Project

General

Profile

Revision 5072

Added by daigle almost 11 years ago

Add authorization functionality

View differences:

src/edu/ucsb/nceas/workflowscheduler/WorkflowScheduler.java
123 123
		
124 124
		if (!sessionStatus.equals("valid")) {
125 125
			throw new MetacatSchedulerException("WorkflowScheduler.scheduleJob - session " 
126
					+ sessionIds[0] + " is not valid.");
126
					+ request.getSession().getId() + " is not valid.");
127 127
		}
128 128
		
129 129
		try {
src/edu/ucsb/nceas/metacat/PermissionController.java
39 39
import edu.ucsb.nceas.metacat.database.DBConnection;
40 40
import edu.ucsb.nceas.metacat.database.DBConnectionPool;
41 41
import edu.ucsb.nceas.metacat.properties.PropertyService;
42
import edu.ucsb.nceas.metacat.service.SessionService;
42 43
import edu.ucsb.nceas.metacat.util.DocumentUtil;
43 44
import edu.ucsb.nceas.metacat.util.MetacatUtil;
45
import edu.ucsb.nceas.metacat.util.SessionData;
44 46
import edu.ucsb.nceas.utilities.PropertyNotFoundException;
45 47

  
46 48
public class PermissionController
......
91 93
     return hasSubTreeAccessControl;
92 94
   }
93 95

  
96
   public boolean hasPermission(String sessionId, String myPermission) throws SQLException {
97
	   SessionData sessionData = SessionService.getRegisteredSession(sessionId);
98
	   if (sessionData == null) {
99
		   return false;
100
	   }
101
	   
102
	   return hasPermission(sessionData.getUserName(), sessionData.getGroupNames(), myPermission); 
103
   }
104
   
94 105

  
95 106
  /**
96 107
    * Check from db connection if at least one of the list of @principals
src/edu/ucsb/nceas/metacat/util/DocumentUtil.java
26 26

  
27 27
package edu.ucsb.nceas.metacat.util;
28 28

  
29
import java.io.PrintWriter;
30
import java.sql.SQLException;
31
import java.util.Hashtable;
29 32
import java.util.Stack;
30 33
import java.util.Vector;
31 34

  
35
import javax.servlet.http.HttpServletRequest;
36
import javax.servlet.http.HttpServletResponse;
37

  
32 38
import org.apache.log4j.Logger;
33 39

  
34 40
import edu.ucsb.nceas.dbadapter.AbstractDatabase;
35 41
import edu.ucsb.nceas.metacat.DBSAXHandler;
42
import edu.ucsb.nceas.metacat.McdbException;
36 43
import edu.ucsb.nceas.metacat.NodeRecord;
44
import edu.ucsb.nceas.metacat.PermissionController;
37 45
import edu.ucsb.nceas.metacat.properties.PropertyService;
46
import edu.ucsb.nceas.metacat.service.SessionService;
47
import edu.ucsb.nceas.metacat.shared.MetacatUtilException;
48
import edu.ucsb.nceas.metacat.util.SessionData;
38 49
import edu.ucsb.nceas.utilities.PropertyNotFoundException;
50
import edu.ucsb.nceas.utilities.ParseLSIDException;
51
import edu.ucsb.nceas.utilities.LSIDUtil;
39 52

  
40 53
/**
41 54
 * A suite of utility classes for the metadata catalog server
......
409 422
        }
410 423
        return result;
411 424
    }
425
    
426
    public static void isAuthorized(PrintWriter out, Hashtable<String,String[]> params, 
427
    		HttpServletRequest request, HttpServletResponse response) throws MetacatUtilException {
428
    	
429
    	String resourceLsid;
430
    	String[] resourceLsids = params.get("resourceLsid");
431
    	if (resourceLsids == null) {
432
    		throw new MetacatUtilException("DocumentUtil.isAuthorized - " + 
433
    				"resourceLsid parameter cannot be null.");
434
    	}
435
    	resourceLsid = resourceLsids[0];
436
    	 
437
    	String permission;
438
    	String[] permissions = params.get("permission");
439
    	if (permissions == null) {
440
    		throw new MetacatUtilException("DocumentUtil.isAuthorized - " + 
441
    				"permission parameter cannot be null.");
442
    	}
443
    	permission = permissions[0];
444
    	
