/src/edu/ucsb/nceas/metacat/dataone/D1NodeService.java - Annotate - Metacat - Ecoinformatics Redmine

metacat/src/edu/ucsb/nceas/metacat/dataone/D1NodeService.java @ 7059

-            cjones
+/**
  *  '$RCSfile$'
  *  Copyright: 2000-2011 Regents of the University of California and the
  *              National Center for Ecological Analysis and Synthesis
+ *
  *   '$Author$'
  *     '$Date$'
+ *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
  * the Free Software Foundation; either version 2 of the License, or
  * (at your option) any later version.
+ *
  * This program is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
+ *
  * You should have received a copy of the GNU General Public License
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
 package edu.ucsb.nceas.metacat.dataone;
-            cjones
+import java.io.File;
 import java.io.FileNotFoundException;
 import java.io.FileOutputStream;
 import java.io.IOException;
-            cjones
+import java.io.InputStream;
-            cjones
+import java.io.OutputStream;
-            cjones
+import java.sql.SQLException;
-            leinfelder
+import java.util.ArrayList;
-            leinfelder
+import java.util.Calendar;
-            cjones
+import java.util.Date;
-            cjones
+import java.util.Hashtable;
-            leinfelder
+import java.util.List;
-            cjones
+import java.util.Timer;
-            leinfelder
+import java.util.Vector;
             cjones
-            leinfelder
+import javax.servlet.http.HttpServletRequest;
             cjones
             leinfelder
-            cjones
+import org.apache.commons.io.IOUtils;
-            leinfelder
+import org.apache.log4j.Logger;
-            cjones
+import org.dataone.client.CNode;
 import org.dataone.client.D1Client;
-            cjones
+import org.dataone.client.ObjectFormatCache;
-            leinfelder
+import org.dataone.service.util.Constants;
-            leinfelder
+import org.dataone.service.util.DateTimeMarshaller;
-            cjones
+import org.dataone.service.exceptions.IdentifierNotUnique;
 import org.dataone.service.exceptions.InsufficientResources;
-            cjones
+import org.dataone.service.exceptions.InvalidRequest;
-            cjones
+import org.dataone.service.exceptions.InvalidSystemMetadata;
-            cjones
+import org.dataone.service.exceptions.InvalidToken;
 import org.dataone.service.exceptions.NotAuthorized;
 import org.dataone.service.exceptions.NotFound;
 import org.dataone.service.exceptions.NotImplemented;
 import org.dataone.service.exceptions.ServiceFailure;
-            cjones
+import org.dataone.service.exceptions.UnsupportedType;
-            leinfelder
+import org.dataone.service.types.v1.AccessPolicy;
 import org.dataone.service.types.v1.AccessRule;
-            leinfelder
+import org.dataone.service.types.v1.DescribeResponse;
-            leinfelder
+import org.dataone.service.types.v1.Event;
 import org.dataone.service.types.v1.Identifier;
 import org.dataone.service.types.v1.Group;
 import org.dataone.service.types.v1.Log;
 import org.dataone.service.types.v1.LogEntry;
-            cjones
+import org.dataone.service.types.v1.Node;
-            leinfelder
+import org.dataone.service.types.v1.NodeReference;
-            cjones
+import org.dataone.service.types.v1.NodeType;
-            leinfelder
+import org.dataone.service.types.v1.ObjectFormat;
 import org.dataone.service.types.v1.Permission;
 import org.dataone.service.types.v1.Person;
 import org.dataone.service.types.v1.Session;
 import org.dataone.service.types.v1.Subject;
-            leinfelder
+import org.dataone.service.types.v1.SubjectInfo;
-            leinfelder
+import org.dataone.service.types.v1.SubjectList;
 import org.dataone.service.types.v1.SystemMetadata;
-            leinfelder
+import org.dataone.service.types.v1.util.ChecksumUtil;
             cjones
-            cjones
+import edu.ucsb.nceas.metacat.AccessionNumberException;
 import edu.ucsb.nceas.metacat.DocumentImpl;
-            leinfelder
+import edu.ucsb.nceas.metacat.EventLog;
 import edu.ucsb.nceas.metacat.IdentifierManager;
-            leinfelder
+import edu.ucsb.nceas.metacat.McdbDocNotFoundException;
-            cjones
+import edu.ucsb.nceas.metacat.MetacatHandler;
-            leinfelder
+import edu.ucsb.nceas.metacat.database.DBConnection;
 import edu.ucsb.nceas.metacat.database.DBConnectionPool;
-            leinfelder
+import edu.ucsb.nceas.metacat.dataone.hazelcast.HazelcastService;
-            cjones
+import edu.ucsb.nceas.metacat.properties.PropertyService;
-            cjones
+import edu.ucsb.nceas.metacat.replication.ForceReplicationHandler;
-            leinfelder
+import edu.ucsb.nceas.metacat.util.DocumentUtil;
-            cjones
+import edu.ucsb.nceas.metacat.util.SystemUtil;
-            cjones
+import edu.ucsb.nceas.utilities.PropertyNotFoundException;
             leinfelder
-            cjones
+public abstract class D1NodeService {
             cjones
-            cjones
+  private static Logger logMetacat = Logger.getLogger(D1NodeService.class);
             leinfelder
-            leinfelder
+  /** For logging the operations */
   protected HttpServletRequest request;
             cjones
-            cjones
+  /* reference to the metacat handler */
-            leinfelder
+  protected MetacatHandler handler;
             cjones
-            cjones
+  /* parameters set in the incoming request */
   private Hashtable<String, String[]> params;
-            cjones
+  /**
    * Constructor - used to set the metacatUrl from a subclass extending D1NodeService
+   *
    * @param metacatUrl - the URL of the metacat service, including the ending /d1
    */
-            leinfelder
+  public D1NodeService(HttpServletRequest request) {
 		this.request = request;
+	}
             cjones
   /**
-            leinfelder
+   * This method provides a lighter weight mechanism than
    * getSystemMetadata() for a client to determine basic
    * properties of the referenced object.
