diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/RequestValidator.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/RequestValidator.java
index 25889a6903b852534cd6ae2e165884ec90dc8b2a..f35fef417dbc5f90ca550c1013783e649c52f043 100644
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/RequestValidator.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/RequestValidator.java
@@ -68,16 +68,16 @@
*/
package ca.nrc.cadc.ac.server;
-import ca.nrc.cadc.ac.IdentityType;
+import java.security.Principal;
+import java.util.List;
+
+import org.apache.log4j.Logger;
+
import ca.nrc.cadc.ac.Role;
import ca.nrc.cadc.auth.AuthenticationUtil;
import ca.nrc.cadc.uws.Parameter;
import ca.nrc.cadc.uws.ParameterUtil;
-import java.security.Principal;
-import java.util.List;
-import org.apache.log4j.Logger;
-
/**
* Request Validator. This class extracts and validates the ID, TYPE, ROLE
* and GURI parameters.
diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java
index c6b9221c59c58a15699d495f1239b43d2fc30683..c3e33dca2cfe6a99fd87095489074f8ff234f804 100755
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java
@@ -79,15 +79,13 @@ import javax.security.auth.x500.X500Principal;
import org.apache.log4j.Logger;
-import ca.nrc.cadc.ac.Group;
import ca.nrc.cadc.ac.PersonalDetails;
import ca.nrc.cadc.ac.User;
import ca.nrc.cadc.ac.UserNotFoundException;
+import ca.nrc.cadc.auth.AuthenticationUtil;
import ca.nrc.cadc.auth.HttpPrincipal;
import ca.nrc.cadc.net.TransientException;
-import com.unboundid.ldap.sdk.CompareRequest;
-import com.unboundid.ldap.sdk.CompareResult;
import com.unboundid.ldap.sdk.DN;
import com.unboundid.ldap.sdk.Filter;
import com.unboundid.ldap.sdk.LDAPException;
@@ -128,6 +126,8 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
System.arraycopy(memberAttribs, 0, tmp, princs.length, memberAttribs.length);
memberAttribs = tmp;
}
+
+
/**
* Get the user specified by userID.
@@ -409,7 +409,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
}
searchField = "(" + searchField + "=" +
- user.getUserID().getName() + ")";
+ user.getUserID().getName() + ")";
SearchResultEntry searchResult = null;
try
@@ -425,11 +425,10 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
{
LdapDAO.checkLdapResult(e.getResultCode());
}
-
if (searchResult == null)
{
- String msg = "User not found " + user.getUserID().toString();
+ String msg = "User not found " + user.getUserID().getName();
logger.debug(msg);
throw new UserNotFoundException(msg);
}
diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/ACSearchRunner.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/ACSearchRunner.java
index 6ceca04328afecd0a281618cd0c089185452c251..f654e88928617663c2f13e18ec4fa8d75d6bfdb0 100755
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/ACSearchRunner.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/ACSearchRunner.java
@@ -74,8 +74,11 @@ import java.security.AccessController;
import java.security.Principal;
import java.util.Collection;
import java.util.Date;
+import java.util.Iterator;
+import java.util.Set;
import javax.security.auth.Subject;
+import javax.security.auth.x500.X500Principal;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
@@ -87,6 +90,8 @@ import ca.nrc.cadc.ac.UserNotFoundException;
import ca.nrc.cadc.ac.server.GroupPersistence;
import ca.nrc.cadc.ac.server.PluginFactory;
import ca.nrc.cadc.ac.server.RequestValidator;
+import ca.nrc.cadc.auth.AuthenticationUtil;
+import ca.nrc.cadc.auth.HttpPrincipal;
import ca.nrc.cadc.net.TransientException;
import ca.nrc.cadc.uws.ExecutionPhase;
import ca.nrc.cadc.uws.Job;
@@ -125,15 +130,31 @@ public class ACSearchRunner implements JobRunner
@Override
public void run()
{
- log.debug("RUN ACSearchRunner: " + job.ownerSubject);
+ AccessControlContext acContext = AccessController.getContext();
+ Subject subject = Subject.getSubject(acContext);
+
+ log.debug("RUN ACSearchRunner: " + subject);
+ if (log.isDebugEnabled())
+ {
+ Set<Principal> principals = subject.getPrincipals();
+ Iterator<Principal> i = principals.iterator();
+ while (i.hasNext())
+ {
+ Principal next = i.next();
+ log.debug("Principal " +
+ next.getClass().getSimpleName()
+ + ": " + next.getName());
+ }
+ }
logInfo = new JobLogInfo(job);
+ logInfo.setSubject(subject);
String startMessage = logInfo.start();
log.info(startMessage);
long t1 = System.currentTimeMillis();
- search();
+ search(subject);
long t2 = System.currentTimeMillis();
logInfo.setElapsedTime(t2 - t1);
@@ -143,7 +164,7 @@ public class ACSearchRunner implements JobRunner
}
@SuppressWarnings("unchecked")
- private void search()
+ private void search(Subject subject)
{
// Note: This search runner is customized to run with
@@ -156,8 +177,6 @@ public class ACSearchRunner implements JobRunner
try
{
-
-
ExecutionPhase ep =
jobUpdater.setPhase(job.getID(), ExecutionPhase.QUEUED,
ExecutionPhase.EXECUTING, new Date());
@@ -172,21 +191,37 @@ public class ACSearchRunner implements JobRunner
// only allow users to search themselves...
Principal userBeingSearched = rv.getPrincipal();
- if (userBeingSearched != null)
+
+ boolean idMatch = false;
+ if (userBeingSearched instanceof X500Principal)
{
- AccessControlContext acContext = AccessController.getContext();
- Subject subject = Subject.getSubject(acContext);
- boolean idMatch = false;
- for (Principal p : subject.getPrincipals())
+ Set<X500Principal> x500Principals = subject.getPrincipals(X500Principal.class);
+ Iterator<X500Principal> i = x500Principals.iterator();
+ while (i.hasNext())
{
- if (p.equals(userBeingSearched))
+ X500Principal next = i.next();
+ log.debug(String.format("Comparing x500: [%s][%s]",
+ next.getName(), userBeingSearched.getName()));
+ if (AuthenticationUtil.equals(next, userBeingSearched))
idMatch = true;
}
- if (!idMatch)
- throw new AccessControlException("Can only search oneself.");
}
+ else if (userBeingSearched instanceof HttpPrincipal)
+ {
+ Set<HttpPrincipal> httpPrincipals = subject.getPrincipals(HttpPrincipal.class);
+ Iterator<HttpPrincipal> i = httpPrincipals.iterator();
+ while (i.hasNext())
+ {
+ HttpPrincipal next = i.next();
+ log.debug(String.format("Comparing http: [%s][%s]",
+ next.getName(), userBeingSearched.getName()));
+ if (next.equals(userBeingSearched))
+ idMatch = true;
+ }
+ }
+ if (!idMatch)
+ throw new AccessControlException("Can only search oneself.");
-
PluginFactory factory = new PluginFactory();
GroupPersistence dao = factory.getGroupPersistence();
Collection<Group> groups =