litvinovg/vitro
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Improve output: distinguish between failed assertions (failures) and unexpected exceptions (errors), and print a filtered stack trace for any exception.

Browse source
This commit is contained in:
jeb228 2010-01-29 22:13:57 +00:00
commit 4f2e303079
1839 changed files with 235630 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

35
webapp/src/edu/cornell/mannlib/vedit/beans/BeanDependency.java Normal file
View file

@ -0,0 +1,35 @@
package edu.cornell.mannlib.vedit.beans;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
public class BeanDependency {
private Object bean;
private String nearKey;
private String farKey;
public Object getBean(){
return bean;
}
public void setBean(Object bean){
this.bean = bean;
}
public String getNearKey(){
return nearKey;
}
public void setNearKey (String nearKey){
this.nearKey = nearKey;
}
public String getFarKey(){
return farKey;
}
public void setFarKey(String farKey){
this.farKey = farKey;
}
}

62
webapp/src/edu/cornell/mannlib/vedit/beans/ButtonForm.java Normal file
View file

@ -0,0 +1,62 @@
package edu.cornell.mannlib.vedit.beans;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import java.util.HashMap;
public class ButtonForm {
private String action = "";
private String label = "no label specified";
private String cssClass = null;
private HashMap<String,String> params = null;
public ButtonForm() {
action = ""; // submits to same page
cssClass = null;
label = "no label specified";
params = null;
}
public ButtonForm(String actionStr, String classStr, String labelStr, HashMap<String,String> paramMap) {
action = actionStr;
cssClass = classStr; // can be null
label = labelStr;
params = paramMap;
}
public String getAction(){
return action;
}
public void setAction(String s){
action = s;
}
public String getLabel(){
return label;
}
public void setLabel(String s){
label = s;
}
public String getCssClass(){
if (cssClass==null){
return "";
}
return "class=\""+cssClass+"\"";
}
public void setCssClass(String s){
cssClass=s;
}
public HashMap<String,String> getParams(){
return params;
}
public void setParams(HashMap<String,String> p){
params = p;
}
public void addParam(String key, String value){
if (params==null){
params = new HashMap<String,String>();
}
params.put(key, value);
}
}

44
webapp/src/edu/cornell/mannlib/vedit/beans/Checkbox.java Normal file
View file

@ -0,0 +1,44 @@
package edu.cornell.mannlib.vedit.beans;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
public class Checkbox {
private String name = null;
private String value = null;
private String body = null;
private boolean checked = false;
public String getName(){
return name;
}
private void setName(String name){
this.name = name;
}
public String getValue() {
return value;
}
public void setValue(String value) {
this.value = value;
}
public String getBody() {
return body;
}
public void setBody(String body) {
this.body = body;
}
public boolean getChecked (){
return checked;
}
public void setChecked (boolean checked){
this.checked = checked;
}
}

98
webapp/src/edu/cornell/mannlib/vedit/beans/DynamicField.java Normal file
View file

@ -0,0 +1,98 @@
package edu.cornell.mannlib.vedit.beans;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import java.util.List;
import java.util.ArrayList;
import java.util.HashMap;
public class DynamicField {
private String name = null;
private String table = null;
private int maxCardinality = 1;
private int minCardinality = -1;
private int visible = -1;
private List<DynamicFieldRow> rowList = null;
private DynamicFieldRow rowTemplate = null;
private HashMap metadata = new HashMap();
private Boolean deleteable = true;
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public String getTable() {
return table;
}
public void setTable(String table) {
this.table = table;
}
public int getMaxCardinality() {
return maxCardinality;
}
public void setMaxCardinality (int maxCardinality) {
this.maxCardinality = maxCardinality;
}
public int getMinCardinality () {
return minCardinality;
}
public void setMinCardinality(int minCardinality) {
this.minCardinality = minCardinality;
}
public int getVisible() {
return visible;
}
public void setVisible(int visible) {
this.visible = visible;
}
public boolean getDeleteable() {
return deleteable;
}
public void setDeleteable(boolean deleteable) {
this.deleteable = deleteable;
}
public HashMap getMetadata() {
return metadata;
}
public void setMetadata(HashMap metadata) {
this.metadata = metadata;
}
public List<DynamicFieldRow> getRowList() {
return rowList;
}
public void setRowList (List<DynamicFieldRow> rowList) {
this.rowList = rowList;
}
public DynamicFieldRow getRowTemplate() {
return rowTemplate;
}
public void setRowTemplate(DynamicFieldRow dfr) {
rowTemplate = dfr;
}
}

37
webapp/src/edu/cornell/mannlib/vedit/beans/DynamicFieldRow.java Normal file
View file

@ -0,0 +1,37 @@
package edu.cornell.mannlib.vedit.beans;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import java.util.Map;
public class DynamicFieldRow {
private int id = -1;
private String value = null;
private Map parameterMap = null;
public int getId() {
return id;
}
public void setId(int id) {
this.id = id;
}
public String getValue() {
return value;
}
public void setValue(String value) {
this.value = value;
}
public Map getParameterMap() {
return parameterMap;
}
public void setParameterMap(Map parameterMap) {
this.parameterMap = parameterMap;
}
}

350
webapp/src/edu/cornell/mannlib/vedit/beans/EditProcessObject.java Normal file
View file

