Revision 6227
Added by Chris Jones over 13 years ago
| src/edu/ucsb/nceas/metacat/dataone/D1NodeService.java | ||
|---|---|---|
| 74 | 74 |
import edu.ucsb.nceas.utilities.PropertyNotFoundException; |
| 75 | 75 |
|
| 76 | 76 |
public abstract class D1NodeService {
|
| 77 |
|
|
| 77 |
|
|
| 78 | 78 |
private static Logger logMetacat = Logger.getLogger(D1NodeService.class); |
| 79 | 79 |
|
| 80 | 80 |
/* reference to the metacat handler */ |
| ... | ... | |
| 83 | 83 |
/* parameters set in the incoming request */ |
| 84 | 84 |
private Hashtable<String, String[]> params; |
| 85 | 85 |
|
| 86 |
/* Methods common to CNCore and MNCore APIs */
|
|
| 86 |
/* Methods common to CNCore and MNCore APIs */
|
|
| 87 | 87 |
|
| 88 |
/**
|
|
| 89 |
* Return the log records associated with a given event between the start and
|
|
| 90 |
* end dates listed given a particular Subject listed in the Session
|
|
| 91 |
*
|
|
| 92 |
* @param session - the Session object containing the credentials for the Subject
|
|
| 93 |
* @param fromDate - the start date of the desired log records
|
|
| 94 |
* @param toDate - the end date of the desired log records
|
|
| 95 |
* @param event - restrict log records of a specific event type
|
|
| 96 |
* @param start - zero based offset from the first record in the
|
|
| 97 |
* set of matching log records. Used to assist with
|
|
| 98 |
* paging the response.
|
|
| 99 |
* @param count - maximum number of log records to return in the response.
|
|
| 100 |
* Used to assist with paging the response.
|
|
| 101 |
*
|
|
| 102 |
* @return the desired log records
|
|
| 103 |
*
|
|
| 104 |
* @throws InvalidToken
|
|
| 105 |
* @throws ServiceFailure
|
|
| 106 |
* @throws NotAuthorized
|
|
| 107 |
* @throws InvalidRequest
|
|
| 108 |
* @throws NotImplemented
|
|
| 109 |
*/
|
|
| 110 |
public Log getLogRecords(Session session, Date fromDate, Date toDate,
|
|
| 88 |
/**
|
|
| 89 |
* Return the log records associated with a given event between the start and
|
|
| 90 |
* end dates listed given a particular Subject listed in the Session
|
|
| 91 |
*
|
|
| 92 |
* @param session - the Session object containing the credentials for the Subject
|
|
| 93 |
* @param fromDate - the start date of the desired log records
|
|
| 94 |
* @param toDate - the end date of the desired log records
|
|
| 95 |
* @param event - restrict log records of a specific event type
|
|
| 96 |
* @param start - zero based offset from the first record in the
|
|
| 97 |
* set of matching log records. Used to assist with
|
|
| 98 |
* paging the response.
|
|
| 99 |
* @param count - maximum number of log records to return in the response.
|
|
| 100 |
* Used to assist with paging the response.
|
|
| 101 |
*
|
|
| 102 |
* @return the desired log records
|
|
| 103 |
*
|
|
| 104 |
* @throws InvalidToken
|
|
| 105 |
* @throws ServiceFailure
|
|
| 106 |
* @throws NotAuthorized
|
|
| 107 |
* @throws InvalidRequest
|
|
| 108 |
* @throws NotImplemented
|
|
| 109 |
*/
|
|
| 110 |
public Log getLogRecords(Session session, Date fromDate, Date toDate,
|
|
| 111 | 111 |
Event event, Integer start, Integer count) throws InvalidToken, ServiceFailure, |
| 112 |
NotAuthorized, InvalidRequest, NotImplemented {
|
|
| 112 |
NotAuthorized, InvalidRequest, NotImplemented {
|
|
| 113 | 113 |
|
| 114 | 114 |
|
| 115 |
Log log = new Log();
|
|
| 116 |
Vector<LogEntry> logs = new Vector<LogEntry>();
|
|
| 117 |
IdentifierManager im = IdentifierManager.getInstance();
|
|
| 118 |
EventLog el = EventLog.getInstance();
|
|
| 119 |
if (fromDate == null) {
|
|
| 120 |
logMetacat.debug("setting fromdate from null");
|
|
| 121 |
fromDate = new Date(1);
|
|
| 122 |
}
|
|
| 123 |
if (toDate == null) {
|
|
| 124 |
logMetacat.debug("setting todate from null");
|
|
| 125 |
toDate = new Date();
|
|
| 126 |
}
|
|
| 115 |
Log log = new Log();
|
|
| 116 |
Vector<LogEntry> logs = new Vector<LogEntry>();
|
|
| 117 |
IdentifierManager im = IdentifierManager.getInstance();
|
|
| 118 |
EventLog el = EventLog.getInstance();
|
|
| 119 |
if (fromDate == null) {
|
|
| 120 |
logMetacat.debug("setting fromdate from null");
|
|
| 121 |
fromDate = new Date(1);
|
|
| 122 |
}
|
|
| 123 |
if (toDate == null) {
|
|
| 124 |
logMetacat.debug("setting todate from null");
|
|
| 125 |
