Changeset 28958

Show
Ignore:
Timestamp:
03.04.2014 17:34:44 (5 years ago)
Author:
davidb
Message:

Remote Greenstone user authenticaton stopped working, because the code working with the DerbyWrapper? had changed, and now gliserver.pl could no longer instantiate another JVM that would access the Derby DB (via the users2DBtxt.java) when wanting to check if a user authenticates. Instead, a new GS3 service has been written, Authentication.remoteAuthentication(). This is called from the authentication-ping system action URL that the new ServletRealmCheck?.java pings when it is called by gliserver.pl

Location:
main/trunk
Files:
1 added
5 modified

Legend:

Unmodified
Added
Removed
  • main/trunk/greenstone2/common-src/cgi-bin/gliserver.pl

    r27411 r28958  
    196196    } 
    197197 
    198     my $users_db_content; 
    199198    if($gsdl_cgi->greenstone_version() == 2) { 
     199    my $users_db_content; 
    200200    my $etc_directory = &util::filename_cat($ENV{'GSDLHOME'}, "etc"); 
    201201    my $users_db_file_path = &util::filename_cat($etc_directory, "users.gdb"); 
     
    208208    } 
    209209    close(USERS_DB); 
    210     } 
    211     elsif($gsdl_cgi->greenstone_version() == 3) { 
    212     my $gsdl3srchome = $ENV{'GSDL3SRCHOME'}; 
    213  
    214     my $java = $gsdl_cgi->get_java_path(); 
    215     my $java_gsdl3_classpath = &util::filename_cat($gsdl3srchome, "web", "WEB-INF", "lib", "gsdl3.jar"); 
    216     my $java_derby_classpath = &util::filename_cat($gsdl3srchome, "web", "WEB-INF", "lib", "derby.jar"); 
    217     my $java_classpath; 
    218     my $gsdlos = $ENV{'GSDLOS'}; 
    219     if ($gsdlos !~ m/windows/){ 
    220         $java_classpath = $java_gsdl3_classpath . ":" . $java_derby_classpath; 
    221     }else{ 
    222         $java_classpath = $java_gsdl3_classpath . ";" . $java_derby_classpath; 
    223     } 
    224     my $java_args = &util::filename_cat($gsdl3srchome, "web", "sites", $site, "etc", "usersDB"); 
    225     $gsdl_cgi->checked_chdir($java_args); 
    226     my $java_command="\"$java\" -classpath \"$java_classpath\" org.greenstone.gsdl3.util.usersDB2txt \"$java_args\" 2>&1"; 
    227     $users_db_content = `$java_command`; 
    228     } 
    229210     
    230211    # Get the user account information from the usersDB database 
     
    232213 
    233214    # a line dividing one user entry from another is made up of 70 hyphens for GS2 (37 hyphens for GS3) 
    234     my $horizontal_divider = ($gsdl_cgi->greenstone_version() == 2) ? q/-{70}/ : q/-{37}/; 
     215    my $horizontal_divider = q/-{70}/; 
    235216    foreach my $users_db_entry (split($horizontal_divider, $users_db_content)) {     
    236217    if ($users_db_entry =~ m/\n?\[(.+)\]\n/ || $users_db_entry =~ m/\n?USERNAME = ([^\n]*)\n/) { # GS2 and GS3 formats 
     
    246227 
    247228    # Check password 
    248     my $pwdLine = ($gsdl_cgi->greenstone_version() == 2) ? q/\<password\>(.*)/ : q/\n?PASSWORD = (.*)\n/; 
     229    my $pwdLine = q/\<password\>(.*)/; 
    249230    my ($valid_user_password) = ($user_data =~ m/$pwdLine/); 
    250231    if ($user_password ne $valid_user_password) { 
     
    253234 
    254235    # Check group 
    255     my $groupLine = ($gsdl_cgi->greenstone_version() == 2) ? q/\<groups\>(.*)/ : q/\n?GROUPS = (.*)\n/; 
     236    my $groupLine = q/\<groups\>(.*)/; 
    256237    my ($user_groups) = ($user_data =~ m/$groupLine/); 
    257238 
     
