user already has all principals for that user.
+ if (detail != null && detail.equalsIgnoreCase("identity") &&
+ isSubjectUser(principal.getName()))
{
- user = userPersistence.getUser(principal);
- if (detail != null)
+ Subject subject = Subject.getSubject(AccessController.getContext());
+ user = new User<Principal>(principal);
+ user.getIdentities().addAll(subject.getPrincipals());
+ }
+ else
+ {
+ final UserPersistence<Principal> userPersistence = getUserPersistence();
+ try
{
- // Only return user principals
- if (detail.equals("identity"))
+ user = userPersistence.getUser(principal);
+ if (detail != null)
{
- user.details.clear();
- }
- // Only return user profile info, first and last name.
- else if (detail.equals("display"))
- {
- user.getIdentities().clear();
- Set<PersonalDetails> details = user.getDetails(PersonalDetails.class);
- if (details.isEmpty())
+ // Only return user principals
+ if (detail.equalsIgnoreCase("identity"))
{
- String error = principal.getName() + " missing required PersonalDetails";
- throw new IllegalStateException(error);
+ user.details.clear();
+ }
+ // Only return user profile info, first and last name.
+ else if (detail.equalsIgnoreCase("display"))
+ {
+ user.getIdentities().clear();
+ Set<PersonalDetails> details = user.getDetails(PersonalDetails.class);
+ if (details.isEmpty())
+ {
+ String error = principal.getName() + " missing required PersonalDetails";
+ throw new IllegalStateException(error);
+ }
+ PersonalDetails pd = details.iterator().next();
+ user.details.clear();
+ user.details.add(new PersonalDetails(pd.getFirstName(), pd.getLastName()));
+ }
+ else
+ {
+ throw new IllegalArgumentException("Illegal detail parameter " + detail);
}
- PersonalDetails pd = details.iterator().next();
- user.details.clear();
- user.details.add(new PersonalDetails(pd.getFirstName(), pd.getLastName()));
- }
- else
- {
- throw new IllegalArgumentException("Illegal detail parameter " + detail);
}
}
- }
- catch (UserNotFoundException e)
- {
- user = userPersistence.getPendingUser(principal);
+ catch (UserNotFoundException e)
+ {
+ user = userPersistence.getPendingUser(principal);
+ }
}
return user;
}
-
- protected boolean isServops()
+
+ protected boolean isSubjectUser(String username)
{
- boolean isServops = false;
- AccessControlContext acc = AccessController.getContext();
- Subject subject = Subject.getSubject(acc);
+ boolean found = false;
+ Subject subject = Subject.getSubject(AccessController.getContext());
if (subject != null)
{
- for (Principal principal : subject.getPrincipals())
- {
- if (principal.getName().equals(this.getAugmentUserDN()))
- {
- isServops = true;
- break;
- }
- }
+ for (Principal principal : subject.getPrincipals())
+ {
+ if (principal.getName().equals(username))
+ {
+ found = true;
+ break;
+ }
+ }
}
-
- return isServops;
+
+ return found;
}
}
diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/auth/AuthenticatorImpl.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/auth/AuthenticatorImpl.java
index 024549e6ea3053593c4734ac608638b875154193..f132ab47a23e4cfefc37606ef875d6377e01ef5f 100644
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/auth/AuthenticatorImpl.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/auth/AuthenticatorImpl.java
@@ -133,7 +133,7 @@ public class AuthenticatorImpl implements Authenticator
try
{
LdapUserPersistence<Principal> dao = new LdapUserPersistence<Principal>();
- User<Principal> user = dao.getUser(subject.getPrincipals().iterator().next());
+ User<Principal> user = dao.getAugmentedUser(subject.getPrincipals().iterator().next());
subject.getPrincipals().addAll(user.getIdentities());
}
catch (UserNotFoundException e)
diff --git a/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapDAOTest.java b/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapDAOTest.java
index 05e33b33e00b65a6d6cc2a48201937f339377647..18b0b109aa38cbf9f89a699d67225b18e522527b 100644
--- a/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapDAOTest.java
+++ b/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapDAOTest.java
@@ -68,22 +68,23 @@
package ca.nrc.cadc.ac.server.ldap;
-import java.security.PrivilegedExceptionAction;
-
-import javax.net.ssl.SSLSocketFactory;
-import javax.security.auth.Subject;
-import javax.security.auth.x500.X500Principal;
-
+import ca.nrc.cadc.auth.DNPrincipal;
import ca.nrc.cadc.auth.HttpPrincipal;
import ca.nrc.cadc.auth.NumericPrincipal;
import ca.nrc.cadc.util.Log4jInit;
-
+import com.unboundid.ldap.sdk.DN;
import com.unboundid.ldap.sdk.LDAPConnection;
-
import org.apache.log4j.Level;
-import org.junit.Test;
import org.junit.BeforeClass;
-import static org.junit.Assert.*;
+import org.junit.Test;
+
+import javax.security.auth.Subject;
+import javax.security.auth.x500.X500Principal;
+import java.security.PrivilegedExceptionAction;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
public class LdapDAOTest extends AbstractLdapDAOTest
