Project

General

Profile

« Previous | Next » 

Revision 5049

Added by Jing Tao over 15 years ago

Add code from Bill Baker, which uses certficate to login metacat.

View differences:

lib/certificateAuthenCode/MetacatGsiClient.java
1
package edu.ucsb.nceas.metacat.client.gsi;
2

  
3
import edu.ucsb.nceas.metacat.client.MetacatAuthException;
4
import edu.ucsb.nceas.metacat.client.MetacatClient;
5
import edu.ucsb.nceas.metacat.client.MetacatInaccessibleException;
6
import edu.ucsb.nceas.utilities.HttpMessage;
7
import org.ietf.jgss.GSSCredential;
8

  
9
import java.io.IOException;
10
import java.net.MalformedURLException;
11
import java.net.URL;
12
import java.net.URLStreamHandler;
13
import java.util.Properties;
14

  
15
/** An extension of the Metacat client that uses Grid Security Infrastructure
16
 *  (GSI) enabled HTTPS instead of HTTP to communicate.
17
 *
18
 *  <p>Note that not all client deployments will include the JARs necessary to
19
 *  run this version of the Metacat client; therefore, we should make sure that
20
 *  the superclass (MetacatClient) can run even if this class can't be loaded.
21
 *  That is, catch (and log) NoClassDefFoundError, etc. */
22
public class MetacatGsiClient extends MetacatClient {
23

  
24
	/** The current user's GSS credential, as an alternative to
25
	 *  username/password. Needed for every connection.
26
	 *  Set via {@link #login(GSSCredential)}. */
27
	private GSSCredential credential;
28

  
29
	private void initCredential(GSSCredential credential)
30
		throws MetacatAuthException
31
	{
32
		if (credential == null)
33
			throw new NullPointerException("Credential is null.");
34
		if (this.credential != null)
35
			throw new MetacatAuthException
36
				("Credential already initialized; please create a new "
37
					+ getClass().getName() + " to start a new session.");
38
		this.credential = credential;
39
	}
40

  
41
	public String login(GSSCredential credential)
42
			throws MetacatAuthException, MetacatInaccessibleException
43
	{
44
		initCredential(credential);
45

  
46
		// code below mostly copied from super.login(username, password)
47
		Properties prop = new Properties();
48
		prop.put("action", "login");
49
		prop.put("qformat", "xml");
50

  
51
		String response;
52
		try {
53
			response = sendDataForString(prop, null, null, 0);
54
		} catch (Exception e) {
55
			throw new MetacatInaccessibleException(e);
56
		}
57

  
58
		if (response.indexOf("<login>") == -1) {
59
			setSessionId("");
60
			throw new MetacatAuthException(response);
61
		} else {
62
			int start = response.indexOf("<sessionId>") + 11;
63
			int end = response.indexOf("</sessionId>");
64
			if ((start != -1) && (end != -1)) {
65
				setSessionId(response.substring(start,end));
66
			}
67
		}
68
		return response;
69
	}
70

  
71
	/** Parse the Metacat URL and, if we are using a GSI credential,
72
	 *  ensure that the protocol is an SSL-based one (HTTPS or HTTPG). */
73
	private URL parseAndCheckURL() throws MetacatInaccessibleException {
74
		try {
75
			URL url = new URL(getMetacatUrl().trim());
76

  
77
			if (credential != null) {
78
				URLStreamHandler gsiHandler;
79
				try {
80
					gsiHandler = (URLStreamHandler) Class
81
						.forName("org.globus.net.protocol.https.Handler")
82
						.newInstance();
83
				} catch (Exception e) {
84
					throw new MetacatInaccessibleException
85
						("Unable to create protocol handler for HTTPS+GSI.", e);
86
				}
87
				// reconstruct with correct handler
88
				url = new URL(url.getProtocol(), url.getHost(), url.getPort(),
89
					url.getFile(), gsiHandler);
90
			}
91
			return url;
92
		}
93
		catch (MalformedURLException e) {
94
			throw new MetacatInaccessibleException
95
				("Unable to parse URL to contact Metacat server: \""
96
					+ getMetacatUrl() + "\".", e);
97
		}
98
	}
99