+   *
    * @param session - the Session object containing the credentials for the Subject
    * @param pid - the identifier of the object to be described
+   *
    * @return describeResponse - A set of values providing a basic description
    *                            of the object.
+   *
    * @throws InvalidToken
    * @throws ServiceFailure
    * @throws NotAuthorized
    * @throws NotFound
    * @throws NotImplemented
    * @throws InvalidRequest
    */
   public DescribeResponse describe(Session session, Identifier pid)
       throws InvalidToken, ServiceFailure, NotAuthorized, NotFound, NotImplemented {
     // get system metadata and construct the describe response
       SystemMetadata sysmeta = getSystemMetadata(session, pid);
       DescribeResponse describeResponse =
       	new DescribeResponse(sysmeta.getFormatId(), sysmeta.getSize(),
       			sysmeta.getDateSysMetadataModified(),
       			sysmeta.getChecksum(), sysmeta.getSerialVersion());
       return describeResponse;
+  }
   /**
    * Low level, "are you alive" operation. A valid ping response is
    * indicated by a HTTP status of 200.
+   *
    * @return true if the service is alive
+   *
    * @throws NotImplemented
    * @throws ServiceFailure
    * @throws InsufficientResources
    */
   public Date ping()
       throws NotImplemented, ServiceFailure, InsufficientResources {
       // test if we can get a database connection
       int serialNumber = -1;
       DBConnection dbConn = null;
       try {
           dbConn = DBConnectionPool.getDBConnection("MNodeService.ping");
           serialNumber = dbConn.getCheckOutSerialNumber();
       } catch (SQLException e) {
       	ServiceFailure sf = new ServiceFailure("", e.getMessage());
       	sf.initCause(e);
           throw sf;
       } finally {
           // Return the database connection
           DBConnectionPool.returnDBConnection(dbConn, serialNumber);
+      }
       return Calendar.getInstance().getTime();
+  }
   /**
-            cjones
+   * Adds a new object to the Node, where the object is either a data
    * object or a science metadata object. This method is called by clients
    * to create new data objects on Member Nodes or internally for Coordinating
    * Nodes
+   *
    * @param session - the Session object containing the credentials for the Subject
    * @param pid - The object identifier to be created
    * @param object - the object bytes
    * @param sysmeta - the system metadata that describes the object
+   *
    * @return pid - the object identifier created
+   *
    * @throws InvalidToken
    * @throws ServiceFailure
    * @throws NotAuthorized
    * @throws IdentifierNotUnique
    * @throws UnsupportedType
    * @throws InsufficientResources
    * @throws InvalidSystemMetadata
    * @throws NotImplemented
    * @throws InvalidRequest
    */
   public Identifier create(Session session, Identifier pid, InputStream object,
     SystemMetadata sysmeta)
     throws InvalidToken, ServiceFailure, NotAuthorized, IdentifierNotUnique,
     UnsupportedType, InsufficientResources, InvalidSystemMetadata,
     NotImplemented, InvalidRequest {
             cjones
-            cjones
+    Identifier resultPid = null;
     String localId = null;
     boolean allowed = false;
-            leinfelder
+    // check for null session
     if (session == null) {
     	throw new InvalidToken("4894", "Session is required to WRITE to the Node.");
+    }
     Subject subject = session.getSubject();
-            leinfelder
+    Subject publicSubject = new Subject();
     publicSubject.setValue(Constants.SUBJECT_PUBLIC);
 	// be sure the user is authenticated for create()
-            leinfelder
+    if (subject == null || subject.getValue() == null ||
-            leinfelder
+        subject.equals(publicSubject) ) {
-            cjones
+      throw new NotAuthorized("1100", "The provided identity does not have " +
-            leinfelder
+        "permission to WRITE to the Node.");
             cjones
+    }
     // verify that pid == SystemMetadata.getIdentifier()
     logMetacat.debug("Comparing pid|sysmeta_pid: " +
       pid.getValue() + "|" + sysmeta.getIdentifier().getValue());
     if (!pid.getValue().equals(sysmeta.getIdentifier().getValue())) {
         throw new InvalidSystemMetadata("1180",
             "The supplied system metadata is invalid. " +
             "The identifier " + pid.getValue() + " does not match identifier" +
             "in the system metadata identified by " +
             sysmeta.getIdentifier().getValue() + ".");
+    }
     logMetacat.debug("Checking if identifier exists...");
     // Check that the identifier does not already exist
-            leinfelder
+    if (IdentifierManager.getInstance().identifierExists(pid.getValue())) {
 	    	throw new IdentifierNotUnique("1120",
 			          "The requested identifier " + pid.getValue() +
 			          " is already used by another object and" +
 			          "therefore can not be used for this object. Clients should choose" +
 			          "a new identifier that is unique and retry the operation or " +
-            leinfelder
+			          "use CN.reserveIdentifier() to reserve one.");
             leinfelder
             cjones
             leinfelder
-            leinfelder
+    // check that we are not attempting to subvert versioning
     if (sysmeta.getObsoletes() != null && sysmeta.getObsoletes().getValue() != null) {
     	throw new InvalidSystemMetadata("1180",
     			"The supplied system metadata is invalid. " +
     			"The obsoletes field cannot have a value when creating entries.");
+    }
     if (sysmeta.getObsoletedBy() != null && sysmeta.getObsoletedBy().getValue() != null) {
     	throw new InvalidSystemMetadata("1180",
     			"The supplied system metadata is invalid. " +
     			"The obsoletedBy field cannot have a value when creating entries.");
+	}
-            leinfelder
+    // TODO: this probably needs to be refined more
-            cjones
+    try {
       allowed = isAuthorized(session, pid, Permission.WRITE);
     } catch (NotFound e) {
       // The identifier doesn't exist, writing should be fine.