toDate = new Date();
|
|
| 126 |
}
|
|
| 127 | 127 |
|
| 128 |
logMetacat.debug("fromDate: " + fromDate);
|
|
| 129 |
logMetacat.debug("toDate: " + toDate);
|
|
| 128 |
logMetacat.debug("fromDate: " + fromDate);
|
|
| 129 |
logMetacat.debug("toDate: " + toDate);
|
|
| 130 | 130 |
|
| 131 |
String report = el.getReport(null, null, null, null,
|
|
| 132 |
new java.sql.Timestamp(fromDate.getTime()),
|
|
| 133 |
new java.sql.Timestamp(toDate.getTime()), false);
|
|
| 131 |
String report = el.getReport(null, null, null, null,
|
|
| 132 |
new java.sql.Timestamp(fromDate.getTime()),
|
|
| 133 |
new java.sql.Timestamp(toDate.getTime()), false);
|
|
| 134 | 134 |
|
| 135 |
logMetacat.debug("report: " + report);
|
|
| 135 |
logMetacat.debug("report: " + report);
|
|
| 136 | 136 |
|
| 137 |
String logEntry = "<logEntry>";
|
|
| 138 |
String endLogEntry = "</logEntry>";
|
|
| 139 |
int startIndex = 0;
|
|
| 140 |
int foundIndex = report.indexOf(logEntry, startIndex);
|
|
| 141 |
while (foundIndex != -1) {
|
|
| 142 |
// parse out each entry
|
|
| 143 |
int endEntryIndex = report.indexOf(endLogEntry, foundIndex);
|
|
| 144 |
String entry = report.substring(foundIndex, endEntryIndex);
|
|
| 145 |
logMetacat.debug("entry: " + entry);
|
|
| 146 |
startIndex = endEntryIndex + endLogEntry.length();
|
|
| 147 |
foundIndex = report.indexOf(logEntry, startIndex);
|
|
| 137 |
String logEntry = "<logEntry>";
|
|
| 138 |
String endLogEntry = "</logEntry>";
|
|
| 139 |
int startIndex = 0;
|
|
| 140 |
int foundIndex = report.indexOf(logEntry, startIndex);
|
|
| 141 |
while (foundIndex != -1) {
|
|
| 142 |
// parse out each entry
|
|
| 143 |
int endEntryIndex = report.indexOf(endLogEntry, foundIndex);
|
|
| 144 |
String entry = report.substring(foundIndex, endEntryIndex);
|
|
| 145 |
logMetacat.debug("entry: " + entry);
|
|
| 146 |
startIndex = endEntryIndex + endLogEntry.length();
|
|
| 147 |
foundIndex = report.indexOf(logEntry, startIndex);
|
|
| 148 | 148 |
|
| 149 |
String entryId = getLogEntryField("entryid", entry);
|
|
| 150 |
String ipAddress = getLogEntryField("ipAddress", entry);
|
|
| 151 |
String principal = getLogEntryField("principal", entry);
|
|
| 152 |
String docid = getLogEntryField("docid", entry);
|
|
| 153 |
String eventS = getLogEntryField("event", entry);
|
|
| 154 |
String dateLogged = getLogEntryField("dateLogged", entry);
|
|
| 149 |
String entryId = getLogEntryField("entryid", entry);
|
|
| 150 |
String ipAddress = getLogEntryField("ipAddress", entry);
|
|
| 151 |
String principal = getLogEntryField("principal", entry);
|
|
| 152 |
String docid = getLogEntryField("docid", entry);
|
|
| 153 |
String eventS = getLogEntryField("event", entry);
|
|
| 154 |
String dateLogged = getLogEntryField("dateLogged", entry);
|
|
| 155 | 155 |
|
| 156 |
LogEntry le = new LogEntry();
|
|
| 156 |
LogEntry le = new LogEntry();
|
|
| 157 | 157 |
|
| 158 |
Event e = Event.convert(eventS);
|
|
| 159 |
if (e == null) { // skip any events that are not Dataone Crud events
|
|
| 160 |
continue;
|
|
| 161 |
}
|
|
| 162 |
le.setEvent(e);
|
|
| 163 |
Identifier entryid = new Identifier();
|
|
| 164 |
entryid.setValue(entryId);
|
|
| 165 |
le.setEntryId(entryid);
|
|
| 166 |
Identifier identifier = new Identifier();
|
|
| 167 |
try {
|
|
| 168 |
logMetacat.debug("converting docid '" + docid + "' to a guid.");
|
|
| 169 |
if (docid == null || docid.trim().equals("") || docid.trim().equals("null")) {
|
|
| 170 |
continue;
|
|
| 171 |
}
|
|
| 172 |
docid = docid.substring(0, docid.lastIndexOf("."));
|
|
| 173 |
identifier.setValue(im.getGUID(docid, im.getLatestRevForLocalId(docid)));
|
|
| 174 |
} catch (Exception ex) {
|
|
| 175 |
// try to get the guid, if that doesn't
|
|
| 176 |
// work, just use the local id
|
|
| 177 |
// throw new ServiceFailure("1030",
|
|
| 178 |
// "Error getting guid for localId " +
|
|
| 179 |
// docid + ": " + ex.getMessage());\
|
|
| 158 |
Event e = Event.convert(eventS);
|
|
| 159 |
if (e == null) { // skip any events that are not Dataone Crud events
|
|
| 160 |
continue;
|
|
| 161 |
}
|
|
| 162 |
le.setEvent(e);
|
|
| 163 |
Identifier entryid = new Identifier();
|
|
| 164 |
entryid.setValue(entryId);
|
|
| 165 |
le.setEntryId(entryid);
|
|
| 166 |
Identifier identifier = new Identifier();