@ -0,0 +1,350 @@
package edu.cornell.mannlib.vedit.beans;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import java.util.List;
import java.util.LinkedList;
import java.util.HashMap;
import java.util.Map;
import java.util.Stack;
import javax.servlet.http.HttpSession;
import edu.cornell.mannlib.vedit.forwarder.PageForwarder;
import edu.cornell.mannlib.vedit.beans.BeanDependency;
import edu.cornell.mannlib.vedit.beans.FormObject;
import java.lang.reflect.Method;
import java.io.Serializable;
public class EditProcessObject implements Serializable {
private String key = null;
private Class beanClass = null;
private Class implementationClass = null;
private boolean useRecycledBean = false;
private Object beanMask = null;
private List simpleMask = new LinkedList();
private HashMap validatorMap = new HashMap();
private HashMap errMsgMap = new HashMap();
private HashMap defaultValueMap = new HashMap();
private List preProcessorList = new LinkedList();
private List changeListenerList = new LinkedList();
private Object originalBean = null;
private Object newBean = null;
private String idFieldName = null;
private Class idFieldClass = null;
private FormObject formObject = null;
private Object dataAccessObject = null;
private HashMap additionalDaoMap = new HashMap();
private Method insertMethod = null;
private Method updateMethod = null;
private Method deleteMethod = null;
private PageForwarder postInsertPageForwarder = null;
private PageForwarder postUpdatePageForwarder = null;
private PageForwarder postDeletePageForwarder = null;
private HttpSession session = null;
private String referer = null;
private String action = null;
private Map requestParameterMap = null;
private HashMap badValueMap = new HashMap();
private HashMap<String,Object> attributeMap = new HashMap<String,Object>();
/***** experimental ******/
private Stack epoStack = new Stack();
private HashMap beanDependencies = new HashMap();
private Method getMethod = null;
//assumed to take an integer primary key argument, at least for now
public String getKey(){
return key;
}
public void setKey(String key){
this.key = key;
}
public Class getBeanClass(){
return beanClass;
}
public void setBeanClass(Class beanClass){
this.beanClass = beanClass;
}
public Class getImplementationClass(){
return implementationClass;
}
public void setImplementationClass(Class implementationClass){
this.implementationClass = implementationClass;
}
public Object getBeanMask() {
return beanMask;
}
public void setBeanMask(Object beanMask) {
this.beanMask = beanMask;
}
public List getSimpleMask(){
return simpleMask;
}
public void setSimpleMask(List simpleMask){
this.simpleMask = simpleMask;
}
public List getChangeListenerList() {
return changeListenerList;
}
public void setChangeListenerList(List changeListenerList) {
this.changeListenerList = changeListenerList;
}
public List getPreProcessorList() {
return preProcessorList;
}
public void setPreProcessorList(List preProcessorList) {
this.preProcessorList = preProcessorList;
}
public Object getOriginalBean(){
return originalBean;
}
public void setOriginalBean(Object originalBean){
this.originalBean = originalBean;
}
public Object getNewBean(){
return newBean;
}
public void setNewBean(Object newBean){
this.newBean = newBean;
}
public String getIdFieldName() {
return idFieldName;
}
public void setIdFieldName(String ifn) {
this.idFieldName = ifn;
}
public Class getIdFieldClass() {
return idFieldClass;
}
public void setIdFieldClass(Class cls) {
this.idFieldClass = cls;
}
public FormObject getFormObject() {
return formObject;
}
public void setFormObject(FormObject foo){
formObject=foo;
}
public HttpSession getSession(){
return session;
}
public boolean getUseRecycledBean(){
return useRecycledBean;
}
public void setUseRecycledBean(boolean useRecycledBean){
this.useRecycledBean = useRecycledBean;
}
public void setSession(HttpSession session){
this.session = session;
}
public String getReferer(){
return referer;
}
public void setReferer(String referer){
this.referer = referer;
}
public String getAction() {
return action;
}
public void setAction(String action) {
this.action = action;
}
public Map getRequestParameterMap() {
return requestParameterMap;
}
public void setRequestParameterMap (Map rpmap) {
requestParameterMap = rpmap;
}
public PageForwarder getPostInsertPageForwarder(){
return postInsertPageForwarder;
}
public void setPostInsertPageForwarder(PageForwarder pipf){
postInsertPageForwarder = pipf;
}
public PageForwarder getPostUpdatePageForwarder(){
return postUpdatePageForwarder;
}
public void setPostUpdatePageForwarder(PageForwarder pupf){
postUpdatePageForwarder = pupf;
}
public PageForwarder getPostDeletePageForwarder(){
return postDeletePageForwarder;
}
public void setPostDeletePageForwarder(PageForwarder pdpf){
postDeletePageForwarder = pdpf;
}
public Object getDataAccessObject() {
return dataAccessObject;
}
public void setDataAccessObject(Object dao) {
dataAccessObject = dao;
}
public HashMap getAdditionalDaoMap() {
return additionalDaoMap;
}
public void setAdditionalDaoMap(HashMap adm) {
additionalDaoMap = adm;
}
public Method getInsertMethod(){
return insertMethod;
}
public void setInsertMethod(Method insertMethod){
this.insertMethod = insertMethod;
}
public Method getUpdateMethod(){
return updateMethod;
}
public void setUpdateMethod(Method updateMethod){
this.updateMethod = updateMethod;
}
public Method getDeleteMethod(){
return deleteMethod;
}
public void setDeleteMethod(Method deleteMethod){
this.deleteMethod = deleteMethod;
}
public Method getGetMethod(){
return getMethod;
}
public void setGetMethod(Method getMethod){
this.getMethod = getMethod;
}
public HashMap getDefaultValueMap() {
return defaultValueMap;
}
public void setDefaultValueMap(HashMap dvh) {
this.defaultValueMap = dvh;
}
public HashMap getValidatorMap(){
return validatorMap;
}
public void setValidatorMap(HashMap validatorMap){
this.validatorMap = validatorMap;
}
public HashMap getErrMsgMap() {
return errMsgMap;
}
public void setErrMsgMap(HashMap emh){
errMsgMap = emh;
}
public HashMap getBadValueMap() {
return badValueMap;
}
public void setBadValueMap(HashMap bvh){
badValueMap = bvh;
}
public Map getAttributeMap() {
return this.attributeMap;
}
public Object getAttribute(String key) {
return this.attributeMap.get(key);
}
public void setAttribute(String key, Object value) {
this.attributeMap.put(key, value);
}
public Stack getEpoStack(){
return epoStack;
}
public HashMap /*to BeanDependency*/ getBeanDependencies(){
return beanDependencies;
}
public void setBeanDependencies(HashMap beanDependencies){
this.beanDependencies = beanDependencies;
}
public BeanDependency getBeanDependency(String name){
return (BeanDependency) beanDependencies.get(name);
}
public Object getDependentBean(String name){
return ((BeanDependency)beanDependencies.get(name)).getBean();
}
/******* probably will need to change this *******/
public void setEpoStack(Stack epoStack){
this.epoStack = epoStack;
}
}

54
webapp/src/edu/cornell/mannlib/vedit/beans/FieldHelp.java Normal file
View file

@ -0,0 +1,54 @@
package edu.cornell.mannlib.vedit.beans;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
public class FieldHelp {
private String description = null;
private String descriptionUri = null;
private String examples = null;
private String examplesUri = null;
private String helpUri = null;
public String getDescription() {
return description;
}
public void setDescription(String description) {
this.description = description;
}
public String getDescriptionUri() {
return descriptionUri;
}
public void setDescriptionUri(String descriptionUri) {
this.descriptionUri = descriptionUri;
}
public String getExamples() {
return examples;
}
public void setExamples(String examples) {
this.examples = examples;
}
public String getExamplesUri() {
return examplesUri;
}
public void setExamplesUri(String examplesUri) {
this.examplesUri = examplesUri;
}
public String getHelpUri() {
return helpUri;
}
public void setHelpUri(String helpUri) {
this.helpUri = helpUri;
}
}

62
webapp/src/edu/cornell/mannlib/vedit/beans/FormObject.java Normal file
View file

