TSK-59 ACCESS_ID should always be treated as lowercase

Taskana · Dec 21, 2017 · 1952807 · 1952807
1 parent 5f64242
commit 1952807
Show file tree

Hide file tree

Showing 7 changed files with 43 additions and 24 deletions.
diff --git a/lib/taskana-core/src/main/java/pro/taskana/impl/WorkbasketQueryImpl.java b/lib/taskana-core/src/main/java/pro/taskana/impl/WorkbasketQueryImpl.java
@@ -117,6 +117,13 @@ public WorkbasketQuery access(WorkbasketAuthorization permission, String... acce
         }
         this.authorization = permission;
         this.accessId = accessIds;
+        for (int i = 0; i < accessIds.length; i++) {
+            String id = accessIds[i];
+            if (id != null) {
+                accessIds[i] = id.toLowerCase();
+            }
+        }
+
         return this;
     }
 

diff --git a/lib/taskana-core/src/main/java/pro/taskana/model/WorkbasketAccessItem.java b/lib/taskana-core/src/main/java/pro/taskana/model/WorkbasketAccessItem.java
@@ -39,11 +39,11 @@ public void setWorkbasketKey(String workbasketKey) {
     }
 
     public String getAccessId() {
-        return accessId;
+        return accessId != null ? accessId.toLowerCase() : null;
     }
 
     public void setAccessId(String accessId) {
-        this.accessId = accessId;
+        this.accessId = accessId != null ? accessId.toLowerCase() : null;
     }
 
     public boolean isPermRead() {

diff --git a/lib/taskana-core/src/main/java/pro/taskana/security/CurrentUserContext.java b/lib/taskana-core/src/main/java/pro/taskana/security/CurrentUserContext.java
@@ -1,9 +1,5 @@
 package pro.taskana.security;
 
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import javax.security.auth.Subject;
 import java.lang.reflect.Method;
 import java.security.AccessController;
 import java.security.Principal;
@@ -12,9 +8,14 @@
 import java.util.List;
 import java.util.Set;
 
+import javax.security.auth.Subject;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
 /**
- * Provides the context information about the current (calling) user. The
- * context is gathered from the JAAS subject.
+ * Provides the context information about the current (calling) user. The context is gathered from the JAAS subject.
+ *
  * @author Holger Hagen
  */
 public final class CurrentUserContext {
@@ -32,6 +33,7 @@ private CurrentUserContext() {
 
     /**
      * Returns the userid of the current user.
+     *
      * @return String the userid. null if there is no JAAS subject.
      */
     public static String getUserid() {
@@ -43,10 +45,9 @@ public static String getUserid() {
     }
 
     /**
-     * Returns the unique security name of the first public credentials found in the
-     * WSSubject as userid.
-     * @return the userid of the caller. If the userid could not be obtained, null
-     *         is returned.
+     * Returns the unique security name of the first public credentials found in the WSSubject as userid.
+     *
+     * @return the userid of the caller. If the userid could not be obtained, null is returned.
      */
     private static String getUseridFromWSSubject() {
         try {
@@ -59,9 +60,12 @@ private static String getUseridFromWSSubject() {
                 LOGGER.debug("Public credentials of caller: {}", publicCredentials);
                 for (Object pC : publicCredentials) {
                     Object o = pC.getClass().getMethod(GET_UNIQUE_SECURITY_NAME_METHOD, (Class<?>[]) null).invoke(pC,
-                            (Object[]) null);
+                        (Object[]) null);
                     LOGGER.debug("Returning the unique security name of first public credential: {}", o);
-                    return o.toString();
+                    String userIdFound = o.toString();
+                    String userIdUsed = userIdFound != null ? userIdFound.toLowerCase() : null;
+                    LOGGER.trace("Found User id {}. Returning User id {} ", userIdFound, userIdUsed);
+                    return userIdUsed;
                 }
             }
         } catch (Exception e) {
@@ -72,6 +76,7 @@ private static String getUseridFromWSSubject() {
 
