Changeset 27617 for main/trunk/greenstone3/src/java/org/greenstone/gsdl3/LibraryServlet.java

Timestamp:

2013-06-13T13:13:46+12:00 (11 years ago)

Author:

sjm84

Message:

Various improvements and fixes mostly to do with adding depositor functionality

File:

• main/trunk/greenstone3/src/java/org/greenstone/gsdl3/LibraryServlet.java (modified) (23 diffs)

main/trunk/greenstone3/src/java/org/greenstone/gsdl3/LibraryServlet.java

@@ -1 +1 @@
 package org.greenstone.gsdl3;
 
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
 import java.io.IOException;
 import java.io.PrintWriter;
 import java.io.Serializable;
 import java.lang.reflect.Type;
+import java.nio.channels.FileChannel;
 import java.util.ArrayList;
+import java.util.Collection;
 import java.util.Enumeration;
 import java.util.HashMap;
@@ -21 +26 @@
 import javax.servlet.http.HttpSessionBindingEvent;
 import javax.servlet.http.HttpSessionBindingListener;
-
+import javax.servlet.http.Part;
+
+import org.apache.commons.fileupload.FileItem;
+import org.apache.commons.fileupload.disk.DiskFileItemFactory;
+import org.apache.commons.fileupload.servlet.ServletFileUpload;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.log4j.Logger;
@@ -36 +45 @@
 import org.greenstone.gsdl3.util.UserContext;
 import org.greenstone.gsdl3.util.XMLConverter;
+import org.greenstone.util.GlobalProperties;
 import org.json.JSONObject;
 import org.w3c.dom.Document;
@@ -169 +179 @@
         }
 
-        HashMap<String, Comparable> config_params = new HashMap<String, Comparable>();
+        HashMap<String, Object> config_params = new HashMap<String, Object>();
 
         config_params.put(GSConstants.LIBRARY_NAME, library_name);
@@ -315 +325 @@
     public class UserSessionCache implements HttpSessionBindingListener
     {
-
         String session_id = "";
 
@@ -368 +377 @@
     }
 
-    public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
+    public void doGetOrPost(HttpServletRequest request, HttpServletResponse response, Map<String, String[]> queryMap) throws ServletException, IOException
     {
         logUsageInfo(request);
 
-        Map<String, String[]> queryMap = request.getParameterMap();
         if (queryMap != null)
         {
@@ -380 +388 @@
             String rl = null;
             String el = null;
+
             while (queryIter.hasNext())
             {
@@ -437 +446 @@
         PrintWriter out = response.getWriter();
 
-        String lang = request.getParameter(GSParams.LANGUAGE);
+        String lang = getFirstParam(GSParams.LANGUAGE, queryMap);
         if (lang == null || lang.equals(""))
         {
@@ -454 +463 @@
         if (request.getAuthType() != null)
         {
+            //Get the username
+            userContext.setUsername(request.getUserPrincipal().getName());
+
             //Get the groups for the user
             Element acquireGroupMessage = this.doc.createElement(GSXML.MESSAGE_ELEM);
@@ -461 +473 @@
             Element paramList = this.doc.createElement(GSXML.PARAM_ELEM + GSXML.LIST_MODIFIER);
             acquireGroupRequest.appendChild(paramList);
-            paramList.appendChild(GSXML.createParameter(this.doc, "username", request.getUserPrincipal().getName()));
+            paramList.appendChild(GSXML.createParameter(this.doc, GSXML.USERNAME_ATT, request.getUserPrincipal().getName()));
 
             Element aquireGroupsResponseMessage = (Element) this.recept.process(acquireGroupMessage);
@@ -478 +490 @@
         session.setAttribute(GSParams.LANGUAGE, lang);
 
-        String output = request.getParameter(GSParams.OUTPUT);
+        String output = getFirstParam(GSParams.OUTPUT, queryMap);
         if (output == null || output.equals(""))
         {
@@ -517 +529 @@
         xml_message.appendChild(xml_request);
 
