From 157b2b10c9a226b796b4310240e283c05c288f57 Mon Sep 17 00:00:00 2001
From: Timm Fitschen <t.fitschen@indiscale.com>
Date: Tue, 12 May 2020 16:44:30 +0200
Subject: [PATCH] EHN: files parameter in diagnostics.
---
scripting/bin/administration/diagnostics.py | 19 ++++++++++---
.../server/accessControl/UserSources.java | 27 ++++++++++++++++++-
2 files changed, 42 insertions(+), 4 deletions(-)
diff --git a/scripting/bin/administration/diagnostics.py b/scripting/bin/administration/diagnostics.py
index a4df7400..b7830df8 100755
--- a/scripting/bin/administration/diagnostics.py
+++ b/scripting/bin/administration/diagnostics.py
@@ -40,6 +40,18 @@ TEST_MODULES = [
]
+def get_files():
+ from os import walk
+ from os.path import join
+ result = []
+ for p, dirs, files in walk("."):
+ for f in files:
+ result.append(join(p, f))
+ for d in dirs:
+ result.append(join(p, d))
+ return result
+
+
def get_option(name, default=None):
for arg in sys.argv:
if arg.startswith("--{}=".format(name)):
@@ -106,9 +118,9 @@ def main():
try:
import json
except ImportError:
- print('{"python_version":"{v}",'
- '"python_path":["{p}"]}'.format(v=sys.version,
- p='","'.join(sys.path)))
+ print('{{"python_version":"{v}",'
+ '"python_path":["{p}"]}}'.format(v=sys.version,
+ p='","'.join(sys.path)))
raise
try:
@@ -117,6 +129,7 @@ def main():
diagnostics["python_path"] = sys.path
diagnostics["call"] = sys.argv
diagnostics["import"] = test_imports(TEST_MODULES)
+ diagnostics["files"] = get_files()
auth_token = get_auth_token()
diagnostics["auth_token"] = auth_token
diff --git a/src/main/java/caosdb/server/accessControl/UserSources.java b/src/main/java/caosdb/server/accessControl/UserSources.java
index 2b3019f9..be7cd286 100644
--- a/src/main/java/caosdb/server/accessControl/UserSources.java
+++ b/src/main/java/caosdb/server/accessControl/UserSources.java
@@ -40,6 +40,31 @@ import org.apache.shiro.config.Ini;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+/**
+ * This singleton class is the primary resource for authenticating users and resolving principals to
+ * roles.
+ *
+ * <p>Key concepts:
+ *
+ * <ul>
+ * <li>User name: A string which identifies a user uniquely across one realm. Why is this so?
+ * Because it is possible, that two different people from collaborating work groups with
+ * similar names have the same user name in their group e.g. "mueller@uni1.de" and
+ * "mueller@uni2.de" or two people from different user groups use the name "admin". In the
+ * "mueller" example the domain name of the email is the realm of authentication.
+ * <li>Realm: A string which uniquely identifies "where a user comes from". It guarantees the
+ * authentication of a user with a particular user name. Currently the possible realms are
+ * quite limited. Only "CaosDB" (which is controlled by the internal user source) and "PAM"
+ * which delegates authentication to the host system via PAM (Pluggable Authentication Module)
+ * are known and extension is not too easy.
+ * <li>User Source: An instance which provides the access to a realm where users can be
+ * authenticated.
+ * <li>Principal: The combination of realm and user name - hence a system-wide unique identifier
+ * for users and the primary key to identifying who did what and who is allowed to to do what.
+ * </ul>
+ *
+ * @author Timm Fitschen (t.fitschen@indiscale.com)
+ */
public class UserSources extends HashMap<String, UserSource> {
public static final String ANONYMOUS_ROLE = "anonymous";
@@ -171,7 +196,7 @@ public class UserSources extends HashMap<String, UserSource> {
}
public static Set<String> resolve(final Principal principal) {
- if (AuthenticationUtils.isAnonymous(principal)) {
+ if (AnonymousAuthenticationToken.PRINCIPAL == principal) {
// anymous has one role
Set<String> roles = new HashSet<>();
roles.add(ANONYMOUS_ROLE);
--
GitLab