445
    	String sessionId;
446
    	String[] sessionIds = params.get("sessionId");
447
    	if (sessionIds == null) {
448
    		throw new MetacatUtilException("DocumentUtil.isAuthorized - " + 
449
    				"sessionId parameter cannot be null.");
450
    	}
451
    	sessionId = sessionIds[0];
452
    	
453
    	String isAuthorized = "false";
454
    	String message = "";
455
    	
456
    	String result = "<resourceAuthorization>";
457
    	result += "<resourceId>" + resourceLsid + "</resourceId>"; 
458
    	result += "<permission>" + permission + "</permission>";
459
    	result += "<sessionId>" + sessionId + "</sessionId>";
412 460

  
461
    	if (!SessionService.isSessionRegistered(sessionId)) {
462
    		message = "Session is not logged in";
463
    	} else {
464
    		SessionData sessionData = SessionService.getRegisteredSession(sessionId);
465
    		
466
    		String docId = null;
467
    		try {
468
    			docId = LSIDUtil.getDocId(resourceLsid, true);
469
    			PermissionController pc = new PermissionController(docId);   
470
    			if (pc.hasPermission(sessionData.getUserName(), sessionData.getGroupNames(), permission)) {
471
    				isAuthorized = "true";
472
    				message = " docid: " + docId + " is authorized for session";
473
    			}
474
    		} catch (ParseLSIDException ple) {
475
    			message = "unparseable resource lsid: " + ple.getMessage();
476
    		} catch (McdbException me) {
477
    			message = "could not create permission controller for docid: " + docId + " : " + me.getMessage();
478
    		} catch (SQLException sqle) {
479
    			message = "SQL error getting permissions for docid: " + docId + " : " + sqle.getMessage();
480
    		}
481
    	}
482
    	
483
    	result += "<isAuthorized>" + isAuthorized + "</isAuthorized>";
484
    	result += "<message>" + message + "</message>";
485
    	result += "</resourceAuthorization>";
486
    	
487
    	out.write(result);
488
    }
489

  
413 490
}
src/edu/ucsb/nceas/metacat/client/MetacatClient.java
111 111
        prop.put("qformat", "xml");
112 112
        prop.put("username", username);
113 113
        prop.put("password", password);
114
//        if (this.sessionId != null) {
115
//        	prop.put("sessionid", sessionId);
116
//        }
114 117
        
115 118
        String response = null;
116 119
        try {
......
171 174
        Properties prop = new Properties();
172 175
        prop.put("action", "logout");
173 176
        prop.put("qformat", "xml");
177
        if (this.sessionId != null) {
178
        	prop.put("sessionid", sessionId);
179
        }
174 180
        
175 181
        String response = null;
176 182
        try {
......
223 229
   
224 230

  
225 231
	/**
232
     *  Method used to log in to a metacat server. Implementations will need
233
     *  to cache a cookie value to make the session persistent.  Each time a
234
     *  call is made to one of the other methods (e.g., read), the cookie will
235
     *  need to be passed back to the metacat server along with the request.
236
     *
237
     *  @param username   the username of the user, like an LDAP DN
238
     *  @param password   the password for that user for authentication
239
     *  @return the response string from metacat in XML format
240
     *  @throws MetacatAuthException when the username/password could
241
     *                    not be authenticated
242
     */
243
    public String isAuthorized(String resourceLsid, String permission, String sessionId)
244
    		throws MetacatAuthException, MetacatInaccessibleException {
245
    	
246
        Properties prop = new Properties();
247
        prop.put("action", "isauthorized");
248
        prop.put("resourceLsid", resourceLsid);
249
        prop.put("permission", permission);
250
        prop.put("sessionId", sessionId);
251
        
252
        String response = null;
253
        try {
254
            response = sendDataForString(prop, null, null, 0);
255
        } catch (Exception e) {
256
            throw new MetacatInaccessibleException(e.getMessage());
257
        }
258
        
259
        if (response.indexOf("<resourceAuthorization>") == -1) {
260
        	System.out.println("invalid response: " + response);
261
            throw new MetacatAuthException(response);
262
        } 
263
        
264
        return response;
265
    }
266
    
267
    /**
226 268
     * Read an XML document from the metacat server session, accessed by docid,
227 269
     * and returned as a Reader.
228 270
     *

Also available in: Unified diff