Changeset 28958
- Timestamp:
- 2014-04-03T17:34:44+13:00 (10 years ago)
- Location:
- main/trunk
- Files:
-
- 1 added
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
main/trunk/greenstone2/common-src/cgi-bin/gliserver.pl
r27411 r28958 196 196 } 197 197 198 my $users_db_content;199 198 if($gsdl_cgi->greenstone_version() == 2) { 199 my $users_db_content; 200 200 my $etc_directory = &util::filename_cat($ENV{'GSDLHOME'}, "etc"); 201 201 my $users_db_file_path = &util::filename_cat($etc_directory, "users.gdb"); … … 208 208 } 209 209 close(USERS_DB); 210 }211 elsif($gsdl_cgi->greenstone_version() == 3) {212 my $gsdl3srchome = $ENV{'GSDL3SRCHOME'};213 214 my $java = $gsdl_cgi->get_java_path();215 my $java_gsdl3_classpath = &util::filename_cat($gsdl3srchome, "web", "WEB-INF", "lib", "gsdl3.jar");216 my $java_derby_classpath = &util::filename_cat($gsdl3srchome, "web", "WEB-INF", "lib", "derby.jar");217 my $java_classpath;218 my $gsdlos = $ENV{'GSDLOS'};219 if ($gsdlos !~ m/windows/){220 $java_classpath = $java_gsdl3_classpath . ":" . $java_derby_classpath;221 }else{222 $java_classpath = $java_gsdl3_classpath . ";" . $java_derby_classpath;223 }224 my $java_args = &util::filename_cat($gsdl3srchome, "web", "sites", $site, "etc", "usersDB");225 $gsdl_cgi->checked_chdir($java_args);226 my $java_command="\"$java\" -classpath \"$java_classpath\" org.greenstone.gsdl3.util.usersDB2txt \"$java_args\" 2>&1";227 $users_db_content = `$java_command`;228 }229 210 230 211 # Get the user account information from the usersDB database … … 232 213 233 214 # a line dividing one user entry from another is made up of 70 hyphens for GS2 (37 hyphens for GS3) 234 my $horizontal_divider = ($gsdl_cgi->greenstone_version() == 2) ? q/-{70}/ : q/-{37}/;215 my $horizontal_divider = q/-{70}/; 235 216 foreach my $users_db_entry (split($horizontal_divider, $users_db_content)) { 236 217 if ($users_db_entry =~ m/\n?\[(.+)\]\n/ || $users_db_entry =~ m/\n?USERNAME = ([^\n]*)\n/) { # GS2 and GS3 formats … … 246 227 247 228 # Check password 248 my $pwdLine = ($gsdl_cgi->greenstone_version() == 2) ? q/\<password\>(.*)/ : q/\n?PASSWORD = (.*)\n/;229 my $pwdLine = q/\<password\>(.*)/; 249 230 my ($valid_user_password) = ($user_data =~ m/$pwdLine/); 250 231 if ($user_password ne $valid_user_password) { … … 253 234 254 235 # Check group 255 my $groupLine = ($gsdl_cgi->greenstone_version() == 2) ? q/\<groups\>(.*)/ : q/\n?GROUPS = (.*)\n/;236 my $groupLine = q/\<groups\>(.*)/; 256 237 my ($user_groups) = ($user_data =~ m/$groupLine/); 257 238 … … 276 257 } 277 258 $gsdl_cgi->generate_error("Authentication failed: user is not in the required group."); 259 } 260 261 # "GS3\web\WEB-INF\lib\gsdl3.jar;GS3\web\WEB-INF\lib\derby.jar" 262 # org.greenstone.gsdl3.util.usersDBRealm2txt "GSDL3SRCHOME" username pwd <col> 2>&1 263 elsif($gsdl_cgi->greenstone_version() == 3) { 264 my $gsdl3srchome = $ENV{'GSDL3SRCHOME'}; 265 266 my $java = $gsdl_cgi->get_java_path(); 267 my $java_gsdl3_classpath = &util::filename_cat($gsdl3srchome, "web", "WEB-INF", "lib", "gsdl3.jar"); 268 my $java_derby_classpath = &util::filename_cat($gsdl3srchome, "web", "WEB-INF", "lib", "derby.jar"); 269 my $java_classpath; 270 my $gsdlos = $ENV{'GSDLOS'}; 271 if ($gsdlos !~ m/windows/){ 272 $java_classpath = $java_gsdl3_classpath . ":" . $java_derby_classpath; 273 }else{ 274 $java_classpath = $java_gsdl3_classpath . ";" . $java_derby_classpath; 275 } 276 my $java_args = "\"$gsdl3srchome\" \"$username\" \"$user_password\""; 277 if ($collection ne "") { 278 $java_args += " \"$collection\""; 279 } 280 281 $gsdl_cgi->checked_chdir($gsdl3srchome); 282 my $java_command="\"$java\" -classpath \"$java_classpath\" org.greenstone.gsdl3.util.ServletRealmCheck $java_args 2>&1"; # call it ServletRealmCheck 283 my $java_output = `$java_command`; 284 if ($java_output =~ m/^Authentication failed:/) { # $java_output contains the error message 285 $gsdl_cgi->generate_error($java_output); # "\nJAVA_COMMAND: $java_command\n" 286 } 287 else { # success, $java_output is the user_groups list 288 return $java_output; 289 } 290 } 278 291 } 279 292 … … 898 911 foreach $sites_dir(@sites_dir) 899 912 { 900 if (!(($sites_dir eq ".") || ($sites_dir eq "..") || ($sites_dir eq "CVS") || ($sites_dir eq ".DS_Store") ))913 if (!(($sites_dir eq ".") || ($sites_dir eq "..") || ($sites_dir eq "CVS") || ($sites_dir eq ".DS_Store") || ($sites_dir eq "ADDING-A-SITE.txt"))) 901 914 { 902 915 my $site_dir_path= &util::filename_cat($sites_directory,$sites_dir); -
