Merge branch 's1890' of gimli2:/srv/cadc/git/ac into s1890

db6cf4e0 · Jeff Burke · 665f763b · 4e9dbfc2 · db6cf4e0 · db6cf4e0
Commit db6cf4e0 authored 9 years ago by Jeff Burke
--- a/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java
+++ b/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java
@@ -1109,30 +1109,53 @@ public class LdapUserDAO extends LdapDAO
        }
    }
+    private Principal getPreferredPrincipal(User user)
+    {
+        Principal ret = null;
+        Principal next = null;
+        Iterator<Principal> i = user.getIdentities().iterator();
+        while (i.hasNext())
+        {
+            next = i.next();
+            if (next instanceof NumericPrincipal)
+            {
+                return next;
+            }
+            ret = next;
+        }
+        return ret;
+    }
    DN getUserDN(User user)
-        throws UserNotFoundException, TransientException
+        throws UserNotFoundException, TransientException, LDAPException
    {
-        // Could be a DNPrincipal from a memberOf or uniquemember entrydn
+        Principal p = getPreferredPrincipal(user);
-        Principal userID = user.getHttpPrincipal();
+        if (p == null)
-        String searchField = userLdapAttrib.get(userID.getClass());
+        {
+            throw new UserNotFoundException("No identities");
+        }
+        // DN can be formulated if it is the numeric id
+        if (p instanceof NumericPrincipal)
+            return this.getUserDN(p.getName(), config.getUsersDN());
+        // Otherwise we need to search for the numeric id
+        String searchField = userLdapAttrib.get(p.getClass());
        if (searchField == null)
        {
            throw new IllegalArgumentException(
-                    "Unsupported principal type " + userID.getClass());
+                    "Unsupported principal type " + p.getClass());
        }
 //      change the DN to be in the 'java' format
-        Filter filter;
 //      if (userID instanceof X500Principal)
 //      {
 //          X500Principal orderedPrincipal = AuthenticationUtil.getOrderedForm(
 //              (X500Principal) userID);
 //          filter = Filter.createEqualityFilter(searchField, orderedPrincipal.toString());
 //      }
-//        else
-//        {
+        Filter filter = Filter.createEqualityFilter(searchField, p.getName());
-            filter = Filter.createEqualityFilter(searchField, userID.getName());
-//        }
        logger.debug("search filter: " + filter);
        SearchResultEntry searchResult = null;
@@ -1141,7 +1164,7 @@ public class LdapUserDAO extends LdapDAO
            SearchRequest searchRequest = new SearchRequest(
                config.getUsersDN(), SearchScope.ONE, filter, LDAP_ENTRYDN);
            searchResult = getReadOnlyConnection().searchForEntry(searchRequest);
-            logger.info("getUserDN: got " + userID.getName() + " from " + config.getUsersDN());
+            logger.debug("getUserDN: got " + p.getName() + " from " + config.getUsersDN());
        }
        catch (LDAPException e)
        {
@@ -1150,26 +1173,17 @@ public class LdapUserDAO extends LdapDAO
        if (searchResult == null)
        {
-            String msg = "User not found " + userID.getName() + " in " + config.getUsersDN();
+            String msg = "User not found " + p.getName() + " in " + config.getUsersDN();
            logger.debug(msg);
            throw new UserNotFoundException(msg);
        }
        return searchResult.getAttributeValueAsDN(LDAP_ENTRYDN);
    }
-    protected DN getUserDN(final String userID, final String usersDN)
+    protected DN getUserDN(String numericID, String usersDN)
            throws LDAPException, TransientException
    {
-        try
+        return new DN(LDAP_UID + "=" + numericID + "," + usersDN);
-        {
-            return new DN(LDAP_UID + "=" + userID + "," + usersDN);
-        }
-        catch (LDAPException e)
-        {
-            logger.debug("getUserDN Exception: " + e, e);
-            LdapDAO.checkLdapResult(e.getResultCode());
-        }
-        throw new IllegalArgumentException(userID + " not a valid user ID");
    }
    private void addAttribute(List<Attribute> attributes, final String name, final String value)