    276257    } 
    277258    $gsdl_cgi->generate_error("Authentication failed: user is not in the required group."); 
     259    } 
     260     
     261    # "GS3\web\WEB-INF\lib\gsdl3.jar;GS3\web\WEB-INF\lib\derby.jar"  
     262    # org.greenstone.gsdl3.util.usersDBRealm2txt "GSDL3SRCHOME" username pwd <col> 2>&1 
     263    elsif($gsdl_cgi->greenstone_version() == 3) { 
     264        my $gsdl3srchome = $ENV{'GSDL3SRCHOME'}; 
     265 
     266        my $java = $gsdl_cgi->get_java_path(); 
     267        my $java_gsdl3_classpath = &util::filename_cat($gsdl3srchome, "web", "WEB-INF", "lib", "gsdl3.jar"); 
     268        my $java_derby_classpath = &util::filename_cat($gsdl3srchome, "web", "WEB-INF", "lib", "derby.jar"); 
     269        my $java_classpath; 
     270        my $gsdlos = $ENV{'GSDLOS'}; 
     271        if ($gsdlos !~ m/windows/){ 
     272            $java_classpath = $java_gsdl3_classpath . ":" . $java_derby_classpath; 
     273        }else{ 
     274            $java_classpath = $java_gsdl3_classpath . ";" . $java_derby_classpath; 
     275        }        
     276        my $java_args = "\"$gsdl3srchome\" \"$username\" \"$user_password\""; 
     277        if ($collection ne "") { 
     278            $java_args += " \"$collection\""; 
     279        } 
     280         
     281        $gsdl_cgi->checked_chdir($gsdl3srchome);     
     282        my $java_command="\"$java\" -classpath \"$java_classpath\" org.greenstone.gsdl3.util.ServletRealmCheck $java_args 2>&1"; # call it ServletRealmCheck 
     283        my $java_output = `$java_command`; 
     284        if ($java_output =~ m/^Authentication failed:/) { # $java_output contains the error message 
     285            $gsdl_cgi->generate_error($java_output); # "\nJAVA_COMMAND: $java_command\n" 
     286        } 
     287        else { # success, $java_output is the user_groups list           
     288            return $java_output;  
     289        } 
     290    } 
    278291} 
    279292 
     
    898911    foreach $sites_dir(@sites_dir) 
    899912    { 
    900     if (!(($sites_dir eq ".") || ($sites_dir eq "..") || ($sites_dir eq "CVS") || ($sites_dir eq ".DS_Store"))) 
     913    if (!(($sites_dir eq ".") || ($sites_dir eq "..") || ($sites_dir eq "CVS") || ($sites_dir eq ".DS_Store") || ($sites_dir eq "ADDING-A-SITE.txt"))) 
    901914    { 
    902915        my $site_dir_path= &util::filename_cat($sites_directory,$sites_dir); 
  • main/trunk/greenstone3/src/java/org/greenstone/gsdl3/action/SystemAction.java

    r28382 r28958  
    5050            to = coll; 
    5151        } 
     52        else if(subaction.equals("authenticated-ping")) { 
     53            to = "RemoteAuthentication"; // not "Authentication/RemoteAuthentication": MessageRouter knows to map the RemoteAuthentication service to the Authentication module 
     54        } 
    5255 
    5356        Element mr_request_message = doc.createElement(GSXML.MESSAGE_ELEM); 
     
    8588            system.setAttribute(GSXML.TYPE_ATT, GSXML.SYSTEM_TYPE_PING); 
    8689        } 
     90        else if (subaction.equals("authenticated-ping")) { // can check whether a given username and password authenticates 
     91         
     92            String username = (String) params.get(GSParams.UN); 
     93            String password = (String) params.get(GSParams.PW); 
     94             
     95             
     96            system.setAttribute(GSXML.TYPE_ATT, GSXML.SYSTEM_TYPE_AUTHENTICATED_PING); 
     97            system.setAttribute(GSXML.USERNAME_ATT, username); 
     98            system.setAttribute(GSXML.PASSWORD_ATT, password); 
     99             
     100            if(params.containsKey("col")) {//params.containsKey(GSParams.COLLECTION)) { 
     101                String collection = (String) params.get("col");//(String) params.get(GSParams.COLLECTION); 
     102                system.setAttribute(GSXML.COLLECTION_ATT, collection); 
     103            } 
     104             
     105        } 
     106         
    87107        //else if (subaction.equals("is-persistent")){ 
    88108        //  system.setAttribute(GSXML.TYPE_ATT, GSXML.SYSTEM_TYPE_ISPERSISTENT); 
  • main/trunk/greenstone3/src/java/org/greenstone/gsdl3/service/Authentication.java

    r28281 r28958  
    128128    protected static final String GET_USER_INFORMATION_SERVICE = "GetUserInformation"; 
    129129    protected static final String CHANGE_USER_EDIT_MODE_SERVICE = "ChangeUserEditMode"; 
     130    protected static final String REMOTE_AUTHENTICATION_SERVICE = "RemoteAuthentication"; 
    130131 
    131132    protected static boolean _derbyWrapperDoneForcedShutdown = false; 
     
    181182        changeEditMode_service.setAttribute(GSXML.NAME_ATT, CHANGE_USER_EDIT_MODE_SERVICE); 
    182183        this.short_service_info.appendChild(changeEditMode_service); 
     184         
     185        Element remoteAuthentication_service = this.doc.createElement(GSXML.SERVICE_ELEM); 
     186        remoteAuthentication_service.setAttribute(GSXML.TYPE_ATT, GSXML.SERVICE_TYPE_PROCESS); 
     187        remoteAuthentication_service.setAttribute(GSXML.NAME_ATT, REMOTE_AUTHENTICATION_SERVICE); 
     188        this.short_service_info.appendChild(remoteAuthentication_service); 
     189         
    183190 
    184191        DerbyWrapper.createDatabaseIfNeeded(); 
     
    227234            authen_service.setAttribute(GSXML.NAME_ATT, CHANGE_USER_EDIT_MODE_SERVICE); 
    228235        } 
     236        else if (service_id.equals(REMOTE_AUTHENTICATION_SERVICE)) 
     237        { 
     238            authen_service.setAttribute(GSXML.TYPE_ATT, GSXML.SERVICE_TYPE_PROCESS); 
     239            authen_service.setAttribute(GSXML.NAME_ATT, REMOTE_AUTHENTICATION_SERVICE); 
     240        }        
    229241        else 
    230242        { 
     
