Skip to content
Snippets Groups Projects
Commit c507560b authored by Jeff Burke's avatar Jeff Burke
Browse files

s1890: added support for UserRequest endpoint

parent 7b2d94d0
No related branches found
No related tags found
No related merge requests found
Expand all Hide whitespace changes
Inline Side-by-side
Showing
with 1346 additions and 509 deletions
cadcAccessControl-Server/build.xml
+ 2
2
View file @ c507560b
......@@ -141,9 +141,9 @@
<!--<test name="ca.nrc.cadc.ac.server.ldap.LdapConfigTest" />-->
<!--<test name="ca.nrc.cadc.ac.server.ldap.LdapConnectionsTest" />-->
<!--<test name="ca.nrc.cadc.ac.server.ldap.LdapDAOTest" />-->
<test name="ca.nrc.cadc.ac.server.ldap.LdapGroupDAOTest" />
<!--<test name="ca.nrc.cadc.ac.server.ldap.LdapGroupDAOTest" />-->
<!--<test name="ca.nrc.cadc.ac.server.ldap.LdapPersistenceTest" />-->
<!--<test name="ca.nrc.cadc.ac.server.ldap.LdapUserDAOTest" />-->
<test name="ca.nrc.cadc.ac.server.ldap.LdapUserDAOTest" />
<!--<test name="ca.nrc.cadc.ac.server.web.groups.AddGroupMemberActionTest" />-->
<!--<test name="ca.nrc.cadc.ac.server.web.groups.AddUserMemberActionTest" />-->
......
cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/UserPersistence.java
+ 8
8
View file @ c507560b
......@@ -88,15 +88,15 @@ public interface UserPersistence
void destroy();
/**
* Add the user to the active users tree.
* Add the user to the users tree.
*
* @param user The user request to put into the active users tree.
* @param user The user request to put into the users tree.
*
* @throws TransientException If an temporary, unexpected problem occurred.
* @throws AccessControlException If the operation is not permitted.
* @throws ca.nrc.cadc.ac.UserAlreadyExistsException
*/
void addUser(UserRequest user)
void addUser(User user)
throws TransientException, AccessControlException,
UserAlreadyExistsException;
......@@ -109,7 +109,7 @@ public interface UserPersistence
* @throws AccessControlException If the operation is not permitted.
* @throws ca.nrc.cadc.ac.UserAlreadyExistsException
*/
void addPendingUser(UserRequest user)
void addUserRequest(UserRequest user)
throws TransientException, AccessControlException,
UserAlreadyExistsException;
......@@ -155,7 +155,7 @@ public interface UserPersistence
* @throws TransientException If an temporary, unexpected problem occurred.
* @throws AccessControlException If the operation is not permitted.
*/
User getPendingUser(Principal userID)
User getUserRequest(Principal userID)
throws UserNotFoundException, TransientException,
AccessControlException;
......@@ -191,7 +191,7 @@ public interface UserPersistence
* @throws TransientException If an temporary, unexpected problem occurred.
* @throws AccessControlException If the operation is not permitted.
*/
Collection<User> getPendingUsers()
Collection<User> getUserRequests()
throws TransientException, AccessControlException;
/**
......@@ -206,7 +206,7 @@ public interface UserPersistence
* @throws TransientException If an temporary, unexpected problem occurred.
* @throws AccessControlException If the operation is not permitted.
*/
User approvePendingUser(Principal userID)
User approveUserRequest(Principal userID)
throws UserNotFoundException, TransientException,
AccessControlException;
......@@ -247,7 +247,7 @@ public interface UserPersistence
* @throws TransientException If an temporary, unexpected problem occurred.
* @throws AccessControlException If the operation is not permitted.
*/
void deletePendingUser(Principal userID)
void deleteUserRequest(Principal userID)
throws UserNotFoundException, TransientException,
AccessControlException;
......
cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserPersistence.java
+ 24
24
View file @ c507560b
......@@ -107,15 +107,15 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste
}
/**
* Add the user to the active users tree.
* Add the user to the users tree.
*
* @param user The user request to put into the active user tree.
* @param user The user request to put into the user tree.
*
* @throws TransientException If an temporary, unexpected problem occurred.
* @throws AccessControlException If the operation is not permitted.
* @throws ca.nrc.cadc.ac.UserAlreadyExistsException
*/
public void addUser(UserRequest user)
public void addUser(User user)
throws TransientException, AccessControlException, UserAlreadyExistsException
{
LdapUserDAO userDAO = null;
......@@ -132,15 +132,15 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste
}
/**
* Add the user to the pending users tree.
* Add the user to the user requests tree.
*
* @param user The user request to put into the pending user tree.
* @param userRequest The user request to put into the pending user tree.
*
* @throws TransientException If an temporary, unexpected problem occurred.
* @throws AccessControlException If the operation is not permitted.
* @throws ca.nrc.cadc.ac.UserAlreadyExistsException
*/
public void addPendingUser(UserRequest user)
public void addUserRequest(UserRequest userRequest)
throws TransientException, AccessControlException, UserAlreadyExistsException
{
LdapUserDAO userDAO = null;
......@@ -148,7 +148,7 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste
try
{
userDAO = new LdapUserDAO(conns);
userDAO.addPendingUser(user);
userDAO.addUserRequest(userRequest);
}
finally
{
......@@ -200,8 +200,8 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste
* @throws UserAlreadyExistsException A user with the same email address already exists
*/
public User getUserByEmailAddress(String emailAddress)
throws UserNotFoundException, TransientException,
AccessControlException, UserAlreadyExistsException
throws UserNotFoundException, TransientException,
AccessControlException, UserAlreadyExistsException
{
LdapConnections conns = new LdapConnections(this);
try
......@@ -224,7 +224,7 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste
* @throws TransientException If an temporary, unexpected problem occurred.
* @throws AccessControlException If the operation is not permitted.
*/
public User getPendingUser(Principal userID)
public User getUserRequest(Principal userID)
throws UserNotFoundException, TransientException, AccessControlException
{
Subject caller = AuthenticationUtil.getCurrentSubject();
......@@ -236,7 +236,7 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste
try
{
userDAO = new LdapUserDAO(conns);
return userDAO.getPendingUser(userID);
return userDAO.getUserRequest(userID);
}
finally
{
......@@ -304,13 +304,13 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste
}
/**
* Get all user names from the pending users tree.
* Get all user names from the user requests tree.
*
* @return A collection of strings.
* @throws TransientException If an temporary, unexpected problem occurred.
* @throws AccessControlException If the operation is not permitted.
