Merge branch 's1651' of ssh://mach16/usr/cadc/dev/git/wopencadc into s1651

projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapConfig.java

@@ -68,12 +68,14 @@
  */
 package ca.nrc.cadc.ac.server.ldap;
 
-import ca.nrc.cadc.util.StringUtil;
 import java.io.IOException;
 import java.net.URL;
 import java.util.Properties;
+
 import org.apache.log4j.Logger;
 
+import ca.nrc.cadc.util.StringUtil;
+
 public class LdapConfig
 {
     private static final Logger logger = Logger.getLogger(LdapConfig.class);
@@ -88,6 +90,9 @@ public class LdapConfig
     public static final String LDAP_GROUPS_DN = "groupsDn";
     public static final String LDAP_ADMIN_GROUPS_DN  = "adminGroupsDn";
     
+    public static final String LDAP_AVAIL_TEST_GROUP  = "availabilityTestGroup";
+    public static final String LDAP_AVAIL_TEST_CALLING_USER_DN  = "availabilityTestCallingUserDN";
+
     private String usersDN;
     private String groupsDN;
     private String adminGroupsDN;
@@ -96,6 +101,9 @@ public class LdapConfig
     private String adminUserDN;
     private String adminPasswd;
     
+    private String availabilityTestGroup;
+    private String availabilityTestCallingUserDN;
+
     public static LdapConfig getLdapConfig()
     {
         Properties config = new Properties();
@@ -166,14 +174,35 @@ public class LdapConfig
                                        LDAP_ADMIN_GROUPS_DN);
         }
         
+        String availGroup = config.getProperty(LDAP_AVAIL_TEST_GROUP);
+        if (!StringUtil.hasText(availGroup))
+        {
+            throw new RuntimeException("failed to read property " + 
+                                       LDAP_AVAIL_TEST_GROUP);
+        }
+        
+        String availUser = config.getProperty(LDAP_AVAIL_TEST_CALLING_USER_DN);
+        if (!StringUtil.hasText(availUser))
+        {
+            throw new RuntimeException("failed to read property " + 
+                                       LDAP_AVAIL_TEST_CALLING_USER_DN);
+        }
+
         return new LdapConfig(server, Integer.valueOf(port), ldapAdmin, 
                               ldapPasswd, ldapUsersDn, ldapGroupsDn,
-                              ldapAdminGroupsDn);
+                              ldapAdminGroupsDn, availGroup, availUser);
     }
     
     public LdapConfig(String server, int port, String adminUserDN, 
             String adminPasswd, String usersDN, String groupsDN,
             String adminGroupsDN)
+    {
+        this(server, port, adminUserDN, adminPasswd, usersDN, groupsDN, adminGroupsDN, null, null);
+    }
+
+    public LdapConfig(String server, int port, String adminUserDN, 
+                      String adminPasswd, String usersDN, String groupsDN,
+                      String adminGroupsDN, String availGroup, String availUser)
     {
         if (!StringUtil.hasText(server))
         {
@@ -205,6 +234,7 @@ public class LdapConfig
             throw new IllegalArgumentException("Illegal admin groups LDAP DN");
         }
         
+
         this.server = server;
         this.port = port;
         this.adminUserDN = adminUserDN;
@@ -212,6 +242,8 @@ public class LdapConfig
         this.usersDN = usersDN;
         this.groupsDN = groupsDN;
         this.adminGroupsDN = adminGroupsDN;
+        this.availabilityTestGroup = availGroup;
+        this.availabilityTestCallingUserDN = availUser;
     }
 
     public String getUsersDN()
@@ -249,4 +281,14 @@ public class LdapConfig
         return this.adminPasswd;
     }
     