       allowed = true;
+    }
-            leinfelder
+    // verify checksum, only if we can reset the inputstream
     if (object.markSupported()) {
 	    String checksumAlgorithm = sysmeta.getChecksum().getAlgorithm();
 	    String checksumValue = sysmeta.getChecksum().getValue();
 	    try {
 			String computedChecksumValue = ChecksumUtil.checksum(object, checksumAlgorithm).getValue();
 			// it's very important that we don't consume the stream
 			object.reset();
 			if (!computedChecksumValue.equals(checksumValue)) {
 				throw new InvalidSystemMetadata("4896", "Checksum given does not match that of the object");
+			}
 		} catch (Exception e) {
 			String msg = "Error verifying checksum values";
 	      	logMetacat.error(msg, e);
 	        throw new ServiceFailure("1190", msg + ": " + e.getMessage());
+		}
     } else {
     	logMetacat.warn("mark is not supported on the object's input stream - cannot verify checksum without consuming stream");
+    }
-            cjones
+    // we have the go ahead
     if ( allowed ) {
       // Science metadata (XML) or science data object?
       // TODO: there are cases where certain object formats are science metadata
       // but are not XML (netCDF ...).  Handle this.
       if ( isScienceMetadata(sysmeta) ) {
         // CASE METADATA:
       	String objectAsXML = "";
         try {
 	        objectAsXML = IOUtils.toString(object, "UTF-8");
 	        localId = insertOrUpdateDocument(objectAsXML, pid, session, "insert");
 	        //localId = im.getLocalId(pid.getValue());
         } catch (IOException e) {
         	String msg = "The Node is unable to create the object. " +
           "There was a problem converting the object to XML";
         	logMetacat.info(msg);
           throw new ServiceFailure("1190", msg + ": " + e.getMessage());
+        }
-            leinfelder
+      } else {
 	      // DEFAULT CASE: DATA (needs to be checked and completed)
 	      localId = insertDataObject(object, pid, session);
+      }
             cjones
             leinfelder
     // save the sysmeta
-            leinfelder
+    try {
-            cjones
+      // lock and unlock of the pid happens in the subclass
-            leinfelder
+    	HazelcastService.getInstance().getSystemMetadataMap().put(sysmeta.getIdentifier(), sysmeta);
             cjones
-            leinfelder
+    } catch (Exception e) {
-            leinfelder
+    	logMetacat.error("Problem creating system metadata: " + pid.getValue(), e);
-            leinfelder
+        throw new ServiceFailure("1190", e.getMessage());
+	}
             leinfelder
-            cjones
+    // setting the resulting identifier failed
-            leinfelder
+    if (localId == null ) {
       throw new ServiceFailure("1190", "The Node is unable to create the object. ");
             cjones
             leinfelder
-            leinfelder
+    resultPid = pid;
-            cjones
+    return resultPid;
+  }
-            cjones
+  /**
    * Return the log records associated with a given event between the start and
    * end dates listed given a particular Subject listed in the Session
+   *
    * @param session - the Session object containing the credentials for the Subject
    * @param fromDate - the start date of the desired log records
    * @param toDate - the end date of the desired log records
    * @param event - restrict log records of a specific event type
    * @param start - zero based offset from the first record in the
    *                set of matching log records. Used to assist with
    *                paging the response.
    * @param count - maximum number of log records to return in the response.
    *                Used to assist with paging the response.
+   *
    * @return the desired log records
+   *
    * @throws InvalidToken
    * @throws ServiceFailure
    * @throws NotAuthorized
    * @throws InvalidRequest
    * @throws NotImplemented
    */
   public Log getLogRecords(Session session, Date fromDate, Date toDate,
-            cjones
+      Event event, Integer start, Integer count) throws InvalidToken, ServiceFailure,
-            cjones
+      NotAuthorized, InvalidRequest, NotImplemented {
             cjones
             leinfelder
-            cjones
+    Log log = new Log();
-            leinfelder
+    List<LogEntry> logs = new Vector<LogEntry>();
-            cjones
+    IdentifierManager im = IdentifierManager.getInstance();
     EventLog el = EventLog.getInstance();
-            cjones
+    if ( fromDate == null ) {
-            cjones
+      logMetacat.debug("setting fromdate from null");
       fromDate = new Date(1);
+    }
-            cjones
+    if ( toDate == null ) {
-            cjones
+      logMetacat.debug("setting todate from null");
       toDate = new Date();
+    }
             leinfelder
-            cjones
+    if ( start == null ) {
     	start = 0;
+    }
     if ( count == null ) {
     	count = 1000;
+    }
-            cjones
+    logMetacat.debug("fromDate: " + fromDate);
     logMetacat.debug("toDate: " + toDate);
             leinfelder
-            cjones
+    String report = el.getReport(null, null, null, null,
         new java.sql.Timestamp(fromDate.getTime()),
         new java.sql.Timestamp(toDate.getTime()), false);
             leinfelder
-            cjones
+    logMetacat.debug("report: " + report);
             leinfelder
-            cjones
+    String logEntry = "<logEntry>";
     String endLogEntry = "</logEntry>";
     int startIndex = 0;
     int foundIndex = report.indexOf(logEntry, startIndex);
     while (foundIndex != -1) {
       // parse out each entry
       int endEntryIndex = report.indexOf(endLogEntry, foundIndex);
