summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEndi Sukma Dewata <edewata@redhat.com>2013-02-11 22:01:56 -0500
committerEndi Sukma Dewata <edewata@redhat.com>2013-02-11 22:01:56 -0500
commita405515d3b2ef8f6e22ef3ecc2d7eed3081bec1d (patch)
treebc02986474ff734e06d58283a9f578d2dd96a27d
parent80051c61d361ff2c6051a9965f903817bc168464 (diff)
downloadpki-ticket-190.zip
pki-ticket-190.tar.gz
pki-ticket-190.tar.xz
Added user-add/remove-membership CLI.ticket-190
-rw-r--r--base/common/src/com/netscape/certsrv/group/GroupMemberCollection.java4
-rw-r--r--base/common/src/com/netscape/certsrv/group/GroupMemberData.java36
-rw-r--r--base/common/src/com/netscape/certsrv/user/UserClient.java10
-rw-r--r--base/common/src/com/netscape/certsrv/user/UserMembershipCollection.java4
-rw-r--r--base/common/src/com/netscape/certsrv/user/UserMembershipData.java37
-rw-r--r--base/common/src/com/netscape/certsrv/user/UserMembershipResource.java17
-rw-r--r--base/common/src/com/netscape/cms/servlet/admin/GroupMemberService.java315
-rw-r--r--base/common/src/com/netscape/cms/servlet/admin/GroupProcessor.java393
-rw-r--r--base/common/src/com/netscape/cms/servlet/admin/UserCertService.java4
-rw-r--r--base/common/src/com/netscape/cms/servlet/admin/UserMembershipService.java60
-rw-r--r--base/common/src/com/netscape/cms/servlet/admin/UserService.java2
-rw-r--r--base/common/src/com/netscape/cms/servlet/processors/Processor.java49
-rw-r--r--base/java-tools/src/com/netscape/cmstools/group/GroupCLI.java2
-rw-r--r--base/java-tools/src/com/netscape/cmstools/user/UserAddMembershipCLI.java57
-rw-r--r--base/java-tools/src/com/netscape/cmstools/user/UserCLI.java4
-rw-r--r--base/java-tools/src/com/netscape/cmstools/user/UserRemoveMembershipCLI.java54
-rw-r--r--base/util/src/netscape/security/x509/AuthorityKeyIdentifierExtension.java2
17 files changed, 724 insertions, 326 deletions
diff --git a/base/common/src/com/netscape/certsrv/group/GroupMemberCollection.java b/base/common/src/com/netscape/certsrv/group/GroupMemberCollection.java
index d19d939..03474d2 100644
--- a/base/common/src/com/netscape/certsrv/group/GroupMemberCollection.java
+++ b/base/common/src/com/netscape/certsrv/group/GroupMemberCollection.java
@@ -68,11 +68,11 @@ public class GroupMemberCollection {
GroupMemberCollection response = new GroupMemberCollection();
GroupMemberData member1 = new GroupMemberData();
- member1.setID("User 1");
+ member1.setUserID("User 1");
response.addMember(member1);
GroupMemberData member2 = new GroupMemberData();
- member2.setID("User 2");
+ member2.setUserID("User 2");
response.addMember(member2);
JAXBContext context = JAXBContext.newInstance(GroupMemberCollection.class);
diff --git a/base/common/src/com/netscape/certsrv/group/GroupMemberData.java b/base/common/src/com/netscape/certsrv/group/GroupMemberData.java
index 11f3a21..4bf9eda 100644
--- a/base/common/src/com/netscape/certsrv/group/GroupMemberData.java
+++ b/base/common/src/com/netscape/certsrv/group/GroupMemberData.java
@@ -33,18 +33,28 @@ import com.netscape.certsrv.common.Constants;
@XmlRootElement(name="GroupMember")
public class GroupMemberData {
- String id;
+ String groupID;
+ String userID;
Link link;
+ @XmlAttribute(name="GroupID")
+ public String getGroupID() {
+ return groupID;
+ }
+
+ public void setGroupID(String groupID) {
+ this.groupID = groupID;
+ }
+
@FormParam(Constants.PR_GROUP_USER)
- @XmlAttribute(name="id")
- public String getID() {
- return id;
+ @XmlAttribute(name="UserID")
+ public String getUserID() {
+ return userID;
}
- public void setID(String id) {
- this.id = id;
+ public void setUserID(String userID) {
+ this.userID = userID;
}
@XmlElement(name="Link")
@@ -60,7 +70,8 @@ public class GroupMemberData {
public int hashCode() {
final int prime = 31;
int result = 1;
- result = prime * result + ((id == null) ? 0 : id.hashCode());
+ result = prime * result + ((groupID == null) ? 0 : groupID.hashCode());
+ result = prime * result + ((userID == null) ? 0 : userID.hashCode());
return result;
}
@@ -73,10 +84,15 @@ public class GroupMemberData {
if (getClass() != obj.getClass())
return false;
GroupMemberData other = (GroupMemberData) obj;
- if (id == null) {
- if (other.id != null)
+ if (groupID == null) {
+ if (other.groupID != null)
+ return false;
+ } else if (!groupID.equals(other.groupID))
+ return false;
+ if (userID == null) {
+ if (other.userID != null)
return false;
- } else if (!id.equals(other.id))
+ } else if (!userID.equals(other.userID))
return false;
return true;
}
diff --git a/base/common/src/com/netscape/certsrv/user/UserClient.java b/base/common/src/com/netscape/certsrv/user/UserClient.java
index 87fe391..2dd3503 100644
--- a/base/common/src/com/netscape/certsrv/user/UserClient.java
+++ b/base/common/src/com/netscape/certsrv/user/UserClient.java
@@ -95,4 +95,14 @@ public class UserClient extends PKIClient {
public UserMembershipCollection findUserMemberships(String userID, Integer start, Integer size) {
return userMembershipClient.findUserMemberships(userID, start, size);
}
+
+ public UserMembershipData addUserMembership(String userID, String groupID) {
+ @SuppressWarnings("unchecked")
+ ClientResponse<UserMembershipData> response = (ClientResponse<UserMembershipData>)userMembershipClient.addUserMembership(userID, groupID);
+ return getEntity(response);
+ }
+
+ public void removeUserMembership(String userD, String groupID) {
+ userMembershipClient.removeUserMembership(userD, groupID);
+ }
}
diff --git a/base/common/src/com/netscape/certsrv/user/UserMembershipCollection.java b/base/common/src/com/netscape/certsrv/user/UserMembershipCollection.java
index f7646d2..6248919 100644
--- a/base/common/src/com/netscape/certsrv/user/UserMembershipCollection.java
+++ b/base/common/src/com/netscape/certsrv/user/UserMembershipCollection.java
@@ -68,11 +68,11 @@ public class UserMembershipCollection {