  
100
	/** Create an HttpMessage that can send messages to the server.
101
	 *  If using a GSI credential, use the credential to set up an SSL
102
	 *  connection (HTTPS / HTTPG).  If using HTTP and username/password,
103
	 *  just use a regular HTTP conenction. */
104
	protected HttpMessage createHttpMessage()
105
		throws MetacatInaccessibleException, MetacatAuthException, IOException
106
	{
107
		if (credential != null)
108
			return new HttpGsiMessage(credential, parseAndCheckURL());
109
		else
110
			return super.createHttpMessage();
111
	}
112
}
lib/certificateAuthenCode/bbaker_diff_utilities.txt
1
Index: build.xml
2
===================================================================
3
RCS file: /cvs/utilities/build.xml,v
4
retrieving revision 1.8
5
diff -w -r1.8 build.xml
6
66a67,68
7
>       <property name="jglobusjar"  value="${libdir}/cog-jglobus.jar" />
8
>       <property name="jgssjar"  value="${libdir}/jgss.jar" />
9
69c71
10
<                 value="${xercesjar}:${log4jjar}:${httpjar}" />
11
---
12
>                 value="${xercesjar}:${log4jjar}:${httpjar}:${jglobusjar}:${jgssjar}:${xalanjar}" />
13
97a100
14
>              source="1.4" target="1.4"
15
164a168
16
>              source="1.4" target="1.4"
17
Index: src/java/edu/ucsb/nceas/utilities/HttpMessage.java
18
===================================================================
19
RCS file: /cvs/utilities/src/java/edu/ucsb/nceas/utilities/HttpMessage.java,v
20
retrieving revision 1.3
21
diff -w -r1.3 HttpMessage.java
22
27,30d26
23
< import java.io.*;
24
< import java.net.*;
25
< import java.util.*;
26
< 
27
32a29,36
28
> import java.io.*;
29
> import java.net.HttpURLConnection;
30
> import java.net.URL;
31
> import java.net.URLConnection;
32
> import java.net.URLEncoder;
33
> import java.util.Enumeration;
34
> import java.util.Properties;
35
> 
36
35,39c39,42
37
<   private URL servlet = null;
38
<   private String argString = null;
39
<   private static String cookie = null;
40
<   private OutputStream out = null;
41
<   private URLConnection con = null;
42
---
43
>   protected URL servlet = null;
44
>   protected String cookie = null;
45
>   protected OutputStream out = null;
46
>   protected URLConnection con = null;
47
61c64
48
<     argString = "";//default
49
---
50
>     String argString = "";
51
79c82
52
<   private void openPostConnection() throws IOException
53
---
54
>   protected void openPostConnection() throws IOException
55
153c156
56
<       ((HttpURLConnection)con).setRequestProperty("Content-Type", ctype);
57
---
58
>       con.setRequestProperty("Content-Type", ctype);
59
155,156c158
60
<       ((HttpURLConnection)con).setRequestProperty("Content-Length",
61
<                new Long(contentLength).toString());
62
---
63
>       con.setRequestProperty("Content-Length", Long.toString(contentLength));
64
159c161
65
<       out = con.getOutputStream();
66
---
67
>       out = getConOutputStream();
68
214c216
69
<     ((HttpURLConnection)con).setRequestProperty("Content-Type", ctype);
70
---
71
>     con.setRequestProperty("Content-Type", ctype);
72
216,217c218
73
<     ((HttpURLConnection)con).setRequestProperty("Content-Length",
74
<              new Long(contentLength).toString());
75
---
76
>     con.setRequestProperty("Content-Length", Long.toString(contentLength));
77
220c221
78
<     out = con.getOutputStream();
79
---
80
>     out = getConOutputStream();
81
227a229,256
82
> 	/** If true, ignore all flush() calls during POST connections
83
> 	 *  (that is, during <tt>sendPostData</tt> calls) until the connection is
84
> 	 *  closed.  Useful because flush() calls on a GSS SSL stream close the
85
> 	 *  stream. */
86
> 	protected boolean ignoreOutputStreamFlushes = false;
87
> 
88
> 	/** If <tt>ignoreOutputStreamFlushes</tt> is true, wrap <tt>o</tt> in a
89
> 	 *  stream that simply ignores all flush()es until it is closed.
90
> 	 *  No effect if <tt>ignoreOutputStreamFlushes</tt> is false. */
91
> 	private OutputStream wrapFlushes(OutputStream o) {
92
> 		if (!ignoreOutputStreamFlushes) return o;
93
> 		else return new FilterOutputStream(o) {
94
> 			public void flush() {} // ignore flushes
95
> 			public void close() throws IOException {
96
> 				//noinspection EmptyCatchBlock
97
> 				try { super.flush(); } // but make sure they happen on close
98
> 				catch (IOException ignored) {}
99
> 				super.close();
100
> 			}
101
> 		};
102
> 	}
103
> 
104
> 	/** Call this rather than calling con.getOutputStream() directly,
105
> 	 *  to properly wrap a GSI SSL output stream. */
106
> 	protected OutputStream getConOutputStream() throws IOException {
107
> 		return wrapFlushes(con.getOutputStream());
108
> 	}
109
> 
110
240c269
111
<     out = new DataOutputStream(con.getOutputStream());
112
---
113
>     out = new DataOutputStream(getConOutputStream());
114
272c301
115
<   private InputStream closePostConnection() throws IOException
116
---
117
>   protected InputStream closePostConnection() throws IOException
118
297c326
119
<     return sendPostMessage(null);
120
---
121
>     return sendPostData(null);
122
319c348
123
<   private String toEncodedString(Properties args)
124
---
125
>   protected static String toEncodedString(Properties args)
126
327c356,357
127
<         buf.append(URLEncoder.encode(name) + "=" + URLEncoder.encode(value));
128
---
129
> 		buf.append(URLEncoder.encode(name)).append("=")
130
> 		   .append(URLEncoder.encode(value));
131
337c367
132
<   public static String getCookie()
133
---
134
>   public String getCookie()
135
345c375
136
<   public static void setCookie(String newCookie)
137
---
138
>   public void setCookie(String newCookie)
lib/certificateAuthenCode/bbaker_diff_metacat.txt
1
? lib/gsi
2
? lib/cog-url-ncsa.jar
3
? lib/cog-jglobus-ncsa.jar
4
? src/gsimap.properties
5
? src/edu/ucsb/nceas/metacat/AuthGsi.java
6
? src/edu/ucsb/nceas/metacat/AuthInfo.java
7
? src/edu/ucsb/nceas/metacat/GsiMapfile.java
8
? src/edu/ucsb/nceas/metacat/client/gsi
9
Index: build.properties
10
===================================================================
11
RCS file: /cvs/metacat/build.properties,v
12
retrieving revision 1.16
13
diff -r1.16 build.properties
14
85a86,100
15
> 
16
> # Authentication options -- written into metacat.properties
17
> #   can be "Gsi" or "Ldap"
18
> auth-method=Gsi
19
> #   can really only be "Ldap" for now
20
> auth-delegate=Ldap
21
> #   can be "true" or "false"
22
> auth-delegation-allowed=true
23
> #   can be "username+password" or "gss"
24
> auth-precedence=username+password
25
> 
26
> # Should logins from localhost with no password be trusted?  Useful
27
> # for the GT4 web service wrapper around metacat when it isn't using
28
> # GSI delegation.
29
> auth-trust-localhost=true
30
Index: build.xml
31
===================================================================
32
RCS file: /cvs/metacat/build.xml,v
33
retrieving revision 1.226
34
diff -r1.226 build.xml
35
273a274,278
36
>       <filter token="auth-method" value="${auth-method}"/>
37
>       <filter token="auth-delegate" value="${auth-delegate}"/>
38
>       <filter token="auth-delegation-allowed" value="${auth-delegation-allowed}"/>
39
>       <filter token="auth-precedence" value="${auth-precedence}"/>
40
>       <filter token="auth-trust-localhost" value="${auth-trust-localhost}"/>
41
Index: docs/user/metacatinstall.html
42
===================================================================
43
RCS file: /cvs/metacat/docs/user/metacatinstall.html,v
44
retrieving revision 1.20
45
diff -r1.20 metacatinstall.html
46
20a21,28
47
>   <style type="text/css" media="screen">
48
>   <!--
49
>     .tooltip { border-bottom:1px solid #00f }
50
>     .tooltip:hover { background: #fc9 }
51
>     .sample { border:1px solid black; padding:0.3em; }
52
>     .existing { color:#666 }
53
>   -->
54
>   </style>
55
618a627,917
56
> 
57
> <table class="tabledefault" width="100%">
58
> <td class="tablehead" colspan="2">
59
>   <p><a name="gsi"></a>GSI (Grid Security Infrastructure) Authentication</a></p>
60
> </td>
61
> <tr>
62
> <td>
63
>   <p class="header">Overview</p>