       String entry = report.substring(foundIndex, endEntryIndex);
       logMetacat.debug("entry: " + entry);
       startIndex = endEntryIndex + endLogEntry.length();
       foundIndex = report.indexOf(logEntry, startIndex);
             leinfelder
-            cjones
+      String entryId = getLogEntryField("entryid", entry);
       String ipAddress = getLogEntryField("ipAddress", entry);
       String principal = getLogEntryField("principal", entry);
-            leinfelder
+      String userAgent = getLogEntryField("userAgent", entry);
-            cjones
+      String docid = getLogEntryField("docid", entry);
       String eventS = getLogEntryField("event", entry);
       String dateLogged = getLogEntryField("dateLogged", entry);
             leinfelder
-            cjones
+      LogEntry le = new LogEntry();
             leinfelder
-            leinfelder
+      // handle Metacat -> DataONE event conversion
       if (eventS.equalsIgnoreCase("insert")) {
-            leinfelder
+    	  eventS = Event.CREATE.xmlValue();
             leinfelder
-            cjones
+      Event e = Event.convert(eventS);
       if (e == null) { // skip any events that are not Dataone Crud events
-            leinfelder
+          logMetacat.warn("skipping unknown event type: '" + eventS + "'");
           continue;
             cjones
       le.setEvent(e);
-            leinfelder
+      le.setEntryId(entryId);
-            cjones
+      Identifier identifier = new Identifier();
       try {
-            cjones
+        logMetacat.debug("converting docid '" + docid + "' to a pid.");
-            cjones
+        if (docid == null || docid.trim().equals("") || docid.trim().equals("null")) {
           continue;
+        }
-            leinfelder
+        String docidNoRev = DocumentUtil.getSmartDocId(docid);
         //docid = docid.substring(0, docid.lastIndexOf("."));
         int rev = DocumentUtil.getRevisionFromAccessionNumber(docid);
         //int rev = im.getLatestRevForLocalId(docid);
         String guid = im.getGUID(docidNoRev, rev);
         identifier.setValue(guid);
-            cjones
+      } catch (Exception ex) {
-            cjones
+        // try to get the pid, if that doesn't
-            cjones
+        // work, just use the local id
         // throw new ServiceFailure("1030",
-            cjones
+        // "Error getting pid for localId " +
-            cjones
+        // docid + ": " + ex.getMessage());\
             leinfelder
-            leinfelder
+          logMetacat.warn("could not find pid for docid '" + docid + "'");
-            cjones
+        // skip it if the pid can't be found
-            cjones
+        continue;
+      }
             leinfelder
-            leinfelder
+      // skip if we are not allowed to read the document in question
       // https://redmine.dataone.org/issues/2444
       boolean allowed = false;
       try {
     	  allowed = isAuthorized(session, identifier, Permission.READ);
       } catch (NotAuthorized ignore) {}
-            leinfelder
+      catch (NotFound nf) {
     	  logMetacat.warn("Could not check authorization for pid: " + identifier.getValue(), nf);
+      }
-            leinfelder
+      if (!allowed) {
     	  logMetacat.debug(Permission.READ + " not allowed on document: " + identifier.getValue());
     	  continue;
+      }
-            cjones
+      le.setIdentifier(identifier);
       le.setIpAddress(ipAddress);
-            leinfelder
+      Date logDate = DateTimeMarshaller.deserializeDateToUTC(dateLogged);
-            cjones
+      le.setDateLogged(logDate);
       NodeReference memberNode = new NodeReference();
-            cjones
+      String nodeId = "localhost";
       try {
           nodeId = PropertyService.getProperty("dataone.nodeId");
       } catch (PropertyNotFoundException e1) {
           // TODO Auto-generated catch block
           e1.printStackTrace();
+      }
       memberNode.setValue(nodeId);
-            leinfelder
+      le.setNodeIdentifier(memberNode);
-            cjones
+      Subject princ = new Subject();
       princ.setValue(principal);
       le.setSubject(princ);
-            leinfelder
+      le.setUserAgent(userAgent);
             leinfelder
-            leinfelder
+      // event filtering?
-            cjones
+      if (event == null) {
-            leinfelder
+    	  logs.add(le);
       } else if (le.getEvent().equals(event)) {
     	  logs.add(le);
             cjones
+    }
             leinfelder
     // d1 paging
     int total = logs.size();
     if (start != null && count != null) {
     	int toIndex = start + count;
-            leinfelder
+    	// do not exceed total
     	toIndex = Math.min(toIndex, total);
     	// do not start greater than total
     	start = Math.min(start, total);
     	// sub set of the list
     	logs = new ArrayList<LogEntry>(logs.subList(start, toIndex));
             leinfelder
             leinfelder
-            cjones
+    log.setLogEntryList(logs);
-            leinfelder
+    log.setStart(start);
     log.setCount(logs.size());
     log.setTotal(total);
-            cjones
+    logMetacat.info("getLogRecords");
     return log;
+  }
             cjones
-            cjones
+  /**
    * Return the object identified by the given object identifier
+   *
    * @param session - the Session object containing the credentials for the Subject
    * @param pid - the object identifier for the given object
+   *
    * TODO: The D1 Authorization API doesn't provide information on which
    * authentication system the Subject belongs to, and so it's not possible to
    * discern which Person or Group is a valid KNB LDAP DN.  Fix this.
