Metacat

package edu.ucsb.nceas.metacat.client.gsi;

import edu.ucsb.nceas.metacat.client.MetacatAuthException;

import edu.ucsb.nceas.metacat.client.MetacatClient;

import edu.ucsb.nceas.metacat.client.MetacatInaccessibleException;

import edu.ucsb.nceas.utilities.HttpMessage;

import org.ietf.jgss.GSSCredential;

import java.io.IOException;

import java.net.MalformedURLException;

import java.net.URL;

import java.net.URLStreamHandler;

import java.util.Properties;

/** An extension of the Metacat client that uses Grid Security Infrastructure

 *  (GSI) enabled HTTPS instead of HTTP to communicate.

 *

 *  <p>Note that not all client deployments will include the JARs necessary to

 *  run this version of the Metacat client; therefore, we should make sure that

 *  the superclass (MetacatClient) can run even if this class can't be loaded.

 *  That is, catch (and log) NoClassDefFoundError, etc. */

public class MetacatGsiClient extends MetacatClient {

	/** The current user's GSS credential, as an alternative to

	 *  username/password. Needed for every connection.

	 *  Set via {@link #login(GSSCredential)}. */

	private GSSCredential credential;

	private void initCredential(GSSCredential credential)

		throws MetacatAuthException

	{

		if (credential == null)

			throw new NullPointerException("Credential is null.");

		if (this.credential != null)

			throw new MetacatAuthException

				("Credential already initialized; please create a new "

					+ getClass().getName() + " to start a new session.");

		this.credential = credential;

	}

	public String login(GSSCredential credential)

			throws MetacatAuthException, MetacatInaccessibleException

	{

		initCredential(credential);

		// code below mostly copied from super.login(username, password)

		Properties prop = new Properties();

		prop.put("action", "login");

		prop.put("qformat", "xml");

		String response;

		try {

			response = sendDataForString(prop, null, null, 0);

		} catch (Exception e) {

			throw new MetacatInaccessibleException(e);

		}

		if (response.indexOf("<login>") == -1) {

			setSessionId("");

			throw new MetacatAuthException(response);

		} else {

			int start = response.indexOf("<sessionId>") + 11;

			int end = response.indexOf("</sessionId>");

			if ((start != -1) && (end != -1)) {

				setSessionId(response.substring(start,end));

			}

		}

		return response;

	}

	/** Parse the Metacat URL and, if we are using a GSI credential,

	 *  ensure that the protocol is an SSL-based one (HTTPS or HTTPG). */

	private URL parseAndCheckURL() throws MetacatInaccessibleException {

		try {

			URL url = new URL(getMetacatUrl().trim());

			if (credential != null) {

				URLStreamHandler gsiHandler;

				try {

					gsiHandler = (URLStreamHandler) Class

						.forName("org.globus.net.protocol.https.Handler")

						.newInstance();

				} catch (Exception e) {

					throw new MetacatInaccessibleException

						("Unable to create protocol handler for HTTPS+GSI.", e);

				}

				// reconstruct with correct handler

				url = new URL(url.getProtocol(), url.getHost(), url.getPort(),

					url.getFile(), gsiHandler);

			}

			return url;

		}

		catch (MalformedURLException e) {

			throw new MetacatInaccessibleException

				("Unable to parse URL to contact Metacat server: \""

					+ getMetacatUrl() + "\".", e);

		}

	}

	/** Create an HttpMessage that can send messages to the server.

	 *  If using a GSI credential, use the credential to set up an SSL

	 *  connection (HTTPS / HTTPG).  If using HTTP and username/password,

	 *  just use a regular HTTP conenction. */

	protected HttpMessage createHttpMessage()

		throws MetacatInaccessibleException, MetacatAuthException, IOException

	{

		if (credential != null)

			return new HttpGsiMessage(credential, parseAndCheckURL());

		else

			return super.createHttpMessage();

	}

}

Index: build.xml

===================================================================

RCS file: /cvs/utilities/build.xml,v

retrieving revision 1.8

diff -w -r1.8 build.xml

66a67,68

>       <property name="jglobusjar"  value="${libdir}/cog-jglobus.jar" />

>       <property name="jgssjar"  value="${libdir}/jgss.jar" />

69c71

<                 value="${xercesjar}:${log4jjar}:${httpjar}" />

---

>                 value="${xercesjar}:${log4jjar}:${httpjar}:${jglobusjar}:${jgssjar}:${xalanjar}" />

97a100

>              source="1.4" target="1.4"

164a168

>              source="1.4" target="1.4"

Index: src/java/edu/ucsb/nceas/utilities/HttpMessage.java

===================================================================

RCS file: /cvs/utilities/src/java/edu/ucsb/nceas/utilities/HttpMessage.java,v

retrieving revision 1.3

diff -w -r1.3 HttpMessage.java

27,30d26

< import java.io.*;

< import java.net.*;

< import java.util.*;

< 

32a29,36

> import java.io.*;

> import java.net.HttpURLConnection;

> import java.net.URL;

> import java.net.URLConnection;

> import java.net.URLEncoder;

> import java.util.Enumeration;

> import java.util.Properties;

> 

35,39c39,42

<   private URL servlet = null;

<   private String argString = null;

<   private static String cookie = null;

<   private OutputStream out = null;

<   private URLConnection con = null;

---

>   protected URL servlet = null;

>   protected String cookie = null;

>   protected OutputStream out = null;

>   protected URLConnection con = null;

61c64

<     argString = "";//default

---

>     String argString = "";

79c82

<   private void openPostConnection() throws IOException

---

>   protected void openPostConnection() throws IOException

153c156

<       ((HttpURLConnection)con).setRequestProperty("Content-Type", ctype);

---

>       con.setRequestProperty("Content-Type", ctype);

155,156c158

<       ((HttpURLConnection)con).setRequestProperty("Content-Length",

<                new Long(contentLength).toString());

---

>       con.setRequestProperty("Content-Length", Long.toString(contentLength));

159c161

<       out = con.getOutputStream();

---

>       out = getConOutputStream();

214c216

<     ((HttpURLConnection)con).setRequestProperty("Content-Type", ctype);

---

>     con.setRequestProperty("Content-Type", ctype);

216,217c218

<     ((HttpURLConnection)con).setRequestProperty("Content-Length",

<              new Long(contentLength).toString());

---

>     con.setRequestProperty("Content-Length", Long.toString(contentLength));

220c221

<     out = con.getOutputStream();

---

>     out = getConOutputStream();

227a229,256

> 	/** If true, ignore all flush() calls during POST connections

> 	 *  (that is, during <tt>sendPostData</tt> calls) until the connection is

> 	 *  closed.  Useful because flush() calls on a GSS SSL stream close the

> 	 *  stream. */

> 	protected boolean ignoreOutputStreamFlushes = false;

> 

> 	/** If <tt>ignoreOutputStreamFlushes</tt> is true, wrap <tt>o</tt> in a

> 	 *  stream that simply ignores all flush()es until it is closed.

