Revision 5072
Added by daigle about 15 years ago
src/edu/ucsb/nceas/workflowscheduler/WorkflowScheduler.java | ||
---|---|---|
123 | 123 |
|
124 | 124 |
if (!sessionStatus.equals("valid")) { |
125 | 125 |
throw new MetacatSchedulerException("WorkflowScheduler.scheduleJob - session " |
126 |
+ sessionIds[0] + " is not valid.");
|
|
126 |
+ request.getSession().getId() + " is not valid.");
|
|
127 | 127 |
} |
128 | 128 |
|
129 | 129 |
try { |
src/edu/ucsb/nceas/metacat/PermissionController.java | ||
---|---|---|
39 | 39 |
import edu.ucsb.nceas.metacat.database.DBConnection; |
40 | 40 |
import edu.ucsb.nceas.metacat.database.DBConnectionPool; |
41 | 41 |
import edu.ucsb.nceas.metacat.properties.PropertyService; |
42 |
import edu.ucsb.nceas.metacat.service.SessionService; |
|
42 | 43 |
import edu.ucsb.nceas.metacat.util.DocumentUtil; |
43 | 44 |
import edu.ucsb.nceas.metacat.util.MetacatUtil; |
45 |
import edu.ucsb.nceas.metacat.util.SessionData; |
|
44 | 46 |
import edu.ucsb.nceas.utilities.PropertyNotFoundException; |
45 | 47 |
|
46 | 48 |
public class PermissionController |
... | ... | |
91 | 93 |
return hasSubTreeAccessControl; |
92 | 94 |
} |
93 | 95 |
|
96 |
public boolean hasPermission(String sessionId, String myPermission) throws SQLException { |
|
97 |
SessionData sessionData = SessionService.getRegisteredSession(sessionId); |
|
98 |
if (sessionData == null) { |
|
99 |
return false; |
|
100 |
} |
|
101 |
|
|
102 |
return hasPermission(sessionData.getUserName(), sessionData.getGroupNames(), myPermission); |
|
103 |
} |
|
104 |
|
|
94 | 105 |
|
95 | 106 |
/** |
96 | 107 |
* Check from db connection if at least one of the list of @principals |
src/edu/ucsb/nceas/metacat/util/DocumentUtil.java | ||
---|---|---|
26 | 26 |
|
27 | 27 |
package edu.ucsb.nceas.metacat.util; |
28 | 28 |
|
29 |
import java.io.PrintWriter; |
|
30 |
import java.sql.SQLException; |
|
31 |
import java.util.Hashtable; |
|
29 | 32 |
import java.util.Stack; |
30 | 33 |
import java.util.Vector; |
31 | 34 |
|
35 |
import javax.servlet.http.HttpServletRequest; |
|
36 |
import javax.servlet.http.HttpServletResponse; |
|
37 |
|
|
32 | 38 |
import org.apache.log4j.Logger; |
33 | 39 |
|
34 | 40 |
import edu.ucsb.nceas.dbadapter.AbstractDatabase; |
35 | 41 |
import edu.ucsb.nceas.metacat.DBSAXHandler; |
42 |
import edu.ucsb.nceas.metacat.McdbException; |
|
36 | 43 |
import edu.ucsb.nceas.metacat.NodeRecord; |
44 |
import edu.ucsb.nceas.metacat.PermissionController; |
|
37 | 45 |
import edu.ucsb.nceas.metacat.properties.PropertyService; |
46 |
import edu.ucsb.nceas.metacat.service.SessionService; |
|
47 |
import edu.ucsb.nceas.metacat.shared.MetacatUtilException; |
|
48 |
import edu.ucsb.nceas.metacat.util.SessionData; |
|
38 | 49 |
import edu.ucsb.nceas.utilities.PropertyNotFoundException; |
50 |
import edu.ucsb.nceas.utilities.ParseLSIDException; |
|
51 |
import edu.ucsb.nceas.utilities.LSIDUtil; |
|
39 | 52 |
|
40 | 53 |
/** |
41 | 54 |
* A suite of utility classes for the metadata catalog server |
... | ... | |
409 | 422 |
} |
410 | 423 |
return result; |
411 | 424 |
} |
425 |
|
|
426 |
public static void isAuthorized(PrintWriter out, Hashtable<String,String[]> params, |
|
427 |
HttpServletRequest request, HttpServletResponse response) throws MetacatUtilException { |
|
428 |
|
|
429 |
String resourceLsid; |
|
430 |
String[] resourceLsids = params.get("resourceLsid"); |
|
431 |
if (resourceLsids == null) { |
|
432 |
throw new MetacatUtilException("DocumentUtil.isAuthorized - " + |
|
433 |
"resourceLsid parameter cannot be null."); |
|
434 |
} |
|
435 |
resourceLsid = resourceLsids[0]; |
|
436 |
|
|
437 |
String permission; |
|
438 |
String[] permissions = params.get("permission"); |
|
439 |
if (permissions == null) { |
|
440 |
throw new MetacatUtilException("DocumentUtil.isAuthorized - " + |
|
441 |
"permission parameter cannot be null."); |
|
442 |
} |
|
443 |
permission = permissions[0]; |
|
444 |
|
|
445 |
String sessionId; |
|
446 |
String[] sessionIds = params.get("sessionId"); |
|
447 |
if (sessionIds == null) { |
|
448 |
throw new MetacatUtilException("DocumentUtil.isAuthorized - " + |
|
449 |
"sessionId parameter cannot be null."); |
|
450 |
} |
|
451 |
sessionId = sessionIds[0]; |
