Changeset 33713

Show
Ignore:
Timestamp:
21.11.2019 14:37:02 (2 weeks ago)
Author:
kjdon
Message:

refactoring LibraryServlet?. runSecurityChecks was happening too late. it was doing login/logout but we had already checked login status before to fill in userContext, so userContext was not getting correct values for username. made several small methods out of runSecurityChecks, so they can be called at an appropriate time. userContext now holds all the info that userInformation does. can we get rid of userInformation and get everything to use userContext instead?

Files:
1 modified

Legend:

Unmodified
Added
Removed
  • main/trunk/greenstone3/src/java/org/greenstone/gsdl3/LibraryServlet.java

    r33705 r33713  
    423423    logUsageInfo(request, queryMap); 
    424424 
    425     if (queryMap != null) 
    426       { 
    427     Iterator<String> queryIter = queryMap.keySet().iterator(); 
    428     boolean redirect = false; 
    429     String href = null; 
    430     String rl = null; 
    431     String el = null; 
    432  
    433     while (queryIter.hasNext()) 
    434       { 
    435         String q = queryIter.next(); 
    436         if (q.equals(GSParams.EXTERNAL_LINK_TYPE)) 
    437           { 
    438         el = queryMap.get(q)[0]; 
    439           } 
    440         else if (q.equals(GSParams.HREF)) 
    441           { 
    442         href = queryMap.get(q)[0]; 
    443         href = StringUtils.replace(href, "%2f", "/"); 
    444         href = StringUtils.replace(href, "%7e", "~"); 
    445         href = StringUtils.replace(href, "%3f", "?"); 
    446         href = StringUtils.replace(href, "%3A", "\\:"); 
    447           } 
    448         else if (q.equals(GSParams.RELATIVE_LINK)) 
    449           { 
    450         rl = queryMap.get(q)[0]; 
    451           } 
    452       } 
    453  
    454     //if query_string contains "el=direct", an href is specified, and its not a relative link, then the web page will be redirected to the external URl, otherwise a greenstone page with an external URL will be displayed 
    455     //"rl=0" this is an external link 
    456     //"rl=1" this is an internal link 
    457     if ((href != null) && (rl.equals("0"))) 
    458       {// This is an external link,  
    459  
    460         if (el.equals("framed")) 
    461           { 
    462         //TODO **** how best to change to a=p&sa=html&c=collection&url=href 
    463         // response.setContentType("text/xml"); 
    464         //response.sendRedirect("http://localhost:8383/greenstone3/gs3library?a=p&sa=html&c=external&url="+href); 
    465           } 
    466         else 
    467           { 
    468         // el = '' or direct 
    469         //the web page is re-directed to the external URL (&el=&rl=0&href="http://...") 
    470         response.setContentType("text/xml"); 
    471         response.sendRedirect(href); 
    472           } 
    473       } 
    474       } 
     425    if (processRedirectRequest(request, response, queryMap)) { 
     426    // this method will do the redirect if needed and return true if it has 
     427    // if el=direct/framed&rl=0&href=http://newurl.com 
     428    return; 
     429    } 
    475430 
    476431    // Nested Diagnostic Configurator to identify the client for 
     
    493448      } 
    494449      } 
     450 
     451    // set the lang in the session 
     452    session.setAttribute(GSParams.LANGUAGE, lang); 
     453 
     454    String output = getFirstParam(GSParams.OUTPUT, queryMap); 
     455    if (output == null || output.equals("")) 
     456      { 
     457    output = "html"; // uses html by default 
     458      } 
     459 
     460    String requestedURL = request.getRequestURL().toString(); 
     461    String baseURL = ""; 
     462    if (requestedURL.indexOf(library_name) != -1) 
