Changeset 32429 for main/trunk/greenstone3/src/java/org/greenstone/util/ProtocolPortProperties.java

Timestamp:

2018-09-06T22:32:58+12:00 (6 years ago)

Author:

ak19

Message:

solr should only be accessible locally (from localhost, specifically 127.0.0.1) which means over http. This conflicted with the previous design of the properties file for working with http and/or https. Now we have tomcat.port.https and localhost.port.http, both always set. In place of server.protocol that used to contain the default protocol, we now have server.protocols which can be set to a comma separated list of one or both of http and https. Drastic restructuring followed. I think I've tested all but https certification stuff.

File:

• main/trunk/greenstone3/src/java/org/greenstone/util/ProtocolPortProperties.java (modified) (4 diffs)

main/trunk/greenstone3/src/java/org/greenstone/util/ProtocolPortProperties.java

@@ -22 +22 @@
 
 /*
- * Utility class to set the protocol and port values from the Properties provided,
+ * Utility class to set the protocol and port values from the Properties instance provided,
  * which can be a Properties object loaded from either build.properties or global.properties
- * Currently used by ServletRealmCheck and FedoraServiceProxy.
- * (Could also be used by Server3.java and GlobalProperties in future, if applicable.)
+ * Currently used by Server3.java, ServletRealmCheck, FedoraServiceProxy and solr java code
+ * GS2SolrSearch and SolrSearch.
+ * (Could perhaps also be used by GlobalProperties in future, if applicable.)
  * Can adjust fallback behaviour in this one location to make them all work consistently.
+ *
+ * NOTE: although global.properties contains many additional programmatically set properties
+ * that could simplify this class, the fact that this class should work for both build.properties
+ * and global.properties means that this class will work only with the properties common to
+ * both property files.
  */
-public class ProtocolPortProperties {
-
-    public final boolean legacyMode; // true if before https protocol supported
+public class ProtocolPortProperties {   
 
     public static final int ALL_CORRECT = 0;
     public static final int SECONDARY_PORT_NON_NUMERIC = 1;
     public static final int INVALID_PRIMARY_PORT = 2;
-    public static final int OLD_TOMCATPORT_BUT_NO_VALUE = 3;
-    public static final int NO_PROTOCOL_OR_PORT = 4;
-    public static final int INVALID_PROTOCOL = 5;
-    public static final int HTTPS_INCONSISTENCY = 6;
-
-    private static final String defProtocol = "http";
-    private static final String defHttpPort = "8383";
-    private static final String defHttpsPort = "8443";
-
-    private String protocol; //= defProtocol;
-    private String port; //defHttpPort; //defProtocol.equals("https") ? defHttpsPort : defHttpPort; // port that matches protocol as String
-    private String httpPort; //defHttpPort;
-    private String httpsPort; //defHttpsPort;
+    public static final int NO_PROTOCOL = 3;
+    public static final int INVALID_PROTOCOL = 4;
+    public static final int NO_HTTP_PORT = 5;
+    public static final int NO_HTTPS_PORT = 6;
+
+    private static final String FALLBACK_PROTOCOL = "http";
+    private static final String FALLBACK_HTTP_PORT = "8383";
+    private static final String FALLBACK_HTTPS_PORT = "8443";
+
+    private String protocol;
+    private String port;
+    private String httpPort;
+    private String httpsPort;
     //private int portNum = -1; // port that matches protocol as int
 
     private String errorMsg;
-    private int errorCode;
-
-    public String getProtocol() { return protocol; }
+    private int errorCode = ALL_CORRECT;
+
+    private boolean httpRestrictedToLocal = true;
+    private boolean supportsHttps = false;
+    private String defaultPortPropertyName = "localhost.port.http";
+
+    // default protocol if multiple supported
+    public String getProtocol() { return protocol; } 
+    // default port (port for default protocol)
     public String getPort() { return port; }
+
+    // httpPort is always set, but http may or may not be public
     public String getHttpPort() { return httpPort; }
+    // httpsPort is null if https not supported
     public String getHttpsPort() { return httpsPort; }
-    public int getPortNum() { return Integer.parseInt(port); }    
+    public int getPortNum() { return Integer.parseInt(port); }  
+
+    // http is always available locally (over 127.0.0.1). But http may or may not be public.
+    // Returns true if public http support requested
+    public boolean supportsHttp() { return !httpRestrictedToLocal; }
+    // true if https is supported
+    public boolean supportsHttps() { return supportsHttps; }
+
+    // used by Server3.java to know the name of the port property to load
+    public String getDefaultPortPropertyName() { return defaultPortPropertyName; }
 
     public String getErrorMsg() { return errorMsg; }
@@ -64 +86 @@
     public boolean hadError() { return errorCode != ALL_CORRECT; }
 