|
|
| 167 |
try {
|
|
| 168 |
logMetacat.debug("converting docid '" + docid + "' to a guid.");
|
|
| 169 |
if (docid == null || docid.trim().equals("") || docid.trim().equals("null")) {
|
|
| 170 |
continue;
|
|
| 171 |
}
|
|
| 172 |
docid = docid.substring(0, docid.lastIndexOf("."));
|
|
| 173 |
identifier.setValue(im.getGUID(docid, im.getLatestRevForLocalId(docid)));
|
|
| 174 |
} catch (Exception ex) {
|
|
| 175 |
// try to get the guid, if that doesn't
|
|
| 176 |
// work, just use the local id
|
|
| 177 |
// throw new ServiceFailure("1030",
|
|
| 178 |
// "Error getting guid for localId " +
|
|
| 179 |
// docid + ": " + ex.getMessage());\
|
|
| 180 | 180 |
|
| 181 |
// skip it if the guid can't be found
|
|
| 182 |
continue;
|
|
| 183 |
}
|
|
| 181 |
// skip it if the guid can't be found
|
|
| 182 |
continue;
|
|
| 183 |
}
|
|
| 184 | 184 |
|
| 185 |
le.setIdentifier(identifier);
|
|
| 186 |
le.setIpAddress(ipAddress);
|
|
| 187 |
Calendar c = Calendar.getInstance();
|
|
| 188 |
String year = dateLogged.substring(0, 4);
|
|
| 189 |
String month = dateLogged.substring(5, 7);
|
|
| 190 |
String date = dateLogged.substring(8, 10);
|
|
| 191 |
logMetacat.debug("year: " + year + " month: " + month + " day: " + date);
|
|
| 192 |
c.set(new Integer(year).intValue(), new Integer(month).intValue(),
|
|
| 193 |
new Integer(date).intValue());
|
|
| 194 |
Date logDate = c.getTime();
|
|
| 195 |
le.setDateLogged(logDate);
|
|
| 196 |
NodeReference memberNode = new NodeReference();
|
|
| 197 |
memberNode.setValue(ipAddress);
|
|
| 198 |
le.setMemberNode(memberNode);
|
|
| 199 |
Subject princ = new Subject();
|
|
| 200 |
princ.setValue(principal);
|
|
| 201 |
le.setSubject(princ);
|
|
| 202 |
le.setUserAgent("metacat/RESTService");
|
|
| 185 |
le.setIdentifier(identifier);
|
|
| 186 |
le.setIpAddress(ipAddress);
|
|
| 187 |
Calendar c = Calendar.getInstance();
|
|
| 188 |
String year = dateLogged.substring(0, 4);
|
|
| 189 |
String month = dateLogged.substring(5, 7);
|
|
| 190 |
String date = dateLogged.substring(8, 10);
|
|
| 191 |
logMetacat.debug("year: " + year + " month: " + month + " day: " + date);
|
|
| 192 |
c.set(new Integer(year).intValue(), new Integer(month).intValue(),
|
|
| 193 |
new Integer(date).intValue());
|
|
| 194 |
Date logDate = c.getTime();
|
|
| 195 |
le.setDateLogged(logDate);
|
|
| 196 |
NodeReference memberNode = new NodeReference();
|
|
| 197 |
memberNode.setValue(ipAddress);
|
|
| 198 |
le.setMemberNode(memberNode);
|
|
| 199 |
Subject princ = new Subject();
|
|
| 200 |
princ.setValue(principal);
|
|
| 201 |
le.setSubject(princ);
|
|
| 202 |
le.setUserAgent("metacat/RESTService");
|
|
| 203 | 203 |
|
| 204 |
if (event == null) {
|
|
| 205 |
logs.add(le);
|
|
| 206 |
}
|
|
| 204 |
if (event == null) {
|
|
| 205 |
logs.add(le);
|
|
| 206 |
}
|
|
| 207 | 207 |
|
| 208 |
if (event != null
|
|
| 209 |
&& e.toString().toLowerCase().trim().equals(
|
|
| 210 |
event.toString().toLowerCase().trim())) {
|
|
| 211 |
logs.add(le);
|
|
| 212 |
}
|
|
| 213 |
}
|
|
| 208 |
if (event != null
|
|
| 209 |
&& e.toString().toLowerCase().trim().equals(
|
|
| 210 |
event.toString().toLowerCase().trim())) {
|
|
| 211 |
logs.add(le);
|
|
| 212 |
}
|
|
| 213 |
}
|
|
| 214 | 214 |
|
| 215 |
log.setLogEntryList(logs);
|
|
| 216 |
logMetacat.info("getLogRecords");
|
|
| 217 |
return log;
|
|
| 218 |
}
|
|
| 219 |
|
|
| 220 |
/* End methods common to CNCore and MNCore APIs */
|
|
| 215 |
log.setLogEntryList(logs);
|
|
| 216 |
logMetacat.info("getLogRecords");
|
|
| 217 |
return log;
|
|
| 218 |
}
|
|
| 219 |
|
|
| 220 |
/* End methods common to CNCore and MNCore APIs */
|
|
| 221 | 221 |
|
| 222 |
/* Methods common to CNRead and MNRead APIs */
|
|
| 223 |
|
|
| 224 |
/**
|
|
| 225 |
* Return the object identified by the given object identifier
|
|
| 226 |
*
|
|
| 227 |
* @param session - the Session object containing the credentials for the Subject
|
|
| 228 |
* @param pid - the object identifier for the given object
|
|
| 229 |
*
|
|
| 230 |
* TODO: The D1 Authorization API doesn't provide information on which
|
|
| 231 |
* authentication system the Subject belongs to, and so it's not possible to
|
|
| 232 |
* discern which Person or Group is a valid KNB LDAP DN. Fix this.