     463    { 
     464    baseURL = requestedURL.substring(0, requestedURL.indexOf(library_name)); 
     465    } 
     466    String fullURL; 
     467    if (request.getQueryString() != null) 
     468    { 
     469    fullURL = requestedURL + "?" + request.getQueryString(); 
     470    } 
     471    else 
     472    { 
     473    fullURL = requestedURL; 
     474    } 
     475 
    495476    UserContext userContext = new UserContext(); 
    496477    userContext.setLanguage(lang); 
    497478    userContext.setUserID(uid); 
    498     logger.error("LS new user context"); 
     479 
     480    if (!processLoginChanges(request, userContext, out, baseURL, queryMap, lang, output)) { 
     481    // any invalid login attempt will redirect to a new login page and return false 
     482      return;  
     483    } 
     484 
     485  
    499486    if (request.getAuthType() != null) 
    500       { 
    501     //Get the username 
    502     userContext.setUsername(request.getUserPrincipal().getName()); 
    503     logger.error("setting username = "+request.getUserPrincipal().getName()); 
    504     //Get the groups for the user 
    505     Document msg_doc = XMLConverter.newDOM(); 
    506     Element acquireGroupMessage = msg_doc.createElement(GSXML.MESSAGE_ELEM); 
    507     Element acquireGroupRequest = GSXML.createBasicRequest(msg_doc, GSXML.REQUEST_TYPE_PROCESS, "GetUserInformation", userContext); 
    508     acquireGroupMessage.appendChild(acquireGroupRequest); 
    509  
    510     Element paramList = msg_doc.createElement(GSXML.PARAM_ELEM + GSXML.LIST_MODIFIER); 
    511     acquireGroupRequest.appendChild(paramList); 
    512     paramList.appendChild(GSXML.createParameter(msg_doc, GSXML.USERNAME_ATT, request.getUserPrincipal().getName())); 
    513  
    514     Element aquireGroupsResponseMessage = (Element) this.recept.process(acquireGroupMessage); 
    515     Element aquireGroupsResponse = (Element) GSXML.getChildByTagName(aquireGroupsResponseMessage, GSXML.RESPONSE_ELEM); 
    516     Element param_list = (Element) GSXML.getChildByTagName(aquireGroupsResponse, GSXML.PARAM_ELEM + GSXML.LIST_MODIFIER); 
    517  
    518     if (param_list != null) 
    519       { 
    520         HashMap<String, Serializable> params = GSXML.extractParams(param_list, false); 
    521         String groups = (String) params.get("groups"); 
    522         userContext.setGroups(groups.split(",")); 
    523       } 
    524       } 
    525  
    526     // set the lang in the session 
    527     session.setAttribute(GSParams.LANGUAGE, lang); 
    528  
    529     String output = getFirstParam(GSParams.OUTPUT, queryMap); 
    530     if (output == null || output.equals("")) 
    531       { 
    532     output = "html"; // uses html by default 
    533       } 
     487    { 
     488    // sets username, groups etc into usercontext 
     489    updateUserContextWithAuthenticatedInfo(request, userContext); 
     490    } 
    534491 
    535492    // If server output, force a switch to traditional interface 
     
    559516      } 
    560517 
    561     // the request to the receptionist 
    562     Document msg_doc = XMLConverter.newDOM(); 
    563     Element xml_message = msg_doc.createElement(GSXML.MESSAGE_ELEM); 
    564     Element xml_request = GSXML.createBasicRequest(msg_doc, GSXML.REQUEST_TYPE_PAGE, "", userContext); 
    565     xml_request.setAttribute(GSXML.OUTPUT_ATT, output); 
    566  
    567     xml_message.appendChild(xml_request); 
    568518 
    569519    String action = getFirstParam(GSParams.ACTION, queryMap); 
     
    574524    String specified_cache_key = getFirstParam(GSParams.CACHE_KEY, queryMap); 
    575525 
     526    if (collection != null && !collection.equals("")) { 
     527    //is this user allowed to access this collection/document?  