+    public String getAvailabilityTestGroup()
+    {
+        return this.availabilityTestGroup;
+    }
+    
+    public String getAvailabilityTestCallingUserDN()
+    {
+        return this.availabilityTestCallingUserDN;
+    }
+
 }

projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapDAO.java

@@ -196,21 +196,16 @@ public abstract class LdapDAO
      * @param errorMsg
      * @throws TransientException 
      */
-    protected static void checkLdapResult(ResultCode code, String errorMsg) 
+    protected static void checkLdapResult(ResultCode code) 
             throws TransientException
     {
-        String msg = "";
-        if (errorMsg != null)
-        {
-            msg = "(" + errorMsg + ")";
-        }
         if (code == ResultCode.INSUFFICIENT_ACCESS_RIGHTS)
         {
-            throw new AccessControlException("Not authorized " + msg);
+            throw new AccessControlException("Not authorized ");
         }
         else if (code == ResultCode.INVALID_CREDENTIALS)
         {
-            throw new AccessControlException("Invalid credentials " + msg);
+            throw new AccessControlException("Invalid credentials ");
         }
         else if ((code == ResultCode.SUCCESS) || (code == ResultCode.NO_SUCH_OBJECT) )
         {
@@ -218,16 +213,16 @@ public abstract class LdapDAO
         }
         else if (code == ResultCode.PARAM_ERROR)
         {
-            throw new IllegalArgumentException("Error in Ldap parameters " + msg);
+            throw new IllegalArgumentException("Error in Ldap parameters ");
         }
         else if (code == ResultCode.BUSY ||
                  code == ResultCode.CONNECT_ERROR )
         {
-            throw new TransientException("Connection problems " + msg );
+            throw new TransientException("Connection problems ");
         }
         else
         {
-            throw new RuntimeException("Ldap error" + msg);
+            throw new RuntimeException("Ldap error (" + code.getName() + ")");
         }
     }
 

projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java

@@ -173,7 +173,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
                                              group.description, 
                                              group.getUserMembers(), 
                                              group.getGroupMembers());
-                LdapDAO.checkLdapResult(result.getResultCode(), null);
+                LdapDAO.checkLdapResult(result.getResultCode());
                 
                 // add group to admin groups tree
                 result = addGroup(getAdminGroupDN(group.getID()), 
@@ -181,7 +181,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
                                   group.description, 
                                   group.getUserAdmins(), 
                                   group.getGroupAdmins());
-                LdapDAO.checkLdapResult(result.getResultCode(), null);
+                LdapDAO.checkLdapResult(result.getResultCode());
                 
                 try
                 {
@@ -195,8 +195,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
         }
         catch (LDAPException e)
         {
-            LdapDAO.checkLdapResult(e.getResultCode(), 
-                    e.getDiagnosticMessage());
+            LdapDAO.checkLdapResult(e.getResultCode());
             throw new RuntimeException("Unexpected LDAP exception", e);
         } 
     }
@@ -302,7 +301,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
         } 
         catch (LDAPException e)
         {
-            LdapDAO.checkLdapResult(e.getResultCode(), e.getDiagnosticMessage());
+            LdapDAO.checkLdapResult(e.getResultCode());
             throw new RuntimeException("Unexpected LDAP exception", e);
         }
     }
@@ -391,13 +390,13 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
                 }
                 else
                 {
-                    LdapDAO.checkLdapResult(e.getResultCode(), e.getMessage());
+                    LdapDAO.checkLdapResult(e.getResultCode());
                 }
             }
             
             if (searchResult.getEntryCount() == 0)
             {
-                LdapDAO.checkLdapResult(searchResult.getResultCode(), null);
+                LdapDAO.checkLdapResult(searchResult.getResultCode());
                 //access denied
                 String msg = "Not authorized to access " + groupID;
                 logger.debug(msg);
@@ -485,7 +484,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
         }
         catch (LDAPException e1)
         {
-            LdapDAO.checkLdapResult(e1.getResultCode(), e1.getDiagnosticMessage());
+            LdapDAO.checkLdapResult(e1.getResultCode());
             throw new GroupNotFoundException("Not found " + groupID);
         }
     }
@@ -573,7 +572,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
                     new ProxiedAuthorizationV2RequestControl(
                             "dn:" + getSubjectDN().toNormalizedString()));
             LdapDAO.checkLdapResult(getConnection().
-                    modify(modifyRequest).getResultCode(), null);
+                    modify(modifyRequest).getResultCode());
             