-        String action = request.getParameter(GSParams.ACTION);
-        String subaction = request.getParameter(GSParams.SUBACTION);
-        String collection = request.getParameter(GSParams.COLLECTION);
-        String document = request.getParameter(GSParams.DOCUMENT);
-        String service = request.getParameter(GSParams.SERVICE);
+        String action = getFirstParam(GSParams.ACTION, queryMap);
+        String subaction = getFirstParam(GSParams.SUBACTION, queryMap);
+        String collection = getFirstParam(GSParams.COLLECTION, queryMap);
+        String document = getFirstParam(GSParams.DOCUMENT, queryMap);
+        String service = getFirstParam(GSParams.SERVICE, queryMap);
 
         // We clean up the cache session_ids_table if system
@@ -536 +548 @@
             // collection param is in the sc parameter.
             // don't like the fact that it is hard coded here
-            String coll = request.getParameter(GSParams.SYSTEM_CLUSTER);
+            String coll = getFirstParam(GSParams.SYSTEM_CLUSTER, queryMap);
             if (coll != null && !coll.equals(""))
             {
@@ -547 +559 @@
                 if (subaction.equals("a") || subaction.equals("d"))
                 {
-                    String module_name = request.getParameter("sn");
+                    String module_name = getFirstParam("sn", queryMap);
                     if (module_name != null && !module_name.equals(""))
                     {
@@ -655 +667 @@
 
                     String value = "";
-                    String[] values = request.getParameterValues(name);
+                    String[] values = queryMap.get(name);
                     value = values[0];
                     if (values.length > 1)
@@ -722 +734 @@
 
         //Add custom HTTP headers if requested
-        String httpHeadersParam = request.getParameter(GSParams.HTTP_HEADER_FIELDS);
+        String httpHeadersParam = getFirstParam(GSParams.HTTP_HEADER_FIELDS, queryMap);
         if (httpHeadersParam != null && httpHeadersParam.length() > 0)
         {
@@ -768 +780 @@
         xml_request.setAttribute("fullURL", fullURL.replace("&", "&amp;"));
 
-        if (!runSecurityChecks(request, xml_request, userContext, out, baseURL, collection, document))
+        if (!runSecurityChecks(request, xml_request, userContext, out, baseURL, collection, document, queryMap))
         {
             return;
@@ -798 +810 @@
 
         displaySize(session_ids_table);
-
+    }
+
+    public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
+    {
+        doGetOrPost(request, response, request.getParameterMap());
     } //end of doGet(HttpServletRequest, HttpServletResponse)
 
-    private boolean runSecurityChecks(HttpServletRequest request, Element xml_request, UserContext userContext, PrintWriter out, String baseURL, String collection, String document) throws ServletException
+    private boolean runSecurityChecks(HttpServletRequest request, Element xml_request, UserContext userContext, PrintWriter out, String baseURL, String collection, String document, Map<String, String[]> queryMap) throws ServletException
     {
         //Check if we need to login or logout
-        Map<String, String[]> params = request.getParameterMap();
-        String[] username = params.get("username");
-        String[] password = params.get("password");
-        String[] logout = params.get("logout");
+        String username = getFirstParam("username", queryMap);
+        String password = getFirstParam("password", queryMap);
+        String logout = getFirstParam("logout", queryMap);
 
