Project

General

Profile

« Previous | Next » 

Revision 1214

Added by Jing Tao over 22 years ago

Merge branch to head.

View differences:

src/edu/ucsb/nceas/metacat/AccessControlList.java
26 26
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
27 27
 */
28 28

  
29

  
30 29
package edu.ucsb.nceas.metacat;
31 30

  
32 31
import java.io.*;
......
67 66
  private static String sysdate = MetaCatUtil.dbAdapter.getDateTimeFunction();
68 67
  private static String isnull = MetaCatUtil.dbAdapter.getIsNULLFunction();
69 68
  
70
  private Connection conn;
69
  private DBConnection connection;
71 70
  private String parserName;
72 71
  private Stack elementStack;
73 72
  private String server;
......
105 104
   *
106 105
   * @param conn the JDBC connection where acl info is get
107 106
   */
108
  public AccessControlList(Connection conn) throws SQLException
107
  public AccessControlList(DBConnection conn) throws SQLException
109 108
  {
110
    this.conn = conn;
109
    this.connection = conn;
111 110
  }
111
  
112 112

  
113
  
114

  
113 115
  /**
114 116
   * Construct an instance of the AccessControlList class.
115 117
   * It parse acl file and loads acl data into db connection.
......
122 124
   * @param serverCode the serverid from xml_replication on which this document
123 125
   *        resides.
124 126
   */
125
  public AccessControlList(Connection conn, String aclid, //Reader acl,
127
  public AccessControlList(DBConnection conn, String aclid, //Reader acl,
126 128
                           String user, String[] groups, int serverCode)
127 129
                  throws SAXException, IOException, McdbException
128 130
  {
......
130 132
    this.server = MetaCatUtil.getOption("server");
131 133
    this.sep = MetaCatUtil.getOption("accNumSeparator");
132 134

  
133
    this.conn = conn;
135
    this.connection = conn;
134 136
    this.parserName = parserName;
135 137
    this.processingDTD = false;
136 138
    this.elementStack = new Stack();
......
147 149
    this.serverCode = serverCode;
148 150
    
149 151
    // read the access file from db connection
150
    DocumentImpl acldoc = new DocumentImpl(conn, aclid);
152
    DocumentImpl acldoc = new DocumentImpl(aclid);
151 153
    String acl = acldoc.toString();
152 154
    this.rev = acldoc.getRev();
153 155

  
......
195 197

  
196 198
    // make a DBEntityResolver instance
197 199
    // Set the EntityReslover to DBEntityResolver instance
198
    EntityResolver eresolver = new DBEntityResolver(conn,this,null);
200
    EntityResolver eresolver = new DBEntityResolver(connection,this,null);
199 201
    parser.setEntityResolver((EntityResolver)eresolver);
200 202

  
201 203
    // Set the ErrorHandler to this instance
......
411 413
          throws SQLException 
412 414
  {
413 415
    Vector aclObjects = new Vector();
414
    // delete all acl records for resources related to @aclid if any
415
    PreparedStatement pstmt = conn.prepareStatement(
416
    DBConnection conn = null;
417
    int serialNumber = -1;
418
    PreparedStatement pstmt = null;
419
    try
420
    {
421
      //get connection from DBConnectionPool
422
      conn=DBConnectionPool.getDBConnection("AccessControlList.getACLObject");
423
      serialNumber=conn.getCheckOutSerialNumber();
424
      
425
      // delete all acl records for resources related to @aclid if any
426
      pstmt = conn.prepareStatement(
416 427
                             "SELECT object FROM xml_relation " +
417 428
                             "WHERE subject = ? ");
418
    pstmt.setString(1,aclid);
419
    pstmt.execute();
420
    ResultSet rs = pstmt.getResultSet();
421
    boolean hasRows = rs.next();
422
    while (hasRows) {
423
      aclObjects.addElement(rs.getString(1));
424
      hasRows = rs.next();
429
      pstmt.setString(1,aclid);
430
      pstmt.execute();
431
      ResultSet rs = pstmt.getResultSet();
432
      boolean hasRows = rs.next();
433
      while (hasRows) {
434
        aclObjects.addElement(rs.getString(1));
435
        hasRows = rs.next();
436
      }//whil
425 437
    }
438
    catch (SQLException e)
439
    {
440
      throw e;
441
    }
442
    finally
443
    {
444
      try
445
      {
446
        pstmt.close();
447
      }
448
      finally
449
      {
450
        //retrun DBConnection
451
        DBConnectionPool.returnDBConnection(conn,serialNumber);
452
      }
453
    }
426 454
    
427
    pstmt.close();
428
    
429 455
    return aclObjects;
430 456
  }
431 457

  
......
433 459
  private void deletePermissionsForRelatedResources(String aclid) 
434 460
          throws SQLException 
435 461
  {
436
    // delete all acl records for resources related to @aclid if any
437
    Statement stmt = conn.createStatement();
438
    stmt.execute("DELETE FROM xml_access WHERE accessfileid = '" + aclid + "'");
439
    stmt.close();
462
    //DBConnection conn = null;
463
    //int serialNumber = -1;
464
    Statement stmt = null;
465
    try
466
    {
467
      //check out DBConenction
468
      //conn=DBConnectionPool.getDBConnection("AccessControlList.deltePerm");
469
      //serialNumber=conn.getCheckOutSerialNumber();
470
      // delete all acl records for resources related to @aclid if any
471
      stmt = connection.createStatement();
472
      // Increase DBConnection usage count
473
      connection.increaseUsageCount(1);
474
      stmt.execute("DELETE FROM xml_access WHERE accessfileid = '" + aclid 
475
                                                                      + "'");
476
      //increase usageCount!!!!!!
477
      //conn.increaseUsageCount(1);
478
    }
479
    catch (SQLException e)
480
    {
481
      throw e;
482
    }
483
    finally
484
    {
485
      stmt.close();
486
      //retrun DBConnection
487
      //DBConnectionPool.returnDBConnection(conn,serialNumber);
488
    }
440 489
  }
441 490

