Fixed the getIdentifyingName() sub so that it properly looks up someonesDN if passed in a DN that is an alias. This is mainly important forsites like PISCO that use a different root to their tree than theecoinformatics.org tree. Now we can successfully authenticate againast...
Some changes for pisco.
turned debug off for the release
hopefully fixed the connection closed error.
fixed groups error, I hope.
fixed auth bug
updated authldap to get the groups to work (king of)
Method getGourps was revised. Attributes variables were set there. Other wise, when it caught a referral exception and started a thread, this will caused a exception problem. When string array groups were returned by method getGroups in getPrincipals method, we should check if the groups is null or not. Otherwise it will cause a exception problem. This revise is for bug 445.
In hasPermission method, a situation was considered: if no user and group, the permssion will be true. This is for the command line invocation.
Method endElement in AccessControList was revised. A feature that put access document itset into xml_access was added.
In hasPermission method, a rule for access document is implements. If user want to write a access document, it should hhave "all" permission.The permission for access document now is looking up in xml_access table directly, rather get same permission to data set document.
In order to increase data file docid, method registerDocument was revised. Now it not only insert a new data file record to xml_documents table, but also can update the data file documents. Moreover, it can archieve the old version to xml_revisions table. Two other private methods were added to handl these futures: deleteXMLDocuments and getLatestRevisionNumber.
fixed my tagging error
some small changes I had to make to get the QAENGINE demo to work right. this should be committing in a branch
We decided that the permission for a user to an access documents is as same as to the data set document(which contains the access document). In order to do this, we need to look-up xml-relation table. If we could find the data set document id, just check the id. If we couldn't find one, we need check if the user is owner. If it is, has permission. Otherwise, doesn't have.
Add a new method getDataSetId to the class. The permission policy for access documents is: the user will have the same permission as data set file. (There is no entry in xml_access table for access document.
Add a throwing exception in hasPermission and hasReadPermission methods.
Add a throwing exception in haspermission method.
A constructor for this class was added. In the new constructor, user can specify the revision number he want to update. In method writeDocumentToDB, when a update action happend, the rev number would not automatictlly to add one, but it can go to specified number. This is for bug 417.
A constructor was added to this class. In this constructor, user can specify the revision number he want to update. And the number can be passed into a DocumentImpl object constructor in startElement method. But the number should be greater than current number in database.
A method named getLastRevisionNumber was added. And condition for checking accession number was revised too. Now metacat wouldn't refuse a revsion number which is 2 or more greater than current revision number in the database. This is for bug 417.
Access document was added to exported data package too.
The method - hasAllowRule was revised. If a action -read or update was approved, all ticket count of allow rule entries for this action will minus one if the entries have ticket count number (not null).
The two hasPermission methods were rewritten. Some logic bugs were fixed. Now user, public and group will not be checked speratedly, but they will be check together as string array. In order to do this, private methods isAccessDocument, containDocumentOwner, isAllowFirst, hasAllowRule, hasExplicitDenyRule, hasImplicitDenyRule, and createUsersPackage were added.
In method transformXMLDocument, if no style sheet registered was found for the input document, the document will be send back, rather than use util.DebugMessge to print.
Only delete some incorrect comment.
When user request a data package, the old version documents would be exported. Only export the request one.
During the export function. Every document will be check if the user has the permission to read or not.
The feature of check permission before Metacat handle a "read" action. If user doesn't have permission, its request will be rejected.After creating a DocumentImpl object. A method named hasReadPermission in that class will be called to make sure the user has permission to read it.
A method named hasReadPermission was added. The method will check if a user has permission toread a xml document.
A new method named hasPermissionToExportPackage was added. So when MetaCat handle export action, it will check if user has permission to read the data package. If it has, MetaCat will export a zip output stream to it. Otherwise, MetaCat will be through a exception.
Code to handle "read" permission was changed in hasPermission method. The old code used old way to look up the public_access field in xml_documents table.
A new action named export was add to it. This action will export a zip output stream for a data package. In the zip output stream, meta data documents, data files and a html summary file are include. The stucture will looks like:package----/metadata/metadata docments...
Two metacat util methods were add. One is getDocIdFromString and the other is getVersionFromString. They output a docid and revision if a string like str1.str2.str3. were passed to them.
A method named transformXmlDocument were overload. It transform an XML document to StringWriter using the stylesheet reference from the db.