UserMembershipCollection response = new UserMembershipCollection();
UserMembershipData membership1 = new UserMembershipData();
- membership1.setID("Group 1");
+ membership1.setGroupID("Group 1");
response.addMembership(membership1);
UserMembershipData membership2 = new UserMembershipData();
- membership2.setID("Group 2");
+ membership2.setGroupID("Group 2");
response.addMembership(membership2);
JAXBContext context = JAXBContext.newInstance(UserMembershipCollection.class);
diff --git a/base/common/src/com/netscape/certsrv/user/UserMembershipData.java b/base/common/src/com/netscape/certsrv/user/UserMembershipData.java
index 6d5a51e..c7d7571 100644
--- a/base/common/src/com/netscape/certsrv/user/UserMembershipData.java
+++ b/base/common/src/com/netscape/certsrv/user/UserMembershipData.java
@@ -19,7 +19,6 @@
package com.netscape.certsrv.user;
import javax.ws.rs.FormParam;
-import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement;
@@ -33,18 +32,28 @@ import com.netscape.certsrv.common.Constants;
@XmlRootElement(name="UserMembership")
public class UserMembershipData {
- String id;
+ String userID;
+ String groupID;
Link link;
+ @XmlElement(name="UserID")
+ public String getUserID() {
+ return userID;
+ }
+
+ public void setUserID(String userID) {
+ this.userID = userID;
+ }
+
+ @XmlElement(name="GroupID")
@FormParam(Constants.PR_GROUP_USER)
- @XmlAttribute(name="id")
- public String getID() {
- return id;
+ public String getGroupID() {
+ return groupID;
}
- public void setID(String id) {
- this.id = id;
+ public void setGroupID(String groupID) {
+ this.groupID = groupID;
}
@XmlElement(name="Link")
@@ -60,7 +69,8 @@ public class UserMembershipData {
public int hashCode() {
final int prime = 31;
int result = 1;
- result = prime * result + ((id == null) ? 0 : id.hashCode());
+ result = prime * result + ((groupID == null) ? 0 : groupID.hashCode());
+ result = prime * result + ((userID == null) ? 0 : userID.hashCode());
return result;
}
@@ -73,10 +83,15 @@ public class UserMembershipData {
if (getClass() != obj.getClass())
return false;
UserMembershipData other = (UserMembershipData) obj;
- if (id == null) {
- if (other.id != null)
+ if (groupID == null) {
+ if (other.groupID != null)
+ return false;
+ } else if (!groupID.equals(other.groupID))
+ return false;
+ if (userID == null) {
+ if (other.userID != null)
return false;
- } else if (!id.equals(other.id))
+ } else if (!userID.equals(other.userID))
return false;
return true;
}
diff --git a/base/common/src/com/netscape/certsrv/user/UserMembershipResource.java b/base/common/src/com/netscape/certsrv/user/UserMembershipResource.java
index 193af51..eedc2c9 100644
--- a/base/common/src/com/netscape/certsrv/user/UserMembershipResource.java
+++ b/base/common/src/com/netscape/certsrv/user/UserMembershipResource.java
@@ -18,12 +18,18 @@
package com.netscape.certsrv.user;
+import javax.ws.rs.Consumes;
+import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
+import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+
+import org.jboss.resteasy.annotations.ClientResponseType;
import com.netscape.certsrv.acls.ACLMapping;
@@ -40,4 +46,15 @@ public interface UserMembershipResource {
@PathParam("userID") String userID,
@QueryParam("start") Integer start,
@QueryParam("size") Integer size);
+
+ @POST
+ @ClientResponseType(entityType=UserMembershipData.class)
+ @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
+ @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
+ public Response addUserMembership(@PathParam("userID") String userID, String groupID);
+
+ @DELETE
+ @Path("{groupID}")
+ @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
+ public void removeUserMembership(@PathParam("userID") String userID, @PathParam("groupID") String groupID);
}
diff --git a/base/common/src/com/netscape/cms/servlet/admin/GroupMemberService.java b/base/common/src/com/netscape/cms/servlet/admin/GroupMemberService.java
index cd17f5b..a6dd58a 100644
--- a/base/common/src/com/netscape/cms/servlet/admin/GroupMemberService.java
+++ b/base/common/src/com/netscape/cms/servlet/admin/GroupMemberService.java
@@ -18,35 +18,20 @@
package com.netscape.cms.servlet.admin;
-import java.net.URI;
-import java.net.URLEncoder;
-import java.util.Enumeration;
import java.util.Map;
-import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
-import org.jboss.resteasy.plugins.providers.atom.Link;
-
import com.netscape.certsrv.apps.CMS;
-import com.netscape.certsrv.base.BadRequestException;
-import com.netscape.certsrv.base.ConflictingOperationException;
-import com.netscape.certsrv.base.IConfigStore;
+import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.PKIException;
-import com.netscape.certsrv.base.ResourceNotFoundException;
-import com.netscape.certsrv.base.SessionContext;
import com.netscape.certsrv.common.OpDef;
import com.netscape.certsrv.common.ScopeDef;
import com.netscape.certsrv.group.GroupMemberCollection;
import com.netscape.certsrv.group.GroupMemberData;
import com.netscape.certsrv.group.GroupMemberResource;
-import com.netscape.certsrv.group.GroupNotFoundException;
-import com.netscape.certsrv.logging.AuditFormat;
import com.netscape.certsrv.logging.IAuditor;
import com.netscape.certsrv.logging.ILogger;
-import com.netscape.certsrv.user.UserResource;
-import com.netscape.certsrv.usrgrp.IGroup;
-import com.netscape.certsrv.usrgrp.IUGSubsystem;
import com.netscape.cms.servlet.base.PKIService;
/**
@@ -54,311 +39,67 @@ import com.netscape.cms.servlet.base.PKIService;
*/
public class GroupMemberService extends PKIService implements GroupMemberResource {
- public final static int DEFAULT_SIZE = 20;
-
- public final static String MULTI_ROLE_ENABLE = "multiroles.enable";
- public final static String MULTI_ROLE_ENFORCE_GROUP_LIST = "multiroles.false.groupEnforceList";
-
