Revision 7773
Added by ben leinfelder almost 11 years ago
| src/edu/ucsb/nceas/metacat/restservice/D1ResourceHandler.java | ||
|---|---|---|
| 54 | 54 |
import org.dataone.service.exceptions.InvalidRequest; |
| 55 | 55 |
import org.dataone.service.exceptions.ServiceFailure; |
| 56 | 56 |
import org.dataone.service.types.v1.AccessPolicy; |
| 57 |
import org.dataone.service.types.v1.Group; |
|
| 58 |
import org.dataone.service.types.v1.Person; |
|
| 57 | 59 |
import org.dataone.service.types.v1.Replica; |
| 58 | 60 |
import org.dataone.service.types.v1.ReplicationPolicy; |
| 59 | 61 |
import org.dataone.service.types.v1.Session; |
| 62 |
import org.dataone.service.types.v1.Subject; |
|
| 63 |
import org.dataone.service.types.v1.SubjectInfo; |
|
| 60 | 64 |
import org.dataone.service.types.v1.SystemMetadata; |
| 61 | 65 |
import org.dataone.service.util.ExceptionHandler; |
| 62 | 66 |
import org.dataone.service.util.TypeMarshaller; |
| ... | ... | |
| 65 | 69 |
|
| 66 | 70 |
import edu.ucsb.nceas.metacat.MetacatHandler; |
| 67 | 71 |
import edu.ucsb.nceas.metacat.properties.PropertyService; |
| 72 |
import edu.ucsb.nceas.metacat.util.RequestUtil; |
|
| 73 |
import edu.ucsb.nceas.metacat.util.SessionData; |
|
| 68 | 74 |
import edu.ucsb.nceas.utilities.PropertyNotFoundException; |
| 69 | 75 |
/** |
| 70 | 76 |
* |
| ... | ... | |
| 135 | 141 |
logMetacat = Logger.getLogger(D1ResourceHandler.class); |
| 136 | 142 |
try {
|
| 137 | 143 |
|
| 138 |
// check for session-based certificate from the portal |
|
| 139 |
String configurationFileName = servletContext.getInitParameter("oa4mp:client.config.file");
|
|
| 140 |
String configurationFilePath = servletContext.getRealPath(configurationFileName); |
|
| 141 |
PortalCertificateManager portalManager = new PortalCertificateManager(configurationFilePath); |
|
| 142 |
logMetacat.debug("Initialized the PortalCertificateManager using config file: " + configurationFilePath);
|
|
| 143 |
X509Certificate certificate = portalManager.getCertificate(request); |
|
| 144 |
logMetacat.debug("Retrieved certificate: " + certificate);
|
|
| 145 |
PrivateKey key = portalManager.getPrivateKey(request); |
|
| 146 |
logMetacat.debug("Retrieved key: " + key);
|
|
| 147 |
if (certificate != null && key != null) {
|
|
| 148 |
request.setAttribute("javax.servlet.request.X509Certificate", certificate);
|
|
| 149 |
logMetacat.debug("Added certificate to the request: " + certificate.toString());
|
|
| 150 |
} |
|
| 151 |
|
|
| 152 |
// load session from certificate in request |
|
| 144 |
// initialize the session - three options |
|
| 145 |
// #1 |
|
| 146 |
// load session from certificate in request |
|
| 153 | 147 |
session = CertificateManager.getInstance().getSession(request); |
| 154 |
|
|
| 148 |
|
|
| 149 |
// #2 |
|
| 150 |
if (session == null) {
|
|
| 151 |
// check for session-based certificate from the portal |
|
| 152 |
String configurationFileName = servletContext.getInitParameter("oa4mp:client.config.file");
|
|
| 153 |
String configurationFilePath = servletContext.getRealPath(configurationFileName); |
|
| 154 |
PortalCertificateManager portalManager = new PortalCertificateManager(configurationFilePath); |
|
| 155 |
logMetacat.debug("Initialized the PortalCertificateManager using config file: " + configurationFilePath);
|
|
| 156 |
X509Certificate certificate = portalManager.getCertificate(request); |
|
| 157 |
logMetacat.debug("Retrieved certificate: " + certificate);
|
|
| 158 |
PrivateKey key = portalManager.getPrivateKey(request); |
|
| 159 |
logMetacat.debug("Retrieved key: " + key);
|
|
| 160 |
if (certificate != null && key != null) {
|
|
| 161 |
request.setAttribute("javax.servlet.request.X509Certificate", certificate);
|
|
| 162 |
logMetacat.debug("Added certificate to the request: " + certificate.toString());
|
|
| 163 |
} |
|
| 164 |
|
|
| 165 |
// reload session from certificate that we jsut set in request |
|
| 166 |
session = CertificateManager.getInstance().getSession(request); |
|
| 167 |
} |
|
| 168 |
|
|
| 169 |
// #3 |
|
| 170 |
// last resort, check for Metacat sessionid |
|
| 171 |
if (session == null) {
|
|
| 172 |
SessionData sessionData = RequestUtil.getSessionData(request); |
|
| 173 |
if (sessionData != null) {
|
|
| 174 |
String userName = sessionData.getUserName(); |
|
| 175 |
String[] groupNames = sessionData.getGroupNames(); |
|
| 176 |
Subject userSubject = new Subject(); |
|
| 177 |
userSubject.setValue(userName); |
|
| 178 |
session.setSubject(userSubject); |
|
| 179 |
SubjectInfo subjectInfo = new SubjectInfo(); |
|
| 180 |
Person person = new Person(); |
|
| 181 |
person.setSubject(userSubject); |
|
| 182 |
if (groupNames != null && groupNames.length > 0) {
|
|
| 183 |
for (String groupName: groupNames) {
|
|
| 184 |
Group group = new Group(); |
|
| 185 |
group.setGroupName(groupName); |
|
| 186 |
Subject groupSubject = new Subject(); |
|
| 187 |
groupSubject.setValue(groupName); |
|
| 188 |
group.setSubject(groupSubject); |
|
| 189 |
subjectInfo.addGroup(group); |
|
| 190 |
person.addIsMemberOf(groupSubject); |
|
| 191 |
} |
|
| 192 |
} |
|
| 193 |
subjectInfo.addPerson(person); |
|
| 194 |
session.setSubjectInfo(subjectInfo); |
|
| 195 |
} |
|
| 196 |
} |
|
| 197 |
|
|
| 155 | 198 |
// initialize the parameters |
| 156 | 199 |
params = new Hashtable<String, String[]>(); |
| 157 | 200 |
initParams(); |
Also available in: Unified diff
handle client certificates, portal certificates and jsessionid as three ways to prove you are an uthenticated user. https://projects.ecoinformatics.org/ecoinfo/issues/5942