Revision 4295
Added by daigle over 16 years ago
src/edu/ucsb/nceas/metacat/MetaCatServlet.java | ||
---|---|---|
56 | 56 |
import javax.servlet.ServletContext; |
57 | 57 |
import javax.servlet.ServletException; |
58 | 58 |
import javax.servlet.ServletOutputStream; |
59 |
import javax.servlet.http.Cookie; |
|
59 | 60 |
import javax.servlet.http.HttpServlet; |
60 | 61 |
import javax.servlet.http.HttpServletRequest; |
61 | 62 |
import javax.servlet.http.HttpServletResponse; |
... | ... | |
605 | 606 |
|
606 | 607 |
// Decode the docid and mouse click information |
607 | 608 |
// THIS IS OBSOLETE -- I THINK -- REMOVE THIS BLOCK |
608 |
// 4/12/2007 |
|
609 |
// 4/12/2007d
|
|
609 | 610 |
// MBJ |
610 | 611 |
if (name.endsWith(".y")) { |
611 | 612 |
docid[0] = name.substring(0, name.length() - 2); |
... | ... | |
643 | 644 |
// This block handles session management for the servlet |
644 | 645 |
// by looking up the current session information for all actions |
645 | 646 |
// other than "login" and "logout" |
646 |
String username = null;
|
|
647 |
String userName = null;
|
|
647 | 648 |
String password = null; |
648 |
String[] groupnames = null;
|
|
649 |
String sess_id = null;
|
|
649 |
String[] groupNames = null;
|
|
650 |
String sessionId = null;
|
|
650 | 651 |
name = null; |
651 | 652 |
|
652 | 653 |
// handle login action |
... | ... | |
683 | 684 |
|
684 | 685 |
// aware of session expiration on every request |
685 | 686 |
} else { |
686 |
// TODO MCD take a closer look at this |
|
687 |
HttpSession sess = request.getSession(true); |
|
688 |
SessionData sessionData = null; |
|
689 |
logMetacat.info("session.isnew: " + sess.isNew() |
|
690 |
+ " params.hassessid: " + params.containsKey("sessionid")); |
|
691 |
if (sess.isNew() && !params.containsKey("sessionid")) { |
|
692 |
// session expired or has not been stored b/w user |
|
693 |
// requests |
|
694 |
logMetacat.info("The session is new or no sessionid is assigned. " |
|
695 |
+ "The user is public"); |
|
696 |
sessionData = new SessionData(sess.getId(), "public", null, null); |
|
697 |
SessionService.registerSession(sessionData); |
|
698 |
} else { |
|
699 |
logMetacat.info("The session is either old or " |
|
700 |
+ "has sessionid parameter"); |
|
701 |
try { |
|
702 |
|
|
703 |
if (params.containsKey("sessionid")) { |
|
704 |
sess_id = ((String[]) params.get("sessionid"))[0]; |
|
705 |
logMetacat.info("in has sessionid " + sess_id); |
|
706 |
if (SessionService.isSessionRegistered(sess_id)) { |
|
707 |
logMetacat.info("find the id " + sess_id |
|
708 |
+ " in hash table"); |
|
709 |
sessionData = SessionService.getRegisteredSession(sess_id); |
|
710 |
} |
|
711 |
} else { |
|
712 |
// this makes sure there is a session object for |
|
713 |
// public sessions |
|
714 |
sess_id = sess.getId(); |
|
715 |
sessionData = new SessionData(sess.getId(), |
|
716 |
(String) sess.getAttribute("username"), |
|
717 |
(String[]) sess.getAttribute("groups"), |
|
718 |
(String) sess.getAttribute("password")); |
|
719 |
SessionService.registerSession(sessionData); |
|
720 |
} |
|
721 |
} catch (IllegalStateException ise) { |
|
722 |
logMetacat.error("Error in handleGetOrPost: this shouldn't " |
|
723 |
+ "happen: the session should be valid: " |
|
724 |
+ ise.getMessage()); |
|
725 |
} |
|
687 |
SessionData sessionData = RequestUtil.getSessionData(request); |
|
688 |
|
|
689 |
userName = sessionData.getUserName(); |
|
690 |
password = sessionData.getPassword(); |
|
691 |
groupNames = sessionData.getGroupNames(); |
|
726 | 692 |
|
727 |
username = (String) sess.getAttribute("username"); |
|
728 |
logMetacat.info("The user name from session is: " + username); |
|
729 |
password = (String) sess.getAttribute("password"); |
|
730 |
groupnames = (String[]) sess.getAttribute("groupnames"); |
|
731 |
// name = (String) sess.getAttribute("name"); |
|
732 |
} |
|
733 |
|
|
734 |
