Changeset 28958 for main/trunk/greenstone3/src/java/org/greenstone/gsdl3/service/Authentication.java
- Timestamp:
- 2014-04-03T17:34:44+13:00 (10 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
main/trunk/greenstone3/src/java/org/greenstone/gsdl3/service/Authentication.java
r28281 r28958 128 128 protected static final String GET_USER_INFORMATION_SERVICE = "GetUserInformation"; 129 129 protected static final String CHANGE_USER_EDIT_MODE_SERVICE = "ChangeUserEditMode"; 130 protected static final String REMOTE_AUTHENTICATION_SERVICE = "RemoteAuthentication"; 130 131 131 132 protected static boolean _derbyWrapperDoneForcedShutdown = false; … … 181 182 changeEditMode_service.setAttribute(GSXML.NAME_ATT, CHANGE_USER_EDIT_MODE_SERVICE); 182 183 this.short_service_info.appendChild(changeEditMode_service); 184 185 Element remoteAuthentication_service = this.doc.createElement(GSXML.SERVICE_ELEM); 186 remoteAuthentication_service.setAttribute(GSXML.TYPE_ATT, GSXML.SERVICE_TYPE_PROCESS); 187 remoteAuthentication_service.setAttribute(GSXML.NAME_ATT, REMOTE_AUTHENTICATION_SERVICE); 188 this.short_service_info.appendChild(remoteAuthentication_service); 189 183 190 184 191 DerbyWrapper.createDatabaseIfNeeded(); … … 227 234 authen_service.setAttribute(GSXML.NAME_ATT, CHANGE_USER_EDIT_MODE_SERVICE); 228 235 } 236 else if (service_id.equals(REMOTE_AUTHENTICATION_SERVICE)) 237 { 238 authen_service.setAttribute(GSXML.TYPE_ATT, GSXML.SERVICE_TYPE_PROCESS); 239 authen_service.setAttribute(GSXML.NAME_ATT, REMOTE_AUTHENTICATION_SERVICE); 240 } 229 241 else 230 242 { … … 287 299 } 288 300 301 /** 302 * This method replaces the gliserver.pl code for authenticating a user against the derby database 303 * gliserver.pl needed to instantiate its own JVM to access the derby DB, but the GS3 already has 304 * the Derby DB open and 2 JVMs are not allowed concurrent access to an open embedded Derby DB. 305 * Gliserver.pl now goes through this method (via ServletRealmCheck.java), thereby using the same 306 * connection to the DerbyDB. This method reproduces the same behaviour as gliserver.pl used to, 307 * by returning the user_groups on successful authentication, else returns the specific 308 * "Authentication failed" messages that glisever.pl would produce. 309 * http://remote-host-name:8383/greenstone3/library?a=s&sa=authenticated-ping&excerptid=gs_content&un=admin&pw=<PW>&col=demo 310 */ 311 protected Element processRemoteAuthentication(Element request) { 312 //logger.info("*** Authentication::processRemoteAuthentication"); 313 314 String message = ""; 315 316 Element system = (Element) GSXML.getChildByTagName(request, GSXML.REQUEST_TYPE_SYSTEM); 317 String username = system.hasAttribute("username") ? system.getAttribute("username") : ""; 318 String password = system.hasAttribute("password") ? system.getAttribute("password") : ""; 319 320 321 // If we're not editing a collection then the user doesn't need to be in a particular group 322 String collection = system.hasAttribute("collection") ? system.getAttribute("collection") : ""; 323 324 325 if(username.equals("") || password.equals("")) { 326 message = "Authentication failed: no (username or) password specified."; 327 //logger.error("*** Remote login failed. No username or pwd provided"); 328 } 329 else { 330 String storedPassword = retrieveDataForUser(username, "password"); 331 if(storedPassword != null && (password.equals(storedPassword) || hashPassword(password).equals(storedPassword))) { 332 333 // gliserver.pl used to return the groups when authentication succeeded 334 String groups = retrieveDataForUser(username, "groups"); //comma-separated list 335 336 if(collection.equals("")) { 337 message = groups; 338 } else { 339 340 if(groups.indexOf("all-collections-editor") != -1) { // Does this user have access to all collections? 341 message = groups; 342 } else if(groups.indexOf("personal-collections-editor") != -1 && collection.startsWith(username+"-")) { // Does this user have access to personal collections, and is this one? 343 message = groups; 344 } else if(groups.indexOf(collection+"-collection-editor") != -1) { // Does this user have access to this collection? 345 message = groups; 346 } 347 else { 348 message = "Authentication failed: user is not in the required group."; 349 //logger.error("*** Remote login failed. Groups did not match for the collection specified"); 350 } 351 } 352 353 } else { 354 355 if(storedPassword == null) { 356 message = "Authentication failed: no account for user '" + username + "'"; 357 //logger.error("*** Remote login failed. User not found or password not set for user."); 358 } else { 359 message = "Authentication failed: incorrect password."; 360 //logger.error("*** Remote login failed. Password did not match for user"); 361 } 362 } 363 } 364 365 Element result = this.doc.createElement(GSXML.RESPONSE_ELEM); 366 result.setAttribute(GSXML.FROM_ATT, REMOTE_AUTHENTICATION_SERVICE); 367 result.setAttribute(GSXML.TYPE_ATT, GSXML.REQUEST_TYPE_PROCESS); 368 Element s = GSXML.createTextElement(this.doc, GSXML.STATUS_ELEM, message); 369 result.appendChild(s); 370 return result; 371 } 372 289 373 protected Element processGetUserInformation(Element request) 290 374 {
Note:
See TracChangeset
for help on using the changeset viewer.