- Timestamp:
- 2013-06-13T13:13:46+12:00 (11 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
main/trunk/greenstone3/src/java/org/greenstone/gsdl3/LibraryServlet.java
r27074 r27617 1 1 package org.greenstone.gsdl3; 2 2 3 import java.io.File; 4 import java.io.FileInputStream; 5 import java.io.FileOutputStream; 3 6 import java.io.IOException; 4 7 import java.io.PrintWriter; 5 8 import java.io.Serializable; 6 9 import java.lang.reflect.Type; 10 import java.nio.channels.FileChannel; 7 11 import java.util.ArrayList; 12 import java.util.Collection; 8 13 import java.util.Enumeration; 9 14 import java.util.HashMap; … … 21 26 import javax.servlet.http.HttpSessionBindingEvent; 22 27 import javax.servlet.http.HttpSessionBindingListener; 23 28 import javax.servlet.http.Part; 29 30 import org.apache.commons.fileupload.FileItem; 31 import org.apache.commons.fileupload.disk.DiskFileItemFactory; 32 import org.apache.commons.fileupload.servlet.ServletFileUpload; 24 33 import org.apache.commons.lang3.StringUtils; 25 34 import org.apache.log4j.Logger; … … 36 45 import org.greenstone.gsdl3.util.UserContext; 37 46 import org.greenstone.gsdl3.util.XMLConverter; 47 import org.greenstone.util.GlobalProperties; 38 48 import org.json.JSONObject; 39 49 import org.w3c.dom.Document; … … 169 179 } 170 180 171 HashMap<String, Comparable> config_params = new HashMap<String, Comparable>();181 HashMap<String, Object> config_params = new HashMap<String, Object>(); 172 182 173 183 config_params.put(GSConstants.LIBRARY_NAME, library_name); … … 315 325 public class UserSessionCache implements HttpSessionBindingListener 316 326 { 317 318 327 String session_id = ""; 319 328 … … 368 377 } 369 378 370 public void doGet (HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException379 public void doGetOrPost(HttpServletRequest request, HttpServletResponse response, Map<String, String[]> queryMap) throws ServletException, IOException 371 380 { 372 381 logUsageInfo(request); 373 382 374 Map<String, String[]> queryMap = request.getParameterMap();375 383 if (queryMap != null) 376 384 { … … 380 388 String rl = null; 381 389 String el = null; 390 382 391 while (queryIter.hasNext()) 383 392 { … … 437 446 PrintWriter out = response.getWriter(); 438 447 439 String lang = request.getParameter(GSParams.LANGUAGE);448 String lang = getFirstParam(GSParams.LANGUAGE, queryMap); 440 449 if (lang == null || lang.equals("")) 441 450 { … … 454 463 if (request.getAuthType() != null) 455 464 { 465 //Get the username 466 userContext.setUsername(request.getUserPrincipal().getName()); 467 456 468 //Get the groups for the user 457 469 Element acquireGroupMessage = this.doc.createElement(GSXML.MESSAGE_ELEM); … … 461 473 Element paramList = this.doc.createElement(GSXML.PARAM_ELEM + GSXML.LIST_MODIFIER); 462 474 acquireGroupRequest.appendChild(paramList); 463 paramList.appendChild(GSXML.createParameter(this.doc, "username", request.getUserPrincipal().getName()));475 paramList.appendChild(GSXML.createParameter(this.doc, GSXML.USERNAME_ATT, request.getUserPrincipal().getName())); 464 476 465 477 Element aquireGroupsResponseMessage = (Element) this.recept.process(acquireGroupMessage); … … 478 490 session.setAttribute(GSParams.LANGUAGE, lang); 479 491 480 String output = request.getParameter(GSParams.OUTPUT);492 String output = getFirstParam(GSParams.OUTPUT, queryMap); 481 493 if (output == null || output.equals("")) 482 494 { … … 517 529 xml_message.appendChild(xml_request); 518 530 519 String action = request.getParameter(GSParams.ACTION);520 String subaction = request.getParameter(GSParams.SUBACTION);521 String collection = request.getParameter(GSParams.COLLECTION);522 String document = request.getParameter(GSParams.DOCUMENT);523 String service = request.getParameter(GSParams.SERVICE);531 String action = getFirstParam(GSParams.ACTION, queryMap); 532 String subaction = getFirstParam(GSParams.SUBACTION, queryMap); 533 String collection = getFirstParam(GSParams.COLLECTION, queryMap); 534 String document = getFirstParam(GSParams.DOCUMENT, queryMap); 535 String service = getFirstParam(GSParams.SERVICE, queryMap); 524 536 525 537 // We clean up the cache session_ids_table if system … … 536 548 // collection param is in the sc parameter. 