*/
public Collection<User> getPendingUsers()
public Collection<User> getUserRequests()
throws TransientException, AccessControlException
{
// admin API: no permission check
......@@ -319,7 +319,7 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste
try
{
userDAO = new LdapUserDAO(conns);
return userDAO.getPendingUsers();
return userDAO.getUserRequests();
}
finally
{
......@@ -328,8 +328,8 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste
}
/**
* Move the pending user specified by userID from the
* pending users tree to the active users tree.
* Move the user request specified by userID from the
* user requests tree to the users tree.
*
* @param userID The user instance to move.
*
......@@ -339,7 +339,7 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste
* @throws TransientException If an temporary, unexpected problem occurred.
* @throws AccessControlException If the operation is not permitted.
*/
public User approvePendingUser(Principal userID)
public User approveUserRequest(Principal userID)
throws UserNotFoundException, TransientException,
AccessControlException
{
......@@ -349,7 +349,7 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste
try
{
userDAO = new LdapUserDAO(conns);
return userDAO.approvePendingUser(userID);
return userDAO.approveUserRequest(userID);
}
finally
{
......@@ -420,7 +420,7 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste
}
/**
* Delete the user specified by userID from the pending users tree.
* Delete the user specified by userID from the user requests tree.
*
* @param userID The userID.
*
......@@ -428,7 +428,7 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste
* @throws TransientException If an temporary, unexpected problem occurred.
* @throws AccessControlException If the operation is not permitted.
*/
public void deletePendingUser(Principal userID)
public void deleteUserRequest(Principal userID)
throws UserNotFoundException, TransientException,
AccessControlException
{
......@@ -438,7 +438,7 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste
try
{
userDAO = new LdapUserDAO(conns);
userDAO.deletePendingUser(userID);
userDAO.deleteUserRequest(userID);
}
finally
{
......@@ -458,7 +458,7 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste
* @throws AccessControlException If the operation is not permitted.
*/
public Boolean doLogin(String userID, String password)
throws UserNotFoundException, TransientException, AccessControlException
throws UserNotFoundException, TransientException, AccessControlException
{
LdapUserDAO userDAO = null;
LdapConnections conns = new LdapConnections(this);
......@@ -484,7 +484,7 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste
* @throws AccessControlException If the operation is not permitted.
*/
public void setPassword(HttpPrincipal userID, String oldPassword, String newPassword)
throws UserNotFoundException, TransientException, AccessControlException
throws UserNotFoundException, TransientException, AccessControlException
{
Subject caller = AuthenticationUtil.getCurrentSubject();
if ( !isMatch(caller, userID) )
......@@ -517,7 +517,7 @@ public class LdapUserPersistence extends LdapPersistence implements UserPersiste
* @throws AccessControlException If the operation is not permitted.
*/
public void resetPassword(HttpPrincipal userID, String newPassword)
throws UserNotFoundException, TransientException, AccessControlException
throws UserNotFoundException, TransientException, AccessControlException
{
Subject caller = AuthenticationUtil.getCurrentSubject();
if ( !isMatch(caller, userID) )
......
cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/GroupServlet.java
+ 1
3
View file @ c507560b
......@@ -93,13 +93,11 @@ import ca.nrc.cadc.auth.AuthenticationUtil;
*
* @author majorb
*/
public class GroupServlet<T extends Principal> extends HttpServlet
public class GroupServlet extends HttpServlet
{
private static final long serialVersionUID = 7854660717655869213L;
private static final Logger log = Logger.getLogger(GroupServlet.class);
public static final String GROUP_PERSISTENCE_REF = "groupPersistence";
private GroupPersistence groupPersistence;
@Override
......
cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/LoginServlet.java
+ 6
4
View file @ c507560b
......@@ -101,21 +101,22 @@ import ca.nrc.cadc.util.StringUtil;
import com.unboundid.ldap.sdk.LDAPException;
@SuppressWarnings("serial")
public class LoginServlet<T extends Principal> extends HttpServlet
public class LoginServlet extends HttpServlet
{
private static final Logger log = Logger.getLogger(LoginServlet.class);
private static final String CONTENT_TYPE = "text/plain";
private static final String PROXY_ACCESS = "Proxy user access: ";
// " as " - delimiter use for proxy user authentication
public static final String PROXY_USER_DELIM = "\\s[aA][sS]\\s";
String proxyGroup; // only users in this group can impersonate other users
String nonImpersonGroup; // users in this group cannot be impersonated
private static final String PROXY_ACCESS = "Proxy user access: ";
UserPersistence userPersistence;
GroupPersistence groupPersistence;
@Override
public void init(final ServletConfig config) throws ServletException
{
......@@ -138,6 +139,7 @@ public class LoginServlet<T extends Principal> extends HttpServlet
throw new ExceptionInInitializerError(ex);
}
}
/**
* Attempt to login for userid/password.
*/
......
cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/UserRequestServlet.java 0 → 100644
+ 363
0
View file @ c507560b
/*
************************************************************************
******************* CANADIAN ASTRONOMY DATA CENTRE *******************
************** CENTRE CANADIEN DE DONNÉES ASTRONOMIQUES **************
*
* (c) 2015. (c) 2015.
* Government of Canada Gouvernement du Canada
* National Research Council Conseil national de recherches
* Ottawa, Canada, K1A 0R6 Ottawa, Canada, K1A 0R6
* All rights reserved Tous droits réservés
*
* NRC disclaims any warranties, Le CNRC dénie toute garantie
* expressed, implied, or énoncée, implicite ou légale,
* statutory, of any kind with de quelque nature que ce
* respect to the software, soit, concernant le logiciel,
* including without limitation y compris sans restriction
* any warranty of merchantability toute garantie de valeur
* or fitness for a particular marchande ou de pertinence
* purpose. NRC shall not be pour un usage particulier.
* liable in any event for any Le CNRC ne pourra en aucun cas
* damages, whether direct or être tenu responsable de tout
* indirect, special or general, dommage, direct ou indirect,
* consequential or incidental, particulier ou général,
* arising from the use of the accessoire ou fortuit, résultant
* software. Neither the name de l'utilisation du logiciel. Ni
* of the National Research le nom du Conseil National de
* Council of Canada nor the Recherches du Canada ni les noms
* names of its contributors may de ses participants ne peuvent
* be used to endorse or promote être utilisés pour approuver ou
* products derived from this promouvoir les produits dérivés
* software without specific prior de ce logiciel sans autorisation
* written permission. préalable et particulière
* par écrit.
*
* This file is part of the Ce fichier fait partie du projet
* OpenCADC project. OpenCADC.
*
* OpenCADC is free software: OpenCADC est un logiciel libre ;
* you can redistribute it and/or vous pouvez le redistribuer ou le
* modify it under the terms of modifier suivant les termes de
* the GNU Affero General Public la “GNU Affero General Public
* License as published by the License” telle que publiée
* Free Software Foundation, par la Free Software Foundation
* either version 3 of the : soit la version 3 de cette
* License, or (at your option) licence, soit (à votre gré)
* any later version. toute version ultérieure.