  
442
  /* Insert into db calculated permission for the list of principals */
491
  /* Insert into db calculated permission for the list of principals 
492
   * The DBConnection it is use is class field. Because we want to keep rollback
493
   * features and it need use same connection
494
  */
495
  
443 496
  private void insertPermissions(String docid, String permType ) 
444
          throws SQLException 
497
                                            throws SQLException 
445 498
  {
446
    PreparedStatement pstmt;
499
    PreparedStatement pstmt = null;
500
    //DBConnection conn = null;
501
    //int serialNumber = -1;
447 502
    try {
448
      pstmt = conn.prepareStatement(
503
      //Check out DBConnection
504
      //conn=DBConnectionPool.getDBConnection("AccessControlList.insertPerm");
505
      //serialNumber=conn.getCheckOutSerialNumber();
506
      
507
      pstmt = connection.prepareStatement(
449 508
              "INSERT INTO xml_access " + 
450 509
              "(docid, principal_name, permission, perm_type, perm_order," +
451 510
              "begin_time,end_time,ticket_count, accessfileid) VALUES " +
452 511
              "(?,?,?,?,?,to_date(?,'mm/dd/yy'),to_date(?,'mm/dd/yy'),?,?)");
512
      // Increase DBConnection usage count
513
      connection.increaseUsageCount(1);
453 514
      // Bind the values to the query
454 515
      pstmt.setString(1, docid);
455 516
      pstmt.setInt(3, permission);
......
463 524
      } else {
464 525
        pstmt.setString(8, null);
465 526
      }
466

  
527
      
528
      //incrase usagecount for DBConnection
529
      //conn.increaseUsageCount(1);
467 530
      String prName;
468 531
      for ( int j = 0; j < principal.size(); j++ ) {
469 532
        prName = (String)principal.elementAt(j);
......
491 554
      throw new 
492 555
      SQLException("AccessControlList.insertPermissions(): " + e.getMessage());
493 556
    }
557
    finally
558
    {
559
      pstmt.close();
560
      //return the DBConnection
561
      //DBConnectionPool.returnDBConnection(conn, serialNumber);
562
    }
494 563
  }
495 564

  
496 565
  /* Get permissions with permission order different than @permOrder. */
......
498 567
                             String docid, String permOrder)
499 568
          throws SQLException 
500 569
  {
501
    PreparedStatement pstmt;
502
    pstmt = conn.prepareStatement(
570
    PreparedStatement pstmt = null;
571
    DBConnection conn = null;
572
    int serialNumber = -1;
573
    try
574
    {
575
      //check out DBConnection
576
      conn=DBConnectionPool.getDBConnection("AccessControlList.getPermissions");
577
      serialNumber=conn.getCheckOutSerialNumber();
578
      pstmt = conn.prepareStatement(
503 579
            "SELECT permission FROM xml_access " +
504 580
            "WHERE docid = ? " +
505 581
            "AND principal_name = ? " +
506 582
            "AND perm_order NOT = ?");
507
    pstmt.setString(1, docid);
508
    pstmt.setString(2, principal);
509
    pstmt.setString(3, permOrder);
510
    pstmt.execute();
511
    ResultSet rs = pstmt.getResultSet();
512
    boolean hasRow = rs.next();
513
    int perm = 0;
514
    while ( hasRow ) {
515
      perm = rs.getInt(1);
516
      perm = permission & perm;
517
      if ( perm != 0 ) {
583
      pstmt.setString(1, docid);
584
      pstmt.setString(2, principal);
585
      pstmt.setString(3, permOrder);
586
      pstmt.execute();
587
      ResultSet rs = pstmt.getResultSet();
588
      boolean hasRow = rs.next();
589
      int perm = 0;
590
      while ( hasRow ) {
591
        perm = rs.getInt(1);
592
        perm = permission & perm;
593
        if ( perm != 0 ) {
594
          pstmt.close();
595
          return perm;
596
        }
597
        hasRow = rs.next();
598
      }
599
    }//try
600
    catch (SQLException e)
601
    {
602
      throw e;
603
    }
604
    finally
605
    {
606
      try
607
      {
518 608
        pstmt.close();
519
        return perm;
520 609
      }
521
      hasRow = rs.next();
610
      finally
611
      {
612
        DBConnectionPool.returnDBConnection(conn, serialNumber);
613
      }
522 614
    }
523
    pstmt.close();
524 615
    return 0;
525 616
  }
526 617

