Revision 5386
Added by berkley over 14 years ago
| src/edu/ucsb/nceas/metacat/restservice/ResourceHandler.java | ||
|---|---|---|
| 267 | 267 |
//System.out.println("done setting access");
|
| 268 | 268 |
} |
| 269 | 269 |
} else if (resource.equals(RESOURCE_META)) {
|
| 270 |
if(params.get(FUNCTION_KEYWORD)[0].equals(FUNCTION_NAME_GENERATE_MISSING_SYSTEM_METADATA)) |
|
| 270 |
if(params != null && params.get(FUNCTION_KEYWORD) != null && |
|
| 271 |
params.get(FUNCTION_KEYWORD)[0].equals(FUNCTION_NAME_GENERATE_MISSING_SYSTEM_METADATA)) |
|
| 271 | 272 |
{ //generate system metadata for any object that is
|
| 272 | 273 |
//a) not system metadata itself |
| 273 | 274 |
//b) does not already have a system metadata id in the systemmetadata table |
| ... | ... | |
| 371 | 372 |
while (paramlist.hasMoreElements()) {
|
| 372 | 373 |
name = (String) paramlist.nextElement(); |
| 373 | 374 |
value = request.getParameterValues(name); |
| 374 |
//System.out.println("adding param: " + name + " = " + value);
|
|
| 375 | 375 |
params.put(name, value); |
| 376 | 376 |
} |
| 377 |
|
|
| 378 | 377 |
} |
| 379 | 378 |
|
| 380 | 379 |
/** |
| ... | ... | |
| 408 | 407 |
password = sessionData.getPassword(); |
| 409 | 408 |
groupNames = sessionData.getGroupNames(); |
| 410 | 409 |
sessionId = sessionData.getId(); |
| 411 |
//System.out.println("setting sessionid to " + sessionId);
|
|
| 410 |
System.out.println("setting sessionid to " + sessionId);
|
|
| 411 |
System.out.println("username: " + username);
|
|
| 412 | 412 |
} |
| 413 | 413 |
|
| 414 | 414 |
//if the session is not valid or the username is null, set |
| 415 | 415 |
//username to public |
| 416 | 416 |
if (username == null) |
| 417 | 417 |
{
|
| 418 |
System.out.println("setting username to public.");
|
|
| 418 | 419 |
username = "public"; |
| 419 | 420 |
} |
| 420 | 421 |
} |
| ... | ... | |
| 645 | 646 |
private void getSystemMetadataObject(String guid) {
|
| 646 | 647 |
CrudService cs = CrudService.getInstance(); |
| 647 | 648 |
cs.setParamsFromRequest(request); |
| 648 |
AuthToken token = null;
|
|
| 649 |
AuthToken token = new AuthToken(sessionId);
|
|
| 649 | 650 |
OutputStream out = null; |
| 650 | 651 |
try {
|
| 651 | 652 |
out = response.getOutputStream(); |
| ... | ... | |
| 746 | 747 |
*/ |
| 747 | 748 |
private void putObject(String guid, String action) {
|
| 748 | 749 |
logMetacat.debug("Entering putObject: " + guid + "/" + action);
|
| 749 |
|
|
| 750 |
// TODO: This function lacks proper handling of authz and authn, so it |
|
| 751 |
// seems that anyone can insert or update; interacts with |
|
| 752 |
// loadSessionData(), which doesn't validate the session |
|
| 753 |
|
|
| 754 |
// Get an output stream for handling errors; this should really be passed in as |
|
| 755 |
// a parameter |
|
| 756 | 750 |
OutputStream out = null; |
| 757 | 751 |
try {
|
| 758 | 752 |
out = response.getOutputStream(); |
| ... | ... | |
| 793 | 787 |
} |
| 794 | 788 |
|
| 795 | 789 |
logMetacat.debug("Commence creation...");
|
| 796 |
AuthToken token = null; |
|
| 797 | 790 |
IBindingFactory bfact = |
| 798 | 791 |
BindingDirectory.getFactory(SystemMetadata.class); |
| 799 | 792 |
IUnmarshallingContext uctx = bfact.createUnmarshallingContext(); |
