Uploaded image for project: 'UIMA'
  1. UIMA
  2. UIMA-5114

DUCC Web Server (WS) needs better user validation for login

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.2.0-Ducc
    • Component/s: DUCC
    • Labels:
      None

      Description

      A user is able to login to ducc (via ldap) as first.last. But the actual linux userid is First.Last, and when ducc_ling tries to employ first.last the switch-to-user fails.

      WS could employ the command "/usr/bin/id first.last" to validate the userid before delegating to ldap.

        Activity

        Hide
        lou.degenaro Lou DeGenaro added a comment -

        Code is delivered.

        Show
        lou.degenaro Lou DeGenaro added a comment - Code is delivered.
        Hide
        lou.degenaro Lou DeGenaro added a comment -

        Two bugs.

        1. CmdId runnit() does not include userid on the command line
        2. DuccHandlerUserAuthentication.handleDuccServletLogin() does not separate userid@domain soon enough

        Show
        lou.degenaro Lou DeGenaro added a comment - Two bugs. 1. CmdId runnit() does not include userid on the command line 2. DuccHandlerUserAuthentication.handleDuccServletLogin() does not separate userid@domain soon enough
        Hide
        lou.degenaro Lou DeGenaro added a comment -

        Code is delivered.

        Show
        lou.degenaro Lou DeGenaro added a comment - Code is delivered.
        Hide
        lou.degenaro Lou DeGenaro added a comment -

        Add new Java class CmdId which issues /usr/bin/id <userid> and returns the result. Employ same during WS Login by user to determine userid o/s validity before attempting ldap validation. Returned string must contain "("<userid>")", e.g. "(degenaro)", in the first blank-delimited token in order to be considered o/s valid.

        Show
        lou.degenaro Lou DeGenaro added a comment - Add new Java class CmdId which issues /usr/bin/id <userid> and returns the result. Employ same during WS Login by user to determine userid o/s validity before attempting ldap validation. Returned string must contain "("<userid>")", e.g. "(degenaro)", in the first blank-delimited token in order to be considered o/s valid.

          People

          • Assignee:
            lou.degenaro Lou DeGenaro
            Reporter:
            lou.degenaro Lou DeGenaro
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development