@@ -172,6 +173,31 @@ public class LdapDAOTest extends AbstractLdapDAOTest
}
+ @Test
+ public void testGetSubjectDN() throws Exception
+ {
+ DN expected = new DN("uid=foo,ou=bar,dc=net");
+ final DNPrincipal dnPrincipal = new DNPrincipal(expected.toNormalizedString());
+
+ LdapConfig config = LdapConfig.getLdapConfig("LdapConfig.test.properties");
+ LdapDAO ldapDAO = new LdapDAO(config)
+ {
+ @Override
+ protected Subject getSubject()
+ {
+ Subject subject = new Subject();
+ subject.getPrincipals().add(new HttpPrincipal("foo"));
+ subject.getPrincipals().add(new X500Principal("uid=foo,o=bar"));
+ subject.getPrincipals().add(dnPrincipal);
+ return subject;
+ }
+ };
+
+ DN actual = ldapDAO.getSubjectDN();
+ assertNotNull("DN is null", actual);
+ assertEquals("DN's do not match", expected.toNormalizedString(), actual.toNormalizedString());
+ }
+
private void testConnection(final LDAPConnection ldapCon)
{
assertTrue("Not connected but should be.", ldapCon.isConnected());
diff --git a/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java b/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java
index 24b055459faa0ebe77d4fb669f3431118b147869..5ec862782981d86de578bb287bb8e6c234e82a8e 100644
--- a/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java
+++ b/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java
@@ -74,6 +74,7 @@ import ca.nrc.cadc.ac.GroupNotFoundException;
import ca.nrc.cadc.ac.GroupProperty;
import ca.nrc.cadc.ac.Role;
import ca.nrc.cadc.ac.User;
+import ca.nrc.cadc.auth.DNPrincipal;
import ca.nrc.cadc.auth.HttpPrincipal;
import ca.nrc.cadc.util.Log4jInit;
import org.apache.log4j.Level;
@@ -104,7 +105,13 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest
static String daoTestDN2 = "cn=" + daoTestUid2 + ",ou=cadc,o=hia,c=ca";
static String daoTestDN3 = "cn=" + daoTestUid3 + ",ou=cadc,o=hia,c=ca";
static String unknownDN = "cn=foo,ou=cadc,o=hia,c=ca";
-
+
+ static String daoTestEntryDN1 = "uid=cadcdaotest1,ou=users,ou=ds,dc=testcanfar";
+ static String daoTestEntryDN2 = "uid=cadcdaotest2,ou=users,ou=ds,dc=testcanfar";
+
+ static DNPrincipal daoDNPrincipal1;
+ static DNPrincipal daoDNPrincipal2;
+
static X500Principal daoTestPrincipal1;
static X500Principal daoTestPrincipal2;
static X500Principal daoTestPrincipal3;
@@ -135,6 +142,9 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest
daoTestPrincipal3 = new X500Principal(daoTestDN3);
unknownPrincipal = new X500Principal(unknownDN);
+ daoDNPrincipal1 = new DNPrincipal(daoTestEntryDN1);
+ daoDNPrincipal2 = new DNPrincipal(daoTestEntryDN2);
+
daoTestUser1 = new User<X500Principal>(daoTestPrincipal1);
daoTestUser2 = new User<X500Principal>(daoTestPrincipal2);
daoTestUser3 = new User<X500Principal>(daoTestPrincipal3);
@@ -142,9 +152,11 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest
daoTestUser1Subject = new Subject();
daoTestUser1Subject.getPrincipals().add(daoTestUser1.getUserID());
+ daoTestUser1Subject.getPrincipals().add(daoDNPrincipal1);
daoTestUser2Subject = new Subject();
daoTestUser2Subject.getPrincipals().add(daoTestUser2.getUserID());
+ daoTestUser2Subject.getPrincipals().add(daoDNPrincipal2);
anonSubject = new Subject();
anonSubject.getPrincipals().add(unknownUser.getUserID());
diff --git a/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAOTest.java b/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAOTest.java
index cb143e90e8fedc9c87677763f09ac55b3c23b67f..68ca8ae3855d9854db2b82281ac95d13f1de7bfb 100644
--- a/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAOTest.java
+++ b/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAOTest.java
@@ -82,6 +82,7 @@ import java.util.Random;
import javax.security.auth.Subject;
import javax.security.auth.x500.X500Principal;
+import ca.nrc.cadc.auth.DNPrincipal;
import org.apache.log4j.Level;
import org.apache.log4j.Logger;
import org.junit.BeforeClass;
@@ -103,12 +104,16 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest
private static final Logger log = Logger.getLogger(LdapUserDAOTest.class);
static final String testUserX509DN = "cn=cadcdaotest1,ou=cadc,o=hia,c=ca";
+ static final String testUser1EntryDN = "uid=cadcdaotest1,ou=users,ou=ds,dc=testcanfar";
+ static final String testUser2EntryDN = "uid=cadcdaotest2,ou=users,ou=ds,dc=testcanfar";
static int nextUserNumericID = 666;
static String testUserDN;
static User<X500Principal> testUser;
static User<X500Principal> testMember;
static User<HttpPrincipal> testPendingUser;
+ static DNPrincipal testUser1DNPrincipal;
+ static DNPrincipal testUser2DNPrincipal;
static LdapConfig config;
static Random ran = new Random(); // source of randomness for numeric ids
@@ -117,7 +122,7 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest
public static void setUpBeforeClass()
throws Exception
{
- Log4jInit.setLevel("ca.nrc.cadc.ac", Level.DEBUG);
+ Log4jInit.setLevel("ca.nrc.cadc.ac", Level.INFO);
// get the configuration of the development server from and config files...