    287299    } 
    288300 
     301    /** 
     302     * This method replaces the gliserver.pl code for authenticating a user against the derby database 
     303     * gliserver.pl needed to instantiate its own JVM to access the derby DB, but the GS3 already has 
     304     * the Derby DB open and 2 JVMs are not allowed concurrent access to an open embedded Derby DB. 
     305     * Gliserver.pl now goes through this method (via ServletRealmCheck.java), thereby using the same  
     306     * connection to the DerbyDB. This method reproduces the same behaviour as gliserver.pl used to, 
     307     * by returning the user_groups on successful authentication, else returns the specific  
     308     * "Authentication failed" messages that glisever.pl would produce. 
     309     * http://remote-host-name:8383/greenstone3/library?a=s&sa=authenticated-ping&excerptid=gs_content&un=admin&pw=<PW>&col=demo 
     310    */ 
     311    protected Element processRemoteAuthentication(Element request) { 
     312        //logger.info("*** Authentication::processRemoteAuthentication");    
     313         
     314        String message = ""; 
     315         
     316        Element system = (Element) GSXML.getChildByTagName(request, GSXML.REQUEST_TYPE_SYSTEM);      
     317        String username = system.hasAttribute("username") ? system.getAttribute("username") : ""; 
     318        String password = system.hasAttribute("password") ? system.getAttribute("password") : ""; 
     319         
     320         
     321        // If we're not editing a collection then the user doesn't need to be in a particular group 
     322        String collection = system.hasAttribute("collection") ? system.getAttribute("collection") : ""; 
     323                 
     324         
     325        if(username.equals("") || password.equals("")) { 
     326            message = "Authentication failed: no (username or) password specified."; 
     327            //logger.error("*** Remote login failed. No username or pwd provided"); 
     328        }        
     329        else {       
     330            String storedPassword = retrieveDataForUser(username, "password"); 
     331            if(storedPassword != null && (password.equals(storedPassword) || hashPassword(password).equals(storedPassword))) { 
     332                 
     333                // gliserver.pl used to return the groups when authentication succeeded 
     334                String groups = retrieveDataForUser(username, "groups"); //comma-separated list 
     335                 
     336                if(collection.equals("")) { 
     337                    message = groups; 
     338                } else {                     
     339                     
     340                    if(groups.indexOf("all-collections-editor") != -1) { // Does this user have access to all collections? 
     341                        message = groups; 
     342                    } else if(groups.indexOf("personal-collections-editor") != -1 && collection.startsWith(username+"-")) { // Does this user have access to personal collections, and is this one? 
     343                        message = groups; 
     344                    } else if(groups.indexOf(collection+"-collection-editor") != -1) { //  Does this user have access to this collection? 
     345                        message = groups; 
     346                    } 
     347                    else { 
     348                        message = "Authentication failed: user is not in the required group."; 
     349                        //logger.error("*** Remote login failed. Groups did not match for the collection specified"); 
     350                    } 
     351                } 
     352                 
     353            } else { 
     354                 
     355                if(storedPassword == null) { 
     356                    message = "Authentication failed: no account for user '" + username + "'"; 
     357                    //logger.error("*** Remote login failed. User not found or password not set for user."); 
     358                } else { 
     359                    message = "Authentication failed: incorrect password."; 
     360                    //logger.error("*** Remote login failed. Password did not match for user"); 
     361                } 
     362            } 
     363        } 
     364         
     365        Element result = this.doc.createElement(GSXML.RESPONSE_ELEM); 
     366        result.setAttribute(GSXML.FROM_ATT, REMOTE_AUTHENTICATION_SERVICE); 
     367        result.setAttribute(GSXML.TYPE_ATT, GSXML.REQUEST_TYPE_PROCESS);         
     368        Element s = GSXML.createTextElement(this.doc, GSXML.STATUS_ELEM, message); 
     369        result.appendChild(s); 
     370        return result; 
     371    } 
     372     
    289373    protected Element processGetUserInformation(Element request) 
    290374    { 
  • main/trunk/greenstone3/src/java/org/greenstone/gsdl3/util/GSParams.java

    r27719 r28958  
    3232    public static final String OUTPUT = "o"; // if processing is to be done, what type of output - html/xml/other?? 
    3333    public static final String SERVICE = "s"; // the name of the service 
     34     
     35    public static final String UN = "un"; // username for authenticated-ping 
     36    public static final String PW = "pw"; // pwd for authenticated-ping 
    3437 
    3538    public static final String CLUSTER = "c"; // these two are the same 
  • main/trunk/greenstone3/src/java/org/greenstone/gsdl3/util/GSXML.java

    r28858 r28958  
    243243    public static final String SYSTEM_TYPE_DEACTIVATE = "deactivate"; 
    244244    public static final String SYSTEM_TYPE_PING = "ping"; 
     245    public static final String SYSTEM_TYPE_AUTHENTICATED_PING = "authenticated-ping"; 
    245246    //public static final String SYSTEM_TYPE_ISPERSISTENT = "is-persistent"; 
    246247 
     
    287288    public static final String BASE_URL = "baseURL"; 
    288289 
     290    // only for authenticated-ping 
     291    public static final String PASSWORD_ATT = "password"; 
     292     
    289293    //for classifiers 
    290294    public static final String CHILD_TYPE_ATT = "childType";