*
* OpenCADC is distributed in the OpenCADC est distribué
* hope that it will be useful, dans l’espoir qu’il vous
* but WITHOUT ANY WARRANTY; sera utile, mais SANS AUCUNE
* without even the implied GARANTIE : sans même la garantie
* warranty of MERCHANTABILITY implicite de COMMERCIALISABILITÉ
* or FITNESS FOR A PARTICULAR ni d’ADÉQUATION À UN OBJECTIF
* PURPOSE. See the GNU Affero PARTICULIER. Consultez la Licence
* General Public License for Générale Publique GNU Affero
* more details. pour plus de détails.
*
* You should have received Vous devriez avoir reçu une
* a copy of the GNU Affero copie de la Licence Générale
* General Public License along Publique GNU Affero avec
* with OpenCADC. If not, see OpenCADC ; si ce n’est
* <http://www.gnu.org/licenses/>. pas le cas, consultez :
* <http://www.gnu.org/licenses/>.
*
* $Revision: 4 $
*
************************************************************************
*/
package ca.nrc.cadc.ac.server.web;
import ca.nrc.cadc.ac.server.PluginFactory;
import ca.nrc.cadc.ac.server.UserPersistence;
import ca.nrc.cadc.ac.server.web.SyncOutput;
import ca.nrc.cadc.ac.server.web.userrequests.AbstractUserRequestAction;
import ca.nrc.cadc.ac.server.web.userrequests.CreateUserRequestAction;
import ca.nrc.cadc.ac.server.web.userrequests.UserRequestActionFactory;
import ca.nrc.cadc.ac.server.web.users.AbstractUserAction;
import ca.nrc.cadc.ac.server.web.users.GetUserAction;
import ca.nrc.cadc.ac.server.web.users.UserActionFactory;
import ca.nrc.cadc.ac.server.web.users.UserLogInfo;
import ca.nrc.cadc.auth.AuthenticationUtil;
import ca.nrc.cadc.auth.HttpPrincipal;
import ca.nrc.cadc.auth.ServletPrincipalExtractor;
import ca.nrc.cadc.profiler.Profiler;
import ca.nrc.cadc.util.StringUtil;
import org.apache.log4j.Logger;
import javax.security.auth.Subject;
import javax.security.auth.x500.X500Principal;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
public class UserRequestServlet extends HttpServlet
{
private static final long serialVersionUID = 5289130885807305288L;
private static final Logger log = Logger.getLogger(UserRequestServlet.class);
private List<Subject> privilegedSubjects;
private UserPersistence userPersistence;
@Override
public void init(ServletConfig config) throws ServletException
{
super.init(config);
try
{
String x500Users = config.getInitParameter(UserRequestServlet.class.getName() + ".PrivilegedX500Principals");
log.debug("PrivilegedX500Users: " + x500Users);
String httpUsers = config.getInitParameter(UserRequestServlet.class.getName() + ".PrivilegedHttpPrincipals");
log.debug("PrivilegedHttpUsers: " + httpUsers);
String[] x500List = new String[0];
String[] httpList = new String[0];
if (x500Users != null && httpUsers != null)
{
x500List = x500Users.split(" ");
httpList = httpUsers.split(" ");
}
if (x500List.length != httpList.length)
{
throw new RuntimeException("Init exception: Lists of augment subject principals not equivalent in length");
}
privilegedSubjects = new ArrayList<Subject>(x500Users.length());
for (int i=0; i<x500List.length; i++)
{
Subject s = new Subject();
s.getPrincipals().add(new X500Principal(x500List[i]));
s.getPrincipals().add(new HttpPrincipal(httpList[i]));
privilegedSubjects.add(s);
}
PluginFactory pluginFactory = new PluginFactory();
userPersistence = pluginFactory.createUserPersistence();
}
catch (Throwable t)
{
log.fatal("Error initializing group persistence", t);
throw new ExceptionInInitializerError(t);
}
}
@Override
public void destroy()
{
userPersistence.destroy();
}
/**
* Create a UserAction and run the action safely.
*/
private void doAction(UserRequestActionFactory factory, HttpServletRequest request, HttpServletResponse response)
throws IOException
{
Profiler profiler = new Profiler(UserRequestServlet.class);
long start = System.currentTimeMillis();
UserLogInfo logInfo = new UserLogInfo(request);
try
{
log.info(logInfo.start());
AbstractUserRequestAction action = factory.createAction(request);
action.setAcceptedContentType(getAcceptedContentType(request));
log.debug("content-type: " + getAcceptedContentType(request));
profiler.checkpoint("created action");
// Special case: if the calling subject has a privileged X500Principal,
// AND it is a PUT request, do not augment the subject.
Subject subject;
Subject privilegedSubject = getPrivilegedSubject(request);
if (action instanceof CreateUserRequestAction && privilegedSubject != null)
{
profiler.checkpoint("check privileged user");
subject = Subject.getSubject(AccessController.getContext());
log.debug("subject not augmented: " + subject);
action.setAugmentUser(true);
logInfo.setSubject(privilegedSubject);
profiler.checkpoint("set privileged user");
}
else
{
subject = AuthenticationUtil.getSubject(request);
logInfo.setSubject(subject);
log.debug("augmented subject: " + subject);
profiler.checkpoint("augment subject");
}
SyncOutput syncOut = new SyncOutput(response);
action.setLogInfo(logInfo);
action.setSyncOut(syncOut);
action.setUserPersistence(userPersistence);
try
{
if (subject == null)
{
action.run();
}
else
{
Subject.doAs(subject, action);
}
}
catch (PrivilegedActionException e)
{
Throwable cause = e.getCause();
if (cause != null)
{
throw cause;
}
Exception exception = e.getException();
if (exception != null)
{
throw exception;
}
throw e;
}
finally
{
profiler.checkpoint("Executed action");
}
}
catch (IllegalArgumentException e)
{
log.debug(e.getMessage(), e);
logInfo.setMessage(e.getMessage());
logInfo.setSuccess(false);
response.getWriter().write(e.getMessage());
response.setStatus(400);
}
catch (Throwable t)
{
String message = "Internal Server Error: " + t.getMessage();
log.error(message, t);
logInfo.setSuccess(false);
logInfo.setMessage(message);
response.getWriter().write(message);
response.setStatus(500);
}
finally
{
logInfo.setElapsedTime(System.currentTimeMillis() - start);
log.info(logInfo.end());
}
}
@Override
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws IOException
{
doAction(UserRequestActionFactory.httpGetFactory(), request, response);
}
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws IOException
{
doAction(UserRequestActionFactory.httpPostFactory(), request, response);
}
@Override
public void doDelete(HttpServletRequest request, HttpServletResponse response)
throws IOException
{
doAction(UserRequestActionFactory.httpDeleteFactory(), request, response);
}
@Override
public void doPut(HttpServletRequest request, HttpServletResponse response)
throws IOException
{
doAction(UserRequestActionFactory.httpPutFactory(), request, response);
}
@Override
public void doHead(HttpServletRequest request, HttpServletResponse response)
throws IOException
{
doAction(UserRequestActionFactory.httpHeadFactory(), request, response);
}
/**
* Obtain the requested (Accept) content type.
