diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapConfig.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapConfig.java
index 9157966d3b1ca264d9575daf7ad5aca5a5889adf..17bd814f4431099e7c30f708ea4770c19e03f31f 100755
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapConfig.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapConfig.java
@@ -68,12 +68,14 @@
*/
package ca.nrc.cadc.ac.server.ldap;
-import ca.nrc.cadc.util.StringUtil;
import java.io.IOException;
import java.net.URL;
import java.util.Properties;
+
import org.apache.log4j.Logger;
+import ca.nrc.cadc.util.StringUtil;
+
public class LdapConfig
{
private static final Logger logger = Logger.getLogger(LdapConfig.class);
@@ -87,6 +89,9 @@ public class LdapConfig
public static final String LDAP_USERS_DN = "usersDn";
public static final String LDAP_GROUPS_DN = "groupsDn";
public static final String LDAP_ADMIN_GROUPS_DN = "adminGroupsDn";
+
+ public static final String LDAP_AVAIL_TEST_GROUP = "availabilityTestGroup";
+ public static final String LDAP_AVAIL_TEST_CALLING_USER_DN = "availabilityTestCallingUserDN";
private String usersDN;
private String groupsDN;
@@ -95,6 +100,9 @@ public class LdapConfig
private int port;
private String adminUserDN;
private String adminPasswd;
+
+ private String availabilityTestGroup;
+ private String availabilityTestCallingUserDN;
public static LdapConfig getLdapConfig()
{
@@ -165,15 +173,36 @@ public class LdapConfig
throw new RuntimeException("failed to read property " +
LDAP_ADMIN_GROUPS_DN);
}
+
+ String availGroup = config.getProperty(LDAP_AVAIL_TEST_GROUP);
+ if (!StringUtil.hasText(availGroup))
+ {
+ throw new RuntimeException("failed to read property " +
+ LDAP_AVAIL_TEST_GROUP);
+ }
+
+ String availUser = config.getProperty(LDAP_AVAIL_TEST_CALLING_USER_DN);
+ if (!StringUtil.hasText(availUser))
+ {
+ throw new RuntimeException("failed to read property " +
+ LDAP_AVAIL_TEST_CALLING_USER_DN);
+ }
return new LdapConfig(server, Integer.valueOf(port), ldapAdmin,
ldapPasswd, ldapUsersDn, ldapGroupsDn,
- ldapAdminGroupsDn);
+ ldapAdminGroupsDn, availGroup, availUser);
+ }
+
+ public LdapConfig(String server, int port, String adminUserDN,
+ String adminPasswd, String usersDN, String groupsDN,
+ String adminGroupsDN)
+ {
+ this(server, port, adminUserDN, adminPasswd, usersDN, groupsDN, adminGroupsDN, null, null);
}
public LdapConfig(String server, int port, String adminUserDN,
String adminPasswd, String usersDN, String groupsDN,
- String adminGroupsDN)
+ String adminGroupsDN, String availGroup, String availUser)
{
if (!StringUtil.hasText(server))
{
@@ -204,6 +233,7 @@ public class LdapConfig
{
throw new IllegalArgumentException("Illegal admin groups LDAP DN");
}
+
this.server = server;
this.port = port;
@@ -212,6 +242,8 @@ public class LdapConfig
this.usersDN = usersDN;
this.groupsDN = groupsDN;
this.adminGroupsDN = adminGroupsDN;
+ this.availabilityTestGroup = availGroup;
+ this.availabilityTestCallingUserDN = availUser;
}
public String getUsersDN()
@@ -248,5 +280,15 @@ public class LdapConfig
{
return this.adminPasswd;
}
+
+ public String getAvailabilityTestGroup()
+ {
+ return this.availabilityTestGroup;
+ }
+
+ public String getAvailabilityTestCallingUserDN()
+ {
+ return this.availabilityTestCallingUserDN;
+ }
}
diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapDAO.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapDAO.java
index 287f9d283ad1eb6714cb695e648b76e0b9e7bb3d..c33961f36a8119f28f915b2405a4375127044558 100755
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapDAO.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapDAO.java
