Changeset 33113

Show
Ignore:
Timestamp:
27.05.2019 22:12:33 (3 weeks ago)
Author:
ak19
Message:

Tentative fix to the first of 2 GS3 authentication related bugs identified by Diego Spano on the mailing list, email dated 23/05/(20)19 04:24. Bug 1: when there are multiple meta values for a metadata name, e.g. multiple assigned dc.Creator, authentication doesn't work if the documentSet's match field is set to dc.Creator (of any but the first author). Bug 2: document file access was not protected. Diego described this further as: Access to pdf is totally free, having URL to the file I have no need to provide any credentials. With the fix to the 1st bug in this commit, I was unable to reproduce the 2nd bug, so I'm not sure if the 2nd bug was a side-effect or related to the 1st bug and therefore got fixed by the same fix. I'll be asking Diego to test the nightly binary containing this fix, and if bug 2 still exists, to send me an example coll with the bug and instructions on reproducing it.

Files:
1 modified

Legend:

Unmodified
Added
Removed
  • main/trunk/greenstone3/src/java/org/greenstone/gsdl3/collection/Collection.java

    r32990 r33113  
    336336        else 
    337337        { 
    338             logger.warn("Default access for collection " + this.cluster_name + " is neither public or private, assuming public"); 
     338            logger.warn("Default access for collection " + this.cluster_name + " is neither public nor private, assuming public"); 
    339339        } 
    340340 
     
    371371        else 
    372372        { 
    373             logger.warn("Security scope is neither collection or document, assuming collection"); 
     373            logger.warn("Security scope is neither collection nor document, assuming collection"); 
    374374        } 
    375375 
     
    636636            } 
    637637 
    638             String fieldValue = ""; 
     638            //String fieldValue = ""; 
     639            String[] fieldValues = null; 
    639640            if (!fieldName.equals("oid")) 
    640641            { 
    641                 fieldValue = getFieldValue(oid, fieldName); 
    642                 if (fieldValue == null) 
     642                //fieldValue = getFieldValue(oid, fieldName); 
     643                fieldValues = getFieldValues(oid, fieldName); 
     644                if (fieldValues == null) 
    643645                { 
    644646                    return false; 
     
    647649            else 
    648650            { 
    649                 fieldValue = oid; 
     651                //fieldValue = oid; 
     652                //fieldValues = new String[0];  
     653                //fieldValues[0] = oid; 
     654                fieldValues = new String[]{oid}; // not allowed to do fieldValues = {oid}; after SEPARATE declaration. 
    650655            } 
    651656 
     
    653658            if (type.equals("match")) 
    654659            { 
     660 
     661                for(int i = 0; i < fieldValues.length; i++) { 
     662                String fieldValue = fieldValues[i]; 
    655663                if (matchValue.equals(fieldValue)) 
    656664                { 
    657665                    return true; 
    658666                } 
     667                } 
    659668            } 
    660669            else if (type.equals("regex")) 
    661670            { 
     671                for(int i = 0; i < fieldValues.length; i++) { 
     672                String fieldValue = fieldValues[i]; 
    662673                if (fieldValue.matches(matchValue)) 
    663674                { 
    664675                    return true; 
    665676                } 
     677                } 
    666678            } 
    667679            else 
     
    674686    } 
    675687 
    676     protected String getFieldValue(String oid, String fieldName) 
     688    protected String old_getFieldValue(String oid, String fieldName) 
    677689    { 
    678690      Document msg_doc = XMLConverter.newDOM(); 
     
    708720 
    709721        return null; 
     722    } 
     723 
     724    protected String[] getFieldValues(String oid, String fieldName) 
     725    { 
     726      Document msg_doc = XMLConverter.newDOM(); 
     727        Element metadataMessage = msg_doc.createElement(GSXML.MESSAGE_ELEM); 
     728        Element metadataRequest = GSXML.createBasicRequest(msg_doc, GSXML.REQUEST_TYPE_PROCESS, this.cluster_name + "/DocumentMetadataRetrieve", new UserContext()); 
     729        metadataMessage.appendChild(metadataRequest); 
     730 
     731        Element paramList = msg_doc.createElement(GSXML.PARAM_ELEM + GSXML.LIST_MODIFIER); 
     732        metadataRequest.appendChild(paramList); 
     733 
     734        Element param = msg_doc.createElement(GSXML.PARAM_ELEM); 
     735        paramList.appendChild(param); 
     736 
     737        param.setAttribute(GSXML.NAME_ATT, "metadata"); 
     738        param.setAttribute(GSXML.VALUE_ATT, fieldName); 
     739 
     740        Element docList = msg_doc.createElement(GSXML.DOC_NODE_ELEM + GSXML.LIST_MODIFIER); 
     741        metadataRequest.appendChild(docList); 
     742 
     743        Element doc = msg_doc.createElement(GSXML.DOC_NODE_ELEM); 
     744        docList.appendChild(doc); 
     745 
     746        doc.setAttribute(GSXML.NODE_ID_ATT, oid); 
     747 
     748        Element response = (Element) this.router.process(metadataMessage); 
     749        NodeList metadataElems = response.getElementsByTagName(GSXML.METADATA_ELEM); 
     750 
     751        if (metadataElems.getLength() <= 0) { 
     752            return null; 
     753        } 
     754        // else 
     755        String[] fieldValues = new String[metadataElems.getLength()]; 
     756        for(int i = 0; i < metadataElems.getLength(); i++) 
     757        { 
     758            Element metadata = (Element) metadataElems.item(i); 
     759            fieldValues[i] = GSXML.getNodeText(metadata); 
     760        } 
     761 
     762        return fieldValues; 
     763 
    710764    } 
    711765