Metacat

import com.oreilly.servlet.multipart.FilePart;

import com.oreilly.servlet.multipart.MultipartParser;

import com.oreilly.servlet.multipart.ParamPart;

import com.oreilly.servlet.multipart.Part;

  private String datafilepath = null; 

  private File dataDirectory = null;

  //private String executescript  = null;  

      datafilepath = util.getOption("datafilepath");

      dataDirectory = new File(datafilepath);

      //executescript = util.getOption("executescript"); 

                               HttpServletResponse response) 

                               throws ServletException, IOException 

  {

    // Deal with forms that are encoded as "multipart/form-data" differently

    // this is mainly used for uploading non-xml files using that may be binary

    if (request.getContentType().startsWith("multipart/form-data")) {

      handleMultipartForm(request, response);

    } else {

      // This probably means the data is "application/x-www-url-encoded", we hope :-)

      String name = null;

      String[] value = null;

      String[] docid = new String[3];

      Hashtable params = new Hashtable();

      Enumeration paramlist = request.getParameterNames();

      while (paramlist.hasMoreElements()) {

        name = (String)paramlist.nextElement();

        value = request.getParameterValues(name);

        // Decode the docid and mouse click information

        if (name.endsWith(".y")) {

          docid[0] = name.substring(0,name.length()-2);

          params.put("docid", docid);

          name = "ypos";

        if (name.endsWith(".x")) {

          name = "xpos";

        } 

        params.put(name,value); 

      //if the user clicked on the input images, decode which image

      //was clicked then set the action.

      String action = ((String[])params.get("action"))[0];  

      util.debugMessage("Line 213: Action is: " + action);

      // This block handles session management for the servlet

      // by looking up the current session information for all actions

      // other than "login" and "logout"

      String username = null;

      String password = null;

      String groupname = null;

      String sess_id = null;

      // handle login action

      if (action.equals("login")) {

        handleLoginAction(response.getWriter(), params, request, response);

      // handle logout action  

      } else if (action.equals("logout")) {

        handleLogoutAction(response.getWriter(), params, request, response);

      // aware of session expiration on every request  

      } else {   

        HttpSession sess = request.getSession(true);

        if (sess.isNew()) { 

          // session expired or has not been stored b/w user requests

          username = "public";

          sess.setAttribute("username", username);

        } else {

          username = (String)sess.getAttribute("username");

          password = (String)sess.getAttribute("password");

          groupname = (String)sess.getAttribute("groupname");

          try {

            sess_id = (String)sess.getId();

          } catch(IllegalStateException ise) {

            System.out.println("error in handleGetOrPost: this shouldn't " +

                               "happen: the session should be valid: " + 

                               ise.getMessage());

          }

        }  

      }    

      // Now that we know the session is valid, we can delegate the request

      // to a particular action handler

      if(action.equals("query")) {

        handleQuery(response.getWriter(), params, response, username, groupname); 

      } else if(action.equals("squery")) {

        if(params.containsKey("query")) {

          handleSQuery(response.getWriter(), params, response, username, groupname); 

        } else {

          PrintWriter out = response.getWriter();

          out.println("Illegal action squery without \"query\" parameter");

        }

      } else if (action.equals("read")) {

        handleReadAction(params, response, username, groupname);

      } else if (action.equals("insert") || action.equals("update")) {

        if ( (username != null) &&  !username.equals("public") ) {

          handleInsertOrUpdateAction(out, params, response, username, groupname);

        } else {  

          out.println("Permission denied for " + action);

        }  

      } else if (action.equals("delete")) {

        PrintWriter out = response.getWriter();

        if ( (username != null) &&  !username.equals("public") ) {

          handleDeleteAction(out, params, response, username, groupname);

        } else {  

          out.println("Permission denied for " + action);

        }  

      } else if (action.equals("validate")) {

        PrintWriter out = response.getWriter();

        handleValidateAction(out, params, response); 