  
527 618
  /* Get the int value of READ, WRITE or ALL. */
528
  private int intValue ( String permission )
619
  private static int intValue ( String permission )
529 620
  {
530 621
    if ( permission.equals("READ") ) {
531 622
      return READ;
......
563 654
    * has "all" permission to access it.
564 655
    * @param docId, the document id need to be checked
565 656
    */
566
    private boolean isAccessDocument(String docId) throws SQLException
657
    private static boolean isAccessDocument(String docId) throws SQLException
567 658
    {
568 659
      //detele the rev number if docid contains it
569 660
      docId=MetaCatUtil.getDocIdFromString(docId);
570 661
      PreparedStatement pStmt=null;
662
      DBConnection conn = null;
663
      int serialNumber = -1;
571 664
      try
572 665
      {
666
        //check out DBConnection
667
        conn=DBConnectionPool.getDBConnection("AccessControlList.isAccessDoc");
668
        serialNumber=conn.getCheckOutSerialNumber();
573 669
        pStmt = conn.prepareStatement("select 'x' from xml_access where " +
574 670
                                      "accessfileid like '" + docId +  "'");
575 671
        pStmt.execute();
......
583 679
      }
584 680
      catch(SQLException e)
585 681
      {
586
        pStmt.close();
587
        throw new SQLException("AccessControlList.hasPermission():2 " +
588
                     "Error checking ownership for " + principal +
589
                     " on document #" + docId + ". " + e.getMessage());
682
       
683
        throw new SQLException("AccessControlList.isAccessDocument " +
684
                     "Error checking" +
685
                     " on document " + docId + ". " + e.getMessage());
590 686
      }
687
      finally
688
      {
689
        try
690
        {
691
           pStmt.close();
692
        }
693
        finally
694
        {
695
          DBConnectionPool.returnDBConnection(conn, serialNumber);
696
        }
697
      }
591 698
      return false;
592 699
    }//isAccessDocument
593 700
     
......
621 728
    * public.
622 729
    * @param docid, the id of given documents 
623 730
    */ 
624
  private boolean containDocumentOwner( String [] principals, String docId)
731
  private static boolean containDocumentOwner( String [] principals, 
732
                                                              String docId)
625 733
                    throws SQLException
626 734
  {
627 735
    int lengthOfArray=principals.length;
628 736
    boolean hasRow; 
629 737
    PreparedStatement pStmt=null;
738
    DBConnection conn = null;
739
    int serialNumber = -1;
740
    
630 741
    try
631 742
    {
743
      //check out DBConnection
744
     conn=DBConnectionPool.getDBConnection("AccessControlList.containDocOnwer");
745
      serialNumber=conn.getCheckOutSerialNumber();
632 746
      pStmt = conn.prepareStatement(
633 747
                "SELECT 'x' FROM xml_documents " +
634 748
                "WHERE docid = ? AND user_owner = ?"); 
......
661 775
                     "Error checking ownership for " + principals[0] +
662 776
                     " on document #" + docId + ". " + e.getMessage());
663 777
    }//catch
664
     
665
    
666
    pStmt.close();
667
   
778
    finally
779
    {
780
      try
781
      {
782
        pStmt.close();
783
      }
784
      finally
785
      {
786
        DBConnectionPool.returnDBConnection(conn, serialNumber);
787
      }
788
    }
668 789
    return false; 
669 790
  }//containDocumentOwner
670 791
  
......
673 794
    * @param principals, list of names of principals to check for 
674 795
    * @param docid, document identifier to check for
675 796
    */
676
  private boolean isAllowFirst(String [] principals, String docId)
797
  private static boolean isAllowFirst(String [] principals, String docId)
677 798
                  throws SQLException, Exception
678 799
  {
679 800
    int lengthOfArray=principals.length;
680 801
    boolean hasRow;
802
    PreparedStatement pStmt = null;
803
    DBConnection conn = null;
804
    int serialNumber = -1;
805
    try
806
    {
807
      //check out DBConnection
808
      conn=DBConnectionPool.getDBConnection("AccessControlList.isAllowFirst");
809
      serialNumber=conn.getCheckOutSerialNumber();
681 810
    
682
    //select permission order from database
683
    PreparedStatement pStmt = conn.prepareStatement(
811
      //select permission order from database
812
      pStmt = conn.prepareStatement(
684 813
                "SELECT perm_order FROM xml_access " +
685 814
                "WHERE principal_name= ? AND docid = ?");
686 815
   
687
   //check every name in the array
688
    for (int i=0; i<lengthOfArray;i++)
816
      //check every name in the array
817
      for (int i=0; i<lengthOfArray;i++)
818
      {
819
        //bind value
820
        pStmt.setString(1, principals[i]);//user name
821
        pStmt.setString(2, docId);//docid
822
    
823
        pStmt.execute();
824
        ResultSet rs = pStmt.getResultSet();
825
        hasRow=rs.next();
826
        if (hasRow)
827
        {
828
          //get the permission order from data base
829
          String permissionOrder=rs.getString(1);
830
          //if the permission order is "allowFirst
831
          if (permissionOrder.equalsIgnoreCase(ALLOWFIRST))
832
          {
833
            pStmt.close();
834
            return true;
835
          }
836
          else
837
          {
838
            pStmt.close();
839
            return false;
840
          }
841
        }//if
842
      }//for
843
    }//try
844
    catch (SQLException e)
689 845
    {
690
      //bind value
691
      pStmt.setString(1, principals[i]);//user name
692
      pStmt.setString(2, docId);//docid
693
    
694
      pStmt.execute();
695
      ResultSet rs = pStmt.getResultSet();
696
      hasRow=rs.next();
697
      if (hasRow)
846
      throw e;
847
    }
848
    finally
849
    {
850
      try
698 851
      {
699
        //get the permission order from data base
700
        String permissionOrder=rs.getString(1);
701
        //if the permission order is "allowFirst
702
        if (permissionOrder.equalsIgnoreCase(ALLOWFIRST))
703
        {
704
          pStmt.close();
705
          return true;
706
        }
707
        else
708
        {
709
          pStmt.close();
710
          return false;
711
        }
712
      }//if
713
    }//for
852
        pStmt.close();
853
      }
854
      finally
855
      {
856
        DBConnectionPool.returnDBConnection(conn, serialNumber);
857
      }
858
    }
714 859
    
