s1885 - Use LocalAuthority to determine group service URI

cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java

@@ -86,7 +86,6 @@ import javax.security.auth.x500.X500Principal;
 
 import org.apache.log4j.Logger;
 
-import ca.nrc.cadc.ac.AC;
 import ca.nrc.cadc.ac.Group;
 import ca.nrc.cadc.ac.InternalID;
 import ca.nrc.cadc.ac.PersonalDetails;
@@ -101,6 +100,7 @@ import ca.nrc.cadc.auth.HttpPrincipal;
 import ca.nrc.cadc.auth.NumericPrincipal;
 import ca.nrc.cadc.net.TransientException;
 import ca.nrc.cadc.profiler.Profiler;
+import ca.nrc.cadc.reg.client.LocalAuthority;
 import ca.nrc.cadc.util.ObjectUtil;
 import ca.nrc.cadc.util.StringUtil;
 
@@ -140,8 +140,6 @@ public class LdapUserDAO extends LdapDAO
 
     private static final Logger logger = Logger.getLogger(LdapUserDAO.class);
 
-    private String internalIdUriPrefix = AC.USER_URI;
-
     // Map of identity type to LDAP attribute
     private final Map<Class<?>, String> userLdapAttrib = new HashMap<Class<?>, String>();
 
@@ -740,7 +738,10 @@ public class LdapUserDAO extends LdapDAO
             user.getIdentities().add(new DNPrincipal(searchResult.getAttributeValue(LDAP_ENTRYDN)));
 
             // cache memberOf values in the user
-            GroupMemberships gms = new GroupMemberships(userID);
+            LocalAuthority localAuthority = new LocalAuthority();
+            URI gmsServiceURI = localAuthority.getServiceURI("gms");
+
+            GroupMemberships gms = new GroupMemberships(gmsServiceURI.toString(), userID);
             user.appData = gms; // add even if empty
             String[] mems = searchResult.getAttributeValues(LDAP_MEMBEROF);
             if (mems != null && mems.length > 0)
@@ -926,8 +927,6 @@ public class LdapUserDAO extends LdapDAO
     public User modifyUser(final User user)
             throws UserNotFoundException, TransientException, AccessControlException
     {
-        // Will we always have a HttpPrincipal?
-        User existingUser = getUser(user.getHttpPrincipal());
 
         List<Modification> mods = new ArrayList<Modification>();
 
@@ -1282,7 +1281,9 @@ public class LdapUserDAO extends LdapDAO
     protected InternalID getInternalID(String numericID)
     {
         UUID uuid = new UUID(0L, Long.parseLong(numericID));
-        String uriString = internalIdUriPrefix + "?" + uuid.toString();
+        LocalAuthority localAuthority = new LocalAuthority();
+        URI umsServiceURI = localAuthority.getServiceURI("ums");
+        String uriString = umsServiceURI.toString() + "?" + uuid.toString();
         URI uri;
         try
         {

cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserPersistence.java

@@ -121,7 +121,7 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste
         LdapConnections conns = new LdapConnections(this);
         try
         {
-            userDAO = getLdapUserDao(conns);
+            userDAO = new LdapUserDAO(conns);
             userDAO.addUser(user);
         }
         finally
@@ -146,7 +146,7 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste
         LdapConnections conns = new LdapConnections(this);
         try
         {
-            userDAO = getLdapUserDao(conns);
+            userDAO = new LdapUserDAO(conns);
             userDAO.addUserRequest(userRequest);
         }
         finally
@@ -177,7 +177,7 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste
         LdapConnections conns = new LdapConnections(this);
         try
         {
-            userDAO = getLdapUserDao(conns);
+            userDAO = new LdapUserDAO(conns);
             return userDAO.getUser(userID);
         }
         finally
@@ -205,7 +205,7 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste
             LdapConnections conns = new LdapConnections(this);
             try
             {
-                LdapUserDAO userDAO = getLdapUserDao(conns);
+                LdapUserDAO userDAO = new LdapUserDAO(conns);
                 return userDAO.getUserByEmailAddress(emailAddress);
             }
             finally
@@ -234,7 +234,7 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste
         LdapConnections conns = new LdapConnections(this);
         try
         {
-            userDAO = getLdapUserDao(conns);
+            userDAO = new LdapUserDAO(conns);
             return userDAO.getUserRequest(userID);
         }
         finally
@@ -243,8 +243,7 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste
         }
     }
 
