diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/GroupDetailSelector.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/GroupDetailSelector.java
new file mode 100644
index 0000000000000000000000000000000000000000..6874d550ed26406ebbaae8cd9489f1a82b23f11a
--- /dev/null
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/GroupDetailSelector.java
@@ -0,0 +1,89 @@
+/*
+************************************************************************
+******************* CANADIAN ASTRONOMY DATA CENTRE *******************
+************** CENTRE CANADIEN DE DONNÉES ASTRONOMIQUES **************
+*
+* (c) 2011. (c) 2011.
+* Government of Canada Gouvernement du Canada
+* National Research Council Conseil national de recherches
+* Ottawa, Canada, K1A 0R6 Ottawa, Canada, K1A 0R6
+* All rights reserved Tous droits réservés
+*
+* NRC disclaims any warranties, Le CNRC dénie toute garantie
+* expressed, implied, or énoncée, implicite ou légale,
+* statutory, of any kind with de quelque nature que ce
+* respect to the software, soit, concernant le logiciel,
+* including without limitation y compris sans restriction
+* any warranty of merchantability toute garantie de valeur
+* or fitness for a particular marchande ou de pertinence
+* purpose. NRC shall not be pour un usage particulier.
+* liable in any event for any Le CNRC ne pourra en aucun cas
+* damages, whether direct or être tenu responsable de tout
+* indirect, special or general, dommage, direct ou indirect,
+* consequential or incidental, particulier ou général,
+* arising from the use of the accessoire ou fortuit, résultant
+* software. Neither the name de l'utilisation du logiciel. Ni
+* of the National Research le nom du Conseil National de
+* Council of Canada nor the Recherches du Canada ni les noms
+* names of its contributors may de ses participants ne peuvent
+* be used to endorse or promote être utilisés pour approuver ou
+* products derived from this promouvoir les produits dérivés
+* software without specific prior de ce logiciel sans autorisation
+* written permission. préalable et particulière
+* par écrit.
+*
+* This file is part of the Ce fichier fait partie du projet
+* OpenCADC project. OpenCADC.
+*
+* OpenCADC is free software: OpenCADC est un logiciel libre ;
+* you can redistribute it and/or vous pouvez le redistribuer ou le
+* modify it under the terms of modifier suivant les termes de
+* the GNU Affero General Public la “GNU Affero General Public
+* License as published by the License” telle que publiée
+* Free Software Foundation, par la Free Software Foundation
+* either version 3 of the : soit la version 3 de cette
+* License, or (at your option) licence, soit (à votre gré)
+* any later version. toute version ultérieure.
+*
+* OpenCADC is distributed in the OpenCADC est distribué
+* hope that it will be useful, dans l’espoir qu’il vous
+* but WITHOUT ANY WARRANTY; sera utile, mais SANS AUCUNE
+* without even the implied GARANTIE : sans même la garantie
+* warranty of MERCHANTABILITY implicite de COMMERCIALISABILITÉ
+* or FITNESS FOR A PARTICULAR ni d’ADÉQUATION À UN OBJECTIF
+* PURPOSE. See the GNU Affero PARTICULIER. Consultez la Licence
+* General Public License for Générale Publique GNU Affero
+* more details. pour plus de détails.
+*
+* You should have received Vous devriez avoir reçu une
+* a copy of the GNU Affero copie de la Licence Générale
+* General Public License along Publique GNU Affero avec
+* with OpenCADC. If not, see OpenCADC ; si ce n’est
+* <http://www.gnu.org/licenses/>. pas le cas, consultez :
+* <http://www.gnu.org/licenses/>.
+*
+* $Revision: 5 $
+*
+************************************************************************
+*/
+
+package ca.nrc.cadc.ac.server;
+
+import ca.nrc.cadc.ac.Group;
+import ca.nrc.cadc.ac.Role;
+
+/**
+ *
+ * @author pdowler
+ */
+public interface GroupDetailSelector
+{
+ /**
+ * Check if group details should be filled in for the group when
+ * querying for role.