64
> 
65
>   <p>
66
>     As an alternative to username/password, Metacat can use Grid
67
>     Security Infrastructure (GSI) credentials for authentication, if
68
>     you are programming to the Metacat client API.  The advantages
69
>     are:
70
>   </p>
71
> 
72
>   <ul>
73
>     <li>
74
>       Use of security credentials enables sign-on with other grid
75
>       services.
76
>     </li>
77
>     <li>
78
>       Metacat's plaintext HTTP client-server connection is replaced
79
>       with encrypted HTTPS+GSI -- that is, SSL HTTP using grid
80
>       security credentials for the SSL connection.
81
>     </li>
82
>   </ul>
83
> 
84
> 
85
>   <p class="header">Grid Security Setup</p> 
86
> 
87
>   <ol>
88
>     <li>
89
>       <p>If you don't have any Grid infrastructure available already,
90
>       you can <a
91
>       href="http://grid.ncsa.uiuc.edu/myproxy/fromscratch.html">follow
92
>       these instructions</a> to get started from scratch.</p>
93
>     </li>
94
> 
95
>     <li>
96
>       <p>Establish host credentials for your Metacat server.  The
97
>       instructions above will suffice for experimentation, or you can
98
>       get host credentials from your own Certificate Authority.  You
99
>       can always replace them in the future.</p>
100
>     </li>
101
>   </ol>
102
> 
103
>   <p class="header">Tomcat Configuration</p> 
104
> 
105
>   <ol>
106
>     <li>
107
>       <a name="tomcat_jars"></a>
108
>       <p>Add JARs to Tomcat's <code>$CATALINA_HOME/common/lib</code>
109
>       directory.  You can find them in the Metacat distribution in
110
>       <code>metacat/lib/gsi</code>:</p>
111
> 
112
>       <blockquote>
113
>         <code>cog-jglobus-ncsa.jar, commons-pool-1.2.jar,
114
>         cryptix32.jar, cryptix-asn1.jar, cryptix.jar,
115
>         jce-jdk13-125.jar, jgss.jar, log4j-1.2.8.jar, puretls.jar,
116
>         xml-apis.jar</code>
117
>       </blockquote>
118
> 
119
>       <p>Note that <code>cog-jglobus-ncsa.jar</code> is a modified
120
>       version of <code>cog-jglobus.jar</code> which comes with the <a
121
>       href="http://www.globus.org/toolkit/">Globus Toolkit</a>.  It
122
>       includes a patch to enable GSI+HTTPS POST actions (only GET was
123
>       supported previously).  The patch has been committed to the CoG
124
>       source and will be included in a future a version of the Globus
125
>       Toolkit, but until then you will need this custom JAR.</p>
126
> 
127
>     </li>
128
> 
129
>     <li>
130
>       <p>Modify Tomcat's <code>server.xml</code> to listen for
131
>       HTTPS+GSI.  Note that you can use any available port for this
132
>       connector; this example uses 8443.</p>
133
> 
134
>       <p>Host credentials: The HTTPS connection will require host
135
>       credentials for the Metacat server; the example below assumes
136
>       that the host credentials are in
137
>       <code>/etc/grid-security</code>, which is the default location
138
>       for a <a href="http://www.globus.org/toolkit/">Globus
139
>       toolkit</a> installation.</p>
140
> 
141
>       <p>CA Cert Dir: Any Certificate Authorities (CAs) that you
142
>       depend on -- for example, the one that issued your host
143
>       credential -- should have their public keys and signing policies
144
>       stored in a location that is accessible to Tomcat
145
>       (<code>cacertdir</code>, below).  The filenames will be
146
>       something like <code>4a6cd8b1.0</code> and
147
>       <code>4a6cd8b1.signing_policy</code>.</p>
148
> 
149
>       <ul>
150
> 
151
>         <li>
152
>           <p>Add an <code>HTTPSConnector</code>, inside the
153
>           <code>&lt;Service name="Catalina"&gt;</code> section, near
154
>           the SSL HTTP/1.1 connector definition, which is commented
155
>           out by default:</p>
156
> 
157
> <pre class="sample">
158
> <span class="existing">&lt;!-- Define a SSL HTTP/1.1 Connector on port 8443 --&gt;
159
> &lt;!--
160
> &lt;Connector port="8443" maxHttpHeaderSize="8192"
161
>            maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
162
>            enableLookups="false" disableUploadTimeout="true"
163
>            acceptCount="100" scheme="https" secure="true"
164
>            clientAuth="false" sslProtocol="TLS" /&gt;
165
> --&gt;</span>
166
> 
167
> &lt;!-- Define an HTTPS+GSI (HTTPS with GSI credentials) Connector on port 8443 --&gt;
168
> &lt;Connector className="org.globus.tomcat.coyote.net.HTTPSConnector"
169
>            port="8443" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" 
170
>            autoFlush="true" disableUploadTimeout="true" scheme="https"
171
>            enableLookups="true" acceptCount="10" debug="0" 
172
>            cert="/etc/grid-security/hostcert.pem"
173
>            key="/etc/grid-security/hostkey.pem"
174
>            cacertdir="/etc/grid-security/certificates"/&gt;
175
> </pre>
176
>         </li>
177
>         <li>
178
>           <p>Add an <code>HTTPSValve</code>, inside the <code>&lt;Engine
179
>           name="Catalina" ...&gt;</code> section, near the
180
>           <code>RequestDumperValve</code> definition, which is
181
>           commented out by default:</p>
182
> 
183
> <pre class="sample">
184
> <span class="existing">&lt;!--
185
> &lt;Valve className="org.apache.catalina.valves.RequestDumperValve"/&gt;
186
> --&gt;</span>
187
> 
188
> &lt;!-- Globus valve for HTTPS+GSI --&gt;
189
> &lt;Valve className="org.globus.tomcat.coyote.valves.HTTPSValve"/&gt;
190
> </pre>
191
>         </li>
192
>       </ul>
193
>     </li>
194
> 
195
>     <li>
196
>       <p>Restart Tomcat -- it should now be listening for HTTPS+GSI
197
>       connections.  Watch for errors in its log file
198
>       (<code>$CATALINA_HOME/logs/catalina.out</code>).</p>
199
>     </li>
200
>   </ol>
201
> 
202
>   <p class="header">Metacat Client GSI Login</p> 
203
> 
204
>   <ol>
205
>     <li>
206
>       <p>You can now use GSI credentials to initiate a Metacat
207
>       session, replacing <code>Metacat.login(String username, String
208
>       password)</code> with <code>Metacat.login(GSSCredential
209
>       credential)</code>.  There are several ways to get a
210
>       <code>GSSCredential</code>; one easy method, if you have access
211
>       to a <a href="http://grid.ncsa.uiuc.edu/myproxy/">MyProxy</a>
212
>       server, is to use the <a href="http://www.cogkit.org/">CoG</a>
213
>       Java libraries to retrieve a proxy credential from MyProxy.</p>
214
> 
215
>       <p>Here is some sample Java code.  Note that it requires, in
216
>       addition to the JARs listed <a href="#tomcat_jars">above</a>,
217
>       <code>cog-url-ncsa.jar</code>, which can be found in the
218
>       <code>metacat/lib</code> directory.</p>
219
> 
220
>       <p>Note: for code comments, mouse over the <span class="tooltip"
221
>       title="like this one">marked</span> sections below.</p>
222
> 
223
> <pre class="sample">
224
> // 1. Get a GSI security credential
225
> org.globus.myproxy.MyProxy server = new MyProxy(<span class="tooltip" title="Hostname of MyProxy server">host</span>, <span class="tooltip" title="Port number of the MyProxy server -- default is 7512">7512</span>);
226
> org.ietf.jgss.<span class="tooltip" title="included in standard JRE/JDK libraries">GSSCredential</span> credential = server.get(<span class="tooltip" title="MyProxy username">username</span>, <span class="tooltip" title="MyProxy passphrase">passphrase</span>, <span class="tooltip" title="Credential lifetime in seconds">lifetime</span>);
227
> 
228
> // 2. Connect to Metacat via GSI+HTTPS
229
> String metacatUrl = "https://&lt;metacat server&gt;:8443/knb/metacat/";
230
> edu.ucsb.nceas.metacat.client.Metacat client 
231
>     = edu.ucsb.nceas.metacat.client.MetacatFactory.createMetacatConnection(metacatUrl);
232
> String loginResult = client.login(credential);
233
> </pre>
234
> 
235
>       <p>The <code>String</code> returned by
236
>       <code>Metacat.login(GSSCredential)</code> will let you know
237
>       whether your attempt succeeded.</p>
