/src/edu/ucsb/nceas/metacat/util/AuthUtil.java - Annotate - Metacat - Ecoinformatics Redmine

metacat/src/edu/ucsb/nceas/metacat/util/AuthUtil.java @ 10201

-            daigle
+/**
  *  '$RCSfile$'
  *    Purpose: A Class that implements administrative methods
  *  Copyright: 2008 Regents of the University of California and the
  *             National Center for Ecological Analysis and Synthesis
  *    Authors: Michael Daigle
+ *
  *   '$Author$'
  *     '$Date$'
  * '$Revision$'
+ *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
  * the Free Software Foundation; either version 2 of the License, or
  * (at your option) any later version.
+ *
  * This program is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
+ *
  * You should have received a copy of the GNU General Public License
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
 package edu.ucsb.nceas.metacat.util;
 import java.util.Calendar;
 import java.util.Vector;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpSession;
-            leinfelder
+import org.apache.log4j.Logger;
-            daigle
+import edu.ucsb.nceas.metacat.AuthSession;
-            daigle
+import edu.ucsb.nceas.metacat.properties.PropertyService;
-            daigle
+import edu.ucsb.nceas.metacat.service.SessionService;
-            daigle
+import edu.ucsb.nceas.metacat.shared.MetacatUtilException;
 import edu.ucsb.nceas.metacat.shared.ServiceException;
-            daigle
+import edu.ucsb.nceas.utilities.PropertyNotFoundException;
 import edu.ucsb.nceas.utilities.StringUtil;
-            daigle
+public class AuthUtil {
             leinfelder
     public static Logger logMetacat = Logger.getLogger(AuthUtil.class);
             daigle
 	private static Vector<String> administrators = null;
 	private static Vector<String> moderators = null;
 	private static Vector<String> allowedSubmitters = null;
 	private static Vector<String> deniedSubmitters = null;
 	/**
 	 * private constructor - all methods are static so there is no no need to
 	 * instantiate.
 	 */
-            daigle
+	private AuthUtil() {}
             daigle
 	/**
 	 * Get the administrators from metacat.properties
+	 *
 	 * @return a Vector of Strings holding the administrators
 	 */
-            daigle
+	public static Vector<String> getAdministrators() throws MetacatUtilException {
-            daigle
+		if (administrators == null) {
 			populateAdministrators();
+		}
 		return administrators;
+	}
 	/**
 	 * Get the allowed submitters from metacat.properties
+	 *
 	 * @return a Vector of Strings holding the submitters
 	 */
-            daigle
+	public static Vector<String> getAllowedSubmitters() throws MetacatUtilException {
-            daigle
+		if (allowedSubmitters == null) {
 			populateAllowedSubmitters();
+		}
 		return allowedSubmitters;
+	}
 	/**
 	 * Get the denied submitters from metacat.properties
+	 *
 	 * @return a Vector of Strings holding the denied submitters
 	 */
-            daigle
+	public static Vector<String> getDeniedSubmitters() throws MetacatUtilException {
-            daigle
+		if (deniedSubmitters == null) {
 			populateDeniedSubmitters();
+		}
 		return deniedSubmitters;
+	}
 	/**
-            daigle
+	 * Get the moderators from metacat.properties
+	 *
 	 * @return a Vector of Strings holding the moderators
 	 */
-            daigle
+	public static Vector<String> getModerators() throws MetacatUtilException {
-            daigle
+		if (moderators == null) {
 			populateModerators();
+		}
 		return moderators;
+	}
 	/**
-            daigle
+	 * Get the vector of administrator credentials from metacat.properties
 	 * and put into global administrators list
 	 */
-            daigle
+	private static void populateAdministrators() throws MetacatUtilException {
-            daigle
+		String administratorString = null;
 		try {
 			administratorString =
-            daigle
+				PropertyService.getProperty("auth.administrators");
-            daigle
+		} catch (PropertyNotFoundException pnfe) {
-            daigle
+			throw new MetacatUtilException("Could not get metacat property: auth.administrators. "
-            daigle
+							+ "There will be no registered metacat adminstrators: "
 							+ pnfe.getMessage());
+		}
 		administrators = StringUtil.toVector(administratorString, ':');
             leinfelder
 		String d1NodeAdmin = null;
 		try {
 			d1NodeAdmin = PropertyService.getProperty("dataone.subject");
 			administrators.add(d1NodeAdmin);
 		} catch (PropertyNotFoundException e) {