@@ -196,21 +196,16 @@ public abstract class LdapDAO
* @param errorMsg
* @throws TransientException
*/
- protected static void checkLdapResult(ResultCode code, String errorMsg)
+ protected static void checkLdapResult(ResultCode code)
throws TransientException
{
- String msg = "";
- if (errorMsg != null)
- {
- msg = "(" + errorMsg + ")";
- }
if (code == ResultCode.INSUFFICIENT_ACCESS_RIGHTS)
{
- throw new AccessControlException("Not authorized " + msg);
+ throw new AccessControlException("Not authorized ");
}
else if (code == ResultCode.INVALID_CREDENTIALS)
{
- throw new AccessControlException("Invalid credentials " + msg);
+ throw new AccessControlException("Invalid credentials ");
}
else if ((code == ResultCode.SUCCESS) || (code == ResultCode.NO_SUCH_OBJECT) )
{
@@ -218,16 +213,16 @@ public abstract class LdapDAO
}
else if (code == ResultCode.PARAM_ERROR)
{
- throw new IllegalArgumentException("Error in Ldap parameters " + msg);
+ throw new IllegalArgumentException("Error in Ldap parameters ");
}
else if (code == ResultCode.BUSY ||
code == ResultCode.CONNECT_ERROR )
{
- throw new TransientException("Connection problems " + msg );
+ throw new TransientException("Connection problems ");
}
else
{
- throw new RuntimeException("Ldap error" + msg);
+ throw new RuntimeException("Ldap error (" + code.getName() + ")");
}
}
diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java
index 3223b21b7053126f0e58b7e646ee00b00e16eec2..6b0566c6a2f3580ce607e4e1aed6652a87a2dd0d 100755
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java
@@ -173,7 +173,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
group.description,
group.getUserMembers(),
group.getGroupMembers());
- LdapDAO.checkLdapResult(result.getResultCode(), null);
+ LdapDAO.checkLdapResult(result.getResultCode());
// add group to admin groups tree
result = addGroup(getAdminGroupDN(group.getID()),
@@ -181,7 +181,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
group.description,
group.getUserAdmins(),
group.getGroupAdmins());
- LdapDAO.checkLdapResult(result.getResultCode(), null);
+ LdapDAO.checkLdapResult(result.getResultCode());
try
{
@@ -195,8 +195,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
}
catch (LDAPException e)
{
- LdapDAO.checkLdapResult(e.getResultCode(),
- e.getDiagnosticMessage());
+ LdapDAO.checkLdapResult(e.getResultCode());
throw new RuntimeException("Unexpected LDAP exception", e);
}
}
@@ -302,7 +301,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
}
catch (LDAPException e)
{
- LdapDAO.checkLdapResult(e.getResultCode(), e.getDiagnosticMessage());
+ LdapDAO.checkLdapResult(e.getResultCode());
throw new RuntimeException("Unexpected LDAP exception", e);
}
}
@@ -391,13 +390,13 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
}
else
{
- LdapDAO.checkLdapResult(e.getResultCode(), e.getMessage());
+ LdapDAO.checkLdapResult(e.getResultCode());
}
}
if (searchResult.getEntryCount() == 0)
{
- LdapDAO.checkLdapResult(searchResult.getResultCode(), null);
+ LdapDAO.checkLdapResult(searchResult.getResultCode());
//access denied
String msg = "Not authorized to access " + groupID;
logger.debug(msg);
@@ -485,7 +484,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
}
catch (LDAPException e1)
{
- LdapDAO.checkLdapResult(e1.getResultCode(), e1.getDiagnosticMessage());
+ LdapDAO.checkLdapResult(e1.getResultCode());
throw new GroupNotFoundException("Not found " + groupID);
}
}
@@ -573,7 +572,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
new ProxiedAuthorizationV2RequestControl(
"dn:" + getSubjectDN().toNormalizedString()));
LdapDAO.checkLdapResult(getConnection().
