ac2 - merged master into ac2 (opencadc)

projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/GroupDetailSelector.java

+/*
+************************************************************************
+*******************  CANADIAN ASTRONOMY DATA CENTRE  *******************
+**************  CENTRE CANADIEN DE DONNÉES ASTRONOMIQUES  **************
+*
+*  (c) 2011.                            (c) 2011.
+*  Government of Canada                 Gouvernement du Canada
+*  National Research Council            Conseil national de recherches
+*  Ottawa, Canada, K1A 0R6              Ottawa, Canada, K1A 0R6
+*  All rights reserved                  Tous droits réservés
+*
+*  NRC disclaims any warranties,        Le CNRC dénie toute garantie
+*  expressed, implied, or               énoncée, implicite ou légale,
+*  statutory, of any kind with          de quelque nature que ce
+*  respect to the software,             soit, concernant le logiciel,
+*  including without limitation         y compris sans restriction
+*  any warranty of merchantability      toute garantie de valeur
+*  or fitness for a particular          marchande ou de pertinence
+*  purpose. NRC shall not be            pour un usage particulier.
+*  liable in any event for any          Le CNRC ne pourra en aucun cas
+*  damages, whether direct or           être tenu responsable de tout
+*  indirect, special or general,        dommage, direct ou indirect,
+*  consequential or incidental,         particulier ou général,
+*  arising from the use of the          accessoire ou fortuit, résultant
+*  software.  Neither the name          de l'utilisation du logiciel. Ni
+*  of the National Research             le nom du Conseil National de
+*  Council of Canada nor the            Recherches du Canada ni les noms
+*  names of its contributors may        de ses  participants ne peuvent
+*  be used to endorse or promote        être utilisés pour approuver ou
+*  products derived from this           promouvoir les produits dérivés
+*  software without specific prior      de ce logiciel sans autorisation
+*  written permission.                  préalable et particulière
+*                                       par écrit.
+*
+*  This file is part of the             Ce fichier fait partie du projet
+*  OpenCADC project.                    OpenCADC.
+*
+*  OpenCADC is free software:           OpenCADC est un logiciel libre ;
+*  you can redistribute it and/or       vous pouvez le redistribuer ou le
+*  modify it under the terms of         modifier suivant les termes de
+*  the GNU Affero General Public        la “GNU Affero General Public
+*  License as published by the          License” telle que publiée
+*  Free Software Foundation,            par la Free Software Foundation
+*  either version 3 of the              : soit la version 3 de cette
+*  License, or (at your option)         licence, soit (à votre gré)
+*  any later version.                   toute version ultérieure.
+*
+*  OpenCADC is distributed in the       OpenCADC est distribué
+*  hope that it will be useful,         dans l’espoir qu’il vous
+*  but WITHOUT ANY WARRANTY;            sera utile, mais SANS AUCUNE
+*  without even the implied             GARANTIE : sans même la garantie
+*  warranty of MERCHANTABILITY          implicite de COMMERCIALISABILITÉ
+*  or FITNESS FOR A PARTICULAR          ni d’ADÉQUATION À UN OBJECTIF
+*  PURPOSE.  See the GNU Affero         PARTICULIER. Consultez la Licence
+*  General Public License for           Générale Publique GNU Affero
+*  more details.                        pour plus de détails.
+*
+*  You should have received             Vous devriez avoir reçu une
+*  a copy of the GNU Affero             copie de la Licence Générale
+*  General Public License along         Publique GNU Affero avec
+*  with OpenCADC.  If not, see          OpenCADC ; si ce n’est
+*  <http://www.gnu.org/licenses/>.      pas le cas, consultez :
+*                                       <http://www.gnu.org/licenses/>.
+*
+*  $Revision: 5 $
+*
+************************************************************************
+*/
+
+package ca.nrc.cadc.ac.server;
+
+import ca.nrc.cadc.ac.Group;
+import ca.nrc.cadc.ac.Role;
+
+/**
+ *
+ * @author pdowler
+ */
+public interface GroupDetailSelector 
+{
+    /** 
+     * Check if group details should be filled in for the group when
+     * querying for role.
+     * @param g
+     * @param r
+     * @return true if group details should be filled
+     */
+    boolean isDetailedSearch(Group g, Role r);
+}

projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapDAO.java

@@ -234,7 +234,11 @@ public abstract class LdapDAO
             throws TransientException
     {
     	logger.debug("Ldap result: " + code);
-        System.out.println("Ldap result: " + code);
+
+    	if (code == ResultCode.SUCCESS || code == ResultCode.NO_SUCH_OBJECT)
+        {
+            return;
+        }
 
         if (code == ResultCode.INSUFFICIENT_ACCESS_RIGHTS)
         {
@@ -244,10 +248,6 @@ public abstract class LdapDAO
         {
             throw new AccessControlException("Invalid credentials ");
         }
-        else if ((code == ResultCode.SUCCESS) || (code == ResultCode.NO_SUCH_OBJECT))
-        {
-            // all good. nothing to do
-        }
         else if (code == ResultCode.PARAM_ERROR)
         {
             throw new IllegalArgumentException("Error in Ldap parameters ");
@@ -256,10 +256,12 @@ public abstract class LdapDAO
         {
             throw new TransientException("Connection problems ");
         }
-        else
+        else if (code == ResultCode.TIMEOUT || code == ResultCode.TIME_LIMIT_EXCEEDED)
         {
-            throw new RuntimeException("Ldap error (" + code.getName() + ")");
+            throw new TransientException("ldap timeout");
         }
+
+        throw new RuntimeException("Ldap error (" + code.getName() + ")");
     }
 
 }

projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupPersistence.java

@@ -79,6 +79,7 @@ import ca.nrc.cadc.ac.GroupAlreadyExistsException;
 import ca.nrc.cadc.ac.GroupNotFoundException;
 import ca.nrc.cadc.ac.Role;
 import ca.nrc.cadc.ac.UserNotFoundException;
+import ca.nrc.cadc.ac.server.GroupDetailSelector;
 import ca.nrc.cadc.ac.server.GroupPersistence;
 import ca.nrc.cadc.net.TransientException;
 
@@ -89,11 +90,18 @@ public class LdapGroupPersistence<T extends Principal>
             Logger.getLogger(LdapGroupPersistence.class);
     private final LdapConfig config;
     
+    private GroupDetailSelector detailSelector;
+
     public LdapGroupPersistence()
     {
         config = LdapConfig.getLdapConfig();
     }
     
+    protected void setDetailSelector(GroupDetailSelector gds)
+    {
+        this.detailSelector = gds;
+    }
+    
     public Collection<String> getGroupNames()
         throws TransientException, AccessControlException
     {
@@ -233,6 +241,7 @@ public class LdapGroupPersistence<T extends Principal>
         {
             userDAO = new LdapUserDAO<T>(config);
             groupDAO = new LdapGroupDAO<T>(config, userDAO);
+            groupDAO.searchDetailSelector = detailSelector;
             Collection<Group> ret = groupDAO.getGroups(userID, role, groupID);
             return ret;
         }

projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/groups/ACSearchRunner.java

@@ -335,6 +335,23 @@ public class ACSearchRunner implements JobRunner
 //            }
         }
         */
+        catch(IllegalArgumentException ex)
+        {
+            logInfo.setSuccess(true);
+            logInfo.setMessage(ex.getMessage());
+            log.debug("FAIL", ex);
+            
+            syncOut.setResponseCode(400);
+            syncOut.setHeader("Content-Type", "text/plain");
+            try
+            {
+                syncOut.getOutputStream().write(ex.getMessage().getBytes());
+            }
+            catch (IOException e)
+            {
+                log.warn("Could not write response to output stream", e);
+            }
+        }
         catch (AccessControlException t)
         {
             logInfo.setSuccess(true);

projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/groups/GroupServlet.java

@@ -80,7 +80,6 @@ import org.apache.log4j.Logger;
 
 import ca.nrc.cadc.ac.server.web.SyncOutput;
 import ca.nrc.cadc.auth.AuthenticationUtil;
-import ca.nrc.cadc.util.StringUtil;
 
 /**
  * Servlet for handling all requests to /groups

projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java

@@ -494,11 +494,11 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest
                     for (Group group : groups)
                     {
                         log.debug("admin group: " + group.getID());
-                        if (group.getID().equals(testGroup1ID))
+                        if (group.getID().equalsIgnoreCase(testGroup1ID))
                         {
                             found1 = true;
                         }
-                        if (group.getID().equals(testGroup2ID))
+                        if (group.getID().equalsIgnoreCase(testGroup2ID))
                         {
                             found2 = true;
                         }
@@ -861,18 +861,10 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest
                     getGroupDAO().getGroups(unknownPrincipal, Role.OWNER, 
                                                groupID);
                     fail("searchGroups with unknown user should throw " + 
-                         "UserNotFoundException");
+                         "AccessControlException");
                 }
                 catch (AccessControlException ignore) {}
                 