     528    if (!runCollectionSecurityCheck(request, userContext, out, baseURL, collection, document, lang, output)) { 
     529        return; 
     530    } 
     531    } 
    576532    // We clean up the cache session_ids_table if system 
    577533    // commands are issued, and also don't need to do caching for these request requests 
     
    714670    } 
    715671 
     672    // the request to the receptionist 
     673    Document msg_doc = XMLConverter.newDOM(); 
     674    Element xml_message = msg_doc.createElement(GSXML.MESSAGE_ELEM); 
     675    Element xml_request = GSXML.createBasicRequest(msg_doc, GSXML.REQUEST_TYPE_PAGE, "", userContext); 
     676    xml_request.setAttribute(GSXML.OUTPUT_ATT, output); 
     677 
     678    xml_message.appendChild(xml_request); 
     679 
     680    if (request.getAuthType() != null) { 
     681    // lots of classes are using the <userInformation> element. But all its info is now in userContext, so maybe we can get rid of this one day? 
     682    appendUserInformation(xml_request, userContext); 
     683    } 
     684     
    716685    if (action == null || action.equals("")) 
    717       { 
     686    { 
    718687    // display the home page  - the default page 
    719688    xml_request.setAttribute(GSXML.ACTION_ATT, "p"); 
    720689    xml_request.setAttribute(GSXML.SUBACTION_ATT, PageAction.HOME_PAGE); 
    721       } 
     690    } 
    722691    else 
    723       { 
     692    { 
    724693    xml_request.setAttribute(GSXML.ACTION_ATT, action); 
    725694    if (subaction != null) 
    726       { 
     695    { 
    727696        xml_request.setAttribute(GSXML.SUBACTION_ATT, subaction); 
    728       } 
    729       } 
     697    } 
     698    } 
    730699         
    731700    //  create the param list for the greenstone request - includes 
     
    842811      } 
    843812 
    844     String requestedURL = request.getRequestURL().toString(); 
    845     String baseURL = ""; 
    846     if (requestedURL.indexOf(library_name) != -1) 
    847       { 
    848     baseURL = requestedURL.substring(0, requestedURL.indexOf(library_name)); 
    849     xml_request.setAttribute("baseURL", baseURL); 
    850       } 
    851     String fullURL; 
    852     if (request.getQueryString() != null) 
    853       { 
    854     fullURL = requestedURL + "?" + request.getQueryString(); 
    855       } 
    856     else 
    857       { 
    858     fullURL = requestedURL; 
    859       } 
    860813 
    861814    xml_request.setAttribute("remoteAddress", request.getRemoteAddr()); 
    862815    xml_request.setAttribute("fullURL", fullURL.replace("&", "&amp;")); 
    863  
    864     if (!runSecurityChecks(request, xml_request, userContext, out, baseURL, collection, document, queryMap, lang)) 
    865       { 
    866     return; 
    867       } 
     816    xml_request.setAttribute("baseURL", baseURL); 
    868817 
    869818    logger.error("about to process this message"); 
     
    901850  } //end of doGet(HttpServletRequest, HttpServletResponse) 
    902851 
    903   private boolean runSecurityChecks(HttpServletRequest request, Element xml_request, UserContext userContext, PrintWriter out, String baseURL, String collection, String document, Map<String, String[]> queryMap, String lang) throws ServletException 
    904   { 
    905     logger.error("kk in run security"); 
    906     //Check if we need to login or logout 
    907     String username = getFirstParam(GSParams.USERNAME, queryMap); 
    908     String password = getFirstParam(GSParams.PASSWORD, queryMap); 
    909     String logout = getFirstParam(GSParams.LOGOUT, queryMap); 
    910  
    911     if (logout != null) 
    912       { 
    913     request.logout(); 
    914       } 
    915  
    916     if (username != null && password != null) 
    917       { 
    918     logger.error("kk u&p not null"); 
    919     //We are changing to another user, so log out first 
    920     if (request.getAuthType() != null) 
    921       { 
     852    private boolean processRedirectRequest(HttpServletRequest request, HttpServletResponse response, Map<String, String[]> queryMap) throws IOException 
     853    { 
     854    if (queryMap != null) 
     855    { 
     856    Iterator<String> queryIter = queryMap.keySet().iterator(); 
     857    boolean redirect = false; 
     858    String href = null; 
     859    String rl = null; 
     860    String el = null; 
     861 
     862    while (queryIter.hasNext()) 
     863    { 
