s1651: added support to model and ldap config for adminGroups

be9549ac · Jeff Burke · 3310dfa1 · be9549ac · be9549ac · be9549ac
Commit be9549ac authored 10 years ago by Jeff Burke
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapConfig.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapConfig.java
@@ -86,9 +86,11 @@ public class LdapConfig
    public static final String LDAP_PASSWD = "passwd";
    public static final String LDAP_USERS_DN = "usersDn";
    public static final String LDAP_GROUPS_DN = "groupsDn";
+    public static final String LDAP_ADMIN_GROUPS_DN  = "adminGroupsDn";
    private String usersDN;
    private String groupsDN;
+    private String adminGroupsDN;
    private String server;
    private int port;
    private String adminUserDN;
@@ -156,18 +158,26 @@ public class LdapConfig
            throw new RuntimeException("failed to read property " + 
                                       LDAP_GROUPS_DN);
        }
+        String ldapAdminGroupsDn = config.getProperty(LDAP_ADMIN_GROUPS_DN);
+        if (!StringUtil.hasText(ldapAdminGroupsDn))
+        {
+            throw new RuntimeException("failed to read property " + 
+                                       LDAP_ADMIN_GROUPS_DN);
+        }
        return new LdapConfig(server, Integer.valueOf(port), ldapAdmin, 
-                              ldapPasswd, ldapUsersDn, ldapGroupsDn);
+                              ldapPasswd, ldapUsersDn, ldapGroupsDn,
+                              ldapAdminGroupsDn);
    }
    public LdapConfig(String server, int port, String adminUserDN, 
-                      String adminPasswd, String usersDN, String groupsDN)
+                      String adminPasswd, String usersDN, String groupsDN,
+                      String adminGroupsDN)
    {
        if (!StringUtil.hasText(server))
        {
-            throw new IllegalArgumentException("Illegal LDAP server name: " + 
+            throw new IllegalArgumentException("Illegal LDAP server name");
-                                               server);
        }
        if (port < 0)
        {
@@ -176,23 +186,23 @@ public class LdapConfig
        }
        if (!StringUtil.hasText(adminUserDN))
        {
-            throw new IllegalArgumentException("Illegal Admin DN: " + 
+            throw new IllegalArgumentException("Illegal Admin DN");
-                                               adminUserDN);
        }
        if (!StringUtil.hasText(adminPasswd))
        {
-            throw new IllegalArgumentException("Illegal Admin password: " + 
+            throw new IllegalArgumentException("Illegal Admin password");
-                                               adminPasswd);
        }
        if (!StringUtil.hasText(usersDN))
        {
-            throw new IllegalArgumentException("Illegal users LDAP DN: " + 
+            throw new IllegalArgumentException("Illegal users LDAP DN");
-                                               usersDN);
        }
        if (!StringUtil.hasText(groupsDN))
        {
-            throw new IllegalArgumentException("Illegal groups LDAP DN: " + 
+            throw new IllegalArgumentException("Illegal groups LDAP DN");
-                                               groupsDN);
+        }
+        if (!StringUtil.hasText(adminGroupsDN))
+        {
+            throw new IllegalArgumentException("Illegal admin groups LDAP DN");
        }
        this.server = server;
@@ -201,6 +211,7 @@ public class LdapConfig
        this.adminPasswd = adminPasswd;
        this.usersDN = usersDN;
        this.groupsDN = groupsDN;
+        this.adminGroupsDN = adminGroupsDN;
    }
    public String getUsersDN()
@@ -212,6 +223,11 @@ public class LdapConfig
    {
        return this.groupsDN;
    }
+    public String getAdminGroupsDN()
+    {
+        return this.adminGroupsDN;
+    }
    public String getServer()
    {

