Changeset 28958 for main/trunk/greenstone3/src
- Timestamp:
- 2014-04-03T17:34:44+13:00 (10 years ago)
- Location:
- main/trunk/greenstone3/src/java/org/greenstone/gsdl3
- Files:
-
- 1 added
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
main/trunk/greenstone3/src/java/org/greenstone/gsdl3/action/SystemAction.java
r28382 r28958 50 50 to = coll; 51 51 } 52 else if(subaction.equals("authenticated-ping")) { 53 to = "RemoteAuthentication"; // not "Authentication/RemoteAuthentication": MessageRouter knows to map the RemoteAuthentication service to the Authentication module 54 } 52 55 53 56 Element mr_request_message = doc.createElement(GSXML.MESSAGE_ELEM); … … 85 88 system.setAttribute(GSXML.TYPE_ATT, GSXML.SYSTEM_TYPE_PING); 86 89 } 90 else if (subaction.equals("authenticated-ping")) { // can check whether a given username and password authenticates 91 92 String username = (String) params.get(GSParams.UN); 93 String password = (String) params.get(GSParams.PW); 94 95 96 system.setAttribute(GSXML.TYPE_ATT, GSXML.SYSTEM_TYPE_AUTHENTICATED_PING); 97 system.setAttribute(GSXML.USERNAME_ATT, username); 98 system.setAttribute(GSXML.PASSWORD_ATT, password); 99 100 if(params.containsKey("col")) {//params.containsKey(GSParams.COLLECTION)) { 101 String collection = (String) params.get("col");//(String) params.get(GSParams.COLLECTION); 102 system.setAttribute(GSXML.COLLECTION_ATT, collection); 103 } 104 105 } 106 87 107 //else if (subaction.equals("is-persistent")){ 88 108 // system.setAttribute(GSXML.TYPE_ATT, GSXML.SYSTEM_TYPE_ISPERSISTENT); -
main/trunk/greenstone3/src/java/org/greenstone/gsdl3/service/Authentication.java
r28281 r28958 128 128 protected static final String GET_USER_INFORMATION_SERVICE = "GetUserInformation"; 129 129 protected static final String CHANGE_USER_EDIT_MODE_SERVICE = "ChangeUserEditMode"; 130 protected static final String REMOTE_AUTHENTICATION_SERVICE = "RemoteAuthentication"; 130 131 131 132 protected static boolean _derbyWrapperDoneForcedShutdown = false; … … 181 182 changeEditMode_service.setAttribute(GSXML.NAME_ATT, CHANGE_USER_EDIT_MODE_SERVICE); 182 183 this.short_service_info.appendChild(changeEditMode_service); 184 185 Element remoteAuthentication_service = this.doc.createElement(GSXML.SERVICE_ELEM); 186 remoteAuthentication_service.setAttribute(GSXML.TYPE_ATT, GSXML.SERVICE_TYPE_PROCESS); 187 remoteAuthentication_service.setAttribute(GSXML.NAME_ATT, REMOTE_AUTHENTICATION_SERVICE); 188 this.short_service_info.appendChild(remoteAuthentication_service); 189 183 190 184 191 DerbyWrapper.createDatabaseIfNeeded(); … … 227 234 authen_service.setAttribute(GSXML.NAME_ATT, CHANGE_USER_EDIT_MODE_SERVICE); 228 235 } 236 else if (service_id.equals(REMOTE_AUTHENTICATION_SERVICE)) 237 { 238 authen_service.setAttribute(GSXML.TYPE_ATT, GSXML.SERVICE_TYPE_PROCESS); 239 authen_service.setAttribute(GSXML.NAME_ATT, REMOTE_AUTHENTICATION_SERVICE); 240 } 229 241 else 230 242 { … … 287 299 } 288 300 301 /** 302 * This method replaces the gliserver.pl code for authenticating a user against the derby database 303 * gliserver.pl needed to instantiate its own JVM to access the derby DB, but the GS3 already has 304 * the Derby DB open and 2 JVMs are not allowed concurrent access to an open embedded Derby DB. 305 * Gliserver.pl now goes through this method (via ServletRealmCheck.java), thereby using the same 306 * connection to the DerbyDB. This method reproduces the same behaviour as gliserver.pl used to, 307 * by returning the user_groups on successful authentication, else returns the specific 308 * "Authentication failed" messages that glisever.pl would produce. 