|
|
| 233 |
*
|
|
| 234 |
* @return inputStream - the input stream of the given object
|
|
| 235 |
*
|
|
| 236 |
* @throws InvalidToken
|
|
| 237 |
* @throws ServiceFailure
|
|
| 238 |
* @throws NotAuthorized
|
|
| 239 |
* @throws InvalidRequest
|
|
| 240 |
* @throws NotImplemented
|
|
| 241 |
*/
|
|
| 242 |
public InputStream get(Session session, Identifier pid)
|
|
| 243 |
throws InvalidToken, ServiceFailure, NotAuthorized, NotFound,
|
|
| 244 |
NotImplemented, InvalidRequest {
|
|
| 222 |
/* Methods common to CNRead and MNRead APIs */
|
|
| 223 |
|
|
| 224 |
/**
|
|
| 225 |
* Return the object identified by the given object identifier
|
|
| 226 |
*
|
|
| 227 |
* @param session - the Session object containing the credentials for the Subject
|
|
| 228 |
* @param pid - the object identifier for the given object
|
|
| 229 |
*
|
|
| 230 |
* TODO: The D1 Authorization API doesn't provide information on which
|
|
| 231 |
* authentication system the Subject belongs to, and so it's not possible to
|
|
| 232 |
* discern which Person or Group is a valid KNB LDAP DN. Fix this.
|
|
| 233 |
*
|
|
| 234 |
* @return inputStream - the input stream of the given object
|
|
| 235 |
*
|
|
| 236 |
* @throws InvalidToken
|
|
| 237 |
* @throws ServiceFailure
|
|
| 238 |
* @throws NotAuthorized
|
|
| 239 |
* @throws InvalidRequest
|
|
| 240 |
* @throws NotImplemented
|
|
| 241 |
*/
|
|
| 242 |
public InputStream get(Session session, Identifier pid)
|
|
| 243 |
throws InvalidToken, ServiceFailure, NotAuthorized, NotFound,
|
|
| 244 |
NotImplemented, InvalidRequest {
|
|
| 245 | 245 |
|
| 246 |
InputStream inputStream = null; // bytes to be returned
|
|
| 246 |
InputStream inputStream = null; // bytes to be returned
|
|
| 247 | 247 |
handler = new MetacatHandler(new Timer()); |
| 248 |
boolean allowed = false; |
|
| 249 |
String localId; // the metacat docid for the pid |
|
| 250 |
Subject subject = session.getSubject(); // the requesting user |
|
| 251 |
List<Group> groupList; // the user's groups |
|
| 252 |
|
|
| 253 |
// set the public user as a fallback |
|
| 254 |
if ( subject == null ) {
|
|
| 255 |
subject.setValue("Public");
|
|
| 256 |
session.setSubject(subject); |
|
| 257 |
|
|
| 258 |
} |
|
| 259 |
|
|
| 260 |
// convert groups to a string array (for handler) |
|
| 261 |
groupList = session.getSubjectList().getGroupList(); |
|
| 262 |
String[] groups = new String[groupList.size()]; |
|
| 263 |
|
|
| 264 |
// get the local docid from Metacat |
|
| 265 |
try {
|
|
| 266 |
localId = IdentifierManager.getInstance().getLocalId(pid.getValue()); |
|
| 248 |
boolean allowed = false; |
|
| 249 |
String localId; // the metacat docid for the pid |
|
| 250 |
Subject subject = session.getSubject(); // the requesting user |
|
| 251 |
List<Group> groupList; // the user's groups |
|
| 267 | 252 |
|
| 253 |
// set the public user as a fallback |
|
| 254 |
if ( subject == null ) {
|
|
| 255 |
subject.setValue("Public");
|
|
| 256 |
session.setSubject(subject); |
|
| 257 |
|
|
| 258 |
} |
|
| 259 |
|
|
| 260 |
// convert groups to a string array (for handler) |
|
| 261 |
groupList = session.getSubjectList().getGroupList(); |
|
| 262 |
String[] groups = new String[groupList.size()]; |
|
| 263 |
|
|
| 264 |
// get the local docid from Metacat |
|
| 265 |
try {
|
|
| 266 |
localId = IdentifierManager.getInstance().getLocalId(pid.getValue()); |
|
| 267 |
|
|
| 268 | 268 |
} catch (McdbDocNotFoundException e) {
|
| 269 | 269 |
throw new NotFound("1020", "The object specified by " +
|
| 270 |
pid.getValue() +
|
|
| 271 |
"does not exist at this node.");
|
|
| 270 |
pid.getValue() +
|
|
| 271 |
"does not exist at this node.");
|
|
| 272 | 272 |
} |
| 273 | 273 |
|
| 274 | 274 |
// check for authorization |
| 275 |
allowed = isAuthorized(session, pid, Permission.READ);
|
|
| 276 |
|
|
| 277 |
// if the person is authorized, perform the read
|
|
| 278 |
if ( allowed ) {
|
|
| 279 |
|
|
| 280 |
for ( int i = 0; i > groupList.size(); i++ ) {
|
|
| 281 |
groups[i] = groupList.get(i).getGroupName();
|
|
| 282 |
|
|
| 283 |
}
|
|
| 284 |
|
|
| 285 |
// get the object bytes
|
|
| 286 |
// TODO: stream to file to stream conversion throughout Metacat needs to
|
|
| 287 |
// be resolved
|
|
| 275 |
allowed = isAuthorized(session, pid, Permission.READ);
|
|
| 276 |
|
|
| 277 |