@ -0,0 +1,62 @@
package edu.cornell.mannlib.vedit.beans;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import java.io.Serializable;
import java.util.HashMap;
import java.util.List;
import edu.cornell.mannlib.vedit.beans.Option;
public class FormObject implements Serializable {
private HashMap values = new HashMap();
private HashMap optionLists = new HashMap();
private HashMap checkboxLists = new HashMap();
private HashMap errorMap = new HashMap();
private List dynamicFields = null;
public HashMap getValues(){
return values;
}
public void setValues(HashMap values){
this.values = values;
}
public String valueByName(String name){
return (String) values.get(name);
}
public HashMap getOptionLists() {
return optionLists;
}
public void setOptionLists(HashMap optionLists) {
this.optionLists = optionLists;
}
public List optionListByName(String key){
return (List) optionLists.get(key);
}
public HashMap getCheckboxLists(){
return checkboxLists;
}
public HashMap getErrorMap(){
return errorMap;
}
public void setErrorMap(HashMap errorMap){
this.errorMap = errorMap;
}
public List getDynamicFields() {
return dynamicFields;
}
public void setDynamicFields(List dynamicFields){
this.dynamicFields = dynamicFields;
}
}

214
webapp/src/edu/cornell/mannlib/vedit/beans/LoginFormBean.java Normal file
View file

@ -0,0 +1,214 @@
package edu.cornell.mannlib.vedit.beans;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import javax.servlet.*;
import javax.servlet.http.*;
import java.util.*;
/**
*
* @author jc55
*
*/
public class LoginFormBean {
public static final int ANYBODY=0;
public int getAnybody(){ return ANYBODY; }
public static final int NON_EDITOR = 1;
public int getNonEditor(){ return NON_EDITOR; }
public static final int EDITOR =4;
public int getEditor(){return EDITOR;}
public static final int CURATOR=5;
public int getCurator(){return CURATOR;}
public static final int DBA =50;
public int getDba(){return DBA;}
public boolean getBla(){ return true; }
private String userURI;
private String sessionId;
private String loginBrowser;
private String loginRemoteAddr;
private String loginName;
private String loginPassword;
private String loginStatus;
private int loginUserId;
private String loginRole;
private String duplicatePassword;
private String emailAddress;
private Hashtable errors;
public boolean validateLoginForm() {
boolean allOk=true;
if ( loginName.equals("")) {
errors.put( "loginName","Please enter your Vivo user name" );
loginName = "";
allOk = false;
}
if ( loginPassword.equals("")) {
errors.put( "loginPassword","Please enter your Vivo password" );
loginPassword="";
allOk=false;
}
return allOk;
}
public LoginFormBean() {
sessionId = "";
loginBrowser = "";
loginRemoteAddr = "";
loginName = "";
loginPassword = "";
loginStatus = "none";
loginUserId = 0;
loginRole = "1";
duplicatePassword = "";
emailAddress = "";
errors = new Hashtable();
}
public String toString(){
String name = "-not-logged-in-";
if( getLoginName() != null && !"".equals(getLoginName()) )
name = getLoginName();
return this.getClass().getName()
+" loginName: " + name
+" loginStatus: "+ getLoginStatus()
+" loginRole: "+ getLoginRole();
}
/**
Tests a HttpSession to see if logged in and authenticated.
@returns loginRole if seems to be authenticated, -1 otherwise
*/
public int testSessionLevel( HttpServletRequest request ){
//TODO: security code added by bdc34, should be checked by jc55
HttpSession currentSession = request.getSession();
int returnRole = -1;
if ( getLoginStatus().equals("authenticated") &&
currentSession.getId().equals( getSessionId() ) &&
request.getRemoteAddr().equals( getLoginRemoteAddr() ) ) {
try{
returnRole = Integer.parseInt( getLoginRole() );
}catch(Throwable thr){ }
}
return returnRole;
}
public static boolean loggedIn(HttpServletRequest request, int minLevel) {
if( request == null ) return false;
HttpSession sess = request.getSession(false);
if( sess == null ) return false;
Object obj = sess.getAttribute("loginHandler");
if( obj == null || ! (obj instanceof LoginFormBean))
return false;
LoginFormBean lfb = (LoginFormBean)obj;
return ( "authenticated".equals(lfb.loginStatus ) &&
Integer.parseInt(lfb.loginRole ) >= minLevel) ;
}
/********************** GET METHODS *********************/
public String getUserURI() {
return userURI;
}
public String getSessionId() {
return sessionId;
}
public String getLoginBrowser() {
return loginBrowser;
}
public String getLoginRemoteAddr() {
return loginRemoteAddr;
}
public String getLoginName() {
return loginName;
}
public String getLoginPassword() {
return loginPassword;
}
public String getLoginStatus() {
return loginStatus;
}
public int getLoginUserId() {
return loginUserId;
}
public String getLoginRole() {
return loginRole;
}
public String getDuplicatePassword() {
return duplicatePassword;
}
public String getEmailAddress() {
return emailAddress;
}
public String getErrorMsg( String s ) {
String errorMsg =(String) errors.get( s.trim() );
return ( errorMsg == null ) ? "" : errorMsg;
}
/********************** SET METHODS *********************/
public void setUserURI( String uri ) {
this.userURI = uri;
}
public void setSessionId( String id ) {
sessionId = id;
}
public void setLoginBrowser( String b ) {
loginBrowser = b;
}
public void setLoginRemoteAddr( String ra ) {
loginRemoteAddr = ra;
}
public void setLoginName( String ln ) {
loginName = ln;
}
public void setLoginPassword( String lp ) {
loginPassword = lp;
}
public void setLoginStatus( String ls ) {
loginStatus = ls;
}
public void setLoginUserId(int int_val) {
loginUserId=int_val;
}
public void setLoginRole( String lr ) {
loginRole = lr;
}
public void setDuplicatePassword( String dp ) {
duplicatePassword = dp;
}
public void setEmailAddress( String ea ) {
emailAddress = ea;
}
public void setErrorMsg( String key, String msg ) {
errors.put( key,msg );
}
}

59
webapp/src/edu/cornell/mannlib/vedit/beans/Option.java Normal file
View file

@ -0,0 +1,59 @@
package edu.cornell.mannlib.vedit.beans;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import java.io.Serializable;
public class Option implements Serializable {
private String value = null;
private String body = null;
private boolean selected = false;
public String getValue() {
return value;
}
public void setValue(String value) {
this.value = value;
}
public String getBody() {
return body;
}
public void setBody(String body) {
this.body = body;
}
public boolean getSelected (){
return selected;
}
public void setSelected (boolean selected){
this.selected = selected;
}
//default constructor
public Option() {
}
public Option (String value, String body, boolean selected) {
this.value = value;
this.body = body;
this.selected = selected;
}
// construct an Option with body and value
public Option(String value, String body) {
this(value, body, false);
}
// construct an Option with equal body and value
public Option (String name){
this(name, name, false);
}
}

195
webapp/src/edu/cornell/mannlib/vedit/beans/UserSession.java Normal file
View file