main/trunk/greenstone3/src/java/org/greenstone/gsdl3/action/SystemAction.java
r28382 r28958 50 50 to = coll; 51 51 } 52 else if(subaction.equals("authenticated-ping")) { 53 to = "RemoteAuthentication"; // not "Authentication/RemoteAuthentication": MessageRouter knows to map the RemoteAuthentication service to the Authentication module 54 } 52 55 53 56 Element mr_request_message = doc.createElement(GSXML.MESSAGE_ELEM); … … 85 88 system.setAttribute(GSXML.TYPE_ATT, GSXML.SYSTEM_TYPE_PING); 86 89 } 90 else if (subaction.equals("authenticated-ping")) { // can check whether a given username and password authenticates 91 92 String username = (String) params.get(GSParams.UN); 93 String password = (String) params.get(GSParams.PW); 94 95 96 system.setAttribute(GSXML.TYPE_ATT, GSXML.SYSTEM_TYPE_AUTHENTICATED_PING); 97 system.setAttribute(GSXML.USERNAME_ATT, username); 98 system.setAttribute(GSXML.PASSWORD_ATT, password); 99 100 if(params.containsKey("col")) {//params.containsKey(GSParams.COLLECTION)) { 101 String collection = (String) params.get("col");//(String) params.get(GSParams.COLLECTION); 102 system.setAttribute(GSXML.COLLECTION_ATT, collection); 103 } 104 105 } 106 87 107 //else if (subaction.equals("is-persistent")){ 88 108 // system.setAttribute(GSXML.TYPE_ATT, GSXML.SYSTEM_TYPE_ISPERSISTENT); -
main/trunk/greenstone3/src/java/org/greenstone/gsdl3/service/Authentication.java
r28281 r28958 128 128 protected static final String GET_USER_INFORMATION_SERVICE = "GetUserInformation"; 129 129 protected static final String CHANGE_USER_EDIT_MODE_SERVICE = "ChangeUserEditMode"; 130 protected static final String REMOTE_AUTHENTICATION_SERVICE = "RemoteAuthentication"; 130 131 131 132 protected static boolean _derbyWrapperDoneForcedShutdown = false; … … 181 182 changeEditMode_service.setAttribute(GSXML.NAME_ATT, CHANGE_USER_EDIT_MODE_SERVICE); 182 183 this.short_service_info.appendChild(changeEditMode_service); 184 185 Element remoteAuthentication_service = this.doc.createElement(GSXML.SERVICE_ELEM); 186 remoteAuthentication_service.setAttribute(GSXML.TYPE_ATT, GSXML.SERVICE_TYPE_PROCESS); 187 remoteAuthentication_service.setAttribute(GSXML.NAME_ATT, REMOTE_AUTHENTICATION_SERVICE); 188 this.short_service_info.appendChild(remoteAuthentication_service); 189 183 190 184 191 DerbyWrapper.createDatabaseIfNeeded(); … … 227 234 authen_service.setAttribute(GSXML.NAME_ATT, CHANGE_USER_EDIT_MODE_SERVICE); 228 235 } 236 else if (service_id.equals(REMOTE_AUTHENTICATION_SERVICE)) 237 { 238 authen_service.setAttribute(GSXML.TYPE_ATT, GSXML.SERVICE_TYPE_PROCESS); 239 authen_service.setAttribute(GSXML.NAME_ATT, REMOTE_AUTHENTICATION_SERVICE); 240 } 229 241 else 230 242 { … … 287 299 } 288 300 301 /** 302 * This method replaces the gliserver.pl code for authenticating a user against the derby database 303 * gliserver.pl needed to instantiate its own JVM to access the derby DB, but the GS3 already has 304 * the Derby DB open and 2 JVMs are not allowed concurrent access to an open embedded Derby DB. 305 * Gliserver.pl now goes through this method (via ServletRealmCheck.java), thereby using the same 306 * connection to the DerbyDB. This method reproduces the same behaviour as gliserver.pl used to, 307 * by returning the user_groups on successful authentication, else returns the specific 308 * "Authentication failed" messages that glisever.pl would produce. 