- public static String[] multiRoleGroupEnforceList;
-
- public IUGSubsystem userGroupManager = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG);
-
- public GroupMemberData createGroupMemberData(String memberID) throws Exception {
-
- GroupMemberData groupMemberData = new GroupMemberData();
-
- groupMemberData.setID(memberID);
-
- String userID = URLEncoder.encode(memberID, "UTF-8");
- URI uri = uriInfo.getBaseUriBuilder().path(UserResource.class).path("{userID}").build(userID);
- groupMemberData.setLink(new Link("self", uri));
-
- return groupMemberData;
- }
-
@Override
public GroupMemberCollection findGroupMembers(String groupID, Integer start, Integer size) {
try {
- start = start == null ? 0 : start;
- size = size == null ? DEFAULT_SIZE : size;
-
- if (groupID == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
- throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
- }
+ GroupProcessor processor = new GroupProcessor(getLocale());
+ processor.setUriInfo(uriInfo);
+ return processor.findGroupMembers(groupID, start, size);
- IGroup group = userGroupManager.getGroupFromName(groupID);
- if (group == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_GROUP_NOT_EXIST"));
- throw new GroupNotFoundException(groupID);
- }
-
- GroupMemberCollection response = new GroupMemberCollection();
-
- Enumeration<String> members = group.getMemberNames();
-
- int i = 0;
-
- // skip to the start of the page
- for ( ; i<start && members.hasMoreElements(); i++) members.nextElement();
-
- // return entries up to the page size
- for ( ; i<start+size && members.hasMoreElements(); i++) {
- String memberID = members.nextElement();
- response.addMember(createGroupMemberData(memberID));
- }
-
- // count the total entries
- for ( ; members.hasMoreElements(); i++) members.nextElement();
-
- if (start > 0) {
- URI uri = uriInfo.getRequestUriBuilder().replaceQueryParam("start", Math.max(start-size, 0)).build();
- response.addLink(new Link("prev", uri));
- }
-
- if (start+size < i) {
- URI uri = uriInfo.getRequestUriBuilder().replaceQueryParam("start", start+size).build();
- response.addLink(new Link("next", uri));
- }
-
- return response;
-
- } catch (PKIException e) {
- throw e;
-
- } catch (Exception e) {
+ } catch (EBaseException e) {
CMS.debug(e);
throw new PKIException(getUserMessage("CMS_INTERNAL_ERROR"));
}
}
@Override
- public Response addGroupMember(String groupID, String memberID) {
- GroupMemberData groupMemberData = new GroupMemberData();
- groupMemberData.setID(memberID);
- return addGroupMember(groupID, groupMemberData);
- }
-
- public Response addGroupMember(String groupID, GroupMemberData groupMemberData) {
-
+ public GroupMemberData getGroupMember(String groupID, String memberID) {
try {
- if (groupID == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
- throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
- }
-
- IGroup group = userGroupManager.getGroupFromName(groupID);
- if (group == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_GROUP_NOT_EXIST"));
- throw new GroupNotFoundException(groupID);
- }
-
- String memberID = groupMemberData.getID();
- boolean multiRole = true;
-
- try {
- IConfigStore config = CMS.getConfigStore();
- multiRole = config.getBoolean(MULTI_ROLE_ENABLE);
- } catch (Exception e) {
- // ignore
- }
-
- if (multiRole) {
- // a user can be a member of multiple groups
- userGroupManager.addUserToGroup(group, memberID);
-
- } else {
- // a user can be a member of at most one group in the enforce list
- if (isGroupInMultiRoleEnforceList(groupID)) {
- // make sure the user is not already a member in another group in the list
- if (!isDuplicate(groupID, memberID)) {
- userGroupManager.addUserToGroup(group, memberID);
- } else {
- throw new ConflictingOperationException(CMS.getUserMessage("CMS_BASE_DUPLICATE_ROLES", memberID));
- }
-
- } else {
- // the user can be a member of multiple groups outside the list
- userGroupManager.addUserToGroup(group, memberID);
- }
- }
-
- // for audit log
- SessionContext sContext = SessionContext.getContext();
- String adminId = (String) sContext.get(SessionContext.USER_ID);
-
- logger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP,
- AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT,
- new Object[] { adminId, memberID, groupID });
-
- auditAddGroupMember(groupID, groupMemberData, ILogger.SUCCESS);
-
- // read the data back
- groupMemberData = getGroupMember(groupID, memberID);
-
- return Response
- .created(groupMemberData.getLink().getHref())
- .entity(groupMemberData)
- .type(MediaType.APPLICATION_XML)
- .build();
-
- } catch (PKIException e) {
- auditAddGroupMember(groupID, groupMemberData, ILogger.FAILURE);
- throw e;
+ GroupProcessor processor = new GroupProcessor(getLocale());
+ processor.setUriInfo(uriInfo);
+ return processor.getGroupMember(groupID, memberID);
} catch (Exception e) {
log(ILogger.LL_FAILURE, e.toString());
- auditAddGroupMember(groupID, groupMemberData, ILogger.FAILURE);
- throw new PKIException(getUserMessage("CMS_USRGRP_USER_ADD_FAILED"));
- }
- }
-
- public boolean isGroupInMultiRoleEnforceList(String groupID) {
-
- if (groupID == null || groupID.equals("")) {
- return true;
- }
-
- String groupList = null;
- if (multiRoleGroupEnforceList == null) {
- try {
- IConfigStore config = CMS.getConfigStore();
- groupList = config.getString(MULTI_ROLE_ENFORCE_GROUP_LIST);
- } catch (Exception e) {
- // ignore
- }
-
- if (groupList != null && !groupList.equals("")) {
- multiRoleGroupEnforceList = groupList.split(",");
- for (int j = 0; j < multiRoleGroupEnforceList.length; j++) {
- multiRoleGroupEnforceList[j] = multiRoleGroupEnforceList[j].trim();
- }
- }
- }
-
- if (multiRoleGroupEnforceList == null)
- return true;
-
- for (int i = 0; i < multiRoleGroupEnforceList.length; i++) {
- if (groupID.equals(multiRoleGroupEnforceList[i])) {