*
* @param request The HTTP Request.
* @return String content type.
*/
String getAcceptedContentType(final HttpServletRequest request)
{
final String requestedContentType = request.getHeader("Accept");
if (StringUtil.hasText(requestedContentType)
&& requestedContentType.contains(AbstractUserAction.JSON_CONTENT_TYPE))
{
return AbstractUserAction.JSON_CONTENT_TYPE;
}
else
{
return AbstractUserAction.DEFAULT_CONTENT_TYPE;
}
}
protected Subject getPrivilegedSubject(HttpServletRequest request)
{
if (privilegedSubjects == null || privilegedSubjects.isEmpty())
{
return null;
}
ServletPrincipalExtractor extractor = new ServletPrincipalExtractor(request);
Set<Principal> principals = extractor.getPrincipals();
for (Principal principal : principals)
{
if (principal instanceof X500Principal)
{
for (Subject s : privilegedSubjects)
{
Set<X500Principal> x500Principals = s.getPrincipals(X500Principal.class);
for (X500Principal p2 : x500Principals)
{
if (p2.getName().equalsIgnoreCase(principal.getName()))
{
return s;
}
}
}
}
if (principal instanceof HttpPrincipal)
{
for (Subject s : privilegedSubjects)
{
Set<HttpPrincipal> httpPrincipals = s.getPrincipals(HttpPrincipal.class);
for (HttpPrincipal p2 : httpPrincipals)
{
if (p2.getName().equalsIgnoreCase(principal.getName()))
{
return s;
}
}
}
}
}
return null;
}
}
cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/UserServlet.java
+ 18
21
View file @ c507560b
......@@ -98,15 +98,12 @@ import ca.nrc.cadc.auth.ServletPrincipalExtractor;
import ca.nrc.cadc.profiler.Profiler;
import ca.nrc.cadc.util.StringUtil;
public class UserServlet<T extends Principal> extends HttpServlet
public class UserServlet extends HttpServlet
{
private static final long serialVersionUID = 5289130885807305288L;
private static final Logger log = Logger.getLogger(UserServlet.class);
public static final String USER_PERSISTENCE_REF = "userPersistence";
private List<Subject> notAugmentedSubjects;
private List<Subject> privilegedSubjects;
private UserPersistence userPersistence;
......@@ -117,11 +114,11 @@ public class UserServlet<T extends Principal> extends HttpServlet
try
{
String x500Users = config.getInitParameter(UserServlet.class.getName() + ".NotAugmentedX500Principals");
log.debug("notAugmentedX500Users: " + x500Users);
String x500Users = config.getInitParameter(UserServlet.class.getName() + ".PrivilegedX500Principals");
log.debug("PrivilegedX500Users: " + x500Users);
String httpUsers = config.getInitParameter(UserServlet.class.getName() + ".NotAugmentedHttpPrincipals");
log.debug("notAugmentedHttpUsers: " + httpUsers);
String httpUsers = config.getInitParameter(UserServlet.class.getName() + ".PrivilegedHttpPrincipals");
log.debug("PrivilegedHttpUsers: " + httpUsers);
String[] x500List = new String[0];
String[] httpList = new String[0];
......@@ -136,13 +133,13 @@ public class UserServlet<T extends Principal> extends HttpServlet
throw new RuntimeException("Init exception: Lists of augment subject principals not equivalent in length");
}
notAugmentedSubjects = new ArrayList<Subject>(x500Users.length());
privilegedSubjects = new ArrayList<Subject>(x500Users.length());
for (int i=0; i<x500List.length; i++)
{
Subject s = new Subject();
s.getPrincipals().add(new X500Principal(x500List[i]));
s.getPrincipals().add(new HttpPrincipal(httpList[i]));
notAugmentedSubjects.add(s);
privilegedSubjects.add(s);
}
PluginFactory pluginFactory = new PluginFactory();
......@@ -179,18 +176,18 @@ public class UserServlet<T extends Principal> extends HttpServlet
log.debug("content-type: " + getAcceptedContentType(request));
profiler.checkpoint("created action");
// Special case: if the calling subject has a servops X500Principal,
// Special case: if the calling subject has a privileged X500Principal,
// AND it is a GET request, do not augment the subject.
Subject subject;
Subject notAugmentedSubject = getNotAugmentedSubject(request);
if (action instanceof GetUserAction && notAugmentedSubject != null)
Subject privilegedSubject = getPrivilegedSubject(request);
if (action instanceof GetUserAction && privilegedSubject != null)
{
profiler.checkpoint("check not augmented user");
profiler.checkpoint("check privileged user");
subject = Subject.getSubject(AccessController.getContext());
log.debug("subject not augmented: " + subject);
action.setAugmentUser(true);
logInfo.setSubject(notAugmentedSubject);
profiler.checkpoint("set not augmented user");
logInfo.setSubject(privilegedSubject);
profiler.checkpoint("set privileged user");
}
else
{
......@@ -315,9 +312,9 @@ public class UserServlet<T extends Principal> extends HttpServlet
}
}
protected Subject getNotAugmentedSubject(HttpServletRequest request)
protected Subject getPrivilegedSubject(HttpServletRequest request)
{
if (notAugmentedSubjects == null || notAugmentedSubjects.isEmpty())
if (privilegedSubjects == null || privilegedSubjects.isEmpty())
{
return null;
}
......@@ -329,7 +326,7 @@ public class UserServlet<T extends Principal> extends HttpServlet
{
if (principal instanceof X500Principal)
{
for (Subject s : notAugmentedSubjects)
for (Subject s : privilegedSubjects)
{
Set<X500Principal> x500Principals = s.getPrincipals(X500Principal.class);
for (X500Principal p2 : x500Principals)
......@@ -344,7 +341,7 @@ public class UserServlet<T extends Principal> extends HttpServlet
if (principal instanceof HttpPrincipal)
{
for (Subject s : notAugmentedSubjects)
for (Subject s : privilegedSubjects)
{
Set<HttpPrincipal> httpPrincipals = s.getPrincipals(HttpPrincipal.class);
for (HttpPrincipal p2 : httpPrincipals)
......
cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/userrequests/AbstractUserRequestAction.java 0 → 100644
+ 282
0
View file @ c507560b
/*
************************************************************************
******************* CANADIAN ASTRONOMY DATA CENTRE *******************
************** CENTRE CANADIEN DE DONNÉES ASTRONOMIQUES **************
*
* (c) 2014. (c) 2014.