> 	 *  No effect if <tt>ignoreOutputStreamFlushes</tt> is false. */

> 	private OutputStream wrapFlushes(OutputStream o) {

> 		if (!ignoreOutputStreamFlushes) return o;

> 		else return new FilterOutputStream(o) {

> 			public void flush() {} // ignore flushes

> 			public void close() throws IOException {

> 				//noinspection EmptyCatchBlock

> 				try { super.flush(); } // but make sure they happen on close

> 				catch (IOException ignored) {}

> 				super.close();

> 			}

> 		};

> 	}

> 

> 	/** Call this rather than calling con.getOutputStream() directly,

> 	 *  to properly wrap a GSI SSL output stream. */

> 	protected OutputStream getConOutputStream() throws IOException {

> 		return wrapFlushes(con.getOutputStream());

> 	}

> 

240c269

<     out = new DataOutputStream(con.getOutputStream());

---

>     out = new DataOutputStream(getConOutputStream());

272c301

<   private InputStream closePostConnection() throws IOException

---

>   protected InputStream closePostConnection() throws IOException

297c326

<     return sendPostMessage(null);

---

>     return sendPostData(null);

319c348

<   private String toEncodedString(Properties args)

---

>   protected static String toEncodedString(Properties args)

327c356,357

<         buf.append(URLEncoder.encode(name) + "=" + URLEncoder.encode(value));

---

> 		buf.append(URLEncoder.encode(name)).append("=")

> 		   .append(URLEncoder.encode(value));

337c367

<   public static String getCookie()

---

>   public String getCookie()

345c375

<   public static void setCookie(String newCookie)

---

>   public void setCookie(String newCookie)

? lib/gsi

? lib/cog-url-ncsa.jar

? lib/cog-jglobus-ncsa.jar

? src/gsimap.properties

? src/edu/ucsb/nceas/metacat/AuthGsi.java

? src/edu/ucsb/nceas/metacat/AuthInfo.java

? src/edu/ucsb/nceas/metacat/GsiMapfile.java

? src/edu/ucsb/nceas/metacat/client/gsi

Index: build.properties

===================================================================

RCS file: /cvs/metacat/build.properties,v

retrieving revision 1.16

diff -r1.16 build.properties

85a86,100

> 

> # Authentication options -- written into metacat.properties

> #   can be "Gsi" or "Ldap"

> auth-method=Gsi

> #   can really only be "Ldap" for now

> auth-delegate=Ldap

> #   can be "true" or "false"

> auth-delegation-allowed=true

> #   can be "username+password" or "gss"

> auth-precedence=username+password

> 

> # Should logins from localhost with no password be trusted?  Useful

> # for the GT4 web service wrapper around metacat when it isn't using

> # GSI delegation.

> auth-trust-localhost=true

Index: build.xml

===================================================================

RCS file: /cvs/metacat/build.xml,v

retrieving revision 1.226

diff -r1.226 build.xml

273a274,278

>       <filter token="auth-method" value="${auth-method}"/>

>       <filter token="auth-delegate" value="${auth-delegate}"/>

>       <filter token="auth-delegation-allowed" value="${auth-delegation-allowed}"/>

>       <filter token="auth-precedence" value="${auth-precedence}"/>

>       <filter token="auth-trust-localhost" value="${auth-trust-localhost}"/>

Index: docs/user/metacatinstall.html

===================================================================

RCS file: /cvs/metacat/docs/user/metacatinstall.html,v

retrieving revision 1.20

diff -r1.20 metacatinstall.html

20a21,28

>   <style type="text/css" media="screen">

>   <!--

>     .tooltip { border-bottom:1px solid #00f }

>     .tooltip:hover { background: #fc9 }

>     .sample { border:1px solid black; padding:0.3em; }

>     .existing { color:#666 }

>   -->

>   </style>

618a627,917

> 

> <table class="tabledefault" width="100%">

> <td class="tablehead" colspan="2">

>   <p><a name="gsi"></a>GSI (Grid Security Infrastructure) Authentication</a></p>

> </td>

> <tr>

> <td>

>   <p class="header">Overview</p>

> 

>   <p>

>     As an alternative to username/password, Metacat can use Grid

>     Security Infrastructure (GSI) credentials for authentication, if

>     you are programming to the Metacat client API.  The advantages

>     are:

>   </p>

> 

>   <ul>

>     <li>

>       Use of security credentials enables sign-on with other grid

>       services.

>     </li>

>     <li>

>       Metacat's plaintext HTTP client-server connection is replaced

>       with encrypted HTTPS+GSI -- that is, SSL HTTP using grid

>       security credentials for the SSL connection.