- return true;
- }
- }
-
- return false;
- }
-
- public boolean isDuplicate(String groupID, String memberID) {
-
- // Let's not mess with users that are already a member of this group
- try {
- boolean isMember = userGroupManager.isMemberOf(memberID, groupID);
- if (isMember == true) return false;
-
- } catch (Exception e) {
- // ignore
- }
-
- try {
- Enumeration<IGroup> groups = userGroupManager.listGroups("*");
- while (groups.hasMoreElements()) {
- IGroup group = groups.nextElement();
- String name = group.getName();
-
- Enumeration<IGroup> g = userGroupManager.findGroups(name);
- IGroup g1 = g.nextElement();
-
- if (!name.equals(groupID)) {
- if (isGroupInMultiRoleEnforceList(name)) {
- Enumeration<String> members = g1.getMemberNames();
- while (members.hasMoreElements()) {
- String m1 = members.nextElement();
- if (m1.equals(memberID))
- return true;
- }
- }
- }
- }
- } catch (Exception e) {
- // ignore
+ throw new PKIException(e.getMessage());
}
-
- return false;
}
@Override
- public GroupMemberData getGroupMember(String groupID, String memberID) {
+ public Response addGroupMember(String groupID, String memberID) {
+ GroupMemberData groupMemberData = new GroupMemberData();
+ groupMemberData.setGroupID(groupID);
+ groupMemberData.setUserID(memberID);
+ return addGroupMember(groupID, groupMemberData);
+ }
+ public Response addGroupMember(String groupID, GroupMemberData groupMemberData) {
try {
- if (groupID == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
- throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
- }
-
- IGroup group = userGroupManager.getGroupFromName(groupID);
- if (group == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_GROUP_NOT_EXIST"));
- throw new GroupNotFoundException(groupID);
- }
-
- Enumeration<String> e = group.getMemberNames();
- while (e.hasMoreElements()) {
- String memberName = e.nextElement();
- if (!memberName.equals(memberID)) continue;
-
- GroupMemberData groupMemberData = createGroupMemberData(memberID);
- return groupMemberData;
- }
-
- throw new ResourceNotFoundException("Group member " + memberID + " not found");
-
- } catch (PKIException e) {
- throw e;
+ GroupProcessor processor = new GroupProcessor(getLocale());
+ processor.setUriInfo(uriInfo);
+ return processor.addGroupMember(groupID, groupMemberData);
- } catch (Exception e) {
+ } catch (EBaseException e) {
log(ILogger.LL_FAILURE, e.toString());
- throw new PKIException(e.getMessage());
+ auditAddGroupMember(groupID, groupMemberData, ILogger.FAILURE);
+ throw new PKIException(getUserMessage("CMS_USRGRP_USER_ADD_FAILED"));
}
}
@Override
public void removeGroupMember(String groupID, String memberID) {
GroupMemberData groupMemberData = new GroupMemberData();
- groupMemberData.setID(memberID);
+ groupMemberData.setUserID(memberID);
removeGroupMember(groupID, groupMemberData);
}
public void removeGroupMember(String groupID, GroupMemberData groupMemberData) {
try {
- if (groupID == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
- throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
- }
-
- IGroup group = userGroupManager.getGroupFromName(groupID);
- if (group == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_GROUP_NOT_EXIST"));
- throw new GroupNotFoundException(groupID);
- }
-
- String member = groupMemberData.getID();
- userGroupManager.removeUserFromGroup(group, member);
+ GroupProcessor processor = new GroupProcessor(getLocale());
+ processor.setUriInfo(uriInfo);
+ processor.removeGroupMember(groupID, groupMemberData.getUserID());
- // for audit log
- SessionContext sContext = SessionContext.getContext();
- String adminId = (String) sContext.get(SessionContext.USER_ID);
-
- logger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP,
- AuditFormat.LEVEL, AuditFormat.REMOVEUSERGROUPFORMAT,
- new Object[] { adminId, member, groupID });
-
- auditDeleteGroupMember(groupID, groupMemberData, ILogger.SUCCESS);
-
- } catch (PKIException e) {
- auditDeleteGroupMember(groupID, groupMemberData, ILogger.FAILURE);
- throw e;
-
- } catch (Exception e) {
+ } catch (EBaseException e) {
log(ILogger.LL_FAILURE, e.toString());
auditDeleteGroupMember(groupID, groupMemberData, ILogger.FAILURE);
throw new PKIException(getUserMessage("CMS_USRGRP_USER_ADD_FAILED"));
diff --git a/base/common/src/com/netscape/cms/servlet/admin/GroupProcessor.java b/base/common/src/com/netscape/cms/servlet/admin/GroupProcessor.java
new file mode 100644
index 0000000..8f92074
--- /dev/null
+++ b/base/common/src/com/netscape/cms/servlet/admin/GroupProcessor.java
@@ -0,0 +1,393 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2013 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.cms.servlet.admin;
+
+import java.net.URI;
+import java.net.URLEncoder;
+import java.util.Enumeration;
+import java.util.Locale;
+import java.util.Map;
+
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.UriInfo;
+
+import org.jboss.resteasy.plugins.providers.atom.Link;
+
+import com.netscape.certsrv.apps.CMS;
+import com.netscape.certsrv.base.BadRequestException;
+import com.netscape.certsrv.base.ConflictingOperationException;
+import com.netscape.certsrv.base.EBaseException;
+import com.netscape.certsrv.base.IConfigStore;
+import com.netscape.certsrv.base.PKIException;
+import com.netscape.certsrv.base.ResourceNotFoundException;
+import com.netscape.certsrv.base.SessionContext;
+import com.netscape.certsrv.common.OpDef;
+import com.netscape.certsrv.common.ScopeDef;
+import com.netscape.certsrv.group.GroupMemberCollection;
+import com.netscape.certsrv.group.GroupMemberData;
+import com.netscape.certsrv.group.GroupMemberResource;
+import com.netscape.certsrv.group.GroupNotFoundException;
+import com.netscape.certsrv.logging.AuditFormat;
+import com.netscape.certsrv.logging.IAuditor;
+import com.netscape.certsrv.logging.ILogger;