@ -0,0 +1,195 @@
package edu.cornell.mannlib.vedit.beans;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
/**
* User Session information
* @author John Fereira
* @since 29.06.2004
*/
public class UserSession {
private int currentEntityId;
private int currentPortalId;
private int currentTabId;
private String lastSearchURL;
private boolean isPatronAuthenticated;
private boolean isAdminAuthenticated;
private String referer;
private String lastSearchTerm;
private String flag1Pref;
public void setFlag1Pref(String s) { flag1Pref=s; }
public String getFlag1Pref() { return flag1Pref; }
private String flag2Pref;
public void setFlag2Pref(String s) { flag2Pref=s; }
public String getFlag2Pref() { return flag2Pref; }
private String flag3Pref;
public void setFlag3Pref(String s) { flag3Pref=s; }
public String getFlag3Pref() { return flag3Pref; }
//search wrapper was part of the mysql full text search, no longer in use.
// private SearchWrapper searchWrapper;
// public void setSearchWrapper(SearchWrapper sw) { searchWrapper=sw; }
// public SearchWrapper getSearchWrapper() { return searchWrapper; }
// public void disposeOf(SearchWrapper sw) {
// if (sw!=null){
// sw.dispose();
// }
// this.searchWrapper=null;
// }
/** constructor */
public UserSession() {
this.isPatronAuthenticated = false;
this.isAdminAuthenticated = false;
}
/**
* set current entity id
* @param currentEntityId : unique id
*/
public void setCurrentEntityId(int currentEntityId) {
this.currentEntityId = currentEntityId;
}
/**
* get Current entity Id
* @return : the entity Id
*/
public int getCurrentEntityId() {
return currentEntityId;
}
/**
* set current portal id
* @param currentPortalId : unique id
*/
public void setCurrentPortalId(int currentPortalId) {
this.currentPortalId = currentPortalId;
}
/**
* get Current portal Id
* @return : the portal Id
*/
public int getCurrentPortalId() {
return currentPortalId;
}
/**
* set current tab id
* @param currentTabId : unique id
*/
public void setCurrentTabId(int currentTabId) {
this.currentTabId = currentTabId;
}
/**
* get current tab id
* @return : the tab Id
*/
public int getCurrentTabId() {
return currentTabId;
}
/**
* set last SearchURL in session
* @param lastSearchURL : a url string
*/
public void setLastSearchURL(String lastSearchURL) {
this.lastSearchURL = lastSearchURL;
}
/**
* get last Search URL
* @return : last search url string
*/
public String getLastSearchURL() {
return lastSearchURL;
}
/**
* Set boolen flag to indicated if patron has authenticated
* @param isPatronAuthenticated : true or false
*/
public void setIsPatronAuthenticated(boolean isPatronAuthenticated) {
this.isPatronAuthenticated = isPatronAuthenticated;
}
/**
* get boolean flag indicating whethor or not patron has authenticated
* @return : true or false
*/
public boolean getIsPatronAuthenticated() {
return isPatronAuthenticated;
}
/**
* set boolean flag indicating whether or not an Administrator has
* authenticated
* @param isAdminAuthenticated : true or false
*/
public void setIsAdminAuthenticated(boolean isAdminAuthenticated) {
this.isAdminAuthenticated = isAdminAuthenticated;
}
/**
* get boolean flag indicating whether or not an Administrator has
* authenticated
* @return : true or false
*/
public boolean getIsAdminAuthenticated() {
return isAdminAuthenticated;
}
/**
* set referer url in session
* @param referer : a referer url string
*/
public void setReferer(String referer) {
this.referer = referer;
}
/**
* get referer url in session
* @return : a referer url string
*/
public String getReferer() {
return referer;
}
/**
* set lastSearchTerm in session
* @param lastSearchTerm : a lastSearchTerm string
*/
public void setLastSearchTerm(String lastSearchTerm) {
this.lastSearchTerm = lastSearchTerm;
}
/**
* get lastSearchTerm in session
* @return : a lastSearchTerm string
*/
public String getLastSearchTerm() {
return lastSearchTerm;
}
/**
* @param isAdminAuthenticated The isAdminAuthenticated to set.
*/
public void setAdminAuthenticated(boolean isAdminAuthenticated) {
this.isAdminAuthenticated = isAdminAuthenticated;
}
/**
* @param isPatronAuthenticated The isPatronAuthenticated to set.
*/
public void setPatronAuthenticated(boolean isPatronAuthenticated) {
this.isPatronAuthenticated = isPatronAuthenticated;
}
}

218
webapp/src/edu/cornell/mannlib/vedit/controller/BaseEditController.java Normal file
View file

