From a26444d81b247885e7dfbb0ee4684522272fa5e1 Mon Sep 17 00:00:00 2001
From: Brian Major <major.brian@gmail.com>
Date: Tue, 7 Jun 2016 12:58:28 -0700
Subject: [PATCH] s1885 - Use LocalAuthority to determine group service URI
---
.../nrc/cadc/ac/server/ldap/LdapUserDAO.java | 15 ++---
.../ac/server/ldap/LdapUserPersistence.java | 62 +++++--------------
cadcAccessControl/src/ca/nrc/cadc/ac/AC.java | 7 +--
.../src/ca/nrc/cadc/ac/client/GMSClient.java | 13 +++-
.../nrc/cadc/ac/client/GroupMemberships.java | 34 ++++++----
5 files changed, 60 insertions(+), 71 deletions(-)
diff --git a/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java b/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java
index 8dcebdcf..14b32069 100755
--- a/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java
+++ b/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java
@@ -86,7 +86,6 @@ import javax.security.auth.x500.X500Principal;
import org.apache.log4j.Logger;
-import ca.nrc.cadc.ac.AC;
import ca.nrc.cadc.ac.Group;
import ca.nrc.cadc.ac.InternalID;
import ca.nrc.cadc.ac.PersonalDetails;
@@ -101,6 +100,7 @@ import ca.nrc.cadc.auth.HttpPrincipal;
import ca.nrc.cadc.auth.NumericPrincipal;
import ca.nrc.cadc.net.TransientException;
import ca.nrc.cadc.profiler.Profiler;
+import ca.nrc.cadc.reg.client.LocalAuthority;
import ca.nrc.cadc.util.ObjectUtil;
import ca.nrc.cadc.util.StringUtil;
@@ -140,8 +140,6 @@ public class LdapUserDAO extends LdapDAO
private static final Logger logger = Logger.getLogger(LdapUserDAO.class);
- private String internalIdUriPrefix = AC.USER_URI;
-
// Map of identity type to LDAP attribute
private final Map<Class<?>, String> userLdapAttrib = new HashMap<Class<?>, String>();
@@ -740,7 +738,10 @@ public class LdapUserDAO extends LdapDAO
user.getIdentities().add(new DNPrincipal(searchResult.getAttributeValue(LDAP_ENTRYDN)));
// cache memberOf values in the user
- GroupMemberships gms = new GroupMemberships(userID);
+ LocalAuthority localAuthority = new LocalAuthority();
+ URI gmsServiceURI = localAuthority.getServiceURI("gms");
+
+ GroupMemberships gms = new GroupMemberships(gmsServiceURI.toString(), userID);
user.appData = gms; // add even if empty
String[] mems = searchResult.getAttributeValues(LDAP_MEMBEROF);
if (mems != null && mems.length > 0)
@@ -926,8 +927,6 @@ public class LdapUserDAO extends LdapDAO
public User modifyUser(final User user)
throws UserNotFoundException, TransientException, AccessControlException
{
- // Will we always have a HttpPrincipal?
- User existingUser = getUser(user.getHttpPrincipal());
List<Modification> mods = new ArrayList<Modification>();
@@ -1282,7 +1281,9 @@ public class LdapUserDAO extends LdapDAO
protected InternalID getInternalID(String numericID)
{
UUID uuid = new UUID(0L, Long.parseLong(numericID));
- String uriString = internalIdUriPrefix + "?" + uuid.toString();
+ LocalAuthority localAuthority = new LocalAuthority();
+ URI umsServiceURI = localAuthority.getServiceURI("ums");
+ String uriString = umsServiceURI.toString() + "?" + uuid.toString();
URI uri;
try
{
diff --git a/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserPersistence.java b/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserPersistence.java
index 10b8448d..f6e94226 100755
--- a/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserPersistence.java
+++ b/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserPersistence.java
@@ -121,7 +121,7 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste
LdapConnections conns = new LdapConnections(this);
try
{
- userDAO = getLdapUserDao(conns);
+ userDAO = new LdapUserDAO(conns);
userDAO.addUser(user);
}
finally
@@ -146,7 +146,7 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste
LdapConnections conns = new LdapConnections(this);
try
{
- userDAO = getLdapUserDao(conns);
+ userDAO = new LdapUserDAO(conns);
userDAO.addUserRequest(userRequest);
}
finally
@@ -177,7 +177,7 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste
LdapConnections conns = new LdapConnections(this);
try
{
- userDAO = getLdapUserDao(conns);
+ userDAO = new LdapUserDAO(conns);
return userDAO.getUser(userID);
}
finally
@@ -205,7 +205,7 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste
LdapConnections conns = new LdapConnections(this);
try
{
- LdapUserDAO userDAO = getLdapUserDao(conns);
+ LdapUserDAO userDAO = new LdapUserDAO(conns);
return userDAO.getUserByEmailAddress(emailAddress);
}
finally
@@ -234,7 +234,7 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste
LdapConnections conns = new LdapConnections(this);
try
{
- userDAO = getLdapUserDao(conns);
+ userDAO = new LdapUserDAO(conns);
return userDAO.getUserRequest(userID);
}
finally
@@ -243,8 +243,7 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste
}
}
- /**<<<<<<< HEAD
-
+ /**
* Get the user specified by userID with all of the users identities.