715 860
    //if reach here, means there is no permssion record for given names and 
716 861
    //docid. So throw a exception.
717
    pStmt.close();
862
    
718 863
    throw new Exception("There is no permission record for user"+principals[0]+
719 864
                        "at document "+docId);
720 865
        
......
729 874
    * @param docid, document identifier to check for
730 875
    * @param permission, the permssion need to check
731 876
    */
732
  private boolean hasAllowRule(String [] principals, String docId, 
877
  private static boolean hasAllowRule(String [] principals, String docId, 
733 878
                                  String permission)
734 879
                  throws SQLException, Exception
735 880
 {
736 881
   int lengthOfArray=principals.length;
737 882
   boolean allow=false;//initial value is no allow rule
738 883
   ResultSet rs;
739
   PreparedStatement pStmt;
884
   PreparedStatement pStmt = null;
740 885
   int permissionValue=intValue(permission);
741 886
   int permissionValueInTable;
742 887
   int ticketCount;
743
   
744
   //This sql statement will select entry with 
745
   //begin_time<=currentTime<=end_time in xml_access table
746
   //If begin_time or end_time is null in table, isnull(begin_time, sysdate)
747
   //function will assign begin_time=sysdate
748
   pStmt = conn.prepareStatement(
888
   DBConnection conn = null;
889
   int serialNumber = -1;
890
   try
891
   {
892
     //check out DBConnection
893
     conn=DBConnectionPool.getDBConnection("AccessControlList.hasAllowRule");
894
     serialNumber=conn.getCheckOutSerialNumber();
895
    //This sql statement will select entry with 
896
    //begin_time<=currentTime<=end_time in xml_access table
897
    //If begin_time or end_time is null in table, isnull(begin_time, sysdate)
898
    //function will assign begin_time=sysdate
899
    pStmt = conn.prepareStatement(
749 900
                "SELECT permission, ticket_count " +
750 901
                "FROM xml_access " +
751 902
                "WHERE docid = ? " + 
......
754 905
                "AND " + sysdate + 
755 906
                " BETWEEN " + isnull + "(begin_time," + sysdate + ") " +
756 907
                     "AND " + isnull + "(end_time," + sysdate + ")");
757
   //bind docid, perm_type
758
   pStmt.setString(1, docId);
759
   pStmt.setString(3, ALLOW);
908
    //bind docid, perm_type
909
    pStmt.setString(1, docId);
910
    pStmt.setString(3, ALLOW);
760 911
   
761
   //bind every elenment in user name array
912
    //bind every elenment in user name array
762 913
    for (int i=0;i<lengthOfArray; i++)
763 914
    {
764 915
      pStmt.setString(2, principals[i]);
......
792 943
         }//if
793 944
      }//while
794 945
    }//for
795
    pStmt.close();
946
   }//try
947
   catch (SQLException sqlE)
948
   {
949
     throw sqlE;
950
   }
951
   catch (Exception e)
952
   {
953
     throw e;
954
   }
955
   finally
956
   {
957
     try
958
     {
959
       pStmt.close();
960
     }
961
     finally
962
     {
963
       DBConnectionPool.returnDBConnection(conn, serialNumber);
964
     }
965
   }
796 966
    return allow;
797 967
 }//hasAllowRule
798 968
 
799
  /**
800
    * Check if the users array has allow rules for given users, docid and 
801
    * permission.
802
    * If it has permission rule and ticket count is greater than 0, the ticket
803
    * number will decrease one
804
    * @param principals, list of names of principals to check for 
805
    * @param docid, document identifier to check for
806
    * @param permission, the permssion need to check
807
    */
808
  private boolean hasAllowRuleBackup(String [] principals, String docId, 
809
                                  String permission)
810
                  throws SQLException, Exception
811
 {
812
   int lengthOfArray=principals.length;
813
   ResultSet rs;
814
   PreparedStatement pStmt;
815
   int permissionValue=intValue(permission);
816
   int permissionValueInTable;
817
   int ticketCount;
969
 
818 970
   
819
   //This sql statement will select entry with 
820
   //begin_time<=currentTime<=end_time in xml_access table
821
   //If begin_time or end_time is null in table, isnull(begin_time, sysdate)
822
   //function will assign begin_time=sysdate
823
   pStmt = conn.prepareStatement(
824
                "SELECT permission, ticket_count " +
825
                "FROM xml_access " +
826
                "WHERE docid = ? " + 
827
                "AND principal_name = ? " +
828
                "AND perm_type = ? " +
829
                "AND " + sysdate + 
830
                " BETWEEN " + isnull + "(begin_time," + sysdate + ") " +
831
                     "AND " + isnull + "(end_time," + sysdate + ")");
832
   //bind docid, perm_type
833
   pStmt.setString(1, docId);
834
   pStmt.setString(3, ALLOW);
835
   
836
   //bind every elenment in user name array
837
    for (int i=0;i<lengthOfArray; i++)
838
    {
839
      pStmt.setString(2, principals[i]);
840
      pStmt.execute();
841
      rs=pStmt.getResultSet();
842
      while (rs.next())//check every entry for one user
843
      {
844
        permissionValueInTable=rs.getInt(1);
845
        ticketCount=rs.getInt(2);
846
       