+import com.netscape.certsrv.usrgrp.IGroup;
+import com.netscape.certsrv.usrgrp.IUGSubsystem;
+import com.netscape.cms.servlet.processors.Processor;
+
+/**
+ * @author Endi S. Dewata
+ */
+public class GroupProcessor extends Processor {
+
+ public final static int DEFAULT_SIZE = 20;
+
+ public final static String MULTI_ROLE_ENABLE = "multiroles.enable";
+ public final static String MULTI_ROLE_ENFORCE_GROUP_LIST = "multiroles.false.groupEnforceList";
+
+ public static String[] multiRoleGroupEnforceList;
+
+ public IUGSubsystem userGroupManager = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG);
+
+ protected UriInfo uriInfo;
+
+ public GroupProcessor(Locale locale) throws EBaseException {
+ super("group", locale);
+ }
+
+ public UriInfo getUriInfo() {
+ return uriInfo;
+ }
+
+ public void setUriInfo(UriInfo uriInfo) {
+ this.uriInfo = uriInfo;
+ }
+
+ public GroupMemberData createGroupMemberData(String groupID, String memberID) throws Exception {
+
+ GroupMemberData groupMemberData = new GroupMemberData();
+ groupMemberData.setGroupID(groupID);
+ groupMemberData.setUserID(memberID);
+
+ URI uri = uriInfo.getBaseUriBuilder()
+ .path(GroupMemberResource.class)
+ .path("{userID}")
+ .build(
+ URLEncoder.encode(groupID, "UTF-8"),
+ URLEncoder.encode(memberID, "UTF-8"));
+
+ groupMemberData.setLink(new Link("self", uri));
+
+ return groupMemberData;
+ }
+
+ public GroupMemberCollection findGroupMembers(String groupID, Integer start, Integer size) {
+ try {
+ start = start == null ? 0 : start;
+ size = size == null ? DEFAULT_SIZE : size;
+
+ if (groupID == null) {
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
+ throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
+ }
+
+ IGroup group = userGroupManager.getGroupFromName(groupID);
+ if (group == null) {
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_GROUP_NOT_EXIST"));
+ throw new GroupNotFoundException(groupID);
+ }
+
+ GroupMemberCollection response = new GroupMemberCollection();
+
+ Enumeration<String> members = group.getMemberNames();
+
+ int i = 0;
+
+ // skip to the start of the page
+ for ( ; i<start && members.hasMoreElements(); i++) members.nextElement();
+
+ // return entries up to the page size
+ for ( ; i<start+size && members.hasMoreElements(); i++) {
+ String memberID = members.nextElement();
+ response.addMember(createGroupMemberData(groupID, memberID));
+ }
+
+ // count the total entries
+ for ( ; members.hasMoreElements(); i++) members.nextElement();
+
+ if (start > 0) {
+ URI uri = uriInfo.getRequestUriBuilder().replaceQueryParam("start", Math.max(start-size, 0)).build();
+ response.addLink(new Link("prev", uri));
+ }
+
+ if (start+size < i) {
+ URI uri = uriInfo.getRequestUriBuilder().replaceQueryParam("start", start+size).build();
+ response.addLink(new Link("next", uri));
+ }
+
+ return response;
+
+ } catch (PKIException e) {
+ throw e;
+
+ } catch (Exception e) {
+ CMS.debug(e);
+ throw new PKIException(getUserMessage("CMS_INTERNAL_ERROR"));
+ }
+ }
+
+ public GroupMemberData getGroupMember(String groupID, String memberID) {
+ try {
+ if (groupID == null) {
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
+ throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
+ }
+
+ IGroup group = userGroupManager.getGroupFromName(groupID);
+ if (group == null) {
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_GROUP_NOT_EXIST"));
+ throw new GroupNotFoundException(groupID);
+ }
+
+ Enumeration<String> e = group.getMemberNames();
+ while (e.hasMoreElements()) {
+ String memberName = e.nextElement();
+ if (!memberName.equals(memberID)) continue;
+
+ GroupMemberData groupMemberData = createGroupMemberData(groupID, memberID);
+ return groupMemberData;
+ }
+
+ throw new ResourceNotFoundException("Group member " + memberID + " not found");
+
+ } catch (PKIException e) {
+ throw e;
+
+ } catch (Exception e) {
+ log(ILogger.LL_FAILURE, e.toString());
+ throw new PKIException(e.getMessage());
+ }
+ }
+
+ public Response addGroupMember(String groupID, GroupMemberData groupMemberData) {
+
+ try {
+ if (groupID == null) {
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
+ throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
+ }
+
+ IGroup group = userGroupManager.getGroupFromName(groupID);
+ if (group == null) {
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_GROUP_NOT_EXIST"));
+ throw new GroupNotFoundException(groupID);
+ }
+
+ String memberID = groupMemberData.getUserID();
+ boolean multiRole = true;
+
+ try {
+ IConfigStore config = CMS.getConfigStore();
+ multiRole = config.getBoolean(MULTI_ROLE_ENABLE);
+ } catch (Exception e) {
+ // ignore
+ }
+
+ if (multiRole) {
+ // a user can be a member of multiple groups
+ userGroupManager.addUserToGroup(group, memberID);
+
+ } else {
+ // a user can be a member of at most one group in the enforce list
+ if (isGroupInMultiRoleEnforceList(groupID)) {
+ // make sure the user is not already a member in another group in the list
+ if (!isDuplicate(groupID, memberID)) {
+ userGroupManager.addUserToGroup(group, memberID);
+ } else {
+ throw new ConflictingOperationException(CMS.getUserMessage("CMS_BASE_DUPLICATE_ROLES", memberID));
+ }
+
+ } else {
+ // the user can be a member of multiple groups outside the list
+ userGroupManager.addUserToGroup(group, memberID);
+ }
+ }
+
+ // for audit log
+ SessionContext sContext = SessionContext.getContext();
+ String adminId = (String) sContext.get(SessionContext.USER_ID);
+
+ logger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP,
+ AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT,
+ new Object[] { adminId, memberID, groupID });
+
+ auditAddGroupMember(groupID, groupMemberData, ILogger.SUCCESS);
+
+ // read the data back
+ groupMemberData = getGroupMember(groupID, memberID);
+
+ return Response
+ .created(groupMemberData.getLink().getHref())