--- a/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/groups/AbstractGroupAction.java
+++ b/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/groups/AbstractGroupAction.java
@@ -69,12 +69,14 @@
 package ca.nrc.cadc.ac.server.web.groups;
 import java.io.IOException;
-import java.lang.reflect.Field;
 import java.security.AccessControlException;
+import java.security.Principal;
 import java.security.PrivilegedActionException;
 import java.security.PrivilegedExceptionAction;
+import java.util.Iterator;
 import java.util.List;
+import javax.security.auth.x500.X500Principal;
 import javax.servlet.http.HttpServletRequest;
 import org.apache.log4j.Logger;
@@ -83,9 +85,11 @@ import ca.nrc.cadc.ac.GroupAlreadyExistsException;
 import ca.nrc.cadc.ac.GroupNotFoundException;
 import ca.nrc.cadc.ac.MemberAlreadyExistsException;
 import ca.nrc.cadc.ac.MemberNotFoundException;
+import ca.nrc.cadc.ac.User;
 import ca.nrc.cadc.ac.UserNotFoundException;
 import ca.nrc.cadc.ac.server.GroupPersistence;
 import ca.nrc.cadc.ac.server.web.SyncOutput;
+import ca.nrc.cadc.auth.HttpPrincipal;
 import ca.nrc.cadc.net.TransientException;
 public abstract class AbstractGroupAction implements PrivilegedExceptionAction<Object>
@@ -233,27 +237,26 @@ public abstract class AbstractGroupAction implements PrivilegedExceptionAction<O
        this.logInfo.deletedMembers = deletedMembers;
    }
-    // set private field using reflection
+    protected String getUseridForLogging(User u)
-    protected void setField(Object object, Object value, String name)
    {
-        try
+        if (u.getIdentities().isEmpty())
-        {
+            return "anonUser";
-            Field field = object.getClass().getDeclaredField(name);
-            field.setAccessible(true);
+        Iterator<Principal> i = u.getIdentities().iterator();
-            field.set(object, value);
+        String ret = null;
-        }
+        Principal next = null;
-        catch (NoSuchFieldException e)
+        while (i.hasNext())
-        {
-            final String error = object.getClass().getSimpleName() +
-                " field " + name + "not found";
-            throw new RuntimeException(error, e);
-        }
-        catch (IllegalAccessException e)
        {
-            final String error = "unable to update " + name + " in " +
+            next = i.next();
-                object.getClass().getSimpleName();
+            if (next instanceof HttpPrincipal)
-            throw new RuntimeException(error, e);
+                return next.getName();
+            if (next instanceof X500Principal)
+                ret = next.getName();
+            else if (ret == null)
+                ret = next.getName();
        }
+        return ret;
    }
 }
--- a/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/groups/AddUserMemberAction.java
+++ b/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/groups/AddUserMemberAction.java
@@ -107,7 +107,7 @@ public class AddUserMemberAction extends AbstractGroupAction
        groupPersistence.modifyGroup(group);
        List<String> addedMembers = new ArrayList<String>();
-        addedMembers.add(toAdd.getHttpPrincipal().getName());
+        addedMembers.add(getUseridForLogging(toAdd));
        logGroupInfo(group.getID(), null, addedMembers);
    }

--- a/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/groups/ModifyGroupAction.java
+++ b/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/groups/ModifyGroupAction.java
@@ -102,7 +102,7 @@ public class ModifyGroupAction extends AbstractGroupAction
        {
            if (!oldGroup.getUserMembers().remove(member))
            {
-                addedMembers.add(member.getHttpPrincipal().getName());
+                addedMembers.add(getUseridForLogging(member));
            }
        }
        for (Group gr : group.getGroupMembers())
@@ -119,7 +119,7 @@ public class ModifyGroupAction extends AbstractGroupAction
        List<String> deletedMembers = new ArrayList<String>();
        for (User member : oldGroup.getUserMembers())
        {
-            deletedMembers.add(member.getHttpPrincipal().getName());
+            deletedMembers.add(getUseridForLogging(member));
        }
        for (Group gr : oldGroup.getGroupMembers())
        {

--- a/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/groups/RemoveUserMemberAction.java
+++ b/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/groups/RemoveUserMemberAction.java
@@ -71,9 +71,6 @@ package ca.nrc.cadc.ac.server.web.groups;
 import java.security.Principal;
 import java.util.ArrayList;
 import java.util.List;
-import java.util.Set;
-import javax.security.auth.x500.X500Principal;
 import ca.nrc.cadc.ac.Group;
 import ca.nrc.cadc.ac.MemberNotFoundException;
@@ -110,7 +107,7 @@ public class RemoveUserMemberAction extends AbstractGroupAction
        groupPersistence.modifyGroup(group);
        List<String> deletedMembers = new ArrayList<String>();
-        deletedMembers.add(toRemove.getHttpPrincipal().getName());
+        deletedMembers.add(getUseridForLogging(toRemove));
        logGroupInfo(group.getID(), deletedMembers, null);
    }

--- a/cadcAccessControl/src/ca/nrc/cadc/ac/client/GMSClient.java
+++ b/cadcAccessControl/src/ca/nrc/cadc/ac/client/GMSClient.java
@@ -68,6 +68,30 @@
 */
 package ca.nrc.cadc.ac.client;
+import java.io.BufferedReader;
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.net.HttpURLConnection;
+import java.net.MalformedURLException;
+import java.net.URI;
+import java.net.URL;
+import java.security.AccessControlContext;
+import java.security.AccessControlException;
+import java.security.AccessController;
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Set;
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLSocketFactory;
+import javax.security.auth.Subject;
+import org.apache.log4j.Logger;
 import ca.nrc.cadc.ac.Group;
 import ca.nrc.cadc.ac.GroupAlreadyExistsException;
 import ca.nrc.cadc.ac.GroupNotFoundException;
@@ -90,28 +114,6 @@ import ca.nrc.cadc.net.NetUtil;
 import ca.nrc.cadc.net.event.TransferEvent;
 import ca.nrc.cadc.net.event.TransferListener;
 import ca.nrc.cadc.reg.client.RegistryClient;
-import org.apache.log4j.Logger;
-import javax.net.ssl.HttpsURLConnection;
-import javax.net.ssl.SSLSocketFactory;
-import javax.security.auth.Subject;
-import java.io.BufferedReader;
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.net.HttpURLConnection;
-import java.net.MalformedURLException;
-import java.net.URI;
-import java.net.URL;
-import java.security.AccessControlContext;
-import java.security.AccessControlException;
-import java.security.AccessController;
-import java.security.Principal;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Set;
 /**
@@ -679,6 +681,12 @@ public class GMSClient implements TransferListener
    public void addUserMember(String targetGroupName, Principal userID)
        throws GroupNotFoundException, UserNotFoundException, AccessControlException, IOException
    {
+        if (targetGroupName == null)
+            throw new IllegalArgumentException("targetGroupName required");
+        if (userID == null)
+            throw new IllegalArgumentException("userID required");
        log.debug("addUserMember: " + targetGroupName + " + " + userID.getName());
        String userIDType = AuthenticationUtil.getPrincipalType(userID);