config = getLdapConfig();
@@ -128,10 +133,10 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest
new User<HttpPrincipal>(new HttpPrincipal("CADCtestRequest"));
testPendingUser.details.add(new PersonalDetails("CADCtest", "Request"));
testPendingUser.getIdentities().add(
- new HttpPrincipal("CADCtestRequest"));
+ new HttpPrincipal("CADCtestRequest"));
testPendingUser.getIdentities().add(
- new X500Principal(
- "uid=CADCtestRequest,ou=userrequests,ou=ds,dc=testcanfar"));
+ new X500Principal(
+ "uid=CADCtestRequest,ou=userrequests,ou=ds,dc=testcanfar"));
testPendingUser.getIdentities().add(new NumericPrincipal(66666));
testUser.details.add(new PersonalDetails("CADC", "DAOTest1"));
@@ -147,7 +152,9 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest
testMember = new User<X500Principal>(testUserX500Princ);
testMember.details.add(new PersonalDetails("CADC", "DAOTest1"));
testMember.getIdentities().add(new HttpPrincipal("CadcDaoTest1"));
-
+
+ testUser1DNPrincipal = new DNPrincipal(testUser1EntryDN);
+ testUser2DNPrincipal = new DNPrincipal(testUser2EntryDN);
}
<T extends Principal> LdapUserDAO<T> getUserDAO() throws Exception
@@ -227,6 +234,7 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest
{
Subject subject = new Subject();
subject.getPrincipals().add(testUser.getUserID());
+ subject.getPrincipals().add(testUser1DNPrincipal);
// do everything as owner
Subject.doAs(subject, new PrivilegedExceptionAction<Object>()
@@ -258,6 +266,7 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest
{
Subject subject = new Subject();
subject.getPrincipals().add(testUser.getUserID());
+ subject.getPrincipals().add(testUser1DNPrincipal);
// do everything as owner
Subject.doAs(subject, new PrivilegedExceptionAction<Object>()
@@ -267,7 +276,7 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest
try
{
Collection<DN> groups = getUserDAO().getUserGroups(testUser.getUserID(),
- false);
+ false);
assertNotNull("Groups should not be null.", groups);
for (DN groupDN : groups)
@@ -301,6 +310,7 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest
{
Subject subject = new Subject();
subject.getPrincipals().add(testUser.getUserID());
+ subject.getPrincipals().add(testUser1DNPrincipal);
// do everything as owner
Subject.doAs(subject, new PrivilegedExceptionAction<Object>()
@@ -314,7 +324,7 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest
String groupDN = "cn=cadcdaotestgroup1," + config.getGroupsDN();
isMember = getUserDAO().isMember(testUser.getUserID(),
- groupDN);
+ groupDN);
assertTrue("Membership should exist.", isMember);
return null;
@@ -335,7 +345,7 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest
{
Subject subject = new Subject();
subject.getPrincipals().add(testUser.getUserID());
-
+ subject.getPrincipals().add(testUser1DNPrincipal);
// do everything as owner
Subject.doAs(subject, new PrivilegedExceptionAction<Object>()
@@ -579,6 +589,7 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest
// add the user
Subject subject = new Subject();
subject.getPrincipals().add(testUser2.getUserID());
+ subject.getPrincipals().add(testUser2DNPrincipal);
Subject.doAs(subject, new PrivilegedExceptionAction<Object>()
{
public Object run()
@@ -633,6 +644,7 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest
// update the user
subject.getPrincipals().add(testUser2.getUserID());
+ subject.getPrincipals().add(testUser2DNPrincipal);
User<? extends Principal> updatedUser =
(User<? extends Principal>) Subject.doAs(subject, new PrivilegedExceptionAction<Object>()
{
@@ -662,7 +674,7 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest
assertEquals(user1, user2);
assertEquals(user1.details, user2.details);
assertEquals(user1.details.size(), user2.details.size());
- assertEquals(user1.getIdentities().size(), user2.getIdentities().size());
+ assertEquals("# principals not equal", user1.getIdentities().size(), user2.getIdentities().size());
for( Principal princ1 : user1.getIdentities())
{
boolean found = false;