Revision 8360
Added by Jing Tao over 10 years ago
D1NodeService.java | ||
---|---|---|
715 | 715 |
return systemMetadata; |
716 | 716 |
} |
717 | 717 |
|
718 |
|
|
719 |
/** |
|
720 |
* Test if the specified session represents the authoritative member node for the |
|
721 |
* given object specified by the identifier. According the the DataONE documentation, |
|
722 |
* the authoritative member node has all the rights of the *rightsHolder*. |
|
723 |
* @param session - the Session object containing the credentials for the Subject |
|
724 |
* @param pid - the Identifier of the data object |
|
725 |
* @return true if the session represents the authoritative mn. |
|
726 |
* @throws ServiceFailure |
|
727 |
* @throws NotImplemented |
|
728 |
*/ |
|
729 |
public boolean isAuthoritativeMNodeAdmin(Session session, Identifier pid) { |
|
730 |
boolean allowed = false; |
|
731 |
//check the parameters |
|
732 |
if(session == null) { |
|
733 |
logMetacat.debug("D1NodeService.isAuthoritativeMNodeAdmin - the session object is null and return false."); |
|
734 |
return allowed; |
|
735 |
} else if (pid == null || pid.getValue() == null || pid.getValue().trim().equals("")) { |
|
736 |
logMetacat.debug("D1NodeService.isAuthoritativeMNodeAdmin - the Identifier object is null (not being specified) and return false."); |
|
737 |
return allowed; |
|
738 |
} |
|
739 |
|
|
740 |
//Get the subject from the session |
|
741 |
Subject subject = session.getSubject(); |
|
742 |
if(subject != null) { |
|
743 |
//Get the authoritative member node info from the system metadata |
|
744 |
SystemMetadata sysMeta = HazelcastService.getInstance().getSystemMetadataMap().get(pid); |
|
745 |
if(sysMeta != null) { |
|
746 |
NodeReference authoritativeMNode = sysMeta.getAuthoritativeMemberNode(); |
|
747 |
if(authoritativeMNode != null) { |
|
748 |
CNode cn = null; |
|
749 |
try { |
|
750 |
cn = D1Client.getCN(); |
|
751 |
} catch (ServiceFailure e) { |
|
752 |
logMetacat.error("D1NodeService.isAuthoritativeMNodeAdmin - couldn't connect to the CN since "+ |
|
753 |
e.getDescription()+ ". The false value will be returned for the AuthoritativeMNodeAdmin."); |
|
754 |
return allowed; |
|
755 |
} |
|
756 |
|
|
757 |
if(cn != null) { |
|
758 |
List<Node> nodes = null; |
|
759 |
try { |
|
760 |
nodes = cn.listNodes().getNodeList(); |
|
761 |
} catch (NotImplemented e) { |
|
762 |
logMetacat.error("D1NodeService.isAuthoritativeMNodeAdmin - couldn't get the member nodes list from the CN since "+e.getDescription()+ |
|
763 |
". The false value will be returned for the AuthoritativeMNodeAdmin."); |
|
764 |
return allowed; |
|
765 |
} catch (ServiceFailure ee) { |
|
766 |
logMetacat.error("D1NodeService.isAuthoritativeMNodeAdmin - couldn't get the member nodes list from the CN since "+ee.getDescription()+ |
|
767 |
". The false value will be returned for the AuthoritativeMNodeAdmin."); |
|
768 |
return allowed; |
|
769 |
} |
|
770 |
if(nodes != null) { |
|
771 |
for(Node node : nodes) { |
|
772 |
//find the authoritative node and get its subjects |
|
773 |
if (node.getType() == NodeType.MN && node.getIdentifier() != null && node.getIdentifier().equals(authoritativeMNode)) { |
|
774 |
List<Subject> nodeSubjects = node.getSubjectList(); |
|
775 |
if(nodeSubjects != null) { |
|
776 |
// check if the session subject is in the node subject list |
|
777 |
for (Subject nodeSubject : nodeSubjects) { |
|
778 |
logMetacat.debug("D1NodeService.isAuthoritativeMNodeAdmin(), comparing subjects: " + |
|
779 |
nodeSubject.getValue() + " and " + subject.getValue()); |
|
780 |
if ( nodeSubject != null && nodeSubject.equals(subject) ) { |
|
781 |
allowed = true; // subject of session == target node subject |
|
782 |
break; |
|
783 |
} |
|
784 |
} |
|
785 |
} |
|
786 |
|
|
787 |
} |
|
788 |
} |
|
789 |
} |
|
790 |
} |
|
791 |
} |
|
792 |
} |
|
793 |
} |
|
794 |
return allowed; |
|
795 |
} |
|
796 |
|
|
797 |
|
|
718 | 798 |
/** |
719 | 799 |
* Test if the user identified by the provided token has administrative authorization |
720 | 800 |
* |
... | ... | |
868 | 948 |
|
869 | 949 |
} |
870 | 950 |
|
951 |
// the authoritative member node of the pid always has the access as well. |
|
952 |
if (isAuthoritativeMNodeAdmin(session, pid)) { |
|
953 |
allowed = true; |
|
954 |
return allowed; |
|
955 |
} |
|
956 |
|
|
871 | 957 |
// get the subject[s] from the session |
872 | 958 |
//defer to the shared util for recursively compiling the subjects |
873 | 959 |
Set<Subject> subjects = AuthUtils.authorizedClientSubjects(session); |
Also available in: Unified diff
Add the methond named isAuthoritativeMNodeAdmin method. It applies to both CN and MN methods.