Permalink
Browse files

Merge branch 'buzz4-30-10' of git@github.com:nimbusproject/nimbus int…

…o buzz4-30-10
  • Loading branch information...
2 parents 8f50fa1 + 711c192 commit 82d4c4f2f8a7e5d4ee23145a4c0cca3cc532b368 BuzzTroll committed Jun 8, 2010
@@ -22,6 +22,8 @@
<orderEntry type="module" module-name="common" />
<orderEntry type="module" module-name="ec2soap" />
<orderEntry type="library" name="test-libs" level="project" />
+ <orderEntry type="module" module-name="workspace-service" />
+ <orderEntry type="library" name="workspace-service-libs" level="project" />
</component>
</module>
@@ -12,6 +12,7 @@ nimbus.messaging.query.lib.dir=../../../../lib/services
nimbus.messaging.gt4_0.common.dist.dir=../../../gt4.0/java/common/dist/
nimbus.messaging.gt4_0-elastic.dist.dir=../../../gt4.0-elastic/java/msgbridge/dist/
nimbus.service.api.dist.dir=../../../../service-api/java/source/dist/
+nimbus.service.dist.dir=../../../../service/service/java/source/dist/
# (gar is the 'dist' of stubs but we only want the jars... will be better later)
vws.gt4_0.stubs.build.lib.dir=../../../gt4.0-elastic/java/stubs/build/lib/
@@ -74,6 +74,10 @@
<include name="*.jar"/>
</fileset>
+ <fileset dir="${nimbus.service.dist.dir}">
+ <include name="*.jar"/>
+ </fileset>
+
</path>
<target name="compile" depends="init">
@@ -49,11 +49,27 @@ http://cxf.apache.org/schemas/jaxrs.xsd">
<property name="userDetailsService" ref="userDetailsService"/>
</bean>
-
- <bean id="userDetailsService" class="org.nimbustools.messaging.query.security.FileUserDetailsService">
- <constructor-arg value="$QUERY{query.usermap.path}"/>
+ <bean id="other.AuthzDataSource"
+ class="org.apache.commons.dbcp.BasicDataSource">
+ <property name="driverClassName" value="org.sqlite.JDBC" />
+ <property name="maxActive" value="10" />
+ <property name="maxIdle" value="4" />
+ <property name="maxWait" value="2000" />
+ <property name="poolPreparedStatements" value="true" />
+
+ <property name="url"
+ value="jdbc:sqlite://$COMMON{cumulus.authz.db}" />
+ <property name="username" value="nimbus"/>
+ <property name="password" value="nimbus"/>
+ </bean>
+
+ <bean id="authzDBAdapter" class="org.globus.workspace.sqlauthz.AuthzDBAdapter">
+ <constructor-arg ref="other.AuthzDataSource"/>
</bean>
+ <bean id="userDetailsService" class="org.nimbustools.messaging.query.security.NimbusAuthzUserDetailsService">
+ <property name="authzDBAdapter" ref="authzDBAdapter" />
+ </bean>
<bean id="elasticQuery" class="org.nimbustools.messaging.query.ElasticQuery">
<property name="versions">
@@ -0,0 +1,142 @@
+/*
+ * Copyright 1999-2010 University of Chicago
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy
+ * of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+package org.nimbustools.messaging.query.security;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.globus.workspace.persistence.WorkspaceDatabaseException;
+import org.globus.workspace.sqlauthz.AuthzDBAdapter;
+import org.globus.workspace.sqlauthz.UserAlias;
+import org.springframework.beans.factory.InitializingBean;
+import org.springframework.dao.DataAccessException;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+
+import java.util.List;
+
+public class NimbusAuthzUserDetailsService
+ implements QueryUserDetailsService, InitializingBean {
+
+ private static final Log logger =
+ LogFactory.getLog(NimbusAuthzUserDetailsService.class.getName());
+
+ private AuthzDBAdapter authzDBAdapter;
+
+
+ public QueryUser loadUserByUsername(String username)
+ throws UsernameNotFoundException, DataAccessException {
+
+ if (username == null) {
+ throw new IllegalArgumentException("username may not be null");
+ }
+
+ try {
+ final String userId = authzDBAdapter.getCanonicalUserIdFromS3(username);
+ final List<UserAlias> aliasList = authzDBAdapter.getUserAliases(userId);
+
+ String secret = null;
+ String dn = null;
+
+ for (UserAlias alias : aliasList) {
+ final int type = alias.getAliasType();
+ final String name = alias.getAliasName();
+ if (type == AuthzDBAdapter.ALIAS_TYPE_S3 &&
+ username.equals(name)) {
+ if (secret == null) {
+ secret = alias.getAliasTypeData();
+ } else {
+
+ final boolean match = secret.equals(alias.getAliasTypeData());
+ final String secretState = match ? "Secrets match." : "Secrets don't match.";
+ logger.warn(
+ String.format("Found multiple query user aliases for canonical user %s. %s",
+ userId, secretState));
+ }
+ } else if (type == AuthzDBAdapter.ALIAS_TYPE_DN) {
+ if (dn == null) {
+ dn = name;
+ } else {
+ logger.warn(String.format(
+ "Found multiple DN user aliases for canonical user %s('%s' and '%s')",
+ userId, dn, name));
+ }
+ }
+ }
+