@ -0,0 +1,218 @@
package edu.cornell.mannlib.vedit.controller;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import java.io.IOException;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.Calendar;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.Map;
import java.util.Random;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import com.hp.hpl.jena.ontology.OntModel;
import edu.cornell.mannlib.vedit.beans.EditProcessObject;
import edu.cornell.mannlib.vedit.beans.LoginFormBean;
import edu.cornell.mannlib.vedit.util.FormUtils;
import edu.cornell.mannlib.vitro.webapp.beans.Portal;
import edu.cornell.mannlib.vitro.webapp.controller.VitroHttpServlet;
import edu.cornell.mannlib.vitro.webapp.controller.Controllers;
import edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory;
public class BaseEditController extends VitroHttpServlet {
public static final boolean FORCE_NEW = true; // when you know you're starting a new edit process
public static final String JSP_PREFIX = "/templates/edit/specific/";
protected static DateFormat DISPLAY_DATE_FORMAT = new SimpleDateFormat("MM/dd/yyyy");
private static final Log log = LogFactory.getLog(BaseEditController.class.getName());
private static final String DEFAULT_LANDING_PAGE = Controllers.SITE_ADMIN;
protected static final String MULTIPLEXED_PARAMETER_NAME = "multiplexedParam";
private final String EPO_HASH_ATTR = "epoHash";
private final String EPO_KEYLIST_ATTR = "epoKeylist";
private final int MAX_EPOS = 5;
private final Calendar cal = Calendar.getInstance();
private final Random rand = new Random(cal.getTimeInMillis());
/* EPO is reused if the controller is passed an epoKey, e.g.
if a previous form submission failed validation, or the edit is a multistage process. */
protected EditProcessObject createEpo(HttpServletRequest request) {
return createEpo(request, false);
}
protected EditProcessObject createEpo(HttpServletRequest request, boolean forceNew) {
/* this is actually a bit of a misnomer, because we will reuse an epo
if an epoKey parameter is passed */
EditProcessObject epo = null;
HashMap epoHash = getEpoHash(request);
String existingEpoKey = request.getParameter("_epoKey");
if (!forceNew && existingEpoKey != null && epoHash.get(existingEpoKey) != null) {
epo = (EditProcessObject) epoHash.get(existingEpoKey);
epo.setKey(existingEpoKey);
epo.setUseRecycledBean(true);
} else {
LinkedList epoKeylist = getEpoKeylist(request);
if (epoHash.size() == MAX_EPOS) {
try {
epoHash.remove(epoKeylist.getFirst());
epoKeylist.removeFirst();
} catch (Exception e) {
// see JIRA issue VITRO-340, "Odd exception from backend editing"
// possible rare concurrency issue here
log.error("Error removing old EPO", e);
}
}
Random rand = new Random();
String epoKey = createEpoKey();
while (epoHash.get(epoKey) != null) {
epoKey+=Integer.toHexString(rand.nextInt());
}
epo = new EditProcessObject();
epoHash.put (epoKey,epo);
epoKeylist.add(epoKey);
epo.setKey(epoKey);
epo.setReferer( (forceNew) ? request.getRequestURL().append('?').append(request.getQueryString()).toString() : request.getHeader("Referer") );
epo.setSession(request.getSession());
}
return epo;
}
private LinkedList getEpoKeylist(HttpServletRequest request){
return (LinkedList) request.getSession().getAttribute(EPO_KEYLIST_ATTR);
}
private HashMap getEpoHash(HttpServletRequest request){
HashMap epoHash = (HashMap) request.getSession().getAttribute(EPO_HASH_ATTR);
if (epoHash == null) {
epoHash = new HashMap();
request.getSession().setAttribute(EPO_HASH_ATTR,epoHash);
//since we're making a new EPO hash, we should also make a new keylist.
LinkedList epoKeylist = new LinkedList();
request.getSession().setAttribute(EPO_KEYLIST_ATTR,epoKeylist);
}
return epoHash;
}
private String createEpoKey(){
return Long.toHexString(cal.getTimeInMillis());
}
protected boolean checkLoginStatus(HttpServletRequest request, HttpServletResponse response){
return checkLoginStatus(request, response, null);
}
protected boolean checkLoginStatus(HttpServletRequest request, HttpServletResponse response, String postLoginRedirectURI){
LoginFormBean loginBean = (LoginFormBean) request.getSession().getAttribute("loginHandler");
String loginPage = request.getContextPath() + Controllers.LOGIN;
if (loginBean == null){
try{
if (postLoginRedirectURI == null)
request.getSession().setAttribute("postLoginRequest",request.getRequestURI()+"?"+request.getQueryString());
else
request.getSession().setAttribute("postLoginRequest",postLoginRedirectURI+"?"+request.getQueryString());
response.sendRedirect(loginPage);
return false;
} catch (IOException ioe) {
log.error("checkLoginStatus() could not redirect to login page");
return false;
}
} else {
if (!loginBean.getLoginStatus().equals("authenticated")) {
try{
response.sendRedirect(loginPage);
return false;
} catch (IOException ioe) {
log.error("checkLoginStatus() could not redirect to login page");
return false;
}
}
}
return true;
}
protected void setRequestAttributes(HttpServletRequest request, EditProcessObject epo){
Portal portal = (Portal)request.getAttribute("portalBean");
request.setAttribute("epoKey",epo.getKey());
request.setAttribute("epo",epo);
request.setAttribute("globalErrorMsg",epo.getAttribute("globalErrorMsg"));
request.setAttribute("portalBean",portal);
request.setAttribute("css", "<link rel=\"stylesheet\" type=\"text/css\" href=\""+portal.getThemeDir()+"css/edit.css\"/>");
}
protected void populateBeanFromParams(Object bean, HttpServletRequest request) {
Map params = request.getParameterMap();
Enumeration paramNames = request.getParameterNames();
while (paramNames.hasMoreElements()){
String key = "";
try {
key = (String) paramNames.nextElement();
} catch (ClassCastException cce) {
log.error("populateBeanFromParams() could not cast parameter name to String");
}
String value = "";
if (key.equals(MULTIPLEXED_PARAMETER_NAME)) {
String multiplexedStr = request.getParameterValues(key)[0];
Map paramMap = FormUtils.beanParamMapFromString(multiplexedStr);
Iterator paramIt = paramMap.keySet().iterator();
while (paramIt.hasNext()) {
String param = (String) paramIt.next();
String demultiplexedValue = (String) paramMap.get(param);
FormUtils.beanSet(bean, param, demultiplexedValue);
}
} else {
try {
value = (String) request.getParameterValues(key)[0];
} catch (ClassCastException cce) {
try {
value = ((Integer) params.get(key)).toString();
} catch (ClassCastException ccf) {
log.error("populateBeanFromParams() could not cast parameter name to String");
}
}
FormUtils.beanSet(bean, key, value);
}
}
}
protected String MODEL_ATTR_NAME = "jenaOntModel";
protected OntModel getOntModel( HttpServletRequest request, ServletContext ctx ) {
OntModel ontModel = null;
try {
ontModel = (OntModel) request.getSession().getAttribute(MODEL_ATTR_NAME);
} catch (Exception e) {}
if ( ontModel == null ) {
try {
ontModel = (OntModel) ctx.getAttribute(MODEL_ATTR_NAME);
} catch (Exception e) {
throw new RuntimeException("Could not find OntModel in context attribute '"+MODEL_ATTR_NAME+"'");
}
}
return ontModel;
}
public String getDefaultLandingPage(HttpServletRequest request) {
return(request.getContextPath() + DEFAULT_LANDING_PAGE);
}
}

78
webapp/src/edu/cornell/mannlib/vedit/controller/EditFrontController.java Normal file
View file

@ -0,0 +1,78 @@
package edu.cornell.mannlib.vedit.controller;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import edu.cornell.mannlib.vitro.webapp.controller.VitroHttpServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.ServletException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import java.lang.reflect.Method;
import java.lang.reflect.InvocationTargetException;
import java.io.IOException;
/**
* This controller exists only so we can request different edit form controllers without having to have entries in web.xml for each.
* @author bjl23
*
*/
public class EditFrontController extends VitroHttpServlet {
private static final Log log = LogFactory.getLog(EditFrontController.class.getName());
private static final String CONTROLLER_PKG = "edu.cornell.mannlib.vitro.webapp.controller.edit";
public void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
try {
String controllerName = request.getParameter("controller")+"RetryController";
if (controllerName==null || controllerName.length()==0) {
log.error("doPost() found no controller parameter");
}
Class controller = null;
Object controllerInstance = null;
try {
controller = Class.forName(CONTROLLER_PKG+"."+controllerName);
try {
controllerInstance = controller.getConstructor((Class[]) null).newInstance((Object[]) null);
((HttpServlet)controllerInstance).init(getServletConfig());
} catch (Exception e) {
log.error("doPost() could not instantiate specific controller "+controllerName);
}
} catch (ClassNotFoundException e){
log.error("doPost() could not find controller "+CONTROLLER_PKG+"."+controllerName);
}
Class[] args = new Class[2];
args[0] = HttpServletRequest.class;
args[1] = HttpServletResponse.class;
try {
Method meth = controller.getDeclaredMethod("doGet",args);
Object[] methArgs = new Object[2];
methArgs[0] = request;
methArgs[1] = response;
try {
meth.invoke(controllerInstance,methArgs);
} catch (IllegalAccessException e) {
log.error("doPost() encountered IllegalAccessException on invoking "+controllerName);
} catch (InvocationTargetException e) {
log.error("doPost() encountered InvocationTargetException on invoking "+controllerName);
log.debug(e.getTargetException().getMessage());
e.printStackTrace();
}
} catch (NoSuchMethodException e){
log.error("could not find doPost() method in "+controllerName);
}
} catch (Exception e) {
e.printStackTrace();
}
}
public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
doPost(request,response);
}
}

