Skip to content

Commit

Permalink
Merge pull request #168 from pdowler/master
Browse files Browse the repository at this point in the history 
requireCompletePosixPrincipal bug fix
  • Loading branch information
@pdowler
pdowler authored Apr 11, 2024
2 parents 2333e0f + 4a89b82 commit 2d178c4
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 4 deletions.
2 changes: 1 addition & 1 deletion cadc-access-control-identity/build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ repositories {
sourceCompatibility = 1.8
group = 'org.opencadc'

version = '1.2.4'
version = '1.2.5'

description = 'OpenCADC IdentityManager plugin library'
def git_url = 'https://github.com/opencadc/ac'
Expand Down
18 changes: 15 additions & 3 deletions cadc-access-control-identity/src/main/java/ca/nrc/cadc/ac/ACIdentityManager.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -105,7 +105,7 @@ public class ACIdentityManager implements IdentityManager {
private static final Logger log = Logger.getLogger(ACIdentityManager.class);

private static final Set<URI> SEC_METHODS;
private static final String PP_PROP = ACIdentityManager.class.getName() + "requireCompletePosixPrincipal";
private static final String PP_PROP = ACIdentityManager.class.getName() + ".requireCompletePosixPrincipal";

private final boolean requireCompletePosixPrincipal;

Expand All @@ -119,7 +119,11 @@ public class ACIdentityManager implements IdentityManager {
}

public ACIdentityManager() {
this.requireCompletePosixPrincipal = "true".equals(System.getProperty(PP_PROP));
String pval = System.getProperty(PP_PROP);
if (pval != null) {
pval = pval.trim();
}
this.requireCompletePosixPrincipal = "true".equals(pval);
}

@Override
Expand All @@ -134,10 +138,13 @@ public Subject validate(Subject subject) throws NotAuthenticatedException {

@Override
public Subject augment(final Subject subject) {
log.debug("augment START: " + subject);
if (subject == null) {
log.debug("augment DONE null: " + subject);
return subject;
}
if (subject.getPrincipals().isEmpty()) {
log.debug("augment DONE no principals: " + subject);
return subject;
}

Expand All @@ -146,10 +153,14 @@ public Subject augment(final Subject subject) {

if (requireCompletePosixPrincipal) {
PosixPrincipal pp = getPosixPrincipal(subject);
needAugment = needAugment || (pp == null || pp.defaultGroup == null || pp.username == null); // missing or incomplete
log.debug("augment check posix: " + pp);
needAugment = needAugment || pp == null || pp.defaultGroup == null || pp.username == null; // missing or incomplete
} else {
log.debug("augment: requireCompletePosixPrincipal=false");
}

if (!needAugment) {
log.debug("augment DONE needAugment=false: " + subject);
return subject;
}

Expand All @@ -167,6 +178,7 @@ public Object run() throws Exception {

Subject servopsSubject = CredUtil.createOpsSubject();
Subject.doAs(servopsSubject, action);
log.debug("augment DONE w/ UserClient: " + subject);
return subject;
} catch (PrivilegedActionException e) {
String msg = "Error augmenting subject " + subject;
Expand Down

0 comments on commit 2d178c4

Please sign in to comment.