--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java
--- a/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapDAOTest.java
+++ b/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapDAOTest.java
@@ -89,10 +89,11 @@ public class LdapDAOTest
    static int port = 389;
    static String adminDN = "uid=webproxy,ou=WebProxy,ou=topologymanagement,o=netscaperoot";
    static String adminPW = "go4it";
-    static String userBaseDN = "ou=Users,ou=ds,dc=canfartest,dc=net";
+    static String usersDN = "ou=Users,ou=ds,dc=canfartest,dc=net";
-    static String groupBaseDN = "ou=Groups,ou=ds,dc=canfartest,dc=net";
+    static String groupsDN = "ou=Groups,ou=ds,dc=canfartest,dc=net";
+    static String adminGroupsDN = "ou=adminGroups,ou=ds,dc=canfartest,dc=net";
-    LdapConfig config = new LdapConfig(server, port, adminDN, adminPW, userBaseDN, groupBaseDN);
+    LdapConfig config = new LdapConfig(server, port, adminDN, adminPW, usersDN, groupsDN, adminGroupsDN);
    @Test
    public void testLdapBindConnection() throws Exception

--- a/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java
+++ b/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java
@@ -69,10 +69,11 @@ public class LdapGroupDAOTest
    static int port = 389;
    static String adminDN = "uid=webproxy,ou=webproxy,ou=topologymanagement,o=netscaperoot";
    static String adminPW = "go4it";
-    static String userBaseDN = "ou=Users,ou=ds,dc=canfartest,dc=net";
+    static String usersDN = "ou=Users,ou=ds,dc=canfartest,dc=net";
-    static String groupBaseDN = "ou=Groups,ou=ds,dc=canfartest,dc=net";
+    static String groupsDN = "ou=Groups,ou=ds,dc=canfartest,dc=net";
-    //static String userBaseDN = "ou=Users,ou=ds,dc=canfar,dc=net";
+    static String adminGroupsDN = "ou=adminGroups,ou=ds,dc=canfartest,dc=net";
-    //static String groupBaseDN = "ou=Groups,ou=ds,dc=canfar,dc=net";
+    //static String usersDN = "ou=Users,ou=ds,dc=canfar,dc=net";
+    //static String groupsDN = "ou=Groups,ou=ds,dc=canfar,dc=net";
    static String daoTestDN1 = "cn=cadcdaotest1,ou=cadc,o=hia,c=ca";
    static String daoTestDN2 = "cn=cadcdaotest2,ou=cadc,o=hia,c=ca";
@@ -115,7 +116,7 @@ public class LdapGroupDAOTest
        anonSubject = new Subject();
        anonSubject.getPrincipals().add(unknownUser.getUserID());
-        config = new LdapConfig(server, port, adminDN, adminPW, userBaseDN, groupBaseDN);
+        config = new LdapConfig(server, port, adminDN, adminPW, usersDN, groupsDN, adminGroupsDN);
    }
    LdapGroupDAO<X500Principal> getGroupDAO()
@@ -158,24 +159,6 @@ public class LdapGroupDAOTest
                    actualGroup = getGroupDAO().modifyGroup(expectGroup);
                    assertGroupsEqual(expectGroup, actualGroup);
-                    // groupRead
-                    expectGroup.groupRead = otherGroup;
-                    actualGroup = getGroupDAO().modifyGroup(expectGroup);
-                    assertGroupsEqual(expectGroup, actualGroup);
-                    expectGroup.groupRead = null;
-                    actualGroup = getGroupDAO().modifyGroup(expectGroup);
-                    assertGroupsEqual(expectGroup, actualGroup);
-                    // groupWrite
-                    expectGroup.groupWrite = otherGroup;
-                    actualGroup = getGroupDAO().modifyGroup(expectGroup);
-                    assertGroupsEqual(expectGroup, actualGroup);
-                    expectGroup.groupWrite = null;
-                    actualGroup = getGroupDAO().modifyGroup(expectGroup);
-                    assertGroupsEqual(expectGroup, actualGroup);
                    // userMembers
                    expectGroup.getUserMembers().add(daoTestUser2);
                    actualGroup = getGroupDAO().modifyGroup(expectGroup);
@@ -196,8 +179,6 @@ public class LdapGroupDAOTest
                    // delete the group
                    expectGroup.description = "Happy testing";
-                    expectGroup.groupRead = otherGroup;
-                    expectGroup.groupWrite = otherGroup;
                    expectGroup.getUserMembers().add(daoTestUser2);
                    expectGroup.getGroupMembers().add(otherGroup);
@@ -398,9 +379,9 @@ public class LdapGroupDAOTest
                {                    
                    getGroupDAO().addGroup(new Group("foo", unknownUser));
                    fail("addGroup with unknown user should throw " + 
-                         "UserNotFoundException");
+                         "AccessControlException");
                }
-                catch (UserNotFoundException ignore) {}
+                catch (AccessControlException ignore) {}
                Group group = getGroupDAO().addGroup(new Group(getGroupID(), 
                                                     daoTestUser1));
@@ -651,9 +632,6 @@ public class LdapGroupDAOTest
        {
            assertTrue(gr2.getUserMembers().contains(user));
        }
-        assertEquals(gr1.groupRead, gr2.groupRead);
-        assertEquals(gr1.groupWrite, gr2.groupWrite);
-        assertEquals(gr1.groupWrite, gr2.groupWrite);
        assertEquals(gr1.getProperties(), gr2.getProperties());
        for (GroupProperty prop : gr1.getProperties())
        {