* Government of Canada Gouvernement du Canada
* National Research Council Conseil national de recherches
* Ottawa, Canada, K1A 0R6 Ottawa, Canada, K1A 0R6
* All rights reserved Tous droits réservés
*
* NRC disclaims any warranties, Le CNRC dénie toute garantie
* expressed, implied, or énoncée, implicite ou légale,
* statutory, of any kind with de quelque nature que ce
* respect to the software, soit, concernant le logiciel,
* including without limitation y compris sans restriction
* any warranty of merchantability toute garantie de valeur
* or fitness for a particular marchande ou de pertinence
* purpose. NRC shall not be pour un usage particulier.
* liable in any event for any Le CNRC ne pourra en aucun cas
* damages, whether direct or être tenu responsable de tout
* indirect, special or general, dommage, direct ou indirect,
* consequential or incidental, particulier ou général,
* arising from the use of the accessoire ou fortuit, résultant
* software. Neither the name de l'utilisation du logiciel. Ni
* of the National Research le nom du Conseil National de
* Council of Canada nor the Recherches du Canada ni les noms
* names of its contributors may de ses participants ne peuvent
* be used to endorse or promote être utilisés pour approuver ou
* products derived from this promouvoir les produits dérivés
* software without specific prior de ce logiciel sans autorisation
* written permission. préalable et particulière
* par écrit.
*
* This file is part of the Ce fichier fait partie du projet
* OpenCADC project. OpenCADC.
*
* OpenCADC is free software: OpenCADC est un logiciel libre ;
* you can redistribute it and/or vous pouvez le redistribuer ou le
* modify it under the terms of modifier suivant les termes de
* the GNU Affero General Public la “GNU Affero General Public
* License as published by the License” telle que publiée
* Free Software Foundation, par la Free Software Foundation
* either version 3 of the : soit la version 3 de cette
* License, or (at your option) licence, soit (à votre gré)
* any later version. toute version ultérieure.
*
* OpenCADC is distributed in the OpenCADC est distribué
* hope that it will be useful, dans l’espoir qu’il vous
* but WITHOUT ANY WARRANTY; sera utile, mais SANS AUCUNE
* without even the implied GARANTIE : sans même la garantie
* warranty of MERCHANTABILITY implicite de COMMERCIALISABILITÉ
* or FITNESS FOR A PARTICULAR ni d’ADÉQUATION À UN OBJECTIF
* PURPOSE. See the GNU Affero PARTICULIER. Consultez la Licence
* General Public License for Générale Publique GNU Affero
* more details. pour plus de détails.
*
* You should have received Vous devriez avoir reçu une
* a copy of the GNU Affero copie de la Licence Générale
* General Public License along Publique GNU Affero avec
* with OpenCADC. If not, see OpenCADC ; si ce n’est
* <http://www.gnu.org/licenses/>. pas le cas, consultez :
* <http://www.gnu.org/licenses/>.
*
* $Revision: 4 $
*
************************************************************************
*/
package ca.nrc.cadc.ac.server.web.userrequests;
import ca.nrc.cadc.ac.ReaderException;
import ca.nrc.cadc.ac.User;
import ca.nrc.cadc.ac.UserAlreadyExistsException;
import ca.nrc.cadc.ac.UserNotFoundException;
import ca.nrc.cadc.ac.UserRequest;
import ca.nrc.cadc.ac.WriterException;
import ca.nrc.cadc.ac.json.JsonUserListWriter;
import ca.nrc.cadc.ac.json.JsonUserReader;
import ca.nrc.cadc.ac.json.JsonUserRequestReader;
import ca.nrc.cadc.ac.json.JsonUserWriter;
import ca.nrc.cadc.ac.server.UserPersistence;
import ca.nrc.cadc.ac.server.web.SyncOutput;
import ca.nrc.cadc.ac.server.web.users.UserLogInfo;
import ca.nrc.cadc.ac.xml.UserListWriter;
import ca.nrc.cadc.ac.xml.UserReader;
import ca.nrc.cadc.ac.xml.UserRequestReader;
import ca.nrc.cadc.ac.xml.UserWriter;
import ca.nrc.cadc.net.TransientException;
import ca.nrc.cadc.profiler.Profiler;
import org.apache.log4j.Logger;
import java.io.IOException;
import java.io.InputStream;
import java.io.Writer;
import java.security.AccessControlException;
import java.security.Principal;
import java.security.PrivilegedExceptionAction;
import java.util.Collection;
public abstract class AbstractUserRequestAction implements PrivilegedExceptionAction<Object>
{
private static final Logger log = Logger.getLogger(AbstractUserRequestAction.class);
public static final String DEFAULT_CONTENT_TYPE = "text/xml";
public static final String JSON_CONTENT_TYPE = "application/json";
private Profiler profiler = new Profiler(AbstractUserRequestAction.class);
protected boolean isAugmentUser;
protected UserLogInfo logInfo;
protected SyncOutput syncOut;
protected UserPersistence userPersistence;
protected String acceptedContentType = DEFAULT_CONTENT_TYPE;
AbstractUserRequestAction()
{
this.isAugmentUser = false;
}
public abstract void doAction() throws Exception;
public void setAugmentUser(final boolean isAugmentUser)
{
this.isAugmentUser = isAugmentUser;
}
public boolean isAugmentUser()
{
return this.isAugmentUser;
}
public void setLogInfo(UserLogInfo logInfo)
{
this.logInfo = logInfo;
}
public void setSyncOut(SyncOutput syncOut)
{
this.syncOut = syncOut;
}
public void setUserPersistence(UserPersistence userPersistence)
{
this.userPersistence = userPersistence;
}
public Object run() throws IOException
{
try
{
doAction();
profiler.checkpoint("doAction");
}
catch (AccessControlException e)
{
log.debug(e.getMessage(), e);
String message = "Permission Denied";
this.logInfo.setMessage(message);
sendError(403, message);
}
catch (IllegalArgumentException e)
{
log.debug(e.getMessage(), e);
String message = e.getMessage();
this.logInfo.setMessage(message);
sendError(400, message);
}
catch (ReaderException e)
{
log.debug(e.getMessage(), e);
String message = e.getMessage();
this.logInfo.setMessage(message);
sendError(400, message);
}
catch (UserNotFoundException e)
{
log.debug(e.getMessage(), e);
String message = "User not found: " + e.getMessage();
this.logInfo.setMessage(message);
sendError(404, message);
}
catch (UserAlreadyExistsException e)
{
log.debug(e.getMessage(), e);
String message = e.getMessage();
this.logInfo.setMessage(message);
sendError(409, message);
}
catch (UnsupportedOperationException e)
{
log.debug(e.getMessage(), e);
this.logInfo.setMessage("Not yet implemented.");
sendError(501);
}
catch (TransientException e)
{
String message = "Transient Error: " + e.getMessage();
this.logInfo.setSuccess(false);
this.logInfo.setMessage(message);
if (e.getRetryDelay() > 0)
syncOut.setHeader("Retry-After", Integer.toString(e.getRetryDelay()));
log.error(message, e);
sendError(503, message);
}
catch (Throwable t)
{
String message = "Internal Error: " + t.getMessage();
this.logInfo.setSuccess(false);
this.logInfo.setMessage(message);
log.error(message, t);
sendError(500, message);
}
return null;
}
private void sendError(int responseCode)
throws IOException
{
sendError(responseCode, null);
}
private void sendError(int responseCode, String message)
{
syncOut.setCode(responseCode);
syncOut.setHeader("Content-Type", "text/plain");
if (message != null)
{
try
{
syncOut.getWriter().write(message);
}
catch (IOException e)
{
log.warn("Could not write error message to output stream");
}
}
profiler.checkpoint("sendError");
}
protected void logUserInfo(String userName)
{
this.logInfo.userName = userName;
}
public void setAcceptedContentType(final String acceptedContentType)
{
this.acceptedContentType = acceptedContentType;
}
/**
* Read a user request (User pending approval) from the HTTP Request's
* stream.
