Revision 509
Added by bojilova over 23 years ago
MetaCatServlet.java | ||
---|---|---|
210 | 210 |
params.put(name,value); |
211 | 211 |
} |
212 | 212 |
|
213 |
//if the user clicked on the input images, decode which image |
|
214 |
//was clicked then set the action. |
|
213 | 215 |
String action = ((String[])params.get("action"))[0]; |
214 | 216 |
util.debugMessage("Line 213: Action is: " + action); |
215 |
//if the user clicked on the input images, decode which image |
|
216 |
//was clicked then set the action. |
|
217 |
|
|
217 | 218 |
//MBJELIMINATE String action = decodeMouseAction(params); |
218 | 219 |
//if(action.equals("error")) |
219 | 220 |
//{ |
220 |
// util.debugMessage("Line 218: Action is: " + action);
|
|
221 |
//util.debugMessage("Line 218: Action is: " + action);
|
|
221 | 222 |
//action = ((String[])params.get("action"))[0]; |
222 | 223 |
//} |
223 | 224 |
|
224 | 225 |
// This block handles session management for the servlet |
225 | 226 |
// by looking up the current session information for all actions |
226 |
// other than "Login" and "Logout" |
|
227 |
// handle login action |
|
227 |
// other than "login" and "logout" |
|
228 | 228 |
String username = null; |
229 | 229 |
String groupname = null; |
230 |
if (action.equals("Login") || action.equals("Login Client")) { |
|
230 |
|
|
231 |
// handle login action |
|
232 |
if (action.equals("login")) { |
|
233 |
|
|
231 | 234 |
handleLoginAction(response.getWriter(), params, request, response); |
235 |
|
|
232 | 236 |
// handle logout action |
233 |
} else if (action.equals("Logout") || action.equals("Logout Client")) { |
|
234 |
HttpSession sess = request.getSession(false); |
|
235 |
if (sess != null) { sess.invalidate(); } |
|
236 |
if (action.equals("Logout Client")) { |
|
237 |
PrintWriter out = response.getWriter(); |
|
238 |
out.println("<?xml version=\"1.0\"?>"); |
|
239 |
out.println("<success>"); |
|
240 |
out.println("User logout."); |
|
241 |
out.println("</success>"); |
|
242 |
return; |
|
243 |
} |
|
237 |
} else if (action.equals("logout")) { |
|
244 | 238 |
|
245 |
response.sendRedirect(htmlpath + "/index.html");
|
|
239 |
handleLogoutAction(response.getWriter(), params, request, response);
|
|
246 | 240 |
|
247 | 241 |
// aware of session expiration on every request |
248 | 242 |
} else { |
243 |
|
|
249 | 244 |
HttpSession sess = request.getSession(true); |
250 | 245 |
if (sess.isNew()) { |
251 | 246 |
// session expired or has not been stored b/w user requests |
252 |
// redirect to default page for query only access |
|
253 |
// response.sendRedirect(htmlpath + "/sexpire.html"); |
|
254 | 247 |
username = "public"; |
255 | 248 |
} else { |
256 | 249 |
username = (String)sess.getAttribute("username"); |
... | ... | |
298 | 291 |
} |
299 | 292 |
else if (action.equals("insert") || action.equals("update")) { |
300 | 293 |
PrintWriter out = response.getWriter(); |
301 |
if ( !username.equals("public") && (username != null) ) {
|
|
294 |
if ( (username != null) && !username.equals("public") ) {
|
|
302 | 295 |
handleInsertOrUpdateAction(out, params, response, username, groupname); |
303 | 296 |
} else { |
304 | 297 |
out.println("Permission denied for " + action); |
305 | 298 |
} |
306 | 299 |
} else if (action.equals("delete")) { |
307 | 300 |
PrintWriter out = response.getWriter(); |
308 |
if ( !username.equals("public") && (username != null) ) {
|
|
301 |
if ( (username != null) && !username.equals("public") ) {
|
|
309 | 302 |
handleDeleteAction(out, params, response, username, groupname); |
310 | 303 |
} else { |
311 | 304 |
out.println("Permission denied for " + action); |
... | ... | |
332 | 325 |
} else if (action.equals("getdataguide")) { |
333 | 326 |
PrintWriter out = response.getWriter(); |
334 | 327 |
handleGetDataGuideAction(out, params, response); |
335 |
} else if (action.equals("Login") || action.equals("Login Client")) {
|
|
328 |
} else if (action.equals("login") || action.equals("logout")) {
|
|
336 | 329 |
} else { |
337 | 330 |
PrintWriter out = response.getWriter(); |
338 | 331 |
out.println("Error: action not registered. Please report this error."); |
... | ... | |
379 | 372 |
} |
380 | 373 |
|
381 | 374 |
/** |
382 |
* Handle the Login request. Create a new session object.
