r4589 - in trunk/src/edu/ucsb/nceas/metacat: . service util
daigle at ecoinformatics.org
daigle at ecoinformatics.org
Wed Nov 19 15:25:09 PST 2008
Author: daigle
Date: 2008-11-19 15:25:09 -0800 (Wed, 19 Nov 2008)
New Revision: 4589
Added:
trunk/src/edu/ucsb/nceas/metacat/util/AuthUtil.java
Removed:
trunk/src/edu/ucsb/nceas/metacat/util/LDAPUtil.java
Modified:
trunk/src/edu/ucsb/nceas/metacat/DBQuery.java
trunk/src/edu/ucsb/nceas/metacat/DocumentImpl.java
trunk/src/edu/ucsb/nceas/metacat/Eml200SAXHandler.java
trunk/src/edu/ucsb/nceas/metacat/MetaCatServlet.java
trunk/src/edu/ucsb/nceas/metacat/MetacatReplication.java
trunk/src/edu/ucsb/nceas/metacat/service/PropertyService.java
trunk/src/edu/ucsb/nceas/metacat/util/MetaCatUtil.java
Log:
Rename LDAPUtil to AuthUtil
Modified: trunk/src/edu/ucsb/nceas/metacat/DBQuery.java
===================================================================
--- trunk/src/edu/ucsb/nceas/metacat/DBQuery.java 2008-11-19 23:23:42 UTC (rev 4588)
+++ trunk/src/edu/ucsb/nceas/metacat/DBQuery.java 2008-11-19 23:25:09 UTC (rev 4589)
@@ -49,7 +49,7 @@
import org.w3c.dom.ls.*;
import edu.ucsb.nceas.metacat.service.PropertyService;
-import edu.ucsb.nceas.metacat.util.LDAPUtil;
+import edu.ucsb.nceas.metacat.util.AuthUtil;
import edu.ucsb.nceas.metacat.util.MetaCatUtil;
import edu.ucsb.nceas.morpho.datapackage.Triple;
import edu.ucsb.nceas.morpho.datapackage.TripleCollection;
@@ -384,7 +384,7 @@
// if the user is a moderator, then pass a param to the
// xsl specifying the fact
- if(LDAPUtil.isModerator(user, groups)){
+ if(AuthUtil.isModerator(user, groups)){
params.put("isModerator", new String[] {"true"});
}
Modified: trunk/src/edu/ucsb/nceas/metacat/DocumentImpl.java
===================================================================
--- trunk/src/edu/ucsb/nceas/metacat/DocumentImpl.java 2008-11-19 23:23:42 UTC (rev 4588)
+++ trunk/src/edu/ucsb/nceas/metacat/DocumentImpl.java 2008-11-19 23:25:09 UTC (rev 4589)
@@ -58,7 +58,7 @@
import edu.ucsb.nceas.metacat.service.XMLSchema;
import edu.ucsb.nceas.metacat.service.XMLSchemaService;
import edu.ucsb.nceas.metacat.spatial.SpatialHarvester;
-import edu.ucsb.nceas.metacat.util.LDAPUtil;
+import edu.ucsb.nceas.metacat.util.AuthUtil;
import edu.ucsb.nceas.metacat.util.MetaCatUtil;
import edu.ucsb.nceas.metacat.util.SystemUtil;
import edu.ucsb.nceas.utilities.FileUtil;
@@ -2628,7 +2628,7 @@
if (action.equals("UPDATE")) {
// check for 'write' permission for 'user' to update this document
if (!hasWritePermission(user, groups, accnum)
- && !LDAPUtil.isAdministrator(user, groups)) {
+ && !AuthUtil.isAdministrator(user, groups)) {
throw new Exception(
"User " + user
+ " does not have permission to update XML Document #"
@@ -3082,7 +3082,7 @@
double start = System.currentTimeMillis()/1000;
// check for 'write' permission for 'user' to delete this document
if (!hasAllPermission(user, groups, accnum)) {
- if(!LDAPUtil.isAdministrator(user, groups)){
+ if(!AuthUtil.isAdministrator(user, groups)){
throw new Exception(
"User " + user
+ " does not have permission to delete XML Document #"
Modified: trunk/src/edu/ucsb/nceas/metacat/Eml200SAXHandler.java
===================================================================
--- trunk/src/edu/ucsb/nceas/metacat/Eml200SAXHandler.java 2008-11-19 23:23:42 UTC (rev 4588)
+++ trunk/src/edu/ucsb/nceas/metacat/Eml200SAXHandler.java 2008-11-19 23:25:09 UTC (rev 4589)
@@ -49,7 +49,7 @@
import org.xml.sax.SAXException;
import edu.ucsb.nceas.metacat.service.PropertyService;
-import edu.ucsb.nceas.metacat.util.LDAPUtil;
+import edu.ucsb.nceas.metacat.util.AuthUtil;
import edu.ucsb.nceas.metacat.util.MetaCatUtil;
import edu.ucsb.nceas.utilities.PropertyNotFoundException;
@@ -322,7 +322,7 @@
if (action != null && action.equals("UPDATE")
&& !control.hasPermission(user, groups,
AccessControlInterface.ALLSTRING)
- && !LDAPUtil.isAdministrator(user, groups))
+ && !AuthUtil.isAdministrator(user, groups))
{
needCheckingAccessModule = true;
unChangebleTopAccessSubTree = getTopAccessSubTreeFromDB();
Modified: trunk/src/edu/ucsb/nceas/metacat/MetaCatServlet.java
===================================================================
--- trunk/src/edu/ucsb/nceas/metacat/MetaCatServlet.java 2008-11-19 23:23:42 UTC (rev 4588)
+++ trunk/src/edu/ucsb/nceas/metacat/MetaCatServlet.java 2008-11-19 23:25:09 UTC (rev 4589)
@@ -83,7 +83,7 @@
import edu.ucsb.nceas.metacat.service.XMLSchemaService;
import edu.ucsb.nceas.metacat.spatial.SpatialHarvester;
import edu.ucsb.nceas.metacat.spatial.SpatialQuery;
-import edu.ucsb.nceas.metacat.util.LDAPUtil;
+import edu.ucsb.nceas.metacat.util.AuthUtil;
