update D1 jars to include recent SubjectList -> SubjectInfo refactoring and the SUBJECT_PUBLIC constant
throw InvalidToken when the Session parameter is null for create()https://redmine.dataone.org/issues/1850
do not allow system metadata to have obsoletes or obsoletedBy fields when calling the create() method -- these are only allowed for updates so that we do not subvert object versioning by [un]knowingly submitting system metadata that directs one id to another.
set sysmeta submitter based on the subject given in the certificate
log errors on create() and registerSM
catch runtime exceptions that arise from hazelcast storage errors in the system metadata map
implicit success for setting accessPolicy - trust that the MapStore persists the updated system metadata
only "save" to the shared system metadata map - not directly to the table store.
rely on Hazelcast to store the SystemMetadata locally for the node. Entry event listeners store the shared system metadata on their local node when alerted. TODO: remove old replication code that included system metadata xml when replicating scimeta and data
verify that the sysmeta checksum value matches the computed checksum value when calling create()https://redmine.dataone.org/issues/1795
check for null pointers when adding system metadata/creating records during cn.create()
make isScienceMetadata() method public/static to be called throughout Metacat
check for null session before looking at subject
check session != null before checking authorization
Catch D1nodeService up to the DataONE 0.6.4 schema where there is no ObjectFormat.isScienceMetadata() method, but rather ObjectFormat.getFormatType() where type is currently one of 'DATA, 'METADATA', or 'RESOURCE'.
add getReplica() implementation. same as get() but with different logging. seems silly, but maybe I missed something important that distinguishes this method.
Update classes to use the DataONE 0.6.4 schema and types. Major changes involve using BigInteger vs long in SystemMetadata.size, and using ObjectFormatIdentifier rather than Object format.
refactor Constants
use new "v1" types from DataONE
In D1NodeService.getLogRecords(), don't pass in null start and count params - set them to the defaults (0 and 1000).
use objectFormatIdentifier for listObjects()remove provisional system metadata indicator - Metacat will not implement reserveIdentifier()
simplify the get() method -- no need to use temp files for this operation
implement d1 paging for the log record results
save systemmetadata when create() is called
Add the missing URL delimiter when building the D1 base service URL.
handle data objects (not sci meta) and also set the resulting pid so that create() can succeed
beef up isAuthorized method to check for "public" access rules and also for the rights holder
add space to error message
implement reserveIdentifier() and check whether the id is reserved when creating records (only allow the create when the Subject creating matches the Subject who reserved it -- currently stored in rightsHolder)
remove extraneous update() call when create() does the call for us
Make isScienceMetadata() protected for access from subclasses.
Add insertSystemMetadata() to D1NodeService, wrap the exception handling from calls to IdentifierManager.
Add updateSystemMetadata() to D1NodeService as a helper method to wrap the exception handling from calls to IdentifierManager.
At Ben's suggestion, add metacatUrl to D1NodeService and make it available to subclasses. Set the metacatUrl in the constructor using SystemUtil rather than all roll your own PropertyService calls. More concise. Also, log the delete event in MNodeService.delete().
isAuthorized: check for nulls in Session subjects, catch any unexpected errors and deny access when in doubt
Remove setParamsFromRequest() from D1NodeService. This was called (previously as CrudService) from ResourceHandler, but will be deprecated in favor of manually creating a param map for each method that needs to pass params on to MetacatHandler.
Implement [MN|CN]Storage.create() in D1NodeService. Since MetacatHandler requires an IP for event logging, we pass in the metacat URL (hold over from CrudService). To do this in the abstract D1NodeService, change the constructors to take metacatUrl as a parameter and get the URL from the metacat properties file in getInstance() of the subclasses. Needs testing.
Change Metacathandler.read() to be public since it's internal to Metacat, and use read() in D1NodeService after isAuthorized() for the calling Subject from the Session object.
Minor formatting changes - tabs to spaces, indents, etc.
Implement [MN|CN]Read.get() in D1NodeService. Added setParamsFromRequest() to pass through parameters from the request object. Since the D1 Authorization API doesn't specify which authentication system a subject belongs to, we don't know if the subject listed is a KNB LDAP DN. isAuthorized() may return true for a mapped identity, but we don't know the DN of the KNB identity per se. This needs to be tested.
-use every Subject in the session (alt Ids and Group membership)-consolidate to single isAuthorized method
implement getChecksum() in the superclass
use Permission, not Event for isAuthorized() methods
implement CNAuthorization
implement getLogRecords
Initial check in of the MNodeService stub methods that implement the D1 MN* interfaces. CrudService methods will be transitioned into this class. The methods follow the D1 0.6.2 API thus far.
Also changed CNodeService to reflect minor changes to the D1NodeService class.
CNAuthorization.isAuthorized() and MNAuthorization.isAuthorized() differ. Removed it from the base class.
getChecksum() is intentionally different on the CN vs MN, so I'm removing it as a common method.
Initial check in of the D1NodeService class that provides methods common to both CNodeService and MNodeService implementation classes. The common API methods are:
Methods common to CNCore and MNCore APIsgetLogRecords()
Methods common to CNRead and MNRead APIs...