--- a/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAOTest.java
+++ b/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAOTest.java
@@ -96,8 +96,9 @@ public class LdapUserDAOTest
    static int port = 389;
    static String adminDN = "uid=webproxy,ou=Webproxy,ou=topologymanagement,o=netscaperoot";
    static String adminPW = "go4it";
-    static String userBaseDN = "ou=Users,ou=ds,dc=canfartest,dc=net";
+    static String usersDN = "ou=Users,ou=ds,dc=canfartest,dc=net";
-    static String groupBaseDN = "ou=Groups,ou=ds,dc=canfartest,dc=net";
+    static String groupsDN = "ou=Groups,ou=ds,dc=canfartest,dc=net";
+    static String adminGroupsDN = "ou=adminGroups,ou=ds,dc=canfartest,dc=net";
 //    static String userBaseDN = "ou=Users,ou=ds,dc=canfar,dc=net";
 //    static String groupBaseDN = "ou=Groups,ou=ds,dc=canfar,dc=net";
@@ -114,7 +115,7 @@ public class LdapUserDAOTest
        testUser = new User<X500Principal>(new X500Principal(testUserDN));
-        config = new LdapConfig(server, port, adminDN, adminPW, userBaseDN, groupBaseDN);
+        config = new LdapConfig(server, port, adminDN, adminPW, usersDN, groupsDN, adminGroupsDN);
    }
    LdapUserDAO<X500Principal> getUserDAO()

--- a/projects/cadcAccessControl/src/ca/nrc/cadc/ac/Group.java
+++ b/projects/cadcAccessControl/src/ca/nrc/cadc/ac/Group.java
@@ -88,21 +88,14 @@ public class Group
    // group's group members
    private Set<Group> groupMembers = new HashSet<Group>();
-    public String description;
+    // group's user admins
-    public Date lastModified;
+    private Set<User<? extends Principal>> userAdmins = new HashSet<User<? extends Principal>>();
-    // Access Control properties
+    // group's group admins
-    /**
+    private Set<Group> groupAdmins = new HashSet<Group>();
-     * group that can read details of this group
-     * Note: this class does not enforce any access control rules
-     */
-    public Group groupRead;
-    /**
+    public String description;
-     * group that can read and write details of this group
+    public Date lastModified;
-     * Note: this class does not enforce any access control rules
-     */
-    public Group groupWrite;
    /**
     * Ctor.
@@ -186,6 +179,24 @@ public class Group
    {
        return groupMembers;
    }
+    /**
+     * 
+     * @return individual user admins of this group
+     */
+    public Set<User<? extends Principal>> getUserAdmins()
+    {
+        return userAdmins;
+    }
+    /**
+     * 
+     * @return group admins of this group
+     */
+    public Set<Group> getGroupAdmins()
+    {
+        return groupAdmins;
+    }
    /* (non-Javadoc)
     * @see java.lang.Object#hashCode()