-                try
-                {
-                    getGroupDAO().getGroups(daoTestPrincipal1, Role.OWNER, 
-                                               "foo");
-                    fail("searchGroups with unknown user should throw " + 
-                         "GroupNotFoundException");
-                }
-                catch (GroupNotFoundException ignore) {}
                 return null;
             }
         });

projects/cadcAccessControl/src/ca/nrc/cadc/ac/Group.java

@@ -155,6 +155,11 @@ public class Group
         return owner;
     }
 
+    public void setOwner(User<? extends Principal> owner)
+    {
+        this.owner = owner;
+    }
+
     /**
      * 
      * @return a set of properties associated with a group

projects/cadcAccessControl/src/ca/nrc/cadc/ac/client/GMSClientMain.java

+/*
+ ************************************************************************
+ *******************  CANADIAN ASTRONOMY DATA CENTRE  *******************
+ **************  CENTRE CANADIEN DE DONNÉES ASTRONOMIQUES  **************
+ *
+ *  (c) 2014.                            (c) 2014.
+ *  Government of Canada                 Gouvernement du Canada
+ *  National Research Council            Conseil national de recherches
+ *  Ottawa, Canada, K1A 0R6              Ottawa, Canada, K1A 0R6
+ *  All rights reserved                  Tous droits réservés
+ *
+ *  NRC disclaims any warranties,        Le CNRC dénie toute garantie
+ *  expressed, implied, or               énoncée, implicite ou légale,
+ *  statutory, of any kind with          de quelque nature que ce
+ *  respect to the software,             soit, concernant le logiciel,
+ *  including without limitation         y compris sans restriction
+ *  any warranty of merchantability      toute garantie de valeur
+ *  or fitness for a particular          marchande ou de pertinence
+ *  purpose. NRC shall not be            pour un usage particulier.
+ *  liable in any event for any          Le CNRC ne pourra en aucun cas
+ *  damages, whether direct or           être tenu responsable de tout
+ *  indirect, special or general,        dommage, direct ou indirect,
+ *  consequential or incidental,         particulier ou général,
+ *  arising from the use of the          accessoire ou fortuit, résultant
+ *  software.  Neither the name          de l'utilisation du logiciel. Ni
+ *  of the National Research             le nom du Conseil National de
+ *  Council of Canada nor the            Recherches du Canada ni les noms
+ *  names of its contributors may        de ses  participants ne peuvent
+ *  be used to endorse or promote        être utilisés pour approuver ou
+ *  products derived from this           promouvoir les produits dérivés
+ *  software without specific prior      de ce logiciel sans autorisation
+ *  written permission.                  préalable et particulière
+ *                                       par écrit.
+ *
+ *  This file is part of the             Ce fichier fait partie du projet
+ *  OpenCADC project.                    OpenCADC.
+ *
+ *  OpenCADC is free software:           OpenCADC est un logiciel libre ;
+ *  you can redistribute it and/or       vous pouvez le redistribuer ou le
+ *  modify it under the terms of         modifier suivant les termes de
+ *  the GNU Affero General Public        la “GNU Affero General Public
+ *  License as published by the          License” telle que publiée
+ *  Free Software Foundation,            par la Free Software Foundation
+ *  either version 3 of the              : soit la version 3 de cette
+ *  License, or (at your option)         licence, soit (à votre gré)
+ *  any later version.                   toute version ultérieure.
+ *
+ *  OpenCADC is distributed in the       OpenCADC est distribué
+ *  hope that it will be useful,         dans l’espoir qu’il vous
+ *  but WITHOUT ANY WARRANTY;            sera utile, mais SANS AUCUNE
+ *  without even the implied             GARANTIE : sans même la garantie
+ *  warranty of MERCHANTABILITY          implicite de COMMERCIALISABILITÉ
+ *  or FITNESS FOR A PARTICULAR          ni d’ADÉQUATION À UN OBJECTIF
+ *  PURPOSE.  See the GNU Affero         PARTICULIER. Consultez la Licence
+ *  General Public License for           Générale Publique GNU Affero
+ *  more details.                        pour plus de détails.
+ *
+ *  You should have received             Vous devriez avoir reçu une
+ *  a copy of the GNU Affero             copie de la Licence Générale
+ *  General Public License along         Publique GNU Affero avec
+ *  with OpenCADC.  If not, see          OpenCADC ; si ce n’est
+ *  <http://www.gnu.org/licenses/>.      pas le cas, consultez :
+ *                                       <http://www.gnu.org/licenses/>.
+ *
+ *  $Revision: 4 $
+ *
+ ************************************************************************
+ */
+
+package ca.nrc.cadc.ac.client;
+
+import ca.nrc.cadc.ac.Group;
+import ca.nrc.cadc.ac.User;
+import java.net.URI;
+import java.net.URL;
+import java.security.PrivilegedAction;
+
+import javax.security.auth.Subject;
+
+import org.apache.log4j.Level;
+import org.apache.log4j.Logger;
+
+import ca.nrc.cadc.auth.CertCmdArgUtil;
+import ca.nrc.cadc.auth.HttpPrincipal;
+import ca.nrc.cadc.reg.client.RegistryClient;
+import ca.nrc.cadc.util.ArgumentMap;
+import ca.nrc.cadc.util.Log4jInit;
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.util.Set;
+import javax.security.auth.x500.X500Principal;
+
+/**
+ * Prototype main class for the GMSClient.  Currently
+ * only used for testing.  Should not be used for production
+ * work.
+ */
+public class GMSClientMain implements PrivilegedAction<Object>
+{
+
+    private static Logger log = Logger.getLogger(GMSClientMain.class);
+
+    public static final String ARG_ADD_MEMBER = "add-member";