238
>     </li>
239
> 
240
>     <li>
241
>       <p>In order to give GSI users privileges in Metacat, you must
242
>       Map GSI user IDs, or Distinguished Names (DNs), to Metacat user
243
>       IDs, which will generally be LDAP DNs.  You can do this in a map
244
>       file that starts out in
245
>       <code>metacat/src/gsimap.properties</code> and gets deployed to
246
>       Tomcat's <code>webapps/knb/WEB-INF/</code> directory.  You can
247
>       modify it in either place, but it will be overwritten each time
248
>       you redeploy Metacat if you change it in Tomcat's installation
249
>       directory.</p>
250
>     </li>
251
>   </ol>
252
> 
253
>   <p class="header">A Client Inside of Tomcat</p> 
254
> 
255
>   <p>Detailed explanation: The sample code above will work in a simple
256
>   testing situation such as in an IDE's debugger, and it may work in a
257
>   desktop application, but it won't work inside Tomcat.  It has two
258
>   problems, both of which have to do with Java's protocol handling
259
>   facilities.  The first problem is a protocol handler collision --
260
>   Tomcat has already instantiated an HTTPS handler, and it is not the
261
>   one we need for GSI+HTTPS.  The second problem has to do with class
262
>   loading: our special HTTPS protocol handlers are not accessible to
263
>   Java's protocol handling code because they are not loaded by
264
>   Tomcat's root classloader.</p>
265
> 
266
>   <ol>
267
>     <li>
268
>       You will most likely need to install the Metacat server and the
269
>       Metacat client application in <i>separate</i> instances of
270
>       Tomcat in order for them to successfully connect.
271
>     </li>
272
> 
273
>     <li>
274
>       <p>Protocol Handler Collisions:</p>
275
> 
276
>       <p>Short answer: replace "<code>https</code>" with
277
>       "<code>httpg</code>".</p>
278
>       <blockquote><pre><code><i>https</i>://&lt;metacat server&gt;:8443/knb/metacat/</code></pre></blockquote>
279
>       <p>becomes</p>
280
>       <blockquote><pre><i>httpg</i>://&lt;metacat server&gt;:8443/knb/metacat/</pre></blockquote>
281
> 
282
>       <p>Long answer: The URL in the example above,
283
>       <code>https://&lt;metacat server&gt;:8443/knb/metacat/</code>,
284
>       uses the <code>HTTPS</code> protocol.  However, actually
285
>       handling that connection requires a protocol handler that
286
>       understands GSI+HTTPS instead of plain HTTPS.  Fortunately,
287
>       <code>static</code> initialization code in
288
>       <code>MetacatGsiClient</code> specifies a non-default
289
>       <code>HTTPS</code> handler before the default handler is
290
>       instantiated by Java.</p>
291
> 
292
>       <p>Unfortunately, in Tomcat, an <code>HTTPS</code> handler has
293
>       already been instantiated by the time Metacat code runs, and we
294
>       don't have a chance to instantiate our special handler.
295
>       Besides, other applications also running in Tomcat may need to
296
>       use the default handler.</p>
297
> 
298
>       <p>Instead, we can define a new protocol.  It could be named
299
>       anything -- <code>HTTPGSI</code>, <code>METACAT_GSI</code>,
300
>       <code>GRID_HTTP</code>, etc.  Metacat defines a handler for a
301
>       protocol named <code>HTTPG</code>.  To see how it works, see the
302
>       static initialization code in
303
>       <code>edu.ucsb.nceas.metacat.client.MetacatGsiClient</code> and
304
>       the very simple class
305
>       <code>edu.ucsb.nceas.protocols.httpg.Handler</code>.</p>
306
>     </li>
307
>     <li>
308
>       <p>Tomcat Classloading: Since the Java classes that dynamically
309
>       load protocol handlers are in Tomcat's root classloader, the
310
>       protocol handlers themselves must be there also.</p>
311
> 
312
>       <ol style="list-style-type:lower-alpha">
313
>         <li>
314
>           Copy <code>metacat.jar</code>, <code>utilities.jar</code>,
315
>           and <code>cog-url-ncsa.jar</code> from Metacat's lib
316
>           directory to a place that is accessible by Tomcat, such as
317
>           <code>$CATALINA_HOME/common/lib</code>.
318
>         </li>
319
>         <li>
320
>           <p>Modify the definition of <code>CLASSPATH</code> in
321
>           Tomcat's startup script,
322
>           <code>$CATALINA_HOME/bin/catalina.sh</code> (In Windows,
323
>           <code>catalina.bat</code>, which has slightly different
324
>           syntax).</p>
325
> 
326
>           <p>Replace:</p>
327
> <pre class="sample">
328
> CLASSPATH="$CLASSPATH":"$CATALINA_HOME"/bin/bootstrap.jar:\
329
> "$CATALINA_HOME"/bin/commons-logging-api.jar
330
> </pre>
331
>           <p>With:</p>
332
> <pre class="sample">
333
> CLASSPATH="$CLASSPATH":"$CATALINA_HOME"/bin/bootstrap.jar:\
334
> "$CATALINA_HOME"/bin/commons-logging-api.jar:"$CATALINA_HOME"/common/lib/metacat.jar:\
335
> "$CATALINA_HOME"/common/lib/utilities.jar:"$CATALINA_HOME"/common/lib/cog-url-ncsa.jar
336
> </pre>
337
>         </li>
338
>       </ol>
339
> 
340
> 
341
>     </li>
342
>   </ol>
343
> </td>
344
> </tr>
345
> </table>
346
> 
347
Index: lib/metacat.properties
348
===================================================================
349
RCS file: /cvs/metacat/lib/metacat.properties,v
350
retrieving revision 1.100
351
diff -r1.100 metacat.properties
352
43,54d42
353
< moderators=@moderators@
354
< 
355
< allowedSubmitters=@allowedSubmitters@
356
< 
357
< deniedSubmitters=@deniedSubmitters@
358
< 
359
< timedreplication=@timedreplication@
360
< 
361
< firsttimedreplication=@firsttimedreplication@
362
< 
363
< timedreplicationinterval=@timedreplicationinterval@
364
< 
365
89,90d76
366
< indexed_paths=organizationName,originator/individualName/surName,originator/individualName/givenName,originator/organizationName,creator/individualName/surName,creator/individualName/givenName,creator/organizationName,dataset/title,keyword,northBoundingCoordinate,southBoundingCoordinate,westBoundingCoordinate,eastBoundingCoordinate,title,entityName,individualName/surName,abstract/para,surName,givenName,para,geographicDescription,literalLayout
367
< 
368
97c83,88
369
< authclass=edu.ucsb.nceas.metacat.AuthLdap
370
---
371
> authclass=edu.ucsb.nceas.metacat.Auth@auth-method@
372
> authDelegateClass=edu.ucsb.nceas.metacat.Auth@auth-delegate@
373
> authDelegationAllowed=@auth-delegation-allowed@
374
> authPrecedence=@auth-precedence@
375
> gsiMapClass=edu.ucsb.nceas.metacat.GsiMapfile
376
> trustLocalHost=@auth-trust-localhost@
377
99c90,91
378
< ldapurl=ldap://ldap.ecoinformatics.org:389/
379
---
380
> #ldapurl=ldap://ldap.ecoinformatics.org:389/
381
> ldapurl=ldap://ldap.lternet.edu/
382
101c93,94
383
< ldapsurl=ldap://ldap.ecoinformatics.org:389/
384
---
385
> #ldapsurl=ldap://ldap.ecoinformatics.org:389/
386
> ldapsurl=ldap://ldap.lternet.edu/
387
103c96,97
388
< ldapbase=dc=ecoinformatics,dc=org
389
---
390
> #ldapbase=dc=ecoinformatics,dc=org
391
> ldapbase=o=lter,dc=ecoinformatics,dc=org
392
Index: src/edu/ucsb/nceas/metacat/AuthInterface.java
393
===================================================================
394
RCS file: /cvs/metacat/src/edu/ucsb/nceas/metacat/AuthInterface.java,v
395
retrieving revision 1.7
396
diff -r1.7 AuthInterface.java
397
46,48c46,47
398
<    * @param user the name of the principal to authenticate
399
<    * @param password the password to use for authentication
400
<    * @returns boolean true if authentication successful, false otherwise
401
---
402
>    * @param info authentication information from the user
403
>    * @return true if authentication successful, false otherwise
404
50c49
405
<   public boolean authenticate(String user, String password)
406
---
407
>   public boolean authenticate(AuthInfo info)
408
56c55
409
<   public String[][] getUsers(String user, String password)
410
---
411
>   public String[][] getUsers(AuthInfo info)
412
62c61
413
<   public String[] getUsers(String user, String password, String group)
414
---
415
>   public String[] getUsers(AuthInfo info, String group)
