Revision 5386
Added by berkley almost 14 years ago
ResourceHandler.java | ||
---|---|---|
267 | 267 |
//System.out.println("done setting access"); |
268 | 268 |
} |
269 | 269 |
} else if (resource.equals(RESOURCE_META)) { |
270 |
if(params.get(FUNCTION_KEYWORD)[0].equals(FUNCTION_NAME_GENERATE_MISSING_SYSTEM_METADATA)) |
|
270 |
if(params != null && params.get(FUNCTION_KEYWORD) != null && |
|
271 |
params.get(FUNCTION_KEYWORD)[0].equals(FUNCTION_NAME_GENERATE_MISSING_SYSTEM_METADATA)) |
|
271 | 272 |
{ //generate system metadata for any object that is |
272 | 273 |
//a) not system metadata itself |
273 | 274 |
//b) does not already have a system metadata id in the systemmetadata table |
... | ... | |
371 | 372 |
while (paramlist.hasMoreElements()) { |
372 | 373 |
name = (String) paramlist.nextElement(); |
373 | 374 |
value = request.getParameterValues(name); |
374 |
//System.out.println("adding param: " + name + " = " + value); |
|
375 | 375 |
params.put(name, value); |
376 | 376 |
} |
377 |
|
|
378 | 377 |
} |
379 | 378 |
|
380 | 379 |
/** |
... | ... | |
408 | 407 |
password = sessionData.getPassword(); |
409 | 408 |
groupNames = sessionData.getGroupNames(); |
410 | 409 |
sessionId = sessionData.getId(); |
411 |
//System.out.println("setting sessionid to " + sessionId); |
|
410 |
System.out.println("setting sessionid to " + sessionId); |
|
411 |
System.out.println("username: " + username); |
|
412 | 412 |
} |
413 | 413 |
|
414 | 414 |
//if the session is not valid or the username is null, set |
415 | 415 |
//username to public |
416 | 416 |
if (username == null) |
417 | 417 |
{ |
418 |
System.out.println("setting username to public."); |
|
418 | 419 |
username = "public"; |
419 | 420 |
} |
420 | 421 |
} |
... | ... | |
645 | 646 |
private void getSystemMetadataObject(String guid) { |
646 | 647 |
CrudService cs = CrudService.getInstance(); |
647 | 648 |
cs.setParamsFromRequest(request); |
648 |
AuthToken token = null;
|
|
649 |
AuthToken token = new AuthToken(sessionId);
|
|
649 | 650 |
OutputStream out = null; |
650 | 651 |
try { |
651 | 652 |
out = response.getOutputStream(); |
... | ... | |
746 | 747 |
*/ |
747 | 748 |
private void putObject(String guid, String action) { |
748 | 749 |
logMetacat.debug("Entering putObject: " + guid + "/" + action); |
749 |
|
|
750 |
// TODO: This function lacks proper handling of authz and authn, so it |
|
751 |
// seems that anyone can insert or update; interacts with |
|
752 |
// loadSessionData(), which doesn't validate the session |
|
753 |
|
|
754 |
// Get an output stream for handling errors; this should really be passed in as |
|
755 |
// a parameter |
|
756 | 750 |
OutputStream out = null; |
757 | 751 |
try { |
758 | 752 |
out = response.getOutputStream(); |
... | ... | |
793 | 787 |
} |
794 | 788 |
|
795 | 789 |
logMetacat.debug("Commence creation..."); |
796 |
AuthToken token = null; |
|
797 | 790 |
IBindingFactory bfact = |
798 | 791 |
BindingDirectory.getFactory(SystemMetadata.class); |
799 | 792 |
IUnmarshallingContext uctx = bfact.createUnmarshallingContext(); |
800 | 793 |
SystemMetadata m = (SystemMetadata) uctx.unmarshalDocument(sysmeta, null); |
801 | 794 |
|
802 | 795 |
CrudService cs = CrudService.getInstance(); |
796 |
AuthToken token = new AuthToken(sessionId); |
|
803 | 797 |
cs.setParamsFromRequest(request); |
804 | 798 |
Identifier id = new Identifier(); |
805 | 799 |
id.setValue(guid); |
806 | 800 |
cs.create(token, id, object, m); |
807 |
|
|
801 |
|
|
808 | 802 |
} else if (action.equals(FUNCTION_NAME_UPDATE)) { //handle updates |
809 | 803 |
IdentifierManager im = IdentifierManager.getInstance(); |
810 | 804 |
CrudService cs = CrudService.getInstance(); |
811 | 805 |
Identifier obsoletedGuid = new Identifier(); |
812 | 806 |
Identifier id = new Identifier(); |
813 | 807 |
id.setValue(guid); |
814 |
AuthToken token = null;
|
|
808 |
AuthToken token = new AuthToken(sessionId);
|
|
815 | 809 |
|
816 | 810 |
//do some checks |
817 | 811 |
if(params.get("obsoletedGuid") == null) |
Also available in: Unified diff
fixed bugs associated with crud access control changes.