Changeset 25257

Timestamp:

2012-03-23T14:11:02+13:00 (12 years ago)

Author:

sjm84

Message:

Various changes to support the new URLFilter and image captcha functionality

File:

• main/trunk/greenstone3/src/java/org/greenstone/gsdl3/LibraryServlet.java (modified) (20 diffs)

main/trunk/greenstone3/src/java/org/greenstone/gsdl3/LibraryServlet.java

@@ -3 +3 @@
 import org.greenstone.gsdl3.comms.*;
 import org.greenstone.gsdl3.core.*;
+import org.greenstone.gsdl3.service.Authentication;
 import org.greenstone.gsdl3.util.*;
 import org.greenstone.gsdl3.action.PageAction; // used to get the default action
-import org.greenstone.util.GlobalProperties;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
@@ -14 +14 @@
 import javax.servlet.http.*;
 
-import java.util.Collection;
 import java.util.Enumeration;
 import java.util.ArrayList;
@@ -21 +20 @@
 import java.util.List;
 import java.util.Map;
-import java.util.Set;
-import java.io.File;
 import java.lang.reflect.Type;
-import java.nio.channels.FileChannel;
 import java.util.Hashtable;
 import org.apache.log4j.*;
@@ -32 +28 @@
 
 // Apache Commons
-import org.apache.commons.fileupload.FileItem;
-import org.apache.commons.fileupload.disk.DiskFileItemFactory;
-import org.apache.commons.fileupload.servlet.ServletFileUpload;
 import org.apache.commons.lang3.*;
 
@@ -277 +270 @@
         this.recept.configure();
 
+        //Allow the message router and the document to be accessed from anywhere in this servlet context
+        this.getServletContext().setAttribute("GSRouter", this.recept.getMessageRouter());
+        this.getServletContext().setAttribute("GSDocument", this.doc);
     }
 
@@ -526 +522 @@
 
             }
-
         }
 
@@ -546 +541 @@
             if (!name.equals(GSXML.USER_SESSION_CACHE_ATT) && !name.equals(GSParams.LANGUAGE) && !name.equals(GSXML.USER_ID_ATT))
             {
-
                 session.removeAttribute(name);
             }
@@ -606 +600 @@
             xml_request.appendChild(xml_param_list);
 
-            Enumeration params = request.getParameterNames();
-            while (params.hasMoreElements())
-            {
-                String name = (String) params.nextElement();
+            for (String name : queryMap.keySet())
+            {
                 if (!name.equals(GSParams.ACTION) && !name.equals(GSParams.SUBACTION) && !name.equals(GSParams.LANGUAGE) && !name.equals(GSParams.OUTPUT))
                 {// we have already dealt with these
@@ -650 +642 @@
 
             // put in all the params from the session cache
-            params = session.getAttributeNames();
+            Enumeration params = session.getAttributeNames();
             while (params.hasMoreElements())
             {
@@ -701 +693 @@
             }
         }
-
+        
+        String requestedURL = request.getRequestURL().toString();
+        String baseURL = requestedURL.substring(0, requestedURL.indexOf(this.getServletName()));
+        xml_request.setAttribute("baseURL", baseURL);
+        xml_request.setAttribute("remoteAddress", request.getRemoteAddr());
+        
+        if(!runSecurityChecks(request, xml_request, userContext, out, baseURL, collection, document))
+        {
+            return;
+        }
+
+        Node xml_result = this.recept.process(xml_message);
+        encodeURLs(xml_result, response);
+        out.println(this.converter.getPrettyString(xml_result));
+
+        displaySize(session_ids_table);
+
+    } //end of doGet(HttpServletRequest, HttpServletResponse)
+
+    private boolean runSecurityChecks(HttpServletRequest request, Element xml_request, UserContext userContext, PrintWriter out, String baseURL, String collection, String document) throws ServletException
+    {
         //Check if we need to login or logout
         Map<String, String[]> params = request.getParameterMap();
@@ -719 +731 @@
                 request.logout();
             }
-            
+
             try
             {
+                password[0] = Authentication.hashPassword(password[0]);
                 request.login(username[0], password[0]);
             }
-            catch(Exception ex)
+            catch (Exception ex)
             {
                 //The user entered in either the wrong username or the wrong password
@@ -732 +745 @@
                 loginPageRequest.setAttribute(GSXML.SUBACTION_ATT, "login");
                 loginPageRequest.setAttribute(GSXML.OUTPUT_ATT, "html");
+                loginPageRequest.setAttribute(GSXML.BASE_URL, baseURL);
                 loginPageMessage.appendChild(loginPageRequest);
 