A public method named getZippedPackage() and other relative private methods were add to this class. The public method can give a zip output stream if a docid and other parameters were passed to it.
Some code format problem was fixed.
The bug was fixed.After a referral exception happend, we should set enviroment properties again before creating a contex. These environment properties include PROVIDER_URL, SECURITY_PRINCIPLE, SECURITY_CREDENTIALS, REFERRAL, and INITIAL_CONTEXT_FACOTRY. Otherwise, you couldn't get a naming exception.
Authentication bug was fixed (bug 408).However, it needs to test if referral cotaining a referral.
Please check it.
In order to fix bug 408 (authentication), some important variables' valueswere followed.
Set the qformat parameter so the stylesheets can use it for conditionalprocessing.
fixed error I introduced when I got postgres working
updated metacat so that the xmlparserv2.jar file is no longer needed. replaced all of teh oracle xml processing with xalan and xerces.
made a ton of changes related to keeping oracle SQL code out of the main classes. fixed a bug where the timing of the index thread was off so when it went to index a document, the document was not already in xml_documents thus breaking the FK relation between xml_documents and xml_index. I think that bug might be the reason for the blank resultset screens in morpho. made the postgres implementation much more robust.
removed because this is no longer used. it was causing a compile error when using postgres because it directly imports the oracle driver.
fixed bug with ampersands in the returned relations in the resultset.
added a manual timeout to counteract the hideously long ldap time out that is encountered when a referred ldap server is down.
updated the referral mechanism so that metacat doesn't crash when a referral server is not available
made it so we can now use multiple accessfilestypes and packagdfiletypes in the metacat.properties file. Also fixed a bug introduced when the 'http://' was removed from behind the server name in the loaddtd.sql script and the knb.xml file
Fixed the getUsers() and getPrincipals() methods so that they no longerfail when large result sets are requested. The problem was that theLDAP server was returning a "size limit exceeded" message when the resultsetfrom the query exceeded the default limit of 500 entries. Now we...
Re-enabled referrals which I had turned off for debugging purposes.
Modified AuthLdap to fix the may problems associated with group and userqueries. Now the getGroups() and getUsers() methods work as advertised,and there is a test of each of the methods in "main" for testing purposes.Simplified the class substantially. Fixed the getAttributes method as...
fixed error where person with 'all' permission could not update the access file.
fixed referral catching mechanism in authLdap.ldapAuthenticate() so that it will refer through a bunch of linked servers instead of just one....I still haven't figured out why the getGroups method wont work.
fixed the error where the ldap authenticate took 15 seconds to execute
I think i have fixed the ldap referral bug. the test lter account that david made for me works, however I would like matt or someone more knowedgeable with ldap to please check my code. the changes I made are around line 200 of AuthLdap. I put a comment in the source where the code needs to be checked.
Fix for bug #309 so that Metacat will now follow LDAP referrals. Previouslythe default was to ignore referrals. Now we explictly set the JNDIContext.REFERRAL value to the value in the metacat.propert "referral".The metacat.properties file has been modified to add the "referral" property,...
added new permission 'changepermission' and made 'all' inclusive for all permissions
fixed access control bug. the character data in the sax parser was not getting trimmed and causing problems. also fixed hard coded eml-dataset public id in the web index file
Updated metacat login semantics. Now, metacat assumes the username passedin is the 'full' distinguished name of the user. If that fails, theninstead it tries looking up the string and seeing if it can determinewhat the DN is, then uses it. The preferred method of logging in via...
Fixed the function to return the max id for a given scope. Now the functiontakes a parameter named 'scope' and returns the largest docid that has beenused under that scope in this metacat instance (it used to return the mostrecently created docid, which is clearly different). For compatibility with...
fixed bug where the whole filename of a data file was not appended to the file input stream so metacat just returned a null document
Fixed problem with metacat handleReadAction where the OutputStream from theresponse object was closed and an attempt to reopen a PrintWriter was madeon the same response, which is illegal. Now the OutputStream is convertedto a PrintWriter in order to write the XML error message back to the client....
fixed to get groupnames for a user using any identifying name
for action=servercontrol&subaction=addadded function for downloading of the certificate filefrom the specified URL of the source serverand uploading it onto this server
changes in replication to use https
fix around one way replication:when server A sends document to the servers in its list of replication servers with replicate=1 in xml_replication table,the server B received the document does NOT need the opposite check on its end.
fixed error:writing on the replication server required the whole acc# (including the rev#)
Fixed bug in metacat where an Exception was thrown when a search returnedan empty resultset. Now we avoid the function call that threw the exeption.