499
webapp/src/edu/cornell/mannlib/vedit/controller/OperationController.java Normal file
View file

@ -0,0 +1,499 @@
package edu.cornell.mannlib.vedit.controller;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import edu.cornell.mannlib.vedit.beans.EditProcessObject;
import edu.cornell.mannlib.vedit.forwarder.PageForwarder;
import edu.cornell.mannlib.vedit.listener.ChangeListener;
import edu.cornell.mannlib.vedit.listener.EditPreProcessor;
import edu.cornell.mannlib.vedit.util.FormUtils;
import edu.cornell.mannlib.vedit.util.OperationUtils;
import edu.cornell.mannlib.vedit.validator.ValidationObject;
import edu.cornell.mannlib.vedit.validator.Validator;
public class OperationController extends BaseEditController {
private static final Log log = LogFactory.getLog(OperationController.class.getName());
public void doPost (HttpServletRequest request, HttpServletResponse response) {
String defaultLandingPage = getDefaultLandingPage(request);
// get the Edit Process Object which will tell us wh
HashMap epoHash = null;
EditProcessObject epo = null;
try {
epoHash = (HashMap) request.getSession().getAttribute("epoHash");
epo = (EditProcessObject) epoHash.get(request.getParameter("_epoKey"));
} catch (NullPointerException e) {
//session or edit process expired
try {
response.sendRedirect(defaultLandingPage);
} catch (IOException ioe) {
log.error(this.getClass().getName() + " IOError on redirect: ", ioe);
}
return;
}
if (epo == null) {
try {
response.sendRedirect(defaultLandingPage);
} catch (IOException ioe) {
log.error(this.getClass().getName() + " IOError on redirect: ", ioe);
}
return;
}
// if we're canceling, we don't need to do anything
if (request.getParameter("_cancel") != null){
String referer = epo.getReferer();
if (referer == null) {
try {
response.sendRedirect(defaultLandingPage);
} catch (IOException ioe) {
log.error(this.getClass().getName() + " IOError on redirect: ", ioe);
}
return;
}
else {
try {
response.sendRedirect(referer);
} catch (IOException ioe) {
log.error(this.getClass().getName() + " IOError on redirect: ", ioe);
}
return;
}
}
// reset - if reset button is of type submit
if (request.getParameter("_reset") != null) {
try {
response.sendRedirect(request.getHeader("Referer"));
} catch (IOException ioe) {
log.error(this.getClass().getName() + " IOError on redirect: ", ioe);
}
return;
}
try {
Object newObj = getNewObj(epo);
//populate this object from the req. params
boolean valid = populateObjectFromRequestParamsAndValidate(epo, newObj, request);
//run preprocessors
runPreprocessors(epo, newObj);
//applySimpleMask(epo, newObj);
//put the newObj back in the epo where other things can look at it
epo.setNewBean(newObj);
//if validation failed, go back to the form controller
if (!valid){
retry(request,response);
return;
}
String action = getAction(request);
boolean status = performEdit(epo, newObj, action);
if (status == FAILURE) {
retry(request,response);
}
/* put request parameters and attributes into epo where the listeners can see */
epo.setRequestParameterMap(request.getParameterMap());
notifyChangeListeners(epo, action);
/* send the user somewhere */
if (action.equals("insert")){
// Object[] args = new Object[1];
// args[0] = result;
// epo.setNewBean(epo.getGetMethod().invoke(facade,args));
PageForwarder pipf = epo.getPostInsertPageForwarder();
if (pipf != null){
pipf.doForward(request,response,epo);
return;
}
} else if (action.equals("update")){
PageForwarder pupf = epo.getPostUpdatePageForwarder();
if (pupf != null) {
pupf.doForward(request,response,epo);
return;
}
} else if (action.equals("delete")){
PageForwarder pdpf = epo.getPostDeletePageForwarder();
if (pdpf != null) {
pdpf.doForward(request,response,epo);
return;
}
}
//if no page forwarder was set, just go back to referring page:
String referer = epo.getReferer();
if (referer == null)
response.sendRedirect(defaultLandingPage);
else
response.sendRedirect(referer);
} catch (Exception e) {
log.error("Error performing edit", e);
String errMsg = (e.getMessage() != null)
? e.getMessage()
: "Error performing edit";
epo.setAttribute("globalErrorMsg", errMsg);
try {
retry(request, response);
} catch (IOException ioe) {
log.error(this.getClass().getName() + " IOError on redirect: ", ioe);
}
}
}
private void retry(HttpServletRequest request, HttpServletResponse response) throws IOException {
String referer = request.getHeader("Referer");
int epoKeyIndex = referer.indexOf("_epoKey");
if (epoKeyIndex<0)
response.sendRedirect(referer+"&_epoKey="+request.getParameter("_epoKey"));
else{
String url = referer.substring(0,epoKeyIndex) + "_epoKey="+request.getParameter("_epoKey");
response.sendRedirect(url);
}
return;
}
private void runPreprocessors(EditProcessObject epo, Object newObj) {
if (epo.getPreProcessorList() != null && epo.getPreProcessorList().size()>0) {
Iterator preIt = epo.getPreProcessorList().iterator();
while (preIt.hasNext()) {
try {
EditPreProcessor epp = (EditPreProcessor) preIt.next();
epp.process(newObj, epo);
} catch (ClassCastException e) {}
}
}
}
private void applySimpleMask(EditProcessObject epo, Object newObj) {
// apply the simple mask
//if (epo.getSimpleMask() != null) {
// Iterator smaskIt = epo.getSimpleMask().iterator();
// while (smaskIt.hasNext()){
// Object[] simpleMaskPair = (Object[]) smaskIt.next();
// FormUtils.beanSet(newObj,(String)simpleMaskPair[0],simpleMaskPair[1].toString());
// }
//}
}
private Object getNewObj(EditProcessObject epo) {
Object newObj = null;
if (epo.getOriginalBean() != null) { // we're updating or deleting an existing bean
if (epo.getImplementationClass() != null) {
newObj = OperationUtils.cloneBean(epo.getOriginalBean(), epo.getImplementationClass());
} else {
newObj = OperationUtils.cloneBean(epo.getOriginalBean());
}
} else {
Class cls = epo.getBeanClass();
try {
newObj = cls.newInstance();
} catch (IllegalAccessException iae) {
throw new RuntimeException("Illegal access - see error logs.");
} catch (InstantiationException ie) {
throw new RuntimeException("Unable to instantiate " + cls.getSimpleName());
}
}
epo.setNewBean(newObj); // is this dangerous?
return newObj;
}
private boolean populateObjectFromRequestParamsAndValidate(EditProcessObject epo, Object newObj, HttpServletRequest request) {
boolean valid = true;
String currParam="";
Enumeration penum = request.getParameterNames();
while (penum.hasMoreElements()){
currParam = (String) penum.nextElement();
if (!(currParam.indexOf("_")==0)){
String currValue = request.getParameterValues(currParam)[0];
// "altnew" values come in with the same input name but at position 1 of the array
if(currValue.length()==0 && request.getParameterValues(currParam).length>1) {
currValue = request.getParameterValues(currParam)[1];
}
//validate the entry
boolean fieldValid = true;
if ( request.getParameter("_delete") == null ) { // don't do validation if we're deleting
List validatorList = (List) epo.getValidatorMap().get(currParam);
if (validatorList != null) {
Iterator valIt = validatorList.iterator();
String errMsg = "";
while (valIt.hasNext()){
Validator val = (Validator)valIt.next();
ValidationObject vo = val.validate(currValue);
if (!vo.getValid()){
valid = false;
fieldValid = false;
errMsg += vo.getMessage() + " ";
epo.getBadValueMap().put(currParam,currValue);
} else {
try {
epo.getBadValueMap().remove(currParam);
epo.getErrMsgMap().remove(currParam);
} catch (Exception e) {}
}
}
if (errMsg.length()>0) {