-    // Won't attempt to recover on error.
-    // This means on error, port etc values will be invalid
+    // Use 127.0.0.1 instead of localhost since localhost is unsafe (can be mapped
+    // to something other than 127.0.0.1). See https://letsencrypt.org/docs/certificates-for-localhost/
+    public String getLocalHttpBaseAddress() {
+    // httpPort is set during the constructor, 
+    // so knowing httpPort, we can set the internal/local access http URL:
+    String portSuffix = httpPort.equals("80") ? "" : (":"+httpPort);
+    return "http://127.0.0.1"+portSuffix;
+    
+    }
+
+    // Constructor that will throw an Exception on ports/protocol configuration error or inconsistency
     public ProtocolPortProperties(Properties props) throws Exception {
     this(props, false);
     }
 
+    // If param recover is true, will attempt to fallback to sane values for protocol and ports.
+    // You can still check for error by calling hadError(), getErrorMsg() and getErrorCode().
+    // If param recover is false, will throw an Exception on bad ports/protocol configuration
+    // and the error message is available as the exception description.
     public ProtocolPortProperties(Properties props, boolean recover) throws Exception
     {
     StringBuffer msg = new StringBuffer();
     
-    port = props.getProperty("tomcat.port");
-
-    // We could either be dealing with properties files from before https support was introduced, in which case we want to be backwards compatible
-    // Or we're dealing with properties files after https support was introduced.   
-    // To determine which, can ignore server.protocol: server.protocol was introduced at a time when tomcat.port was still in effect,
-    // server.protocol's presence does not indicate whether our GS3 installation supports https or not. Only the tomcat.port properties
-    // indicates that: if tomcat.port exists BUT tomcat.port.http(s) don't, then it's an older GS3 that has no https support, so default to http.
-    // If there is no tomcat.port at all, but there is a server.protocol check for the newer tomcat.port.<protocol> properties.
-    // NOTE: global.properties still has a property called tomcat.port. We're only dealing with the old tomcat.port-only way if tomcat.port.http(s) don't exist
-    
-    if(props.getProperty("tomcat.port.http") == null && props.getProperty("tomcat.port.https") == null && port != null) {
-                // tomcat.port exists but tomcat.port.http(s) don't, so this is a GS3 before https support.
-        legacyMode = true;
-
-        // Back when tomcat.port was used AND tomcat.port.http(s) didn't exist, server.protocol if specified
-        // would always be treated as http regardless of what it was set to
-        
-        protocol = defProtocol; // tomcat.port.http(s) doesn't exist, just use http
-        
-        
-        if(port.equals("")) {
-        errorCode =  OLD_TOMCATPORT_BUT_NO_VALUE;
-        msg.append("tomcat.port enabled but did not have a value.");
-        if(recover) {           
-            port = httpPort = defHttpPort;
+    httpPort = props.getProperty("localhost.port.http");
+    if(httpPort == null || httpPort.equals("")) {
+        errorCode = NO_HTTP_PORT;
+        msg.append("compulsory property localhost.port.http has no value (must be set to a valid port number not already in use).");
+        httpPort = FALLBACK_HTTP_PORT;
+    }
+    
+    String supportedProtocols = props.getProperty("server.protocols");
+    if(supportedProtocols == null || supportedProtocols.equals("")) {
+        errorCode = NO_PROTOCOL;
+        msg.append("server.protocols not set.");
+        protocol = FALLBACK_PROTOCOL; // fallback to http as default (and sole) protocol
+        port = httpPort; // set default port to httpPort
+    }
+    else { // supportedProtocols was assigned something
+
+        if(!supportedProtocols.contains("http")) {
+        errorCode = INVALID_PROTOCOL;
+        msg.append("server.protocols must contain http or https, or both (in order of preference) separated by commas.");
+        protocol = FALLBACK_PROTOCOL;
+        port = httpPort;
+        } 
+
+        // set available protocols with their ports
+        if(supportedProtocols.contains("https")) {
+        supportsHttps = true;
+        httpsPort = props.getProperty("tomcat.port.https");
+        if(httpsPort == null || httpsPort.equals("")) {
+            errorCode = NO_HTTPS_PORT;
+            msg.append("server.protocols includes https but property tomcat.port.https has no value (must be set to a valid port number not already in use).");
+            httpsPort = FALLBACK_HTTPS_PORT;
         }
-        } else { // No issues: using tomcat.port is the pre-https way.      
-        errorCode = ALL_CORRECT;
-        httpPort = port;
-        }
-    }
-    else {
-        legacyMode = false;
-
-        protocol = props.getProperty("server.protocol");
-        if(protocol == null || (!protocol.equals("http") && !protocol.equals("https"))) {
-        if(port == null) { // if tomcat.port is null AND server.protocol is null or wrong. Something very wrong with the properties file
-            errorCode = NO_PROTOCOL_OR_PORT;
-            msg.append("server.protocol not set. And can't determine port.");
-        } else if(protocol == null) {           
-            errorCode = NO_PROTOCOL_OR_PORT;
-            msg.append("server.protocol not set.");
-        } else {
-            errorCode = INVALID_PROTOCOL;
-            msg.append("server.protocol property must be http or https, but is set to invalid value. And can't determine port.");
-        }
-