847
        //permission is ok and ticketcount geat than 0 or ticket is null, 
848
        //the user have a permission to access the file
849
        if ((( permissionValueInTable & permissionValue )== permissionValue )
850
              && (rs.wasNull()||ticketCount > 0))
851
        {
852
           //ticket count should minus one 
853
           //ticketCount isnot null and greater than 0, order is allowfirst
854
           if (!rs.wasNull() && ticketCount>0 && isAllowFirst(principals,docId))
855
           {
856
              decreaseNumberOfAccess(permissionValueInTable, principals[i],
857
                                              docId, ALLOW, ALLOWFIRST);
858
            }
859
           //ticketCount isnot null and greater than 0, order is not allowfirst
860
           if (!rs.wasNull() &&ticketCount>0 && !isAllowFirst(principals,docId))
861
           {
862
              decreaseNumberOfAccess(permissionValueInTable, principals[i],
863
                                              docId, ALLOW, DENYFIRST);
864
           }
865
           pStmt.close();
866
           return true;
867
         }//if
868
      }//while
869
    }//for
870
    pStmt.close();
871
    return false;//no allow rule
872
 }//hasAllowRule
873
   
874 971
   /**
875 972
    * Check if the users array has explicit deny rules for given users, docid 
876 973
    * and permission. That means the perm_type is deny and current time is
......
879 976
    * @param docid, document identifier to check for
880 977
    * @param permission, the permssion need to check
881 978
    */
882
  private boolean hasExplicitDenyRule(String [] principals, String docId, 
979
  private static boolean hasExplicitDenyRule(String [] principals, String docId, 
883 980
                                  String permission)
884 981
                  throws SQLException
885 982
 {
886 983
   int lengthOfArray=principals.length;
887 984
   ResultSet rs;
888
   PreparedStatement pStmt;
985
   PreparedStatement pStmt = null;
889 986
   int permissionValue=intValue(permission);
890 987
   int permissionValueInTable;
891
 
988
   DBConnection conn = null;
989
   int serialNumber = -1;
892 990
   
893
   //This sql statement will select entry with 
894
   //begin_time<=currentTime<=end_time in xml_access table
895
   //If begin_time or end_time is null in table, isnull(begin_time, sysdate)
896
   //function will assign begin_time=sysdate
897
   pStmt = conn.prepareStatement(
991
   try
992
   {
993
     //check out DBConnection
994
     conn=DBConnectionPool.getDBConnection("AccessControlList.hasExplicitDeny");
995
     serialNumber=conn.getCheckOutSerialNumber();
996
   
997
    //This sql statement will select entry with 
998
    //begin_time<=currentTime<=end_time in xml_access table
999
    //If begin_time or end_time is null in table, isnull(begin_time, sysdate)
1000
    //function will assign begin_time=sysdate
1001
    pStmt = conn.prepareStatement(
898 1002
                "SELECT permission " +
899 1003
                "FROM xml_access " +
900 1004
                "WHERE docid = ? " + 
......
903 1007
                "AND " + sysdate + 
904 1008
                " BETWEEN " + isnull + "(begin_time," + sysdate + ") " +
905 1009
                     "AND " + isnull + "(end_time," + sysdate + ")");
906
   //bind docid, perm_type
907
   pStmt.setString(1, docId);
908
   pStmt.setString(3, DENY);
1010
    //bind docid, perm_type
1011
    pStmt.setString(1, docId);
1012
    pStmt.setString(3, DENY);
909 1013
   
910
   //bind every elenment in user name array
1014
    //bind every elenment in user name array
911 1015
    for (int i=0;i<lengthOfArray; i++)
912 1016
    {
913 1017
      pStmt.setString(2, principals[i]);
......
926 1030
         }//if
927 1031
      }//while
928 1032
    }//for
929
    pStmt.close();
930
    return false;//no deny rule
1033
   }//try
1034
   catch (SQLException e)
1035
   {
1036
     throw e;
1037
   }//catch
1038
   finally
1039
   {
1040
     try
1041
     {
1042
       pStmt.close();
1043
     }
1044
     finally
1045
     {
1046
       DBConnectionPool.returnDBConnection(conn, serialNumber);
1047
     }
1048
   }//finally
1049
   return false;//no deny rule
931 1050
  }//hasExplicitDenyRule 
932 1051
   
933 1052
   /**
......
939 1058
    * @param docid, document identifier to check for
940 1059
    * @param permission, the permssion need to check
941 1060
    */
942
  private boolean hasImplicitDenyRule(String [] principals, String docId, 
1061
  private static boolean hasImplicitDenyRule(String [] principals, String docId, 
943 1062
                                  String permission)
944 1063
                  throws SQLException
945 1064
 {
946 1065
   int lengthOfArray=principals.length;
947 1066
   ResultSet rs;
948
   PreparedStatement pStmt;
1067
   PreparedStatement pStmt = null;
949 1068
   int permissionValue=intValue(permission);
950 1069
   int permissionValueInTable;
1070
   DBConnection conn = null;
1071
   int serialNumber = -1;
1072
   
951 1073
 
952
   
953
   //This sql statement will select entry with  perm_type =allow and
954
   //currentTime is less than begin_time or greater than end time
955
   //in xml_access table. This is an implicit deny rule (allow is out of date) 
956
   pStmt = conn.prepareStatement(
1074
   try
1075
   {
1076
    //check out DBConnection
1077
    conn=DBConnectionPool.getDBConnection("AccessControlList.hasImplicitDeny");
1078
    serialNumber=conn.getCheckOutSerialNumber();
1079
    //This sql statement will select entry with  perm_type =allow and
1080
    //currentTime is less than begin_time or greater than end time
1081
    //in xml_access table. This is an implicit deny rule (allow is out of date) 
1082
    pStmt = conn.prepareStatement(
957 1083
                "SELECT permission " +
958 1084
                "FROM xml_access " +
959 1085
                "WHERE docid = ? " + 
......
962 1088
                "AND " + sysdate + 
963 1089
                " < " + isnull + "(begin_time," + sysdate + ") " +
964 1090
                "OR " + sysdate + " > "+ isnull + "(end_time," + sysdate + ")");
965
   //bind docid, perm_type
966
   pStmt.setString(1, docId);
967
   pStmt.setString(3, ALLOW);//It is allow
1091
    //bind docid, perm_type
1092
    pStmt.setString(1, docId);
1093
    pStmt.setString(3, ALLOW);//It is allow
968 1094
   
