From f5aff6874a6a5e31ad1be46626ce477c4ddfdb8b Mon Sep 17 00:00:00 2001
From: Brian Major <major.brian@gmail.com>
Date: Thu, 29 Sep 2016 16:25:24 -0700
Subject: [PATCH] issue-11 - allow users with only one type of identity

---
 cadc-access-control-identity/build.gradle        |  2 +-
 .../java/ca/nrc/cadc/auth/AuthenticatorImpl.java | 16 +++++-----------
 cadc-access-control-server/build.gradle          |  2 +-
 .../java/ca/nrc/cadc/auth/AuthenticatorImpl.java | 15 +++++++--------
 4 files changed, 14 insertions(+), 21 deletions(-)

diff --git a/cadc-access-control-identity/build.gradle b/cadc-access-control-identity/build.gradle
index eff722d4..c35de040 100644
--- a/cadc-access-control-identity/build.gradle
+++ b/cadc-access-control-identity/build.gradle
@@ -13,7 +13,7 @@ repositories {
 sourceCompatibility = 1.7
 group = 'org.opencadc'
 
-version = '1.0.1'
+version = '1.0.2'
 
 dependencies {
     compile 'log4j:log4j:1.2.+'
diff --git a/cadc-access-control-identity/src/main/java/ca/nrc/cadc/auth/AuthenticatorImpl.java b/cadc-access-control-identity/src/main/java/ca/nrc/cadc/auth/AuthenticatorImpl.java
index 750ebf19..a679af59 100644
--- a/cadc-access-control-identity/src/main/java/ca/nrc/cadc/auth/AuthenticatorImpl.java
+++ b/cadc-access-control-identity/src/main/java/ca/nrc/cadc/auth/AuthenticatorImpl.java
@@ -4,7 +4,6 @@ import java.net.URI;
 import java.net.URL;
 
 import javax.security.auth.Subject;
-import javax.security.auth.x500.X500Principal;
 
 import org.apache.log4j.Logger;
 
@@ -50,17 +49,12 @@ public class AuthenticatorImpl implements Authenticator
             identityManager.augmentSubject(subject);
             prof.checkpoint("AuthenticatorImpl.augmentSubject()");
 
-            if (subject.getPrincipals(HttpPrincipal.class).isEmpty()) // no matching cadc account
+            if (subject.getPrincipals(NumericPrincipal.class).isEmpty()) // no matching internal account
             {
-                // check to see if they connected with an client certificate at least
-                // they should be able to use services with only a client certificate
-                if (subject.getPrincipals(X500Principal.class).isEmpty())
-                {
-                    // if the caller had an invalid or forged CADC_SSO cookie, we could get
-                    // in here and then not match any known identity: drop to anon
-                    log.debug("HttpPrincipal not found - dropping to anon: " + subject);
-                    subject = AuthenticationUtil.getAnonSubject();
-                }
+                // if the caller had an invalid or forged CADC_SSO cookie, we could get
+                // in here and then not match any known identity: drop to anon
+                log.debug("NumericPrincipal not found - dropping to anon: " + subject);
+                subject = AuthenticationUtil.getAnonSubject();
             }
         }
 
diff --git a/cadc-access-control-server/build.gradle b/cadc-access-control-server/build.gradle
index 06b670f9..be6ac301 100644
--- a/cadc-access-control-server/build.gradle
+++ b/cadc-access-control-server/build.gradle
@@ -13,7 +13,7 @@ repositories {
 sourceCompatibility = 1.7
 group = 'org.opencadc'
 
-version = '1.0.1'
+version = '1.0.2'
 
 dependencies {
     compile 'log4j:log4j:1.2.+'
diff --git a/cadc-access-control-server/src/main/java/ca/nrc/cadc/auth/AuthenticatorImpl.java b/cadc-access-control-server/src/main/java/ca/nrc/cadc/auth/AuthenticatorImpl.java
index 06714bb4..1c7357a1 100644
--- a/cadc-access-control-server/src/main/java/ca/nrc/cadc/auth/AuthenticatorImpl.java
+++ b/cadc-access-control-server/src/main/java/ca/nrc/cadc/auth/AuthenticatorImpl.java
@@ -69,6 +69,10 @@
 
 package ca.nrc.cadc.auth;
 
+import javax.security.auth.Subject;
+
+import org.apache.log4j.Logger;
+
 import ca.nrc.cadc.ac.Group;
 import ca.nrc.cadc.ac.Role;
 import ca.nrc.cadc.ac.User;
@@ -77,11 +81,6 @@ import ca.nrc.cadc.ac.client.GroupMemberships;
 import ca.nrc.cadc.ac.server.PluginFactory;
 import ca.nrc.cadc.ac.server.UserPersistence;
 import ca.nrc.cadc.profiler.Profiler;
-import org.apache.log4j.Logger;
-
-import javax.security.auth.Subject;
-
-import java.security.Principal;
 
 /**
  * Implementation of default Authenticator for AuthenticationUtil in cadcUtil.
@@ -119,9 +118,9 @@ public class AuthenticatorImpl implements Authenticator
 
             // if the caller had an invalid or forged CADC_SSO cookie, we could get
             // in here and then not match any known identity: drop to anon
-            if ( subject.getPrincipals(HttpPrincipal.class).isEmpty() ) // no matching cadc account
+            if ( subject.getPrincipals(NumericPrincipal.class).isEmpty() ) // no matching internal account
             {
-                log.debug("HttpPrincipal not found - dropping to anon: " + subject);
+                log.debug("NumericPrincipal not found - dropping to anon: " + subject);
                 subject = AuthenticationUtil.getAnonSubject();
             }
         }
@@ -162,7 +161,7 @@ public class AuthenticatorImpl implements Authenticator
                 catch(Exception bug)
                 {
                     throw new RuntimeException("BUG: found User.appData but could not store in Subject as GroupMemberships cache", bug);
-                    
+
                 }
             }
             user.appData = null; // avoid loop that prevents GC???
-- 
GitLab