309 * http://remote-host-name:8383/greenstone3/library?a=s&sa=authenticated-ping&excerptid=gs_content&un=admin&pw=<PW>&col=demo 310 */ 311 protected Element processRemoteAuthentication(Element request) { 312 //logger.info("*** Authentication::processRemoteAuthentication"); 313 314 String message = ""; 315 316 Element system = (Element) GSXML.getChildByTagName(request, GSXML.REQUEST_TYPE_SYSTEM); 317 String username = system.hasAttribute("username") ? system.getAttribute("username") : ""; 318 String password = system.hasAttribute("password") ? system.getAttribute("password") : ""; 319 320 321 // If we're not editing a collection then the user doesn't need to be in a particular group 322 String collection = system.hasAttribute("collection") ? system.getAttribute("collection") : ""; 323 324 325 if(username.equals("") || password.equals("")) { 326 message = "Authentication failed: no (username or) password specified."; 327 //logger.error("*** Remote login failed. No username or pwd provided"); 328 } 329 else { 330 String storedPassword = retrieveDataForUser(username, "password"); 331 if(storedPassword != null && (password.equals(storedPassword) || hashPassword(password).equals(storedPassword))) { 332 333 // gliserver.pl used to return the groups when authentication succeeded 334 String groups = retrieveDataForUser(username, "groups"); //comma-separated list 335 336 if(collection.equals("")) { 337 message = groups; 338 } else { 339 340 if(groups.indexOf("all-collections-editor") != -1) { // Does this user have access to all collections? 341 message = groups; 342 } else if(groups.indexOf("personal-collections-editor") != -1 && collection.startsWith(username+"-")) { // Does this user have access to personal collections, and is this one? 343 message = groups; 344 } else if(groups.indexOf(collection+"-collection-editor") != -1) { // Does this user have access to this collection? 345 message = groups; 346 } 347 else { 348 message = "Authentication failed: user is not in the required group."; 349 //logger.error("*** Remote login failed. Groups did not match for the collection specified"); 350 } 351 } 352 353 } else { 354 355 if(storedPassword == null) { 356 message = "Authentication failed: no account for user '" + username + "'"; 357 //logger.error("*** Remote login failed. User not found or password not set for user."); 358 } else { 359 message = "Authentication failed: incorrect password."; 360 //logger.error("*** Remote login failed. Password did not match for user"); 361 } 362 } 363 } 364 365 Element result = this.doc.createElement(GSXML.RESPONSE_ELEM); 366 result.setAttribute(GSXML.FROM_ATT, REMOTE_AUTHENTICATION_SERVICE); 367 result.setAttribute(GSXML.TYPE_ATT, GSXML.REQUEST_TYPE_PROCESS); 368 Element s = GSXML.createTextElement(this.doc, GSXML.STATUS_ELEM, message); 369 result.appendChild(s); 370 return result; 371 } 372 289 373 protected Element processGetUserInformation(Element request) 290 374 { -
main/trunk/greenstone3/src/java/org/greenstone/gsdl3/util/GSParams.java
r27719 r28958 32 32 public static final String OUTPUT = "o"; // if processing is to be done, what type of output - html/xml/other?? 33 33 public static final String SERVICE = "s"; // the name of the service 34 35 public static final String UN = "un"; // username for authenticated-ping 36 public static final String PW = "pw"; // pwd for authenticated-ping 34 37 35 38 public static final String CLUSTER = "c"; // these two are the same -
main/trunk/greenstone3/src/java/org/greenstone/gsdl3/util/GSXML.java
r28858 r28958 243 243 public static final String SYSTEM_TYPE_DEACTIVATE = "deactivate"; 244 244 public static final String SYSTEM_TYPE_PING = "ping"; 245 public static final String SYSTEM_TYPE_AUTHENTICATED_PING = "authenticated-ping"; 245 246 //public static final String SYSTEM_TYPE_ISPERSISTENT = "is-persistent"; 246 247 … … 287 288 public static final String BASE_URL = "baseURL"; 288 289 290 // only for authenticated-ping 291 public static final String PASSWORD_ATT = "password"; 292 289 293 //for classifiers 290 294 public static final String CHILD_TYPE_ATT = "childType";
Note:
See TracChangeset
for help on using the changeset viewer.