import edu.ucsb.nceas.metacat.util.MetaCatUtil;
import edu.ucsb.nceas.metacat.util.RequestUtil;
import edu.ucsb.nceas.metacat.util.SystemUtil;
@@ -812,10 +812,10 @@
out.println(name);
out.println("\n</name>\n");
}
- if (LDAPUtil.isAdministrator(userName, groupNames)) {
+ if (AuthUtil.isAdministrator(userName, groupNames)) {
out.println("<isAdministrator></isAdministrator>\n");
}
- if (LDAPUtil.isModerator(userName, groupNames)) {
+ if (AuthUtil.isModerator(userName, groupNames)) {
out.println("<isModerator></isModerator>\n");
}
out.println("\n</user>\n");
@@ -2061,7 +2061,7 @@
}
try {
- if (!LDAPUtil.canInsertOrUpdate(user, groups)) {
+ if (!AuthUtil.canInsertOrUpdate(user, groups)) {
out.println("<?xml version=\"1.0\"?>");
out.println("<error>");
out.println("User '" + user + "' not allowed to insert and update");
@@ -2664,7 +2664,7 @@
PrintWriter out = response.getWriter();
// Check that the user is authenticated as an administrator account
- if (!LDAPUtil.isAdministrator(username, groups)) {
+ if (!AuthUtil.isAdministrator(username, groups)) {
out.print("<error>");
out.print("The user \"" + username +
"\" is not authorized for this action.");
@@ -2742,7 +2742,7 @@
PrintWriter out = response.getWriter();
// Check that the user is authenticated as an administrator account
- if (!LDAPUtil.isAdministrator(username, groups)) {
+ if (!AuthUtil.isAdministrator(username, groups)) {
out.print("<error>");
out.print("The user \"" + username +
"\" is not authorized for this action.");
Modified: trunk/src/edu/ucsb/nceas/metacat/MetacatReplication.java
===================================================================
--- trunk/src/edu/ucsb/nceas/metacat/MetacatReplication.java 2008-11-19 23:23:42 UTC (rev 4588)
+++ trunk/src/edu/ucsb/nceas/metacat/MetacatReplication.java 2008-11-19 23:25:09 UTC (rev 4589)
@@ -39,7 +39,7 @@
import edu.ucsb.nceas.metacat.service.DatabaseService;
import edu.ucsb.nceas.metacat.service.PropertyService;
import edu.ucsb.nceas.metacat.service.SessionService;
-import edu.ucsb.nceas.metacat.util.LDAPUtil;
+import edu.ucsb.nceas.metacat.util.AuthUtil;
import edu.ucsb.nceas.metacat.util.MetaCatUtil;
import edu.ucsb.nceas.metacat.util.SessionData;
import edu.ucsb.nceas.metacat.util.SystemUtil;
@@ -205,7 +205,7 @@
username = sessionData.getUserName();
logMetacat.warn("The user name from session is: "+ username);
groupnames = sessionData.getGroupNames();
- if (!LDAPUtil.isAdministrator(username, groupnames))
+ if (!AuthUtil.isAdministrator(username, groupnames))
{
PrintWriter out = response.getWriter();
out.print("<error>");
Modified: trunk/src/edu/ucsb/nceas/metacat/service/PropertyService.java
===================================================================
--- trunk/src/edu/ucsb/nceas/metacat/service/PropertyService.java 2008-11-19 23:23:42 UTC (rev 4588)
+++ trunk/src/edu/ucsb/nceas/metacat/service/PropertyService.java 2008-11-19 23:25:09 UTC (rev 4589)
@@ -60,7 +60,7 @@
private static final String MAIN_CONFIG_NAME = "metacat.properties";
private static final String ORG_CONFIG_NAME = "org.properties";
- private static final String LDAP_CONFIG_NAME = "ldap.properties";
+ private static final String AUTH_CONFIG_NAME = "auth.properties";
private static boolean bypassAlreadyChecked = false;
@@ -79,11 +79,11 @@
private static String orgMetaDataFilePath = null;
private static PropertiesMetaData orgMetaData = null;
- private static String ldapBackupPropertiesFilePath = null;
- private static SortedProperties ldapBackupProperties = null;
+ private static String authBackupPropertiesFilePath = null;
+ private static SortedProperties authBackupProperties = null;
- private static String ldapMetaDataFilePath = null;
- private static PropertiesMetaData ldapMetaData = null;
+ private static String authMetaDataFilePath = null;
+ private static PropertiesMetaData authMetaData = null;
private static Logger logMetacat = Logger.getLogger(PropertyService.class);
@@ -162,13 +162,13 @@
}
- // ldapMetaData holds configuration information about organization level
+ // authMetaData holds configuration information about organization level
// properties. This is primarily used to display input fields on
- // the ldap configuration page. The information is retrieved
- // from an xml metadata file dedicated just to ldap properties.
- ldapMetaDataFilePath = configDir + FileUtil.getFS() + LDAP_CONFIG_NAME + ".metadata.xml";
- if (ldapMetaData == null) {
- ldapMetaData = new PropertiesMetaData(ldapMetaDataFilePath);
+ // the auth configuration page. The information is retrieved
+ // from an xml metadata file dedicated just to auth properties.