+    public static final String ARG_CREATE_GROUP = "create";
+    public static final String ARG_GET_GROUP = "get";
+    public static final String ARG_DELETE_GROUP = "delete";
+
+    public static final String ARG_USERID = "userid";
+    public static final String ARG_GROUP = "group";
+
+    public static final String ARG_HELP = "help";
+    public static final String ARG_VERBOSE = "verbose";
+    public static final String ARG_DEBUG = "debug";
+    public static final String ARG_H = "h";
+    public static final String ARG_V = "v";
+    public static final String ARG_D = "d";
+
+    private GMSClient client;
+    private ArgumentMap argMap;
+
+    private GMSClientMain()
+    {
+        RegistryClient regClient = new RegistryClient();
+        URL acURL = null;
+        try
+        {
+            acURL = regClient.getServiceURL(new URI("ivo://cadc.nrc.ca/canfargms"), "https");
+        }
+        catch (Exception e)
+        {
+            log.error("FAIL", e);
+        }
+        log.info("GMS service URL: " + acURL);
+        client = new GMSClient(acURL.toString());
+    }
+
+    public static void main(String[] args)
+    {
+        ArgumentMap argMap = new ArgumentMap(args);
+
+        if (argMap.isSet(ARG_HELP) || argMap.isSet(ARG_H))
+        {
+            usage();
+            System.exit(0);
+        }
+
+        // Set debug mode
+        if (argMap.isSet(ARG_DEBUG) || argMap.isSet(ARG_D))
+        {
+            Log4jInit.setLevel("ca.nrc.cadc.ac.client", Level.DEBUG);
+            Log4jInit.setLevel("ca.nrc.cadc.net", Level.DEBUG);
+        }
+        else if (argMap.isSet(ARG_VERBOSE) || argMap.isSet(ARG_V))
+        {
+            Log4jInit.setLevel("ca.nrc.cadc.ac.client", Level.INFO);
+        }
+        else
+            Log4jInit.setLevel("ca", Level.WARN);
+
+        GMSClientMain main = new GMSClientMain();
+        main.argMap = argMap;
+
+        Subject subject = CertCmdArgUtil.initSubject(argMap, true);
+
+        Object response = null;
+
+        if (subject != null)
+            response = Subject.doAs(subject, main);
+        else
+            response = main.run();
+
+        log.debug("Response: " + response);
+    }
+
+    private String getCommand()
+    {
+        if (argMap.isSet(ARG_ADD_MEMBER))
+            return ARG_ADD_MEMBER;
+        
+        if (argMap.isSet(ARG_CREATE_GROUP))
+            return ARG_CREATE_GROUP;
+        
+        if (argMap.isSet(ARG_GET_GROUP))
+            return ARG_GET_GROUP;
+        
+        if (argMap.isSet(ARG_DELETE_GROUP))
+            return ARG_DELETE_GROUP;
+
+        throw new IllegalArgumentException("No valid commands");
+    }
+
+    private static void usage()
+    {
+        System.out.println("--add-member --group=<g> --userid=<u>");
+        System.out.println("--create --group=<g>");
+        System.out.println("--get --group=<g>");
+        System.out.println("--delete --group=<g>");
+    }
+
+    @Override
+    public Object run()
+    {
+        try
+        {
+            String command = getCommand();
+
+            if (command.equals(ARG_ADD_MEMBER))
+            {
+                String group = argMap.getValue(ARG_GROUP);
+                String userID = argMap.getValue(ARG_USERID);
+
+                if (group == null)
+                    throw new IllegalArgumentException("No group specified");
+
+                if (userID == null)
+                    throw new IllegalArgumentException("No userid specified");
+
+                client.addUserMember(group, new HttpPrincipal(userID));
+            }
+            else if (command.equals(ARG_CREATE_GROUP))
+            {
+                String group = argMap.getValue(ARG_GROUP);
+                if (group == null)
+                    throw new IllegalArgumentException("No group specified");
+                
+                AccessControlContext accessControlContext = AccessController.getContext();
+                Subject subject = Subject.getSubject(accessControlContext);
+                Set<X500Principal> principals = subject.getPrincipals(X500Principal.class);
+                X500Principal p = principals.iterator().next();
+                
+                Group g = new Group(group, new User(p));
+                g.getUserMembers().add(g.getOwner());
+                client.createGroup(g);
+            }
+            else if (command.equals(ARG_GET_GROUP))
+            {
+                String group = argMap.getValue(ARG_GROUP);
+                if (group == null)
+                    throw new IllegalArgumentException("No group specified");
+             
+                Group g = client.getGroup(group);
+                System.out.println("found: " + g.getID());
+                System.out.println("\t" + g.description);
+                System.out.println("owner: " + g.getOwner());
+                
+                for (User u : g.getUserAdmins())
+                    System.out.println("admin: " + u);
+                
+                for (Group ga : g.getGroupAdmins())
+                    System.out.println("admin: " + ga);
+                
+                for (User u : g.getUserMembers())
+                    System.out.println("member: " + u);
+                
+                for (Group gm : g.getGroupMembers())
+                    System.out.println("member: " + gm);
+                
+            }
+            else if (command.equals(ARG_DELETE_GROUP))
+            {
+                String group = argMap.getValue(ARG_GROUP);
+                if (group == null)
+                    throw new IllegalArgumentException("No group specified");
+             
+                client.deleteGroup(group);
+            }
+
+            return null;
+        }
+        catch (Throwable t)
+        {
+            log.error("ERROR", t);
+            return t;
+        }
+    }
+}