epo.getErrMsgMap().put(currParam,errMsg);
log.info("doPost() putting error message "+errMsg+" for "+currParam);
}
}
}
if (fieldValid){
if (currValue.length()==0) {
HashMap defaultHash = epo.getDefaultValueMap();
try {
String defaultValue = (String)defaultHash.get(currParam);
if (defaultValue != null)
currValue=defaultValue;
} catch (Exception e) {}
}
try {
FormUtils.beanSet(newObj,currParam,currValue,epo);
epo.getErrMsgMap().remove(currParam);
epo.getBadValueMap().remove(currParam);
} catch (NumberFormatException e) {
if (currValue.length()>0) {
valid=false;
epo.getErrMsgMap().put(currParam,"Please enter an integer");
epo.getBadValueMap().put(currParam,currValue);
}
} catch (IllegalArgumentException f) {
valid=false;
log.error("doPost() reports IllegalArgumentException for "+currParam);
log.debug("doPost() error message: "+f.getMessage());
epo.getErrMsgMap().put(currParam, f.getMessage());
epo.getBadValueMap().put(currParam,currValue);
}
}
}
}
return valid;
}
private String getAction(HttpServletRequest request) {
if (request.getParameter("_update") != null ) {
return "update";
} else if (request.getParameter("_delete") != null ) {
return "delete";
} else {
return "insert";
}
}
private void notifyChangeListeners(EditProcessObject epo, String action) {
List changeListeners = epo.getChangeListenerList();
if (changeListeners != null){
Iterator changeIt = changeListeners.iterator();
while (changeIt.hasNext()) {
ChangeListener cl = (ChangeListener) changeIt.next();
if (action.equals("insert"))
cl.doInserted(epo.getNewBean(),epo);
else if (action.equals("update"))
cl.doUpdated(epo.getOriginalBean(),epo.getNewBean(),epo);
else if (action.equals("delete"))
cl.doDeleted(epo.getOriginalBean(),epo);
}
}
}
private boolean SUCCESS = false;
private boolean FAILURE = !SUCCESS;
private boolean performEdit(EditProcessObject epo, Object newObj, String action) {
/* do the actual edit operation */
String partialClassName;
if (epo.getBeanClass() != null) {
partialClassName = epo.getBeanClass().getSimpleName();
} else {
partialClassName = epo.getNewBean().getClass().getSimpleName();
}
Object dataAccessObject = null;
if (epo.getDataAccessObject() != null) {
dataAccessObject = epo.getDataAccessObject();
} else {
throw new RuntimeException(OperationController.class.getName()+" needs to be passed an EPO containing a data access object with which to perform the desired operation");
}
Class[] classList = new Class[1];
classList[0] = (epo.getBeanClass() != null) ? epo.getBeanClass() : newObj.getClass();
newObj.getClass().getGenericSuperclass();
Class[] superClassList = new Class[1];
superClassList[0] = newObj.getClass().getSuperclass();
Method meth=null;
Method deleteMeth=null;
Method insertMeth=null;
// probably want to change this so it will walk up the class tree indefinitely looking for a good method to use
if ("update".equals(action)){
if (epo.getUpdateMethod() != null) {
meth = epo.getUpdateMethod();
} else {
try {
meth = dataAccessObject.getClass().getMethod("update"+partialClassName,classList);
} catch (NoSuchMethodException e) {
try {
meth = dataAccessObject.getClass().getMethod("update"+partialClassName,superClassList);
} catch (NoSuchMethodException f) {
try { // if there isn't a single update method, let's see if we can delete the old data and then insert the new
deleteMeth = dataAccessObject.getClass().getMethod("delete"+partialClassName,classList);
try {
insertMeth = dataAccessObject.getClass().getMethod("insert"+partialClassName,classList);
} catch (NoSuchMethodException ee) {
insertMeth = dataAccessObject.getClass().getMethod("insertNew"+partialClassName,classList);
}
} catch (NoSuchMethodException g) {
log.error("doPost() could not find method(s) for updating "+partialClassName);
}
}
}
}
} else if ("delete".equals(action)) {
if (epo.getDeleteMethod() != null) {
meth = epo.getDeleteMethod();
} else {
try {
meth = dataAccessObject.getClass().getMethod("delete"+partialClassName,classList);
} catch (NoSuchMethodException e) {
try {
meth = dataAccessObject.getClass().getMethod("delete"+partialClassName,superClassList);
} catch (NoSuchMethodException f) {
log.error("doPost() could not find method delete"+partialClassName+"() on "+dataAccessObject.getClass().getName());
}
}
}
} else {
if (epo.getInsertMethod() != null) {
meth = epo.getInsertMethod();
} else {
try {
meth = dataAccessObject.getClass().getMethod("insert"+partialClassName,classList);
} catch (NoSuchMethodException e) {
try {
meth = dataAccessObject.getClass().getMethod("insertNew"+partialClassName,classList);
} catch (NoSuchMethodException f) {
try {
meth = dataAccessObject.getClass().getMethod("insertNew"+partialClassName,superClassList);
} catch (NoSuchMethodException g) {
try {
meth = dataAccessObject.getClass().getMethod("insertNew"+partialClassName,superClassList);
} catch (NoSuchMethodException h) {
log.error("doPost() could not find method for inserting "+partialClassName);
}
}
}
}
}
}
Object[] insArgList = new Object[1];
insArgList[0] = newObj;
Object result = null;
if ( (meth == null) && action.equals("update") ) {
//System.out.println("OperationController performing two-stage (deletion followed by insertion) update");
try {
Object[] delArgList = new Object[1];
delArgList[0] = epo.getOriginalBean();
deleteMeth.invoke(dataAccessObject,delArgList);
insertMeth.invoke(dataAccessObject,insArgList);
} catch (InvocationTargetException e) {
log.error(this.getClass().getName()+" encountered exception performing two-stage update");
Throwable innerE = e.getTargetException();
log.error(innerE);
if (innerE.getMessage()!=null) {
log.error(innerE.getMessage());
epo.setAttribute("globalErrorMsg",innerE.getMessage());
}
return FAILURE;
} catch (IllegalAccessException iae) {
log.error(iae);
epo.setAttribute("globalErrorMessage", "Illegal access - see error logs.");
return FAILURE;
}
} else {
try {
result = meth.invoke(dataAccessObject,insArgList);
} catch (InvocationTargetException e) {
log.error(this.getClass().getName()+" encountered exception performing edit action");
Throwable innerE = e.getTargetException();
//innerE.printStackTrace();
log.error(innerE);
if (innerE.getMessage()!=null) {
//System.out.println(innerE.getMessage());
log.error(innerE.getMessage());
epo.setAttribute("globalErrorMsg",innerE.getMessage());
}
return FAILURE;
} catch (IllegalAccessException iae) {
log.error(iae);
epo.setAttribute("globalErrorMessage", "Illegal access - see error logs.");
return FAILURE;
}
}
if (result != null) {
// need to put the result of the insert in the id of the newbean
try {
Class[] setIdArgs = new Class[1];
if (epo.getIdFieldClass() != null)
setIdArgs[0] = epo.getIdFieldClass();
else
setIdArgs[0] = int.class;
String idMutator = "set";
if (epo.getIdFieldName() != null) {
idMutator += epo.getIdFieldName();
} else {
idMutator += "Id";
}
Method setIdMeth = epo.getNewBean().getClass().getMethod(idMutator,setIdArgs);
try {
Object[] idArg = new Object[1];
idArg[0] = result;
setIdMeth.invoke((Object)epo.getNewBean(),idArg);
} catch (IllegalAccessException e) {
log.error("doPost() encountered IllegalAccessException setting id of new bean");
} catch (InvocationTargetException f) {
log.error(f.getTargetException().getMessage());
}
} catch (NoSuchMethodException e) {
//log.error("doPost() could not find setId() method for "+partialClassName);
} catch (Exception f) {
//log.error("doPost() could not set id of new bean.");
}
}
return SUCCESS;
}
}