     864        String q = queryIter.next(); 
     865        if (q.equals(GSParams.EXTERNAL_LINK_TYPE)) 
     866        { 
     867        el = queryMap.get(q)[0]; 
     868        } 
     869        else if (q.equals(GSParams.HREF)) 
     870        { 
     871        href = queryMap.get(q)[0]; 
     872        href = StringUtils.replace(href, "%2f", "/"); 
     873        href = StringUtils.replace(href, "%7e", "~"); 
     874        href = StringUtils.replace(href, "%3f", "?"); 
     875        href = StringUtils.replace(href, "%3A", "\\:"); 
     876        } 
     877        else if (q.equals(GSParams.RELATIVE_LINK)) 
     878        { 
     879        rl = queryMap.get(q)[0]; 
     880        } 
     881    } 
     882 
     883    //if query_string contains "el=direct", an href is specified, and its not a relative link, then the web page will be redirected to the external URl, otherwise a greenstone page with an external URL will be displayed 
     884    //"rl=0" this is an external link 
     885    //"rl=1" this is an internal link 
     886    if ((href != null) && (rl.equals("0"))) 
     887      {// This is an external link,  
     888 
     889        if (el.equals("framed")) 
     890          { 
     891        //TODO **** how best to change to a=p&sa=html&c=collection&url=href 
     892        // response.setContentType("text/xml"); 
     893        //response.sendRedirect("http://localhost:8383/greenstone3/gs3library?a=p&sa=html&c=external&url="+href); 
     894          } 
     895        else 
     896          { 
     897        // el = '' or direct 
     898        //the web page is re-directed to the external URL (&el=&rl=0&href="http://...") 
     899        //response.setContentType("text/xml"); 
     900        //response.sendRedirect(href); 
     901          } 
     902        return true; 
     903      } 
     904      } 
     905    return false; 
     906    } 
     907     
     908    private void generateLoginPage(String query_string, String error_message, UserContext userContext, PrintWriter out, String baseURL, String output) { 
     909     
     910    Document loginPageDoc = XMLConverter.newDOM(); 
     911    Element loginPageMessage = loginPageDoc.createElement(GSXML.MESSAGE_ELEM); 
     912    Element loginPageRequest = GSXML.createBasicRequest(loginPageDoc, GSXML.REQUEST_TYPE_PAGE, "", userContext); 
     913    loginPageRequest.setAttribute(GSXML.ACTION_ATT, "p"); 
     914    loginPageRequest.setAttribute(GSXML.SUBACTION_ATT, "login");     
     915    loginPageRequest.setAttribute(GSXML.OUTPUT_ATT, output); 
     916    loginPageRequest.setAttribute(GSXML.BASE_URL, baseURL); 
     917     
     918    loginPageMessage.appendChild(loginPageRequest); 
     919     
     920    Element paramList = loginPageDoc.createElement(GSXML.PARAM_ELEM + GSXML.LIST_MODIFIER); 
     921    loginPageRequest.appendChild(paramList); 
     922     
     923    Element messageParam = loginPageDoc.createElement(GSXML.PARAM_ELEM); 
     924    messageParam.setAttribute(GSXML.NAME_ATT, LOGIN_MESSAGE_PARAM); 
     925    messageParam.setAttribute(GSXML.VALUE_ATT, error_message); 
     926    paramList.appendChild(messageParam); 
     927     
     928    Element urlParam = loginPageDoc.createElement(GSXML.PARAM_ELEM); 
     929    urlParam.setAttribute(GSXML.NAME_ATT, REDIRECT_URL_PARAM); 
     930    urlParam.setAttribute(GSXML.VALUE_ATT, library_name + query_string); 
     931    paramList.appendChild(urlParam); 
     932     
     933    Node loginPageResponse = this.recept.process(loginPageMessage); 
     934    out.println(XMLConverter.getPrettyString(loginPageResponse)); 
     935     
     936    } 
     937     
     938    private boolean processLoginChanges(HttpServletRequest request, UserContext userContext, PrintWriter out, String baseURL, Map<String, String[]> queryMap, String lang, String output) throws ServletException { 
     939     
     940    logger.error("kk in processLoginChanges"); 
     941    //Check if we need to login or logout 
     942    String username = getFirstParam(GSParams.USERNAME, queryMap); 
     943    String password = getFirstParam(GSParams.PASSWORD, queryMap); 
     944    String logout = getFirstParam(GSParams.LOGOUT, queryMap); 
     945     
     946    if (logout != null) 
     947    { 
     948        logger.error("plc logging out"); 
    922949        request.logout(); 
    923       } 
    924  
    925     //This try/catch block catches when the login request fails (e.g. The user enters an incorrect password). 
