Revision 7072
Added by Chris Jones almost 13 years ago
| src/edu/ucsb/nceas/metacat/dataone/D1NodeService.java | ||
|---|---|---|
| 662 | 662 |
|
| 663 | 663 |
// must have a session in order to check admin |
| 664 | 664 |
if (session == null) {
|
| 665 |
return false; |
|
| 665 |
logMetacat.debug("In isAdminAuthorized(), session is null for " +
|
|
| 666 |
"identifier " + pid.getValue() + " and permission " + |
|
| 667 |
permission.toString()); |
|
| 668 |
return false; |
|
| 666 | 669 |
} |
| 667 | 670 |
|
| 668 |
// are we allowed to do this? only CNs and target MNs are allowed |
|
| 671 |
logMetacat.debug("In isAdminAuthorized(), checking CN or MN authorization for " +
|
|
| 672 |
session.getSubject().getValue() + " on identifier " + pid.getValue()); |
|
| 673 |
|
|
| 674 |
// are we allowed to do this? only CNs are allowed |
|
| 669 | 675 |
CNode cn = D1Client.getCN(); |
| 670 | 676 |
List<Node> nodes = cn.listNodes().getNodeList(); |
| 671 | 677 |
|
| ... | ... | |
| 687 | 693 |
|
| 688 | 694 |
// check if the session subject is in the node subject list |
| 689 | 695 |
for (Subject nodeSubject : nodeSubjects) {
|
| 696 |
logMetacat.debug("In isAdminAuthorized(), comparing subjects: " +
|
|
| 697 |
nodeSubject.getValue() + " and " + subject.getValue()); |
|
| 690 | 698 |
if ( nodeSubject.equals(subject) ) {
|
| 691 | 699 |
allowed = true; // subject of session == target node subject |
| 692 | 700 |
break; |
Also available in: Unified diff
Add some debugging statements in isAuthorized().