         if (logout != null)
@@ -822 +837 @@
             }
 
+            //This try/catch block catches when the login request fails (e.g. The user enters an incorrect password).
             try
             {
-                password[0] = Authentication.hashPassword(password[0]);
-                request.login(username[0], password[0]);
+                //Try a global login first
+                password = Authentication.hashPassword(password);
+                request.login(username, password);
             }
             catch (Exception ex)
             {
-                //The user entered in either the wrong username or the wrong password
-                Element loginPageMessage = this.doc.createElement(GSXML.MESSAGE_ELEM);
-                Element loginPageRequest = GSXML.createBasicRequest(this.doc, GSXML.REQUEST_TYPE_PAGE, "", userContext);
-                loginPageRequest.setAttribute(GSXML.ACTION_ATT, "p");
-                loginPageRequest.setAttribute(GSXML.SUBACTION_ATT, "login");
-                loginPageRequest.setAttribute(GSXML.OUTPUT_ATT, "html");
-                loginPageRequest.setAttribute(GSXML.BASE_URL, baseURL);
-                loginPageMessage.appendChild(loginPageRequest);
-
-                Element paramList = this.doc.createElement(GSXML.PARAM_ELEM + GSXML.LIST_MODIFIER);
-                loginPageRequest.appendChild(paramList);
-
-                Element messageParam = this.doc.createElement(GSXML.PARAM_ELEM);
-                messageParam.setAttribute(GSXML.NAME_ATT, "loginMessage");
-                messageParam.setAttribute(GSXML.VALUE_ATT, "Either your username or password was incorrect, please try again.");
-                paramList.appendChild(messageParam);
-
-                Element urlParam = this.doc.createElement(GSXML.PARAM_ELEM);
-                urlParam.setAttribute(GSXML.NAME_ATT, "redirectURL");
-                String queryString = "";
-                if (request.getQueryString() != null)
-                {
-                    queryString = "?" + request.getQueryString().replace("&", "&amp;");
-                }
-                urlParam.setAttribute(GSXML.VALUE_ATT, this.getServletName() + queryString);
-                paramList.appendChild(urlParam);
-
-                Node loginPageResponse = this.recept.process(loginPageMessage);
-                out.println(this.converter.getPrettyString(loginPageResponse));
-
-                return false;
-            }
-        }
-
-        //If a user is logged in
-        if (request.getAuthType() != null)
-        {
-            Element userInformation = this.doc.createElement(GSXML.USER_INFORMATION_ELEM);
-            userInformation.setAttribute("username", request.getUserPrincipal().getName());
-
-            Element userInfoMessage = this.doc.createElement(GSXML.MESSAGE_ELEM);
-            Element userInfoRequest = GSXML.createBasicRequest(this.doc, GSXML.REQUEST_TYPE_SECURITY, "GetUserInformation", userContext);
-            userInfoMessage.appendChild(userInfoRequest);
-
-            Element paramList = this.doc.createElement(GSXML.PARAM_ELEM + GSXML.LIST_MODIFIER);
-            userInfoRequest.appendChild(paramList);
-
-            Element param = this.doc.createElement(GSXML.PARAM_ELEM);
-            param.setAttribute(GSXML.NAME_ATT, GSXML.USERNAME_ATT);
-            param.setAttribute(GSXML.VALUE_ATT, request.getUserPrincipal().getName());
-            paramList.appendChild(param);
-
-            Element userInformationResponse = (Element) GSXML.getChildByTagName(this.recept.process(userInfoMessage), GSXML.RESPONSE_ELEM);
-            Element responseParamList = (Element) GSXML.getChildByTagName(userInformationResponse, GSXML.PARAM_ELEM + GSXML.LIST_MODIFIER);
-            if (responseParamList == null)
-            {
-                logger.error("Can't get the groups for user " + request.getUserPrincipal().getName());
-            }
-            else
-            {
-                HashMap<String, Serializable> responseParams = GSXML.extractParams(responseParamList, true);
-                String groups = (String) responseParams.get(GSXML.GROUPS_ATT);
-
-                userInformation.setAttribute(GSXML.GROUPS_ATT, groups);
-                xml_request.appendChild(userInformation);
-            }
-        }
-
-        //If we are in a collection-related page then make sure this user is allowed to access it
-        if (collection != null && !collection.equals(""))
-        {
-            //Get the security info for this collection
-            Element securityMessage = this.doc.createElement(GSXML.MESSAGE_ELEM);
-            Element securityRequest = GSXML.createBasicRequest(this.doc, GSXML.REQUEST_TYPE_SECURITY, collection, userContext);
-            securityMessage.appendChild(securityRequest);
-            if (document != null && !document.equals(""))
-            {
-                securityRequest.setAttribute(GSXML.NODE_OID, document);
-            }
-
-            Element securityResponse = (Element) GSXML.getChildByTagName(this.recept.process(securityMessage), GSXML.RESPONSE_ELEM);
-            if (securityResponse == null)
-            {
-                return false;
-            }
-
-            ArrayList<String> groups = GSXML.getGroupsFromSecurityResponse(securityResponse);
-
-            //If guests are not allowed to access this page then check to see if the user is in a group that is allowed to access the page
-            if (!groups.contains(""))
-            {
-                boolean found = false;
-                for (String group : groups)
-                {
-                    if (request.isUserInRole(group))
-                    {
-                        found = true;
-                        break;
-                    }
-                }
-
-                //The current user is not allowed to access the page so produce a login page
-                if (!found)
-                {
+                try
+                {
+                    //If the global login fails then try a site-level login
+                    String siteName = (String) this.recept.getConfigParams().get(GSConstants.SITE_NAME);
+                    request.login(siteName + "-" + username, password);