>     </li>

>   </ul>

> 

> 

>   <p class="header">Grid Security Setup</p> 

> 

>   <ol>

>     <li>

>       <p>If you don't have any Grid infrastructure available already,

>       you can <a

>       href="http://grid.ncsa.uiuc.edu/myproxy/fromscratch.html">follow

>       these instructions</a> to get started from scratch.</p>

>     </li>

> 

>     <li>

>       <p>Establish host credentials for your Metacat server.  The

>       instructions above will suffice for experimentation, or you can

>       get host credentials from your own Certificate Authority.  You

>       can always replace them in the future.</p>

>     </li>

>   </ol>

> 

>   <p class="header">Tomcat Configuration</p> 

> 

>   <ol>

>     <li>

>       <a name="tomcat_jars"></a>

>       <p>Add JARs to Tomcat's <code>$CATALINA_HOME/common/lib</code>

>       directory.  You can find them in the Metacat distribution in

>       <code>metacat/lib/gsi</code>:</p>

> 

>       <blockquote>

>         <code>cog-jglobus-ncsa.jar, commons-pool-1.2.jar,

>         cryptix32.jar, cryptix-asn1.jar, cryptix.jar,

>         jce-jdk13-125.jar, jgss.jar, log4j-1.2.8.jar, puretls.jar,

>         xml-apis.jar</code>

>       </blockquote>

> 

>       <p>Note that <code>cog-jglobus-ncsa.jar</code> is a modified

>       version of <code>cog-jglobus.jar</code> which comes with the <a

>       href="http://www.globus.org/toolkit/">Globus Toolkit</a>.  It

>       includes a patch to enable GSI+HTTPS POST actions (only GET was

>       supported previously).  The patch has been committed to the CoG

>       source and will be included in a future a version of the Globus

>       Toolkit, but until then you will need this custom JAR.</p>

> 

>     </li>

> 

>     <li>

>       <p>Modify Tomcat's <code>server.xml</code> to listen for

>       HTTPS+GSI.  Note that you can use any available port for this

>       connector; this example uses 8443.</p>

> 

>       <p>Host credentials: The HTTPS connection will require host

>       credentials for the Metacat server; the example below assumes

>       that the host credentials are in

>       <code>/etc/grid-security</code>, which is the default location

>       for a <a href="http://www.globus.org/toolkit/">Globus

>       toolkit</a> installation.</p>

> 

>       <p>CA Cert Dir: Any Certificate Authorities (CAs) that you

>       depend on -- for example, the one that issued your host

>       credential -- should have their public keys and signing policies

>       stored in a location that is accessible to Tomcat

>       (<code>cacertdir</code>, below).  The filenames will be

>       something like <code>4a6cd8b1.0</code> and

>       <code>4a6cd8b1.signing_policy</code>.</p>

> 

>       <ul>

> 

>         <li>

>           <p>Add an <code>HTTPSConnector</code>, inside the

>           <code>&lt;Service name="Catalina"&gt;</code> section, near

>           the SSL HTTP/1.1 connector definition, which is commented

>           out by default:</p>

> 

> <pre class="sample">

> <span class="existing">&lt;!-- Define a SSL HTTP/1.1 Connector on port 8443 --&gt;

> <!--

> <Connector port="8443" maxHttpHeaderSize="8192"

>            maxThreads="150" minSpareThreads="25" maxSpareThreads="75"

>            enableLookups="false" disableUploadTimeout="true"

>            acceptCount="100" scheme="https" secure="true"

>            clientAuth="false" sslProtocol="TLS" />

> --&gt;</span>

> 

> <!-- Define an HTTPS+GSI (HTTPS with GSI credentials) Connector on port 8443 -->

> <Connector className="org.globus.tomcat.coyote.net.HTTPSConnector"

>            port="8443" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" 

>            autoFlush="true" disableUploadTimeout="true" scheme="https"

>            enableLookups="true" acceptCount="10" debug="0" 

>            cert="/etc/grid-security/hostcert.pem"

>            key="/etc/grid-security/hostkey.pem"

>            cacertdir="/etc/grid-security/certificates"/>

> </pre>

>         </li>

>         <li>

>           <p>Add an <code>HTTPSValve</code>, inside the <code>&lt;Engine

>           name="Catalina" ...&gt;</code> section, near the

>           <code>RequestDumperValve</code> definition, which is

>           commented out by default:</p>

> 

> <pre class="sample">

> <span class="existing">&lt;!--

> <Valve className="org.apache.catalina.valves.RequestDumperValve"/>

> --&gt;</span>

> 

> <!-- Globus valve for HTTPS+GSI -->

> <Valve className="org.globus.tomcat.coyote.valves.HTTPSValve"/>

> </pre>

>         </li>

>       </ul>

>     </li>

> 

>     <li>

>       <p>Restart Tomcat -- it should now be listening for HTTPS+GSI

>       connections.  Watch for errors in its log file

>       (<code>$CATALINA_HOME/logs/catalina.out</code>).</p>

>     </li>

>   </ol>

> 

>   <p class="header">Metacat Client GSI Login</p> 

> 

>   <ol>

>     <li>

>       <p>You can now use GSI credentials to initiate a Metacat

>       session, replacing <code>Metacat.login(String username, String

>       password)</code> with <code>Metacat.login(GSSCredential

>       credential)</code>.  There are several ways to get a

>       <code>GSSCredential</code>; one easy method, if you have access

>       to a <a href="http://grid.ncsa.uiuc.edu/myproxy/">MyProxy</a>

>       server, is to use the <a href="http://www.cogkit.org/">CoG</a>

>       Java libraries to retrieve a proxy credential from MyProxy.</p>

> 

>       <p>Here is some sample Java code.  Note that it requires, in

>       addition to the JARs listed <a href="#tomcat_jars">above</a>,

>       <code>cog-url-ncsa.jar</code>, which can be found in the

>       <code>metacat/lib</code> directory.</p>

> 

>       <p>Note: for code comments, mouse over the <span class="tooltip"

>       title="like this one">marked</span> sections below.</p>

> 

> <pre class="sample">

> // 1. Get a GSI security credential

> org.globus.myproxy.MyProxy server = new MyProxy(<span class="tooltip" title="Hostname of MyProxy server">host</span>, <span class="tooltip" title="Port number of the MyProxy server -- default is 7512">7512</span>);

> org.ietf.jgss.<span class="tooltip" title="included in standard JRE/JDK libraries">GSSCredential</span> credential = server.get(<span class="tooltip" title="MyProxy username">username</span>, <span class="tooltip" title="MyProxy passphrase">passphrase</span>, <span class="tooltip" title="Credential lifetime in seconds">lifetime</span>);

> 

> // 2. Connect to Metacat via GSI+HTTPS

> String metacatUrl = "https://<metacat server>:8443/knb/metacat/";

> edu.ucsb.nceas.metacat.client.Metacat client 

>     = edu.ucsb.nceas.metacat.client.MetacatFactory.createMetacatConnection(metacatUrl);

> String loginResult = client.login(credential);

> </pre>

> 

>       <p>The <code>String</code> returned by

>       <code>Metacat.login(GSSCredential)</code> will let you know

>       whether your attempt succeeded.</p>

>     </li>

> 

>     <li>

>       <p>In order to give GSI users privileges in Metacat, you must

>       Map GSI user IDs, or Distinguished Names (DNs), to Metacat user

>       IDs, which will generally be LDAP DNs.  You can do this in a map

>       file that starts out in

>       <code>metacat/src/gsimap.properties</code> and gets deployed to

>       Tomcat's <code>webapps/knb/WEB-INF/</code> directory.  You can

>       modify it in either place, but it will be overwritten each time

>       you redeploy Metacat if you change it in Tomcat's installation

>       directory.</p>

>     </li>

>   </ol>

> 

>   <p class="header">A Client Inside of Tomcat</p> 

> 

>   <p>Detailed explanation: The sample code above will work in a simple

>   testing situation such as in an IDE's debugger, and it may work in a

>   desktop application, but it won't work inside Tomcat.  It has two

>   problems, both of which have to do with Java's protocol handling

>   facilities.  The first problem is a protocol handler collision --

>   Tomcat has already instantiated an HTTPS handler, and it is not the

>   one we need for GSI+HTTPS.  The second problem has to do with class

>   loading: our special HTTPS protocol handlers are not accessible to

>   Java's protocol handling code because they are not loaded by

>   Tomcat's root classloader.</p>

> 

>   <ol>

>     <li>

>       You will most likely need to install the Metacat server and the

>       Metacat client application in <i>separate</i> instances of

>       Tomcat in order for them to successfully connect.