 			String msg = "Could not get metacat property: dataone.subject "
 					+ "There will be no registered DataONE adminstrator";
 			logMetacat.error(msg, e);
+		}
             daigle
 	/**
 	 * Get the vector of allowed submitter credentials from metacat.properties
 	 * and put into global allowedSubmitters list
 	 */
-            daigle
+	private static void populateAllowedSubmitters() throws MetacatUtilException {
-            daigle
+		String allowedSubmitterString = null;
 		try {
-            daigle
+			allowedSubmitterString = PropertyService.getProperty("auth.allowedSubmitters");
-            daigle
+		} catch (PropertyNotFoundException pnfe) {
-            daigle
+			throw new MetacatUtilException("Could not get metacat property: auth.allowedSubmitters. "
-            daigle
+					+ "Anyone will be allowed to submit: "
 					+ pnfe.getMessage());
+		}
 		allowedSubmitters = StringUtil.toVector(allowedSubmitterString, ':');
+	}
 	/**
 	 * Get the vector of denied submitter credentials from metacat.properties
 	 * and put into global deniedSubmitters list
 	 */
-            daigle
+	private static void populateDeniedSubmitters() throws MetacatUtilException {
-            daigle
+		String deniedSubmitterString = null;
 		try {
-            daigle
+			deniedSubmitterString = PropertyService.getProperty("auth.deniedSubmitters");
-            daigle
+		} catch (PropertyNotFoundException pnfe) {
-            daigle
+			throw new MetacatUtilException("Could not get metacat property: auth.deniedSubmitters: "
-            daigle
+					+ pnfe.getMessage());
+		}
 		deniedSubmitters = StringUtil.toVector(deniedSubmitterString, ':');
+	}
             daigle
 	/**
 	 * Get the vector of moderator credentials from metacat.properties
 	 * and put into global administrators list
 	 */
-            daigle
+	private static void populateModerators() throws MetacatUtilException {
-            daigle
+		String moderatorString = null;
 		try {
 			moderatorString =
 				PropertyService.getProperty("auth.moderators");
 		} catch (PropertyNotFoundException pnfe) {
-            daigle
+			throw new MetacatUtilException("Could not get metacat property: auth.moderators. "
-            daigle
+							+ "There will be no registered metacat moderators: "
 							+ pnfe.getMessage());
+		}
 		moderators = StringUtil.toVector(moderatorString, ':');
+	}
             daigle
 	/**
 	 * log the user in against ldap.  If the login is successful, add
 	 * the session information to the session list in SessionUtil.
+	 *
 	 * @param request the http request.
 	 */
-            daigle
+	public static boolean logUserIn(HttpServletRequest request, String userName, String password) throws MetacatUtilException {
-            daigle
+		AuthSession authSession = null;
 		// make sure we have username and password.
-            daigle
+		if (userName == null || password == null) {
-            daigle
+			throw new MetacatUtilException("null username or password when logging user in");
             daigle
 		// Create auth session
 		try {
 			authSession = new AuthSession();
 		} catch (Exception e) {
-            daigle
+			throw new MetacatUtilException("Could not instantiate AuthSession: "
-            daigle
+					+ e.getMessage());
+		}
 		// authenticate user against ldap
-            daigle
+		if(!authSession.authenticate(request, userName,password)) {
-            daigle
+			throw new MetacatUtilException(authSession.getMessage());
             daigle
             daigle
-            daigle
+		// if login was successful, add the session information to the
-            daigle
+		// global session list.
-            daigle
+		HttpSession session = authSession.getSessions();
 		String sessionId = session.getId();
             daigle
 		try {
-            berkley
+		SessionService.getInstance().registerSession(sessionId,
-            daigle
+				(String) session.getAttribute("username"),
 				(String[]) session.getAttribute("groupnames"),
-            daigle
+				(String) session.getAttribute("password"),
 				(String) session.getAttribute("name"));
-            daigle
+		} catch (ServiceException se) {
-            daigle
+			throw new MetacatUtilException("Problem registering session: " + se.getMessage());
             daigle
             daigle
-            daigle
+		return true;
             daigle
 	/**
 	 * Checks to see if the user is logged in by grabbing the session from the
 	 * request and seeing if it exists in the global session list.