// if the person is authorized, perform the read
|
|
| 278 |
if ( allowed ) {
|
|
| 279 |
|
|
| 280 |
for ( int i = 0; i > groupList.size(); i++ ) {
|
|
| 281 |
groups[i] = groupList.get(i).getGroupName();
|
|
| 282 |
|
|
| 283 |
}
|
|
| 284 |
|
|
| 285 |
// get the object bytes
|
|
| 286 |
// TODO: stream to file to stream conversion throughout Metacat needs to
|
|
| 287 |
// be resolved
|
|
| 288 | 288 |
File tmpDir; |
| 289 | 289 |
try |
| 290 | 290 |
{
|
| ... | ... | |
| 301 | 301 |
final File outputFile = new File(tmpDir, "metacat.output." + d.getTime()); |
| 302 | 302 |
FileOutputStream dataSink; |
| 303 | 303 |
try {
|
| 304 |
dataSink = new FileOutputStream(outputFile);
|
|
| 305 |
handler.readFromMetacat(localId, null,
|
|
| 304 |
dataSink = new FileOutputStream(outputFile);
|
|
| 305 |
handler.readFromMetacat(localId, null,
|
|
| 306 | 306 |
dataSink, localId, "xml", |
| 307 | 307 |
subject.getValue(), |
| 308 | 308 |
groups, true, params); |
| ... | ... | |
| 350 | 350 |
e.getMessage()); |
| 351 | 351 |
|
| 352 | 352 |
} catch (InsufficientKarmaException e) {
|
| 353 |
// TODO Auto-generated catch block
|
|
| 354 |
e.printStackTrace();
|
|
| 353 |
// TODO Auto-generated catch block
|
|
| 354 |
e.printStackTrace();
|
|
| 355 | 355 |
} |
| 356 | 356 |
|
| 357 | 357 |
//set a timer to clean up the temp files |
| ... | ... | |
| 366 | 366 |
t.schedule(tt, 20000); //schedule after 20 secs |
| 367 | 367 |
|
| 368 | 368 |
try {
|
| 369 |
inputStream = new FileInputStream(outputFile);
|
|
| 369 |
inputStream = new FileInputStream(outputFile);
|
|
| 370 | 370 |
} catch (FileNotFoundException e) {
|
| 371 | 371 |
throw new ServiceFailure("1020", "The object specified by " +
|
| 372 | 372 |
pid.getValue() + |
| 373 | 373 |
"could not be returned due to a file read error: " + |
| 374 | 374 |
e.getMessage()); |
| 375 | 375 |
|
| 376 |
}
|
|
| 377 |
|
|
| 378 |
}
|
|
| 376 |
}
|
|
| 377 |
|
|
| 378 |
}
|
|
| 379 | 379 |
|
| 380 |
// if we fail to set the input stream
|
|
| 381 |
if ( inputStream == null ) {
|
|
| 380 |
// if we fail to set the input stream
|
|
| 381 |
if ( inputStream == null ) {
|
|
| 382 | 382 |
throw new NotFound("1020", "The object specified by " +
|
| 383 | 383 |
pid.getValue() + |
| 384 | 384 |
"does not exist at this node."); |
| 385 |
}
|
|
| 386 |
|
|
| 387 |
return inputStream;
|
|
| 388 |
}
|
|
| 385 |
}
|
|
| 386 |
|
|
| 387 |
return inputStream;
|
|
| 388 |
}
|
|
| 389 | 389 |
|
| 390 |
/**
|
|
| 391 |
* Return the system metadata for a given object
|
|
| 392 |
*
|
|
| 393 |
* @param session - the Session object containing the credentials for the Subject
|
|
| 394 |
* @param pid - the object identifier for the given object
|
|
| 395 |
*
|
|
| 396 |
* @return inputStream - the input stream of the given system metadata object
|
|
| 397 |
*
|
|
| 398 |
* @throws InvalidToken
|
|
| 399 |
* @throws ServiceFailure
|
|
| 400 |
* @throws NotAuthorized
|
|
| 401 |
* @throws NotFound
|
|
| 402 |
* @throws InvalidRequest
|
|
| 403 |
* @throws NotImplemented
|
|
| 404 |
*/
|
|
| 405 |
public SystemMetadata getSystemMetadata(Session session, Identifier pid)
|
|
| 390 |
/**
|
|
| 391 |
* Return the system metadata for a given object
|
|
| 392 |
*
|
|
| 393 |
* @param session - the Session object containing the credentials for the Subject
|
|
| 394 |
* @param pid - the object identifier for the given object
|
|
| 395 |
*
|
|
| 396 |
* @return inputStream - the input stream of the given system metadata object
|
|
| 397 |
*
|
|
| 398 |
* @throws InvalidToken
|
|
| 399 |
* @throws ServiceFailure
|
|
| 400 |
* @throws NotAuthorized
|
|
| 401 |
* @throws NotFound
|
|
| 402 |
* @throws InvalidRequest
|
|
| 403 |
* @throws NotImplemented
|
|
| 404 |
*/
|
|
| 405 |
public SystemMetadata getSystemMetadata(Session session, Identifier pid)
|
|
| 406 | 406 |
throws InvalidToken, ServiceFailure, NotAuthorized, NotFound, |
| 407 | 407 |
InvalidRequest, NotImplemented {
|
| 408 | 408 |
|
| 409 |
if (!isAuthorized(session, pid, Permission.READ)) {
|
|
| 410 |
throw new NotAuthorized("1400", Permission.READ + " not allowed on " + pid.getValue());
|
|
| 411 |
}
|
|
| 412 |
SystemMetadata systemMetadata = null;
|
|
| 413 |
try {
|
|
| 414 |
systemMetadata = IdentifierManager.getInstance().getSystemMetadata(pid.getValue());
|
|
| 415 |
} catch (McdbDocNotFoundException e) {
|
|