>     </li>

> 

>     <li>

>       <p>Protocol Handler Collisions:</p>

> 

>       <p>Short answer: replace "<code>https</code>" with

>       "<code>httpg</code>".</p>

>       <blockquote><pre><code><i>https</i>://&lt;metacat server&gt;:8443/knb/metacat/</code></pre></blockquote>

>       <p>becomes</p>

>       <blockquote><pre><i>httpg</i>://&lt;metacat server&gt;:8443/knb/metacat/</pre></blockquote>

> 

>       <p>Long answer: The URL in the example above,

>       <code>https://&lt;metacat server&gt;:8443/knb/metacat/</code>,

>       uses the <code>HTTPS</code> protocol.  However, actually

>       handling that connection requires a protocol handler that

>       understands GSI+HTTPS instead of plain HTTPS.  Fortunately,

>       <code>static</code> initialization code in

>       <code>MetacatGsiClient</code> specifies a non-default

>       <code>HTTPS</code> handler before the default handler is

>       instantiated by Java.</p>

> 

>       <p>Unfortunately, in Tomcat, an <code>HTTPS</code> handler has

>       already been instantiated by the time Metacat code runs, and we

>       don't have a chance to instantiate our special handler.

>       Besides, other applications also running in Tomcat may need to

>       use the default handler.</p>

> 

>       <p>Instead, we can define a new protocol.  It could be named

>       anything -- <code>HTTPGSI</code>, <code>METACAT_GSI</code>,

>       <code>GRID_HTTP</code>, etc.  Metacat defines a handler for a

>       protocol named <code>HTTPG</code>.  To see how it works, see the

>       static initialization code in

>       <code>edu.ucsb.nceas.metacat.client.MetacatGsiClient</code> and

>       the very simple class

>       <code>edu.ucsb.nceas.protocols.httpg.Handler</code>.</p>

>     </li>

>     <li>

>       <p>Tomcat Classloading: Since the Java classes that dynamically

>       load protocol handlers are in Tomcat's root classloader, the

>       protocol handlers themselves must be there also.</p>

> 

>       <ol style="list-style-type:lower-alpha">

>         <li>

>           Copy <code>metacat.jar</code>, <code>utilities.jar</code>,

>           and <code>cog-url-ncsa.jar</code> from Metacat's lib

>           directory to a place that is accessible by Tomcat, such as

>           <code>$CATALINA_HOME/common/lib</code>.

>         </li>

>         <li>

>           <p>Modify the definition of <code>CLASSPATH</code> in

>           Tomcat's startup script,

>           <code>$CATALINA_HOME/bin/catalina.sh</code> (In Windows,

>           <code>catalina.bat</code>, which has slightly different

>           syntax).</p>

> 

>           <p>Replace:</p>

> <pre class="sample">

> CLASSPATH="$CLASSPATH":"$CATALINA_HOME"/bin/bootstrap.jar:\

> "$CATALINA_HOME"/bin/commons-logging-api.jar

> </pre>

>           <p>With:</p>

> <pre class="sample">

> CLASSPATH="$CLASSPATH":"$CATALINA_HOME"/bin/bootstrap.jar:\

> "$CATALINA_HOME"/bin/commons-logging-api.jar:"$CATALINA_HOME"/common/lib/metacat.jar:\

> "$CATALINA_HOME"/common/lib/utilities.jar:"$CATALINA_HOME"/common/lib/cog-url-ncsa.jar

> </pre>

>         </li>

>       </ol>

> 

> 

>     </li>

>   </ol>

> </td>

> </tr>

> </table>

> 

Index: lib/metacat.properties

===================================================================

RCS file: /cvs/metacat/lib/metacat.properties,v

retrieving revision 1.100

diff -r1.100 metacat.properties

43,54d42

< moderators=@moderators@

< 

< allowedSubmitters=@allowedSubmitters@

< 

< deniedSubmitters=@deniedSubmitters@

< 

< timedreplication=@timedreplication@

< 

< firsttimedreplication=@firsttimedreplication@

< 

< timedreplicationinterval=@timedreplicationinterval@

< 

89,90d76

< indexed_paths=organizationName,originator/individualName/surName,originator/individualName/givenName,originator/organizationName,creator/individualName/surName,creator/individualName/givenName,creator/organizationName,dataset/title,keyword,northBoundingCoordinate,southBoundingCoordinate,westBoundingCoordinate,eastBoundingCoordinate,title,entityName,individualName/surName,abstract/para,surName,givenName,para,geographicDescription,literalLayout

< 

97c83,88

< authclass=edu.ucsb.nceas.metacat.AuthLdap

---

> authclass=edu.ucsb.nceas.metacat.Auth@auth-method@

> authDelegateClass=edu.ucsb.nceas.metacat.Auth@auth-delegate@

> authDelegationAllowed=@auth-delegation-allowed@

> authPrecedence=@auth-precedence@

> gsiMapClass=edu.ucsb.nceas.metacat.GsiMapfile

> trustLocalHost=@auth-trust-localhost@

99c90,91

< ldapurl=ldap://ldap.ecoinformatics.org:389/

---

> #ldapurl=ldap://ldap.ecoinformatics.org:389/

> ldapurl=ldap://ldap.lternet.edu/

101c93,94

< ldapsurl=ldap://ldap.ecoinformatics.org:389/

---

> #ldapsurl=ldap://ldap.ecoinformatics.org:389/

> ldapsurl=ldap://ldap.lternet.edu/

103c96,97

< ldapbase=dc=ecoinformatics,dc=org

---

> #ldapbase=dc=ecoinformatics,dc=org

> ldapbase=o=lter,dc=ecoinformatics,dc=org

Index: src/edu/ucsb/nceas/metacat/AuthInterface.java

===================================================================

RCS file: /cvs/metacat/src/edu/ucsb/nceas/metacat/AuthInterface.java,v

retrieving revision 1.7

diff -r1.7 AuthInterface.java

46,48c46,47

<    * @param user the name of the principal to authenticate

<    * @param password the password to use for authentication

<    * @returns boolean true if authentication successful, false otherwise

---

>    * @param info authentication information from the user

>    * @return true if authentication successful, false otherwise

50c49

<   public boolean authenticate(String user, String password)

---

>   public boolean authenticate(AuthInfo info)

56c55

<   public String[][] getUsers(String user, String password)