537 549 // don't like the fact that it is hard coded here 538 String coll = request.getParameter(GSParams.SYSTEM_CLUSTER);550 String coll = getFirstParam(GSParams.SYSTEM_CLUSTER, queryMap); 539 551 if (coll != null && !coll.equals("")) 540 552 { … … 547 559 if (subaction.equals("a") || subaction.equals("d")) 548 560 { 549 String module_name = request.getParameter("sn");561 String module_name = getFirstParam("sn", queryMap); 550 562 if (module_name != null && !module_name.equals("")) 551 563 { … … 655 667 656 668 String value = ""; 657 String[] values = request.getParameterValues(name);669 String[] values = queryMap.get(name); 658 670 value = values[0]; 659 671 if (values.length > 1) … … 722 734 723 735 //Add custom HTTP headers if requested 724 String httpHeadersParam = request.getParameter(GSParams.HTTP_HEADER_FIELDS);736 String httpHeadersParam = getFirstParam(GSParams.HTTP_HEADER_FIELDS, queryMap); 725 737 if (httpHeadersParam != null && httpHeadersParam.length() > 0) 726 738 { … … 768 780 xml_request.setAttribute("fullURL", fullURL.replace("&", "&")); 769 781 770 if (!runSecurityChecks(request, xml_request, userContext, out, baseURL, collection, document ))782 if (!runSecurityChecks(request, xml_request, userContext, out, baseURL, collection, document, queryMap)) 771 783 { 772 784 return; … … 798 810 799 811 displaySize(session_ids_table); 800 812 } 813 814 public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException 815 { 816 doGetOrPost(request, response, request.getParameterMap()); 801 817 } //end of doGet(HttpServletRequest, HttpServletResponse) 802 818 803 private boolean runSecurityChecks(HttpServletRequest request, Element xml_request, UserContext userContext, PrintWriter out, String baseURL, String collection, String document ) throws ServletException819 private boolean runSecurityChecks(HttpServletRequest request, Element xml_request, UserContext userContext, PrintWriter out, String baseURL, String collection, String document, Map<String, String[]> queryMap) throws ServletException 804 820 { 805 821 //Check if we need to login or logout 806 Map<String, String[]> params = request.getParameterMap(); 807 String[] username = params.get("username"); 808 String[] password = params.get("password"); 809 String[] logout = params.get("logout"); 822 String username = getFirstParam("username", queryMap); 823 String password = getFirstParam("password", queryMap); 824 String logout = getFirstParam("logout", queryMap); 810 825 811 826 if (logout != null) … … 822 837 } 823 838 839 //This try/catch block catches when the login request fails (e.g. The user enters an incorrect password). 824 840 try 825 841 { 826 password[0] = Authentication.hashPassword(password[0]); 827 request.login(username[0], password[0]); 842 //Try a global login first 843 password = Authentication.hashPassword(password); 844 request.login(username, password); 828 845 } 829 846 catch (Exception ex) 830 847 { 831 //The user entered in either the wrong username or the wrong password 832 Element loginPageMessage = this.doc.createElement(GSXML.MESSAGE_ELEM); 833 Element loginPageRequest = GSXML.createBasicRequest(this.doc, GSXML.REQUEST_TYPE_PAGE, "", userContext); 834 loginPageRequest.setAttribute(GSXML.ACTION_ATT, "p"); 835 loginPageRequest.setAttribute(GSXML.SUBACTION_ATT, "login"); 836 