      } else if (action.equals("getdataport")) {

        PrintWriter out = response.getWriter();

        if ( (username != null) &&  !username.equals("public") ) {

        handleGetDataPortAction(out, params, response, username, groupname, 

                                sess_id);

        } else {

          out.println("You must be authenticated to perform the getdataport " +

                      "action!");

        }

      } else if (action.equals("getaccesscontrol")) {

        PrintWriter out = response.getWriter();

        handleGetAccessControlAction(out, params, response, username, groupname);

      } else if (action.equals("getprincipals")) {

        PrintWriter out = response.getWriter();

        handleGetPrincipalsAction(out, username, password);  

      } else if (action.equals("getdoctypes")) {

        PrintWriter out = response.getWriter();

        handleGetDoctypesAction(out, params, response);  

      } else if (action.equals("getdtdschema")) {

        PrintWriter out = response.getWriter();

        handleGetDTDSchemaAction(out, params, response);  

      } else if (action.equals("getdataguide")) {

        PrintWriter out = response.getWriter();

        handleGetDataGuideAction(out, params, response);  

      } else if (action.equals("getlastdocid")) {

        PrintWriter out = response.getWriter();

        handleGetLastDocidAction(out, params, response);  

      } else if (action.equals("login") || action.equals("logout")) {

      } else if (action.equals("protocoltest")) {

        String testURL = "metacat://dev.nceas.ucsb.edu/NCEAS.897766.9";

        try {

          testURL = ((String[])params.get("url"))[0];

        } catch (Throwable t) {

        }

        String phandler = System.getProperty("java.protocol.handler.pkgs");

        response.setContentType("text/html");

        PrintWriter out = response.getWriter();

        out.println("<body bgcolor=\"white\">");

        out.println("<p>Handler property: <code>" + phandler + "</code></p>");

        out.println("<p>Starting test for:<br>");

        out.println("    " + testURL + "</p>");

        try {

          URL u = new URL(testURL);

          out.println("<pre>");

          out.println("Protocol: " + u.getProtocol());

          out.println("    Host: " + u.getHost());

          out.println("    Port: " + u.getPort());

          out.println("    Path: " + u.getPath());

          out.println("     Ref: " + u.getRef());

          String pquery = u.getQuery();

          out.println("   Query: " + pquery);

          out.println("  Params: ");

          if (pquery != null) {

            Hashtable qparams = util.parseQuery(u.getQuery());

            for (Enumeration en = qparams.keys(); en.hasMoreElements(); ) {

              String pname = (String)en.nextElement();

              String pvalue = (String)qparams.get(pname);

              out.println("    " + pname + ": " + pvalue);

            }

          out.println("</pre>");

          out.println("</body>");

          out.close();

        } catch (MalformedURLException mue) {

          System.out.println("bad url from MetacatServlet.handleGetOrPost");

          out.println(mue.getMessage());

          mue.printStackTrace(out);

          out.close();

      } else {

        PrintWriter out = response.getWriter();

        out.println("<?xml version=\"1.0\"?>");

        out.println("<error>");

        out.println("Error: action not registered.  Please report this error.");

        out.println("</error>");

      util.closeConnections();

      // Close the stream to the client

      // out.close();

  /** 

   * Handle documents passed to metacat that are encoded using the 

   * "multipart/form-data" mime type.  This is typically used for uploading

   * data files which may be binary and large.

   */

  private void handleMultipartForm(HttpServletRequest request,

                                   HttpServletResponse response) 

  {

    PrintWriter out = null;

    String action = null;

    // Parse the multipart form, and save the parameters in a Hashtable and

    // save the FileParts in a hashtable

    Hashtable params = new Hashtable();

    Hashtable fileList = new Hashtable();

    try {

      // MBJ: need to put filesize limit in Metacat config (metacat.properties)

      MultipartParser mp = new MultipartParser(request, 200*1024*1024); // 200MB

      Part part;

      while ((part = mp.readNextPart()) != null) {

        String name = part.getName();

        if (part.isParam()) {

          // it's a parameter part

          ParamPart paramPart = (ParamPart) part;