+ .entity(groupMemberData)
+ .type(MediaType.APPLICATION_XML)
+ .build();
+
+ } catch (PKIException e) {
+ auditAddGroupMember(groupID, groupMemberData, ILogger.FAILURE);
+ throw e;
+
+ } catch (Exception e) {
+ log(ILogger.LL_FAILURE, e.toString());
+ auditAddGroupMember(groupID, groupMemberData, ILogger.FAILURE);
+ throw new PKIException(getUserMessage("CMS_USRGRP_USER_ADD_FAILED"));
+ }
+ }
+
+
+ public boolean isGroupInMultiRoleEnforceList(String groupID) {
+
+ if (groupID == null || groupID.equals("")) {
+ return true;
+ }
+
+ String groupList = null;
+ if (multiRoleGroupEnforceList == null) {
+ try {
+ IConfigStore config = CMS.getConfigStore();
+ groupList = config.getString(MULTI_ROLE_ENFORCE_GROUP_LIST);
+ } catch (Exception e) {
+ // ignore
+ }
+
+ if (groupList != null && !groupList.equals("")) {
+ multiRoleGroupEnforceList = groupList.split(",");
+ for (int j = 0; j < multiRoleGroupEnforceList.length; j++) {
+ multiRoleGroupEnforceList[j] = multiRoleGroupEnforceList[j].trim();
+ }
+ }
+ }
+
+ if (multiRoleGroupEnforceList == null)
+ return true;
+
+ for (int i = 0; i < multiRoleGroupEnforceList.length; i++) {
+ if (groupID.equals(multiRoleGroupEnforceList[i])) {
+ return true;
+ }
+ }
+
+ return false;
+ }
+
+ public boolean isDuplicate(String groupID, String memberID) {
+
+ // Let's not mess with users that are already a member of this group
+ try {
+ boolean isMember = userGroupManager.isMemberOf(memberID, groupID);
+ if (isMember == true) return false;
+
+ } catch (Exception e) {
+ // ignore
+ }
+
+ try {
+ Enumeration<IGroup> groups = userGroupManager.listGroups("*");
+ while (groups.hasMoreElements()) {
+ IGroup group = groups.nextElement();
+ String name = group.getName();
+
+ Enumeration<IGroup> g = userGroupManager.findGroups(name);
+ IGroup g1 = g.nextElement();
+
+ if (!name.equals(groupID)) {
+ if (isGroupInMultiRoleEnforceList(name)) {
+ Enumeration<String> members = g1.getMemberNames();
+ while (members.hasMoreElements()) {
+ String m1 = members.nextElement();
+ if (m1.equals(memberID))
+ return true;
+ }
+ }
+ }
+ }
+ } catch (Exception e) {
+ // ignore
+ }
+
+ return false;
+ }
+
+ public void removeGroupMember(String groupID, String memberID) {
+ GroupMemberData groupMemberData = new GroupMemberData();
+ groupMemberData.setUserID(memberID);
+ removeGroupMember(groupID, groupMemberData);
+ }
+
+ public void removeGroupMember(String groupID, GroupMemberData groupMemberData) {
+ try {
+ if (groupID == null) {
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
+ throw new BadRequestException(getUserMessage("CMS_ADMIN_SRVLT_NULL_RS_ID"));
+ }
+
+ IGroup group = userGroupManager.getGroupFromName(groupID);
+ if (group == null) {
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_GROUP_NOT_EXIST"));
+ throw new GroupNotFoundException(groupID);
+ }
+
+ String member = groupMemberData.getUserID();
+ userGroupManager.removeUserFromGroup(group, member);
+
+ // for audit log
+ SessionContext sContext = SessionContext.getContext();
+ String adminId = (String) sContext.get(SessionContext.USER_ID);
+
+ logger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP,
+ AuditFormat.LEVEL, AuditFormat.REMOVEUSERGROUPFORMAT,
+ new Object[] { adminId, member, groupID });
+
+ auditDeleteGroupMember(groupID, groupMemberData, ILogger.SUCCESS);
+
+ } catch (PKIException e) {
+ auditDeleteGroupMember(groupID, groupMemberData, ILogger.FAILURE);
+ throw e;
+
+ } catch (Exception e) {
+ log(ILogger.LL_FAILURE, e.toString());
+ auditDeleteGroupMember(groupID, groupMemberData, ILogger.FAILURE);
+ throw new PKIException(getUserMessage("CMS_USRGRP_USER_ADD_FAILED"));
+ }
+ }
+
+ public void log(int level, String message) {
+ log(ILogger.S_USRGRP, level, message);
+ }
+
+ public void auditAddGroupMember(String groupID, GroupMemberData groupMemberData, String status) {
+ audit(OpDef.OP_ADD, groupID, getParams(groupMemberData), status);
+ }
+
+ public void auditDeleteGroupMember(String groupID, GroupMemberData groupMemberData, String status) {
+ audit(OpDef.OP_DELETE, groupID, getParams(groupMemberData), status);
+ }
+
+ public void audit(String type, String id, Map<String, String> params, String status) {
+ audit(IAuditor.LOGGING_SIGNED_AUDIT_CONFIG_ROLE, ScopeDef.SC_GROUP_MEMBERS, type, id, params, status);
+ }
+}
diff --git a/base/common/src/com/netscape/cms/servlet/admin/UserCertService.java b/base/common/src/com/netscape/cms/servlet/admin/UserCertService.java
index 5f39b58..efefcca 100644
--- a/base/common/src/com/netscape/cms/servlet/admin/UserCertService.java
+++ b/base/common/src/com/netscape/cms/servlet/admin/UserCertService.java
@@ -112,7 +112,7 @@ public class UserCertService extends PKIService implements UserCertResource {
if (user == null) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_USER_NOT_EXIST"));
- throw new UserNotFoundException(userID, getUserMessage("CMS_USRGRP_SRVLT_USER_NOT_EXIST"));
+ throw new UserNotFoundException(userID);
}
UserCertCollection response = new UserCertCollection();
@@ -164,7 +164,7 @@ public class UserCertService extends PKIService implements UserCertResource {
if (user == null) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_USER_NOT_EXIST"));
- throw new UserNotFoundException(userID, getUserMessage("CMS_USRGRP_SRVLT_USER_NOT_EXIST"));
+ throw new UserNotFoundException(userID);
}
X509Certificate[] certs = user.getX509Certificates();
diff --git a/base/common/src/com/netscape/cms/servlet/admin/UserMembershipService.java b/base/common/src/com/netscape/cms/servlet/admin/UserMembershipService.java
index 9955519..29688e4 100644
--- a/base/common/src/com/netscape/cms/servlet/admin/UserMembershipService.java
+++ b/base/common/src/com/netscape/cms/servlet/admin/UserMembershipService.java
@@ -18,20 +18,25 @@
package com.netscape.cms.servlet.admin;