    926     try 
    927       { 
    928         //Try a global login first 
    929         password = Authentication.hashPassword(password); 
    930         request.login(username, password); 
    931       } 
    932     catch (Exception ex) 
    933       { 
     950    } 
     951     
     952    if (username != null && password != null) 
     953    { 
     954        logger.error("kk plc u&p not null"); 
     955        //We are changing to another user, so log out first 
     956        if (request.getAuthType() != null) 
     957        { 
     958        logger.error("plc logging out 2"); 
     959        request.logout(); 
     960        } 
     961         
     962        //This try/catch block catches when the login request fails (e.g. The user enters an incorrect password). 
    934963        try 
    935           { 
    936         //If the global login fails then try a site-level login 
    937         String siteName = (String) this.recept.getConfigParams().get(GSConstants.SITE_NAME); 
    938         request.login(siteName + "-" + username, password); 
    939           } 
    940         catch (Exception exc) 
    941           { 
    942         //The user entered in either the wrong username or the wrong password 
    943         Document loginPageDoc = XMLConverter.newDOM(); 
    944         Element loginPageMessage = loginPageDoc.createElement(GSXML.MESSAGE_ELEM); 
    945         Element loginPageRequest = GSXML.createBasicRequest(loginPageDoc, GSXML.REQUEST_TYPE_PAGE, "", userContext); 
    946         loginPageRequest.setAttribute(GSXML.ACTION_ATT, "p"); 
    947         loginPageRequest.setAttribute(GSXML.SUBACTION_ATT, "login"); 
    948         loginPageRequest.setAttribute(GSXML.OUTPUT_ATT, "html"); 
    949         loginPageRequest.setAttribute(GSXML.BASE_URL, baseURL); 
    950         loginPageMessage.appendChild(loginPageRequest); 
    951  
    952         Element paramList = loginPageDoc.createElement(GSXML.PARAM_ELEM + GSXML.LIST_MODIFIER); 
    953         loginPageRequest.appendChild(paramList); 
    954  
    955         Element messageParam = loginPageDoc.createElement(GSXML.PARAM_ELEM); 
    956         messageParam.setAttribute(GSXML.NAME_ATT, LOGIN_MESSAGE_PARAM); 
    957         messageParam.setAttribute(GSXML.VALUE_ATT, getTextString("auth.error.un_or_pw_err", lang)); 
    958         paramList.appendChild(messageParam); 
    959  
    960         Element urlParam = loginPageDoc.createElement(GSXML.PARAM_ELEM); 
    961         urlParam.setAttribute(GSXML.NAME_ATT, REDIRECT_URL_PARAM); 
    962         String queryString = ""; 
    963         if (request.getQueryString() != null) 
    964           { 
    965             queryString = "?" + request.getQueryString().replace("&", "&amp;"); 
    966           } 
    967         urlParam.setAttribute(GSXML.VALUE_ATT, library_name + queryString); 
    968         paramList.appendChild(urlParam); 
    969  
    970         Node loginPageResponse = this.recept.process(loginPageMessage); 
    971         out.println(XMLConverter.getPrettyString(loginPageResponse)); 
    972  
    973         return false; 
    974           } 
    975       } 
    976       } 
    977  
    978     //If a user is logged in 
    979     if (request.getAuthType() != null) 
    980       { 
    981     logger.error("kk auth type not null "+ request.getAuthType()); 
    982     Element userInformation = xml_request.getOwnerDocument().createElement(GSXML.USER_INFORMATION_ELEM); 
    983     userInformation.setAttribute(GSXML.USERNAME_ATT, request.getUserPrincipal().getName()); 
    984     logger.error("setting user info username "+request.getUserPrincipal().getName()); 
     964        { 
     965        //Try a global login first 
     966        password = Authentication.hashPassword(password); 