+                }
+                catch (Exception exc)
+                {
+                    //The user entered in either the wrong username or the wrong password
                     Element loginPageMessage = this.doc.createElement(GSXML.MESSAGE_ELEM);
                     Element loginPageRequest = GSXML.createBasicRequest(this.doc, GSXML.REQUEST_TYPE_PAGE, "", userContext);
@@ -946 +868 @@
                     Element messageParam = this.doc.createElement(GSXML.PARAM_ELEM);
                     messageParam.setAttribute(GSXML.NAME_ATT, "loginMessage");
+                    messageParam.setAttribute(GSXML.VALUE_ATT, "Either your username or password was incorrect, please try again.");
+                    paramList.appendChild(messageParam);
+
+                    Element urlParam = this.doc.createElement(GSXML.PARAM_ELEM);
+                    urlParam.setAttribute(GSXML.NAME_ATT, "redirectURL");
+                    String queryString = "";
+                    if (request.getQueryString() != null)
+                    {
+                        queryString = "?" + request.getQueryString().replace("&", "&amp;");
+                    }
+                    urlParam.setAttribute(GSXML.VALUE_ATT, this.getServletName() + queryString);
+                    paramList.appendChild(urlParam);
+
+                    Node loginPageResponse = this.recept.process(loginPageMessage);
+                    out.println(this.converter.getPrettyString(loginPageResponse));
+
+                    return false;
+                }
+            }
+        }
+
+        //If a user is logged in
+        if (request.getAuthType() != null)
+        {
+            Element userInformation = this.doc.createElement(GSXML.USER_INFORMATION_ELEM);
+            userInformation.setAttribute(GSXML.USERNAME_ATT, request.getUserPrincipal().getName());
+
+            Element userInfoMessage = this.doc.createElement(GSXML.MESSAGE_ELEM);
+            Element userInfoRequest = GSXML.createBasicRequest(this.doc, GSXML.REQUEST_TYPE_SECURITY, "GetUserInformation", userContext);
+            userInfoMessage.appendChild(userInfoRequest);
+
+            Element paramList = this.doc.createElement(GSXML.PARAM_ELEM + GSXML.LIST_MODIFIER);
+            userInfoRequest.appendChild(paramList);
+
+            Element param = this.doc.createElement(GSXML.PARAM_ELEM);
+            param.setAttribute(GSXML.NAME_ATT, GSXML.USERNAME_ATT);
+            param.setAttribute(GSXML.VALUE_ATT, request.getUserPrincipal().getName());
+            paramList.appendChild(param);
+
+            Element userInformationResponse = (Element) GSXML.getChildByTagName(this.recept.process(userInfoMessage), GSXML.RESPONSE_ELEM);
+            Element responseParamList = (Element) GSXML.getChildByTagName(userInformationResponse, GSXML.PARAM_ELEM + GSXML.LIST_MODIFIER);
+            if (responseParamList == null)
+            {
+                logger.error("Can't get the groups for user " + request.getUserPrincipal().getName());
+            }
+            else
+            {
+                HashMap<String, Serializable> responseParams = GSXML.extractParams(responseParamList, true);
+                String groups = (String) responseParams.get(GSXML.GROUPS_ATT);
+
+                userInformation.setAttribute(GSXML.GROUPS_ATT, groups);
+                xml_request.appendChild(userInformation);
+            }
+        }
+
+        //If we are in a collection-related page then make sure this user is allowed to access it
+        if (collection != null && !collection.equals(""))
+        {
+            //Get the security info for this collection
+            Element securityMessage = this.doc.createElement(GSXML.MESSAGE_ELEM);
+            Element securityRequest = GSXML.createBasicRequest(this.doc, GSXML.REQUEST_TYPE_SECURITY, collection, userContext);
+            securityMessage.appendChild(securityRequest);
+            if (document != null && !document.equals(""))
+            {
+                securityRequest.setAttribute(GSXML.NODE_OID, document);
+            }
+
+            Element securityResponse = (Element) GSXML.getChildByTagName(this.recept.process(securityMessage), GSXML.RESPONSE_ELEM);
+            if (securityResponse == null)
+            {
+                return false;
+            }
+
+            ArrayList<String> groups = GSXML.getGroupsFromSecurityResponse(securityResponse);
+
+            //If guests are not allowed to access this page then check to see if the user is in a group that is allowed to access the page
+            if (!groups.contains(""))
+            {
+                boolean found = false;
+                for (String group : groups)
+                {
+                    if (request.isUserInRole(group))
+                    {
+                        found = true;
+                        break;
+                    }
+                }
+
+                //The current user is not allowed to access the page so produce a login page
+                if (!found)
+                {
+                    Element loginPageMessage = this.doc.createElement(GSXML.MESSAGE_ELEM);
+                    Element loginPageRequest = GSXML.createBasicRequest(this.doc, GSXML.REQUEST_TYPE_PAGE, "", userContext);
+                    loginPageRequest.setAttribute(GSXML.ACTION_ATT, "p");
+                    loginPageRequest.setAttribute(GSXML.SUBACTION_ATT, "login");
+                    loginPageRequest.setAttribute(GSXML.OUTPUT_ATT, "html");
+                    loginPageRequest.setAttribute(GSXML.BASE_URL, baseURL);
+                    loginPageMessage.appendChild(loginPageRequest);
+
+                    Element paramList = this.doc.createElement(GSXML.PARAM_ELEM + GSXML.LIST_MODIFIER);
+                    loginPageRequest.appendChild(paramList);
+
+                    Element messageParam = this.doc.createElement(GSXML.PARAM_ELEM);
+                    messageParam.setAttribute(GSXML.NAME_ATT, "loginMessage");
                     if (request.getAuthType() == null)
                     {
@@ -1020 +1046 @@
     protected void encodeURLs(Node dataNode, HttpServletResponse response)
     {
-
         if (dataNode == null)
         {
@@ -1087 +1112 @@
     }
 