--- a/projects/cadcAccessControl/src/ca/nrc/cadc/ac/GroupReader.java
+++ b/projects/cadcAccessControl/src/ca/nrc/cadc/ac/GroupReader.java
@@ -263,38 +263,37 @@ public class GroupReader
        }
-        // groupRead
+        // userMembers
-        Element groupReadElement = groupElement.getChild("groupRead");
+        Element userMembersElement = groupElement.getChild("userMembers");
-        if (groupReadElement != null)
+        if (userMembersElement != null)
        {
-            Element groupReadGroupElement = groupReadElement.getChild("group");
+            List<Element> userElements = userMembersElement.getChildren("user");
-            if (groupReadGroupElement != null)
+            for (Element userMember : userElements)
            {
-                group.groupRead = parseGroup(groupReadGroupElement);
+                group.getUserMembers().add(UserReader.parseUser(userMember));
            }
        }
-        // groupWrite
+        // groupAdmins
-        Element groupWriteElement = groupElement.getChild("groupWrite");
+        Element groupAdminsElement = groupElement.getChild("groupAdmins");
-        if (groupWriteElement != null)
+        if (groupAdminsElement != null)
        {
-            Element groupWriteGroupElement = groupWriteElement.getChild("group");
+            List<Element> groupElements = groupAdminsElement.getChildren("group");
-            if (groupWriteGroupElement != null)
+            for (Element groupMember : groupElements)
            {
-                group.groupWrite = parseGroup(groupWriteGroupElement);
+                group.getGroupAdmins().add(parseGroup(groupMember));
            }
        }
-        // userMembers
+        // userAdmins
-        Element userMembersElement = groupElement.getChild("userMembers");
+        Element userAdminsElement = groupElement.getChild("userAdmins");
-        if (userMembersElement != null)
+        if (userAdminsElement != null)
        {
-            List<Element> userElements = userMembersElement.getChildren("user");
+            List<Element> userElements = userAdminsElement.getChildren("user");
            for (Element userMember : userElements)
            {
-                group.getUserMembers().add(UserReader.parseUser(userMember));
+                group.getUserAdmins().add(UserReader.parseUser(userMember));
            }
        }

--- a/projects/cadcAccessControl/src/ca/nrc/cadc/ac/GroupWriter.java
+++ b/projects/cadcAccessControl/src/ca/nrc/cadc/ac/GroupWriter.java
@@ -213,22 +213,6 @@ public class GroupWriter
                groupElement.addContent(groupMembersElement);
            }
-            // Group groupRead.
-            if (group.groupRead != null)
-            {
-                Element groupReadElement = new Element("groupRead");
-                groupReadElement.addContent(getGroupElement(group.groupRead, false));
-                groupElement.addContent(groupReadElement);
-            }
-            // Group groupWrite.
-            if (group.groupWrite != null)
-            {
-                Element groupWriteElement = new Element("groupWrite");
-                groupWriteElement.addContent(getGroupElement(group.groupWrite, false));
-                groupElement.addContent(groupWriteElement);
-            }
            // Group userMembers
            if ((group.getUserMembers() != null) && (!group.getUserMembers().isEmpty()))
            {
@@ -239,6 +223,28 @@ public class GroupWriter
                }
                groupElement.addContent(userMembersElement);
            }
+            // Group groupAdmins.
+            if ((group.getGroupAdmins() != null) && (!group.getGroupAdmins().isEmpty()))
+            {
+                Element groupAdminsElement = new Element("groupAdmins");
+                for (Group groupMember : group.getGroupAdmins())
+                {
+                    groupAdminsElement.addContent(getGroupElement(groupMember, false));
+                }
+                groupElement.addContent(groupAdminsElement);
+            }
+            // Group userAdmins
+            if ((group.getUserAdmins() != null) && (!group.getUserAdmins().isEmpty()))
+            {
+                Element userAdminsElement = new Element("userAdmins");
+                for (User<? extends Principal> userMember : group.getUserAdmins())
+                {
+                    userAdminsElement.addContent(UserWriter.getUserElement(userMember));
+                }
+                groupElement.addContent(userAdminsElement);
+            }
        }
        return groupElement;