*
* @param inputStream The Input Stream to read from.
* @return User Request instance.
* @throws IOException Any reading errors.
*/
protected UserRequest readUserRequest(final InputStream inputStream)
throws ReaderException, IOException
{
final UserRequest userRequest;
if (acceptedContentType.equals(DEFAULT_CONTENT_TYPE))
{
UserRequestReader requestReader = new UserRequestReader();
userRequest = requestReader.read(inputStream);
}
else if (acceptedContentType.equals(JSON_CONTENT_TYPE))
{
JsonUserRequestReader requestReader = new JsonUserRequestReader();
userRequest = requestReader.read(inputStream);
}
else
{
// Should never happen.
throw new IOException("Unknown content being asked for: "
+ acceptedContentType);
}
profiler.checkpoint("readUserRequest");
return userRequest;
}
}
cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/userrequests/CreateUserRequestAction.java 0 → 100644
+ 96
0
View file @ c507560b
/*
************************************************************************
******************* CANADIAN ASTRONOMY DATA CENTRE *******************
************** CENTRE CANADIEN DE DONNÉES ASTRONOMIQUES **************
*
* (c) 2014. (c) 2014.
* Government of Canada Gouvernement du Canada
* National Research Council Conseil national de recherches
* Ottawa, Canada, K1A 0R6 Ottawa, Canada, K1A 0R6
* All rights reserved Tous droits réservés
*
* NRC disclaims any warranties, Le CNRC dénie toute garantie
* expressed, implied, or énoncée, implicite ou légale,
* statutory, of any kind with de quelque nature que ce
* respect to the software, soit, concernant le logiciel,
* including without limitation y compris sans restriction
* any warranty of merchantability toute garantie de valeur
* or fitness for a particular marchande ou de pertinence
* purpose. NRC shall not be pour un usage particulier.
* liable in any event for any Le CNRC ne pourra en aucun cas
* damages, whether direct or être tenu responsable de tout
* indirect, special or general, dommage, direct ou indirect,
* consequential or incidental, particulier ou général,
* arising from the use of the accessoire ou fortuit, résultant
* software. Neither the name de l'utilisation du logiciel. Ni
* of the National Research le nom du Conseil National de
* Council of Canada nor the Recherches du Canada ni les noms
* names of its contributors may de ses participants ne peuvent
* be used to endorse or promote être utilisés pour approuver ou
* products derived from this promouvoir les produits dérivés
* software without specific prior de ce logiciel sans autorisation
* written permission. préalable et particulière
* par écrit.
*
* This file is part of the Ce fichier fait partie du projet
* OpenCADC project. OpenCADC.
*
* OpenCADC is free software: OpenCADC est un logiciel libre ;
* you can redistribute it and/or vous pouvez le redistribuer ou le
* modify it under the terms of modifier suivant les termes de
* the GNU Affero General Public la “GNU Affero General Public
* License as published by the License” telle que publiée
* Free Software Foundation, par la Free Software Foundation
* either version 3 of the : soit la version 3 de cette
* License, or (at your option) licence, soit (à votre gré)
* any later version. toute version ultérieure.
*
* OpenCADC is distributed in the OpenCADC est distribué
* hope that it will be useful, dans l’espoir qu’il vous
* but WITHOUT ANY WARRANTY; sera utile, mais SANS AUCUNE
* without even the implied GARANTIE : sans même la garantie
* warranty of MERCHANTABILITY implicite de COMMERCIALISABILITÉ
* or FITNESS FOR A PARTICULAR ni d’ADÉQUATION À UN OBJECTIF
* PURPOSE. See the GNU Affero PARTICULIER. Consultez la Licence
* General Public License for Générale Publique GNU Affero
* more details. pour plus de détails.
*
* You should have received Vous devriez avoir reçu une
* a copy of the GNU Affero copie de la Licence Générale
* General Public License along Publique GNU Affero avec
* with OpenCADC. If not, see OpenCADC ; si ce n’est
* <http://www.gnu.org/licenses/>. pas le cas, consultez :
* <http://www.gnu.org/licenses/>.
*
* $Revision: 4 $
*
************************************************************************
*/
package ca.nrc.cadc.ac.server.web.userrequests;
import ca.nrc.cadc.ac.UserRequest;
import java.io.InputStream;
public class CreateUserRequestAction extends AbstractUserRequestAction
{
private final InputStream inputStream;
CreateUserRequestAction(final InputStream inputStream)
{
super();
this.inputStream = inputStream;
}
public void doAction() throws Exception
{
final UserRequest userRequest = readUserRequest(this.inputStream);
userPersistence.addUserRequest(userRequest);
syncOut.setCode(201);
logUserInfo(userRequest.getUser().getHttpPrincipal().getName());
}
}
cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/userrequests/UserRequestActionFactory.java 0 → 100644
+ 208
0
View file @ c507560b
/*
************************************************************************
******************* CANADIAN ASTRONOMY DATA CENTRE *******************
************** CENTRE CANADIEN DE DONNÉES ASTRONOMIQUES **************
*
* (c) 2014. (c) 2014.