---

>   public String[][] getUsers(AuthInfo info)

62c61

<   public String[] getUsers(String user, String password, String group)

---

>   public String[] getUsers(AuthInfo info, String group)

68c67

<   public String[][] getGroups(String user, String password)

---

>   public String[][] getGroups(AuthInfo info)

74c73

<   public String[][] getGroups(String user, String password, String foruser)

---

>   public String[][] getGroups(AuthInfo info, String foruser)

80,81c79,80

<    * @param user the user for which the attribute list is requested

<    * @returns HashMap a map of attribute name to a Vector of values

---

>    * @param foruser the user for which the attribute list is requested

>    * @return a map of attribute name to a Vector of values

89,92c88,90

<    * @param user the user for which the attribute list is requested

<    * @param authuser the user for authenticating against the service

<    * @param password the password for authenticating against the service

<    * @returns HashMap a map of attribute name to a Vector of values

---

>    * @param info authentication information to use to access the directory

>    * @param foruser the user for which the attribute list is requested

>    * @return a map of attribute name to a Vector of values

94c92

<   public HashMap getAttributes(String user, String password, String foruser)

---

>   public HashMap getAttributes(AuthInfo info, String foruser)

100,101c98,99

<    * @param user the user which requests the information

<    * @param password the user's password

---

>    * @param info authentication information about the user who requests the

>    * information

103c101

<   public String getPrincipals(String user, String password)

---

>   public String getPrincipals(AuthInfo info)

Index: src/edu/ucsb/nceas/metacat/AuthLdap.java

===================================================================

RCS file: /cvs/metacat/src/edu/ucsb/nceas/metacat/AuthLdap.java,v

retrieving revision 1.55

diff -r1.55 AuthLdap.java

31a32,33

> import javax.naming.*;

> import javax.naming.directory.*;

33,49d34

< import javax.naming.AuthenticationException;

< import javax.naming.Context;

< import javax.naming.NamingEnumeration;

< import javax.naming.NamingException;

< import javax.naming.SizeLimitExceededException;

< import javax.naming.InitialContext;

< import javax.naming.directory.InvalidSearchFilterException;

< import javax.naming.directory.Attribute;

< import javax.naming.directory.Attributes;

< import javax.naming.directory.BasicAttribute;

< import javax.naming.directory.BasicAttributes;

< import javax.naming.directory.DirContext;

< import javax.naming.directory.InitialDirContext;

< import javax.naming.directory.SearchResult;

< import javax.naming.directory.SearchControls;

< import javax.naming.ReferralException;

< import javax.naming.ldap.*;

51,56c36

< import java.util.Iterator;

< import java.util.HashMap;

< import java.util.Hashtable;

< import java.util.Enumeration;

< import java.util.Set;

< import java.util.Vector;

---

> import java.util.*;

66d45

<   private MetaCatUtil util = new MetaCatUtil();

73,76c52

<   private Context rContext;

<   private String userName;

<   private String userPassword;

<   ReferralException refExc;

---

> 	ReferralException refExc;

94,96c70,71

<    * @param user the name of the principal to authenticate

<    * @param password the password to use for authentication

<    * @returns boolean true if authentication successful, false otherwise

---

>    * @param info authentication information from the user

>    * @return true if authentication successful, false otherwise

98c73

<   public boolean authenticate(String user, String password) throws

---

>   public boolean authenticate(AuthInfo info) throws

100,104c75,76

<     String ldapUrl = this.ldapUrl;

<     String ldapsUrl = this.ldapsUrl;

<     String ldapBase = this.ldapBase;

<     boolean authenticated = false;

<     String identifier = user;

---

> 	boolean authenticated = false;

>     String identifier = info.getUsername();

110c82

<       authenticated = ldapAuthenticate(identifier, password);

---

>       authenticated = ldapAuthenticate(identifier, info.getPassword());

119,120c91,92

<         String refUrl = "";

<         String refBase = "";

---

>         String refUrl;

>         String refBase;

132c104

<           authenticated = ldapAuthenticate(identifier, password,

---

>           authenticated = ldapAuthenticate(identifier, info.getPassword(),

138c110

<           authenticated = ldapAuthenticate(identifier, password);

---

>           authenticated = ldapAuthenticate(identifier, info.getPassword());

171c143

<       ConnectException, NamingException, NullPointerException {

---

> 	  NamingException, NullPointerException {

185c157

<       ConnectException, NamingException, NullPointerException {

---

>       NamingException, NullPointerException {

191,192c163,164

<       userName = identifier;

<       userPassword = password;

---

> //      userName = identifier;

> //      userPassword = password;

220,221d191

<         this.ldapUrl = ldapUrl;

<         this.ldapBase = ldapBase;

272c242

<    * @returns String the identifying name for the user,

---

>    * @return String the identifying name for the user,

423,425c393

<    * @param user the user for authenticating against the service

<    * @param password the password for authenticating against the service

<    * @returns string array of all of the user names

---

>    * @return string array of all of the user names

427c395

<   public String[][] getUsers(String user, String password) throws

---

>   public String[][] getUsers(AuthInfo info) throws

429c397

<     String[][] users = null;

---

>     String[][] users;

460c428

<       Attributes tempAttr = null;

---

>       Attributes tempAttr;

508c476

<         users[i][3] = (String) uorg.elementAt(i);

---

>         users[i][3] = (String) uou.elementAt(i);

529,530c497

<    * @param user the user for authenticating against the service

<    * @param password the password for authenticating against the service

---

>    * @param info represents the user making the request

532c499

<    * @returns string array of the user names belonging to the group

---

>    * @return string array of the user names belonging to the group

534c501

<   public String[] getUsers(String user, String password, String group) throws

---

>   public String[] getUsers(AuthInfo info, String group) throws

536c503

<     String[] users = null;

---

>     String[] users;

564d530

<             ;

596,598c562,563

<    * @param user the user for authenticating against the service

<    * @param password the password for authenticating against the service

<    * @returns string array of the group names

---

>    * @param info represents the user making the request

>    * @return string array of the group names

600c565

<   public String[][] getGroups(String user, String password) throws

---

>   public String[][] getGroups(AuthInfo info) throws

602c567

<     return getGroups(user, password, null);

---

>     return getGroups(info, null);

608,609c573

<    * @param user the user for authenticating against the service

<    * @param password the password for authenticating against the service

---

>    * @param info represents the user making the request

611c575

<    * @returns string array of the group names

---

>    * @return string array of the group names

613c577

<   public String[][] getGroups(String user, String password, String foruser) throws

---

>   public String[][] getGroups(AuthInfo info, String foruser) throws

617c581

<     Attributes tempAttr = null;