projects/cadcAccessControl/test/src/ca/nrc/cadc/ac/client/GMSClientTest.java

@@ -105,40 +105,6 @@ public class GMSClientTest
         Log4jInit.setLevel("ca.nrc.cadc.ac", Level.DEBUG);
     }
 
-
-    @Test
-    public void testGetDisplayUsers() throws Exception
-    {
-        final HttpDownload mockHTTPDownload = createMock(HttpDownload.class);
-        final GMSClient testSubject = new GMSClient("http://mysite.com/users")
-        {
-            @Override
-            HttpDownload createDisplayUsersHTTPDownload(
-                    List<User<HttpPrincipal>> webUsers) throws IOException
-            {
-                return mockHTTPDownload;
-            }
-        };
-
-        mockHTTPDownload.setRequestProperty("Accept", "application/json");
-        expectLastCall().once();
-
-        mockHTTPDownload.run();
-        expectLastCall().once();
-
-        expect(mockHTTPDownload.getThrowable()).andReturn(null).once();
-
-        expect(mockHTTPDownload.getContentLength()).andReturn(88l).once();
-        expect(mockHTTPDownload.getContentType()).andReturn(
-                "application/json").once();
-
-        replay(mockHTTPDownload);
-
-        testSubject.getDisplayUsers();
-
-        verify(mockHTTPDownload);
-    }
-
     @Test
     public void testUserIsSubject()
     {
@@ -194,27 +160,38 @@ public class GMSClientTest
                     public Object run() throws Exception
                     {
 