* Government of Canada Gouvernement du Canada
* National Research Council Conseil national de recherches
* Ottawa, Canada, K1A 0R6 Ottawa, Canada, K1A 0R6
* All rights reserved Tous droits réservés
*
* NRC disclaims any warranties, Le CNRC dénie toute garantie
* expressed, implied, or énoncée, implicite ou légale,
* statutory, of any kind with de quelque nature que ce
* respect to the software, soit, concernant le logiciel,
* including without limitation y compris sans restriction
* any warranty of merchantability toute garantie de valeur
* or fitness for a particular marchande ou de pertinence
* purpose. NRC shall not be pour un usage particulier.
* liable in any event for any Le CNRC ne pourra en aucun cas
* damages, whether direct or être tenu responsable de tout
* indirect, special or general, dommage, direct ou indirect,
* consequential or incidental, particulier ou général,
* arising from the use of the accessoire ou fortuit, résultant
* software. Neither the name de l'utilisation du logiciel. Ni
* of the National Research le nom du Conseil National de
* Council of Canada nor the Recherches du Canada ni les noms
* names of its contributors may de ses participants ne peuvent
* be used to endorse or promote être utilisés pour approuver ou
* products derived from this promouvoir les produits dérivés
* software without specific prior de ce logiciel sans autorisation
* written permission. préalable et particulière
* par écrit.
*
* This file is part of the Ce fichier fait partie du projet
* OpenCADC project. OpenCADC.
*
* OpenCADC is free software: OpenCADC est un logiciel libre ;
* you can redistribute it and/or vous pouvez le redistribuer ou le
* modify it under the terms of modifier suivant les termes de
* the GNU Affero General Public la “GNU Affero General Public
* License as published by the License” telle que publiée
* Free Software Foundation, par la Free Software Foundation
* either version 3 of the : soit la version 3 de cette
* License, or (at your option) licence, soit (à votre gré)
* any later version. toute version ultérieure.
*
* OpenCADC is distributed in the OpenCADC est distribué
* hope that it will be useful, dans l’espoir qu’il vous
* but WITHOUT ANY WARRANTY; sera utile, mais SANS AUCUNE
* without even the implied GARANTIE : sans même la garantie
* warranty of MERCHANTABILITY implicite de COMMERCIALISABILITÉ
* or FITNESS FOR A PARTICULAR ni d’ADÉQUATION À UN OBJECTIF
* PURPOSE. See the GNU Affero PARTICULIER. Consultez la Licence
* General Public License for Générale Publique GNU Affero
* more details. pour plus de détails.
*
* You should have received Vous devriez avoir reçu une
* a copy of the GNU Affero copie de la Licence Générale
* General Public License along Publique GNU Affero avec
* with OpenCADC. If not, see OpenCADC ; si ce n’est
* <http://www.gnu.org/licenses/>. pas le cas, consultez :
* <http://www.gnu.org/licenses/>.
*
* $Revision: 4 $
*
************************************************************************
*/
package ca.nrc.cadc.ac.server.web.userrequests;
import ca.nrc.cadc.ac.User;
import ca.nrc.cadc.ac.server.web.WebUtil;
import ca.nrc.cadc.auth.CookiePrincipal;
import ca.nrc.cadc.auth.HttpPrincipal;
import ca.nrc.cadc.auth.IdentityType;
import ca.nrc.cadc.auth.NumericPrincipal;
import ca.nrc.cadc.auth.OpenIdPrincipal;
import org.apache.log4j.Logger;
import javax.security.auth.x500.X500Principal;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.util.UUID;
public abstract class UserRequestActionFactory
{
private static final Logger log = Logger.getLogger(UserRequestActionFactory.class);
public abstract AbstractUserRequestAction createAction(HttpServletRequest request)
throws IllegalArgumentException, IOException;
public static UserRequestActionFactory httpGetFactory()
{
return new UserRequestActionFactory()
{
public AbstractUserRequestAction createAction(HttpServletRequest request)
throws IllegalArgumentException, IOException
{
// http get not supported
throw new UnsupportedOperationException();
}
};
}
public static UserRequestActionFactory httpPutFactory()
{
return new UserRequestActionFactory()
{
public AbstractUserRequestAction createAction(HttpServletRequest request)
throws IllegalArgumentException, IOException
{
AbstractUserRequestAction action = null;
String path = request.getPathInfo();
log.debug("path: " + path);
String[] segments = WebUtil.getPathSegments(path);
if (segments.length == 0)
{
action = new CreateUserRequestAction(request.getInputStream());
}
if (action != null)
{
log.debug("Returning action: " + action.getClass());
return action;
}
throw new IllegalArgumentException("Bad PUT request to " + path);
}
};
}
public static UserRequestActionFactory httpPostFactory()
{
return new UserRequestActionFactory()
{
public AbstractUserRequestAction createAction(HttpServletRequest request)
throws IllegalArgumentException, IOException
{
// http post not supported
throw new UnsupportedOperationException();
}
};
}
public static UserRequestActionFactory httpDeleteFactory()
{
return new UserRequestActionFactory()
{
public AbstractUserRequestAction createAction(HttpServletRequest request)
throws IllegalArgumentException, IOException
{
// http delete not supported
throw new UnsupportedOperationException();
}
};
}
public static UserRequestActionFactory httpHeadFactory()
{
return new UserRequestActionFactory()
{
public AbstractUserRequestAction createAction(HttpServletRequest request)
throws IllegalArgumentException, IOException
{
// http head not supported
throw new UnsupportedOperationException();
}
};
}
private static User getUser(String userName, String idType)
{
User user = new User();
if (idType == null || idType.isEmpty())
{
throw new IllegalArgumentException("User endpoint missing idType parameter");
}
else if (idType.equalsIgnoreCase(IdentityType.USERNAME.getValue()))
{
user.getIdentities().add(new HttpPrincipal(userName));
}
else if (idType.equalsIgnoreCase(IdentityType.X500.getValue()))
{
user.getIdentities().add(new X500Principal(userName));
}
else if (idType.equalsIgnoreCase(IdentityType.CADC.getValue()))
{
user.getIdentities().add(new NumericPrincipal(UUID.fromString(userName)));
}
else if (idType.equalsIgnoreCase(IdentityType.OPENID.getValue()))
{
user.getIdentities().add(new OpenIdPrincipal(userName));
}
else if (idType.equalsIgnoreCase(IdentityType.COOKIE.getValue()))
{
user.getIdentities().add(new CookiePrincipal(userName));
}
else
{
throw new IllegalArgumentException("Unregonized userid");
}
return user;
}
}
cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/AbstractUserAction.java
+ 1
34
View file @ c507560b
......@@ -97,7 +97,7 @@ import ca.nrc.cadc.ac.xml.UserWriter;
import ca.nrc.cadc.net.TransientException;
import ca.nrc.cadc.profiler.Profiler;
public abstract class AbstractUserAction<T extends Principal> implements PrivilegedExceptionAction<Object>
public abstract class AbstractUserAction implements PrivilegedExceptionAction<Object>
{
private static final Logger log = Logger.getLogger(AbstractUserAction.class);
public static final String DEFAULT_CONTENT_TYPE = "text/xml";
......@@ -246,39 +246,6 @@ public abstract class AbstractUserAction<T extends Principal> implements Privile
this.acceptedContentType = acceptedContentType;
}
/**
* Read a user request (User pending approval) from the HTTP Request's
* stream.
