Skip to content
Snippets Groups Projects
Commit ca862ad4 authored by bmajor's avatar bmajor Committed by GitHub
Browse files

Merge pull request #30 from pdowler/master 

bug fix for determining AuthMethod correctly
parents 4c6af860 357e4dae
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
cadc-access-control/build.gradle
+ 1
1
View file @ ca862ad4
...@@ -15,7 +15,7 @@ sourceCompatibility = 1.7 ...@@ -15,7 +15,7 @@ sourceCompatibility = 1.7
group = 'org.opencadc' group = 'org.opencadc'
version = '1.1.5' version = '1.1.6'
mainClassName = 'ca.nrc.cadc.ac.client.Main' mainClassName = 'ca.nrc.cadc.ac.client.Main'
......
cadc-access-control/src/main/java/ca/nrc/cadc/ac/client/GMSClient.java
+ 46
20
View file @ ca862ad4
...@@ -1104,37 +1104,63 @@ public class GMSClient implements TransferListener ...@@ -1104,37 +1104,63 @@ public class GMSClient implements TransferListener
private URL lookupServiceURL(final URI standard) private URL lookupServiceURL(final URI standard)
throws AccessControlException throws AccessControlException
{ {
final URL serviceURL = getRegistryClient() Subject subject = AuthenticationUtil.getCurrentSubject();
.getServiceURL(this.serviceID, standard, getAuthMethod()); AuthMethod am = getAuthMethod(subject);
URL serviceURL = getRegistryClient().getServiceURL(this.serviceID, standard, am);
// now that we have a URL we can check if the cookie will actually be sent to it
if (AuthMethod.COOKIE.equals(am))
{
try
{
boolean domainMatch = false;
String domain = NetUtil.getDomainName(serviceURL);
for (SSOCookieCredential cc : subject.getPublicCredentials(SSOCookieCredential.class))
{
if (cc.getDomain().equals(domain))
domainMatch = true;
}
if (!domainMatch)
{
throw new AccessControlException("no SSOCookieCredential for domain " + domain);
}
}
catch(IOException ex)
{
throw new RuntimeException("failure checking domain for cookie use", ex);
}
}
if (serviceURL == null) if (serviceURL == null)
{ {
throw new RuntimeException( throw new RuntimeException(
String.format("Unable to get Service URL for '%s', '%s', '%s'", String.format("Unable to get Service URL for '%s', '%s', '%s'",
serviceID.toString(), Standards.GMS_GROUPS_01, serviceID.toString(), standard, am));
getAuthMethod()));
}
else
{
return serviceURL;
} }
return serviceURL;
} }
private AuthMethod getAuthMethod() private AuthMethod getAuthMethod(Subject subject)
{ {
Subject subject = AuthenticationUtil.getCurrentSubject();
if (subject != null) if (subject != null)
{ {
for (Object o : subject.getPublicCredentials()) // web services use CDP to load a proxy cert so prefer that
X509CertificateChain privateKeyChain = X509CertificateChain.findPrivateKeyChain(
subject.getPublicCredentials());
if (privateKeyChain != null)
return AuthMethod.CERT;
// ui applications pass cookie(s) along
Set sso = subject.getPublicCredentials(SSOCookieCredential.class);
if ( !sso.isEmpty() )
{ {
if (o instanceof X509CertificateChain) return AuthMethod.COOKIE;
return AuthMethod.CERT;
if (o instanceof SSOCookieCredential)
return AuthMethod.COOKIE;
// AuthMethod.PASSWORD not supported
// AuthMethod.TOKEN not supported
} }
// AuthMethod.PASSWORD not supported
// AuthMethod.TOKEN not supported
throw new AccessControlException("No valid public credentials."); throw new AccessControlException("No valid public credentials.");
} }
else else
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment