Changeset 33113 for main/trunk


Ignore:
Timestamp:
2019-05-27T22:12:33+12:00 (5 years ago)
Author:
ak19
Message:

Tentative fix to the first of 2 GS3 authentication related bugs identified by Diego Spano on the mailing list, email dated 23/05/(20)19 04:24. Bug 1: when there are multiple meta values for a metadata name, e.g. multiple assigned dc.Creator, authentication doesn't work if the documentSet's match field is set to dc.Creator (of any but the first author). Bug 2: document file access was not protected. Diego described this further as: Access to pdf is totally free, having URL to the file I have no need to provide any credentials. With the fix to the 1st bug in this commit, I was unable to reproduce the 2nd bug, so I'm not sure if the 2nd bug was a side-effect or related to the 1st bug and therefore got fixed by the same fix. I'll be asking Diego to test the nightly binary containing this fix, and if bug 2 still exists, to send me an example coll with the bug and instructions on reproducing it.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • main/trunk/greenstone3/src/java/org/greenstone/gsdl3/collection/Collection.java

    r32990 r33113  
    336336        else
    337337        {
    338             logger.warn("Default access for collection " + this.cluster_name + " is neither public or private, assuming public");
     338            logger.warn("Default access for collection " + this.cluster_name + " is neither public nor private, assuming public");
    339339        }
    340340
     
    371371        else
    372372        {
    373             logger.warn("Security scope is neither collection or document, assuming collection");
     373            logger.warn("Security scope is neither collection nor document, assuming collection");
    374374        }
    375375
     
    636636            }
    637637
    638             String fieldValue = "";
     638            //String fieldValue = "";
     639            String[] fieldValues = null;
    639640            if (!fieldName.equals("oid"))
    640641            {
    641                 fieldValue = getFieldValue(oid, fieldName);
    642                 if (fieldValue == null)
     642                //fieldValue = getFieldValue(oid, fieldName);
     643                fieldValues = getFieldValues(oid, fieldName);
     644                if (fieldValues == null)
    643645                {
    644646                    return false;
     
    647649            else
    648650            {
    649                 fieldValue = oid;
     651                //fieldValue = oid;
     652                //fieldValues = new String[0];
     653                //fieldValues[0] = oid;
     654                fieldValues = new String[]{oid}; // not allowed to do fieldValues = {oid}; after SEPARATE declaration.
    650655            }
    651656
     
    653658            if (type.equals("match"))
    654659            {
     660
     661                for(int i = 0; i < fieldValues.length; i++) {
     662                String fieldValue = fieldValues[i];
    655663                if (matchValue.equals(fieldValue))
    656664                {
    657665                    return true;
    658666                }
     667                }
    659668            }
    660669            else if (type.equals("regex"))
    661670            {
     671                for(int i = 0; i < fieldValues.length; i++) {
     672                String fieldValue = fieldValues[i];
    662673                if (fieldValue.matches(matchValue))
    663674                {
    664675                    return true;
    665676                }
     677                }
    666678            }
    667679            else
     
    674686    }
    675687
    676     protected String getFieldValue(String oid, String fieldName)
     688    protected String old_getFieldValue(String oid, String fieldName)
    677689    {
    678690      Document msg_doc = XMLConverter.newDOM();
     
    708720
    709721        return null;
     722    }
     723
     724    protected String[] getFieldValues(String oid, String fieldName)
     725    {
     726      Document msg_doc = XMLConverter.newDOM();
     727        Element metadataMessage = msg_doc.createElement(GSXML.MESSAGE_ELEM);
     728        Element metadataRequest = GSXML.createBasicRequest(msg_doc, GSXML.REQUEST_TYPE_PROCESS, this.cluster_name + "/DocumentMetadataRetrieve", new UserContext());
     729        metadataMessage.appendChild(metadataRequest);
     730
     731        Element paramList = msg_doc.createElement(GSXML.PARAM_ELEM + GSXML.LIST_MODIFIER);
     732        metadataRequest.appendChild(paramList);
     733
     734        Element param = msg_doc.createElement(GSXML.PARAM_ELEM);
     735        paramList.appendChild(param);
     736
     737        param.setAttribute(GSXML.NAME_ATT, "metadata");
     738        param.setAttribute(GSXML.VALUE_ATT, fieldName);
     739
     740        Element docList = msg_doc.createElement(GSXML.DOC_NODE_ELEM + GSXML.LIST_MODIFIER);
     741        metadataRequest.appendChild(docList);
     742
     743        Element doc = msg_doc.createElement(GSXML.DOC_NODE_ELEM);
     744        docList.appendChild(doc);
     745
     746        doc.setAttribute(GSXML.NODE_ID_ATT, oid);
     747
     748        Element response = (Element) this.router.process(metadataMessage);
     749        NodeList metadataElems = response.getElementsByTagName(GSXML.METADATA_ELEM);
     750
     751        if (metadataElems.getLength() <= 0) {
     752            return null;
     753        }
     754        // else
     755        String[] fieldValues = new String[metadataElems.getLength()];
     756        for(int i = 0; i < metadataElems.getLength(); i++)
     757        {
     758            Element metadata = (Element) metadataElems.item(i);
     759            fieldValues[i] = GSXML.getNodeText(metadata);
     760        }
     761
     762        return fieldValues;
     763
    710764    }
    711765
Note: See TracChangeset for help on using the changeset viewer.