          String value = paramPart.getStringValue();

          params.put(name, value);

          if (name.equals("action")) {

            action = value;

          }

        } else if (part.isFile()) {

          // it's a file part

          FilePart filePart = (FilePart) part;

          fileList.put(name, filePart);

          // Stop once the first file part is found, otherwise going onto the

          // next part prevents access to the file contents.  So...for upload

          // to work, the datafile must be the last part

          break;

        }

      }

    } catch (IOException ioe) {

      try {

        out = response.getWriter();

      } catch (IOException ioe2) {

        System.err.println("Fatal Error: couldn't get response output stream.");

      }

      out.println("<?xml version=\"1.0\"?>");

      out.println("<error>");

      out.println("Error: problem reading multipart data.");

      out.println("</error>");

    }

    // Get the session information

    String username = null;

    String password = null;

    String groupname = null;

    String sess_id = null;

    // be aware of session expiration on every request  

    HttpSession sess = request.getSession(true);

    if (sess.isNew()) {

      // session expired or has not been stored b/w user requests

      username = "public";

      sess.setAttribute("username", username);

    } else {

      username = (String)sess.getAttribute("username");

      password = (String)sess.getAttribute("password");

      groupname = (String)sess.getAttribute("groupname");

      try {

        sess_id = (String)sess.getId();

      } catch(IllegalStateException ise) {

        System.out.println("error in  handleMultipartForm: this shouldn't " +

                           "happen: the session should be valid: " + 

                           ise.getMessage());

      }

    }  

    if ( action.equals("upload")) {

      if (username != null &&  !username.equals("public")) {

        handleUploadAction(request, response, params, fileList, 

                           username, groupname);

      } else {

        try {

          out = response.getWriter();

        } catch (IOException ioe2) {

          System.err.println("Fatal Error: couldn't get response output stream.");

        }

        out.println("<?xml version=\"1.0\"?>");

        out.println("<error>");

        out.println("Permission denied for " + action);

        out.println("</error>");

      }

    } else {

      try {

        out = response.getWriter();

      } catch (IOException ioe2) {

        System.err.println("Fatal Error: couldn't get response output stream.");

      }

      out.println("<?xml version=\"1.0\"?>");

      out.println("<error>");

      out.println("Error: action not registered.  Please report this error.");

      out.println("</error>");

    }

  }

  /** 

   * Handle the upload action by saving the attached file to disk and 

   * registering it in the Metacat db

   */

  private void handleUploadAction(HttpServletRequest request,

                                  HttpServletResponse response, 

                                  Hashtable params, Hashtable fileList, 

                                  String username, String groupname)

  {

    PrintWriter out = null;

    Connection conn = null;

    String action = null;

    String docid = null;

    response.setContentType("text/xml");

    try {

      out = response.getWriter();

    } catch (IOException ioe2) {

      System.err.println("Fatal Error: couldn't get response output stream.");

    }

    if (params.containsKey("docid")) {

      docid = (String)params.get("docid");

    }

    // Make sure we have a docid and datafile

    if (docid != null && fileList.containsKey("datafile")) {

      // Get a reference to the file part of the form

      FilePart filePart = (FilePart)fileList.get("datafile");

      String fileName = filePart.getFileName();

      MetaCatUtil.debugMessage("Uploading filename: " + fileName);

      // Check if the right file existed in the uploaded data

      if (fileName != null) {

        try {

          // register the file in the database (which generates an exception if

          // the docid is not acceptable or other untoward things happen

          DocumentImpl.registerDocument(fileName, "BIN", docid, username, 1);

          // Save the data file to disk using "docid" as the name

          dataDirectory.mkdirs();

          File newFile = new File(dataDirectory, docid);

          long size = filePart.writeTo(newFile);