--- a/projects/cadcAccessControl/test/src/ca/nrc/cadc/ac/GroupReaderWriterTest.java
+++ b/projects/cadcAccessControl/test/src/ca/nrc/cadc/ac/GroupReaderWriterTest.java
@@ -85,8 +85,8 @@ import org.apache.log4j.Logger;
 import org.junit.Test;
 import ca.nrc.cadc.auth.HttpPrincipal;
-import ca.nrc.cadc.auth.NumericPrincipal;
 import ca.nrc.cadc.auth.OpenIdPrincipal;
+import static org.junit.Assert.assertTrue;
 /**
 *
@@ -161,15 +161,15 @@ public class GroupReaderWriterTest
        expected.lastModified = new Date();
        expected.properties.add(new GroupProperty("key", "value", true));
-        Group readGroup = new Group("read", new User<Principal>(new X500Principal("cn=foo,o=ca")));
-        Group writeGroup = new Group("write", new User<Principal>(new NumericPrincipal(123l)));
        Group groupMember = new Group("member", new User<Principal>(new OpenIdPrincipal("bar")));
        User<Principal> userMember = new User<Principal>(new HttpPrincipal("baz"));
+        Group groupAdmin = new Group("admin", new User<Principal>(new X500Principal("cn=foo,o=ca")));
+        User<Principal> userAdmin = new User<Principal>(new HttpPrincipal("admin"));
-        expected.groupRead = readGroup;
-        expected.groupWrite = writeGroup;
        expected.getGroupMembers().add(groupMember);
        expected.getUserMembers().add(userMember);
+        expected.getGroupAdmins().add(groupAdmin);
+        expected.getUserAdmins().add(userAdmin);
        StringBuilder xml = new StringBuilder();
        GroupWriter.write(expected, xml);
@@ -181,8 +181,6 @@ public class GroupReaderWriterTest
        assertEquals(expected.description, actual.description);
        assertEquals(expected.lastModified, actual.lastModified);
        assertEquals(expected.getProperties(), actual.getProperties());
-        assertEquals(expected.groupRead, actual.groupRead);
-        assertEquals(expected.groupWrite, actual.groupWrite);
        assertEquals(expected.getGroupMembers(), actual.getGroupMembers());
        assertEquals(expected.getUserMembers(), actual.getUserMembers());
    }

--- a/projects/cadcAccessControl/test/src/ca/nrc/cadc/ac/GroupTest.java
+++ b/projects/cadcAccessControl/test/src/ca/nrc/cadc/ac/GroupTest.java
@@ -115,17 +115,15 @@ public class GroupTest
        assertEquals(group3.hashCode(), group4.hashCode());
        assertEquals(group3,group4);
-        group3.description = "Test group";
+        group4.getUserAdmins().add(user);
        assertEquals(group3.hashCode(), group4.hashCode());
        assertEquals(group3,group4);
-        // group read and write equality tests     
+        group3.getGroupAdmins().add(group4);
-        group3.groupRead = group4;
        assertEquals(group3.hashCode(), group4.hashCode());
        assertEquals(group3,group4);
-        // group write equality tests
+        group3.description = "Test group";
-        group3.groupWrite = group4;
        assertEquals(group3.hashCode(), group4.hashCode());
        assertEquals(group3,group4);