+   *
    * @return inputStream - the input stream of the given object
+   *
    * @throws InvalidToken
    * @throws ServiceFailure
    * @throws NotAuthorized
    * @throws InvalidRequest
    * @throws NotImplemented
    */
   public InputStream get(Session session, Identifier pid)
     throws InvalidToken, ServiceFailure, NotAuthorized, NotFound,
-            cjones
+    NotImplemented {
             cjones
-            cjones
+    InputStream inputStream = null; // bytes to be returned
-            cjones
+    handler = new MetacatHandler(new Timer());
-            cjones
+    boolean allowed = false;
     String localId; // the metacat docid for the pid
             cjones
-            cjones
+    // get the local docid from Metacat
     try {
       localId = IdentifierManager.getInstance().getLocalId(pid.getValue());
-            cjones
+    } catch (McdbDocNotFoundException e) {
       throw new NotFound("1020", "The object specified by " +
-            cjones
+                         pid.getValue() +
-            leinfelder
+                         " does not exist at this node.");
             cjones
     // check for authorization
-            leinfelder
+    try {
 		allowed = isAuthorized(session, pid, Permission.READ);
 	} catch (InvalidRequest e) {
 		throw new ServiceFailure("1030", e.getDescription());
+	}
             cjones
     // if the person is authorized, perform the read
-            leinfelder
+    if (allowed) {
-            cjones
+      try {
-            leinfelder
+        inputStream = handler.read(localId);
       } catch (Exception e) {
-            cjones
+        throw new ServiceFailure("1020", "The object specified by " +
             pid.getValue() +
-            leinfelder
+            "could not be returned due to error: " +
-            cjones
+            e.getMessage());
+      }
             cjones
             cjones
-            cjones
+    // if we fail to set the input stream
     if ( inputStream == null ) {
-            cjones
+      throw new NotFound("1020", "The object specified by " +
                          pid.getValue() +
                          "does not exist at this node.");
             cjones
-            leinfelder
+	// log the read event
-            leinfelder
+    String principal = Constants.SUBJECT_PUBLIC;
-            leinfelder
+    if (session != null && session.getSubject() != null) {
-            leinfelder
+    	principal = session.getSubject().getValue();
+    }
-            leinfelder
+    EventLog.getInstance().log(request.getRemoteAddr(), request.getHeader("User-Agent"), principal, localId, "read");
             leinfelder
-            cjones
+    return inputStream;
+  }
             cjones
-            cjones
+  /**
    * Return the system metadata for a given object
+   *
    * @param session - the Session object containing the credentials for the Subject
    * @param pid - the object identifier for the given object
+   *
    * @return inputStream - the input stream of the given system metadata object
+   *
    * @throws InvalidToken
    * @throws ServiceFailure
    * @throws NotAuthorized
    * @throws NotFound
    * @throws InvalidRequest
    * @throws NotImplemented
    */
   public SystemMetadata getSystemMetadata(Session session, Identifier pid)
-            cjones
+      throws InvalidToken, ServiceFailure, NotAuthorized, NotFound,
-            cjones
+      NotImplemented {
             cjones
-            leinfelder
+	  boolean isAuthorized = false;
 	  try {
 		isAuthorized = isAuthorized(session, pid, Permission.READ);
 	  } catch (InvalidRequest e) {
 		throw new ServiceFailure("1090", e.getDescription());
+	  }
       if (!isAuthorized) {
-            cjones
+        throw new NotAuthorized("1400", Permission.READ + " not allowed on " + pid.getValue());
+      }
       SystemMetadata systemMetadata = null;
       try {
         systemMetadata = HazelcastService.getInstance().getSystemMetadataMap().get(pid);
       } catch (Exception e) {
         // convert hazelcast RuntimeException to NotFound
         throw new NotFound("1420", "No record found for: " + pid.getValue());
+      }
             cjones
     return systemMetadata;
             cjones
             cjones
-            cjones
+  /**
-            cjones
+   * Test if the user identified by the provided token has administrative authorization
    * for the operation on the specified object.
+   *
    * @param session - the Session object containing the credentials for the Subject
    * @param pid - The identifer of the resource for which access is being checked
    * @param operation - The type of operation which is being requested for the given pid
+   *
    * @return true if the operation is allowed
+   *
    * @throws ServiceFailure
    * @throws InvalidToken
    * @throws NotFound
    * @throws NotAuthorized
    * @throws NotImplemented
    */
   protected boolean isAdminAuthorized(Session session, Identifier pid,
       Permission permission)
       throws ServiceFailure, InvalidToken, NotFound, NotAuthorized,
       NotImplemented {
       boolean allowed = false;
       // are we allowed to do this? only CNs and target MNs are allowed
       CNode cn = D1Client.getCN();
       List<Node> nodes = cn.listNodes().getNodeList();
       if ( nodes == null ) {
           throw new ServiceFailure("4852", "Couldn't get node list.");
+      }
       // find the node in the node list
       for ( Node node : nodes ) {
           NodeReference nodeReference = node.getIdentifier();
           logMetacat.debug("In isAdminAuthorized(), Node reference is: " + nodeReference.getValue());
           Subject subject = session.getSubject();
           if (node.getType() == NodeType.CN) {
               List<Subject> nodeSubjects = node.getSubjectList();
               // check if the session subject is in the node subject list
               for (Subject nodeSubject : nodeSubjects) {
                   if ( nodeSubject.equals(subject) ) {
                       allowed = true; // subject of session == target node subject
                       break;
+                  }
             cjones
             cjones
+      }
       return allowed;
+  }
   /**
-            cjones
+   * Test if the user identified by the provided token has authorization
-            cjones
+   * for the operation on the specified object.