loginPageRequest.setAttribute(GSXML.OUTPUT_ATT, "html"); 837 loginPageRequest.setAttribute(GSXML.BASE_URL, baseURL); 838 loginPageMessage.appendChild(loginPageRequest); 839 840 Element paramList = this.doc.createElement(GSXML.PARAM_ELEM + GSXML.LIST_MODIFIER); 841 loginPageRequest.appendChild(paramList); 842 843 Element messageParam = this.doc.createElement(GSXML.PARAM_ELEM); 844 messageParam.setAttribute(GSXML.NAME_ATT, "loginMessage"); 845 messageParam.setAttribute(GSXML.VALUE_ATT, "Either your username or password was incorrect, please try again."); 846 paramList.appendChild(messageParam); 847 848 Element urlParam = this.doc.createElement(GSXML.PARAM_ELEM); 849 urlParam.setAttribute(GSXML.NAME_ATT, "redirectURL"); 850 String queryString = ""; 851 if (request.getQueryString() != null) 852 { 853 queryString = "?" + request.getQueryString().replace("&", "&"); 854 } 855 urlParam.setAttribute(GSXML.VALUE_ATT, this.getServletName() + queryString); 856 paramList.appendChild(urlParam); 857 858 Node loginPageResponse = this.recept.process(loginPageMessage); 859 out.println(this.converter.getPrettyString(loginPageResponse)); 860 861 return false; 862 } 863 } 864 865 //If a user is logged in 866 if (request.getAuthType() != null) 867 { 868 Element userInformation = this.doc.createElement(GSXML.USER_INFORMATION_ELEM); 869 userInformation.setAttribute("username", request.getUserPrincipal().getName()); 870 871 Element userInfoMessage = this.doc.createElement(GSXML.MESSAGE_ELEM); 872 Element userInfoRequest = GSXML.createBasicRequest(this.doc, GSXML.REQUEST_TYPE_SECURITY, "GetUserInformation", userContext); 873 userInfoMessage.appendChild(userInfoRequest); 874 875 Element paramList = this.doc.createElement(GSXML.PARAM_ELEM + GSXML.LIST_MODIFIER); 876 userInfoRequest.appendChild(paramList); 877 878 Element param = this.doc.createElement(GSXML.PARAM_ELEM); 879 param.setAttribute(GSXML.NAME_ATT, GSXML.USERNAME_ATT); 880 param.setAttribute(GSXML.VALUE_ATT, request.getUserPrincipal().getName()); 881 paramList.appendChild(param); 882 883 Element userInformationResponse = (Element) GSXML.getChildByTagName(this.recept.process(userInfoMessage), GSXML.RESPONSE_ELEM); 884 Element responseParamList = (Element) GSXML.getChildByTagName(userInformationResponse, GSXML.PARAM_ELEM + GSXML.LIST_MODIFIER); 885 if (responseParamList == null) 886 { 887 logger.error("Can't get the groups for user " + request.getUserPrincipal().getName()); 888 } 889 else 890 { 891 HashMap<String, Serializable> responseParams = GSXML.extractParams(responseParamList, true); 892 String groups = (String) responseParams.get(GSXML.GROUPS_ATT); 893 894 userInformation.setAttribute(GSXML.GROUPS_ATT, groups); 895 xml_request.appendChild(userInformation); 896 } 897 } 898 899 //If we are in a collection-related page then make sure this user is allowed to access it 900 if (collection != null && !collection.equals("")) 901 { 902 //Get the security info for this collection 903 Element securityMessage = this.doc.createElement(GSXML.MESSAGE_ELEM); 904 Element securityRequest = GSXML.createBasicRequest(this.doc, GSXML.REQUEST_TYPE_SECURITY, collection, userContext); 905 securityMessage.appendChild(securityRequest); 906 if (document != null && !document.equals("")) 907 { 908 securityRequest.setAttribute(GSXML.NODE_OID, document); 909 } 910 911 Element securityResponse = (Element) GSXML.getChildByTagName(this.recept.process(securityMessage), GSXML.RESPONSE_ELEM); 912 if (securityResponse == null) 913 { 914 return false; 915 } 916 917 ArrayList<String> groups = GSXML.getGroupsFromSecurityResponse(securityResponse); 918 919 //If guests are not allowed to access this page then check to see if the user is in a group that is allowed to access the page 920 if (!groups.contains("")) 921 { 922 boolean found = false; 923 