969
   //bind every elenment in user name array
1095
    //bind every elenment in user name array
970 1096
    for (int i=0;i<lengthOfArray; i++)
971 1097
    {
972 1098
      pStmt.setString(2, principals[i]);
......
998 1124
                "AND principal_name = ? " +
999 1125
                "AND perm_type = ? " +
1000 1126
                "AND ticket_count = ?");
1001
   //bind docid, perm_type, ticket_count
1002
   pStmt.setString(1, docId);
1003
   pStmt.setString(3, ALLOW);//It is allow!
1004
   pStmt.setInt(4,0);
1005
   
1006
   //bind every elenment in user name array
1127
    //bind docid, perm_type, ticket_count
1128
    pStmt.setString(1, docId);
1129
    pStmt.setString(3, ALLOW);//It is allow!
1130
    pStmt.setInt(4,0);
1131
    
1132
    //Because this DBConnection used twice in this method. But we only count one
1133
    //when it checked out. So we should increase another one
1134
    conn.increaseUsageCount(1);
1135
    
1136
    //bind every elenment in user name array
1007 1137
    for (int i=0;i<lengthOfArray; i++)
1008 1138
    {
1009 1139
      pStmt.setString(2, principals[i]);
......
1024 1154
         }//if
1025 1155
      }//while
1026 1156
    }//for
1027
    
1028
    pStmt.close();
1157
   }//try
1158
   finally
1159
   {
1160
     
1161
     try
1162
     {
1163
       pStmt.close();
1164
     }
1165
     finally
1166
     {
1167
       DBConnectionPool.returnDBConnection(conn, serialNumber);
1168
     }
1169
   }//finally
1029 1170
    return false;//no implicit deny rule
1030 1171
  }//hasImplicitDenyRule
1031 1172
  
......
1035 1176
    * @param user, the name of user
1036 1177
    * @param groups, the string array of the groups that user belong to
1037 1178
    */
1038
  private String [] createUsersPackage(String user, String [] groups)
1179
  private static String [] createUsersPackage(String user, String [] groups)
1039 1180
  {
1040 1181
    String [] usersPackage=null;
1041 1182
    int lengthOfPackage;
......
1100 1241
    * This method will return a data set id for given access id.
1101 1242
    * @param accessDocId, the accessDocId which need to be found data set id
1102 1243
   */
1103
  private String getDataSetId(String accessDocId) 
1244
  private static String getDataSetId(String accessDocId) 
1104 1245
                              throws SQLException
1105 1246
  {
1106 1247
    String dataSetId=null;
1107
    PreparedStatement pStmt;
1248
    PreparedStatement pStmt=null;
1108 1249
    ResultSet rs=null;
1250
    DBConnection conn=null;
1251
    int serialNumber=-1;
1109 1252
    String query="SELECT docId from xml_relation where subject = ? or "
1110 1253
                                                +"object = ?";
1111 1254
    
1112
    pStmt=conn.prepareStatement(query);
1113
    //bind the value to query
1114
    pStmt.setString(1, accessDocId);
1115
    pStmt.setString(2, accessDocId);
1116
    //execute the query
1117
    pStmt.execute();
1118
    rs=pStmt.getResultSet();
1119
    //process the result
1120
    if (rs.next()) //There are some records for the data set id for access id
1255
    try
1121 1256
    {
1122
      dataSetId=rs.getString(1);
1123
    }
1124
    else //No data set id for the given access id in xml_relation table
1257
      //check out DBConnection
1258
      conn=DBConnectionPool.getDBConnection("AccessControlList.getDataSetId");
1259
      serialNumber=conn.getCheckOutSerialNumber();
1260
      
1261
      pStmt=conn.prepareStatement(query);
1262
      //bind the value to query
1263
      pStmt.setString(1, accessDocId);
1264
      pStmt.setString(2, accessDocId);
1265
      //execute the query
1266
      pStmt.execute();
1267
      rs=pStmt.getResultSet();
1268
      //process the result
1269
      if (rs.next()) //There are some records for the data set id for access id
1270
      {
1271
        dataSetId=rs.getString(1);
1272
      }
1273
      else //No data set id for the given access id in xml_relation table
1274
      {
1275
        dataSetId=null;
1276
      }
1277
    }//try
1278
    finally
1125 1279
    {
1126
      dataSetId=null;
1280
      try
1281
      {
1282
        pStmt.close();
1283
      }
1284
      finally
1285
      {
1286
        DBConnectionPool.returnDBConnection(conn, serialNumber);
1287
      }
1127 1288
    }
1128
    
1129
    
1130
    pStmt.close();
1131 1289
    return dataSetId;
1132 1290
  }//getDataPackageId() 
1133 1291
  