             cjones
    * @param session - the Session object containing the credentials for the Subject
    * @param pid - The identifer of the resource for which access is being checked
    * @param operation - The type of operation which is being requested for the given pid
+   *
    * @return true if the operation is allowed
+   *
    * @throws ServiceFailure
    * @throws InvalidToken
    * @throws NotFound
    * @throws NotAuthorized
    * @throws NotImplemented
    * @throws InvalidRequest
    */
   public boolean isAuthorized(Session session, Identifier pid, Permission permission)
     throws ServiceFailure, InvalidToken, NotFound, NotAuthorized,
-            leinfelder
+    NotImplemented, InvalidRequest {
             cjones
-            cjones
+    boolean allowed = false;
-            leinfelder
+    if (permission == null) {
     	throw new InvalidRequest("1761", "Permission was not provided or is invalid");
+    }
-            leinfelder
+    // permissions are hierarchical
-            leinfelder
+    List<Permission> expandedPermissions = null;
             leinfelder
     // for the "Verified" symbolic user
     Subject verifiedSubject = new Subject();
 	verifiedSubject.setValue(Constants.SUBJECT_VERIFIED_USER);
-            leinfelder
+    // get the subject[s] from the session
 	List<Subject> subjects = new ArrayList<Subject>();
 	if (session != null) {
 		// primary subject
 		Subject subject = session.getSubject();
 		if (subject != null) {
 			subjects.add(subject);
+		}
 		// details about the subject
 		SubjectInfo subjectInfo = session.getSubjectInfo();
 		if (subjectInfo != null) {
 			// find subjectInfo for the primary subject
 			List<Person> personList = subjectInfo.getPersonList();
 			if (personList != null) {
 				for (Person p : personList) {
-            cjones
+					  // for every person listed (isVerified is transitive)
-            leinfelder
+						logMetacat.debug("checking person");
 						logMetacat.debug("p.getVerified(): " + p.getVerified());
-            leinfelder
+						if (p.getVerified() != null && p.getVerified()) {
-            leinfelder
+							// add the verified symbolic user
 							if (!subjects.contains(verifiedSubject)) {
 								subjects.add(verifiedSubject);
+							}
+						}
 						// add the equivalent identities
 						List<Subject> equivList = p
 								.getEquivalentIdentityList();
 						if (equivList != null) {
 							for (Subject equiv : equivList) {
 								subjects.add(equiv);
+							}
+						}
 						// add the groups
 						List<Subject> groupList = p.getIsMemberOfList();
 						if (groupList != null) {
 							for (Subject g : groupList) {
 								subjects.add(g);
+							}
+						}
 						break;
+				}
+			}
+		}
 		// add the authenticated symbolic since we have a session
 		Subject authenticatedSubject = new Subject();
 		authenticatedSubject.setValue(Constants.SUBJECT_AUTHENTICATED_USER);
 		subjects.add(authenticatedSubject);
+	}
     // add public subject for everyone
-            leinfelder
+    Subject publicSubject = new Subject();
-            leinfelder
+    publicSubject.setValue(Constants.SUBJECT_PUBLIC);
-            leinfelder
+    subjects.add(publicSubject);
-            cjones
+    // get the system metadata
-            cjones
+    String pidStr = pid.getValue();
-            cjones
+    SystemMetadata systemMetadata = null;
     try {
-            cjones
+        systemMetadata = HazelcastService.getInstance().getSystemMetadataMap().get(pid);
     } catch (Exception e) {
         // convert Hazelcast RuntimeException to NotFound
         logMetacat.error("An error occurred while getting system metadata for identifier " +
             pid.getValue() + ". The error message was: " + e.getMessage());
         throw new NotFound("1800", "No record found for " + pidStr);
             cjones
             leinfelder
     // throw not found if it was not found
     if (systemMetadata == null) {
-            leinfelder
+    	throw new NotFound("1800", "No system metadata could be found for given PID: " + pidStr);
             leinfelder
             leinfelder
-            leinfelder
+    // do we own it?
     for (Subject s: subjects) {
-            cjones
+      logMetacat.debug("Comparing \t" +
                        systemMetadata.getRightsHolder().getValue() +
                        " \tagainst \t" + s.getValue());
-            leinfelder
+    	allowed = systemMetadata.getRightsHolder().equals(s);
-            leinfelder
+    	if (allowed) {
     		return allowed;
+    	}
+    }
     // otherwise check the access rules
-            leinfelder
+    try {
 	    List<AccessRule> allows = systemMetadata.getAccessPolicy().getAllowList();
-            leinfelder
+	    search: // label break
-            leinfelder
+	    for (AccessRule accessRule: allows) {
 	      for (Subject s: subjects) {
-            leinfelder
+	        logMetacat.debug("Checking allow access rule for subject: " + s.getValue());
-            leinfelder
+	        if (accessRule.getSubjectList().contains(s)) {
-            leinfelder
+	        	logMetacat.debug("Access rule contains subject: " + s.getValue());
-            leinfelder
+	        	for (Permission p: accessRule.getPermissionList()) {
-            leinfelder
+		        	logMetacat.debug("Checking permission: " + p.xmlValue());
-            leinfelder
+	        		expandedPermissions = expandPermissions(p);
 	        		allowed = expandedPermissions.contains(permission);
 	        		if (allowed) {
-            leinfelder
+			        	logMetacat.info("Permission granted: " + p.xmlValue() + " to " + s.getValue());
-            leinfelder
+	        			break search; //label break
+	        		}
             leinfelder
             leinfelder
+	      }
+	    }
     } catch (Exception e) {
     	// catch all for errors - safe side should be to deny the access
     	logMetacat.error("Problem checking authorization - defaulting to deny", e);
 		allowed = false;
             cjones
+    }
             cjones
-            leinfelder
+    // throw or return?
-            cjones
+    if (!allowed) {
-            leinfelder
+      throw new NotAuthorized("1820", permission + " not allowed on " + pidStr);
             cjones
             leinfelder
-            cjones
+    return allowed;
             cjones
             cjones
-            cjones
+  /*
-            cjones
+   * parse a logEntry and get the relevant field from it
+   *
    * @param fieldname
    * @param entry
    * @return
    */
   private String getLogEntryField(String fieldname, String entry) {
     String begin = "<" + fieldname + ">";
     String end = "</" + fieldname + ">";
     // logMetacat.debug("looking for " + begin + " and " + end +
     // " in entry " + entry);
     String s = entry.substring(entry.indexOf(begin) + begin.length(), entry
         .indexOf(end));
     logMetacat.debug("entry " + fieldname + " : " + s);
     return s;
+  }
             cjones
-            cjones
+  /**
-            cjones
+   * Determine if a given object should be treated as an XML science metadata
    * object.