| 416 |
throw new NotFound("1420", "No record found for: " + pid.getValue());
|
|
| 417 |
}
|
|
| 418 |
|
|
| 419 |
return systemMetadata;
|
|
| 409 |
if (!isAuthorized(session, pid, Permission.READ)) {
|
|
| 410 |
throw new NotAuthorized("1400", Permission.READ + " not allowed on " + pid.getValue());
|
|
| 411 |
}
|
|
| 412 |
SystemMetadata systemMetadata = null;
|
|
| 413 |
try {
|
|
| 414 |
systemMetadata = IdentifierManager.getInstance().getSystemMetadata(pid.getValue());
|
|
| 415 |
} catch (McdbDocNotFoundException e) {
|
|
| 416 |
throw new NotFound("1420", "No record found for: " + pid.getValue());
|
|
| 417 |
}
|
|
| 418 |
|
|
| 419 |
return systemMetadata;
|
|
| 420 | 420 |
} |
| 421 |
|
|
| 422 |
/* End methods common to CNRead and MNRead APIs */
|
|
| 421 |
|
|
| 422 |
/* End methods common to CNRead and MNRead APIs */
|
|
| 423 | 423 |
|
| 424 |
/* Methods common to CNAuthorization and MNAuthorization APIs */
|
|
| 424 |
/* Methods common to CNAuthorization and MNAuthorization APIs */
|
|
| 425 | 425 |
|
| 426 |
/**
|
|
| 427 |
* Set access for a given object using the object identifier and a Subject
|
|
| 428 |
* under a given Session.
|
|
| 429 |
*
|
|
| 430 |
* @param session - the Session object containing the credentials for the Subject
|
|
| 431 |
* @param pid - the object identifier for the given object to apply the policy
|
|
| 432 |
* @param policy - the access policy to be applied
|
|
| 433 |
*
|
|
| 434 |
* @return true if the application of the policy succeeds
|
|
| 435 |
* @throws InvalidToken
|
|
| 436 |
* @throws ServiceFailure
|
|
| 437 |
* @throws NotFound
|
|
| 438 |
* @throws NotAuthorized
|
|
| 439 |
* @throws NotImplemented
|
|
| 440 |
* @throws InvalidRequest
|
|
| 441 |
*/
|
|
| 442 |
public boolean setAccessPolicy(Session session, Identifier pid,
|
|
| 426 |
/**
|
|
| 427 |
* Set access for a given object using the object identifier and a Subject
|
|
| 428 |
* under a given Session.
|
|
| 429 |
*
|
|
| 430 |
* @param session - the Session object containing the credentials for the Subject
|
|
| 431 |
* @param pid - the object identifier for the given object to apply the policy
|
|
| 432 |
* @param policy - the access policy to be applied
|
|
| 433 |
*
|
|
| 434 |
* @return true if the application of the policy succeeds
|
|
| 435 |
* @throws InvalidToken
|
|
| 436 |
* @throws ServiceFailure
|
|
| 437 |
* @throws NotFound
|
|
| 438 |
* @throws NotAuthorized
|
|
| 439 |
* @throws NotImplemented
|
|
| 440 |
* @throws InvalidRequest
|
|
| 441 |
*/
|
|
| 442 |
public boolean setAccessPolicy(Session session, Identifier pid,
|
|
| 443 | 443 |
AccessPolicy accessPolicy) |
| 444 |
throws InvalidToken, ServiceFailure, NotFound, NotAuthorized,
|
|
| 445 |
NotImplemented, InvalidRequest {
|
|
| 444 |
throws InvalidToken, ServiceFailure, NotFound, NotAuthorized,
|
|
| 445 |
NotImplemented, InvalidRequest {
|
|
| 446 | 446 |
|
| 447 |
boolean success = false;
|
|
| 448 |
|
|
| 449 |
// get the subject
|
|
| 450 |
Subject subject = session.getSubject();
|
|
| 451 |
// get the system metadata
|
|
| 452 |
String guid = pid.getValue();
|
|
| 453 |
|
|
| 454 |
// are we allowed to do this?
|
|
| 455 |
if (!isAuthorized(session, pid, Permission.CHANGE_PERMISSION)) {
|
|
| 456 |
throw new NotAuthorized("4420", "not allowed by " + subject.getValue() + " on " + guid);
|
|
| 457 |
}
|
|
| 458 |
|
|
| 459 |
SystemMetadata systemMetadata = null;
|
|
| 460 |
try {
|
|
| 461 |
systemMetadata = IdentifierManager.getInstance().getSystemMetadata(guid);
|
|
| 462 |
} catch (McdbDocNotFoundException e) {
|
|
| 463 |
throw new NotFound("4400", "No record found for: " + guid);
|
|
| 464 |
}
|
|
| 465 |
|
|
| 466 |
// set the access policy
|
|
| 467 |
systemMetadata.setAccessPolicy(accessPolicy);
|
|
| 468 |
|
|
| 469 |
// update the metadata
|
|
| 470 |
try {
|
|
| 471 |
IdentifierManager.getInstance().updateSystemMetadata(systemMetadata);
|
|
| 472 |
success = true;
|
|
| 473 |
} catch (McdbDocNotFoundException e) {
|
|
| 474 |
throw new ServiceFailure("4430", e.getMessage());
|
|
| 475 |
}
|
|
| 447 |
boolean success = false;
|
|
| 448 |
|
|
| 449 |
// get the subject
|
|
| 450 |
Subject subject = session.getSubject();
|
|
| 451 |
// get the system metadata
|
|
| 452 |
String guid = pid.getValue();
|
|
| 453 |
|
|
| 454 |
// are we allowed to do this?