// make user user username should be public |
|
735 |
if (username == null || (username.trim().equals(""))) { |
|
736 |
username = "public"; |
|
737 |
} |
|
738 |
logMetacat.info("The user is : " + username); |
|
693 |
logMetacat.info("The user is : " + userName); |
|
739 | 694 |
} |
740 | 695 |
// Now that we know the session is valid, we can delegate the |
741 |
// request |
|
742 |
// to a particular action handler |
|
696 |
// request to a particular action handler |
|
743 | 697 |
if (action.equals("query")) { |
744 | 698 |
ServletOutputStream streamOut = response.getOutputStream(); |
745 | 699 |
PrintWriter out = new PrintWriter(streamOut); |
746 |
handleQuery(out, params, response, username, groupnames, sess_id);
|
|
700 |
handleQuery(out, params, response, userName, groupNames, sessionId);
|
|
747 | 701 |
out.close(); |
748 | 702 |
} else if (action.equals("squery")) { |
749 | 703 |
ServletOutputStream streamOut = response.getOutputStream(); |
750 | 704 |
PrintWriter out = new PrintWriter(streamOut); |
751 | 705 |
if (params.containsKey("query")) { |
752 |
handleSQuery(out, params, response, username, groupnames, sess_id);
|
|
706 |
handleSQuery(out, params, response, userName, groupNames, sessionId);
|
|
753 | 707 |
out.close(); |
754 | 708 |
} else { |
755 | 709 |
out.println("Illegal action squery without \"query\" parameter"); |
... | ... | |
761 | 715 |
.debug("******************* SPATIAL QUERY ********************"); |
762 | 716 |
ServletOutputStream streamOut = response.getOutputStream(); |
763 | 717 |
PrintWriter out = new PrintWriter(streamOut); |
764 |
handleSpatialQuery(out, params, response, username, groupnames,
|
|
765 |
sess_id);
|
|
718 |
handleSpatialQuery(out, params, response, userName, groupNames,
|
|
719 |
sessionId);
|
|
766 | 720 |
out.close(); |
767 | 721 |
|
768 | 722 |
} |
... | ... | |
770 | 724 |
|
771 | 725 |
logMetacat |
772 | 726 |
.debug("******************* DATA QUERY ********************"); |
773 |
handleDataquery(params, response, sess_id);
|
|
727 |
handleDataquery(params, response, sessionId);
|
|
774 | 728 |
} |
775 | 729 |
else if (action.equals("export")) { |
776 | 730 |
|
777 |
handleExportAction(params, response, username, groupnames, password);
|
|
731 |
handleExportAction(params, response, userName, groupNames, password);
|
|
778 | 732 |
} else if (action.equals("read")) { |
779 |
handleReadAction(params, request, response, username, password,
|
|
780 |
groupnames);
|
|
733 |
handleReadAction(params, request, response, userName, password,
|
|
734 |
groupNames);
|
|
781 | 735 |
} else if (action.equals("readinlinedata")) { |
782 |
handleReadInlineDataAction(params, request, response, username,
|
|
783 |
password, groupnames);
|
|
736 |
handleReadInlineDataAction(params, request, response, userName,
|
|
737 |
password, groupNames);
|
|
784 | 738 |
} else if (action.equals("insert") || action.equals("update")) { |
785 | 739 |
PrintWriter out = response.getWriter(); |
786 |
if ((username != null) && !username.equals("public")) {
|
|
740 |
if ((userName != null) && !userName.equals("public")) {
|
|
787 | 741 |
handleInsertOrUpdateAction(request, response, out, params, |
788 |
username, groupnames);
|
|
742 |
userName, groupNames);
|
|
789 | 743 |
} else { |
790 | 744 |
response.setContentType("text/xml"); |
791 | 745 |
out.println("<?xml version=\"1.0\"?>"); |
792 | 746 |
out.println("<error>"); |
793 |
out.println("Permission denied for user " + username + " "
|
|
747 |
out.println("Permission denied for user " + userName + " "
|
|
794 | 748 |
+ action); |
795 | 749 |
out.println("</error>"); |
796 | 750 |
} |
797 | 751 |
out.close(); |
798 | 752 |
} else if (action.equals("delete")) { |
799 | 753 |
PrintWriter out = response.getWriter(); |
800 |
if ((username != null) && !username.equals("public")) {
|
|
801 |
handleDeleteAction(out, params, request, response, username,