416
68c67
417
<   public String[][] getGroups(String user, String password)
418
---
419
>   public String[][] getGroups(AuthInfo info)
420
74c73
421
<   public String[][] getGroups(String user, String password, String foruser)
422
---
423
>   public String[][] getGroups(AuthInfo info, String foruser)
424
80,81c79,80
425
<    * @param user the user for which the attribute list is requested
426
<    * @returns HashMap a map of attribute name to a Vector of values
427
---
428
>    * @param foruser the user for which the attribute list is requested
429
>    * @return a map of attribute name to a Vector of values
430
89,92c88,90
431
<    * @param user the user for which the attribute list is requested
432
<    * @param authuser the user for authenticating against the service
433
<    * @param password the password for authenticating against the service
434
<    * @returns HashMap a map of attribute name to a Vector of values
435
---
436
>    * @param info authentication information to use to access the directory
437
>    * @param foruser the user for which the attribute list is requested
438
>    * @return a map of attribute name to a Vector of values
439
94c92
440
<   public HashMap getAttributes(String user, String password, String foruser)
441
---
442
>   public HashMap getAttributes(AuthInfo info, String foruser)
443
100,101c98,99
444
<    * @param user the user which requests the information
445
<    * @param password the user's password
446
---
447
>    * @param info authentication information about the user who requests the
448
>    * information
449
103c101
450
<   public String getPrincipals(String user, String password)
451
---
452
>   public String getPrincipals(AuthInfo info)
453
Index: src/edu/ucsb/nceas/metacat/AuthLdap.java
454
===================================================================
455
RCS file: /cvs/metacat/src/edu/ucsb/nceas/metacat/AuthLdap.java,v
456
retrieving revision 1.55
457
diff -r1.55 AuthLdap.java
458
31a32,33
459
> import javax.naming.*;
460
> import javax.naming.directory.*;
461
33,49d34
462
< import javax.naming.AuthenticationException;
463
< import javax.naming.Context;
464
< import javax.naming.NamingEnumeration;
465
< import javax.naming.NamingException;
466
< import javax.naming.SizeLimitExceededException;
467
< import javax.naming.InitialContext;
468
< import javax.naming.directory.InvalidSearchFilterException;
469
< import javax.naming.directory.Attribute;
470
< import javax.naming.directory.Attributes;
471
< import javax.naming.directory.BasicAttribute;
472
< import javax.naming.directory.BasicAttributes;
473
< import javax.naming.directory.DirContext;
474
< import javax.naming.directory.InitialDirContext;
475
< import javax.naming.directory.SearchResult;
476
< import javax.naming.directory.SearchControls;
477
< import javax.naming.ReferralException;
478
< import javax.naming.ldap.*;
479
51,56c36
480
< import java.util.Iterator;
481
< import java.util.HashMap;
482
< import java.util.Hashtable;
483
< import java.util.Enumeration;
484
< import java.util.Set;
485
< import java.util.Vector;
486
---
487
> import java.util.*;
488
66d45
489
<   private MetaCatUtil util = new MetaCatUtil();
490
73,76c52
491
<   private Context rContext;
492
<   private String userName;
493
<   private String userPassword;
494
<   ReferralException refExc;
495
---
496
> 	ReferralException refExc;
497
94,96c70,71
498
<    * @param user the name of the principal to authenticate
499
<    * @param password the password to use for authentication
500
<    * @returns boolean true if authentication successful, false otherwise
501
---
502
>    * @param info authentication information from the user
503
>    * @return true if authentication successful, false otherwise
504
98c73
505
<   public boolean authenticate(String user, String password) throws
506
---
507
>   public boolean authenticate(AuthInfo info) throws
508
100,104c75,76
509
<     String ldapUrl = this.ldapUrl;
510
<     String ldapsUrl = this.ldapsUrl;
511
<     String ldapBase = this.ldapBase;
512
<     boolean authenticated = false;
513
<     String identifier = user;
514
---
515
> 	boolean authenticated = false;
516
>     String identifier = info.getUsername();
517
110c82
518
<       authenticated = ldapAuthenticate(identifier, password);
519
---
520
>       authenticated = ldapAuthenticate(identifier, info.getPassword());
521
119,120c91,92
522
<         String refUrl = "";
523
<         String refBase = "";
524
---
525
>         String refUrl;
526
>         String refBase;
527
132c104
528
<           authenticated = ldapAuthenticate(identifier, password,
529
---
530
>           authenticated = ldapAuthenticate(identifier, info.getPassword(),
531
138c110
532
<           authenticated = ldapAuthenticate(identifier, password);
533
---
534
>           authenticated = ldapAuthenticate(identifier, info.getPassword());
535
171c143
536
<       ConnectException, NamingException, NullPointerException {
537
---
538
> 	  NamingException, NullPointerException {
539
185c157
540
<       ConnectException, NamingException, NullPointerException {
541
---
542
>       NamingException, NullPointerException {
543
191,192c163,164
544
<       userName = identifier;
545
<       userPassword = password;
546
---
547
> //      userName = identifier;
548
> //      userPassword = password;
549
220,221d191
550
<         this.ldapUrl = ldapUrl;
551
<         this.ldapBase = ldapBase;
552
272c242
553
<    * @returns String the identifying name for the user,
554
---
555
>    * @return String the identifying name for the user,
556
423,425c393
557
<    * @param user the user for authenticating against the service
558
<    * @param password the password for authenticating against the service
559
<    * @returns string array of all of the user names
560
---
561
>    * @return string array of all of the user names
562
427c395
563
<   public String[][] getUsers(String user, String password) throws
564
---
565
>   public String[][] getUsers(AuthInfo info) throws
566
429c397
567
<     String[][] users = null;
568
---
569
>     String[][] users;
570
460c428
571
<       Attributes tempAttr = null;
572
---
573
>       Attributes tempAttr;
574
508c476
575
<         users[i][3] = (String) uorg.elementAt(i);
576
---
577
>         users[i][3] = (String) uou.elementAt(i);
578
529,530c497
579
<    * @param user the user for authenticating against the service
580
<    * @param password the password for authenticating against the service
581
---
582
>    * @param info represents the user making the request
583
532c499
584
<    * @returns string array of the user names belonging to the group
585
---
586
>    * @return string array of the user names belonging to the group
587
534c501
588
<   public String[] getUsers(String user, String password, String group) throws
589
---
590
>   public String[] getUsers(AuthInfo info, String group) throws
591
536c503
592
<     String[] users = null;
593
---
594
>     String[] users;
595
564d530
596
<             ;
597
596,598c562,563
598
<    * @param user the user for authenticating against the service
599
<    * @param password the password for authenticating against the service
600
<    * @returns string array of the group names
601
---
602
>    * @param info represents the user making the request
603
>    * @return string array of the group names
604
600c565
605
<   public String[][] getGroups(String user, String password) throws
606
---
607
>   public String[][] getGroups(AuthInfo info) throws
608
602c567
609
<     return getGroups(user, password, null);
610
---
611
>     return getGroups(info, null);
612
608,609c573
613
<    * @param user the user for authenticating against the service
614
<    * @param password the password for authenticating against the service
615
---
616
>    * @param info represents the user making the request
617
611c575
618
<    * @returns string array of the group names
619
---
620
>    * @return string array of the group names
621
613c577
622
<   public String[][] getGroups(String user, String password, String foruser) throws
623
---