             // modify the group itself now
             modifyRequest = new ModifyRequest(getGroupDN(group.getID()), mods);
@@ -582,11 +581,11 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
                     new ProxiedAuthorizationV2RequestControl(
                             "dn:" + getSubjectDN().toNormalizedString()));
             LdapDAO.checkLdapResult(getConnection().
-                    modify(modifyRequest).getResultCode(), null);
+                    modify(modifyRequest).getResultCode());
         }
         catch (LDAPException e1)
         {
-            LdapDAO.checkLdapResult(e1.getResultCode(), e1.getDiagnosticMessage());
+            LdapDAO.checkLdapResult(e1.getResultCode());
         }
         try
         {
@@ -655,11 +654,11 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
                     new ProxiedAuthorizationV2RequestControl(
                             "dn:" + getSubjectDN().toNormalizedString()));
             LDAPResult result = getConnection().modify(modifyRequest);
-            LdapDAO.checkLdapResult(result.getResultCode(), null);
+            LdapDAO.checkLdapResult(result.getResultCode());
         }
         catch (LDAPException e1)
         {
-            LdapDAO.checkLdapResult(e1.getResultCode(), e1.getDiagnosticMessage());
+            LdapDAO.checkLdapResult(e1.getResultCode());
         }
         
         try
@@ -761,7 +760,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
         }
         catch (LDAPException e1)
         {
-            LdapDAO.checkLdapResult(e1.getResultCode(), e1.getDiagnosticMessage());
+            LdapDAO.checkLdapResult(e1.getResultCode());
         }
         return groupDNs; 
     }
@@ -851,7 +850,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
         }
         catch (LDAPException e)
         {
-            LdapDAO.checkLdapResult(e.getResultCode(), e.getDiagnosticMessage());
+            LdapDAO.checkLdapResult(e.getResultCode());
         }
         throw new IllegalArgumentException(groupID + " not a valid group ID");
     }
@@ -869,7 +868,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
         }
         catch (LDAPException e)
         {
-            LdapDAO.checkLdapResult(e.getResultCode(), e.getDiagnosticMessage());
+            LdapDAO.checkLdapResult(e.getResultCode());
         }
         throw new IllegalArgumentException(groupID + " not a valid group ID");
     }

projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupPersistence.java

@@ -68,18 +68,19 @@
  */
 package ca.nrc.cadc.ac.server.ldap;
 
+import java.security.AccessControlException;
+import java.security.Principal;
+import java.util.Collection;
+
+import org.apache.log4j.Logger;
+
 import ca.nrc.cadc.ac.Group;
 import ca.nrc.cadc.ac.GroupAlreadyExistsException;
 import ca.nrc.cadc.ac.GroupNotFoundException;
-import ca.nrc.cadc.ac.IdentityType;
 import ca.nrc.cadc.ac.Role;
 import ca.nrc.cadc.ac.UserNotFoundException;
 import ca.nrc.cadc.ac.server.GroupPersistence;
 import ca.nrc.cadc.net.TransientException;
-import java.security.AccessControlException;
-import java.security.Principal;
-import java.util.Collection;
-import org.apache.log4j.Logger;
 
 public class LdapGroupPersistence<T extends Principal>
     implements GroupPersistence<T>
@@ -98,9 +99,11 @@ public class LdapGroupPersistence<T extends Principal>
                AccessControlException
     {
         LdapGroupDAO<T> groupDAO = null;
+        LdapUserDAO<T> userDAO = null;
         try
         {
-            groupDAO = new LdapGroupDAO<T>(config, new LdapUserDAO<T>(config));
+            userDAO = new LdapUserDAO<T>(config);
+            groupDAO = new LdapGroupDAO<T>(config, userDAO);
             Group ret = groupDAO.getGroup(groupName);
             return ret;
         }
@@ -110,6 +113,10 @@ public class LdapGroupPersistence<T extends Principal>
             {
                 groupDAO.close();
             }
+            if (userDAO != null)
+            {
+                userDAO.close();
+            }
         }
     }
 