+import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URLEncoder;
import java.util.Enumeration;
import java.util.Map;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+
import org.jboss.resteasy.plugins.providers.atom.Link;
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.base.BadRequestException;
+import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.PKIException;
import com.netscape.certsrv.base.UserNotFoundException;
import com.netscape.certsrv.common.OpDef;
import com.netscape.certsrv.common.ScopeDef;
-import com.netscape.certsrv.group.GroupResource;
+import com.netscape.certsrv.group.GroupMemberData;
import com.netscape.certsrv.logging.IAuditor;
import com.netscape.certsrv.logging.ILogger;
import com.netscape.certsrv.user.UserMembershipCollection;
@@ -51,14 +56,18 @@ public class UserMembershipService extends PKIService implements UserMembershipR
public IUGSubsystem userGroupManager = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG);
- public UserMembershipData createUserMembershipData(IGroup group) throws Exception {
+ public UserMembershipData createUserMembershipData(String userID, String groupID) throws UnsupportedEncodingException {
UserMembershipData userMembershipData = new UserMembershipData();
+ userMembershipData.setUserID(userID);
+ userMembershipData.setGroupID(groupID);
- userMembershipData.setID(group.getName());
+ URI uri = uriInfo.getBaseUriBuilder().path(UserMembershipResource.class)
+ .path("{groupID}")
+ .build(
+ URLEncoder.encode(userID, "UTF-8"),
+ URLEncoder.encode(groupID, "UTF-8"));
- String userID = URLEncoder.encode(group.getName(), "UTF-8");
- URI uri = uriInfo.getBaseUriBuilder().path(GroupResource.class).path("{groupID}").build(userID);
userMembershipData.setLink(new Link("self", uri));
return userMembershipData;
@@ -79,8 +88,7 @@ public class UserMembershipService extends PKIService implements UserMembershipR
if (user == null) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_USER_NOT_EXIST"));
-
- throw new UserNotFoundException(userID, getUserMessage("CMS_USRGRP_SRVLT_USER_NOT_EXIST"));
+ throw new UserNotFoundException(userID);
}
UserMembershipCollection response = new UserMembershipCollection();
@@ -95,7 +103,7 @@ public class UserMembershipService extends PKIService implements UserMembershipR
// return entries up to the page size
for ( ; i<start+size && groups.hasMoreElements(); i++) {
IGroup group = groups.nextElement();
- response.addMembership(createUserMembershipData(group));
+ response.addMembership(createUserMembershipData(userID, group.getName()));
}
// count the total entries
@@ -122,6 +130,42 @@ public class UserMembershipService extends PKIService implements UserMembershipR
}
}
+ @Override
+ public Response addUserMembership(String userID, String groupID) {
+ try {
+ GroupMemberData groupMemberData = new GroupMemberData();
+ groupMemberData.setGroupID(groupID);
+ groupMemberData.setUserID(userID);
+
+ GroupProcessor processor = new GroupProcessor(getLocale());
+ processor.setUriInfo(uriInfo);
+ processor.addGroupMember(groupID, groupMemberData);
+
+ UserMembershipData userMembershipData = createUserMembershipData(userID, groupID);
+
+ return Response
+ .created(userMembershipData.getLink().getHref())
+ .entity(userMembershipData)
+ .type(MediaType.APPLICATION_XML)
+ .build();
+
+ } catch (EBaseException | UnsupportedEncodingException e) {
+ throw new PKIException(e.getMessage(), e);
+ }
+ }
+
+ @Override
+ public void removeUserMembership(String userID, String groupID) {
+ try {
+ GroupProcessor processor = new GroupProcessor(getLocale());
+ processor.setUriInfo(uriInfo);
+ processor.removeGroupMember(groupID, userID);
+
+ } catch (EBaseException e) {
+ throw new PKIException(e.getMessage(), e);
+ }
+ }
+
public void log(int level, String message) {
log(ILogger.S_USRGRP, level, message);
}
diff --git a/base/common/src/com/netscape/cms/servlet/admin/UserService.java b/base/common/src/com/netscape/cms/servlet/admin/UserService.java
index 336a10d..947d173 100644
--- a/base/common/src/com/netscape/cms/servlet/admin/UserService.java
+++ b/base/common/src/com/netscape/cms/servlet/admin/UserService.java
@@ -161,7 +161,7 @@ public class UserService extends PKIService implements UserResource {
if (user == null) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_USER_NOT_EXIST"));
- throw new UserNotFoundException(userID, getUserMessage("CMS_USRGRP_SRVLT_USER_NOT_EXIST"));
+ throw new UserNotFoundException(userID);
}
UserData userData = createUserData(user);
diff --git a/base/common/src/com/netscape/cms/servlet/processors/Processor.java b/base/common/src/com/netscape/cms/servlet/processors/Processor.java
index 2349b48..5a3b270 100644
--- a/base/common/src/com/netscape/cms/servlet/processors/Processor.java
+++ b/base/common/src/com/netscape/cms/servlet/processors/Processor.java
@@ -18,6 +18,7 @@
package com.netscape.cms.servlet.processors;
+import java.lang.reflect.Method;
import java.math.BigInteger;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
@@ -33,6 +34,7 @@ import java.util.Map.Entry;
import java.util.StringTokenizer;
import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.FormParam;
import netscape.security.x509.X509CertImpl;
@@ -1260,4 +1262,51 @@ public class Processor {
CMS.debug("Processor: Nonce verified");
}
+
+ public String getUserMessage(String messageId, String... params) {
+ return CMS.getUserMessage(locale, messageId, params);
+ }
+
+ public void audit(String message, String scope, String type, String id, Map<String, String> params, String status) {
+
+ if (auditor == null) return;
+
+ String auditMessage = CMS.getLogMessage(
+ message,
+ auditor.getSubjectID(),
+ status,
+ auditor.getParamString(scope, type, id, params));
+
+ auditor.log(auditMessage);
+ }
+
+ /**
+ * Get the values of the fields annotated with @FormParam.