+   *
    * @param sysmeta - the SystemMetadata describing the object
    * @return true if the object should be treated as science metadata
    */
-            leinfelder
+  public static boolean isScienceMetadata(SystemMetadata sysmeta) {
             cjones
     ObjectFormat objectFormat = null;
     boolean isScienceMetadata = false;
     try {
-            leinfelder
+      objectFormat = ObjectFormatCache.getInstance().getFormat(sysmeta.getFormatId());
-            leinfelder
+      if ( objectFormat.getFormatType().equals("METADATA") ) {
-            cjones
+      	isScienceMetadata = true;
+      }
             cjones
     } catch (ServiceFailure e) {
       logMetacat.debug("There was a problem determining if the object identified by" +
           sysmeta.getIdentifier().getValue() +
           " is science metadata: " + e.getMessage());
     } catch (NotFound e) {
       logMetacat.debug("There was a problem determining if the object identified by" +
           sysmeta.getIdentifier().getValue() +
           " is science metadata: " + e.getMessage());
+    }
     return isScienceMetadata;
             cjones
             cjones
   /**
    * Insert or update an XML document into Metacat
+   *
    * @param xml - the XML document to insert or update
    * @param pid - the identifier to be used for the resulting object
+   *
    * @return localId - the resulting docid of the document created or updated
+   *
    */
-            leinfelder
+  public String insertOrUpdateDocument(String xml, Identifier pid,
-            cjones
+    Session session, String insertOrUpdate)
     throws ServiceFailure {
   	logMetacat.debug("Starting to insert xml document...");
     IdentifierManager im = IdentifierManager.getInstance();
     // generate pid/localId pair for sysmeta
     String localId = null;
     if(insertOrUpdate.equals("insert")) {
       localId = im.generateLocalId(pid.getValue(), 1);
     } else {
       //localid should already exist in the identifier table, so just find it
       try {
         logMetacat.debug("Updating pid " + pid.getValue());
         logMetacat.debug("looking in identifier table for pid " + pid.getValue());
         localId = im.getLocalId(pid.getValue());
         logMetacat.debug("localId: " + localId);
         //increment the revision
         String docid = localId.substring(0, localId.lastIndexOf("."));
         String revS = localId.substring(localId.lastIndexOf(".") + 1, localId.length());
         int rev = new Integer(revS).intValue();
         rev++;
         docid = docid + "." + rev;
         localId = docid;
         logMetacat.debug("incremented localId: " + localId);
       } catch(McdbDocNotFoundException e) {
         throw new ServiceFailure("1030", "D1NodeService.insertOrUpdateDocument(): " +
             "pid " + pid.getValue() +
             " should have been in the identifier table, but it wasn't: " +
             e.getMessage());
+      }
+    }
-            leinfelder
+    params = new Hashtable<String, String[]>();
-            cjones
+    String[] action = new String[1];
     action[0] = insertOrUpdate;
     params.put("action", action);
     String[] docid = new String[1];
     docid[0] = localId;
     params.put("docid", docid);
     String[] doctext = new String[1];
     doctext[0] = xml;
     params.put("doctext", doctext);
-            leinfelder
+    String username = Constants.SUBJECT_PUBLIC;
-            cjones
+    String[] groupnames = null;
-            leinfelder
+    if (session != null ) {
     	username = session.getSubject().getValue();
-            leinfelder
+    	if (session.getSubjectInfo() != null) {
     		List<Group> groupList = session.getSubjectInfo().getGroupList();
-            leinfelder
+    		if (groupList != null) {
     			groupnames = new String[groupList.size()];
     			for (int i = 0; i > groupList.size(); i++ ) {
     				groupnames[i] = groupList.get(i).getGroupName();
+    			}
+    		}
+    	}
             cjones
     // do the insert or update action
-            leinfelder
+    handler = new MetacatHandler(new Timer());
-            leinfelder
+    String result = handler.handleInsertOrUpdateAction(request.getRemoteAddr(), request.getHeader("User-Agent"), null,
-            leinfelder
+                        null, params, username, groupnames, false);
             cjones
     if(result.indexOf("<error>") != -1) {
     	String detailCode = "";
     	if ( insertOrUpdate.equals("insert") ) {
-            leinfelder
+    		// make sure to remove the mapping so that subsequent attempts do not fail with IdentifierNotUnique
     		im.removeMapping(pid.getValue(), localId);
-            cjones
+    		detailCode = "1190";
     	} else if ( insertOrUpdate.equals("update") ) {
     		detailCode = "1310";
+    	}
         throw new ServiceFailure(detailCode,
           "Error inserting or updating document: " + result);
+    }
     logMetacat.debug("Finsished inserting xml document with id " + localId);
     return localId;
+  }
   /**
    * Insert a data document
+   *
    * @param object
    * @param pid
    * @param sessionData
    * @throws ServiceFailure
    * @returns localId of the data object inserted
    */
-            leinfelder
+  public String insertDataObject(InputStream object, Identifier pid,
-            cjones
+          Session session) throws ServiceFailure {
-            leinfelder
+    String username = Constants.SUBJECT_PUBLIC;
-            cjones
+    String[] groupnames = null;
-            leinfelder
+    if (session != null ) {
     	username = session.getSubject().getValue();
-            leinfelder
+    	if (session.getSubjectInfo() != null) {
     		List<Group> groupList = session.getSubjectInfo().getGroupList();
-            leinfelder
+    		if (groupList != null) {
     			groupnames = new String[groupList.size()];
     			for (int i = 0; i > groupList.size(); i++ ) {
     				groupnames[i] = groupList.get(i).getGroupName();
+    			}
+    		}
+    	}
             cjones
     // generate pid/localId pair for object
     logMetacat.debug("Generating a pid/localId mapping");
     IdentifierManager im = IdentifierManager.getInstance();
     String localId = im.generateLocalId(pid.getValue(), 1);
             leinfelder
     // Save the data file to disk using "localId" as the name
     String datafilepath = null;
 	try {
 		datafilepath = PropertyService.getProperty("application.datafilepath");
 	} catch (PropertyNotFoundException e) {
 		ServiceFailure sf = new ServiceFailure("1190", "Lookup data file path" + e.getMessage());
 		sf.initCause(e);
 		throw sf;
+	}
     boolean locked = false;
 	try {