|
|
375 |
* Handle the login request. Create a new session object.
|
|
383 | 376 |
* Do user authentication through the session. |
384 | 377 |
*/ |
385 | 378 |
private void handleLoginAction(PrintWriter out, Hashtable params, |
... | ... | |
389 | 382 |
String un = ((String[])params.get("username"))[0]; |
390 | 383 |
String pw = ((String[])params.get("password"))[0]; |
391 | 384 |
String action = ((String[])params.get("action"))[0]; |
385 |
String qformat = ((String[])params.get("qformat"))[0]; |
|
392 | 386 |
|
393 | 387 |
try { |
394 |
sess = new AuthSession(request, un, pw);
|
|
388 |
sess = new AuthSession(); |
|
395 | 389 |
} catch (Exception e) { |
396 | 390 |
out.println(e.getMessage()); |
391 |
return; |
|
397 | 392 |
} |
398 | 393 |
|
399 |
String output = null;
|
|
400 |
boolean isValid = sess.authenticate(); |
|
401 |
if (action.equals("Login Client")) {
|
|
402 |
out.println(sess.getMessage());
|
|
403 |
} else {
|
|
394 |
boolean isValid = sess.authenticate(request, un, pw);
|
|
395 |
|
|
396 |
// format and transform the output
|
|
397 |
if (qformat.equals("html")) {
|
|
398 |
Connection conn = null;
|
|
404 | 399 |
try { |
400 |
conn = util.getConnection(); |
|
401 |
DBTransform trans = new DBTransform(conn); |
|
402 |
response.setContentType("text/html"); |
|
403 |
// user authentication successful |
|
405 | 404 |
if (isValid) { |
406 |
if (un.equals("public")) { |
|
407 |
response.sendRedirect( |
|
408 |
response.encodeRedirectUrl(htmlpath + "/index.html")); |
|
409 |
} else { |
|
410 |
response.sendRedirect( |
|
405 |
// trans.transformXMLDocument(sess.getMessage(), "-//NCEAS//login//EN", |
|
406 |
// "-//W3C//HTML//EN", out); |
|
407 |
response.sendRedirect( |
|
411 | 408 |
response.encodeRedirectUrl(htmlpath + "/metacat.html")); |
412 |
} |
|
409 |
|
|
410 |
// unsuccessful user authentication |
|
413 | 411 |
} else { |
414 |
response.sendRedirect( |
|
415 |
response.encodeRedirectUrl(htmlpath + "/login.html")); |
|
412 |
// trans.transformXMLDocument(sess.getMessage(), "-//NCEAS//nologin//EN", |
|
413 |
// "-//W3C//HTML//EN", out); |
|
414 |
response.sendRedirect(htmlpath + "/login.html"); |
|
416 | 415 |
} |
417 |
} catch ( java.io.IOException ioe) { |
|
418 |
String message = "handleLoginAction() - " + |
|
419 |
"Error on redirect of HttpServletResponse: " + |
|
420 |
ioe.getMessage(); |
|
421 |
out.println(message); |
|
422 |
} |
|
416 |
util.returnConnection(conn); |
|
417 |
} catch(Exception e) { |
|
418 |
util.returnConnection(conn); |
|
419 |
} |
|
420 |
|
|
421 |
// any output is returned |
|
422 |
} else { |
|
423 |
response.setContentType("text/xml"); |
|
424 |
out.println(sess.getMessage()); |
|
423 | 425 |
} |
426 |
|
|
427 |
// if (action.equals("Login Client")) { |
|
428 |
// out.println(sess.getMessage()); |
|
429 |
// } else { |
|
430 |
// try { |