......
1138 1296
    * @param principals list of names of principals to check for @permission
1139 1297
    * @param docid document identifier to check on
1140 1298
    */
1141
  public boolean hasPermission(String permission, String user,
1299
  public static boolean hasPermission(String permission, String user,
1142 1300
                               String[] groups, String docId )
1143 1301
                 throws SQLException, Exception
1144 1302
  {
......
1179 1337
    * @param docid, document identifier to check on
1180 1338
    * @param permission, permission (write or all...) to check for 
1181 1339
    */
1182
  private boolean hasPermission(String [] principals, String docId,
1340
  private static boolean hasPermission(String [] principals, String docId,
1183 1341
                                            String permission)
1184 1342
                         throws SQLException
1185 1343
  {
......
1240 1398
    return false;
1241 1399
  }//hasPermission
1242 1400
 
1243
  private boolean hasValidDenyEntry(String persmission, String principal, 
1244
                                      String docId)
1245
                  throws SQLException
1246
  {
1247
  //detele the rev number if docid contains it
1248
      docId=MetaCatUtil.getDocIdFromString(docId);
1249
      PreparedStatement pStmt;
1250
      String permissionType;
1251
      int accessValue;
1252
      
1253
      
1254
      try
1255
      {
1256
        pStmt = conn.prepareStatement("select perm_type, permission, begin_time"
1257
                                    + ", end_time from xml_access where " +
1258
                                      "docid like '" + docId +  "' and "
1259
                                    + "principal_name like '"+principal+"'");
1260
        pStmt.execute();
1261
        ResultSet rs = pStmt.getResultSet();
1262
        boolean hasRow = rs.next();
1263
        pStmt.close();
1264
        if(hasRow)
1265
        {
1266
          return true;
1267
        }
1268
      }
1269
      catch(SQLException e)
1270
      {
1271
        throw new SQLException("AccessControlList.hasPermission():2 " +
1272
                     "Error checking ownership for " + principal +
1273
                     " on document #" + docId + ". " + e.getMessage());
1274
      }
1275
      return false;
1276
  }
1401

  
1277 1402
  /* Decrease the number of access to @docid for @principal in db. */
1278
  private void decreaseNumberOfAccess(int permission, String principal,
1403
  private static void decreaseNumberOfAccess(int permission, String principal,
1279 1404
                                      String docid, String permType, 
1280 1405
                                      String permOrder) 
1281 1406
               throws SQLException
1282 1407
  {
1283
    PreparedStatement pstmt;
1284
    pstmt = conn.prepareStatement(
1408
    PreparedStatement pstmt = null;
1409
    DBConnection conn = null;
1410
    int serialNumber = -1;
1411
    try
1412
    {
1413
      //check out DBConnection
1414
      conn=DBConnectionPool.getDBConnection("AccessControlList.decreaseNumOfA");
1415
      serialNumber=conn.getCheckOutSerialNumber();
1416
      
1417
      pstmt = conn.prepareStatement(
1285 1418
            "UPDATE xml_access SET ticket_count = ticket_count - 1 " +
1286 1419
            "WHERE docid = ? " +
1287 1420
            "AND principal_name = ? " +
......
1291 1424
            "AND " + sysdate + 
1292 1425
            " BETWEEN " + isnull + "(begin_time," + sysdate + ") " +
1293 1426
                 "AND " + isnull + "(end_time," + sysdate + ")");
1294
    // Bind the values to the query
1295
    pstmt.setString(1, docid);
1296
    pstmt.setString(2, principal);
1297
    pstmt.setInt(3, permission);
1298
    pstmt.setString(4, permType);
1299
    pstmt.setString(5, permOrder);
1427
      // Bind the values to the query
1428
      pstmt.setString(1, docid);
1429
      pstmt.setString(2, principal);
1430
      pstmt.setInt(3, permission);
1431
      pstmt.setString(4, permType);
1432
      pstmt.setString(5, permOrder);
1300 1433

  
1301
    pstmt.execute();
1302
    pstmt.close();
1434
      pstmt.execute();
1435
    }//try
1436
    finally
1437
    {
1438
      try
1439
      {
1440
        pstmt.close();
1441
      }
1442
      finally
1443
      {
1444
        DBConnectionPool.returnDBConnection(conn, serialNumber);
1445
      }
1446
    }//finally
1303 1447
  }
1304 1448
 
1305 1449
 
......
1340 1484
    String end_prev = "";
1341 1485
    int ticketCount = -1;
1342 1486
    int ticket_prev = -1;
1343
    
1487
    DBConnection conn = null;
1488
    int serialNumber = -1;
1489
    PreparedStatement pstmt = null;
1344 1490
    try {
1345 1491
      
1492
      //check out DBConnection
1493
      conn=DBConnectionPool.getDBConnection("AccessControlList.getACL");
1494
      serialNumber=conn.getCheckOutSerialNumber();
1495
      
1346 1496
      isOwned = isOwned(docid, user);
1347 1497
      systemID = getSystemID((String)MetaCatUtil.
1348 1498
                                      getOptionList(accDoctype).elementAt(0));
......
1353 1503
                    systemID + "\">\n");
1354 1504
      output.append("<acl authSystem=\"\">\n");
1355 1505

  
1356
      PreparedStatement pstmt;
1506
      
1357 1507
      pstmt = conn.prepareStatement(
1358 1508
              "SELECT distinct accessfileid, principal_name, permission, " +
1359 1509
              "perm_type, perm_order, to_char(begin_time,'mm/dd/yyyy'), " +
......
1483 1633
      throw new 
1484 1634
      SQLException("AccessControlList.getACL(). " + e.getMessage());
1485 1635
    }
1636
    finally
1637
    {
1638
      try
1639
      {
1640
        pstmt.close();
1641
      }
1642
      finally
1643
      {
1644
        DBConnectionPool.returnDBConnection(conn, serialNumber);
1645
      }
1646
    }
1486 1647
  }
1487 1648
  