*
* @param userID The userID.
@@ -264,7 +263,7 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste
try
{
Profiler profiler = new Profiler(LdapUserPersistence.class);
- userDAO = getLdapUserDao(conns);
+ userDAO = new LdapUserDAO(conns);
profiler.checkpoint("Create LdapUserDAO");
User user = userDAO.getAugmentedUser(userID);
profiler.checkpoint("getAugmentedUser");
@@ -299,7 +298,7 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste
LdapConnections conns = new LdapConnections(this);
try
{
- userDAO = getLdapUserDao(conns);
+ userDAO = new LdapUserDAO(conns);
return userDAO.getUsers();
}
finally
@@ -323,7 +322,7 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste
LdapConnections conns = new LdapConnections(this);
try
{
- userDAO = getLdapUserDao(conns);
+ userDAO = new LdapUserDAO(conns);
return userDAO.getUserRequests();
}
finally
@@ -353,7 +352,7 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste
LdapConnections conns = new LdapConnections(this);
try
{
- userDAO = getLdapUserDao(conns);
+ userDAO = new LdapUserDAO(conns);
return userDAO.approveUserRequest(userID);
}
finally
@@ -385,7 +384,7 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste
LdapConnections conns = new LdapConnections(this);
try
{
- userDAO = getLdapUserDao(conns);
+ userDAO = new LdapUserDAO(conns);
return userDAO.modifyUser(user);
}
finally
@@ -415,7 +414,7 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste
LdapConnections conns = new LdapConnections(this);
try
{
- userDAO = getLdapUserDao(conns);
+ userDAO = new LdapUserDAO(conns);
userDAO.deleteUser(userID, true);
}
finally
@@ -444,7 +443,7 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste
LdapConnections conns = new LdapConnections(this);
try
{
- userDAO = getLdapUserDao(conns);
+ userDAO = new LdapUserDAO(conns);
userDAO.deleteUser(userID, false);
}
finally
@@ -471,7 +470,7 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste
LdapConnections conns = new LdapConnections(this);
try
{
- userDAO = getLdapUserDao(conns);
+ userDAO = new LdapUserDAO(conns);
userDAO.deleteUserRequest(userID);
}
finally
@@ -498,7 +497,7 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste
LdapConnections conns = new LdapConnections(this);
try
{
- userDAO = getLdapUserDao(conns);
+ userDAO = new LdapUserDAO(conns);
return userDAO.doLogin(userID, password);
}
finally
@@ -510,11 +509,7 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste
/**
* Update a user's password. The given user and authenticating user must match.
*
-<<<<<<< HEAD
* @param userID the user.
-=======
- * @param userID
->>>>>>> efc84b5d25584bd3014fc6cbc820c5acf0d90a2a
* @param oldPassword current password.
* @param newPassword new password.
* @throws UserNotFoundException If the given user does not exist.
@@ -532,7 +527,7 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste
LdapConnections conns = new LdapConnections(this);
try
{
- userDAO = getLdapUserDao(conns);
+ userDAO = new LdapUserDAO(conns);
if (userDAO.doLogin(userID.getName(), oldPassword))
{
// oldPassword is correct
@@ -548,11 +543,7 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste
/**
* Reset a user's password. The given user and authenticating user must match.
*
-<<<<<<< HEAD
* @param userID The user.
-=======
- * @param userID
->>>>>>> efc84b5d25584bd3014fc6cbc820c5acf0d90a2a
* @param newPassword new password.
* @throws UserNotFoundException If the given user does not exist.
* @throws TransientException If an temporary, unexpected problem occurred.
@@ -569,7 +560,7 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste
LdapConnections conns = new LdapConnections(this);
try
{
- userDAO = getLdapUserDao(conns);
+ userDAO = new LdapUserDAO(conns);
User user = getUser(userID);
if (user != null)
@@ -613,23 +604,4 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste
return false;
}
- private LdapUserDAO getLdapUserDao(LdapConnections conn)
- {
- LdapUserDAO dao = new LdapUserDAO(conn);
- if (getInternalIdUriPrefix() != null)
- dao.setInternalIdUriPrefix(getInternalIdUriPrefix());
- return dao;
- }
-
- /**
- * Web services can override this method to change
- * the user prefix used in the internal ID.