-    /**<<<<<<< HEAD
-
+    /**
      * Get the user specified by userID with all of the users identities.
      *
      * @param userID The userID.
@@ -264,7 +263,7 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste
         try
         {
             Profiler profiler = new Profiler(LdapUserPersistence.class);
-            userDAO = getLdapUserDao(conns);
+            userDAO = new LdapUserDAO(conns);
             profiler.checkpoint("Create LdapUserDAO");
             User user = userDAO.getAugmentedUser(userID);
             profiler.checkpoint("getAugmentedUser");
@@ -299,7 +298,7 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste
         LdapConnections conns = new LdapConnections(this);
         try
         {
-            userDAO = getLdapUserDao(conns);
+            userDAO = new LdapUserDAO(conns);
             return userDAO.getUsers();
         }
         finally
@@ -323,7 +322,7 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste
         LdapConnections conns = new LdapConnections(this);
         try
         {
-            userDAO = getLdapUserDao(conns);
+            userDAO = new LdapUserDAO(conns);
             return userDAO.getUserRequests();
         }
         finally
@@ -353,7 +352,7 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste
         LdapConnections conns = new LdapConnections(this);
         try
         {
-            userDAO = getLdapUserDao(conns);
+            userDAO = new LdapUserDAO(conns);
             return userDAO.approveUserRequest(userID);
         }
         finally
@@ -385,7 +384,7 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste
         LdapConnections conns = new LdapConnections(this);
         try
         {
-            userDAO = getLdapUserDao(conns);
+            userDAO = new LdapUserDAO(conns);
             return userDAO.modifyUser(user);
         }
         finally
@@ -415,7 +414,7 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste
         LdapConnections conns = new LdapConnections(this);
         try
         {
-            userDAO = getLdapUserDao(conns);
+            userDAO = new LdapUserDAO(conns);
             userDAO.deleteUser(userID, true);
         }
         finally
@@ -444,7 +443,7 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste
         LdapConnections conns = new LdapConnections(this);
         try
         {
-            userDAO = getLdapUserDao(conns);
+            userDAO = new LdapUserDAO(conns);
             userDAO.deleteUser(userID, false);
         }
         finally
@@ -471,7 +470,7 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste
         LdapConnections conns = new LdapConnections(this);
         try
         {
-            userDAO = getLdapUserDao(conns);
+            userDAO = new LdapUserDAO(conns);
             userDAO.deleteUserRequest(userID);
         }
         finally
@@ -498,7 +497,7 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste
         LdapConnections conns = new LdapConnections(this);
         try
         {
-            userDAO = getLdapUserDao(conns);
+            userDAO = new LdapUserDAO(conns);
             return userDAO.doLogin(userID, password);
         }
         finally
@@ -510,11 +509,7 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste
     /**
      * Update a user's password. The given user and authenticating user must match.
      *
-<<<<<<< HEAD
      * @param userID        the user.
-=======
-     * @param userID
->>>>>>> efc84b5d25584bd3014fc6cbc820c5acf0d90a2a
      * @param oldPassword   current password.
      * @param newPassword   new password.
      * @throws UserNotFoundException If the given user does not exist.
@@ -532,7 +527,7 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste
         LdapConnections conns = new LdapConnections(this);
         try
         {
-            userDAO = getLdapUserDao(conns);
+            userDAO = new LdapUserDAO(conns);
             if (userDAO.doLogin(userID.getName(), oldPassword))
             {
                 // oldPassword is correct
@@ -548,11 +543,7 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste
     /**
      * Reset a user's password. The given user and authenticating user must match.
      *
-<<<<<<< HEAD
      * @param userID        The user.
-=======
-     * @param userID
->>>>>>> efc84b5d25584bd3014fc6cbc820c5acf0d90a2a
      * @param newPassword   new password.
      * @throws UserNotFoundException If the given user does not exist.
      * @throws TransientException   If an temporary, unexpected problem occurred.
@@ -569,7 +560,7 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste
         LdapConnections conns = new LdapConnections(this);
         try
         {
-            userDAO = getLdapUserDao(conns);
+            userDAO = new LdapUserDAO(conns);
             User user = getUser(userID);
 
             if (user != null)
@@ -613,23 +604,4 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste
         return false;
     }
 