624
>   public String[][] getGroups(AuthInfo info, String foruser) throws
625
617c581
626
<     Attributes tempAttr = null;
627
---
628
>     Attributes tempAttr;
629
620,621c584,585
630
<     userName = user;
631
<     userPassword = password;
632
---
633
> //    userName = user;
634
> //    userPassword = password;
635
640c604
636
<       String filter = null;
637
---
638
>       String filter;
639
708c672
640
<       String filter = null;
641
---
642
>       String filter;
643
768c732
644
<    * @returns HashMap a map of attribute name to a Vector of values
645
---
646
>    * @return HashMap a map of attribute name to a Vector of values
647
771c735
648
<     return getAttributes(null, null, foruser);
649
---
650
>     return getAttributes(null, foruser);
651
777,778c741
652
<    * @param user the user for authenticating against the service
653
<    * @param password the password for authenticating against the service
654
---
655
>    * @param info represents the user making the request
656
780c743
657
<    * @returns HashMap a map of attribute name to a Vector of values
658
---
659
>    * @return HashMap a map of attribute name to a Vector of values
660
782c745
661
<   public HashMap getAttributes(String user, String password, String foruser) throws
662
---
663
>   public HashMap getAttributes(AuthInfo info, String foruser) throws
664
785,787d747
665
<     String ldapUrl = this.ldapUrl;
666
<     String ldapBase = this.ldapBase;
667
<     String userident = foruser;
668
837,838c797
669
<   private Hashtable getSubtrees(String user, String password,
670
<                                 String ldapUrl, String ldapBase) throws
671
---
672
>   private Hashtable getSubtrees(String ldapUrl, String ldapBase) throws
673
886c845
674
<           String attrName = (String) attr.getID();
675
---
676
>           String attrName = attr.getID();
677
891c850
678
<             String refName = (String) attr.getID();
679
---
680
>             String refName = attr.getID();
681
946,947c905
682
<    * @param user the user which requests the information
683
<    * @param password the user's password
684
---
685
>    * @param info Auth Info representing the user who requests the information
686
949c907
687
<   public String getPrincipals(String user, String password) throws
688
---
689
>   public String getPrincipals(AuthInfo info) throws
690
952c910,911
691
<    
692
---
693
>     Vector usersIn = new Vector();
694
> 
695
960,961c919
696
<     Hashtable subtrees = getSubtrees(user, password, this.ldapUrl,
697
<                                      this.ldapBase);
698
---
699
>     Hashtable subtrees = getSubtrees(this.ldapUrl, this.ldapBase);
700
963c921
701
<     Enumeration keyEnum = subtrees.keys();
702
---
703
> 	  Enumeration keyEnum = subtrees.keys();
704
1002,1003c960,961
705
<       String[][] groups = getGroups(user, password);
706
<       String[][] users = getUsers(user, password);
707
---
708
>       String[][] groups = getGroups(info);
709
>       String[][] users = getUsers(info);
710
1012c970
711
<           String[] usersForGroup = getUsers(user, password, groups[i][0]);
712
---
713
>           String[] usersForGroup = getUsers(info, groups[i][0]);
714
1014c972,973
715
<             
716
---
717
>             usersIn.addElement(usersForGroup[j]);
718
> 
719
1042a1002
720
>         if (!usersIn.contains(users[j][0])) {
721
1053a1014
722
>         }
723
1056a1018,1022
724
>       if (!usersIn.isEmpty()) {
725
>         usersIn.removeAllElements();
726
>         usersIn.trimToSize();
727
>       }
728
> 
729
1087c1053
730
<     boolean isValid = false;
731
---
732
>     boolean isValid;
733
1090c1056,1057
734
<       isValid = authservice.authenticate(user, password);
735
---
736
> 		AuthInfo info = new AuthInfo(user, password);
737
> 	  isValid = authservice.authenticate(info);
738
1101c1068
739
<         HashMap userInfo = authservice.getAttributes(user, password, user);
740
---
741
>         HashMap userInfo = authservice.getAttributes(info, user);
742
1103c1070
743
<         Iterator attList = (Iterator) ( ( (Set) userInfo.keySet()).iterator());
744
---
745
>         Iterator attList = userInfo.keySet().iterator();
746
1118c1085
747
<         String[][] groups = authservice.getGroups(user, password);
748
---
749
>         String[][] groups = authservice.getGroups(info);
750
1129c1096
751
<         String[][] groups = authservice.getGroups(user, password, user);
752
---
753
>         String[][] groups = authservice.getGroups(info, user);
754
1141c1108
755
<         String[] users = authservice.getUsers(user, password, savedGroup);
756
---
757
>         String[] users = authservice.getUsers(info, savedGroup);
758
1151c1118
759
<         String[][] users = authservice.getUsers(user, password);
760
---
761
>         String[][] users = authservice.getUsers(info);
762
1160c1127
763
<         String out = authservice.getPrincipals(user, password);
764
---
765
>         String out = authservice.getPrincipals(info);
766
1186c1153
767
<     DirContext refDirContext = null;
768
---
769
>     DirContext refDirContext;
770
1188c1155
771
<     String referralInfo = null;
772
---
773
>     String referralInfo;
774
1202,1203c1169,1170
775
<         //MetaCatUtil.logMetacat.info("Processing referral (pr1.info): " + userName,35);
776
<         //MetaCatUtil.logMetacat.info("Processing referral (pr2)",35);
777
---
778
>         //MetaCatUtil.logMetacat.info("Processing referral (pr1.info): " + userName);
779
>         //MetaCatUtil.logMetacat.info("Processing referral (pr2)");
780
1205c1172
781
<         rContext = refExc.getReferralContext();
782
---
783
>         Context rContext = refExc.getReferralContext();
784
1251d1217
785
<       DirContext refDirContext = null;
786
1258,1259c1224
787
<           String refInfo = null;
788
<           refInfo = (String) refExc.getReferralInfo();
789
---
790
>           String refInfo = (String) refExc.getReferralInfo();
791
1262c1227
792
<                                      refInfo.toString());
793
---
794
>                                      refInfo);
795
Index: src/edu/ucsb/nceas/metacat/AuthSession.java
796
===================================================================
797
RCS file: /cvs/metacat/src/edu/ucsb/nceas/metacat/AuthSession.java,v
798
retrieving revision 1.18
799
diff -r1.18 AuthSession.java
800
30,31d29
801
< import java.net.ConnectException;
802
< import javax.servlet.http.HttpSession;
803
32a31,32
804
> import javax.servlet.http.HttpSession;
805
> import java.net.ConnectException;
806
41c41
807
<   private String authClass = null;
808
---
809
> 
810
52,54c52,86
811
<     MetaCatUtil util = new MetaCatUtil();
812
<     this.authClass = util.getOption("authclass");
813
<     this.authService = (AuthInterface)createObject(authClass);
814
---
815
>     String authClass = MetaCatUtil.getOption("authclass");
816
> 	this.authService = (AuthInterface)createObject(authClass);
817
> 
818
> 	if (authService instanceof AuthGsi) {
819
> 		// special config options for GSI authentication
820
> 		String authDelegateClass = MetaCatUtil.getOption("authDelegateClass");
821
> 		String gsiMapClass = MetaCatUtil.getOption("gsiMapClass");
822
> 		String authDelegationAllowed = MetaCatUtil.getOption("authDelegationAllowed");
823
> 		String authPrecedence = MetaCatUtil.getOption("authPrecedence");
824
> 
825
> 		AuthGsi gsi = (AuthGsi) authService;
826
> 		if (authDelegateClass != null) {
827
> 			AuthInterface delegate = (AuthInterface) createObject(authDelegateClass);
828
> 			gsi.setDelegate(delegate);
829
> 		}
830
> 		if (gsiMapClass != null) {
831
> 			GsiToUsernameMap map = (GsiToUsernameMap) createObject(gsiMapClass);
832
> 			gsi.setDnMap(map);
833
> 		}
834
> 		if (authDelegationAllowed != null) {
835
> 			boolean allowed = Boolean.valueOf(authDelegationAllowed).booleanValue();
836
> 			if (!allowed && !authDelegationAllowed.trim().toLowerCase().equals("false"))
837
> 				MetaCatUtil.logMetacat.warn("Config error: authDelegationAllowed "
838
> 					+ "must be \"true\" or \"false\" (found \""
839