+	 *
 	 * @param request the http request that holds the login session
 	 * @return boolean that is true if the user is logged in, false otherwise
 	 */
-            daigle
+	public static boolean isUserLoggedIn(HttpServletRequest request) throws MetacatUtilException{
-            daigle
+		SessionData sessionData = null;
 		String sessionId = request.getSession().getId();
 		try {
-            berkley
+			if (sessionId != null && SessionService.getInstance().isSessionRegistered(sessionId)) {
-            daigle
+				// get the registered session data
-            berkley
+				sessionData = SessionService.getInstance().getRegisteredSession(sessionId);
             daigle
 				// get the timeout limit
 				String sessionTimeout = PropertyService.getProperty("auth.timeoutMinutes");
 				int sessionTimeoutInt = Integer.parseInt(sessionTimeout);
 				// get the last time the session was accessed
 				Calendar lastAccessedTime = sessionData.getLastAccessedTime();
 				// get the current time and set back "sessionTimoutInt" minutes
 				Calendar now = Calendar.getInstance();
 				now.add(Calendar.MINUTE, 0 - sessionTimeoutInt);
 				// if the last accessed time is before now minus the timeout,
 				// the session has expired. Unregister it and return false.
 				if (lastAccessedTime.before(now)) {
-            berkley
+					SessionService.getInstance().unRegisterSession(sessionId);
-            daigle
+					return false;
+				}
 				return true;
+			}
 		} catch (PropertyNotFoundException pnfe) {
-            daigle
+			throw new MetacatUtilException("Could not determine if user is logged in because "
-            daigle
+					+ "of property error: " + pnfe.getMessage());
 		} catch (NumberFormatException nfe) {
-            daigle
+			throw new MetacatUtilException("Could not determine if user is logged in because "
-            daigle
+					+ "of number conversion error: " + nfe.getMessage());
+		}
 		return false;
+	}
 	/**
 	 * Checks to see if the user is logged in as admin by first checking if the
 	 * user is logged in and then seeing if the user's account is on the
 	 * administrators list in metacat.properties.
+	 *
 	 * @param request
 	 *            the http request that holds the login session
 	 * @return boolean that is true if the user is logged in as admin, false
 	 *         otherwise
 	 */
-            daigle
+	public static boolean isUserLoggedInAsAdmin(HttpServletRequest request) throws MetacatUtilException {
-            daigle
+		if (!isUserLoggedIn(request)) {
 			return false;
+		}
 		String userName = getUserName(request);
 		boolean isAdmin = isAdministrator(userName, null);
 		return isAdmin;
+	}
 	/**
 	 * Gets the user name from the login session on the http request
+	 *
 	 * @param request
 	 *            the http request that holds the login session
 	 * @return String that holds the user name
 	 */
 	public static String getUserName(HttpServletRequest request) {
 		String userName = (String)request.getSession().getAttribute("username");
 		return userName;
+	}
 	/**
 	 * Gets the user group names from the login session on the http request
+	 *
 	 * @param request
 	 *            the http request that holds the login session
 	 * @return String array that holds the user groups
 	 */
 	public static String[] getGroupNames(HttpServletRequest request) {
 		String sessionId = request.getSession().getId();;
-            berkley
+		SessionData sessionData = SessionService.getInstance().getRegisteredSession(sessionId);
-            daigle
+		String[] groupNames = { "" };
 		if (sessionData != null) {
 			groupNames = sessionData.getGroupNames();
+		}
 		return groupNames;
+	}
 	/**
 	 * Creates an ldap credentail string from the username, organization
 	 * and dn list.
+	 *
 	 * @param username the user name
 	 * @param organization the organization
 	 * @param dnList a list of dns
 	 * @return String holding the ldap login string
 	 */
 	public static String createLDAPString(String username, String organization,
-            daigle
+			Vector<String> dnList) throws MetacatUtilException {
             daigle
 		if (username == null || organization == null || dnList == null || dnList.size() == 0) {
-            daigle
+			throw new MetacatUtilException("Could not generate LDAP user string.  One of the following is null: username, organization or dnlist");
             daigle
 		String ldapString = "uid=" + username + ",o=" + organization;
 		for (String dn : dnList) {
 			ldapString += "," + dn;
+		}
 		return ldapString;
+	}
 	/**
 	 * Reports whether LDAP is fully configured.