*
* @param inputStream The Input Stream to read from.
* @return User Request instance.
* @throws IOException Any reading errors.
*/
protected UserRequest readUserRequest(final InputStream inputStream)
throws ReaderException, IOException
{
final UserRequest userRequest;
if (acceptedContentType.equals(DEFAULT_CONTENT_TYPE))
{
UserRequestReader requestReader = new UserRequestReader();
userRequest = requestReader.read(inputStream);
}
else if (acceptedContentType.equals(JSON_CONTENT_TYPE))
{
JsonUserRequestReader requestReader = new JsonUserRequestReader();
userRequest = requestReader.read(inputStream);
}
else
{
// Should never happen.
throw new IOException("Unknown content being asked for: "
+ acceptedContentType);
}
profiler.checkpoint("readUserRequest");
return userRequest;
}
/**
* Read the user from the given stream of marshalled data.
*
......
cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/CreateUserAction.java
+ 5
6
View file @ c507560b
......@@ -68,10 +68,9 @@
*/
package ca.nrc.cadc.ac.server.web.users;
import java.io.InputStream;
import ca.nrc.cadc.ac.UserRequest;
import ca.nrc.cadc.ac.User;
import java.io.InputStream;
public class CreateUserAction extends AbstractUserAction
{
......@@ -86,11 +85,11 @@ public class CreateUserAction extends AbstractUserAction
public void doAction() throws Exception
{
final UserRequest userRequest = readUserRequest(this.inputStream);
userPersistence.addPendingUser(userRequest);
final User user = readUser(this.inputStream);
userPersistence.addUser(user);
syncOut.setCode(201);
logUserInfo(userRequest.getUser().getHttpPrincipal().getName());
logUserInfo(user.getHttpPrincipal().getName());
}
}
cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/GetUserAction.java
+ 2
2
View file @ c507560b
......@@ -146,8 +146,8 @@ public class GetUserAction extends AbstractUserAction
}
catch (UserNotFoundException e)
{
user = userPersistence.getPendingUser(principal);
profiler.checkpoint("getPendingUser");
user = userPersistence.getUserRequest(principal);
profiler.checkpoint("getUserRequest");
}
// Only return user profile info, first and last name.
......
cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/AbstractLdapDAOTest.java
+ 9
18
View file @ c507560b
......@@ -101,8 +101,6 @@ public class AbstractLdapDAOTest
static User cadcDaoTest1_User;
static User cadcDaoTest2_User;
static User cadcDaoTest3_User;
static User cadcDaoTest1_HttpUser;
static User cadcDaoTest1_X500User;
static User cadcDaoTest1_AugmentedUser;
static User cadcDaoTest2_AugmentedUser;
static User testMember;
......@@ -152,8 +150,9 @@ public class AbstractLdapDAOTest
user.getIdentities().add(cadcDaoTest1_X500Principal);
user.personalDetails = new PersonalDetails("CADC", "DAOTest1");
user.personalDetails.email = cadcDaoTest1_CN + "@canada.ca";
UserRequest request = new UserRequest(user, "password1".toCharArray());
getUserDAO().addUser(request);
UserRequest userRequest = new UserRequest(user, "password".toCharArray());
getUserDAO().addUserRequest(userRequest);
getUserDAO().approveUserRequest(cadcDaoTest1_HttpPrincipal);
cadcDaoTest1_User = getUserDAO().getUser(cadcDaoTest1_HttpPrincipal);
}
......@@ -168,8 +167,9 @@ public class AbstractLdapDAOTest
user.getIdentities().add(cadcDaoTest2_X500Principal);
user.personalDetails = new PersonalDetails("CADC", "DAOTest2");
user.personalDetails.email = cadcDaoTest2_CN + "@canada.ca";
UserRequest request = new UserRequest(user, "password2".toCharArray());
getUserDAO().addUser(request);
UserRequest userRequest = new UserRequest(user, "password".toCharArray());
getUserDAO().addUserRequest(userRequest);
getUserDAO().approveUserRequest(cadcDaoTest2_HttpPrincipal);
cadcDaoTest2_User = getUserDAO().getUser(cadcDaoTest2_HttpPrincipal);
}
......@@ -184,8 +184,9 @@ public class AbstractLdapDAOTest
user.getIdentities().add(cadcDaoTest3_X500Principal);
user.personalDetails = new PersonalDetails("CADC", "DAOTest3");
user.personalDetails.email = cadcDaoTest3_CN + "@canada.ca";
UserRequest request = new UserRequest(user, "password3".toCharArray());
getUserDAO().addUser(request);
UserRequest userRequest = new UserRequest(user, "password".toCharArray());
getUserDAO().addUserRequest(userRequest);
getUserDAO().approveUserRequest(cadcDaoTest3_HttpPrincipal);
cadcDaoTest3_User = getUserDAO().getUser(cadcDaoTest3_HttpPrincipal);
}
......@@ -199,16 +200,6 @@ public class AbstractLdapDAOTest
cadcDaoTest2_Subject = new Subject();
cadcDaoTest2_Subject.getPrincipals().addAll(cadcDaoTest2_AugmentedUser.getIdentities());
// A cadcDaoTest1 user with only a HttpPrincipal
// cadcDaoTest1_HttpUser = new User();
// cadcDaoTest1_HttpUser.personalDetails = new PersonalDetails("CADC", "DAOTest1");
// cadcDaoTest1_HttpUser.getIdentities().add(cadcDaoTest1_User.getHttpPrincipal());
//
// // A cadcDaoTest1 user with only a X500Principal
// cadcDaoTest1_X500User = new User();
// cadcDaoTest1_X500User.personalDetails = new PersonalDetails("CADC", "DAOTest1");
// cadcDaoTest1_X500User.getIdentities().add(cadcDaoTest1_X500Principal);
// member returned by getMember contains only the fields required by the GMS
testMember = new User();
testMember.personalDetails = new PersonalDetails("test", "member");
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment