Metacat

What I've done:

(4) has been temporarily resolved by adding:

form_ref.sessionid.value="<current sessionID here, or "" if not logged in>";

to the JS function: submitform(action,form_ref) in resultset.xsd, so that all
the links on the results page include a hidden sessionID field in the POST data.

STILL TO DO:

(5) is NOT solved by the above temp fix, because EML stylesheets do not
propagate this sessionID value.

FULL FIX should consist of doing what is detailed above ("write a cookie on login.
This code would probably go in <knbweb_cvs>/includes/include_session_vars.jsp,
where there is a code block for handling login (add code to create cookie here),
and another for handling logout (destroy cookie).

Sample code for writing cookies from java currently exists in the Metacat
module, in the HttpMessage class")

When this is done, probably best to remove the temp fix described above
(sessionid in submitform()), and maybe even to remove sessionid hidden fields in
search form JSP?? Need to consider carefully.

Note also that writing the cookie client-side, using javascript may be an easier
option? Need to evaluate both methods and pick best.

Fixed the bug by adding code in default skin and knbweb seperately. knbweb
needed seperate code because two domain names are involved -
knb.ecoinformatics.org and metacat.nceas.ucsb.edu. Hence cookie was needed to
be set accordingly. Done majorly with Matthew Brooke's help.
The changes are on knb.ecoinformatics.org and can be checked in behaviour by
anyone. I have tested changes in both default and knb skin. In short people
dont need to go to dev/loginonly.html now.

sessionid from various urls can be removed if this works ok.

Changing the target milestone to release 1.6. Cant be included in 1.5 which has
to released soon.

Merging bug 1819 into this bug as it refers to the same problems.

I created three DPs for which I had set the Access Permissions so the public
would be denied access and I (uid=connolly,o=NCEAS,dc=ecoinformatics,dc=org)
would be allowed to read. When I tried accessing the data from the KNB web site
(after I logged in as uid=connolly,o=NCEAS,dc=ecoinformatics,dc=org), I got a
message saying "User public does not have permission to read the document".

• Bug 1819 has been marked as a duplicate of this bug. ***

The session information is not maintained by the skin for some reason. So the JSP part knows that is in session but the non-JSP part doesnt. Most probably the cookie specifying the JSESSIONID is not set in the browser and that is what needs to be fixed.

I believe that I found the cause, in regards to the last comment. Some of the page (i.e. the login iframe) uses an instance of MetacatClient, which is basically a JSP helper class. It has the client-side login API, and keeps track of the sessionId (available anytime via getSessionId()). The code in this class then creates yet another session for communicating with MetacatServlet. The rest of the skin communicates directly with MetacatServlet; thus, there are actually 3 sessions involved, two of them apply to the web page and one between MetacatClient and MetacatServlet. The solution is to re-write the offending web page to have all client communication thru MetacatClient (will need to add methods as needed). Unless there is a reason to create a new session between MetacatClient and MetacatServlet, then that code code be removed and just call the Servlet as a POJO passing on the request and response that MetacatClient already has.

On re-thinking my solution, the main idea is to have the entire page using the same session, so taking the iframe out, and putting the login in the main page would accomplish this. It would also give the entire page access to the MetacatClient instance.

Login form should be placed in the center iframe, since that is the "main" session.

move to 1.7.1

Original Bugzilla ID was 1232