- modify(modifyRequest).getResultCode(), null);
+ modify(modifyRequest).getResultCode());
// modify the group itself now
modifyRequest = new ModifyRequest(getGroupDN(group.getID()), mods);
@@ -582,11 +581,11 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
new ProxiedAuthorizationV2RequestControl(
"dn:" + getSubjectDN().toNormalizedString()));
LdapDAO.checkLdapResult(getConnection().
- modify(modifyRequest).getResultCode(), null);
+ modify(modifyRequest).getResultCode());
}
catch (LDAPException e1)
{
- LdapDAO.checkLdapResult(e1.getResultCode(), e1.getDiagnosticMessage());
+ LdapDAO.checkLdapResult(e1.getResultCode());
}
try
{
@@ -655,11 +654,11 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
new ProxiedAuthorizationV2RequestControl(
"dn:" + getSubjectDN().toNormalizedString()));
LDAPResult result = getConnection().modify(modifyRequest);
- LdapDAO.checkLdapResult(result.getResultCode(), null);
+ LdapDAO.checkLdapResult(result.getResultCode());
}
catch (LDAPException e1)
{
- LdapDAO.checkLdapResult(e1.getResultCode(), e1.getDiagnosticMessage());
+ LdapDAO.checkLdapResult(e1.getResultCode());
}
try
@@ -761,7 +760,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
}
catch (LDAPException e1)
{
- LdapDAO.checkLdapResult(e1.getResultCode(), e1.getDiagnosticMessage());
+ LdapDAO.checkLdapResult(e1.getResultCode());
}
return groupDNs;
}
@@ -851,7 +850,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
}
catch (LDAPException e)
{
- LdapDAO.checkLdapResult(e.getResultCode(), e.getDiagnosticMessage());
+ LdapDAO.checkLdapResult(e.getResultCode());
}
throw new IllegalArgumentException(groupID + " not a valid group ID");
}
@@ -869,7 +868,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
}
catch (LDAPException e)
{
- LdapDAO.checkLdapResult(e.getResultCode(), e.getDiagnosticMessage());
+ LdapDAO.checkLdapResult(e.getResultCode());
}
throw new IllegalArgumentException(groupID + " not a valid group ID");
}
diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupPersistence.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupPersistence.java
index 8bdb18d2383a88625c172fb2f183df69410c6cff..4ef7ef53f58a5bcfa7346d972499ce736633e0fa 100755
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupPersistence.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupPersistence.java
@@ -68,18 +68,19 @@
*/
package ca.nrc.cadc.ac.server.ldap;
+import java.security.AccessControlException;
+import java.security.Principal;
+import java.util.Collection;
+
+import org.apache.log4j.Logger;
+
import ca.nrc.cadc.ac.Group;
import ca.nrc.cadc.ac.GroupAlreadyExistsException;
import ca.nrc.cadc.ac.GroupNotFoundException;
-import ca.nrc.cadc.ac.IdentityType;
import ca.nrc.cadc.ac.Role;
import ca.nrc.cadc.ac.UserNotFoundException;
import ca.nrc.cadc.ac.server.GroupPersistence;
import ca.nrc.cadc.net.TransientException;
-import java.security.AccessControlException;
-import java.security.Principal;
-import java.util.Collection;
-import org.apache.log4j.Logger;
public class LdapGroupPersistence<T extends Principal>
implements GroupPersistence<T>
@@ -98,9 +99,11 @@ public class LdapGroupPersistence<T extends Principal>
AccessControlException
{
LdapGroupDAO<T> groupDAO = null;
+ LdapUserDAO<T> userDAO = null;
try
{
- groupDAO = new LdapGroupDAO<T>(config, new LdapUserDAO<T>(config));
+ userDAO = new LdapUserDAO<T>(config);