---

>     Attributes tempAttr;

620,621c584,585

<     userName = user;

<     userPassword = password;

---

> //    userName = user;

> //    userPassword = password;

640c604

<       String filter = null;

---

>       String filter;

708c672

<       String filter = null;

---

>       String filter;

768c732

<    * @returns HashMap a map of attribute name to a Vector of values

---

>    * @return HashMap a map of attribute name to a Vector of values

771c735

<     return getAttributes(null, null, foruser);

---

>     return getAttributes(null, foruser);

777,778c741

<    * @param user the user for authenticating against the service

<    * @param password the password for authenticating against the service

---

>    * @param info represents the user making the request

780c743

<    * @returns HashMap a map of attribute name to a Vector of values

---

>    * @return HashMap a map of attribute name to a Vector of values

782c745

<   public HashMap getAttributes(String user, String password, String foruser) throws

---

>   public HashMap getAttributes(AuthInfo info, String foruser) throws

785,787d747

<     String ldapUrl = this.ldapUrl;

<     String ldapBase = this.ldapBase;

<     String userident = foruser;

837,838c797

<   private Hashtable getSubtrees(String user, String password,

<                                 String ldapUrl, String ldapBase) throws

---

>   private Hashtable getSubtrees(String ldapUrl, String ldapBase) throws

886c845

<           String attrName = (String) attr.getID();

---

>           String attrName = attr.getID();

891c850

<             String refName = (String) attr.getID();

---

>             String refName = attr.getID();

946,947c905

<    * @param user the user which requests the information

<    * @param password the user's password

---

>    * @param info Auth Info representing the user who requests the information

949c907

<   public String getPrincipals(String user, String password) throws

---

>   public String getPrincipals(AuthInfo info) throws

952c910,911

<    

---

>     Vector usersIn = new Vector();

> 

960,961c919

<     Hashtable subtrees = getSubtrees(user, password, this.ldapUrl,

<                                      this.ldapBase);

---

>     Hashtable subtrees = getSubtrees(this.ldapUrl, this.ldapBase);

963c921

<     Enumeration keyEnum = subtrees.keys();

---

> 	  Enumeration keyEnum = subtrees.keys();

1002,1003c960,961

<       String[][] groups = getGroups(user, password);

<       String[][] users = getUsers(user, password);

---

>       String[][] groups = getGroups(info);

>       String[][] users = getUsers(info);

1012c970

<           String[] usersForGroup = getUsers(user, password, groups[i][0]);

---

>           String[] usersForGroup = getUsers(info, groups[i][0]);

1014c972,973

<             

---

>             usersIn.addElement(usersForGroup[j]);

> 

1042a1002

>         if (!usersIn.contains(users[j][0])) {

1053a1014

>         }

1056a1018,1022

>       if (!usersIn.isEmpty()) {

>         usersIn.removeAllElements();

>         usersIn.trimToSize();

>       }

> 

1087c1053

<     boolean isValid = false;

---

>     boolean isValid;

1090c1056,1057

<       isValid = authservice.authenticate(user, password);

---

> 		AuthInfo info = new AuthInfo(user, password);

> 	  isValid = authservice.authenticate(info);

1101c1068

<         HashMap userInfo = authservice.getAttributes(user, password, user);

---

>         HashMap userInfo = authservice.getAttributes(info, user);

1103c1070

<         Iterator attList = (Iterator) ( ( (Set) userInfo.keySet()).iterator());

---

>         Iterator attList = userInfo.keySet().iterator();

1118c1085

<         String[][] groups = authservice.getGroups(user, password);

---

>         String[][] groups = authservice.getGroups(info);

1129c1096

<         String[][] groups = authservice.getGroups(user, password, user);

---

>         String[][] groups = authservice.getGroups(info, user);

1141c1108

<         String[] users = authservice.getUsers(user, password, savedGroup);

---

>         String[] users = authservice.getUsers(info, savedGroup);

1151c1118

<         String[][] users = authservice.getUsers(user, password);

---

>         String[][] users = authservice.getUsers(info);

1160c1127

<         String out = authservice.getPrincipals(user, password);

---

>         String out = authservice.getPrincipals(info);

1186c1153

<     DirContext refDirContext = null;

---

>     DirContext refDirContext;

1188c1155

<     String referralInfo = null;

---

>     String referralInfo;

1202,1203c1169,1170

<         //MetaCatUtil.logMetacat.info("Processing referral (pr1.info): " + userName,35);

<         //MetaCatUtil.logMetacat.info("Processing referral (pr2)",35);

---

>         //MetaCatUtil.logMetacat.info("Processing referral (pr1.info): " + userName);

>         //MetaCatUtil.logMetacat.info("Processing referral (pr2)");

1205c1172

<         rContext = refExc.getReferralContext();

---

>         Context rContext = refExc.getReferralContext();

1251d1217

<       DirContext refDirContext = null;

1258,1259c1224

<           String refInfo = null;

<           refInfo = (String) refExc.getReferralInfo();

---

>           String refInfo = (String) refExc.getReferralInfo();

1262c1227

<                                      refInfo.toString());

---

>                                      refInfo);

Index: src/edu/ucsb/nceas/metacat/AuthSession.java

===================================================================

RCS file: /cvs/metacat/src/edu/ucsb/nceas/metacat/AuthSession.java,v

retrieving revision 1.18

diff -r1.18 AuthSession.java

30,31d29

< import java.net.ConnectException;

< import javax.servlet.http.HttpSession;

32a31,32

> import javax.servlet.http.HttpSession;

> import java.net.ConnectException;

41c41

<   private String authClass = null;

---

> 

52,54c52,86

<     MetaCatUtil util = new MetaCatUtil();

<     this.authClass = util.getOption("authclass");

<     this.authService = (AuthInterface)createObject(authClass);

---

>     String authClass = MetaCatUtil.getOption("authclass");

> 	this.authService = (AuthInterface)createObject(authClass);

> 

> 	if (authService instanceof AuthGsi) {

> 		// special config options for GSI authentication

> 		String authDelegateClass = MetaCatUtil.getOption("authDelegateClass");

> 		String gsiMapClass = MetaCatUtil.getOption("gsiMapClass");

> 		String authDelegationAllowed = MetaCatUtil.getOption("authDelegationAllowed");

> 		String authPrecedence = MetaCatUtil.getOption("authPrecedence");

> 

> 		AuthGsi gsi = (AuthGsi) authService;

> 		if (authDelegateClass != null) {

> 			AuthInterface delegate = (AuthInterface) createObject(authDelegateClass);

> 			gsi.setDelegate(delegate);