     /**
      * Checks, whether Taskana is running on IBM WebSphere.
+     *
      * @return true, if it is running on IBM WebSphere
      */
     private static boolean runningOnWebSphere() {
@@ -96,8 +101,10 @@ private static String getUseridFromJAASSubject() {
             LOGGER.trace("Public principals of caller: {}", principals);
             for (Principal pC : principals) {
                 if (!(pC instanceof Group)) {
-                    LOGGER.trace("Returning the first principal that is no group: {}", pC.getName());
-                    return pC.getName();
+                    String userIdFound = pC.getName();
+                    String userIdUsed = userIdFound != null ? userIdFound.toLowerCase() : null;
+                    LOGGER.trace("Found User id {}. Returning User id {} ", userIdFound, userIdUsed);
+                    return userIdUsed;
                 }
             }
         }
@@ -113,8 +120,10 @@ public static List<String> getGroupIds() {
             Set<Group> groups = subject.getPrincipals(Group.class);
             LOGGER.trace("Public groups of caller: {}", groups);
             for (Principal group : groups) {
-                LOGGER.trace("Returning the groupId: {}", group.getName());
-                groupIds.add(group.getName());
+                String groupNameFound = group.getName();
+                String groupNameReturned = groupNameFound != null ? groupNameFound.toLowerCase() : null;
+                LOGGER.trace("Found group id {}. Returning group Id: {}", groupNameFound, groupNameReturned);
+                groupIds.add(groupNameReturned);
             }
             return groupIds;
         }

diff --git a/lib/taskana-core/src/test/java/pro/taskana/impl/WorkbasketServiceImplTest.java b/lib/taskana-core/src/test/java/pro/taskana/impl/WorkbasketServiceImplTest.java
@@ -335,7 +335,7 @@ public void should_ReturnWorkbasketAuthorization_when_WorkbasketAccessItemIsUpda
         accessItem.setAccessId("Zaphod Beeblebrox");
         workbasketServiceImpl.updateWorkbasketAuthorization(accessItem);
 
-        Assert.assertEquals("Zaphod Beeblebrox", accessItem.getAccessId());
+        Assert.assertEquals("zaphod beeblebrox", accessItem.getAccessId());
     }
 
     @Test(expected = NotAuthorizedException.class)

diff --git a/...re/src/test/java/pro/taskana/impl/integration/WorkbasketServiceImplIntAutocommitTest.java b/...re/src/test/java/pro/taskana/impl/integration/WorkbasketServiceImplIntAutocommitTest.java
@@ -299,7 +299,7 @@ public void testUpdateWorkbasketAccessUser() throws NotAuthorizedException {
         accessItem.setAccessId("Zaphod Beeblebrox");
         workBasketService.updateWorkbasketAuthorization(accessItem);
 
-        Assert.assertEquals("Zaphod Beeblebrox",
+        Assert.assertEquals("zaphod beeblebrox",
             workBasketService.getWorkbasketAuthorization(accessItem.getId()).getAccessId());
     }
 

diff --git a/...core/src/test/java/pro/taskana/impl/integration/WorkbasketServiceImplIntExplicitTest.java b/...core/src/test/java/pro/taskana/impl/integration/WorkbasketServiceImplIntExplicitTest.java
@@ -271,6 +271,8 @@ public void testUpdateWorkbasket() throws Exception {
             workBasketService.getWorkbasket(id2).getModified());
         Assert.assertEquals(workBasketService.getWorkbasket(id1).getCreated(),
             workBasketService.getWorkbasket(id1).getModified());
+        Assert.assertEquals(workBasketService.getWorkbasket(id3).getCreated(),
+            workBasketService.getWorkbasket(id3).getModified());
         connection.commit();
     }
 
@@ -307,7 +309,7 @@ public void testUpdateWorkbasketAccessUser() throws NotAuthorizedException, SQLE
         accessItem.setAccessId("Zaphod Beeblebrox");
         workBasketService.updateWorkbasketAuthorization(accessItem);
 
-        Assert.assertEquals("Zaphod Beeblebrox",
+        Assert.assertEquals("zaphod beeblebrox",
             workBasketService.getWorkbasketAuthorization(accessItem.getId()).getAccessId());
         connection.commit();
     }

diff --git a/rest/src/main/resources/sql/sample-data/workbasket-access-list.sql b/rest/src/main/resources/sql/sample-data/workbasket-access-list.sql
@@ -1,4 +1,5 @@
-INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('1', 'key1', 'Elena', true, true, true, true, true, false, false, false, false, false, false, false, false);
-INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('2', 'key2', 'Max', true, true, true, true, true, true, true, true, true, false, false, false, false);
-INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('3', 'key3', 'Simone', true, true, true, true, true, true, true, true, true, true, true, true, true);
+
+INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('1', 'key1', 'elena', true, true, true, true, true, false, false, false, false, false, false, false, false);
+INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('2', 'key2', 'max', true, true, true, true, true, true, true, true, true, false, false, false, false);
+INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('3', 'key3', 'simone', true, true, true, true, true, true, true, true, true, true, true, true, true);