-        if(recover) {
-            protocol = defProtocol;
-            port = httpPort = defHttpPort;
-        }
-
-        } else { // server.protocol was explicitly set and set to an acceptable value, try to find matching tomcat.port
-        
-        port = props.getProperty("tomcat.port."+protocol); // tomcat.port.http or tomcat.port.https, depending on server.protocol.
-
-        // Handle cases where there's some inconsistency in the properties file between protocol and port.
-        // i.e. if server.protocol=http, then tomcat.port.http must be set too.
-        if(port == null || port.equals("")) {
-            errorCode = INVALID_PROTOCOL;
-            msg.append("server.protocol="+protocol+", but matching tomcat.port."+protocol+"not enabled or set.");
-        
-            if(recover) {
-            protocol = defProtocol;
-            if(protocol.startsWith("https")) { // server.protocol=https yet tomcat.port.https not provided
-                port = httpsPort = defHttpsPort; // use default https port to set
-            } else {
-                port = httpPort = defHttpPort;
-            }
-            }           
-
-        } else { //tomcat.port.<protocol> property matching server.protocol is set, not checking if it's an int and a valid port, though
-            errorCode = ALL_CORRECT;
-            // port is set
-
-            if(protocol.startsWith("https")) {
-            httpsPort = port;
-            httpPort = props.getProperty("tomcat.port.http"); // httpPort will remain null if tomcat.port.http not set
-            } else { // protocol=http
-            httpPort = port;
-            httpsPort = props.getProperty("tomcat.port.https"); // httpsPort will remain null if tomcat.port.https not set
-            }
-        }
-        }
-    }   
-    
-    if(errorCode == ALL_CORRECT) { // then check any assigned ports are valid
+        }
+        if(supportedProtocols.matches("http(,|\\s+|$)")) {
+        httpRestrictedToLocal = false;
+        }
+    
+        // set default protocol and default port: the first protocol in the supportedProtocols list
+        if(supportedProtocols.matches("^[,\\s]*https")) {
+        protocol = "https";
+        port = httpsPort;       
+        } else {
+        protocol = "http";
+        port = httpPort;
+        }
+    }
+
+    if(!recover && errorCode == ALL_CORRECT) { // then check any assigned ports are valid
         if(httpPort != null) {
         try {
             Integer.parseInt(httpPort);
         } catch(NumberFormatException nfe) {
-            msg.append("\nInvalid port specified for over http: not numeric.");
+            msg.append("\nInvalid localhost.port.http specified: must be numeric.");
             if(port == httpPort) {
-            errorCode = INVALID_PRIMARY_PORT;
-            if(recover) {
-                port = httpPort = defHttpPort;
-            } else { // no recovery requested, so if port for protocol is non-numeric, consider it a 'fatal' error
-                port = httpPort = httpsPort = null;
-            }
-            } else { // secondary protocol's port is non-numeric, not fatal?
+            errorCode = INVALID_PRIMARY_PORT;           
+            port = httpPort = FALLBACK_HTTP_PORT; // recovery values that can work with default protocol            
+            } else { // secondary protocol's port is non-numeric, not fatal in recovery mode
             errorCode = SECONDARY_PORT_NON_NUMERIC;
-            if(recover) {
-                msg.append("\nNot using this port");
-            } 
-            httpPort = null;            
+            httpPort = null;
+            if(recover) msg.append("\nNot using this port");
             }
         }
@@ -187 +177 @@
             Integer.parseInt(httpsPort);
         } catch(NumberFormatException nfe) {
-            msg.append("\nInvalid port specified for over https: not numeric.");
+            msg.append("\nInvalid port specified for over https (tomcat.port.https): must be numeric.");
             if(port == httpsPort) {
-            errorCode = INVALID_PRIMARY_PORT;
-            if(recover) {
-                port = httpsPort = defHttpsPort;
-            } else { // primary port affected and not asked to recover, treat as fatal
-                port = httpsPort = httpPort = null;
-            }
-            } else { // non primary port is invalid/non-numeric, not fatal
+            errorCode = INVALID_PRIMARY_PORT;           
+            port = httpsPort = FALLBACK_HTTPS_PORT; // recovery values that work with default protocol  
+            } else { // non primary port is invalid/non-numeric, not fatal in recovery mode
             errorCode = SECONDARY_PORT_NON_NUMERIC;
-            if(recover) {
-                msg.append("\nNot using this port");
-            }
             httpsPort = null;
+            if(recover) msg.append("\nNot using this port");
             }
         }
@@ -206 +190 @@
     }
     
+    // if the default port is the httpsPort, then modify the defaultPortPropertyName to match
+    // (else it will remain at the property name for the http port)
+    if(port == httpsPort) {
+        defaultPortPropertyName = "tomcat.port.https";
+    }
 
     if(recover) {
         msg.append("\nFalling back to port ").append(port).append(" and protocol ").append(protocol).append(".");
     }
-    // else if(errorCode == ALL_CORRECT) {
-    //    msg.append("\nUsing port ").append(port).append(" and protocol ").append(protocol).append(".");
-    //} // else invalid property value(s) and we've not been asked to recover. msg alreay set.
     
     errorMsg = msg.toString();