1488 1649
  /* Check if @user is owner of @docid from db conn. */
1489 1650
  private boolean isOwned(String docid, String user) throws SQLException {
1490 1651
    
1491
    PreparedStatement pstmt;
1492
    pstmt = conn.prepareStatement("SELECT 'x' FROM xml_documents " +
1652
    PreparedStatement pstmt = null;
1653
    DBConnection conn = null;
1654
    int serialNumber = -1;
1655
    try
1656
    {
1657
      //check out DBConnection
1658
      conn=DBConnectionPool.getDBConnection("AccessControlList.isOwned");
1659
      serialNumber=conn.getCheckOutSerialNumber();
1660
      pstmt = conn.prepareStatement("SELECT 'x' FROM xml_documents " +
1493 1661
                                  "WHERE docid = ? " + 
1494 1662
                                  "AND user_owner = ?");
1495
    pstmt.setString(1, docid);
1496
    pstmt.setString(2, user);
1497
    pstmt.execute();
1498
    ResultSet rs = pstmt.getResultSet();
1499
    boolean hasRow = rs.next();
1500
    
1501
    return hasRow;
1663
      pstmt.setString(1, docid);
1664
      pstmt.setString(2, user);
1665
      pstmt.execute();
1666
      ResultSet rs = pstmt.getResultSet();
1667
      boolean hasRow = rs.next();
1668
      return hasRow;
1669
    }
1670
    finally
1671
    {
1672
      try
1673
      {
1674
        pstmt.close();
1675
      }
1676
      finally
1677
      {
1678
        DBConnectionPool.returnDBConnection(conn, serialNumber);
1679
      }
1680
    }
1502 1681
  }
1503 1682

  
1504 1683
  /* Get the flag for public "read" access for @docid from db conn. */
1505 1684
  private String getPublicAccess(String docid) throws SQLException {
1506 1685
    
1507 1686
    int publicAcc = 0;
1508
    PreparedStatement pstmt;
1509
    pstmt = conn.prepareStatement("SELECT public_access FROM xml_documents " +
1687
    PreparedStatement pstmt = null;
1688
    DBConnection conn = null;
1689
    int serialNumber = -1;
1690
    try
1691
    {
1692
      //check out DBConnection
1693
      conn=DBConnectionPool.getDBConnection("AccessControlList.getPublicAcces");
1694
      serialNumber=conn.getCheckOutSerialNumber();
1695
      pstmt = conn.prepareStatement("SELECT public_access FROM xml_documents " +
1510 1696
                                  "WHERE docid = ?");
1511
    pstmt.setString(1, docid);
1512
    pstmt.execute();
1513
    ResultSet rs = pstmt.getResultSet();
1514
    boolean hasRow = rs.next();
1515
    if ( hasRow ) {
1516
      publicAcc = rs.getInt(1);
1697
      pstmt.setString(1, docid);
1698
      pstmt.execute();
1699
      ResultSet rs = pstmt.getResultSet();
1700
      boolean hasRow = rs.next();
1701
      if ( hasRow ) {
1702
        publicAcc = rs.getInt(1);
1703
      }
1704
    
1705
      return (publicAcc == 1) ? "yes" : "no";
1517 1706
    }
1518
    
1519
    return (publicAcc == 1) ? "yes" : "no";
1707
    finally
1708
    {
1709
      try
1710
      {
1711
        pstmt.close();
1712
      }
1713
      finally
1714
      {
1715
        DBConnectionPool.returnDBConnection(conn, serialNumber);
1716
      }
1717
    }
1520 1718
  }
1521 1719

  
1522 1720
  /* Get SystemID for @publicID from Metacat DB Catalog. */
1523 1721
  private String getSystemID(String publicID) throws SQLException {
1524 1722
    
1525 1723
    String systemID = "";
1526
    PreparedStatement pstmt;
1527
    pstmt = conn.prepareStatement("SELECT system_id FROM xml_catalog " +
1724
    PreparedStatement pstmt = null;
1725
    DBConnection conn = null;
1726
    int serialNumber = -1;
1727
    
1728
    try
1729
    {
1730
      //check out DBConnection
1731
      conn=DBConnectionPool.getDBConnection("AccessControlList.getSystemID");
1732
      serialNumber=conn.getCheckOutSerialNumber();
1733
    
1734
      pstmt = conn.prepareStatement("SELECT system_id FROM xml_catalog " +
1528 1735
                                  "WHERE entry_type = 'DTD' " + 
1529 1736
                                  "AND public_id = ?");
1530
    pstmt.setString(1, publicID);
1531
    pstmt.execute();
1532
    ResultSet rs = pstmt.getResultSet();
1533
    boolean hasRow = rs.next();
1534
    if ( hasRow ) {
1535
      systemID = rs.getString(1);
1536
    }
1737
      pstmt.setString(1, publicID);
1738
      pstmt.execute();
1739
      ResultSet rs = pstmt.getResultSet();
1740
      boolean hasRow = rs.next();
1741
      if ( hasRow ) {
1742
        systemID = rs.getString(1);
1743
      }
1537 1744
    
1538
    return systemID;
1745
      return systemID;
1746
    }//try
1747
    finally
1748
    {
1749
      
1750
      try
1751
      {
1752
        pstmt.close();
1753
      }
1754
      finally
1755
      {
1756
        DBConnectionPool.returnDBConnection(conn, serialNumber);
1757
      }
1758
    }//finally
1539 1759
  }
1540 1760

  
1541 1761
}

Also available in: Unified diff