for (String group : groups) 924 { 925 if (request.isUserInRole(group)) 926 { 927 found = true; 928 break; 929 } 930 } 931 932 //The current user is not allowed to access the page so produce a login page 933 if (!found) 934 { 848 try 849 { 850 //If the global login fails then try a site-level login 851 String siteName = (String) this.recept.getConfigParams().get(GSConstants.SITE_NAME); 852 request.login(siteName + "-" + username, password); 853 } 854 catch (Exception exc) 855 { 856 //The user entered in either the wrong username or the wrong password 935 857 Element loginPageMessage = this.doc.createElement(GSXML.MESSAGE_ELEM); 936 858 Element loginPageRequest = GSXML.createBasicRequest(this.doc, GSXML.REQUEST_TYPE_PAGE, "", userContext); … … 946 868 Element messageParam = this.doc.createElement(GSXML.PARAM_ELEM); 947 869 messageParam.setAttribute(GSXML.NAME_ATT, "loginMessage"); 870 messageParam.setAttribute(GSXML.VALUE_ATT, "Either your username or password was incorrect, please try again."); 871 paramList.appendChild(messageParam); 872 873 Element urlParam = this.doc.createElement(GSXML.PARAM_ELEM); 874 urlParam.setAttribute(GSXML.NAME_ATT, "redirectURL"); 875 String queryString = ""; 876 if (request.getQueryString() != null) 877 { 878 queryString = "?" + request.getQueryString().replace("&", "&"); 879 } 880 urlParam.setAttribute(GSXML.VALUE_ATT, this.getServletName() + queryString); 881 paramList.appendChild(urlParam); 882 883 Node loginPageResponse = this.recept.process(loginPageMessage); 884 out.println(this.converter.getPrettyString(loginPageResponse)); 885 886 return false; 887 } 888 } 889 } 890 891 //If a user is logged in 892 if (request.getAuthType() != null) 893 { 894 Element userInformation = this.doc.createElement(GSXML.USER_INFORMATION_ELEM); 895 userInformation.setAttribute(GSXML.USERNAME_ATT, request.getUserPrincipal().getName()); 896 897 Element userInfoMessage = this.doc.createElement(GSXML.MESSAGE_ELEM); 898 Element userInfoRequest = GSXML.createBasicRequest(this.doc, GSXML.REQUEST_TYPE_SECURITY, "GetUserInformation", userContext); 899 userInfoMessage.appendChild(userInfoRequest); 900 901 Element paramList = this.doc.createElement(GSXML.PARAM_ELEM + GSXML.LIST_MODIFIER); 902 userInfoRequest.appendChild(paramList); 903 904 Element param = this.doc.createElement(GSXML.PARAM_ELEM); 905 param.setAttribute(GSXML.NAME_ATT, GSXML.USERNAME_ATT); 906 param.setAttribute(GSXML.VALUE_ATT, request.getUserPrincipal().getName()); 907 paramList.appendChild(param); 908 909 Element userInformationResponse = (Element) GSXML.getChildByTagName(this.recept.process(userInfoMessage), GSXML.RESPONSE_ELEM); 910 Element responseParamList = (Element) GSXML.getChildByTagName(userInformationResponse, GSXML.PARAM_ELEM + GSXML.LIST_MODIFIER); 911 if (responseParamList == null) 912 { 913 logger.error("Can't get the groups for user " + request.getUserPrincipal().getName()); 914 } 915 else 916 { 917 HashMap<String, Serializable> responseParams = GSXML.extractParams(responseParamList, true); 918 String groups = (String) responseParams.get(GSXML.GROUPS_ATT); 919 920 userInformation.setAttribute(GSXML.GROUPS_ATT, groups); 921 xml_request.appendChild(userInformation); 922 } 923 } 924 925 //If we are in a collection-related page then make sure this user is allowed to access it 926 if (collection != null && !collection.equals("")) 927 { 928 //Get the security info for this collection 929 Element securityMessage = this.doc.createElement(GSXML.MESSAGE_ELEM); 930 Element securityRequest = GSXML.createBasicRequest(this.doc, GSXML.REQUEST_TYPE_SECURITY, collection, userContext); 931 securityMessage.appendChild(securityRequest); 932 if (document != null && !document.equals("")) 933 { 934 securityRequest.setAttribute(GSXML.NODE_OID, document); 935 } 936 