     967        request.login(username, password); 
     968        logger.error("plc logged in"); 
     969        } 
     970        catch (Exception ex) 
     971        { 
     972        try 
     973        { 
     974            //If the global login fails then try a site-level login 
     975            String siteName = (String) this.recept.getConfigParams().get(GSConstants.SITE_NAME); 
     976            request.login(siteName + "-" + username, password); 
     977            logger.error("plc logged in site wide"); 
     978        } 
     979        catch (Exception exc) 
     980        { 
     981            //The user entered in either the wrong username or the wrong password 
     982            String query_string = ""; 
     983            if (request.getQueryString() != null) 
     984            { 
     985            query_string = "?" + request.getQueryString().replace("&", "&amp;"); 
     986            } 
     987         
     988            generateLoginPage(query_string, getTextString("auth.error.un_or_pw_err", lang), userContext, out, baseURL, output); 
     989            return false; 
     990        } 
     991        } 
     992    } 
     993    return true; 
     994 
     995 
     996    } 
     997 
     998    private void updateUserContextWithAuthenticatedInfo(HttpServletRequest request, UserContext userContext) 
     999    { 
     1000    logger.error("in updateUserContext"); 
     1001    //Get the username 
     1002    String user_name = request.getUserPrincipal().getName(); 
     1003    userContext.setUsername(user_name); 
     1004    logger.error("setting username = "+request.getUserPrincipal().getName()); 
     1005    //Get the groups for the user 
    9851006    Document msg_doc = XMLConverter.newDOM(); 
    9861007    Element userInfoMessage = msg_doc.createElement(GSXML.MESSAGE_ELEM); 
    987     Element userInfoRequest = GSXML.createBasicRequest(msg_doc, GSXML.REQUEST_TYPE_SECURITY, "GetUserInformation", userContext); 
     1008    Element userInfoRequest = GSXML.createBasicRequest(msg_doc, GSXML.REQUEST_TYPE_PROCESS, "GetUserInformation", userContext); 
    9881009    userInfoMessage.appendChild(userInfoRequest); 
    9891010 
    9901011    Element paramList = msg_doc.createElement(GSXML.PARAM_ELEM + GSXML.LIST_MODIFIER); 
    9911012    userInfoRequest.appendChild(paramList); 
    992  
    993     Element param = msg_doc.createElement(GSXML.PARAM_ELEM); 
    994     param.setAttribute(GSXML.NAME_ATT, GSXML.USERNAME_ATT); 
    995     param.setAttribute(GSXML.VALUE_ATT, request.getUserPrincipal().getName()); 
    996     paramList.appendChild(param); 
    997  
    998     Element userInformationResponse = (Element) GSXML.getChildByTagName(this.recept.process(userInfoMessage), GSXML.RESPONSE_ELEM); 
    999     Element responseParamList = (Element) GSXML.getChildByTagName(userInformationResponse, GSXML.PARAM_ELEM + GSXML.LIST_MODIFIER); 
    1000     if (responseParamList == null) 
    1001       { 
    1002         logger.error("Can't get the groups for user " + request.getUserPrincipal().getName()); 
    1003       } 
    1004     else 
    1005       { 
    1006         HashMap<String, Serializable> responseParams = GSXML.extractParams(responseParamList, true); 
    1007         String groups = (String) responseParams.get(GSXML.GROUPS_ATT); 
    1008         String editEnabled = (String) responseParams.get("editEnabled"); 
    1009  
    1010         userInformation.setAttribute(GSXML.GROUPS_ATT, groups); 
    1011         userInformation.setAttribute(GSXML.EDIT_ENABLED_ATT, (editEnabled != null) ? editEnabled : "false"); 
    1012         xml_request.appendChild(userInformation); 
    1013       } 
    1014       } 
    1015  
