diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/UserPersistence.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/UserPersistence.java
index a384111bc699d2365af43f5f19b25bf123ba7570..dd80c02e02130e7b717e2d2293773c2e0037f0bc 100755
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/UserPersistence.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/UserPersistence.java
@@ -82,41 +82,41 @@ public interface UserPersistence<T extends Principal>
{
/**
* Get all user names.
- *
+ *
* @return A collection of strings.
* @throws TransientException If an temporary, unexpected problem occurred.
* @throws AccessControlException If the operation is not permitted.
*/
Collection<User<Principal>> getUsers()
throws TransientException, AccessControlException;
-
+
/**
* Add the new user.
*
* @param user The user request to put into the request tree.
*
* @return User instance.
- *
+ *
* @throws TransientException If an temporary, unexpected problem occurred.
* @throws AccessControlException If the operation is not permitted.
*/
- User<T> addUser(UserRequest<T> user)
+ void addUser(UserRequest<T> user)
throws TransientException, AccessControlException,
UserAlreadyExistsException;
-
+
/**
* Get the user specified by userID.
*
* @param userID The userID.
*
* @return User instance.
- *
+ *
* @throws UserNotFoundException when the user is not found.
* @throws TransientException If an temporary, unexpected problem occurred.
* @throws AccessControlException If the operation is not permitted.
*/
User<T> getUser(T userID)
- throws UserNotFoundException, TransientException,
+ throws UserNotFoundException, TransientException,
AccessControlException;
/**
@@ -156,40 +156,40 @@ public interface UserPersistence<T extends Principal>
* @param password The password.
*
* @return Boolean
- *
+ *
* @throws UserNotFoundException when the user is not found.
* @throws TransientException If an temporary, unexpected problem occurred.
* @throws AccessControlException If the operation is not permitted.
*/
Boolean doLogin(String userID, String password)
- throws UserNotFoundException, TransientException,
+ throws UserNotFoundException, TransientException,
AccessControlException;
-
+
/**
* Updated the user specified by User.
*
* @param user The user instance to modify.
*
* @return User instance.
- *
+ *
* @throws UserNotFoundException when the user is not found.
* @throws TransientException If an temporary, unexpected problem occurred.
* @throws AccessControlException If the operation is not permitted.
*/
User<T> modifyUser(User<T> user)
- throws UserNotFoundException, TransientException,
+ throws UserNotFoundException, TransientException,
AccessControlException;
-
+
/**
* Delete the user specified by userID.
*
* @param userID The userID.
- *
+ *
* @throws UserNotFoundException when the user is not found.
* @throws TransientException If an temporary, unexpected problem occurred.
* @throws AccessControlException If the operation is not permitted.
*/
void deleteUser(T userID)
- throws UserNotFoundException, TransientException,
+ throws UserNotFoundException, TransientException,
AccessControlException;
}
diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java
index a886b900f76e043157b596a0f45c147d62effac4..d903007e730fde557dae560653e3b29375ede075 100755
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java
@@ -284,7 +284,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
* @throws AccessControlException If the operation is not permitted.
* @throws UserAlreadyExistsException If the user already exists.
*/
- public User<T> addUser(final UserRequest<T> userRequest)
+ public void addUser(final UserRequest<T> userRequest)
throws TransientException, UserAlreadyExistsException
{
DN userDN;
@@ -301,19 +301,6 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
userDN = getUserRequestsDN(userID.getName());
addUser(userRequest, userDN);
-
- // AD: Search results sometimes come incomplete if
- // connection is not reset - not sure why.