+ */
+ public Map<String, String> getParams(Object object) {
+
+ Map<String, String> map = new HashMap<String, String>();
+
+ // for each fields in the object
+ for (Method method : object.getClass().getMethods()) {
+ FormParam element = method.getAnnotation(FormParam.class);
+ if (element == null) continue;
+
+ String name = element.value();
+
+ try {
+ // get the value from the object
+ Object value = method.invoke(object);
+
+ // put the value in the map
+ map.put(name, value == null ? null : value.toString());
+
+ } catch (Exception e) {
+ // ignore inaccessible fields
+ e.printStackTrace();
+ }
+ }
+
+ return map;
+ }
}
diff --git a/base/java-tools/src/com/netscape/cmstools/group/GroupCLI.java b/base/java-tools/src/com/netscape/cmstools/group/GroupCLI.java
index b2c38d8..469347a 100644
--- a/base/java-tools/src/com/netscape/cmstools/group/GroupCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/group/GroupCLI.java
@@ -114,7 +114,7 @@ public class GroupCLI extends CLI {
}
public static void printGroupMember(GroupMemberData groupMemberData) {
- System.out.println(" Member: "+groupMemberData.getID());
+ System.out.println(" Member: "+groupMemberData.getUserID());
Link link = groupMemberData.getLink();
if (verbose && link != null) {
diff --git a/base/java-tools/src/com/netscape/cmstools/user/UserAddMembershipCLI.java b/base/java-tools/src/com/netscape/cmstools/user/UserAddMembershipCLI.java
new file mode 100644
index 0000000..e1b523a
--- /dev/null
+++ b/base/java-tools/src/com/netscape/cmstools/user/UserAddMembershipCLI.java
@@ -0,0 +1,57 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2013 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+package com.netscape.cmstools.user;
+
+import com.netscape.certsrv.user.UserMembershipData;
+import com.netscape.cmstools.cli.CLI;
+import com.netscape.cmstools.cli.MainCLI;
+
+/**
+ * @author Endi S. Dewata
+ */
+public class UserAddMembershipCLI extends CLI {
+
+ public UserCLI parent;
+
+ public UserAddMembershipCLI(UserCLI parent) {
+ super("add-membership", "Add user membership");
+ this.parent = parent;
+ }
+
+ public void printHelp() {
+ formatter.printHelp(parent.name + "-" + name + " <User ID> <Group ID> [OPTIONS...]", options);
+ }
+
+ public void execute(String[] args) throws Exception {
+
+ if (args.length != 2) {
+ printHelp();
+ System.exit(1);
+ }
+
+ String userID = args[0];
+ String groupID = args[1];
+
+ UserMembershipData userMembershipData = parent.client.addUserMembership(userID, groupID);
+
+ MainCLI.printMessage("Added membership in \""+groupID+"\"");
+
+ UserCLI.printUserMembership(userMembershipData);
+ }
+}
diff --git a/base/java-tools/src/com/netscape/cmstools/user/UserCLI.java b/base/java-tools/src/com/netscape/cmstools/user/UserCLI.java
index 3e64a92..f17ba20 100644
--- a/base/java-tools/src/com/netscape/cmstools/user/UserCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/user/UserCLI.java
@@ -54,6 +54,8 @@ public class UserCLI extends CLI {
addModule(new UserRemoveCertCLI(this));
addModule(new UserFindMembershipCLI(this));
+ addModule(new UserAddMembershipCLI(this));
+ addModule(new UserRemoveMembershipCLI(this));
}
public void printHelp() {
@@ -164,7 +166,7 @@ public class UserCLI extends CLI {
}
public static void printUserMembership(UserMembershipData userMembershipData) {
- System.out.println(" Membership: "+userMembershipData.getID());
+ System.out.println(" Membership: "+userMembershipData.getGroupID());
Link link = userMembershipData.getLink();
if (verbose && link != null) {
diff --git a/base/java-tools/src/com/netscape/cmstools/user/UserRemoveMembershipCLI.java b/base/java-tools/src/com/netscape/cmstools/user/UserRemoveMembershipCLI.java
new file mode 100644
index 0000000..cab887a
--- /dev/null
+++ b/base/java-tools/src/com/netscape/cmstools/user/UserRemoveMembershipCLI.java
@@ -0,0 +1,54 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2013 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+package com.netscape.cmstools.user;
+
+import com.netscape.cmstools.cli.CLI;
+import com.netscape.cmstools.cli.MainCLI;
+
+/**
+ * @author Endi S. Dewata
+ */
+public class UserRemoveMembershipCLI extends CLI {
+
+ public UserCLI parent;
+
+ public UserRemoveMembershipCLI(UserCLI parent) {
+ super("remove-membership", "Remove user membership");
+ this.parent = parent;
+ }
+
+ public void printHelp() {
+ formatter.printHelp(parent.name + "-" + name + " <User ID> <Group ID> [OPTIONS...]", options);
+ }
+
+ public void execute(String[] args) throws Exception {
+
+ if (args.length != 2) {
+ printHelp();
+ System.exit(1);
+ }
+
+ String userID = args[0];
+ String groupID = args[1];
+
+ parent.client.removeUserMembership(userID, groupID);
+
+ MainCLI.printMessage("Deleted membership in group \""+groupID+"\"");
+ }
+}
diff --git a/base/util/src/netscape/security/x509/AuthorityKeyIdentifierExtension.java b/base/util/src/netscape/security/x509/AuthorityKeyIdentifierExtension.java
index a8df9d1..df42fc6 100644
--- a/base/util/src/netscape/security/x509/AuthorityKeyIdentifierExtension.java
+++ b/base/util/src/netscape/security/x509/AuthorityKeyIdentifierExtension.java
@@ -131,7 +131,7 @@ public class AuthorityKeyIdentifierExtension extends Extension
* The default constructor for this extension. Null parameters make
* the element optional (not present).
*
- * @param id the KeyIdentifier associated with this extension.
+ * @param groupID the KeyIdentifier associated with this extension.
* @param names the GeneralNames associated with this extension
* @param serialNum the CertificateSerialNumber associated with
* this extension.