    1016     //If we are in a collection-related page then make sure this user is allowed to access it 
    1017     if (collection != null && !collection.equals("")) 
    1018       { 
    1019     logger.error("kk in a coll"+collection); 
     1013    paramList.appendChild(GSXML.createParameter(msg_doc, GSXML.USERNAME_ATT, user_name)); 
     1014 
     1015    Element userInfoResponseMessage = (Element) this.recept.process(userInfoMessage); 
     1016    Element userInfoResponse = (Element) GSXML.getChildByTagName(userInfoResponseMessage, GSXML.RESPONSE_ELEM); 
     1017    Element respParamList = (Element) GSXML.getChildByTagName(userInfoResponse, GSXML.PARAM_ELEM + GSXML.LIST_MODIFIER); 
     1018 
     1019    if (respParamList != null) 
     1020    { 
     1021        HashMap<String, Serializable> params = GSXML.extractParams(respParamList, false); 
     1022        String groups = (String) params.get("groups"); 
     1023        String editEnabled = (String) params.get("editEnabled"); 
     1024        userContext.setGroups(groups.split(",")); 
     1025        userContext.setEditEnabled((editEnabled != null) ? editEnabled : "false"); 
     1026    } 
     1027    } 
     1028 
     1029    private void appendUserInformation(Element xml_request, UserContext userContext) 
     1030    { 
     1031    Element userInformation = xml_request.getOwnerDocument().createElement(GSXML.USER_INFORMATION_ELEM); 
     1032    userInformation.setAttribute(GSXML.USERNAME_ATT, userContext.getUsername()); 
     1033 
     1034 
     1035    userInformation.setAttribute(GSXML.GROUPS_ATT, userContext.getGroupsString()); 
     1036    userInformation.setAttribute(GSXML.EDIT_ENABLED_ATT, userContext.getEditEnabled()); 
     1037    xml_request.appendChild(userInformation); 
     1038    } 
     1039 
     1040 
     1041    private boolean runCollectionSecurityCheck(HttpServletRequest request, UserContext userContext, PrintWriter out, String baseURL, String collection, String document, String lang, String output) { 
     1042        logger.error("kk in a coll"+collection); 
    10201043    //Get the security info for this collection 
    10211044    Document msg_doc = XMLConverter.newDOM(); 
     
    10241047    securityMessage.appendChild(securityRequest); 
    10251048    if (document != null && !document.equals("")) 
    1026       { 
     1049    { 
    10271050        securityRequest.setAttribute(GSXML.NODE_OID, document); 
    1028       } 
     1051    } 
    10291052 
    10301053    Element securityResponse = (Element) GSXML.getChildByTagName(this.recept.process(securityMessage), GSXML.RESPONSE_ELEM); 
    10311054    if (securityResponse == null) 
    1032       { 
     1055    { 
    10331056        return false; 
    1034       } 
    1035  
     1057    } 
     1058     
    10361059    ArrayList<String> groups = GSXML.getGroupsFromSecurityResponse(securityResponse); 
    10371060 
    10381061    //If guests are not allowed to access this page then check to see if the user is in a group that is allowed to access the page 
    10391062    if (!groups.contains("")) 
    1040       { 
     1063    { 
    10411064        boolean found = false; 
    10421065        for (String group : groups) 
    1043           { 
     1066        { 
    10441067        if (request.isUserInRole(group)) 
    1045           { 
     1068        { 
    10461069            found = true; 
    10471070            break; 
    1048           } 
    1049           } 
     1071        } 
     1072        } 
    10501073 
    10511074        //The current user is not allowed to access the page so produce a login page 
    10521075        if (!found) 
    1053           { 
     1076        { 
    10541077        logger.error("kk current user not allowed to access"); 