- *
- * By default the LdapUserDAO will use AC.USER_URI;
- */
- protected String getInternalIdUriPrefix()
- {
- return null;
- }
-
}
diff --git a/cadcAccessControl/src/ca/nrc/cadc/ac/AC.java b/cadcAccessControl/src/ca/nrc/cadc/ac/AC.java
index daa6a4cc..be1fa3be 100755
--- a/cadcAccessControl/src/ca/nrc/cadc/ac/AC.java
+++ b/cadcAccessControl/src/ca/nrc/cadc/ac/AC.java
@@ -85,13 +85,10 @@ public class AC
// Denotes a group readable by public
public static final String PROPERTY_PUBLIC = "ivo://ivoa.net/gms#public";
- public static final String UMS_SERVICE_URI = "ivo://canfar.net/ums";
- public static final String GMS_SERVICE_URI = "ivo://canfar.net/gms";
+ public static final String UMS_SERVICE_URI = "ivo://cadc.nrc.ca/ums";
+ public static final String GMS_SERVICE_URI = "ivo://cadc.nrc.ca/gms";
// Group URI attribute once the group name is appended
public static final String GROUP_URI = "ivo://cadc.nrc.ca/gms#";
- // User URI with appended UUID represents a unique user
- public static final String USER_URI = "ivo://cadc.nrc.ca/user";
-
}
diff --git a/cadcAccessControl/src/ca/nrc/cadc/ac/client/GMSClient.java b/cadcAccessControl/src/ca/nrc/cadc/ac/client/GMSClient.java
index 00ebbc9b..3de71f50 100755
--- a/cadcAccessControl/src/ca/nrc/cadc/ac/client/GMSClient.java
+++ b/cadcAccessControl/src/ca/nrc/cadc/ac/client/GMSClient.java
@@ -133,6 +133,7 @@ public class GMSClient implements TransferListener
private RegistryClient registryClient;
+ private URI gmsServiceURI;
private URI groupsURI;
private URI searchURI;
@@ -159,6 +160,7 @@ public class GMSClient implements TransferListener
try
{
+ this.gmsServiceURI = serviceURI;
this.groupsURI = new URI(serviceURI.toASCIIString() + "#" + GROUPS);
this.searchURI = new URI(serviceURI.toASCIIString() + "#" + SEARCH);
}
@@ -1100,11 +1102,20 @@ public class GMSClient implements TransferListener
Set<GroupMemberships> gset = subject.getPrivateCredentials(GroupMemberships.class);
if (gset == null || gset.isEmpty())
{
- GroupMemberships mems = new GroupMemberships(userID);
+ GroupMemberships mems = new GroupMemberships(gmsServiceURI.toString(), userID);
subject.getPrivateCredentials().add(mems);
return mems;
}
GroupMemberships mems = gset.iterator().next();
+
+ // check to ensure they have the same service URI
+ if (!gmsServiceURI.toString().equals(mems.getServiceURI()))
+ {
+ log.debug("Not using cache because of differing service URIs: " +
+ "[" + gmsServiceURI.toString() + "][" + mems.getServiceURI() + "]");
+ return null;
+ }
+
return mems;
}
return null; // no cache
diff --git a/cadcAccessControl/src/ca/nrc/cadc/ac/client/GroupMemberships.java b/cadcAccessControl/src/ca/nrc/cadc/ac/client/GroupMemberships.java
index 9ea12933..f842e29a 100644
--- a/cadcAccessControl/src/ca/nrc/cadc/ac/client/GroupMemberships.java
+++ b/cadcAccessControl/src/ca/nrc/cadc/ac/client/GroupMemberships.java
@@ -69,47 +69,55 @@
package ca.nrc.cadc.ac.client;
-import ca.nrc.cadc.ac.Group;
-import ca.nrc.cadc.ac.Role;
-import org.apache.log4j.Logger;
-
import java.security.Principal;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import org.apache.log4j.Logger;
+
+import ca.nrc.cadc.ac.Group;
+import ca.nrc.cadc.ac.Role;
+
/**
* Class used to hold list of groups in which a user is known to be a member.
- *
+ *
* @author pdowler
*/
public class GroupMemberships implements Comparable
{
private static final Logger log = Logger.getLogger(GroupMemberships.class);
+ private String serviceURI;
private Principal userID;
private Map<Role, List<Group>> memberships = new HashMap<Role, List<Group>>();
private Map<Role, Boolean> complete = new HashMap<Role, Boolean>();
public GroupMemberships() { init(); }
-
- public GroupMemberships(Principal userID)
+
+ public GroupMemberships(String serviceURI, Principal userID)
{
+ this.serviceURI = serviceURI;
this.userID = userID;
init();
}
-
+
public boolean isComplete(Role role)
{
return complete.get(role);
}
-
+
+ public String getServiceURI()
+ {
+ return serviceURI;
+ }
+
public List<Group> getMemberships(Role role)
{
return memberships.get(role);
}
-
+
private void init()
{
for (Role role : Role.values())
@@ -123,14 +131,14 @@ public class GroupMemberships implements Comparable
{
return userID;
}
-
+
public void add(Group group, Role role)
{
List<Group> groups = memberships.get(role);
if (!groups.contains(group))
groups.add(group);
}
-
+
public void add(List<Group> groups, Role role)
{
List<Group> cur = memberships.get(role);
@@ -141,7 +149,7 @@ public class GroupMemberships implements Comparable
complete.put(role, Boolean.TRUE);
}
}
-
+
// only allow one in a set - makes clearCache simple too
public boolean equals(Object rhs)
{
--
GitLab