|
|
| 455 |
if (!isAuthorized(session, pid, Permission.CHANGE_PERMISSION)) {
|
|
| 456 |
throw new NotAuthorized("4420", "not allowed by " + subject.getValue() + " on " + guid);
|
|
| 457 |
}
|
|
| 458 |
|
|
| 459 |
SystemMetadata systemMetadata = null;
|
|
| 460 |
try {
|
|
| 461 |
systemMetadata = IdentifierManager.getInstance().getSystemMetadata(guid);
|
|
| 462 |
} catch (McdbDocNotFoundException e) {
|
|
| 463 |
throw new NotFound("4400", "No record found for: " + guid);
|
|
| 464 |
}
|
|
| 465 |
|
|
| 466 |
// set the access policy
|
|
| 467 |
systemMetadata.setAccessPolicy(accessPolicy);
|
|
| 468 |
|
|
| 469 |
// update the metadata
|
|
| 470 |
try {
|
|
| 471 |
IdentifierManager.getInstance().updateSystemMetadata(systemMetadata);
|
|
| 472 |
success = true;
|
|
| 473 |
} catch (McdbDocNotFoundException e) {
|
|
| 474 |
throw new ServiceFailure("4430", e.getMessage());
|
|
| 475 |
}
|
|
| 476 | 476 |
|
| 477 |
return success;
|
|
| 478 |
}
|
|
| 479 |
|
|
| 480 |
/**
|
|
| 481 |
* Test if the user identified by the provided token has authorization
|
|
| 482 |
* for operation on the specified object.
|
|
| 483 |
*
|
|
| 484 |
* @param session - the Session object containing the credentials for the Subject
|
|
| 485 |
* @param pid - The identifer of the resource for which access is being checked
|
|
| 486 |
* @param operation - The type of operation which is being requested for the given pid
|
|
| 487 |
*
|
|
| 488 |
* @return true if the operation is allowed
|
|
| 489 |
*
|
|
| 490 |
* @throws ServiceFailure
|
|
| 491 |
* @throws InvalidToken
|
|
| 492 |
* @throws NotFound
|
|
| 493 |
* @throws NotAuthorized
|
|
| 494 |
* @throws NotImplemented
|
|
| 495 |
* @throws InvalidRequest
|
|
| 496 |
*/
|
|
| 497 |
public boolean isAuthorized(Session session, Identifier pid, Permission permission)
|
|
| 498 |
throws ServiceFailure, InvalidToken, NotFound, NotAuthorized,
|
|
| 499 |
NotImplemented, InvalidRequest {
|
|
| 477 |
return success;
|
|
| 478 |
}
|
|
| 479 |
|
|
| 480 |
/**
|
|
| 481 |
* Test if the user identified by the provided token has authorization
|
|
| 482 |
* for operation on the specified object.
|
|
| 483 |
*
|
|
| 484 |
* @param session - the Session object containing the credentials for the Subject
|
|
| 485 |
* @param pid - The identifer of the resource for which access is being checked
|
|
| 486 |
* @param operation - The type of operation which is being requested for the given pid
|
|
| 487 |
*
|
|
| 488 |
* @return true if the operation is allowed
|
|
| 489 |
*
|
|
| 490 |
* @throws ServiceFailure
|
|
| 491 |
* @throws InvalidToken
|
|
| 492 |
* @throws NotFound
|
|
| 493 |
* @throws NotAuthorized
|
|
| 494 |
* @throws NotImplemented
|
|
| 495 |
* @throws InvalidRequest
|
|
| 496 |
*/
|
|
| 497 |
public boolean isAuthorized(Session session, Identifier pid, Permission permission)
|
|
| 498 |
throws ServiceFailure, InvalidToken, NotFound, NotAuthorized,
|
|
| 499 |
NotImplemented, InvalidRequest {
|
|
| 500 | 500 |
|
| 501 |
boolean allowed = false;
|
|
| 502 |
|
|
| 503 |
// get the subjects from the session
|
|
| 504 |
List<Subject> subjects = new ArrayList<Subject>();
|
|
| 505 |
subjects.add(session.getSubject());
|
|
| 506 |
for (Person p: session.getSubjectList().getPersonList()) {
|
|
| 507 |
subjects.add(p.getSubject());
|
|
| 508 |
}
|
|
| 509 |
for (Group g: session.getSubjectList().getGroupList()) {
|
|
| 510 |
subjects.add(g.getSubject());
|
|
| 511 |
}
|
|
| 512 |
|
|
| 513 |
// get the system metadata
|
|
| 514 |
String guid = pid.getValue();
|
|
| 515 |
SystemMetadata systemMetadata = null;
|
|
| 516 |
try {
|
|
| 517 |
systemMetadata = IdentifierManager.getInstance().getSystemMetadata(guid);
|
|
| 518 |
} catch (McdbDocNotFoundException e) {
|
|
| 519 |
throw new NotFound("1800", "No record found for: " + guid);
|
|
| 520 |
}
|
|
| 521 |
List<AccessRule> allows = systemMetadata.getAccessPolicy().getAllowList();
|
|
| 522 |
for (AccessRule accessRule: allows) {
|
|
| 523 |
for (Subject subject: subjects) {
|
|
| 524 |
if (accessRule.getSubjectList().contains(subject)) {
|
|
| 525 |
allowed = accessRule.getPermissionList().contains(permission);
|
|
| 526 |
if (allowed) {
|
|
| 527 |
break;
|
|
| 528 |
}
|
|
| 529 |
}
|
|
| 530 |
}
|
|
| 531 |
}
|
|
| 532 |
|
|
| 533 |
// TODO: throw or return?