 		locked = DocumentImpl.getDataFileLockGrant(localId);
 	} catch (Exception e) {
 		ServiceFailure sf = new ServiceFailure("1190", "Could not lock file for writing:" + e.getMessage());
 		sf.initCause(e);
 		throw sf;
+	}
     logMetacat.debug("Case DATA: starting to write to disk.");
 	if (locked) {
-            cjones
+          File dataDirectory = new File(datafilepath);
           dataDirectory.mkdirs();
           File newFile = writeStreamToFile(dataDirectory, localId, object);
           // TODO: Check that the file size matches SystemMetadata
           // long size = newFile.length();
           // if (size == 0) {
           //     throw new IOException("Uploaded file is 0 bytes!");
           // }
           // Register the file in the database (which generates an exception
           // if the localId is not acceptable or other untoward things happen
           try {
             logMetacat.debug("Registering document...");
             DocumentImpl.registerDocument(localId, "BIN", localId,
                     username, groupnames);
             logMetacat.debug("Registration step completed.");
           } catch (SQLException e) {
             //newFile.delete();
             logMetacat.debug("SQLE: " + e.getMessage());
             e.printStackTrace(System.out);
             throw new ServiceFailure("1190", "Registration failed: " +
             		e.getMessage());
           } catch (AccessionNumberException e) {
             //newFile.delete();
             logMetacat.debug("ANE: " + e.getMessage());
             e.printStackTrace(System.out);
             throw new ServiceFailure("1190", "Registration failed: " +
             	e.getMessage());
           } catch (Exception e) {
             //newFile.delete();
             logMetacat.debug("Exception: " + e.getMessage());
             e.printStackTrace(System.out);
             throw new ServiceFailure("1190", "Registration failed: " +
             	e.getMessage());
+          }
           logMetacat.debug("Logging the creation event.");
-            leinfelder
+          EventLog.getInstance().log(request.getRemoteAddr(), request.getHeader("User-Agent"), username, localId, "create");
             cjones
           // Schedule replication for this data file
           logMetacat.debug("Scheduling replication.");
           ForceReplicationHandler frh = new ForceReplicationHandler(
             localId, "create", false, null);
             leinfelder
       return localId;
             cjones
+  }
             cjones
-            cjones
+  /**
    * Insert a systemMetadata document and return its localId
    */
-            leinfelder
+  public void insertSystemMetadata(SystemMetadata sysmeta)
-            cjones
+      throws ServiceFailure {
   	  logMetacat.debug("Starting to insert SystemMetadata...");
       sysmeta.setDateSysMetadataModified(Calendar.getInstance().getTime());
       logMetacat.debug("Inserting new system metadata with modified date " +
           sysmeta.getDateSysMetadataModified());
       //insert the system metadata
       try {
         // note: the calling subclass handles the map hazelcast lock/unlock
       	HazelcastService.getInstance().getSystemMetadataMap().put(sysmeta.getIdentifier(), sysmeta);
       } catch (Exception e) {
           throw new ServiceFailure("1190", e.getMessage());
+	    }
             cjones
   /**
-            cjones
+   * Update a systemMetadata document
+   *
    * @param sysMeta - the system metadata object in the system to update
    */
-            cjones
+    protected void updateSystemMetadata(SystemMetadata sysMeta)
         throws ServiceFailure {
         logMetacat.debug("D1NodeService.updateSystemMetadata() called.");
         sysMeta.setDateSysMetadataModified(new Date());
         try {
             HazelcastService.getInstance().getSystemMetadataMap().lock(sysMeta.getIdentifier());
             HazelcastService.getInstance().getSystemMetadataMap().put(sysMeta.getIdentifier(), sysMeta);
         } catch (Exception e) {
             throw new ServiceFailure("4862", e.getMessage());
         } finally {
             HazelcastService.getInstance().getSystemMetadataMap().unlock(sysMeta.getIdentifier());
+        }
+    }
             leinfelder
   /**
    * Given a Permission, returns a list of all permissions that it encompasses
    * Permissions are hierarchical so that WRITE also allows READ.
    * @param permission
    * @return list of included Permissions for the given permission
    */
   protected List<Permission> expandPermissions(Permission permission) {
 	  	List<Permission> expandedPermissions = new ArrayList<Permission>();
 	    if (permission.equals(Permission.READ)) {
 	    	expandedPermissions.add(Permission.READ);
+	    }
 	    if (permission.equals(Permission.WRITE)) {
 	    	expandedPermissions.add(Permission.READ);
 	    	expandedPermissions.add(Permission.WRITE);
+	    }
 	    if (permission.equals(Permission.CHANGE_PERMISSION)) {
 	    	expandedPermissions.add(Permission.READ);
 	    	expandedPermissions.add(Permission.WRITE);
 	    	expandedPermissions.add(Permission.CHANGE_PERMISSION);
+	    }
 	    return expandedPermissions;
+  }
             cjones
   /*
-            cjones
+   * Write a stream to a file
+   *
    * @param dir - the directory to write to
    * @param fileName - the file name to write to
    * @param data - the object bytes as an input stream
+   *
    * @return newFile - the new file created
+   *
    * @throws ServiceFailure
    */
   private File writeStreamToFile(File dir, String fileName, InputStream data)
     throws ServiceFailure {
     File newFile = new File(dir, fileName);
     logMetacat.debug("Filename for write is: " + newFile.getAbsolutePath());
     try {
         if (newFile.createNewFile()) {
           // write data stream to desired file
           OutputStream os = new FileOutputStream(newFile);
           long length = IOUtils.copyLarge(data, os);
           os.flush();
           os.close();
         } else {
           logMetacat.debug("File creation failed, or file already exists.");
           throw new ServiceFailure("1190", "File already exists: " + fileName);
+        }
     } catch (FileNotFoundException e) {
       logMetacat.debug("FNF: " + e.getMessage());
       throw new ServiceFailure("1190", "File not found: " + fileName + " "
                 + e.getMessage());
     } catch (IOException e) {
       logMetacat.debug("IOE: " + e.getMessage());
       throw new ServiceFailure("1190", "File was not written: " + fileName
                 + " " + e.getMessage());
+    }
     return newFile;
+  }
+}

Project

General

Profile

Metacat