Project

General

Profile

« Previous | Next » 

Revision 6552

Configure and use CertificateManager in order to act as the MN when performing replicate() and getReplica() mthods.

View differences:

lib/metacat.properties
521 521
dataone.hazelcast.processCluster.instances=127.0.0.1
522 522
dataone.hazelcast.processCluster.nodesMap=hzNodes
523 523

  
524
# Configure the Member Node client certificate location
525
D1Client.certificate.file=/etc/dataone/client/certs/METACAT1.pem
524 526

  
527

  
src/edu/ucsb/nceas/metacat/dataone/MNodeService.java
39 39
import org.dataone.client.CNode;
40 40
import org.dataone.client.D1Client;
41 41
import org.dataone.client.MNode;
42
import org.dataone.client.auth.CertificateManager;
43
import org.dataone.configuration.Settings;
42 44
import org.dataone.service.exceptions.IdentifierNotUnique;
43 45
import org.dataone.service.exceptions.InsufficientResources;
44 46
import org.dataone.service.exceptions.InvalidRequest;
......
142 144
    private MNodeService(HttpServletRequest request) {
143 145
        super(request);
144 146
        logMetacat = Logger.getLogger(MNodeService.class);
147
        
148
        // set the Member Node certificate file location
149
        CertificateManager.getInstance().setCertificateLocation(Settings.getConfiguration().getString("D1Client.certificate.file"));
145 150
    }
146 151

  
147 152
    /**
......
407 412
        CNode cn = D1Client.getCN();
408 413
        
409 414
        InputStream object = null;
410

  
415
        
411 416
        try {
412
            object = mn.getReplica(session, pid);
417
        	// session should be null to use the default certificate location set in the Certificate manager
418
            object = mn.getReplica(null, pid);
413 419
            logMetacat.info("MNodeService.replicate() called for identifier " + pid.getValue());
414 420

  
415 421
        } catch (InvalidToken e) {
......
423 429
        // add it to local store
424 430
        Identifier retPid;
425 431
        try {
426
            retPid = create(session, pid, object, sysmeta);
432
        	// skip the MN.create -- this mutates the system metadata and we dont want it to
433
            retPid = super.create(session, pid, object, sysmeta);
427 434
            result = (retPid.getValue().equals(pid.getValue()));
428 435
        } catch (InvalidToken e) {
429 436
            e.printStackTrace();
......
437 444
        }
438 445

  
439 446
        try {
440
            session = null;
441
            cn.setReplicationStatus(session, pid, sourceNode, ReplicationStatus.COMPLETED);
447
        	// call the CN as the MN to set the replication status
448
            cn.setReplicationStatus(null, pid, sourceNode, ReplicationStatus.COMPLETED);
442 449
            
443 450
        } catch (InvalidToken e) {
444 451
            // TODO Auto-generated catch block
......
913 920
            throw new NotFound("1020", "The object specified by " + pid.getValue() + " does not exist at this node.");
914 921
        }
915 922

  
916
        Node node = this.getCapabilities();
917
        Subject targetNodeSubject = node.getSubject(0);
923
        Subject targetNodeSubject = session.getSubject();
918 924

  
919
        // check for authorization to replicate
920
        allowed = D1Client.getCN().isNodeAuthorized(session, targetNodeSubject, pid, Permission.REPLICATE);
925
        // check for authorization to replicate, null session to act as this source MN
926
        allowed = D1Client.getCN().isNodeAuthorized(null, targetNodeSubject, pid, Permission.REPLICATE);
921 927

  
922 928
        logMetacat.info("Called D1Client.isNodeAuthorized(). Allowed = " + allowed +
923 929
            " for identifier " + pid.getValue());

Also available in: Unified diff