+ authMetaDataFilePath = configDir + FileUtil.getFS() + AUTH_CONFIG_NAME + ".metadata.xml";
+ if (authMetaData == null) {
+ authMetaData = new PropertiesMetaData(authMetaDataFilePath);
}
} catch (TransformerException te) {
throw new GeneralPropertyException(te.getMessage());
@@ -198,15 +198,15 @@
orgBackupProperties.load();
}
- // The ldapBackupProperties hold properties that were backed up the
- // last time the LDAP was configured. On disk, the file will
+ // The authBackupProperties hold properties that were backed up the
+ // last time the auth was configured. On disk, the file will
// look like a smaller version of metacat.properties. It is stored
// in the data storage directory outside the application directories.
- ldapBackupPropertiesFilePath = backupDirPath + FileUtil.getFS() + LDAP_CONFIG_NAME + ".backup";
- if (ldapBackupProperties == null) {
- ldapBackupProperties =
- new SortedProperties(ldapBackupPropertiesFilePath);
- ldapBackupProperties.load();
+ authBackupPropertiesFilePath = backupDirPath + FileUtil.getFS() + AUTH_CONFIG_NAME + ".backup";
+ if (authBackupProperties == null) {
+ authBackupProperties =
+ new SortedProperties(authBackupPropertiesFilePath);
+ authBackupProperties.load();
}
}
@@ -318,15 +318,15 @@
}
/**
- * Get the LDAP backup properties file. These are configurable
+ * Get the auth backup properties file. These are configurable
* properties that are stored outside the metacat install directories so
* the user does not need to re-enter all the configuration information
* every time they do an upgrade.
*
* @return a SortedProperties object with the backup properties
*/
- public static SortedProperties getLDAPBackupProperties() {
- return ldapBackupProperties;
+ public static SortedProperties getAuthBackupProperties() {
+ return authBackupProperties;
}
/**
@@ -351,14 +351,14 @@
}
/**
- * Get the LDAP properties metadata. This is retrieved from an xml
+ * Get the auth properties metadata. This is retrieved from an xml
* file that describes the attributes of configurable properties.
*
* @return a PropertiesMetaData object with the organization properties
* metadata
*/
- public static PropertiesMetaData getLDAPMetaData() {
- return ldapMetaData;
+ public static PropertiesMetaData getAuthMetaData() {
+ return authMetaData;
}
/**
@@ -445,29 +445,29 @@
/**
* Writes out backup configurable properties to a file.
*/
- public static void persistLDAPBackupProperties(ServletContext servletContext)
+ public static void persistAuthBackupProperties(ServletContext servletContext)
throws GeneralPropertyException {
// Use the metadata to extract configurable properties from the
// overall properties list, and store those properties.
try {
SortedProperties backupProperties =
- new SortedProperties(ldapBackupPropertiesFilePath);
+ new SortedProperties(authBackupPropertiesFilePath);
- // Populate the backup properties for ldap properties using
+ // Populate the backup properties for auth properties using
// the associated metadata file
- PropertiesMetaData ldapMetadata = new PropertiesMetaData(ldapMetaDataFilePath);
+ PropertiesMetaData authMetadata = new PropertiesMetaData(authMetaDataFilePath);
- Set<String> ldapKeySet = ldapMetadata.getKeys();
- for (String propertyKey : ldapKeySet) {
+ Set<String> authKeySet = authMetadata.getKeys();
+ for (String propertyKey : authKeySet) {
backupProperties.addProperty(propertyKey, getProperty(propertyKey));
}
// store the properties to file
backupProperties.store();
- ldapBackupProperties =
- new SortedProperties(ldapBackupPropertiesFilePath);
- ldapBackupProperties.load();
+ authBackupProperties =
+ new SortedProperties(authBackupPropertiesFilePath);
+ authBackupProperties.load();
} catch (TransformerException te) {
throw new GeneralPropertyException("Could not transform backup properties xml: "
@@ -560,18 +560,18 @@
// setPropertyNoPersist(orgBackupPropertyName, value);
// }
- logMetacat.debug("bypassConfiguration: setting ldap backup properties.");
- SortedProperties ldapBackupProperties = getLDAPBackupProperties();
- Vector<String> ldapBackupPropertyNames =
- ldapBackupProperties.getPropertyNames();
- for (String ldapBackupPropertyName : ldapBackupPropertyNames) {
- String value = ldapBackupProperties.getProperty(ldapBackupPropertyName);
- setPropertyNoPersist(ldapBackupPropertyName, value);
+ logMetacat.debug("bypassConfiguration: setting auth backup properties.");
+ SortedProperties authBackupProperties = getAuthBackupProperties();
+ Vector<String> authBackupPropertyNames =
+ authBackupProperties.getPropertyNames();
+ for (String authBackupPropertyName : authBackupPropertyNames) {
+ String value = authBackupProperties.getProperty(authBackupPropertyName);
+ setPropertyNoPersist(authBackupPropertyName, value);
}
logMetacat.debug("bypassConfiguration: setting configutil sections to true.");
setPropertyNoPersist("configutil.propertiesConfigured", "true");
- setPropertyNoPersist("configutil.ldapConfigured", "true");
+ setPropertyNoPersist("configutil.authConfigured", "true");
// setPropertyNoPersist("configutil.organizationsConfigured", "true");
setPropertyNoPersist("configutil.skinsConfigured", "true");
setPropertyNoPersist("configutil.databaseConfigured", "true");
Copied: trunk/src/edu/ucsb/nceas/metacat/util/AuthUtil.java (from rev 4399, trunk/src/edu/ucsb/nceas/metacat/util/LDAPUtil.java)
===================================================================
--- trunk/src/edu/ucsb/nceas/metacat/util/AuthUtil.java (rev 0)
+++ trunk/src/edu/ucsb/nceas/metacat/util/AuthUtil.java 2008-11-19 23:25:09 UTC (rev 4589)
@@ -0,0 +1,468 @@
+/**
+ * '$RCSfile$'
+ * Purpose: A Class that implements administrative methods
+ * Copyright: 2008 Regents of the University of California and the
+ * National Center for Ecological Analysis and Synthesis
+ * Authors: Michael Daigle
+ *
+ * '$Author$'
+ * '$Date$'
+ * '$Revision$'
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+
+package edu.ucsb.nceas.metacat.util;
+
+import java.util.Calendar;
+import java.util.Vector;
+
+import javax.naming.AuthenticationException;
+import javax.naming.NamingException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+
+import edu.ucsb.nceas.metacat.AuthLdap;
+import edu.ucsb.nceas.metacat.AuthSession;
+import edu.ucsb.nceas.metacat.service.PropertyService;
+import edu.ucsb.nceas.metacat.service.SessionService;
+import edu.ucsb.nceas.utilities.PropertyNotFoundException;
+import edu.ucsb.nceas.utilities.StringUtil;
+
+public class AuthUtil {
+
+ private static Vector<String> administrators = null;
+ private static Vector<String> moderators = null;
+ private static Vector<String> allowedSubmitters = null;
+ private static Vector<String> deniedSubmitters = null;
+
+ /**
+ * private constructor - all methods are static so there is no no need to
+ * instantiate.