> 					+ authDelegationAllowed + "\".");
840
> 			gsi.setAuthnDelegationAllowed(allowed);
841
> 		}
842
> 		if (authPrecedence != null) {
843
> 			try {
844
> 				gsi.setPrecedence(authPrecedence);
845
> 			} catch(IllegalArgumentException e) {
846
> 				System.err.println(e.getMessage());
847
> 			}
848
> 		}
849
> 	}
850
70,71c102
851
<    * @param username the username entered when login
852
<    * @param password the password entered when login
853
---
854
>    * @param info info from the user, such as username and password
855
73,77c104,107
856
<   public boolean authenticate(HttpServletRequest request,
857
<                               String username, String password)  {
858
<     String message = null;
859
<     try {
860
<       if ( authService.authenticate(username, password) ) {
861
---
862
>   public boolean authenticate(HttpServletRequest request, AuthInfo info)  {
863
>     String message;
864
> 	try {
865
> 	  if ( authService.authenticate(info) ) {
866
79c109
867
<         // getGroups returns groupname along with their description.
868
---
869
> 		// getGroups returns groupname along with their description.
870
82c112
871
<             authService.getGroups(username,password,username);
872
---
873
>             authService.getGroups(info,info.getUsername());
874
93c123
875
<         this.session = createSession(request, username, password, groups);
876
---
877
>         this.session = createSession(request, info, groups);
878
95c125
879
<         message = "Authentication successful for user: " + username;
880
---
881
>         message = "Authentication successful for user: " + info;
882
99c129
883
<         message = "Authentication failed for user: " + username;
884
---
885
> 		message = "Authentication failed for user: " + info;
886
104c134,135
887
<       message = "Connection to the authentication service failed in " +
888
---
889
> 	  ce.printStackTrace();
890
> 	  message = "Connection to the authentication service failed in " +
891
107c138,139
892
<       message = ise.getMessage();
893
---
894
> 	  ise.printStackTrace();
895
> 	  message = ise.getMessage();
896
114,116c146,147
897
<   /** Get new HttpSession and store username & password in it */
898
<   private HttpSession createSession(HttpServletRequest request,
899
<                                  String username, String password,
900
---
901
>   /** Get new HttpSession and store authentication info in it */
902
>   private HttpSession createSession(HttpServletRequest request, AuthInfo info,
903
129c160
904
<                                 session.getAttribute("username"));
905
---
906
>                                 session.getAttribute("auth"));
907
137,138c168
908
<     session.setAttribute("username", username);
909
<     session.setAttribute("password", password);
910
---
911
> 	session.setAttribute("auth", info);
912
145c175
913
<                                 session.getAttribute("username"));
914
---
915
>                                 session.getAttribute("auth"));
916
161,162c191
917
<    * @param user the user which requests the information
918
<    * @param password the user's password
919
---
920
>    * @param info represents the user who requests the information
921
164c193
922
<   public String getPrincipals(String user, String password)
923
---
924
>   public String getPrincipals(AuthInfo info)
925
167c196
926
<     return authService.getPrincipals(user, password);
927
---
928
>     return authService.getPrincipals(info);
929
210c239
930
<     Object object = null;
931
---
932
>     Object object;
933
Index: src/edu/ucsb/nceas/metacat/MetaCatServlet.java
934
===================================================================
935
RCS file: /cvs/metacat/src/edu/ucsb/nceas/metacat/MetaCatServlet.java,v
936
retrieving revision 1.226
937
diff -r1.226 MetaCatServlet.java
938
30,35c30
939
< import java.io.BufferedInputStream;
940
< import java.io.File;
941
< import java.io.FileInputStream;
942
< import java.io.IOException;
943
< import java.io.PrintWriter;
944
< import java.io.StringReader;
945
---
946
> import java.io.*;
947
37a33,34
948
> import java.net.URLEncoder;
949
> import java.net.URLDecoder;
950
44,48c41,42
951
< import java.util.Enumeration;
952
< import java.util.Hashtable;
953
< import java.util.Iterator;
954
< import java.util.PropertyResourceBundle;
955
< import java.util.Vector;
956
---
957
> import java.util.*;
958
> import java.util.regex.PatternSyntaxException;
959
52,55c46
960
< import javax.servlet.ServletConfig;
961
< import javax.servlet.ServletContext;
962
< import javax.servlet.ServletException;
963
< import javax.servlet.ServletOutputStream;
964
---
965
> import javax.servlet.*;
966
60a52,53
967
> import edu.ucsb.nceas.utilities.Options;
968
> 
969
61a55
970
> import org.ietf.jgss.GSSContext;
971
68,69d61
972
< import edu.ucsb.nceas.utilities.Options;
973
< 
974
164c156
975
<      
976
---
977
> 
978
166c158
979
< 	 
980
---
981
> 
982
181,182c173,174
983
<     	    LOG_CONFIG_NAME = dirPath + "/log4j.properties";
984
< 	    
985
---
986
>             LOG_CONFIG_NAME = dirPath + "/log4j.properties";
987
>         
988
213,214d204
989
<         } catch (ServletException ex) {
990
<             throw ex;
991
235d224
992
< 
993
237c226,230
994
<         handleGetOrPost(request, response);
995
---
996
>         try { handleGetOrPost(request, response); }
997
>         catch(RuntimeException e) {
998
>             e.printStackTrace();
999
>             throw new ServletException(e);
1000
>         }
1001
244d236
1002
< 
1003
246c238,242
1004
<         handleGetOrPost(request, response);
1005
---
1006
>         try { handleGetOrPost(request, response); }
1007
>         catch(RuntimeException e) {
1008
>             e.printStackTrace();
1009
>             throw new ServletException(e);
1010
>         }
1011
248a245,255
1012
>     /** Copied from org.globus.axis.gsi.GSIConstants, so that we can avoid
1013
>      *  a compile dependency. */
1014
>     private static final String
1015
>         GSI_CREDENTIALS = "org.globus.gsi.credentials",
1016
>         GSI_AUTHORIZATION = "org.globus.gsi.authorization",
1017
>         GSI_MODE = "org.globus.gsi.mode",
1018
>         GSI_AUTH_USERNAME = "org.globus.gsi.authorized.user.name",
1019
>         GSI_USER_DN = "org.globus.gsi.authorized.user.dn",
1020
>         GSI_ANONYMOUS = "org.globus.gsi.anonymous",
1021
>         GSI_CONTEXT = "org.globus.gsi.context";
1022
> 
1023
388d394
1024
< 
1025
403c409,410
1026
<         connPool.printMethodNameHavingBusyDBConnection();
1027
---
1028
>         if (connPool != null)
1029
>             connPool.printMethodNameHavingBusyDBConnection();
1030
415a423,438
1031
>             Enumeration headerNames = request.getHeaderNames();
1032
>             while (headerNames.hasMoreElements()) {
1033
>                 String headerName = (String) headerNames.nextElement();
1034
>             }
1035
> 
1036
>             // check whether incoming connection is via GSI-enabled HTTPS
1037
>             // these constants are available from GSIConstants, but not imported
1038
>             // here, to avoid dependencies
1039
>             GSSContext gsiContext = (GSSContext) request.getAttribute(GSI_CONTEXT);
1040
>             String gsiUserDN = (String) request.getAttribute(GSI_USER_DN);
1041
>             boolean gssConnection = gsiContext != null && gsiUserDN != null;
1042
>             if (gssConnection) {
1043
>                 params.put(GSI_CONTEXT, gsiContext);
1044
>                 params.put(GSI_USER_DN, gsiUserDN);
1045
>             }
1046
> 
1047
433a457,499
1048
>             // Get extra POST parameters because when the incoming request uses
1049
>             // chunked coding, they don't automatically get parsed.
1050
>             if ("application/x-www-form-urlencoded".equals(ctype)) {
1051
>                 try {
1052
>                     String post = readInputStreamAsString(request);
1053
>                     if (post != null && post.length() > 0) {
1054
>                         String[] posts = post.split("&");
1055