937 Element securityResponse = (Element) GSXML.getChildByTagName(this.recept.process(securityMessage), GSXML.RESPONSE_ELEM); 938 if (securityResponse == null) 939 { 940 return false; 941 } 942 943 ArrayList<String> groups = GSXML.getGroupsFromSecurityResponse(securityResponse); 944 945 //If guests are not allowed to access this page then check to see if the user is in a group that is allowed to access the page 946 if (!groups.contains("")) 947 { 948 boolean found = false; 949 for (String group : groups) 950 { 951 if (request.isUserInRole(group)) 952 { 953 found = true; 954 break; 955 } 956 } 957 958 //The current user is not allowed to access the page so produce a login page 959 if (!found) 960 { 961 Element loginPageMessage = this.doc.createElement(GSXML.MESSAGE_ELEM); 962 Element loginPageRequest = GSXML.createBasicRequest(this.doc, GSXML.REQUEST_TYPE_PAGE, "", userContext); 963 loginPageRequest.setAttribute(GSXML.ACTION_ATT, "p"); 964 loginPageRequest.setAttribute(GSXML.SUBACTION_ATT, "login"); 965 loginPageRequest.setAttribute(GSXML.OUTPUT_ATT, "html"); 966 loginPageRequest.setAttribute(GSXML.BASE_URL, baseURL); 967 loginPageMessage.appendChild(loginPageRequest); 968 969 Element paramList = this.doc.createElement(GSXML.PARAM_ELEM + GSXML.LIST_MODIFIER); 970 loginPageRequest.appendChild(paramList); 971 972 Element messageParam = this.doc.createElement(GSXML.PARAM_ELEM); 973 messageParam.setAttribute(GSXML.NAME_ATT, "loginMessage"); 948 974 if (request.getAuthType() == null) 949 975 { … … 1020 1046 protected void encodeURLs(Node dataNode, HttpServletResponse response) 1021 1047 { 1022 1023 1048 if (dataNode == null) 1024 1049 { … … 1087 1112 } 1088 1113 1114 protected String getFirstParam(String name, Map<String, String[]> map) 1115 { 1116 String[] val = map.get(name); 1117 if (val == null || val.length == 0) 1118 { 1119 return null; 1120 } 1121 1122 return val[0]; 1123 } 1124 1089 1125 synchronized protected int getNextUserId() 1090 1126 { … … 1095 1131 public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException 1096 1132 { 1097 doGet(request, response); 1133 //Check if we need to process a file upload 1134 if (ServletFileUpload.isMultipartContent(request)) 1135 { 1136 DiskFileItemFactory fileItemFactory = new DiskFileItemFactory(); 1137 1138 int sizeLimit = System.getProperties().containsKey("servlet.upload.filesize.limit") ? Integer.parseInt(System.getProperty("servlet.upload.filesize.limit")) : 100 * 1024 * 1024; 1139 1140 File tempDir = new File(GlobalProperties.getGSDL3Home() + File.separator + "tmp"); 1141 if (!tempDir.exists()) 1142 { 1143 tempDir.mkdirs(); 1144 } 1145 1146 //We want all files to be stored on disk (hence the 0) 1147 fileItemFactory.setSizeThreshold(0); 1148 fileItemFactory.setRepository(tempDir); 1149 1150 ServletFileUpload uploadHandler = new ServletFileUpload(fileItemFactory); 1151 uploadHandler.setFileSizeMax(sizeLimit); 1152 1153 HashMap<String, String[]> queryMap = new HashMap<String, String[]>(); 1154 try 1155 { 1156 List items = uploadHandler.parseRequest(request); 1157 Iterator iter = items.iterator(); 1158 while (iter.hasNext()) 1159 { 1160 FileItem current = (FileItem) iter.next(); 1161 if (current.isFormField()) 1162 { 1163 queryMap.put(current.getFieldName(), new String[] { current.getString() }); 1164 } 1165 else if (current.getName() != null && !current.getName().equals("")) 1166 { 1167 File file = new File(tempDir, current.getName()); 1168 current.write(file); 1169 } 1170 } 1171 } 1172 catch (Exception e) 1173 { 1174 e.printStackTrace(); 1175 } 1176 1177 doGetOrPost(request, response, queryMap); 1178 } 1179 else 1180 { 1181 doGetOrPost(request, response, request.getParameterMap()); 1182 } 1098 1183 } 1099 1184 }
Note:
See TracChangeset
for help on using the changeset viewer.