|
|
| 534 |
if (!allowed) {
|
|
| 535 |
throw new NotAuthorized("1820", permission + "not allowed on " + guid);
|
|
| 536 |
}
|
|
| 537 |
return allowed;
|
|
| 538 |
}
|
|
| 501 |
boolean allowed = false;
|
|
| 502 |
|
|
| 503 |
// get the subjects from the session
|
|
| 504 |
List<Subject> subjects = new ArrayList<Subject>();
|
|
| 505 |
subjects.add(session.getSubject());
|
|
| 506 |
for (Person p: session.getSubjectList().getPersonList()) {
|
|
| 507 |
subjects.add(p.getSubject());
|
|
| 508 |
}
|
|
| 509 |
for (Group g: session.getSubjectList().getGroupList()) {
|
|
| 510 |
subjects.add(g.getSubject());
|
|
| 511 |
}
|
|
| 512 |
|
|
| 513 |
// get the system metadata
|
|
| 514 |
String guid = pid.getValue();
|
|
| 515 |
SystemMetadata systemMetadata = null;
|
|
| 516 |
try {
|
|
| 517 |
systemMetadata = IdentifierManager.getInstance().getSystemMetadata(guid);
|
|
| 518 |
} catch (McdbDocNotFoundException e) {
|
|
| 519 |
throw new NotFound("1800", "No record found for: " + guid);
|
|
| 520 |
}
|
|
| 521 |
List<AccessRule> allows = systemMetadata.getAccessPolicy().getAllowList();
|
|
| 522 |
for (AccessRule accessRule: allows) {
|
|
| 523 |
for (Subject subject: subjects) {
|
|
| 524 |
if (accessRule.getSubjectList().contains(subject)) {
|
|
| 525 |
allowed = accessRule.getPermissionList().contains(permission);
|
|
| 526 |
if (allowed) {
|
|
| 527 |
break;
|
|
| 528 |
}
|
|
| 529 |
}
|
|
| 530 |
}
|
|
| 531 |
}
|
|
| 532 |
|
|
| 533 |
// TODO: throw or return?
|
|
| 534 |
if (!allowed) {
|
|
| 535 |
throw new NotAuthorized("1820", permission + "not allowed on " + guid);
|
|
| 536 |
}
|
|
| 537 |
return allowed;
|
|
| 538 |
}
|
|
| 539 | 539 |
|
| 540 |
/* End methods common to CNAuthorization and MNAuthorization APIs */
|
|
| 541 |
|
|
| 542 |
/**
|
|
| 543 |
* parse a logEntry and get the relevant field from it
|
|
| 544 |
*
|
|
| 545 |
* @param fieldname
|
|
| 546 |
* @param entry
|
|
| 547 |
* @return
|
|
| 548 |
*/
|
|
| 549 |
private String getLogEntryField(String fieldname, String entry) {
|
|
| 550 |
String begin = "<" + fieldname + ">";
|
|
| 551 |
String end = "</" + fieldname + ">";
|
|
| 552 |
// logMetacat.debug("looking for " + begin + " and " + end +
|
|
| 553 |
// " in entry " + entry);
|
|
| 554 |
String s = entry.substring(entry.indexOf(begin) + begin.length(), entry
|
|
| 555 |
.indexOf(end));
|
|
| 556 |
logMetacat.debug("entry " + fieldname + " : " + s);
|
|
| 557 |
return s;
|
|
| 558 |
}
|
|
| 540 |
/* End methods common to CNAuthorization and MNAuthorization APIs */
|
|
| 541 |
|
|
| 542 |
/**
|
|
| 543 |
* parse a logEntry and get the relevant field from it
|
|
| 544 |
*
|
|
| 545 |
* @param fieldname
|
|
| 546 |
* @param entry
|
|
| 547 |
* @return
|
|
| 548 |
*/
|
|
| 549 |
private String getLogEntryField(String fieldname, String entry) {
|
|
| 550 |
String begin = "<" + fieldname + ">";
|
|
| 551 |
String end = "</" + fieldname + ">";
|
|
| 552 |
// logMetacat.debug("looking for " + begin + " and " + end +
|
|
| 553 |
// " in entry " + entry);
|
|
| 554 |
String s = entry.substring(entry.indexOf(begin) + begin.length(), entry
|
|
| 555 |
.indexOf(end));
|
|
| 556 |
logMetacat.debug("entry " + fieldname + " : " + s);
|
|
| 557 |
return s;
|
|
| 558 |
}
|
|
| 559 | 559 |
|
| 560 | 560 |
/** |
| 561 | 561 |
* set the params for this service from an HttpServletRequest param list |
| 562 |
* |
|
| 563 |
* @param request - the HTTP Servlet Request with the listed parameters |
|
| 562 | 564 |
*/ |
| 563 | 565 |
public void setParamsFromRequest(HttpServletRequest request) {
|
| 564 | 566 |
|
| 565 |
@SuppressWarnings("unchecked")
|
|
| 567 |
@SuppressWarnings("unchecked")
|
|
| 566 | 568 |
Enumeration<String> paramlist = request.getParameterNames(); |
| 567 | 569 |
while (paramlist.hasMoreElements()) {
|
| 568 | 570 |
String name = (String) paramlist.nextElement(); |
Also available in: Unified diff
Minor formatting changes - tabs to spaces, indents, etc.