+	 *
 	 * @return a boolean that is true if all sections are configured and false
 	 *         otherwise
 	 */
-            daigle
+	public static boolean isAuthConfigured() throws MetacatUtilException {
-            daigle
+		String authConfiguredString = PropertyService.UNCONFIGURED;
-            daigle
+		try {
-            daigle
+			authConfiguredString = PropertyService.getProperty("configutil.authConfigured");
-            daigle
+		} catch (PropertyNotFoundException pnfe) {
-            daigle
+			throw new MetacatUtilException("Could not determine if LDAP is configured: "
-            daigle
+					+ pnfe.getMessage());
+		}
-            daigle
+		return !authConfiguredString.equals(PropertyService.UNCONFIGURED);
             daigle
 	/**
 	 * Check if the specified user is part of the administrators list
+	 *
 	 * @param username
 	 *            the user login credentails
 	 * @param groups
 	 *            a list of the user's groups
 	 */
 	public static boolean isAdministrator(String username, String[] groups)
-            daigle
+			throws MetacatUtilException {
-            daigle
+		return onAccessList(getAdministrators(), username, groups);
+	}
 	/**
 	 * Check if the specified user is part of the moderators list
+	 *
 	 * @param username
 	 *            the user login credentails
 	 * @param groups
 	 *            a list of the user's groups
 	 */
-            daigle
+	public static boolean isModerator(String username, String[] groups) throws MetacatUtilException{
-            daigle
+		return onAccessList(getModerators(), username, groups);
             daigle
 	/**
 	 * Check if the specified user is part of the moderators list
+	 *
 	 * @param username
 	 *            the user login credentails
 	 * @param groups
 	 *            a list of the user's groups
 	 */
 	public static boolean isAllowedSubmitter(String username, String[] groups)
-            daigle
+			throws MetacatUtilException {
-            daigle
+		if (getAllowedSubmitters().size() == 0) {
 			// no allowedSubmitters list specified -
 			// hence everyone should be allowed
 			return true;
+		}
 		return (onAccessList(getAllowedSubmitters(), username, groups));
+	}
 	/**
 	 * Check if the specified user is part of the moderators list
+	 *
 	 * @param username
 	 *            the user login credentails
 	 * @param groups
 	 *            a list of the user's groups
 	 */
 	public static boolean isDeniedSubmitter(String username, String[] groups)
-            daigle
+			throws MetacatUtilException {
-            daigle
+		return (onAccessList(getDeniedSubmitters(), username, groups));
+	}
 	/**
 	 * Check if the specified user can insert the document
+	 *
 	 * @param username
 	 *            the user login credentails
 	 * @param groups
 	 *            a list of the user's groups
 	 */
 	public static boolean canInsertOrUpdate(String username, String[] groups)
-            daigle
+			throws MetacatUtilException {
-            daigle
+		return (isAllowedSubmitter(username, groups) && !isDeniedSubmitter(username,
 				groups));
+	}
 	/**
 	 * Check if the user is on a given access list.  This is true if either the
 	 * user or the user's group is on the list.
+	 *
 	 * @param accessList the list we want to check against
 	 * @param username the name of the user we want to check
 	 * @param groups a list of the user's groups
 	 */
 	private static boolean onAccessList(Vector<String> accessList, String username,
 			String[] groups) {
 		// this should never happen.  All calls to this method should use the
 		// appropriate getter to retrieve the accessList.  That should guarentee
 		// that the access is at least an empty Vector.
 		if (accessList == null) {
 			return false;
+		}
 		// Check that the user is authenticated as an administrator account
 		for (String accessString : accessList) {
 			// check the given admin dn is a group dn...
 			if (groups != null && accessString.startsWith("cn=")) {
 				// is a group dn
 				for (int j = 0; j < groups.length; j++) {
-            daigle
+					if (groups[j] != null && groups[j].equals(accessString)) {
-            daigle
+						return true;
+					}
+				}
 			} else {
 				// is a user dn
 				if (username != null && username.equals(accessString)) {
 					return true;
+				}
+			}
+		}
 		return false;
+	}
+}

Project

General

Profile

Metacat