    1055         Document loginPageDoc = XMLConverter.newDOM(); 
    1056         Element loginPageMessage = loginPageDoc.createElement(GSXML.MESSAGE_ELEM); 
    1057         Element loginPageRequest = GSXML.createBasicRequest(loginPageDoc, GSXML.REQUEST_TYPE_PAGE, "", userContext); 
    1058         loginPageRequest.setAttribute(GSXML.ACTION_ATT, "p"); 
    1059         loginPageRequest.setAttribute(GSXML.SUBACTION_ATT, "login"); 
    1060         loginPageRequest.setAttribute(GSXML.OUTPUT_ATT, "html"); 
    1061         loginPageRequest.setAttribute(GSXML.BASE_URL, baseURL); 
    1062         loginPageMessage.appendChild(loginPageRequest); 
    1063  
    1064         Element paramList = loginPageDoc.createElement(GSXML.PARAM_ELEM + GSXML.LIST_MODIFIER); 
    1065         loginPageRequest.appendChild(paramList); 
    1066  
    1067         Element messageParam = loginPageDoc.createElement(GSXML.PARAM_ELEM); 
    1068         messageParam.setAttribute(GSXML.NAME_ATT, LOGIN_MESSAGE_PARAM); 
     1078        String error_message = ""; 
    10691079        if (request.getAuthType() == null) 
    1070           { 
    1071             messageParam.setAttribute(GSXML.VALUE_ATT, getTextString("auth.error.login", lang)); 
    1072           } 
     1080        { 
     1081            error_message = getTextString("auth.error.login", lang); 
     1082        } 
    10731083        else 
    1074           { 
    1075             messageParam.setAttribute(GSXML.VALUE_ATT, getTextString("auth.error.incorrect_login", lang)); 
    1076           } 
    1077         paramList.appendChild(messageParam); 
    1078  
    1079         Element urlParam = loginPageDoc.createElement(GSXML.PARAM_ELEM); 
    1080         urlParam.setAttribute(GSXML.NAME_ATT, REDIRECT_URL_PARAM); 
     1084        { 
     1085            error_message = getTextString("auth.error.incorrect_login", lang); 
     1086        } 
     1087        String query_string = ""; 
    10811088        if (request.getQueryString() != null && request.getQueryString().length() > 0) 
    1082           { 
    1083             urlParam.setAttribute(GSXML.VALUE_ATT, request.getRequestURL() + "?" + request.getQueryString().replace("&", "&amp;")); 
    1084           } 
     1089        { 
     1090            query_string = request.getRequestURL() + "?" + request.getQueryString().replace("&", "&amp;"); 
     1091        } 
    10851092        else 
    1086           { 
    1087             urlParam.setAttribute(GSXML.VALUE_ATT, request.getRequestURL().toString()); 
    1088           } 
    1089         paramList.appendChild(urlParam); 
    1090  
    1091         // for debugging purposes, eg adding o=xml to the url 
    1092         String output_p = getFirstParam(GSParams.OUTPUT, queryMap); 
    1093         if (output_p !=null && !output_p.equals("")) { 
    1094           loginPageRequest.setAttribute(GSXML.OUTPUT_ATT, output_p); 
     1093        { 
     1094            query_string = request.getRequestURL().toString(); 
    10951095        } 
    1096                        
    1097         logger.error("login page request="); 
    1098         logger.error(XMLConverter.getPrettyString(loginPageMessage)); 
    1099         Node loginPageResponse = this.recept.process(loginPageMessage); 
    1100         out.println(XMLConverter.getPrettyString(loginPageResponse)); 
    1101  
     1096        generateLoginPage(query_string, error_message, userContext, out, baseURL, output); 
    11021097        return false; 
    1103           } 
    1104       } 
    1105       } 
    1106     logger.error("kk reurned true"); 
    1107     return true; 
    1108   } 
     1098        } 
     1099    } 
     1100    return true; 
     1101    } 
    11091102 
    11101103  private String getTextString(String key, String lang) {