| 43 |
43 |
import org.xml.sax.InputSource;
|
| 44 |
44 |
|
| 45 |
45 |
import org.ecoinformatics.ecogrid.client.AuthenticationServiceClient;
|
|
46 |
import org.ecoinformatics.ecogrid.client.AuthorizationServiceClient;
|
| 46 |
47 |
|
|
48 |
import edu.ucsb.nceas.metacat.AccessControlInterface;
|
| 47 |
49 |
import edu.ucsb.nceas.metacat.scheduler.BaseScheduler;
|
| 48 |
50 |
import edu.ucsb.nceas.metacat.scheduler.ScheduledJobAccess;
|
| 49 |
51 |
import edu.ucsb.nceas.metacat.scheduler.ScheduledJobDAO;
|
| ... | ... | |
| 169 |
171 |
}
|
| 170 |
172 |
jobParams.put("workflowid", workflowids[0]);
|
| 171 |
173 |
|
|
174 |
String workflowAuthorizeStatus = authorizeRemoteSession(sessionIds[0], workflowids[0], AccessControlInterface.WRITESTRING);
|
|
175 |
if (!workflowAuthorizeStatus.equals("true")) {
|
|
176 |
throw new MetacatSchedulerException("WorkflowScheduler.scheduleJob - session "
|
|
177 |
+ request.getSession().getId() + " is not authorized to write workflow " + workflowids[0] + ".");
|
|
178 |
}
|
|
179 |
|
| 172 |
180 |
// kar id must exist. Add to job params
|
| 173 |
181 |
String karids[] = params.get("karid");
|
| 174 |
182 |
if (karids == null || karids.length == 0) {
|
| ... | ... | |
| 177 |
185 |
}
|
| 178 |
186 |
jobParams.put("karid", karids[0]);
|
| 179 |
187 |
|
|
188 |
String karAuthorizeStatus = authorizeRemoteSession(sessionIds[0], karids[0], AccessControlInterface.READSTRING);
|
|
189 |
if (!karAuthorizeStatus.equals("true")) {
|
|
190 |
throw new MetacatSchedulerException("WorkflowScheduler.scheduleJob - session "
|
|
191 |
+ request.getSession().getId() + " is not authorized to read kar " + karids[0] + ".");
|
|
192 |
}
|
| 180 |
193 |
|
| 181 |
194 |
// workflow name unit must exist. Add to job params
|
| 182 |
195 |
String workflownames[] = params.get("workflowname");
|
| ... | ... | |
| 455 |
468 |
|
| 456 |
469 |
return sessionStatus;
|
| 457 |
470 |
}
|
|
471 |
|
|
472 |
private String authorizeRemoteSession(String sessionId, String resourceLsid, String permission)
|
|
473 |
throws MetacatSchedulerException {
|
|
474 |
|
|
475 |
String authStatus = "unknown";
|
|
476 |
XPath xpath = XPathFactory.newInstance().newXPath();
|
|
477 |
|
|
478 |
try {
|
|
479 |
String ecogridUrl = PropertyService.getProperty("workflowScheduler.authorizationServiceUrl");
|
|
480 |
|
|
481 |
AuthorizationServiceClient authorizationServiceClient =
|
|
482 |
new AuthorizationServiceClient(ecogridUrl);
|
|
483 |
|
|
484 |
String authStatusXML = authorizationServiceClient.is_authorized_action(sessionId, resourceLsid, permission);
|
|
485 |
|
|
486 |
authStatus =
|
|
487 |
xpath.evaluate("/resourceAuthorization/isAuthorized", new InputSource(new StringReader(authStatusXML)));
|
|
488 |
|
|
489 |
|
|
490 |
} catch (PropertyNotFoundException pnfe) {
|
|
491 |
throw new MetacatSchedulerException("WorkflowScheduler.authorizeRemoteSession - Could not "
|
|
492 |
+ "find property: " + pnfe.getMessage());
|
|
493 |
} catch (Exception e) {
|
|
494 |
throw new MetacatSchedulerException("WorkflowScheduler.authorizeRemoteSession - "
|
|
495 |
+ "general error when authorizing Session: " + e.getMessage());
|
|
496 |
}
|
|
497 |
|
|
498 |
|
|
499 |
return authStatus;
|
|
500 |
}
|
| 458 |
501 |
}
|
Add authorization check before scheduling a job in the workflow scheduler