@@ -744 +758 @@
                 Element urlParam = this.doc.createElement(GSXML.PARAM_ELEM);
                 urlParam.setAttribute(GSXML.NAME_ATT, "redirectURL");
-                urlParam.setAttribute(GSXML.VALUE_ATT, this.getServletName() + "?" + request.getQueryString().replace("&", "&amp;"));
+                String queryString = "";
+                if(request.getQueryString() != null)
+                {
+                    queryString = "?" + request.getQueryString().replace("&", "&amp;");
+                }
+                urlParam.setAttribute(GSXML.VALUE_ATT, this.getServletName() + queryString);
                 paramList.appendChild(urlParam);
 
@@ -750 +769 @@
                 out.println(this.converter.getPrettyString(loginPageResponse));
 
-                return;
+                return false;
             }
         }
@@ -757 +776 @@
         if (request.getAuthType() != null)
         {
-            Element userInformation = this.doc.createElement("userInformation");
-            xml_request.appendChild(userInformation);
+            Element userInformation = this.doc.createElement(GSXML.USER_INFORMATION_ELEM);
             userInformation.setAttribute("username", request.getUserPrincipal().getName());
 
@@ -769 +787 @@
 
             Element param = this.doc.createElement(GSXML.PARAM_ELEM);
-            param.setAttribute(GSXML.NAME_ATT, "username");
+            param.setAttribute(GSXML.NAME_ATT, GSXML.USERNAME_ATT);
             param.setAttribute(GSXML.VALUE_ATT, request.getUserPrincipal().getName());
             paramList.appendChild(param);
@@ -779 +797 @@
                 logger.error("Can't get the groups for user " + request.getUserPrincipal().getName());
             }
-
-            HashMap responseParams = GSXML.extractParams(responseParamList, true);
-            String groups = (String) responseParams.get("groups");
-
-            userInformation.setAttribute("groups", groups);
+            else
+            {
+                HashMap responseParams = GSXML.extractParams(responseParamList, true);
+                String groups = (String) responseParams.get(GSXML.GROUPS_ATT);
+
+                userInformation.setAttribute(GSXML.GROUPS_ATT, groups);
+                xml_request.appendChild(userInformation);
+            }
         }
 
@@ -795 +816 @@
             if (document != null && !document.equals(""))
             {
-                securityRequest.setAttribute("oid", document);
+                securityRequest.setAttribute(GSXML.NODE_OID, document);
             }
 
@@ -822 +843 @@
                     loginPageRequest.setAttribute(GSXML.SUBACTION_ATT, "login");
                     loginPageRequest.setAttribute(GSXML.OUTPUT_ATT, "html");
+                    loginPageRequest.setAttribute(GSXML.BASE_URL, baseURL);
                     loginPageMessage.appendChild(loginPageRequest);
 
@@ -847 +869 @@
                     out.println(this.converter.getPrettyString(loginPageResponse));
 
-                    return;
-                }
-            }
-        }
-
-        Node xml_result = this.recept.process(xml_message);
-        encodeURLs(xml_result, response);
-        out.println(this.converter.getPrettyString(xml_result));
-
-        displaySize(session_ids_table);
-
-    } //end of doGet(HttpServletRequest, HttpServletResponse)
-
+                    return false;
+                }
+            }
+        }
+        return true;
+    }
+    
     //a debugging method
     private void displaySize(Hashtable table)