-                        List<Group> initial = client.getCachedGroups(test1UserID, Role.MEMBER);
+                        List<Group> initial = client.getCachedGroups(test1UserID, Role.MEMBER, true);
                         Assert.assertNull("Cache should be null", initial);
 
+                        // add single group as isMember might do
+                        Group group0 = new Group("0");
+                        client.addCachedGroup(test1UserID, group0, Role.MEMBER);
+                        List<Group> actual = client.getCachedGroups(test1UserID, Role.MEMBER, true);
+                        Assert.assertNull("Cache should be null", actual);
+
+                        Group g = client.getCachedGroup(test1UserID, "0", Role.MEMBER);
+                        Assert.assertNotNull("cached group from incomplete cache", g);
+
+                        // add all groups like getMemberships might do
                         List<Group> expected = new ArrayList<Group>();
                         Group group1 = new Group("1");
                         Group group2 = new Group("2");
+                        expected.add(group0);
                         expected.add(group1);
                         expected.add(group2);
 
                         client.setCachedGroups(test1UserID, expected, Role.MEMBER);
 
-                        List<Group> actual = client.getCachedGroups(test1UserID, Role.MEMBER);
+                        actual = client.getCachedGroups(test1UserID, Role.MEMBER, true);
                         Assert.assertEquals("Wrong cached groups", expected, actual);
 
                         // check against another role
-                        actual = client.getCachedGroups(test1UserID, Role.OWNER);
+                        actual = client.getCachedGroups(test1UserID, Role.OWNER, true);
                         Assert.assertNull("Cache should be null", actual);
 
                         // check against another userid
                         final HttpPrincipal anotherUserID = new HttpPrincipal("anotheruser");
-                        actual = client.getCachedGroups(anotherUserID, Role.MEMBER);
+                        actual = client.getCachedGroups(anotherUserID, Role.MEMBER, true);
                         Assert.assertNull("Cache should be null", actual);
 
                         return null;
@@ -232,7 +209,7 @@ public class GMSClientTest
                         public Object run() throws Exception
                         {
 
-                            List<Group> initial = client.getCachedGroups(test2UserID, Role.MEMBER);
+                            List<Group> initial = client.getCachedGroups(test2UserID, Role.MEMBER, true);
                             Assert.assertNull("Cache should be null", initial);
 
                             List<Group> expected = new ArrayList<Group>();
@@ -243,16 +220,16 @@ public class GMSClientTest
 
                             client.setCachedGroups(test2UserID, expected, Role.MEMBER);
 
-                            List<Group> actual = client.getCachedGroups(test2UserID, Role.MEMBER);
+                            List<Group> actual = client.getCachedGroups(test2UserID, Role.MEMBER, true);
                             Assert.assertEquals("Wrong cached groups", expected, actual);
 
                             // check against another role
-                            actual = client.getCachedGroups(test2UserID, Role.OWNER);
+                            actual = client.getCachedGroups(test2UserID, Role.OWNER, true);
                             Assert.assertNull("Cache should be null", actual);
 
                             // check against another userid
                             final HttpPrincipal anotherUserID = new HttpPrincipal("anotheruser");
-                            actual = client.getCachedGroups(anotherUserID, Role.MEMBER);
+                            actual = client.getCachedGroups(anotherUserID, Role.MEMBER, true);
                             Assert.assertNull("Cache should be null", actual);
 
                             return null;
@@ -261,7 +238,7 @@ public class GMSClientTest
 
             // do the same without a subject
 
-            List<Group> initial = client.getCachedGroups(test1UserID, Role.MEMBER);
+            List<Group> initial = client.getCachedGroups(test1UserID, Role.MEMBER, true);
             Assert.assertNull("Cache should be null", initial);
 
             List<Group> newgroups = new ArrayList<Group>();
@@ -272,7 +249,7 @@ public class GMSClientTest
 
             client.setCachedGroups(test1UserID, newgroups, Role.MEMBER);
 
-            List<Group> actual = client.getCachedGroups(test1UserID, Role.MEMBER);
+            List<Group> actual = client.getCachedGroups(test1UserID, Role.MEMBER, true);
             Assert.assertNull("Cache should still be null", actual);
         }
         catch (Throwable t)