@@ -118,9 +125,11 @@ public class LdapGroupPersistence<T extends Principal>
                AccessControlException, UserNotFoundException
     {
         LdapGroupDAO<T> groupDAO = null;
+        LdapUserDAO<T> userDAO = null;
         try
         {
-            groupDAO = new LdapGroupDAO<T>(config, new LdapUserDAO<T>(config));
+            userDAO = new LdapUserDAO<T>(config);
+            groupDAO = new LdapGroupDAO<T>(config, userDAO);
             Group ret = groupDAO.addGroup(group);
             return ret;
         }
@@ -130,6 +139,10 @@ public class LdapGroupPersistence<T extends Principal>
             {
                 groupDAO.close();
             }
+            if (userDAO != null)
+            {
+                userDAO.close();
+            }
         }
     }
 
@@ -138,9 +151,11 @@ public class LdapGroupPersistence<T extends Principal>
                AccessControlException
     {
         LdapGroupDAO<T> groupDAO = null;
+        LdapUserDAO<T> userDAO = null;
         try
         {
-            groupDAO = new LdapGroupDAO<T>(config, new LdapUserDAO<T>(config));
+            userDAO = new LdapUserDAO<T>(config);
+            groupDAO = new LdapGroupDAO<T>(config, userDAO);
             groupDAO.deleteGroup(groupName);
         }
         finally
@@ -149,6 +164,10 @@ public class LdapGroupPersistence<T extends Principal>
             {
                 groupDAO.close();
             }
+            if (userDAO != null)
+            {
+                userDAO.close();
+            }
         }
     }
 
@@ -157,9 +176,11 @@ public class LdapGroupPersistence<T extends Principal>
                AccessControlException, UserNotFoundException
     {
         LdapGroupDAO<T> groupDAO = null;
+        LdapUserDAO<T> userDAO = null;
         try
         {
-            groupDAO = new LdapGroupDAO<T>(config, new LdapUserDAO<T>(config));
+            userDAO = new LdapUserDAO<T>(config);
+            groupDAO = new LdapGroupDAO<T>(config, userDAO);
             Group ret = groupDAO.modifyGroup(group);
             return ret;
         }
@@ -169,6 +190,10 @@ public class LdapGroupPersistence<T extends Principal>
             {
                 groupDAO.close();
             }
+            if (userDAO != null)
+            {
+                userDAO.close();
+            }
         }
     }
 
@@ -177,9 +202,11 @@ public class LdapGroupPersistence<T extends Principal>
                TransientException, AccessControlException
     {
         LdapGroupDAO<T> groupDAO = null;
+        LdapUserDAO<T> userDAO = null;
         try
         {
-            groupDAO = new LdapGroupDAO<T>(config, new LdapUserDAO<T>(config));
+            userDAO = new LdapUserDAO<T>(config);
+            groupDAO = new LdapGroupDAO<T>(config, userDAO);
             Collection<Group> ret = groupDAO.getGroups(userID, role, groupID);
             return ret;
         }
@@ -189,6 +216,10 @@ public class LdapGroupPersistence<T extends Principal>
             {
                 groupDAO.close();
             }
+            if (userDAO != null)
+            {
+                userDAO.close();
+            }
         }
     }
     

projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java

@@ -166,7 +166,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
         }
         catch (LDAPException e)
         {
-            LdapDAO.checkLdapResult(e.getResultCode(), e.getDiagnosticMessage());
+            LdapDAO.checkLdapResult(e.getResultCode());
         }
 
