From e00017cd80b04d5e924f51a06e47626e5ae6b2e5 Mon Sep 17 00:00:00 2001
From: Adrian Damian <Adrian.Damian@nrc.ca>
Date: Thu, 3 Sep 2015 16:28:36 -0700
Subject: [PATCH] Accommodate the use of DNPrincipal in proxy user login
---
.../src/ca/nrc/cadc/ac/server/web/users/LoginServlet.java | 6 +++++-
.../src/ca/nrc/cadc/auth/AuthenticatorImpl.java | 2 +-
.../nrc/cadc/ac/server/web/users/UserLoginServletTest.java | 5 ++++-
3 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/LoginServlet.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/LoginServlet.java
index ea59ec4f..01291c29 100755
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/LoginServlet.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/LoginServlet.java
@@ -89,6 +89,7 @@ import ca.nrc.cadc.ac.server.GroupDetailSelector;
import ca.nrc.cadc.ac.server.UserPersistence;
import ca.nrc.cadc.ac.server.ldap.LdapGroupPersistence;
import ca.nrc.cadc.ac.server.ldap.LdapUserPersistence;
+import ca.nrc.cadc.auth.AuthenticatorImpl;
import ca.nrc.cadc.auth.HttpPrincipal;
import ca.nrc.cadc.auth.SSOCookieManager;
import ca.nrc.cadc.log.ServletLogInfo;
@@ -228,9 +229,10 @@ public class LoginServlet extends HttpServlet
final LdapGroupPersistence<HttpPrincipal> gp =
getLdapGroupPersistence();
-
+ AuthenticatorImpl ai = new AuthenticatorImpl();
Subject proxySubject = new Subject();
proxySubject.getPrincipals().add(new HttpPrincipal(proxyUser));
+ ai.augmentSubject(proxySubject);
try
{
Subject.doAs(proxySubject, new PrivilegedExceptionAction<Object>()
@@ -238,6 +240,7 @@ public class LoginServlet extends HttpServlet
@Override
public Object run() throws Exception
{
+
if (gp.getGroups(new HttpPrincipal(proxyUser), Role.MEMBER,
proxyGroup).size() == 0)
{
@@ -253,6 +256,7 @@ public class LoginServlet extends HttpServlet
Subject userSubject = new Subject();
userSubject.getPrincipals().add(new HttpPrincipal(userID));
+ ai.augmentSubject(userSubject);
Subject.doAs(userSubject, new PrivilegedExceptionAction<Object>()
{
@Override
diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/auth/AuthenticatorImpl.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/auth/AuthenticatorImpl.java
index 1812fc7e..e7b9cdf1 100644
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/auth/AuthenticatorImpl.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/auth/AuthenticatorImpl.java
@@ -124,7 +124,7 @@ public class AuthenticatorImpl implements Authenticator
return subject;
}
- protected void augmentSubject(final Subject subject)
+ public void augmentSubject(final Subject subject)
{
try
diff --git a/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/web/users/UserLoginServletTest.java b/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/web/users/UserLoginServletTest.java
index 99d060b3..fd94de9a 100644
--- a/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/web/users/UserLoginServletTest.java
+++ b/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/web/users/UserLoginServletTest.java
@@ -37,7 +37,10 @@ public class UserLoginServletTest
proxyGroups.add(new Group(proxyGroup));
Collection<Group> niGroups = new HashSet<Group>();
niGroups.add(new Group(nonImpersonGroup));
- LdapGroupPersistence<HttpPrincipal> mockGp = EasyMock
+ // mock returns a shell instance
+ @SuppressWarnings("unchecked")
+ LdapGroupPersistence<HttpPrincipal> mockGp =
+ (LdapGroupPersistence<HttpPrincipal>)EasyMock
.createMock(LdapGroupPersistence.class);
mockGp.setDetailSelector(new GroupDetailSelector()
{
--
GitLab