>                         for (int i = 0; i < posts.length; ++i) {
1056
>                             String[] a = posts[i].split("=");
1057
>                             for (int j = 0; j < a.length; ++j)
1058
>                                 a[j] = URLDecoder.decode(a[j]);
1059
>                             if (a.length >= 2) {
1060
>                                 addToMultimap(params, a[0], a[1]);
1061
>                             }
1062
>                         }
1063
>                     }
1064
>                 } catch(Exception e) {
1065
>                     String msg = "Exception reading remaining POST data: "
1066
>                         + e.getMessage();
1067
>                     if (MetaCatUtil.debugMessage(msg, 20))
1068
>                         e.printStackTrace();
1069
>                 }
1070
>             }
1071
> 
1072
>             String[] usernames = (String[]) params.get("username"),
1073
>                 passwords = (String[]) params.get("password");
1074
>             String username = (usernames != null && usernames.length > 0)
1075
>                 ? usernames[0] : null;
1076
>             String password = (passwords != null && passwords.length > 0)
1077
>                 ? passwords[0] : null;
1078
>             // if no other identifiers, set username to "public" (anonymous)
1079
>             if (username == null && gsiUserDN == null)
1080
>                 username = "public";
1081
>             AuthInfo authInfo = new AuthInfo
1082
>                 (username, password, gsiContext, gsiUserDN, request);
1083
> 
1084
>             for (Iterator i = params.keySet().iterator(); i.hasNext();) {
1085
>                 String key = (String) i.next();
1086
>                 Object val = params.get(key);
1087
>                 if (val == null) val = "null";
1088
>                 if (!(val instanceof Object[])) val = new Object[] { val };
1089
>             }
1090
> 
1091
456,457d521
1092
<             String username = null;
1093
<             String password = null;
1094
464c528
1095
<                 handleLoginAction(out, params, request, response);
1096
---
1097
>                 handleLoginAction(out, authInfo, params, request, response);
1098
476d539
1099
<                 boolean success = false;
1100
478,482c541,543
1101
<                 // pool
1102
<                 //size is greater than initial value, shrink the connection
1103
<                 // pool
1104
<                 //size to initial value
1105
<                 success = DBConnectionPool.shrinkConnectionPoolSize();
1106
---
1107
>                 //pool size is greater than initial value, shrink the
1108
>                 //connection pool size to initial value
1109
>                 boolean success = DBConnectionPool.shrinkConnectionPoolSize();
1110
496c557,573
1111
<                 if (sess.isNew() && !params.containsKey("sessionid")) {
1112
---
1113
>                 boolean newSession = sess.isNew() && !params.containsKey("sessionid");
1114
>                 if (authInfo.getGssContext() != null) {
1115
>                     // if using GSI for authentication, we lose our session
1116
>                     // each time, so we have to re-authenticate; fortunately
1117
>                     // we have enough information to do so
1118
>                     try {
1119
>                         AuthSession authSession = new AuthSession();
1120
>                         authSession.authenticate(request, authInfo);
1121
>                         // call it a continuing session
1122
>                         newSession = false;
1123
>                     } catch (Exception e) {
1124
>                         throw new ServletException
1125
>                             ("Unable to authenticate based on GSI credentials: "
1126
>                                 + e.getMessage(), e);
1127
>                     }
1128
>                 }
1129
>                 if (newSession) {
1130
499a577
1131
>                     authInfo = new AuthInfo("public", null);
1132
501c579
1133
<                     sess.setAttribute("username", username);
1134
---
1135
>                     sess.setAttribute("auth", authInfo);
1136
524c602
1137
<                              * sess.getAttribute("username") + " into session
1138
---
1139
>                              * sess.getAttribute("auth") + " into session
1140
535c613,614
1141
<                     username = (String) sess.getAttribute("username");
1142
---
1143
>                     authInfo = (AuthInfo) sess.getAttribute("auth");
1144
>                     username = authInfo.getUsername();
1145
538d616
1146
<                     password = (String) sess.getAttribute("password");
1147
543c621,623
1148
<                 if (username == null || (username.trim().equals(""))) {
1149
---
1150
>                 if ((username == null || (username.trim().equals("")))
1151
>                     && gsiContext == null )
1152
>                 {
1153
544a625,626
1154
>                     authInfo = new AuthInfo(username,  null);
1155
>                     sess.setAttribute("auth", authInfo);
1156
619c701
1157
<                 handleGetPrincipalsAction(out, username, password);
1158
---
1159
>                 handleGetPrincipalsAction(out, authInfo);
1160
646c728
1161
<             } else if (action.equals("login") || action.equals("logout")) {
1162
---
1163
>             } else if (action.equals("login") || action.equals("logout"), groupnames) {
1164
709a792,841
1165
>     /** Assume that <tt>map</tt>'s keys are objects and its values are arrays. */
1166
>     private void addToMultimap(Map params, String key, String value) {
1167
>         if (params.containsKey(key)) {
1168
>             String[] oldArray;
1169
>             Object old = params.get(key);
1170
>             if (old instanceof String[]) oldArray = (String[]) old;
1171
>             else {
1172
>                 oldArray = new String[1];
1173
>                 oldArray[0] = String.valueOf(old);
1174
>             }
1175
>             String[] newArray = new String[oldArray.length + 1];
1176
>             System.arraycopy(oldArray, 0, newArray, 0, oldArray.length);
1177
>             newArray[newArray.length - 1] = value;
1178
>             params.put(key, newArray);
1179
>         }
1180
>         else params.put(key, new String[] { value });
1181
>     }
1182
> 
1183
>     private static final int READ_CHUNK_SIZE = 1024;
1184
> 
1185
>     private String readInputStreamAsString(HttpServletRequest request)
1186
>         throws IOException
1187
>     {
1188
>         ServletInputStream in = request.getInputStream();
1189
>         List byteses = new ArrayList();
1190
>         int total = 0;
1191
>         while(true) {
1192
>             byte[] k = new byte[READ_CHUNK_SIZE];
1193
>             int n = in.read(k);
1194
>             if (n <= 0) break;
1195
>             else {
1196
>                 if (n < READ_CHUNK_SIZE) {
1197
>                     byte[] k2 = new byte[n];
1198
>                     System.arraycopy(k, 0, k2, 0, n);
1199
>                     k = k2;
1200
>                 }
1201
>                 total += n;
1202
>                 byteses.add(k);
1203
>             }
1204
>         }
1205
>         byte[] all = new byte[total];
1206
>         int start = 0;
1207
>         for (int i = 0; i < byteses.size(); i++) {
1208
>             byte[] k = (byte[]) byteses.get(i);
1209
>             System.arraycopy(k, 0, all, start, k.length);
1210
>             start += k.length;
1211
>         }
1212
>         return new String(all);
1213
>     }
1214
> 
1215
715c847
1216
<     private void handleLoginAction(PrintWriter out, Hashtable params,
1217
---
1218
>     private void handleLoginAction(PrintWriter out, AuthInfo info, Hashtable params,
1219
719c851
1220
<         AuthSession sess = null;
1221
---
1222
>         AuthSession sess;
1223
721c853
1224
<         if(params.get("username") == null){
1225
---
... This diff was truncated because it exceeds the maximum size that can be displayed.

Also available in: Unified diff