309 * http://remote-host-name:8383/greenstone3/library?a=s&sa=authenticated-ping&excerptid=gs_content&un=admin&pw=<PW>&col=demo 310 */ 311 protected Element processRemoteAuthentication(Element request) { 312 //logger.info("*** Authentication::processRemoteAuthentication"); 313 314 String message = ""; 315 316 Element system = (Element) GSXML.getChildByTagName(request, GSXML.REQUEST_TYPE_SYSTEM); 317 String username = system.hasAttribute("username") ? system.getAttribute("username") : ""; 318 String password = system.hasAttribute("password") ? system.getAttribute("password") : ""; 319 320 321 // If we're not editing a collection then the user doesn't need to be in a particular group 322 String collection = system.hasAttribute("collection") ? system.getAttribute("collection") : ""; 323 324 325 if(username.equals("") || password.equals("")) { 326 message = "Authentication failed: no (username or) password specified."; 327 //logger.error("*** Remote login failed. No username or pwd provided"); 328 } 329 else { 330 String storedPassword = retrieveDataForUser(username, "password"); 331 if(storedPassword != null && (password.equals(storedPassword) || hashPassword(password).equals(storedPassword))) { 332 333 // gliserver.pl used to return the groups when authentication succeeded 334 String groups = retrieveDataForUser(username, "groups"); //comma-separated list 335 336 if(collection.equals("")) { 337 message = groups; 338 } else { 339 340 if(groups.indexOf("all-collections-editor") != -1) { // Does this user have access to all collections? 341 message = groups; 342 } else if(groups.indexOf("personal-collections-editor") != -1 && collection.startsWith(username+"-")) { // Does this user have access to personal collections, and is this one? 343 message = groups; 344 } else if(groups.indexOf(collection+"-collection-editor") != -1) { // Does this user have access to this collection? 345 message = groups; 346 } 347 else { 348 message = "Authentication failed: user is not in the required group."; 349 //logger.error("*** Remote login failed. Groups did not match for the collection specified"); 350 } 351 } 352 353 } else { 354 355 if(storedPassword == null) { 356 message = "Authentication failed: no account for user '" + username + "'"; 357 //logger.error("*** Remote login failed. User not found or password not set for user."); 358 } else { 359 message = "Authentication failed: incorrect password."; 360 //logger.error("*** Remote login failed. Password did not match for user"); 361 } 362 } 363 } 364 365 Element result = this.doc.createElement(GSXML.RESPONSE_ELEM); 366 result.setAttribute(GSXML.FROM_ATT, REMOTE_AUTHENTICATION_SERVICE); 367 result.setAttribute(GSXML.TYPE_ATT, GSXML.REQUEST_TYPE_PROCESS); 368 Element s = GSXML.createTextElement(this.doc, GSXML.STATUS_ELEM, message); 369 result.appendChild(s); 370 return result; 371 } 372 289 373 protected Element processGetUserInformation(Element request) 290 374 { -
main/trunk/greenstone3/src/java/org/greenstone/gsdl3/util/GSParams.java
r27719 r28958 32 32 public static final String OUTPUT = "o"; // if processing is to be done, what type of output - html/xml/other?? 33 33 public static final String SERVICE = "s"; // the name of the service 34 35 public static final String UN = "un"; // username for authenticated-ping 36 public static final String PW = "pw"; // pwd for authenticated-ping 34 37 35 38 public static final String CLUSTER = "c"; // these two are the same -
main/trunk/greenstone3/src/java/org/greenstone/gsdl3/util/GSXML.java
r28858 r28958 243 243 public static final String SYSTEM_TYPE_DEACTIVATE = "deactivate"; 244 244 public static final String SYSTEM_TYPE_PING = "ping"; 245 public static final String SYSTEM_TYPE_AUTHENTICATED_PING = "authenticated-ping"; 245 246 //public static final String SYSTEM_TYPE_ISPERSISTENT = "is-persistent"; 246 247 … … 287 288 public static final String BASE_URL = "baseURL"; 288 289 290 // only for authenticated-ping 291 public static final String PASSWORD_ATT = "password"; 292 289 293 //for classifiers 290 294 public static final String CHILD_TYPE_ATT = "childType";
Note:
See TracChangeset
for help on using the changeset viewer.