          // set content type and other response header fields first

          out.println("<?xml version=\"1.0\"?>");

          out.println("<success>");

          out.println("<docid>" + docid + "</docid>"); 

          out.println("<size>" + size + "</size>"); 

          out.println("</success>");

        } catch (Exception e) {

          out.println("<?xml version=\"1.0\"?>");

          out.println("<error>");

          out.println(e.getMessage()); 

          out.println("</error>");

        }

      } else {

        // the field did not contain a file

        out.println("<?xml version=\"1.0\"?>");

        out.println("<error>");

        out.println("The uploaded data did not contain a valid file."); 

        out.println("</error>");

      }

    } else {

      // Error bcse docid missing or file missing

      out.println("<?xml version=\"1.0\"?>");

      out.println("<error>");

      out.println("The uploaded data did not contain a valid docid " +

                  "or valid file."); 

      out.println("</error>");

    }

  }

import java.text.SimpleDateFormat;

import java.util.Date;

  /**

   * Register a document that resides on the filesystem with the database.

   * (ie, just an entry in xml_documents, nothing in xml_nodes).

   * Creates a reference to a filesystem document (used for non-xml data files).

   *

   * @param conn the JDBC Connection to which all information is written

   * @param docname - the name of DTD, i.e. the name immediately following 

   *        the DOCTYPE keyword ( should be the root element name ) or

   *        the root element name if no DOCTYPE declaration provided

   *        (Oracle's and IBM parsers are not aware if it is not the 

   *        root element name)

   * @param doctype - Public ID of the DTD, i.e. the name immediately 

   *                  following the PUBLIC keyword in DOCTYPE declaration or

   *                  the docname if no Public ID provided or

   *                  null if no DOCTYPE declaration provided

   * @param accnum the accession number to use for the INSERT OR UPDATE, which 

   *               includes a revision number for this revision of the document 

   *               (e.g., knb.1.1)

   * @param user the user that owns the document

   * @param serverCode the serverid from xml_replication on which this document

   *        resides.

   */

  public static void registerDocument(

                     String docname, String doctype, String accnum, 

                     String user, int serverCode)

                     throws SQLException, AccessionNumberException, Exception

  {

    Connection dbconn = null;

    MetaCatUtil util = new MetaCatUtil();

    try {

      dbconn = util.openDBConnection();

      AccessionNumber ac = new AccessionNumber(dbconn, accnum, "insert");

      String docid = ac.getDocid();

      String rev = ac.getRev();

      SimpleDateFormat formatter = new SimpleDateFormat ("yy-MM-dd HH:mm:ss");

      Date localtime = new Date();

      String dateString = formatter.format(localtime);

      String sqlDateString = "to_date('" + dateString + "', 'YY-MM-DD HH24:MI:SS')";

      StringBuffer sql = new StringBuffer();

      sql.append("insert into xml_documents (docid, docname, doctype, ");

      sql.append("user_owner, user_updated, server_location, rev, date_created");

      sql.append(", date_updated, public_access) values ('");

      sql.append(docid).append("','");

      sql.append(docname).append("','");

      sql.append(doctype).append("','");

      sql.append(user).append("','");

      sql.append(user).append("','");

      sql.append(serverCode).append("','");

      sql.append(rev).append("',");

      sql.append(sqlDateString).append(",");

      sql.append(sqlDateString).append(",");

      sql.append("'0')");

      //System.out.println("sql: " + sql.toString());

      PreparedStatement pstmt = dbconn.prepareStatement(sql.toString());

      pstmt.execute();

      pstmt.close();

      dbconn.close();

    } finally {

      util.returnConnection(dbconn);

    }    

  }

      <property name="password" value="your-pw-goes-here"/>

      <property name="cos" 

                value="lib/cos.jar" />

                value="${xmlp2}:${xmlp}:${jdbc}:${jserv}:${jsdk}:${srb}:${cos}"/>

       <copyfile src="${cos}" 

                 dest="${installdir}/WEB-INF/lib/cos.jar" />