+ if (secret == null || dn == null) {
+ throw new UsernameNotFoundException("User record is missing or incomplete");
+ }
+
+ return new QueryUser(username,secret, dn);
+
+
+ } catch (WorkspaceDatabaseException e) {
+ throw new UsernameNotFoundException("Failed to retrieve credentials for access ID " + username, e);
+ }
+ }
+
+ public QueryUser loadUserByDn(String dn)
+ throws UsernameNotFoundException, DataAccessException {
+
+ if (dn == null) {
+ throw new IllegalArgumentException("dn may not be null");
+ }
+
+ try {
+ final String userId = authzDBAdapter.getCanonicalUserIdFromDn(dn);
+ final List<UserAlias> aliasList = authzDBAdapter.getUserAliases(userId);
+
+ String accessId = null;
+ String secret = null;
+
+ for (UserAlias alias : aliasList) {
+ if (alias.getAliasType() == AuthzDBAdapter.ALIAS_TYPE_S3) {
+ if (accessId == null) {
+ secret = alias.getAliasTypeData();
+ accessId = alias.getAliasName();
+ } else {
+ logger.warn(String.format(
+ "Found multiple query user aliases for canonical user %s. Using the first one (%s)",
+ userId, accessId));
+ }
+ }
+ }
+
+ if (secret == null || accessId == null) {
+ throw new UsernameNotFoundException("User DN '" + dn + "' does not map to query credentials");
+ }
+
+ return new QueryUser(accessId, secret, dn);
+
+
+ } catch (WorkspaceDatabaseException e) {
+ throw new UsernameNotFoundException("Failed to retrieve query credentials for DN '" + dn + "'", e);
+ }
+ }
+
+ public void afterPropertiesSet() throws Exception {
+ if (this.authzDBAdapter == null) {
+ throw new IllegalArgumentException("authzDBAdapter may not be null");
+ }
+ }
+
+ public AuthzDBAdapter getAuthzDBAdapter() {
+ return authzDBAdapter;
+ }
+
+ public void setAuthzDBAdapter(AuthzDBAdapter authzDBAdapter) {
+ this.authzDBAdapter = authzDBAdapter;
+ }
+}
@@ -7,6 +7,8 @@
import javax.sql.DataSource;
import java.sql.*;
+import java.util.ArrayList;
+import java.util.List;
/**
* Created by John Bresnahan
@@ -30,6 +32,7 @@
private static final String GET_USER_QUOTA = "SELECT quota from object_quota where user_id = ? and object_type = ?";
private static final String GET_FILE_SIZE = "SELECT object_size FROM objects WHERE id = ?";
private static final String GET_FILE_OWNER = "SELECT owner_id FROM objects WHERE id = ?";
+ private static final String GET_USER_ALIAS = "SELECT alias_name, friendly_name, alias_type, alias_type_data from user_alias WHERE user_id = ?";
public static final int ALIAS_TYPE_S3 = 1;
public static final int ALIAS_TYPE_DN = 2;
@@ -66,6 +69,56 @@ public String getCanonicalUserIdFromDn(
return getCanonicalUserIdFromAlias(name, ALIAS_TYPE_DN);
}
+ public List<UserAlias> getUserAliases(String userId)
+ throws WorkspaceDatabaseException
+ {
+ Connection c = null;
+ PreparedStatement pstmt = null;
+
+ try
+ {
+ c = getConnection();
+ pstmt = c.prepareStatement(GET_USER_ALIAS);
+ pstmt.setString(1, userId);
+ logger.debug("getting user alias " + pstmt.toString());
+ ResultSet rs = pstmt.executeQuery();
+
+ final List<UserAlias> aliases = new ArrayList<UserAlias>();
+
+ while(rs.next())
+ {
+ aliases.add(new UserAlias(userId, rs.getString("alias_name"),
+ rs.getString("friendly_name"), rs.getInt("alias_type"),
+ rs.getString("alias_type_data")));
+ }
+ return aliases;
+ }
+ catch(SQLException e)
+ {
+ logger.error("",e);
+ throw new WorkspaceDatabaseException(e);
+ }
+ finally
+ {
+ try
+ {
+ if (pstmt != null)
+ {
+ pstmt.close();
+ }
+ if (c != null)
+ {
+ returnConnection(c);
+ }
+ }
+ catch (SQLException sql)
+ {
+ logger.error("SQLException in finally cleanup", sql);
+ }
+ }
+
+ }
+
public long getFileSize(
int fileId)
throws WorkspaceDatabaseException
@@ -0,0 +1,53 @@
+/*
+ * Copyright 1999-2010 University of Chicago
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy
+ * of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+package org.globus.workspace.sqlauthz;
+
+public class UserAlias {
+
+ private String userId;
+ private String aliasName;
+ private String friendlyName;
+ private int aliasType;
+ private String aliasTypeData;
+
+ public UserAlias(String userId, String aliasName, String friendlyName, int aliasType, String aliasTypeData) {
+ this.userId = userId;
+ this.aliasName = aliasName;
+ this.friendlyName = friendlyName;
+ this.aliasType = aliasType;
+ this.aliasTypeData = aliasTypeData;
+ }
+
+ public String getUserId() {
+ return userId;
+ }
+
+ public String getAliasName() {
+ return aliasName;
+ }
+
+ public String getFriendlyName() {
+ return friendlyName;
+ }
+
+ public int getAliasType() {
+ return aliasType;
+ }
+
+ public String getAliasTypeData() {
+ return aliasTypeData;
+ }
+}

0 comments on commit 82d4c4f

Please sign in to comment.