+ * @param g
+ * @param r
+ * @return true if group details should be filled
+ */
+ boolean isDetailedSearch(Group g, Role r);
+}
diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java
index 30724be6622cb59a29e8ee10b0135ca5ab2ae224..d4a448e5e32f9353a27c0c8e142ec15707a34420 100755
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java
@@ -87,6 +87,7 @@ import ca.nrc.cadc.ac.GroupNotFoundException;
import ca.nrc.cadc.ac.Role;
import ca.nrc.cadc.ac.User;
import ca.nrc.cadc.ac.UserNotFoundException;
+import ca.nrc.cadc.ac.server.GroupDetailSelector;
import ca.nrc.cadc.net.TransientException;
import ca.nrc.cadc.util.StringUtil;
@@ -106,7 +107,6 @@ import com.unboundid.ldap.sdk.SearchResult;
import com.unboundid.ldap.sdk.SearchResultEntry;
import com.unboundid.ldap.sdk.SearchScope;
import com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV2RequestControl;
-import javax.naming.ldap.Rdn;
public class LdapGroupDAO<T extends Principal> extends LdapDAO
{
@@ -773,9 +773,13 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
}
try
{
- Group g = getGroup(groupDN, null, GROUP_ATTRS);
- logger.debug("found group: " + g.getID());
- ret.add(g);
+ Group g = createGroupFromDN(groupDN);
+ if (isDetailedSearch(g, role))
+ {
+ g = getGroup(groupDN, null, GROUP_ATTRS);
+ }
+ logger.debug("found group: " + g.getID());
+ ret.add(g);
}
catch (GroupNotFoundException e)
{
@@ -796,6 +800,28 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
return ret;
}
+ // some pretty horrible hacks to avoid querying LDAP for group details...
+ private Group createGroupFromDN(DN groupDN)
+ {
+ String cn = groupDN.getRDNString();
+ String[] parts = cn.split("=");
+ if (parts.length == 2 && parts[0].equals("cn"))
+ {
+ return new Group(parts[1]);
+ }
+ throw new RuntimeException("BUG: failed to extract group name from " + groupDN.toString());
+ }
+ // this gets filled by the LdapgroupPersistence
+ GroupDetailSelector searchDetailSelector;
+
+ private boolean isDetailedSearch(Group g, Role r)
+ {
+ if (searchDetailSelector == null)
+ return true;
+ return searchDetailSelector.isDetailedSearch(g, r);
+ }
+ // end of horribleness
+
protected Collection<Group> getOwnerGroups(final User<T> user,
final DN userDN,
final String groupID)
diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupPersistence.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupPersistence.java
index f59bc1518d82c3522bf0cd104bc3ca8fecfc7ebf..685ba5a2c7887d149203bda8af54a3572868b68f 100755
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupPersistence.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupPersistence.java
@@ -79,6 +79,7 @@ import ca.nrc.cadc.ac.GroupAlreadyExistsException;
import ca.nrc.cadc.ac.GroupNotFoundException;
import ca.nrc.cadc.ac.Role;
import ca.nrc.cadc.ac.UserNotFoundException;
+import ca.nrc.cadc.ac.server.GroupDetailSelector;
import ca.nrc.cadc.ac.server.GroupPersistence;
import ca.nrc.cadc.net.TransientException;
@@ -88,12 +89,19 @@ public class LdapGroupPersistence<T extends Principal>
private static final Logger log =
Logger.getLogger(LdapGroupPersistence.class);
private final LdapConfig config;
+
+ private GroupDetailSelector detailSelector;
public LdapGroupPersistence()
{
config = LdapConfig.getLdapConfig();
}
+ protected void setDetailSelector(GroupDetailSelector gds)
+ {
+ this.detailSelector = gds;
+ }
+
public Collection<String> getGroupNames()
throws TransientException, AccessControlException
{
@@ -233,6 +241,7 @@ public class LdapGroupPersistence<T extends Principal>
{
userDAO = new LdapUserDAO<T>(config);
groupDAO = new LdapGroupDAO<T>(config, userDAO);
+ groupDAO.searchDetailSelector = detailSelector;
Collection<Group> ret = groupDAO.getGroups(userID, role, groupID);
return ret;
}
diff --git a/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java b/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java
index a25a49395ad89db69af3af65d739aa890506e5de..751b13c1bd3d7bc16181ff885d9f3c7dfdd69201 100644
--- a/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java
+++ b/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java
@@ -496,11 +496,11 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest
for (Group group : groups)
{
log.debug("admin group: " + group.getID());
- if (group.getID().equals(testGroup1ID))
+ if (group.getID().equalsIgnoreCase(testGroup1ID))
{
found1 = true;
}
- if (group.getID().equals(testGroup2ID))
+ if (group.getID().equalsIgnoreCase(testGroup2ID))
{
found2 = true;
}