- getConnection().reconnect();
- try
- {
- return getUser(userID, config.getUserRequestsDN());
- }
- catch (UserNotFoundException e)
- {
- throw new RuntimeException("BUG: new user " + userDN.toNormalizedString() +
- " not found");
- }
}
catch (LDAPException e)
{
@@ -507,9 +494,13 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
searchField, userAttribs);
if (proxy && isSecure(usersDN))
{
- searchRequest.addControl(
- new ProxiedAuthorizationV2RequestControl(
- "dn:" + getSubjectDN().toNormalizedString()));
+ String proxyDN = "dn:" + getSubjectDN().toNormalizedString();
+ logger.debug("Proxying auth as: " + proxyDN);
+ searchRequest.addControl(new ProxiedAuthorizationV2RequestControl(proxyDN));
+ }
+ else
+ {
+ logger.debug("Not proxying authorization");
}
searchResult = getConnection().searchForEntry(searchRequest);
@@ -530,9 +521,18 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
user.getIdentities().add(new HttpPrincipal(
searchResult.getAttributeValue(
userLdapAttrib.get(HttpPrincipal.class))));
- user.getIdentities().add(new NumericPrincipal(
- searchResult.getAttributeValueAsLong(
- userLdapAttrib.get(NumericPrincipal.class))));
+
+ Long numericID = searchResult.getAttributeValueAsLong(userLdapAttrib.get(NumericPrincipal.class));
+ logger.debug("Numeric id is: " + numericID);
+ if (numericID == null)
+ {
+ // If the numeric ID does not return it means the user
+ // does not have permission
+ throw new AccessControlException("Permission denied");
+ }
+ NumericPrincipal numericPrincipal = new NumericPrincipal(numericID);
+ user.getIdentities().add(numericPrincipal);
+
user.getIdentities().add(new X500Principal(
searchResult.getAttributeValue(
userLdapAttrib.get(X500Principal.class))));
diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserPersistence.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserPersistence.java
index f39a41af9f1c305945416d3b2961b559a5938bd3..cd8fde670bda3e86d22f00cc7e3dbd14b35d2fd8 100755
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserPersistence.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserPersistence.java
@@ -126,7 +126,7 @@ public class LdapUserPersistence<T extends Principal>
* @throws TransientException If an temporary, unexpected problem occurred.
* @throws AccessControlException If the operation is not permitted.
*/
- public User<T> addUser(UserRequest<T> user)
+ public void addUser(UserRequest<T> user)
throws TransientException, AccessControlException,
UserAlreadyExistsException
{
@@ -134,7 +134,7 @@ public class LdapUserPersistence<T extends Principal>
try
{
userDAO = new LdapUserDAO<T>(this.config);
- return userDAO.addUser(user);
+ userDAO.addUser(user);
}
finally
{
diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/CreateUserAction.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/CreateUserAction.java
index aa40229c9395fbf8eab582749be6fd2ab4c8b690..03c09628ebf54a14651daea88d0046e801624de3 100644
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/CreateUserAction.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/CreateUserAction.java
@@ -93,10 +93,10 @@ public class CreateUserAction extends AbstractUserAction
{
final UserPersistence<Principal> userPersistence = getUserPersistence();
final UserRequest<Principal> userRequest = readUserRequest(this.inputStream);
- final User<Principal> newUser = userPersistence.addUser(userRequest);
+ userPersistence.addUser(userRequest);
syncOut.setCode(201);
- logUserInfo(newUser.getUserID().getName());
+ logUserInfo(userRequest.getUser().getUserID().getName());
}
}
diff --git a/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAOTest.java b/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAOTest.java
index 68ca8ae3855d9854db2b82281ac95d13f1de7bfb..f812b3ccac62ea9c31029ceab9bfdf600db0652c 100644
--- a/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAOTest.java
+++ b/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAOTest.java
@@ -145,8 +145,8 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest
testUser.getIdentities().add(new NumericPrincipal(666));
testUserDN = "uid=cadcdaotest1," + config.getUsersDN();
-
-
+
+
// member returned by getMember contains only the fields required by
// the GMS
testMember = new User<X500Principal>(testUserX500Princ);
@@ -184,7 +184,7 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest
expected.getIdentities().add(new X500Principal("cn=" + userID + ",ou=cadc,o=hia,c=ca"));
nextUserNumericID = ran.nextInt(Integer.MAX_VALUE);
expected.getIdentities().add(new NumericPrincipal(nextUserNumericID));
-
+
expected.details.add(new PersonalDetails("foo", "bar"));
final UserRequest<HttpPrincipal> userRequest =
@@ -194,7 +194,10 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest
subject.getPrincipals().add(testUser.getUserID());
final LdapUserDAO<HttpPrincipal> userDAO = getUserDAO();
- User<HttpPrincipal> actual = userDAO.addUser(userRequest);
+ userDAO.addUser(userRequest);
+
+ User<HttpPrincipal> actual = userDAO.getPendingUser(userRequest.getUser().getUserID());
+
check(expected, actual);
}
@@ -346,7 +349,7 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest
Subject subject = new Subject();
subject.getPrincipals().add(testUser.getUserID());
subject.getPrincipals().add(testUser1DNPrincipal);
-
+
// do everything as owner
Subject.doAs(subject, new PrivilegedExceptionAction<Object>()
{