+    protected String getFirstParam(String name, Map<String, String[]> map)
+    {
+        String[] val = map.get(name);
+        if (val == null || val.length == 0)
+        {
+            return null;
+        }
+
+        return val[0];
+    }
+
     synchronized protected int getNextUserId()
     {
@@ -1095 +1131 @@
     public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
     {
-        doGet(request, response);
+        //Check if we need to process a file upload
+        if (ServletFileUpload.isMultipartContent(request))
+        {
+            DiskFileItemFactory fileItemFactory = new DiskFileItemFactory();
+
+            int sizeLimit = System.getProperties().containsKey("servlet.upload.filesize.limit") ? Integer.parseInt(System.getProperty("servlet.upload.filesize.limit")) : 100 * 1024 * 1024;
+
+            File tempDir = new File(GlobalProperties.getGSDL3Home() + File.separator + "tmp");
+            if (!tempDir.exists())
+            {
+                tempDir.mkdirs();
+            }
+
+            //We want all files to be stored on disk (hence the 0)
+            fileItemFactory.setSizeThreshold(0);
+            fileItemFactory.setRepository(tempDir);
+
+            ServletFileUpload uploadHandler = new ServletFileUpload(fileItemFactory);
+            uploadHandler.setFileSizeMax(sizeLimit);
+
+            HashMap<String, String[]> queryMap = new HashMap<String, String[]>();
+            try
+            {
+                List items = uploadHandler.parseRequest(request);
+                Iterator iter = items.iterator();
+                while (iter.hasNext())
+                {
+                    FileItem current = (FileItem) iter.next();
+                    if (current.isFormField())
+                    {
+                        queryMap.put(current.getFieldName(), new String[] { current.getString() });
+                    }
+                    else if (current.getName() != null && !current.getName().equals(""))
+                    {
+                        File file = new File(tempDir, current.getName());
+                        current.write(file);
+                    }
+                }
+            }
+            catch (Exception e)
+            {
+                e.printStackTrace();
+            }
+
+            doGetOrPost(request, response, queryMap);
+        }
+        else
+        {
+            doGetOrPost(request, response, request.getParameterMap());
+        }
     }
 }