+ */
+ private AuthUtil() {}
+
+ /**
+ * Get the administrators from metacat.properties
+ *
+ * @return a Vector of Strings holding the administrators
+ */
+ public static Vector<String> getAdministrators() throws UtilException {
+ if (administrators == null) {
+ populateAdministrators();
+ }
+ return administrators;
+ }
+
+ /**
+ * Get the allowed submitters from metacat.properties
+ *
+ * @return a Vector of Strings holding the submitters
+ */
+ public static Vector<String> getAllowedSubmitters() throws UtilException {
+ if (allowedSubmitters == null) {
+ populateAllowedSubmitters();
+ }
+ return allowedSubmitters;
+ }
+
+ /**
+ * Get the denied submitters from metacat.properties
+ *
+ * @return a Vector of Strings holding the denied submitters
+ */
+ public static Vector<String> getDeniedSubmitters() throws UtilException {
+ if (deniedSubmitters == null) {
+ populateDeniedSubmitters();
+ }
+ return deniedSubmitters;
+ }
+
+ /**
+ * Get the vector of administrator credentials from metacat.properties
+ * and put into global administrators list
+ */
+ private static void populateAdministrators() throws UtilException {
+ String administratorString = null;
+ try {
+ administratorString =
+ PropertyService.getProperty("auth.administrators");
+ } catch (PropertyNotFoundException pnfe) {
+ throw new UtilException("Could not get metacat property: auth.administrators. "
+ + "There will be no registered metacat adminstrators: "
+ + pnfe.getMessage());
+ }
+ administrators = StringUtil.toVector(administratorString, ':');
+ }
+
+ /**
+ * Get the vector of allowed submitter credentials from metacat.properties
+ * and put into global allowedSubmitters list
+ */
+ private static void populateAllowedSubmitters() throws UtilException {
+ String allowedSubmitterString = null;
+ try {
+ allowedSubmitterString = PropertyService.getProperty("auth.allowedSubmitters");
+ } catch (PropertyNotFoundException pnfe) {
+ throw new UtilException("Could not get metacat property: auth.allowedSubmitters. "
+ + "Anyone will be allowed to submit: "
+ + pnfe.getMessage());
+ }
+ allowedSubmitters = StringUtil.toVector(allowedSubmitterString, ':');
+ }
+
+ /**
+ * Get the vector of denied submitter credentials from metacat.properties
+ * and put into global deniedSubmitters list
+ */
+ private static void populateDeniedSubmitters() throws UtilException {
+ String deniedSubmitterString = null;
+ try {
+ deniedSubmitterString = PropertyService.getProperty("auth.deniedSubmitters");
+ } catch (PropertyNotFoundException pnfe) {
+ throw new UtilException("Could not get metacat property: auth.deniedSubmitters: "
+ + pnfe.getMessage());
+ }
+ deniedSubmitters = StringUtil.toVector(deniedSubmitterString, ':');
+ }
+
+// /**
+// * Validate connectivity to the ldap server. This does not test user
+// * authentication. Validation methods return a string error message if there
+// * is an issue. This allows the calling code to run several validations and
+// * compile the errors into a list that can be displayed on a web page if
+// * desired.
+// *
+// * @param ldapurl
+// * the url of the ldap server
+// * @param ldapbase
+// * the ldap base value to test
+// * @return a string holding error message if validation fails.
+// */
+// public static String validateLDAPConnectivity(String ldapurl,
+// String ldapbase) {
+// try {
+// AuthLdap authLdap = new AuthLdap();
+// authLdap.testCredentials(
+// "uid=bogusname,o=NCEAS,dc=ecoinformatics,dc=org",
+// "boguspassword", ldapurl, ldapbase);
+// } catch (AuthenticationException ae) {
+// // Do nothing here. We are using dummy uid and password, so we
+// // expect authentication exceptions
+// } catch (javax.naming.InvalidNameException ine) {
+// return "An invalid domain name was provided: " + ine.getMessage();
+// } catch (NamingException ne) {
+// return "An invalid ldap name was provided: " + ne.getMessage();
+// } catch (InstantiationException ie) {
+// return "Could not instantiate AuthLdap: " + ie.getMessage();
+// }
+//
+// return null;
+// }
+
+ /**
+ * log the user in against ldap. If the login is successful, add
+ * the session information to the session list in SessionUtil.
+ *
+ * @param request the http request.
+ */
+ public static boolean logUserIn(HttpServletRequest request, String userName, String password) throws UtilException {
+ AuthSession authSession = null;
+
+ // make sure we have username and password.