> 		}

> 		if (gsiMapClass != null) {

> 			GsiToUsernameMap map = (GsiToUsernameMap) createObject(gsiMapClass);

> 			gsi.setDnMap(map);

> 		}

> 		if (authDelegationAllowed != null) {

> 			boolean allowed = Boolean.valueOf(authDelegationAllowed).booleanValue();

> 			if (!allowed && !authDelegationAllowed.trim().toLowerCase().equals("false"))

> 				MetaCatUtil.logMetacat.warn("Config error: authDelegationAllowed "

> 					+ "must be \"true\" or \"false\" (found \""

> 					+ authDelegationAllowed + "\".");

> 			gsi.setAuthnDelegationAllowed(allowed);

> 		}

> 		if (authPrecedence != null) {

> 			try {

> 				gsi.setPrecedence(authPrecedence);

> 			} catch(IllegalArgumentException e) {

> 				System.err.println(e.getMessage());

> 			}

> 		}

> 	}

70,71c102

<    * @param username the username entered when login

<    * @param password the password entered when login

---

>    * @param info info from the user, such as username and password

73,77c104,107

<   public boolean authenticate(HttpServletRequest request,

<                               String username, String password)  {

<     String message = null;

<     try {

<       if ( authService.authenticate(username, password) ) {

---

>   public boolean authenticate(HttpServletRequest request, AuthInfo info)  {

>     String message;

> 	try {

> 	  if ( authService.authenticate(info) ) {

79c109

<         // getGroups returns groupname along with their description.

---

> 		// getGroups returns groupname along with their description.

82c112

<             authService.getGroups(username,password,username);

---

>             authService.getGroups(info,info.getUsername());

93c123

<         this.session = createSession(request, username, password, groups);

---

>         this.session = createSession(request, info, groups);

95c125

<         message = "Authentication successful for user: " + username;

---

>         message = "Authentication successful for user: " + info;

99c129

<         message = "Authentication failed for user: " + username;

---

> 		message = "Authentication failed for user: " + info;

104c134,135

<       message = "Connection to the authentication service failed in " +

---

> 	  ce.printStackTrace();

> 	  message = "Connection to the authentication service failed in " +

107c138,139

<       message = ise.getMessage();

---

> 	  ise.printStackTrace();

> 	  message = ise.getMessage();

114,116c146,147

<   /** Get new HttpSession and store username & password in it */

<   private HttpSession createSession(HttpServletRequest request,

<                                  String username, String password,

---

>   /** Get new HttpSession and store authentication info in it */

>   private HttpSession createSession(HttpServletRequest request, AuthInfo info,

129c160

<                                 session.getAttribute("username"));

---

>                                 session.getAttribute("auth"));

137,138c168

<     session.setAttribute("username", username);

<     session.setAttribute("password", password);

---

> 	session.setAttribute("auth", info);

145c175

<                                 session.getAttribute("username"));

---

>                                 session.getAttribute("auth"));

161,162c191

<    * @param user the user which requests the information

<    * @param password the user's password

---

>    * @param info represents the user who requests the information

164c193

<   public String getPrincipals(String user, String password)

---

>   public String getPrincipals(AuthInfo info)

167c196

<     return authService.getPrincipals(user, password);

---

>     return authService.getPrincipals(info);

210c239

<     Object object = null;

---

>     Object object;

Index: src/edu/ucsb/nceas/metacat/MetaCatServlet.java

===================================================================

RCS file: /cvs/metacat/src/edu/ucsb/nceas/metacat/MetaCatServlet.java,v

retrieving revision 1.226

diff -r1.226 MetaCatServlet.java

30,35c30

< import java.io.BufferedInputStream;

< import java.io.File;

< import java.io.FileInputStream;

< import java.io.IOException;

< import java.io.PrintWriter;

< import java.io.StringReader;

---

> import java.io.*;

37a33,34

> import java.net.URLEncoder;

> import java.net.URLDecoder;

44,48c41,42

< import java.util.Enumeration;

< import java.util.Hashtable;

< import java.util.Iterator;

< import java.util.PropertyResourceBundle;

< import java.util.Vector;

---

> import java.util.*;

> import java.util.regex.PatternSyntaxException;

52,55c46

< import javax.servlet.ServletConfig;

< import javax.servlet.ServletContext;

< import javax.servlet.ServletException;

< import javax.servlet.ServletOutputStream;

---

> import javax.servlet.*;

60a52,53

> import edu.ucsb.nceas.utilities.Options;

> 

61a55

> import org.ietf.jgss.GSSContext;

68,69d61

< import edu.ucsb.nceas.utilities.Options;

< 

164c156

<      

---

> 

166c158

< 	 

---

> 

181,182c173,174

<     	    LOG_CONFIG_NAME = dirPath + "/log4j.properties";

< 	    

---

>             LOG_CONFIG_NAME = dirPath + "/log4j.properties";

>         

213,214d204

<         } catch (ServletException ex) {

<             throw ex;

235d224

< 

237c226,230

<         handleGetOrPost(request, response);

---

>         try { handleGetOrPost(request, response); }

>         catch(RuntimeException e) {

>             e.printStackTrace();

>             throw new ServletException(e);

>         }

244d236

< 

246c238,242

<         handleGetOrPost(request, response);

---

>         try { handleGetOrPost(request, response); }

>         catch(RuntimeException e) {

>             e.printStackTrace();

>             throw new ServletException(e);

>         }

248a245,255

>     /** Copied from org.globus.axis.gsi.GSIConstants, so that we can avoid

>      *  a compile dependency. */

>     private static final String

>         GSI_CREDENTIALS = "org.globus.gsi.credentials",

>         GSI_AUTHORIZATION = "org.globus.gsi.authorization",

>         GSI_MODE = "org.globus.gsi.mode",

>         GSI_AUTH_USERNAME = "org.globus.gsi.authorized.user.name",

>         GSI_USER_DN = "org.globus.gsi.authorized.user.dn",

>         GSI_ANONYMOUS = "org.globus.gsi.anonymous",

>         GSI_CONTEXT = "org.globus.gsi.context";

> 

388d394

< 

403c409,410

<         connPool.printMethodNameHavingBusyDBConnection();

---

>         if (connPool != null)

>             connPool.printMethodNameHavingBusyDBConnection();

415a423,438

>             Enumeration headerNames = request.getHeaderNames();

>             while (headerNames.hasMoreElements()) {

>                 String headerName = (String) headerNames.nextElement();

>             }

> 

>             // check whether incoming connection is via GSI-enabled HTTPS

>             // these constants are available from GSIConstants, but not imported

>             // here, to avoid dependencies

>             GSSContext gsiContext = (GSSContext) request.getAttribute(GSI_CONTEXT);

>             String gsiUserDN = (String) request.getAttribute(GSI_USER_DN);

>             boolean gssConnection = gsiContext != null && gsiUserDN != null;

>             if (gssConnection) {

>                 params.put(GSI_CONTEXT, gsiContext);

>                 params.put(GSI_USER_DN, gsiUserDN);

>             }

> 

433a457,499

>             // Get extra POST parameters because when the incoming request uses

>             // chunked coding, they don't automatically get parsed.

