diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/LoginServlet.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/LoginServlet.java
index ea59ec4ffeda74026edfbac5542897dacedd53ba..01291c29ef8fe6fa60376f8a63ca26fc567a4883 100755
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/LoginServlet.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/LoginServlet.java
@@ -89,6 +89,7 @@ import ca.nrc.cadc.ac.server.GroupDetailSelector;
import ca.nrc.cadc.ac.server.UserPersistence;
import ca.nrc.cadc.ac.server.ldap.LdapGroupPersistence;
import ca.nrc.cadc.ac.server.ldap.LdapUserPersistence;
+import ca.nrc.cadc.auth.AuthenticatorImpl;
import ca.nrc.cadc.auth.HttpPrincipal;
import ca.nrc.cadc.auth.SSOCookieManager;
import ca.nrc.cadc.log.ServletLogInfo;
@@ -228,9 +229,10 @@ public class LoginServlet extends HttpServlet
final LdapGroupPersistence<HttpPrincipal> gp =
getLdapGroupPersistence();
-
+ AuthenticatorImpl ai = new AuthenticatorImpl();
Subject proxySubject = new Subject();
proxySubject.getPrincipals().add(new HttpPrincipal(proxyUser));
+ ai.augmentSubject(proxySubject);
try
{
Subject.doAs(proxySubject, new PrivilegedExceptionAction<Object>()
@@ -238,6 +240,7 @@ public class LoginServlet extends HttpServlet
@Override
public Object run() throws Exception
{
+
if (gp.getGroups(new HttpPrincipal(proxyUser), Role.MEMBER,
proxyGroup).size() == 0)
{
@@ -253,6 +256,7 @@ public class LoginServlet extends HttpServlet
Subject userSubject = new Subject();
userSubject.getPrincipals().add(new HttpPrincipal(userID));
+ ai.augmentSubject(userSubject);
Subject.doAs(userSubject, new PrivilegedExceptionAction<Object>()
{
@Override
diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/auth/AuthenticatorImpl.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/auth/AuthenticatorImpl.java
index 1812fc7eaa9cc6704f2022fe4b3085fda9eb5a5e..e7b9cdf1998042fec80653a1adf462dafd600dbe 100644
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/auth/AuthenticatorImpl.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/auth/AuthenticatorImpl.java
@@ -124,7 +124,7 @@ public class AuthenticatorImpl implements Authenticator
return subject;
}
- protected void augmentSubject(final Subject subject)
+ public void augmentSubject(final Subject subject)
{
try
diff --git a/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/web/users/UserLoginServletTest.java b/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/web/users/UserLoginServletTest.java
index 99d060b3e263f60cd188283f0a8a39104de9f6f6..fd94de9af7cee137ea132aab057af2d23b820247 100644
--- a/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/web/users/UserLoginServletTest.java
+++ b/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/web/users/UserLoginServletTest.java
@@ -37,7 +37,10 @@ public class UserLoginServletTest
proxyGroups.add(new Group(proxyGroup));
Collection<Group> niGroups = new HashSet<Group>();
niGroups.add(new Group(nonImpersonGroup));
- LdapGroupPersistence<HttpPrincipal> mockGp = EasyMock
+ // mock returns a shell instance
+ @SuppressWarnings("unchecked")
+ LdapGroupPersistence<HttpPrincipal> mockGp =
+ (LdapGroupPersistence<HttpPrincipal>)EasyMock
.createMock(LdapGroupPersistence.class);
mockGp.setDetailSelector(new GroupDetailSelector()
{