+ if (userName == null || password == null) {
+ throw new UtilException("null username, password, or dn list when logging user in");
+ }
+
+ // put the login credentials into an LDAP string
+// String ldapString = createLDAPString(userName, organization, dnList);
+
+ // Create auth session
+ try {
+ authSession = new AuthSession();
+ } catch (Exception e) {
+ throw new UtilException("Could not instantiate AuthSession: "
+ + e.getMessage());
+ }
+ // authenticate user against ldap
+ boolean isValid = authSession.authenticate(request, userName,
+ password);
+
+ // if login was successful, add the session information to the
+ // global session list.
+ if (isValid) {
+ HttpSession session = authSession.getSessions();
+ String sessionId = session.getId();
+ SessionService.registerSession(sessionId,
+ (String) session.getAttribute("username"),
+ (String[]) session.getAttribute("groupnames"),
+ (String) session.getAttribute("password"));
+ }
+
+ return isValid;
+ }
+
+ /**
+ * Checks to see if the user is logged in by grabbing the session from the
+ * request and seeing if it exists in the global session list.
+ *
+ * @param request the http request that holds the login session
+ * @return boolean that is true if the user is logged in, false otherwise
+ */
+ public static boolean isUserLoggedIn(HttpServletRequest request) throws UtilException{
+ SessionData sessionData = null;
+ String sessionId = request.getSession().getId();
+
+ try {
+
+ if (sessionId != null && SessionService.isSessionRegistered(sessionId)) {
+ // get the registered session data
+ sessionData = SessionService.getRegisteredSession(sessionId);
+
+ // get the timeout limit
+ String sessionTimeout = PropertyService.getProperty("auth.timeoutMinutes");
+ int sessionTimeoutInt = Integer.parseInt(sessionTimeout);
+
+ // get the last time the session was accessed
+ Calendar lastAccessedTime = sessionData.getLastAccessedTime();
+ // get the current time and set back "sessionTimoutInt" minutes
+ Calendar now = Calendar.getInstance();
+ now.add(Calendar.MINUTE, 0 - sessionTimeoutInt);
+
+ // if the last accessed time is before now minus the timeout,
+ // the session has expired. Unregister it and return false.
+ if (lastAccessedTime.before(now)) {
+ SessionService.unRegisterSession(sessionId);
+ return false;
+ }
+
+ return true;
+ }
+
+ } catch (PropertyNotFoundException pnfe) {
+ throw new UtilException("Could not determine if user is logged in because "
+ + "of property error: " + pnfe.getMessage());
+ } catch (NumberFormatException nfe) {
+ throw new UtilException("Could not determine if user is logged in because "
+ + "of number conversion error: " + nfe.getMessage());
+ }
+
+ return false;
+ }
+
+ /**
+ * Checks to see if the user is logged in as admin by first checking if the
+ * user is logged in and then seeing if the user's account is on the
+ * administrators list in metacat.properties.
+ *
+ * @param request
+ * the http request that holds the login session
+ * @return boolean that is true if the user is logged in as admin, false
+ * otherwise
+ */
+ public static boolean isUserLoggedInAsAdmin(HttpServletRequest request) throws UtilException {
+ if (!isUserLoggedIn(request)) {
+ return false;
+ }
+
+ String userName = getUserName(request);
+ boolean isAdmin = isAdministrator(userName, null);
+
+ return isAdmin;
+ }
+
+ /**
+ * Gets the user name from the login session on the http request
+ *
+ * @param request
+ * the http request that holds the login session
+ * @return String that holds the user name
+ */
+ public static String getUserName(HttpServletRequest request) {
+ String userName = (String)request.getSession().getAttribute("username");
+
+ return userName;
+ }
+
+ /**
+ * Gets the user group names from the login session on the http request
+ *
+ * @param request
+ * the http request that holds the login session
+ * @return String array that holds the user groups
+ */
+ public static String[] getGroupNames(HttpServletRequest request) {
+ String sessionId = request.getSession().getId();;
+ SessionData sessionData = SessionService.getRegisteredSession(sessionId);
+ String[] groupNames = { "" };
+
+ if (sessionData != null) {
+ groupNames = sessionData.getGroupNames();
+ }
+
+ return groupNames;
+ }
+
+ /**
+ * Creates an ldap credentail string from the username, organization
+ * and dn list.
+ *
+ * @param username the user name
+ * @param organization the organization
+ * @param dnList a list of dns
+ * @return String holding the ldap login string
+ */
+ public static String createLDAPString(String username, String organization,
+ Vector<String> dnList) throws UtilException {
+
+ if (username == null || organization == null || dnList == null || dnList.size() == 0) {
+ throw new UtilException("Could not generate LDAP user string. One of the following is null: username, organization or dnlist");
+ }
+
+ String ldapString = "uid=" + username + ",o=" + organization;
+
+ for (String dn : dnList) {
+ ldapString += "," + dn;
+ }
+
+ return ldapString;
+ }
+
+ /**
+ * Reports whether LDAP is fully configured.
