protected void setCachedGroups(Principal userID, List<Group> groups, Role role) { GroupMemberships mems = getGroupCache(userID); if (mems == null) return; // no cache mems.add(groups, role); }
public GroupMemberships(String serviceURI, Principal userID) { this.serviceURI = serviceURI; this.userID = userID; init(); }
@Override public Object getReadPermission(URI uri) throws AccessControlException, FileNotFoundException, TransientException { checkMembership(); return null; }
protected List<Group> getCachedGroups(Principal userID, Role role, boolean complete) { GroupMemberships mems = getGroupCache(userID); if (mems == null) return null; // no cache Boolean cacheState = mems.isComplete(role); if (!complete || Boolean.TRUE.equals(cacheState)) return mems.getMemberships(role); // caller wanted complete and we don't have that return null; }
protected GroupMemberships getGroupCache(Principal userID) { AccessControlContext acContext = AccessController.getContext(); Subject subject = Subject.getSubject(acContext); // only consult cache if the userID is of the calling subject if (userIsSubject(userID, subject)) { Set<GroupMemberships> gset = subject.getPrivateCredentials(GroupMemberships.class); if (gset == null || gset.isEmpty()) { GroupMemberships mems = new GroupMemberships(serviceID.toString(), userID); subject.getPrivateCredentials().add(mems); return mems; } GroupMemberships mems = gset.iterator().next(); // check to ensure they have the same service URI if (!serviceID.toString().equals(mems.getServiceURI())) { log.debug("Not using cache because of differing service URIs: " + "[" + serviceID.toString() + "][" + mems.getServiceURI() + "]"); return null; } return mems; } return null; // no cache }
/** * Constructor. The groupConfig map may contain the following items: * <pre> * operatorGroup={ivo identifier for system operator group} * staffGroup={ivo identifier for collection or telescope staff group} * proposalGroup={true|false} * </pre> * The presence of each of these triggers the generation or grants to the specified groups. When * proposalGroup is true, groups are created (if necessary) and grants generated. Proposal group * names are of the form {Observation.collection}-{Observation.proposalID}. The staffGroup is set as * an admin of the proposalGroup so a staffGroup is mandatory when proposalGroup is true. * * @param collection the CAOM collection name * @param dryrun only show work if true * @param groupConfig group data from configuration file */ public ReadAccessGenerator(String collection, Map<String, Object> groupConfig, boolean dryrun) { this.collection = collection; this.dryrun = dryrun; initGroups(groupConfig); this.dateFormat = DateUtil.getDateFormat(DateUtil.ISO_DATE_FORMAT, DateUtil.UTC); if (this.groupBaseURI != null) { this.gmsClient = new GMSClient(groupBaseURI); } }
/** * Get memberships for the current user (subject). * * @param role * @return A list of groups for which the current user has the role. * @throws AccessControlException * @throws ca.nrc.cadc.ac.UserNotFoundException * @throws java.io.IOException */ public List<Group> getMemberships(Role role) throws UserNotFoundException, AccessControlException, IOException { return getMemberships(null, role); }
/** * * @param groupName * @param role * @return true if the current Subject is a member of the group with the specified role, false otherwise * @throws UserNotFoundException * @throws AccessControlException * @throws IOException */ public boolean isMember(String groupName, Role role) throws UserNotFoundException, AccessControlException, IOException { return isMember(getCurrentUserID(), groupName, role); }
public Object run() throws Exception { LocalAuthority localAuth = new LocalAuthority(); URI serviceURI = localAuth.getServiceURI(Standards.UMS_USERS_01.toASCIIString()); UserClient userClient = new UserClient(serviceURI); userClient.augmentSubject(subject); return null; } };
@Override public NumericPrincipal run() throws Exception { LocalAuthority localAuth = new LocalAuthority(); URI serviceURI = localAuth.getServiceURI(Standards.UMS_USERS_01.toASCIIString()); UserClient userClient = new UserClient(serviceURI); User newUser = userClient.createUser(x500Principal); Set<NumericPrincipal> set = newUser.getIdentities(NumericPrincipal.class); if (set.isEmpty()) { throw new IllegalStateException("missing internal id"); } return set.iterator().next(); } };
private boolean isMember(Principal userID, String groupName, Role role) throws UserNotFoundException, AccessControlException, IOException { Group group = getMembership(groupName, role); return group != null; }
public int compareTo(Object t) { if (this.equals(t)) return 0; return -1; // wonder if this is sketchy } }
/** * Check group membership of the current Subject. * * @param groupName * @return true if the current Subject is a member of the group, false otherwise * @throws UserNotFoundException * @throws AccessControlException * @throws IOException */ public boolean isMember(String groupName) throws UserNotFoundException, AccessControlException, IOException { return isMember(groupName, Role.MEMBER); }
/** * @param sslSocketFactory the sslSocketFactory to set */ public void setSSLSocketFactory(SSLSocketFactory sslSocketFactory) { if (mySocketFactory != null) throw new IllegalStateException("Illegal use of GMSClient: " + "cannot set SSLSocketFactory after using one created from Subject"); this.sslSocketFactory = sslSocketFactory; clearCache(); }
protected void clearCache() { AccessControlContext acContext = AccessController.getContext(); Subject subject = Subject.getSubject(acContext); if (subject != null) { subject.getPrivateCredentials().remove(new GroupMemberships()); } }
protected Group getCachedGroup(Principal userID, String groupID, Role role) { List<Group> groups = getCachedGroups(userID, role, false); if (groups == null) return null; // no cache for (Group g : groups) { if (g.getID().getName().equals(groupID)) return g; } return null; } protected List<Group> getCachedGroups(Principal userID, Role role, boolean complete)
protected void addCachedGroup(Principal userID, Group group, Role role) { GroupMemberships mems = getGroupCache(userID); if (mems == null) return; // no cache mems.add(group, role); }
public GroupMemberships() { init(); }
@Override public Object getWritePermission(URI uri) throws AccessControlException, FileNotFoundException, TransientException { checkMembership(); return null; }
/** * Return the group, specified by parameter groupName, if the user, * identified by userID, is a member of that group. Return null * otherwise. * * This call is identical to getMemberShip(userID, groupName, Role.MEMBER) * * @param groupName Identifies the group. * @return The group or null of the user is not a member. * @throws UserNotFoundException If the user does not exist. * @throws AccessControlException If not allowed to peform the search. * @throws IllegalArgumentException If a parameter is null. * @throws IOException If an unknown error occured. */ public Group getMembership(String groupName) throws UserNotFoundException, AccessControlException, IOException { return getMembership(groupName, Role.MEMBER); }