+ groupDAO = new LdapGroupDAO<T>(config, userDAO);
Group ret = groupDAO.getGroup(groupName);
return ret;
}
@@ -110,6 +113,10 @@ public class LdapGroupPersistence<T extends Principal>
{
groupDAO.close();
}
+ if (userDAO != null)
+ {
+ userDAO.close();
+ }
}
}
@@ -118,9 +125,11 @@ public class LdapGroupPersistence<T extends Principal>
AccessControlException, UserNotFoundException
{
LdapGroupDAO<T> groupDAO = null;
+ LdapUserDAO<T> userDAO = null;
try
{
- groupDAO = new LdapGroupDAO<T>(config, new LdapUserDAO<T>(config));
+ userDAO = new LdapUserDAO<T>(config);
+ groupDAO = new LdapGroupDAO<T>(config, userDAO);
Group ret = groupDAO.addGroup(group);
return ret;
}
@@ -130,6 +139,10 @@ public class LdapGroupPersistence<T extends Principal>
{
groupDAO.close();
}
+ if (userDAO != null)
+ {
+ userDAO.close();
+ }
}
}
@@ -138,9 +151,11 @@ public class LdapGroupPersistence<T extends Principal>
AccessControlException
{
LdapGroupDAO<T> groupDAO = null;
+ LdapUserDAO<T> userDAO = null;
try
{
- groupDAO = new LdapGroupDAO<T>(config, new LdapUserDAO<T>(config));
+ userDAO = new LdapUserDAO<T>(config);
+ groupDAO = new LdapGroupDAO<T>(config, userDAO);
groupDAO.deleteGroup(groupName);
}
finally
@@ -149,6 +164,10 @@ public class LdapGroupPersistence<T extends Principal>
{
groupDAO.close();
}
+ if (userDAO != null)
+ {
+ userDAO.close();
+ }
}
}
@@ -157,9 +176,11 @@ public class LdapGroupPersistence<T extends Principal>
AccessControlException, UserNotFoundException
{
LdapGroupDAO<T> groupDAO = null;
+ LdapUserDAO<T> userDAO = null;
try
{
- groupDAO = new LdapGroupDAO<T>(config, new LdapUserDAO<T>(config));
+ userDAO = new LdapUserDAO<T>(config);
+ groupDAO = new LdapGroupDAO<T>(config, userDAO);
Group ret = groupDAO.modifyGroup(group);
return ret;
}
@@ -169,6 +190,10 @@ public class LdapGroupPersistence<T extends Principal>
{
groupDAO.close();
}
+ if (userDAO != null)
+ {
+ userDAO.close();
+ }
}
}
@@ -177,9 +202,11 @@ public class LdapGroupPersistence<T extends Principal>
TransientException, AccessControlException
{
LdapGroupDAO<T> groupDAO = null;
+ LdapUserDAO<T> userDAO = null;
try
{
- groupDAO = new LdapGroupDAO<T>(config, new LdapUserDAO<T>(config));
+ userDAO = new LdapUserDAO<T>(config);
+ groupDAO = new LdapGroupDAO<T>(config, userDAO);
Collection<Group> ret = groupDAO.getGroups(userID, role, groupID);
return ret;
}
@@ -189,6 +216,10 @@ public class LdapGroupPersistence<T extends Principal>
{
groupDAO.close();
}
+ if (userDAO != null)
+ {
+ userDAO.close();
+ }
}
}
diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java
index 88e16fee18d8e8cd6d322219532a948a57a1118f..c6b9221c59c58a15699d495f1239b43d2fc30683 100755
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java
@@ -166,7 +166,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
}
catch (LDAPException e)
{
- LdapDAO.checkLdapResult(e.getResultCode(), e.getDiagnosticMessage());
+ LdapDAO.checkLdapResult(e.getResultCode());
}
if (searchResult == null)
@@ -196,7 +196,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
* @return Collection of Group instances.
*
* @throws UserNotFoundException when the user is not found.
- * @throws TransientException If an temporary, unexpected problem occurred.
+ * @throws TransientException If an temporary, unexpected problem occurred., e.getMessage(
* @throws AccessControlException If the operation is not permitted.