| 800 | 793 |
SystemMetadata m = (SystemMetadata) uctx.unmarshalDocument(sysmeta, null); |
| 801 | 794 |
|
| 802 | 795 |
CrudService cs = CrudService.getInstance(); |
| 796 |
AuthToken token = new AuthToken(sessionId); |
|
| 803 | 797 |
cs.setParamsFromRequest(request); |
| 804 | 798 |
Identifier id = new Identifier(); |
| 805 | 799 |
id.setValue(guid); |
| 806 | 800 |
cs.create(token, id, object, m); |
| 807 |
|
|
| 801 |
|
|
| 808 | 802 |
} else if (action.equals(FUNCTION_NAME_UPDATE)) { //handle updates
|
| 809 | 803 |
IdentifierManager im = IdentifierManager.getInstance(); |
| 810 | 804 |
CrudService cs = CrudService.getInstance(); |
| 811 | 805 |
Identifier obsoletedGuid = new Identifier(); |
| 812 | 806 |
Identifier id = new Identifier(); |
| 813 | 807 |
id.setValue(guid); |
| 814 |
AuthToken token = null;
|
|
| 808 |
AuthToken token = new AuthToken(sessionId);
|
|
| 815 | 809 |
|
| 816 | 810 |
//do some checks |
| 817 | 811 |
if(params.get("obsoletedGuid") == null)
|
| src/edu/ucsb/nceas/metacat/MetacatHandler.java | ||
|---|---|---|
| 356 | 356 |
+ " which has username" + session.getAttribute("username")
|
| 357 | 357 |
+ " into hash in login method"); |
| 358 | 358 |
try {
|
| 359 |
System.out.println("registering session with id " + id);
|
|
| 360 |
System.out.println("username: " + (String) session.getAttribute("username"));
|
|
| 359 | 361 |
SessionService.getInstance().registerSession(id, |
| 360 | 362 |
(String) session.getAttribute("username"),
|
| 361 | 363 |
(String[]) session.getAttribute("groupnames"),
|
| 362 | 364 |
(String) session.getAttribute("password"),
|
| 363 | 365 |
(String) session.getAttribute("name"));
|
| 366 |
|
|
| 367 |
|
|
| 364 | 368 |
} catch (ServiceException se) {
|
| 365 | 369 |
String errorMsg = "MetacatServlet.handleLoginAction - service problem registering session: " |
| 366 | 370 |
+ se.getMessage(); |
| src/edu/ucsb/nceas/metacat/dataone/CrudService.java | ||
|---|---|---|
| 311 | 311 |
|
| 312 | 312 |
// For Metadata and Data, insert the system metadata into the object store too |
| 313 | 313 |
insertSystemMetadata(sysmeta, sessionData); |
| 314 |
|
|
| 315 | 314 |
logMetacat.debug("Returning from CrudService.create()");
|
| 316 | 315 |
EventLog.getInstance().log(metacatUrl, |
| 317 | 316 |
username, localId, "create"); |
| ... | ... | |
| 762 | 761 |
// Retrieve the session information from the AuthToken |
| 763 | 762 |
// If the session is expired, then the user is 'public' |
| 764 | 763 |
final SessionData sessionData = getSessionData(token); |
| 765 |
|
|
| 766 |
// TODO: Check access control rules |
|
| 767 | 764 |
|
| 768 | 765 |
try {
|
| 769 | 766 |
IdentifierManager im = IdentifierManager.getInstance(); |
| ... | ... | |
| 963 | 960 |
// if the localId is not acceptable or other untoward things happen |
| 964 | 961 |
try {
|
| 965 | 962 |
logMetacat.debug("Registering document...");
|
| 966 |
System.out.println("inserting data object: localId: " + localId);
|
|
| 967 | 963 |
DocumentImpl.registerDocument(localId, "BIN", localId, |
| 968 | 964 |
username, groups); |
| 969 | 965 |
logMetacat.debug("Registration step completed.");
|
Also available in: Unified diff
fixed bugs associated with crud access control changes.