Ignore:
Timestamp:
2014-04-03T17:34:44+13:00 (10 years ago)
Author:
davidb
Message:

Remote Greenstone user authenticaton stopped working, because the code working with the DerbyWrapper had changed, and now gliserver.pl could no longer instantiate another JVM that would access the Derby DB (via the users2DBtxt.java) when wanting to check if a user authenticates. Instead, a new GS3 service has been written, Authentication.remoteAuthentication(). This is called from the authentication-ping system action URL that the new ServletRealmCheck.java pings when it is called by gliserver.pl

File:
1 edited

Legend:

Unmodified
Added
Removed

  • main/trunk/greenstone3/src/java/org/greenstone/gsdl3/service/Authentication.java

    r28281 r28958  
    128128    protected static final String GET_USER_INFORMATION_SERVICE = "GetUserInformation";
    129129    protected static final String CHANGE_USER_EDIT_MODE_SERVICE = "ChangeUserEditMode";
     130    protected static final String REMOTE_AUTHENTICATION_SERVICE = "RemoteAuthentication";
    130131
    131132    protected static boolean _derbyWrapperDoneForcedShutdown = false;
     
    181182        changeEditMode_service.setAttribute(GSXML.NAME_ATT, CHANGE_USER_EDIT_MODE_SERVICE);
    182183        this.short_service_info.appendChild(changeEditMode_service);
     184       
     185        Element remoteAuthentication_service = this.doc.createElement(GSXML.SERVICE_ELEM);
     186        remoteAuthentication_service.setAttribute(GSXML.TYPE_ATT, GSXML.SERVICE_TYPE_PROCESS);
     187        remoteAuthentication_service.setAttribute(GSXML.NAME_ATT, REMOTE_AUTHENTICATION_SERVICE);
     188        this.short_service_info.appendChild(remoteAuthentication_service);
     189       
    183190
    184191        DerbyWrapper.createDatabaseIfNeeded();
     
    227234            authen_service.setAttribute(GSXML.NAME_ATT, CHANGE_USER_EDIT_MODE_SERVICE);
    228235        }
     236        else if (service_id.equals(REMOTE_AUTHENTICATION_SERVICE))
     237        {
     238            authen_service.setAttribute(GSXML.TYPE_ATT, GSXML.SERVICE_TYPE_PROCESS);
     239            authen_service.setAttribute(GSXML.NAME_ATT, REMOTE_AUTHENTICATION_SERVICE);
     240        }       
    229241        else
    230242        {
     
    287299    }
    288300
     301    /**
     302     * This method replaces the gliserver.pl code for authenticating a user against the derby database
     303     * gliserver.pl needed to instantiate its own JVM to access the derby DB, but the GS3 already has
     304     * the Derby DB open and 2 JVMs are not allowed concurrent access to an open embedded Derby DB.
     305     * Gliserver.pl now goes through this method (via ServletRealmCheck.java), thereby using the same
     306     * connection to the DerbyDB. This method reproduces the same behaviour as gliserver.pl used to,
     307     * by returning the user_groups on successful authentication, else returns the specific
     308     * "Authentication failed" messages that glisever.pl would produce.
     309     * http://remote-host-name:8383/greenstone3/library?a=s&sa=authenticated-ping&excerptid=gs_content&un=admin&pw=<PW>&col=demo
     310    */
     311    protected Element processRemoteAuthentication(Element request) {
     312        //logger.info("*** Authentication::processRemoteAuthentication");   
     313       
     314        String message = "";
     315       
     316        Element system = (Element) GSXML.getChildByTagName(request, GSXML.REQUEST_TYPE_SYSTEM);     
     317        String username = system.hasAttribute("username") ? system.getAttribute("username") : "";
     318        String password = system.hasAttribute("password") ? system.getAttribute("password") : "";
     319       
     320       
     321        // If we're not editing a collection then the user doesn't need to be in a particular group
     322        String collection = system.hasAttribute("collection") ? system.getAttribute("collection") : "";
     323               
     324       
     325        if(username.equals("") || password.equals("")) {
     326            message = "Authentication failed: no (username or) password specified.";
     327            //logger.error("*** Remote login failed. No username or pwd provided");
     328        }       
     329        else {     
     330            String storedPassword = retrieveDataForUser(username, "password");
     331            if(storedPassword != null && (password.equals(storedPassword) || hashPassword(password).equals(storedPassword))) {
     332               
     333                // gliserver.pl used to return the groups when authentication succeeded
     334                String groups = retrieveDataForUser(username, "groups"); //comma-separated list
     335               
     336                if(collection.equals("")) {
     337                    message = groups;
     338                } else {                   
     339                   
     340                    if(groups.indexOf("all-collections-editor") != -1) { // Does this user have access to all collections?
     341                        message = groups;
     342                    } else if(groups.indexOf("personal-collections-editor") != -1 && collection.startsWith(username+"-")) { // Does this user have access to personal collections, and is this one?
     343                        message = groups;
     344                    } else if(groups.indexOf(collection+"-collection-editor") != -1) { //  Does this user have access to this collection?
     345                        message = groups;
     346                    }
     347                    else {
     348                        message = "Authentication failed: user is not in the required group.";
     349                        //logger.error("*** Remote login failed. Groups did not match for the collection specified");
     350                    }
     351                }
     352               
     353            } else {
     354               
     355                if(storedPassword == null) {
     356                    message = "Authentication failed: no account for user '" + username + "'";
     357                    //logger.error("*** Remote login failed. User not found or password not set for user.");
     358                } else {
     359                    message = "Authentication failed: incorrect password.";
     360                    //logger.error("*** Remote login failed. Password did not match for user");
     361                }
     362            }
     363        }
     364       
     365        Element result = this.doc.createElement(GSXML.RESPONSE_ELEM);
     366        result.setAttribute(GSXML.FROM_ATT, REMOTE_AUTHENTICATION_SERVICE);
     367        result.setAttribute(GSXML.TYPE_ATT, GSXML.REQUEST_TYPE_PROCESS);       
     368        Element s = GSXML.createTextElement(this.doc, GSXML.STATUS_ELEM, message);
     369        result.appendChild(s);
     370        return result;
     371    }
     372   
    289373    protected Element processGetUserInformation(Element request)
    290374    {
Note: See TracChangeset for help on using the changeset viewer.