*/
public Collection<DN> getUserGroups(final T userID, final boolean isAdmin)
@@ -257,7 +257,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
}
catch (LDAPException e)
{
- LdapDAO.checkLdapResult(e.getResultCode(), e.getDiagnosticMessage());
+ LdapDAO.checkLdapResult(e.getResultCode());
}
return groupDNs;
}
@@ -312,7 +312,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
}
catch (LDAPException e)
{
- LdapDAO.checkLdapResult(e.getResultCode(), e.getDiagnosticMessage());
+ LdapDAO.checkLdapResult(e.getResultCode());
}
return false;
}
@@ -347,7 +347,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
// }
// catch (LDAPException e)
// {
-// LdapDAO.checkLdapResult(e.getResultCode(), e.getDiagnosticMessage());
+// LdapDAO.checkLdapResult(e.getResultCode());
// throw new RuntimeException("Unexpected LDAP exception", e);
// }
// }
@@ -423,7 +423,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
} catch (LDAPException e)
{
- LdapDAO.checkLdapResult(e.getResultCode(), e.getDiagnosticMessage());
+ LdapDAO.checkLdapResult(e.getResultCode());
}
diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/DeleteGroupAction.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/DeleteGroupAction.java
index 8850463290fc20f21ed8b5a7fcc807f9732df12c..8f619fa381cc12469cf9ff0b196c280364d22571 100755
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/DeleteGroupAction.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/DeleteGroupAction.java
@@ -68,13 +68,11 @@
*/
package ca.nrc.cadc.ac.server.web;
+import java.util.ArrayList;
+
import ca.nrc.cadc.ac.Group;
import ca.nrc.cadc.ac.User;
import ca.nrc.cadc.ac.server.GroupPersistence;
-import java.security.Principal;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Set;
public class DeleteGroupAction extends GroupsAction
{
@@ -94,7 +92,7 @@ public class DeleteGroupAction extends GroupsAction
groupPersistence.deleteGroup(this.groupName);
if ((deletedGroup.getUserMembers().size() > 0) || (deletedGroup.getGroupMembers().size() > 0))
{
- this.logInfo.addedMembers = new ArrayList<String>();
+ this.logInfo.deletedMembers = new ArrayList<String>();
for (Group gr : deletedGroup.getGroupMembers())
{
this.logInfo.deletedMembers.add(gr.getID());
diff --git a/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java b/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java
index 7914b36762bd6bc64ff33594991fddfb3b73971d..e29da595b841c4ee6651ae5a5c1c1a3bb780082e 100644
--- a/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java
+++ b/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java
@@ -292,6 +292,7 @@ public class LdapGroupDAOTest
testGroup2.getUserMembers().add(daoTestUser2);
testGroup2 = getGroupDAO().addGroup(testGroup2);
log.debug("add group: " + testGroup2ID);
+ Thread.sleep(1000); //sleep to let memberof plugin in LDAP do its work
}
catch (Exception e)
{
@@ -392,6 +393,7 @@ public class LdapGroupDAOTest
testGroup2.getUserAdmins().add(daoTestUser2);
testGroup2 = getGroupDAO().addGroup(testGroup2);
log.debug("add group: " + testGroup2ID);
+ Thread.sleep(1000); // sleep to let memberof plugin do its work
}
catch (Exception e)
{
@@ -406,7 +408,7 @@ public class LdapGroupDAOTest
public Object run() throws Exception
{
try
- {
+ {
Collection<Group> groups =
getGroupDAO().getGroups(daoTestUser2.getUserID(),
Role.ADMIN, null);
diff --git a/projects/cadcAccessControl/src/ca/nrc/cadc/ac/client/GMSClient.java b/projects/cadcAccessControl/src/ca/nrc/cadc/ac/client/GMSClient.java
index 00af73879e6dbdad4170573724ed246a9eb6575e..f7d868887f58c310f1ce3ba1cd7816cd3affcdf5 100755
--- a/projects/cadcAccessControl/src/ca/nrc/cadc/ac/client/GMSClient.java
+++ b/projects/cadcAccessControl/src/ca/nrc/cadc/ac/client/GMSClient.java
@@ -410,7 +410,7 @@ public class GMSClient
{
throw new GroupNotFoundException(errMessage);
}
- throw new IOException(errMessage);
+ throw new IOException("HttpResponse (" + responseCode + ") - " + errMessage);
}
}