         if (searchResult == null)
@@ -196,7 +196,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
      * @return Collection of Group instances.
      * 
      * @throws UserNotFoundException  when the user is not found.
-     * @throws TransientException If an temporary, unexpected problem occurred.
+     * @throws TransientException If an temporary, unexpected problem occurred., e.getMessage(
      * @throws AccessControlException If the operation is not permitted.
      */
     public Collection<DN> getUserGroups(final T userID, final boolean isAdmin)
@@ -257,7 +257,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
         }
         catch (LDAPException e)
         {
-            LdapDAO.checkLdapResult(e.getResultCode(), e.getDiagnosticMessage());
+            LdapDAO.checkLdapResult(e.getResultCode());
         }
         return groupDNs;
     }
@@ -312,7 +312,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
         }
         catch (LDAPException e)
         {
-            LdapDAO.checkLdapResult(e.getResultCode(), e.getDiagnosticMessage());
+            LdapDAO.checkLdapResult(e.getResultCode());
         }
         return false;
     }
@@ -347,7 +347,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
 //        }
 //        catch (LDAPException e)
 //        {
-//            LdapDAO.checkLdapResult(e.getResultCode(), e.getDiagnosticMessage());
+//            LdapDAO.checkLdapResult(e.getResultCode());
 //            throw new RuntimeException("Unexpected LDAP exception", e);
 //        }
 //    }
@@ -423,7 +423,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
 
         } catch (LDAPException e)
         {
-            LdapDAO.checkLdapResult(e.getResultCode(), e.getDiagnosticMessage());
+            LdapDAO.checkLdapResult(e.getResultCode());
         }
         
 

projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/DeleteGroupAction.java

@@ -68,13 +68,11 @@
  */
 package ca.nrc.cadc.ac.server.web;
 
+import java.util.ArrayList;
+
 import ca.nrc.cadc.ac.Group;
 import ca.nrc.cadc.ac.User;
 import ca.nrc.cadc.ac.server.GroupPersistence;
-import java.security.Principal;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Set;
 
 public class DeleteGroupAction extends GroupsAction
 {
@@ -94,7 +92,7 @@ public class DeleteGroupAction extends GroupsAction
         groupPersistence.deleteGroup(this.groupName);
         if ((deletedGroup.getUserMembers().size() > 0) || (deletedGroup.getGroupMembers().size() > 0))
         {
-            this.logInfo.addedMembers = new ArrayList<String>();
+            this.logInfo.deletedMembers = new ArrayList<String>();
             for (Group gr : deletedGroup.getGroupMembers())
             {
                 this.logInfo.deletedMembers.add(gr.getID());

projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java

@@ -292,6 +292,7 @@ public class LdapGroupDAOTest
                     testGroup2.getUserMembers().add(daoTestUser2);
                     testGroup2 = getGroupDAO().addGroup(testGroup2);
                     log.debug("add group: " + testGroup2ID);
+                    Thread.sleep(1000); //sleep to let memberof plugin in LDAP do its work 
                 }
                 catch (Exception e)
                 {
@@ -392,6 +393,7 @@ public class LdapGroupDAOTest
                     testGroup2.getUserAdmins().add(daoTestUser2);
                     testGroup2 = getGroupDAO().addGroup(testGroup2);
                     log.debug("add group: " + testGroup2ID);
+                    Thread.sleep(1000); // sleep to let memberof plugin do its work
                 }
                 catch (Exception e)
                 {

projects/cadcAccessControl/src/ca/nrc/cadc/ac/client/GMSClient.java

@@ -410,7 +410,7 @@ public class GMSClient
             {
                 throw new GroupNotFoundException(errMessage);
             }
-            throw new IOException(errMessage);
+            throw new IOException("HttpResponse (" + responseCode + ") - " + errMessage);
         }
     }