|
452 |
|
|
453 |
String isAuthorized = "false"; |
|
454 |
String message = ""; |
|
455 |
|
|
456 |
String result = "<resourceAuthorization>"; |
|
457 |
result += "<resourceId>" + resourceLsid + "</resourceId>"; |
|
458 |
result += "<permission>" + permission + "</permission>"; |
|
459 |
result += "<sessionId>" + sessionId + "</sessionId>"; |
|
412 | 460 |
|
461 |
if (!SessionService.isSessionRegistered(sessionId)) { |
|
462 |
message = "Session is not logged in"; |
|
463 |
} else { |
|
464 |
SessionData sessionData = SessionService.getRegisteredSession(sessionId); |
|
465 |
|
|
466 |
String docId = null; |
|
467 |
try { |
|
468 |
docId = LSIDUtil.getDocId(resourceLsid, true); |
|
469 |
PermissionController pc = new PermissionController(docId); |
|
470 |
if (pc.hasPermission(sessionData.getUserName(), sessionData.getGroupNames(), permission)) { |
|
471 |
isAuthorized = "true"; |
|
472 |
message = " docid: " + docId + " is authorized for session"; |
|
473 |
} |
|
474 |
} catch (ParseLSIDException ple) { |
|
475 |
message = "unparseable resource lsid: " + ple.getMessage(); |
|
476 |
} catch (McdbException me) { |
|
477 |
message = "could not create permission controller for docid: " + docId + " : " + me.getMessage(); |
|
478 |
} catch (SQLException sqle) { |
|
479 |
message = "SQL error getting permissions for docid: " + docId + " : " + sqle.getMessage(); |
|
480 |
} |
|
481 |
} |
|
482 |
|
|
483 |
result += "<isAuthorized>" + isAuthorized + "</isAuthorized>"; |
|
484 |
result += "<message>" + message + "</message>"; |
|
485 |
result += "</resourceAuthorization>"; |
|
486 |
|
|
487 |
out.write(result); |
|
488 |
} |
|
489 |
|
|
413 | 490 |
} |
src/edu/ucsb/nceas/metacat/client/MetacatClient.java | ||
---|---|---|
111 | 111 |
prop.put("qformat", "xml"); |
112 | 112 |
prop.put("username", username); |
113 | 113 |
prop.put("password", password); |
114 |
// if (this.sessionId != null) { |
|
115 |
// prop.put("sessionid", sessionId); |
|
116 |
// } |
|
114 | 117 |
|
115 | 118 |
String response = null; |
116 | 119 |
try { |
... | ... | |
171 | 174 |
Properties prop = new Properties(); |
172 | 175 |
prop.put("action", "logout"); |
173 | 176 |
prop.put("qformat", "xml"); |
177 |
if (this.sessionId != null) { |
|
178 |
prop.put("sessionid", sessionId); |
|
179 |
} |
|
174 | 180 |
|
175 | 181 |
String response = null; |
176 | 182 |
try { |
... | ... | |
223 | 229 |
|
224 | 230 |
|
225 | 231 |
/** |
232 |
* Method used to log in to a metacat server. Implementations will need |
|
233 |
* to cache a cookie value to make the session persistent. Each time a |
|
234 |
* call is made to one of the other methods (e.g., read), the cookie will |
|
235 |
* need to be passed back to the metacat server along with the request. |
|
236 |
* |
|
237 |
* @param username the username of the user, like an LDAP DN |
|
238 |
* @param password the password for that user for authentication |
|
239 |
* @return the response string from metacat in XML format |
|
240 |
* @throws MetacatAuthException when the username/password could |
|
241 |
* not be authenticated |
|
242 |
*/ |
|
243 |
public String isAuthorized(String resourceLsid, String permission, String sessionId) |
|
244 |
throws MetacatAuthException, MetacatInaccessibleException { |
|
245 |
|
|
246 |
Properties prop = new Properties(); |
|
247 |
prop.put("action", "isauthorized"); |
|
248 |
prop.put("resourceLsid", resourceLsid); |
|
249 |
prop.put("permission", permission); |
|
250 |
prop.put("sessionId", sessionId); |
|
251 |
|
|
252 |
String response = null; |
|
253 |
try { |
|
254 |
response = sendDataForString(prop, null, null, 0); |
|
255 |
} catch (Exception e) { |
|
256 |
throw new MetacatInaccessibleException(e.getMessage()); |
|
257 |
} |
|
258 |
|
|
259 |
if (response.indexOf("<resourceAuthorization>") == -1) { |
|
260 |
System.out.println("invalid response: " + response); |
|
261 |
throw new MetacatAuthException(response); |
|
262 |
} |
|
263 |
|
|
264 |
return response; |
|
265 |
} |
|
266 |
|
|
267 |
/** |
|
226 | 268 |
* Read an XML document from the metacat server session, accessed by docid, |
227 | 269 |
* and returned as a Reader. |
228 | 270 |
* |
Also available in: Unified diff
Add authorization functionality