source: main/trunk/greenstone3/src/java/org/greenstone/gsdl3/util/ServletRealmCheck.java@ 34164

Last change on this file since 34164 was 34164, checked in by ak19, 4 years ago

Adding warning comments about where stderr messages n ServletRealmCheck end up going and how they can break gliserver.pl's functioning so that client-GLI doesn't get to see the collections a user has access to.
File size: 6.6 KB
Line 
1/*
2 * ServletRealmCheck.java
3 * Copyright (C) 2008 New Zealand Digital Library, http://www.nzdl.org
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
18 */
19package org.greenstone.gsdl3.util;
20
21import java.io.BufferedReader;
22import java.io.File;
23import java.io.FileInputStream;
24import java.io.InputStream;
25import java.io.InputStreamReader;
26import java.io.IOException;
27import java.net.HttpURLConnection;
28import java.net.URL;
29import java.net.URLConnection;
30import java.util.Properties;
31
32import org.greenstone.util.ProtocolPortProperties;
33
34/**
35 * Commandline script that is used by gliserver.pl to authenticate a username and password and
36 * return the user's groups, while the derby server is running. Because 2 JVM instances can't
37 * access the same embedded derby server at the same time, gliserver can't call usersDB2txt.java.
38 * If a collection parameter is additionally provided, this script will check the user's groups
39 * to see if any of these allow the user to edit that collection.
40 *
41 * Run as java org.greenstone.gsdl3.util.ServletRealmCheck <GSDL3HOME> <un> <pwd> [-c colname] [-s servletname]
42 *
43 * >java -classpath "greenstone3\web\WEB-INF\lib\gsdl3.jar;greenstone3\web\WEB-INF\lib\gutil.jar"
44 * org.greenstone.gsdl3.util.ServletRealmCheck "greenstone3\web" <un> <pw> [-c colname] [-s servlet-name] 2>&1
45 *
46 * Tries URL: http://hostname:port/context/servletname?a=s&sa=authenticated-ping&excerptid=gs_content&un=<un>&pw=<pw>[&col=colname]
47 * The &excerptid=gs_content in the URL will return just the <div id="gs_content" /> part of the
48 * page that we're interested in.
49 *
50 * Result: either prints out an error message ("Authentication failed...") or a positive result,
51 * which is the user's groups. For the admin user example: administrator,all-collections-editor.
52 * If no collection is specified, will print the user groups.
53 * If a collection is specified, will only print user groups if the user has access to the collection.
54 *
55 * -s <servletname> to specify a specific servlet-name if different from default of "library".
56 * This is probaly only meaningful if there is no library called "library" as all servlet-names
57 * I think would respond identically to the ping regarding the groups a user belongs to.
58*/
59public class ServletRealmCheck
60{
61 private static void printUsageAndTerminate() {
62 System.out.println("Run with: <GSDL3HOME> <un> <pwd> [-c collection-name] [-s servlet-name]");
63 System.exit(0);
64 }
65
66 public static void main(String[] args) {
67
68 if (args.length < 3 || args.length > 7){
69 printUsageAndTerminate();
70 } else if(args.length % 2 == 0) { // for all args past the 3rd arg, need odd number of args:
71 // first 3 args + (2 args for each -flag-option value combination) = odd number of args
72 printUsageAndTerminate();
73 }
74
75 String gsdl3home = args[0];
76 String username = args[1];
77 String password = args[2];
78 //String collection = (args.length > 3) ? args[3] : null;
79 String collection = null;
80 String libservletname = "library"; // fallback to default library servlet
81
82 for(int i = 3; i < args.length; i++) {
83 if(args[i].equals("-c")) {
84 collection = args[++i];
85 }
86 else if(args[i].equals("-s")) {
87 libservletname = args[++i];
88 }
89 }
90
91
92 //System.err.println("gsdl3srchome: " + gsdl3srchome);
93 //System.err.println("username: " + username);
94 //System.err.println("password: " + password);
95 //System.err.println("collection: " + collection);
96
97
98 // Load the global.properties file, get the GS3 server URL and send authenticated-ping and print the return result
99
100 //http://www.mkyong.com/java/java-properties-file-examples/
101 Properties globalProps = new Properties();
102 InputStream input = null;
103
104 try {
105 File globalPropsFile = new File(gsdl3home, "WEB-INF" +File.separatorChar+ "classes"+ File.separatorChar+"global.properties");
106 input = new FileInputStream(globalPropsFile);
107
108 // load a properties file
109 globalProps.load(input);
110
111 // get the property value and print it out
112 String servername = globalProps.getProperty("tomcat.server");
113 ProtocolPortProperties protocolPortProps = new ProtocolPortProperties(globalProps); // can throw Exception
114 String protocol = protocolPortProps.getProtocol();
115 String port = protocolPortProps.getPort();
116 int portNum = Integer.parseInt(port);
117
118 String context = globalProps.getProperty("tomcat.context");
119 // Appending &excerptid=gs_content will get just the <div ... id="gs_content"/> from the final web page:
120 String urlSuffix = "/"+context+"/"+libservletname+"?a=s&sa=authenticated-ping&excerptid=gs_content&un="+username+"&pw="+password;
121 if(collection != null) {
122 urlSuffix = urlSuffix + "&col="+collection;
123 }
124 URL authenticationUrl = new URL(protocol, servername, portNum, urlSuffix);
125
126 HttpURLConnection conn = (HttpURLConnection)authenticationUrl.openConnection();
127 BufferedReader reader = new BufferedReader(new InputStreamReader(conn.getInputStream()));
128 String result = "";
129 String line = null;
130
131 while((line = reader.readLine()) != null) {
132 result += line;
133 }
134
135 // Beware: these stderr statements go into gliserver authenticate_user_gs3
136 // results, messing up zip files by adding the debugging text into the zip headers
137 //System.err.println("** Sent: " + authenticationUrl);
138 //System.err.println("** Got result:\n" + result);
139
140 // Parse out the content nested inside <div ... id="gs_content"> </div>
141 int start = result.indexOf("id=\"gs_content\"");
142 if(start != -1) {
143 start = result.indexOf(">", start);
144 int end = result.indexOf("<", start);
145 result = result.substring(start+1, end);
146 result = result.trim();
147 }
148
149 // Now we finally have what we actually want to print out for the caller to use
150 System.out.print(result + ","); // don't add newline to end
151
152 } catch (Exception ex) {
153 System.err.println("Authentication failed: Java error: " + ex.getMessage());
154 ex.printStackTrace();
155 } finally {
156 if (input != null) {
157 try {
158 input.close();
159 } catch (IOException e) {
160 e.printStackTrace();
161 }
162 }
163 }
164
165 }
166
167}
Note: See TracBrowser for help on using the repository browser.