+ *
+ * @return a boolean that is true if all sections are configured and false
+ * otherwise
+ */
+ public static boolean isAuthConfigured() throws UtilException {
+ String authConfiguredString = PropertyService.UNCONFIGURED;
+ try {
+ authConfiguredString = PropertyService.getProperty("configutil.authConfigured");
+ } catch (PropertyNotFoundException pnfe) {
+ throw new UtilException("Could not determine if LDAP is configured: "
+ + pnfe.getMessage());
+ }
+ return !authConfiguredString.equals(PropertyService.UNCONFIGURED);
+ }
+
+ /**
+ * Check if the specified user is part of the administrators list
+ *
+ * @param username
+ * the user login credentails
+ * @param groups
+ * a list of the user's groups
+ */
+ public static boolean isAdministrator(String username, String[] groups)
+ throws UtilException {
+ return onAccessList(getAdministrators(), username, groups);
+ }
+
+ /**
+ * Check if the specified user is part of the moderators list
+ *
+ * @param username
+ * the user login credentails
+ * @param groups
+ * a list of the user's groups
+ */
+ public static boolean isModerator(String username, String[] groups) {
+ return onAccessList(moderators, username, groups);
+ }
+
+ /**
+ * Check if the specified user is part of the moderators list
+ *
+ * @param username
+ * the user login credentails
+ * @param groups
+ * a list of the user's groups
+ */
+ public static boolean isAllowedSubmitter(String username, String[] groups)
+ throws UtilException {
+ if (getAllowedSubmitters().size() == 0) {
+ // no allowedSubmitters list specified -
+ // hence everyone should be allowed
+ return true;
+ }
+ return (onAccessList(getAllowedSubmitters(), username, groups));
+ }
+
+ /**
+ * Check if the specified user is part of the moderators list
+ *
+ * @param username
+ * the user login credentails
+ * @param groups
+ * a list of the user's groups
+ */
+ public static boolean isDeniedSubmitter(String username, String[] groups)
+ throws UtilException {
+ return (onAccessList(getDeniedSubmitters(), username, groups));
+ }
+
+ /**
+ * Check if the specified user can insert the document
+ *
+ * @param username
+ * the user login credentails
+ * @param groups
+ * a list of the user's groups
+ */
+ public static boolean canInsertOrUpdate(String username, String[] groups)
+ throws UtilException {
+ return (isAllowedSubmitter(username, groups) && !isDeniedSubmitter(username,
+ groups));
+ }
+
+ /**
+ * Check if the user is on a given access list. This is true if either the
+ * user or the user's group is on the list.
+ *
+ * @param accessList the list we want to check against
+ * @param username the name of the user we want to check
+ * @param groups a list of the user's groups
+ */
+ private static boolean onAccessList(Vector<String> accessList, String username,
+ String[] groups) {
+
+ // this should never happen. All calls to this method should use the
+ // appropriate getter to retrieve the accessList. That should guarentee
+ // that the access is at least an empty Vector.
+ if (accessList == null) {
+ return false;
+ }
+
+ // Check that the user is authenticated as an administrator account
+ for (String accessString : accessList) {
+ // check the given admin dn is a group dn...
+ if (groups != null && accessString.startsWith("cn=")) {
+ // is a group dn
+ for (int j = 0; j < groups.length; j++) {
+ if (groups[j].equals(accessString)) {
+ return true;
+ }
+ }
+ } else {
+ // is a user dn
+ if (username != null && username.equals(accessString)) {
+ return true;
+ }
+ }
+ }
+ return false;
+ }
+
+}
Property changes on: trunk/src/edu/ucsb/nceas/metacat/util/AuthUtil.java
___________________________________________________________________
Name: svn:executable
+ *
Name: svn:keywords
+ Author Date Id Revision
Name: svn:mergeinfo
+
Name: svn:eol-style
+ native
Deleted: trunk/src/edu/ucsb/nceas/metacat/util/LDAPUtil.java
===================================================================
--- trunk/src/edu/ucsb/nceas/metacat/util/LDAPUtil.java 2008-11-19 23:23:42 UTC (rev 4588)
+++ trunk/src/edu/ucsb/nceas/metacat/util/LDAPUtil.java 2008-11-19 23:25:09 UTC (rev 4589)
@@ -1,469 +0,0 @@
-/**
- * '$RCSfile$'
- * Purpose: A Class that implements administrative methods
- * Copyright: 2008 Regents of the University of California and the
- * National Center for Ecological Analysis and Synthesis
- * Authors: Michael Daigle
- *
- * '$Author$'
- * '$Date$'
- * '$Revision$'
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
-
-package edu.ucsb.nceas.metacat.util;
-
-import java.util.Calendar;
-import java.util.Vector;
-
-import javax.naming.AuthenticationException;
-import javax.naming.NamingException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
-
-import edu.ucsb.nceas.metacat.AuthLdap;
-import edu.ucsb.nceas.metacat.AuthSession;
-import edu.ucsb.nceas.metacat.service.PropertyService;
-import edu.ucsb.nceas.metacat.service.SessionService;
-import edu.ucsb.nceas.utilities.PropertyNotFoundException;
-import edu.ucsb.nceas.utilities.StringUtil;
-
-public class LDAPUtil {
-
- private static Vector<String> administrators = null;
- private static Vector<String> moderators = null;
- private static Vector<String> allowedSubmitters = null;
- private static Vector<String> deniedSubmitters = null;
-
- /**
- * private constructor - all methods are static so there is no no need to
- * instantiate.