>             if ("application/x-www-form-urlencoded".equals(ctype)) {

>                 try {

>                     String post = readInputStreamAsString(request);

>                     if (post != null && post.length() > 0) {

>                         String[] posts = post.split("&");

>                         for (int i = 0; i < posts.length; ++i) {

>                             String[] a = posts[i].split("=");

>                             for (int j = 0; j < a.length; ++j)

>                                 a[j] = URLDecoder.decode(a[j]);

>                             if (a.length >= 2) {

>                                 addToMultimap(params, a[0], a[1]);

>                             }

>                         }

>                     }

>                 } catch(Exception e) {

>                     String msg = "Exception reading remaining POST data: "

>                         + e.getMessage();

>                     if (MetaCatUtil.debugMessage(msg, 20))

>                         e.printStackTrace();

>                 }

>             }

> 

>             String[] usernames = (String[]) params.get("username"),

>                 passwords = (String[]) params.get("password");

>             String username = (usernames != null && usernames.length > 0)

>                 ? usernames[0] : null;

>             String password = (passwords != null && passwords.length > 0)

>                 ? passwords[0] : null;

>             // if no other identifiers, set username to "public" (anonymous)

>             if (username == null && gsiUserDN == null)

>                 username = "public";

>             AuthInfo authInfo = new AuthInfo

>                 (username, password, gsiContext, gsiUserDN, request);

> 

>             for (Iterator i = params.keySet().iterator(); i.hasNext();) {

>                 String key = (String) i.next();

>                 Object val = params.get(key);

>                 if (val == null) val = "null";

>                 if (!(val instanceof Object[])) val = new Object[] { val };

>             }

> 

456,457d521

<             String username = null;

<             String password = null;

464c528

<                 handleLoginAction(out, params, request, response);

---

>                 handleLoginAction(out, authInfo, params, request, response);

476d539

<                 boolean success = false;

478,482c541,543

<                 // pool

<                 //size is greater than initial value, shrink the connection

<                 // pool

<                 //size to initial value

<                 success = DBConnectionPool.shrinkConnectionPoolSize();

---

>                 //pool size is greater than initial value, shrink the

>                 //connection pool size to initial value

>                 boolean success = DBConnectionPool.shrinkConnectionPoolSize();

496c557,573

<                 if (sess.isNew() && !params.containsKey("sessionid")) {

---

>                 boolean newSession = sess.isNew() && !params.containsKey("sessionid");

>                 if (authInfo.getGssContext() != null) {

>                     // if using GSI for authentication, we lose our session

>                     // each time, so we have to re-authenticate; fortunately

>                     // we have enough information to do so

>                     try {

>                         AuthSession authSession = new AuthSession();

>                         authSession.authenticate(request, authInfo);

>                         // call it a continuing session

>                         newSession = false;

>                     } catch (Exception e) {

>                         throw new ServletException

>                             ("Unable to authenticate based on GSI credentials: "

>                                 + e.getMessage(), e);

>                     }

>                 }

>                 if (newSession) {

499a577

>                     authInfo = new AuthInfo("public", null);

501c579

<                     sess.setAttribute("username", username);

---

>                     sess.setAttribute("auth", authInfo);

524c602

<                              * sess.getAttribute("username") + " into session

---

>                              * sess.getAttribute("auth") + " into session

535c613,614

<                     username = (String) sess.getAttribute("username");

---

>                     authInfo = (AuthInfo) sess.getAttribute("auth");

>                     username = authInfo.getUsername();

538d616

<                     password = (String) sess.getAttribute("password");

543c621,623

<                 if (username == null || (username.trim().equals(""))) {

---

>                 if ((username == null || (username.trim().equals("")))

>                     && gsiContext == null )

>                 {

544a625,626

>                     authInfo = new AuthInfo(username,  null);

>                     sess.setAttribute("auth", authInfo);

619c701

<                 handleGetPrincipalsAction(out, username, password);

---

>                 handleGetPrincipalsAction(out, authInfo);

646c728

<             } else if (action.equals("login") || action.equals("logout")) {

---

>             } else if (action.equals("login") || action.equals("logout"), groupnames) {

709a792,841

>     /** Assume that <tt>map</tt>'s keys are objects and its values are arrays. */

>     private void addToMultimap(Map params, String key, String value) {

>         if (params.containsKey(key)) {

>             String[] oldArray;

>             Object old = params.get(key);

>             if (old instanceof String[]) oldArray = (String[]) old;

>             else {

>                 oldArray = new String[1];

>                 oldArray[0] = String.valueOf(old);

>             }

>             String[] newArray = new String[oldArray.length + 1];

>             System.arraycopy(oldArray, 0, newArray, 0, oldArray.length);

>             newArray[newArray.length - 1] = value;

>             params.put(key, newArray);

>         }

>         else params.put(key, new String[] { value });

>     }

> 

>     private static final int READ_CHUNK_SIZE = 1024;

> 

>     private String readInputStreamAsString(HttpServletRequest request)

>         throws IOException

>     {

>         ServletInputStream in = request.getInputStream();

>         List byteses = new ArrayList();

>         int total = 0;

>         while(true) {

>             byte[] k = new byte[READ_CHUNK_SIZE];

>             int n = in.read(k);

>             if (n <= 0) break;

>             else {

>                 if (n < READ_CHUNK_SIZE) {

>                     byte[] k2 = new byte[n];

>                     System.arraycopy(k, 0, k2, 0, n);

>                     k = k2;

>                 }

>                 total += n;

>                 byteses.add(k);

>             }

>         }

>         byte[] all = new byte[total];

>         int start = 0;

>         for (int i = 0; i < byteses.size(); i++) {

>             byte[] k = (byte[]) byteses.get(i);

>             System.arraycopy(k, 0, all, start, k.length);

>             start += k.length;

>         }

>         return new String(all);

>     }

> 

715c847

<     private void handleLoginAction(PrintWriter out, Hashtable params,

---

>     private void handleLoginAction(PrintWriter out, AuthInfo info, Hashtable params,

719c851

<         AuthSession sess = null;

---

>         AuthSession sess;

721c853

<         if(params.get("username") == null){

---