-    private LdapUserDAO getLdapUserDao(LdapConnections conn)
-    {
-        LdapUserDAO dao = new LdapUserDAO(conn);
-        if (getInternalIdUriPrefix() != null)
-            dao.setInternalIdUriPrefix(getInternalIdUriPrefix());
-        return dao;
-    }
-
-    /**
-     * Web services can override this method to change
-     * the user prefix used in the internal ID.
-     *
-     * By default the LdapUserDAO will use AC.USER_URI;
-     */
-    protected String getInternalIdUriPrefix()
-    {
-        return null;
-    }
-
 }

cadcAccessControl/src/ca/nrc/cadc/ac/AC.java

@@ -85,13 +85,10 @@ public class AC
     // Denotes a group readable by public
     public static final String PROPERTY_PUBLIC = "ivo://ivoa.net/gms#public";
 
-    public static final String UMS_SERVICE_URI = "ivo://canfar.net/ums";
-    public static final String GMS_SERVICE_URI = "ivo://canfar.net/gms";
+    public static final String UMS_SERVICE_URI = "ivo://cadc.nrc.ca/ums";
+    public static final String GMS_SERVICE_URI = "ivo://cadc.nrc.ca/gms";
 
     // Group URI attribute once the group name is appended
     public static final String GROUP_URI = "ivo://cadc.nrc.ca/gms#";
 
-    // User URI with appended UUID represents a unique user
-    public static final String USER_URI = "ivo://cadc.nrc.ca/user";
-
 }

cadcAccessControl/src/ca/nrc/cadc/ac/client/GMSClient.java

@@ -133,6 +133,7 @@ public class GMSClient implements TransferListener
 
     private RegistryClient registryClient;
 
+    private URI gmsServiceURI;
     private URI groupsURI;
     private URI searchURI;
 
@@ -159,6 +160,7 @@ public class GMSClient implements TransferListener
 
         try
         {
+            this.gmsServiceURI = serviceURI;
             this.groupsURI = new URI(serviceURI.toASCIIString() + "#" + GROUPS);
             this.searchURI = new URI(serviceURI.toASCIIString() + "#" + SEARCH);
         }
@@ -1100,11 +1102,20 @@ public class GMSClient implements TransferListener
             Set<GroupMemberships> gset = subject.getPrivateCredentials(GroupMemberships.class);
             if (gset == null || gset.isEmpty())
             {
-                GroupMemberships mems = new GroupMemberships(userID);
+                GroupMemberships mems = new GroupMemberships(gmsServiceURI.toString(), userID);
                 subject.getPrivateCredentials().add(mems);
                 return mems;
             }
             GroupMemberships mems = gset.iterator().next();
+
+            // check to ensure they have the same service URI
+            if (!gmsServiceURI.toString().equals(mems.getServiceURI()))
+            {
+                log.debug("Not using cache because of differing service URIs: " +
+                    "[" + gmsServiceURI.toString() + "][" + mems.getServiceURI() + "]");
+                return null;
+            }
+
             return mems;
         }
         return null; // no cache

cadcAccessControl/src/ca/nrc/cadc/ac/client/GroupMemberships.java

@@ -69,16 +69,17 @@
 
 package ca.nrc.cadc.ac.client;
 
-import ca.nrc.cadc.ac.Group;
-import ca.nrc.cadc.ac.Role;
-import org.apache.log4j.Logger;
-
 import java.security.Principal;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
+import org.apache.log4j.Logger;
+
+import ca.nrc.cadc.ac.Group;
+import ca.nrc.cadc.ac.Role;
+
 /**
  * Class used to hold list of groups in which a user is known to be a member.
  *
@@ -88,14 +89,16 @@ public class GroupMemberships implements Comparable
 {
     private static final Logger log = Logger.getLogger(GroupMemberships.class);
 
+    private String serviceURI;
     private Principal userID;
     private Map<Role, List<Group>> memberships = new HashMap<Role, List<Group>>();
     private Map<Role, Boolean> complete = new HashMap<Role, Boolean>();
 
     public GroupMemberships() { init(); }
 
-    public GroupMemberships(Principal userID)
+    public GroupMemberships(String serviceURI, Principal userID)
     {
+        this.serviceURI = serviceURI;
         this.userID = userID;
         init();
     }
@@ -105,6 +108,11 @@ public class GroupMemberships implements Comparable
         return complete.get(role);
     }
 
+    public String getServiceURI()
+    {
+        return serviceURI;
+    }
+
     public List<Group> getMemberships(Role role)
     {
         return memberships.get(role);