Added support for multiple user interfaces by enabling style sheettransformations to be configured from within metacat rather thanfrom in the database. Now, metacat uses the qformat parameter to determinea "style set", which is mapped to an xml configuration file that...
small fix to enable resolving external entities included in the DTD;external entities are now resolved successfully by DBEntityResolver using the specified system idsand thus there no need of registering the relative system ids,This is because EntityResolver uses its internal implementation to map the relative system ids to the...
Removed the requirement that the relationship for ACL associations be"isRelatedTo". Now the relationship in the triple can be anything, like"describes access control rules for". This doesn't affect the ACLprocessing because it is based on the ACL document type, not the...
changes to store namespace prefixes separately from the local names of nodes (elements and attributes)in xml_nodes.nodeprefix column
Revised build.xml and metacat.properties to make it easier toinstall alternative stylesheets for metacat. In the process,replaced the deprecated copydir and copyfile commands in build.xmlwith appropriate "copy" commands.
added support for Namespaces.Metacat now can store and retrieve XML documents with Namespaces.Namespace is stored as separate record in xml_nodes table with type "NAMESPACE" where nodename is the prefix and nodedata is the uri of the namespace.
fixed an error of NullPointerException
- when the Access file goes first before the Package file (eml-dataset-2.0)relations are not available in xml_relation, thus updated the codeto check and run ACL also after the Package file is saved.- cut out the rev# from subject and object in xml_relation as needed by ACL...
fixed error with out of cursors error because pstmts were not getting closed in DBQuery
look for relationship "isRelatedTo" b' that is the word that is used in the triples
fixed the compilation bug about the change of group parameter in DocumentImpl.write()
added support for multiple group membership
Changed the constructors so that the nodeRecordList is automaticallyretrieved by the DocumentImpl(Connection,String) constructor. thisrestores its earlier behavior, but the implementation is totallydone by DocumentImpl(Connection,String,boolean).
Added fix to DocumentImpl that showed problems when the DocumentImpl(conn)constructor was called. Now there is a new constructor: DocumentImpl(Connection, String, boolean)where the boolean value is used to determine if the nodeset should beread a t the time the cosntructor is called. if false, then...
Completely removed the socket-server feature that used to providefile upload. It is now replaced by multipart/form-data over http.
Modified Metacat to support large data file uploads. This is accomplishedby supporting a new content type for data sent to metacat: multipart/form-datawhich allows multiple files to be sent in a standard MIME format. TheMetacatServlet.handleGetOrPost() method now checks the incoming content...
Simplified ReplicationHandler:It is run now in the same thread started from DBSAXHandler;thus the same connection opened in that thread is used,i.e. no need for new connection and no complains as "Connection is closed" in ReplicationHandler;"Connection is closed" error happens when in the current thread there are try to use connection opened in another thread,...
support for the new terms included in pathquery.dtd
http://bugzilla.ecoinformatics.org/show_bug.cgi?id=248Included utility function about gettig the latest docid for a user:DBUtil.getLastDocid(username).Metacat parameters:action='getlastdocid'username
don't need to override the old meta_file_id tags with docid without revsince Morpho inserts docids before sending the docs to Metacat
added constructor in DocumentImpl for use in DBQuery.findDocuments();this new constructor is used with getDocumentInfo() to get the doc info only;because the other constructor builds the whole xml doc which is not needed here and time consuming;this happens on backtracking only.
fixed bug - hardcoded LDAP URL
made use of the new property for ldaps url;it is used for secure connection to LDAP server listening on second port 636 by default with SSL sockets;it is used from Metacat for the authetication process only;all the rest communications with LDAP server are made on the default port 389 with plain sockets
moved delete from xml_relation before delete from xml_documentsbecause of the parent-child relation b/w these 2 tables
fixed error with exception handling in metacat servlet and added new dtds to the sql script
changes according to bug# 234 - metacat accession # handling, done
changed all mentions of DBAdapter to the new name AbstractDatabase
rename the DB* classes to:AbstractDatabaseOracleAdapterPostgresqlAdapterSqlserverAdapter
use the non-null function name from db adapter