|
|
802 |
groupnames);
|
|
754 |
if ((userName != null) && !userName.equals("public")) {
|
|
755 |
handleDeleteAction(out, params, request, response, userName,
|
|
756 |
groupNames);
|
|
803 | 757 |
} else { |
804 | 758 |
response.setContentType("text/xml"); |
805 | 759 |
out.println("<?xml version=\"1.0\"?>"); |
... | ... | |
814 | 768 |
out.close(); |
815 | 769 |
} else if (action.equals("setaccess")) { |
816 | 770 |
PrintWriter out = response.getWriter(); |
817 |
handleSetAccessAction(out, params, username);
|
|
771 |
handleSetAccessAction(out, params, userName);
|
|
818 | 772 |
out.close(); |
819 | 773 |
} else if (action.equals("getaccesscontrol")) { |
820 | 774 |
PrintWriter out = response.getWriter(); |
821 |
handleGetAccessControlAction(out, params, response, username,
|
|
822 |
groupnames);
|
|
775 |
handleGetAccessControlAction(out, params, response, userName,
|
|
776 |
groupNames);
|
|
823 | 777 |
out.close(); |
824 | 778 |
} else if (action.equals("getprincipals")) { |
825 | 779 |
PrintWriter out = response.getWriter(); |
826 |
handleGetPrincipalsAction(out, username, password);
|
|
780 |
handleGetPrincipalsAction(out, userName, password);
|
|
827 | 781 |
out.close(); |
828 | 782 |
} else if (action.equals("getdoctypes")) { |
829 | 783 |
PrintWriter out = response.getWriter(); |
... | ... | |
855 | 809 |
out.println(MetaCatVersion.getVersionAsXml()); |
856 | 810 |
out.close(); |
857 | 811 |
} else if (action.equals("getlog")) { |
858 |
handleGetLogAction(params, request, response, username, groupnames);
|
|
812 |
handleGetLogAction(params, request, response, userName, groupNames);
|
|
859 | 813 |
} else if (action.equals("getloggedinuserinfo")) { |
860 | 814 |
PrintWriter out = response.getWriter(); |
861 | 815 |
response.setContentType("text/xml"); |
862 | 816 |
out.println("<?xml version=\"1.0\"?>"); |
863 | 817 |
out.println("\n<user>\n"); |
864 | 818 |
out.println("\n<username>\n"); |
865 |
out.println(username);
|
|
819 |
out.println(userName);
|
|
866 | 820 |
out.println("\n</username>\n"); |
867 | 821 |
if (name != null) { |
868 | 822 |
out.println("\n<name>\n"); |
869 | 823 |
out.println(name); |
870 | 824 |
out.println("\n</name>\n"); |
871 | 825 |
} |
872 |
if (LDAPUtil.isAdministrator(username, groupnames)) {
|
|
826 |
if (LDAPUtil.isAdministrator(userName, groupNames)) {
|
|
873 | 827 |
out.println("<isAdministrator></isAdministrator>\n"); |
874 | 828 |
} |
875 |
if (LDAPUtil.isModerator(username, groupnames)) {
|
|
829 |
if (LDAPUtil.isModerator(userName, groupNames)) {
|
|
876 | 830 |
out.println("<isModerator></isModerator>\n"); |
877 | 831 |
} |
878 | 832 |
out.println("\n</user>\n"); |
879 | 833 |
out.close(); |
880 | 834 |
} else if (action.equals("buildindex")) { |
881 |
handleBuildIndexAction(params, request, response, username,
|
|
882 |
groupnames);
|
|
835 |
handleBuildIndexAction(params, request, response, userName,
|
|
836 |
groupNames);
|
|
883 | 837 |
} else if (action.equals("login") || action.equals("logout")) { |
884 | 838 |
/* |
885 | 839 |
* } else if (action.equals("protocoltest")) { String |
... | ... | |
1142 | 1096 |
+ " into hash in login method"); |
1143 | 1097 |
SessionService.registerSession(id, |
1144 | 1098 |
(String) session.getAttribute("username"), |
1145 |
(String[]) session.getAttribute("groups"), |
|
1099 |
(String[]) session.getAttribute("groupnames"),
|
|
1146 | 1100 |
(String) session.getAttribute("password")); |
1147 | 1101 |
} |
1148 | 1102 |
|
... | ... | |
1187 | 1141 |
+ sess.getAttribute("username") |
1188 | 1142 |
+ " will be invalidate in logout action"); |
1189 | 1143 |
sess.invalidate(); |
1144 |
SessionService.unRegisterSession(sess.getId()); |
|
1190 | 1145 |
} |
1191 | 1146 |
|
1192 | 1147 |
// produce output |
Also available in: Unified diff
Get session information from RequestUtil. Change some variable names to camel case.