|
431 |
// if (isValid) { |
|
432 |
// if (un.equals("public")) { |
|
433 |
// response.sendRedirect( |
|
434 |
// response.encodeRedirectUrl(htmlpath + "/index.html")); |
|
435 |
// } else { |
|
436 |
// response.sendRedirect( |
|
437 |
// response.encodeRedirectUrl(htmlpath + "/metacat.html")); |
|
438 |
// } |
|
439 |
// } else { |
|
440 |
// response.sendRedirect(htmlpath + "/login.html"); |
|
441 |
// } |
|
442 |
// } catch ( java.io.IOException ioe) { |
|
443 |
// String message = "handleLoginAction() - " + |
|
444 |
// "Error on redirect of HttpServletResponse: " + |
|
445 |
// ioe.getMessage(); |
|
446 |
// out.println(message); |
|
447 |
// } |
|
448 |
// } |
|
424 | 449 |
} |
450 |
|
|
451 |
/** |
|
452 |
* Handle the logout request. Close the connection. |
|
453 |
*/ |
|
454 |
private void handleLogoutAction(PrintWriter out, Hashtable params, |
|
455 |
HttpServletRequest request, HttpServletResponse response) { |
|
456 |
|
|
457 |
String qformat = ((String[])params.get("qformat"))[0]; |
|
458 |
|
|
459 |
// close the connection |
|
460 |
HttpSession sess = request.getSession(false); |
|
461 |
if (sess != null) { sess.invalidate(); } |
|
462 |
|
|
463 |
// produce output |
|
464 |
StringBuffer output = new StringBuffer(); |
|
465 |
output.append("<?xml version=\"1.0\"?>"); |
|
466 |
output.append("<success>"); |
|
467 |
output.append("User logout."); |
|
468 |
output.append("</success>"); |
|
469 |
|
|
470 |
//format and transform the output |
|
471 |
if (qformat.equals("html")) { |
|
472 |
Connection conn = null; |
|
473 |
try { |
|
474 |
conn = util.getConnection(); |
|
475 |
DBTransform trans = new DBTransform(conn); |
|
476 |
response.setContentType("text/html"); |
|
477 |
//trans.transformXMLDocument(output, "-//NCEAS//logout//EN", |
|
478 |
// "-//W3C//HTML//EN", out); |
|
479 |
response.sendRedirect(htmlpath + "/index.html"); |
|
480 |
util.returnConnection(conn); |
|
481 |
} catch(Exception e) { |
|
482 |
util.returnConnection(conn); |
|
483 |
} |
|
484 |
// any output is returned |
|
485 |
} else { |
|
486 |
response.setContentType("text/xml"); |
|
487 |
out.println(output.toString()); |
|
488 |
} |
|
489 |
|
|
490 |
} |
|
491 |
|
|
425 | 492 |
|
426 | 493 |
/** |
427 | 494 |
* Retreive the squery xml, execute it and display it |
Also available in: Unified diff
AuthMcat
- new class for authentication through MCA; implements AuthInterface
AuthSession
- assigning HttpSession obj only after successful athentication;
- cleared isAuthenticated field - not needed
- cleared invalidate() method - not needed
AuthInterface
- added input parameters: user and password for getGroups() and getUsers() interfaces
needed for making connection to the auth server
MetaCatServlet
- changed the values of action paramet to "login" and "logout"
- added handleLogoutAction() method