- */
- private LDAPUtil() {}
-
- /**
- * Get the administrators from metacat.properties
- *
- * @return a Vector of Strings holding the administrators
- */
- public static Vector<String> getAdministrators() throws UtilException {
- if (administrators == null) {
- populateAdministrators();
- }
- return administrators;
- }
-
- /**
- * Get the allowed submitters from metacat.properties
- *
- * @return a Vector of Strings holding the submitters
- */
- public static Vector<String> getAllowedSubmitters() throws UtilException {
- if (allowedSubmitters == null) {
- populateAllowedSubmitters();
- }
- return allowedSubmitters;
- }
-
- /**
- * Get the denied submitters from metacat.properties
- *
- * @return a Vector of Strings holding the denied submitters
- */
- public static Vector<String> getDeniedSubmitters() throws UtilException {
- if (deniedSubmitters == null) {
- populateDeniedSubmitters();
- }
- return deniedSubmitters;
- }
-
- /**
- * Get the vector of administrator credentials from metacat.properties
- * and put into global administrators list
- */
- private static void populateAdministrators() throws UtilException {
- String administratorString = null;
- try {
- administratorString =
- PropertyService.getProperty("ldap.administrators");
- } catch (PropertyNotFoundException pnfe) {
- throw new UtilException("Could not get metacat property: ldap.administrators. "
- + "There will be no registered metacat adminstrators: "
- + pnfe.getMessage());
- }
- administrators = StringUtil.toVector(administratorString, ':');
- }
-
- /**
- * Get the vector of allowed submitter credentials from metacat.properties
- * and put into global allowedSubmitters list
- */
- private static void populateAllowedSubmitters() throws UtilException {
- String allowedSubmitterString = null;
- try {
- allowedSubmitterString = PropertyService.getProperty("ldap.allowedSubmitters");
- } catch (PropertyNotFoundException pnfe) {
- throw new UtilException("Could not get metacat property: ldap.allowedSubmitters. "
- + "Anyone will be allowed to submit: "
- + pnfe.getMessage());
- }
- allowedSubmitters = StringUtil.toVector(allowedSubmitterString, ':');
- }
-
- /**
- * Get the vector of denied submitter credentials from metacat.properties
- * and put into global deniedSubmitters list
- */
- private static void populateDeniedSubmitters() throws UtilException {
- String deniedSubmitterString = null;
- try {
- deniedSubmitterString = PropertyService.getProperty("ldap.deniedSubmitters");
- } catch (PropertyNotFoundException pnfe) {
- throw new UtilException("Could not get metacat property: ldap.deniedSubmitters: "
- + pnfe.getMessage());
- }
- deniedSubmitters = StringUtil.toVector(deniedSubmitterString, ':');
- }
-
- /**
- * Validate connectivity to the ldap server. This does not test user
- * authentication. Validation methods return a string error message if there
- * is an issue. This allows the calling code to run several validations and
- * compile the errors into a list that can be displayed on a web page if
- * desired.
- *
- * @param ldapurl
- * the url of the ldap server
- * @param ldapbase
- * the ldap base value to test
- * @return a string holding error message if validation fails.
- */
- public static String validateLDAPConnectivity(String ldapurl,
- String ldapbase) {
- try {
- AuthLdap authLdap = new AuthLdap();
- authLdap.testCredentials(
- "uid=bogusname,o=NCEAS,dc=ecoinformatics,dc=org",
- "boguspassword", ldapurl, ldapbase);
- } catch (AuthenticationException ae) {
- // Do nothing here. We are using dummy uid and password, so we
- // expect authentication exceptions
- } catch (javax.naming.InvalidNameException ine) {
- return "An invalid domain name was provided: " + ine.getMessage();
- } catch (NamingException ne) {
- return "An invalid ldap name was provided: " + ne.getMessage();
- } catch (InstantiationException ie) {
- return "Could not instantiate AuthLdap: " + ie.getMessage();
- }
-
- return null;
- }
-
- /**
- * log the user in against ldap. If the login is successful, add
- * the session information to the session list in SessionUtil.
- *
- * @param request the http request.
- */
- public static boolean logUserIn(HttpServletRequest request, String userName, String organization,
- Vector<String> dnList, String password) throws UtilException {
- AuthSession authSession = null;
-
- // make sure we have username and password.
- if (userName == null || password == null || dnList == null || dnList.size() == 0) {
- throw new UtilException("null username, password, or dn list when logging user in");
- }
-
- // put the login credentials into an LDAP string
- String ldapString = createLDAPString(userName, organization, dnList);
-
- // Create auth session
- try {
- authSession = new AuthSession();
- } catch (Exception e) {
- throw new UtilException("Could not instantiate AuthSession: "
- + e.getMessage());
- }
- // authenticate user against ldap
- boolean isValid = authSession.authenticate(request, ldapString,
- password);
-
- // if login was successful, add the session information to the
- // global session list.
- if (isValid) {
- HttpSession session = authSession.getSessions();
- String sessionId = session.getId();
- SessionService.registerSession(sessionId,
- (String) session.getAttribute("username"),
- (String[]) session.getAttribute("groupnames"),
- (String) session.getAttribute("password"));
- }
-
- return isValid;
- }
-
- /**
- * Checks to see if the user is logged in by grabbing the session from the
- * request and seeing if it exists in the global session list.
- *
- * @param request the http request that holds the login session
- * @return boolean that is true if the user is logged in, false otherwise
- */
- public static boolean isUserLoggedIn(HttpServletRequest request) throws UtilException{
- SessionData sessionData = null;
- String sessionId = request.getSession().getId();
-
- try {
-
- if (sessionId != null && SessionService.isSessionRegistered(sessionId)) {
- // get the registered session data
- sessionData = SessionService.getRegisteredSession(sessionId);
-
- // get the timeout limit
- String sessionTimeout = PropertyService.getProperty("auth.timeoutMinutes");
- int sessionTimeoutInt = Integer.parseInt(sessionTimeout);
-
- // get the last time the session was accessed
- Calendar lastAccessedTime = sessionData.getLastAccessedTime();
- // get the current time and set back "sessionTimoutInt" minutes
- Calendar now = Calendar.getInstance();
- now.add(Calendar.MINUTE, 0 - sessionTimeoutInt);
-
- // if the last accessed time is before now minus the timeout,
- // the session has expired. Unregister it and return false.
- if (lastAccessedTime.before(now)) {
- SessionService.unRegisterSession(sessionId);
- return false;
- }
-
- return true;
- }
-
- } catch (PropertyNotFoundException pnfe) {
- throw new UtilException("Could not determine if user is logged in because "
- + "of property error: " + pnfe.getMessage());
- } catch (NumberFormatException nfe) {
- throw new UtilException("Could not determine if user is logged in because "
- + "of number conversion error: " + nfe.getMessage());
- }
-
- return false;
- }
-
- /**
- * Checks to see if the user is logged in as admin by first checking if the
- * user is logged in and then seeing if the user's account is on the
- * administrators list in metacat.properties.
- *
- * @param request
- * the http request that holds the login session
- * @return boolean that is true if the user is logged in as admin, false
- * otherwise
- */
- public static boolean isUserLoggedInAsAdmin(HttpServletRequest request) throws UtilException {
- if (!isUserLoggedIn(request)) {
- return false;
- }
-
- String userName = getUserName(request);
- boolean isAdmin = isAdministrator(userName, null);
-
- return isAdmin;
- }
-
- /**
- * Gets the user name from the login session on the http request
- *
- * @param request
- * the http request that holds the login session
- * @return String that holds the user name
- */
- public static String getUserName(HttpServletRequest request) {
- String userName = (String)request.getSession().getAttribute("username");
-
- return userName;
- }
-
- /**
- * Gets the user group names from the login session on the http request
- *
- * @param request
- * the http request that holds the login session
- * @return String array that holds the user groups
- */
- public static String[] getGroupNames(HttpServletRequest request) {
- String sessionId = request.getSession().getId();;
- SessionData sessionData = SessionService.getRegisteredSession(sessionId);
- String[] groupNames = { "" };
-
- if (sessionData != null) {
- groupNames = sessionData.getGroupNames();
- }
-
- return groupNames;
- }
-
- /**
- * Creates an ldap credentail string from the username, organization
- * and dn list.
- *
- * @param username the user name
- * @param organization the organization
- * @param dnList a list of dns
- * @return String holding the ldap login string
- */
- public static String createLDAPString(String username, String organization,
- Vector<String> dnList) throws UtilException {
-
- if (username == null || organization == null || dnList == null || dnList.size() == 0) {
- throw new UtilException("Could not generate LDAP user string. One of the following is null: username, organization or dnlist");
- }
-
- String ldapString = "uid=" + username + ",o=" + organization;
-
- for (String dn : dnList) {
- ldapString += "," + dn;
- }
-
- return ldapString;
- }
-
- /**
- * Reports whether LDAP is fully configured.
- *
- * @return a boolean that is true if all sections are configured and false
- * otherwise
- */
- public static boolean isLDAPConfigured() throws UtilException {
- String ldapConfiguredString = PropertyService.UNCONFIGURED;
- try {
- ldapConfiguredString = PropertyService.getProperty("configutil.ldapConfigured");
- } catch (PropertyNotFoundException pnfe) {
- throw new UtilException("Could not determine if LDAP is configured: "
- + pnfe.getMessage());
- }
- return !ldapConfiguredString.equals(PropertyService.UNCONFIGURED);
- }
-
- /**
- * Check if the specified user is part of the administrators list
- *
- * @param username
- * the user login credentails
- * @param groups
- * a list of the user's groups
- */
- public static boolean isAdministrator(String username, String[] groups)
- throws UtilException {
- return onAccessList(getAdministrators(), username, groups);
- }
-
- /**
- * Check if the specified user is part of the moderators list
- *
- * @param username
- * the user login credentails
- * @param groups
- * a list of the user's groups
- */
- public static boolean isModerator(String username, String[] groups) {
- return onAccessList(moderators, username, groups);
- }
-
- /**
- * Check if the specified user is part of the moderators list
- *
- * @param username
- * the user login credentails
- * @param groups
- * a list of the user's groups
- */
- public static boolean isAllowedSubmitter(String username, String[] groups)
- throws UtilException {
- if (getAllowedSubmitters().size() == 0) {
- // no allowedSubmitters list specified -
- // hence everyone should be allowed
- return true;
- }
- return (onAccessList(getAllowedSubmitters(), username, groups));
- }
-
- /**
- * Check if the specified user is part of the moderators list
- *
- * @param username
- * the user login credentails
- * @param groups
- * a list of the user's groups
- */
- public static boolean isDeniedSubmitter(String username, String[] groups)
- throws UtilException {
- return (onAccessList(getDeniedSubmitters(), username, groups));
- }
-
- /**
- * Check if the specified user can insert the document
- *
- * @param username
- * the user login credentails
- * @param groups
- * a list of the user's groups
- */
- public static boolean canInsertOrUpdate(String username, String[] groups)
- throws UtilException {
- return (isAllowedSubmitter(username, groups) && !isDeniedSubmitter(username,
- groups));
- }
-
- /**
- * Check if the user is on a given access list. This is true if either the
- * user or the user's group is on the list.
- *
- * @param accessList the list we want to check against
- * @param username the name of the user we want to check
- * @param groups a list of the user's groups
- */
- private static boolean onAccessList(Vector<String> accessList, String username,
- String[] groups) {
-
- // this should never happen. All calls to this method should use the
- // appropriate getter to retrieve the accessList. That should guarentee
- // that the access is at least an empty Vector.
- if (accessList == null) {
- return false;
- }
-
- // Check that the user is authenticated as an administrator account
- for (String accessString : accessList) {
- // check the given admin dn is a group dn...
- if (groups != null && accessString.startsWith("cn=")) {
- // is a group dn
- for (int j = 0; j < groups.length; j++) {
- if (groups[j].equals(accessString)) {
- return true;
- }
- }
- } else {
- // is a user dn
- if (username != null && username.equals(accessString)) {
- return true;
- }
- }
- }
- return false;
- }
-
-}
Modified: trunk/src/edu/ucsb/nceas/metacat/util/MetaCatUtil.java
===================================================================
--- trunk/src/edu/ucsb/nceas/metacat/util/MetaCatUtil.java 2008-11-19 23:23:42 UTC (rev 4588)
+++ trunk/src/edu/ucsb/nceas/metacat/util/MetaCatUtil.java 2008-11-19 23:25:09 UTC (rev 4589)
@@ -927,7 +927,7 @@
try {
metacatConfigured = PropertyService.arePropertiesConfigured()
// && OrganizationUtil.areOrganizationsConfigured()
- && LDAPUtil.isLDAPConfigured()
+ && AuthUtil.isAuthConfigured()
&& SkinUtil.areSkinsConfigured()
&& DatabaseUtil.isDatabaseConfigured()
&& GeoserverUtil.isGeoserverConfigured();
More information about the Metacat-cvs
mailing list