12
webapp/src/edu/cornell/mannlib/vedit/forwarder/PageForwarder.java Normal file
View file

@ -0,0 +1,12 @@
package edu.cornell.mannlib.vedit.forwarder;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import edu.cornell.mannlib.vedit.beans.EditProcessObject;
public interface PageForwarder {
public void doForward(HttpServletRequest request, HttpServletResponse response, EditProcessObject epo);
}

37
webapp/src/edu/cornell/mannlib/vedit/forwarder/impl/UrlForwarder.java Normal file
View file

@ -0,0 +1,37 @@
package edu.cornell.mannlib.vedit.forwarder.impl;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import java.io.IOException;
import java.net.URLEncoder;
import edu.cornell.mannlib.vedit.forwarder.PageForwarder;
import edu.cornell.mannlib.vedit.beans.EditProcessObject;
import edu.cornell.mannlib.vitro.webapp.controller.VitroHttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
public class UrlForwarder implements PageForwarder {
private static final Log log = LogFactory.getLog(UrlForwarder.class.getName());
private String theUrl = null;
public UrlForwarder (String theUrl) {
this.theUrl = theUrl;
}
public void doForward(HttpServletRequest request, HttpServletResponse response, EditProcessObject epo) {
try {
response.sendRedirect(response.encodeRedirectURL(theUrl));
} catch (IOException ioe) {
log.error("doForward() could not send redirect.");
}
}
}

15
webapp/src/edu/cornell/mannlib/vedit/listener/ChangeListener.java Normal file
View file

@ -0,0 +1,15 @@
package edu.cornell.mannlib.vedit.listener;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import edu.cornell.mannlib.vedit.beans.EditProcessObject;
public interface ChangeListener {
public void doInserted(Object newObj, EditProcessObject epo);
public void doUpdated(Object oldObj, Object newObj, EditProcessObject epo);
public void doDeleted(Object oldObj, EditProcessObject epo);
}

11
webapp/src/edu/cornell/mannlib/vedit/listener/EditPreProcessor.java Normal file
View file

@ -0,0 +1,11 @@
package edu.cornell.mannlib.vedit.listener;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import edu.cornell.mannlib.vedit.beans.EditProcessObject;
public interface EditPreProcessor {
public void process(Object o, EditProcessObject epo);
}

223
webapp/src/edu/cornell/mannlib/vedit/tags/DynamicFieldsTag.java Normal file
View file

@ -0,0 +1,223 @@
package edu.cornell.mannlib.vedit.tags;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import java.util.HashMap;
import java.util.ArrayList;
import java.util.List;
import java.util.Iterator;
import java.io.File;
import java.io.BufferedOutputStream;
import java.io.InputStream;
import java.io.FileInputStream;
import java.io.BufferedInputStream;
import java.io.InputStreamReader;
import java.io.BufferedReader;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import javax.servlet.jsp.JspException;
import javax.servlet.jsp.tagext.TagSupport;
import javax.servlet.jsp.JspWriter;
import javax.servlet.ServletException;
import edu.cornell.mannlib.vedit.beans.FormObject;
import edu.cornell.mannlib.vedit.beans.DynamicField;
import edu.cornell.mannlib.vedit.beans.DynamicFieldRow;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang.StringEscapeUtils;
import edu.cornell.mannlib.vedit.tags.EditTag;
public class DynamicFieldsTag extends EditTag {
private char PATH_SEP = File.separatorChar;
public final String MARKUP_FILE_PATH = "templates"+PATH_SEP+"edit"+PATH_SEP+"specific"+PATH_SEP;
private String name = null;
private String type = null;
private String usePage = null;
private String preMarkup = null;
private String templateMarkup = null;
private String postMarkup = null;
public void setName( String name ) {
this.name = name;
}
public void setType( String type ) {
this.type = type;
}
public void setUsePage( String usePage ) {
this.usePage = usePage;
}
public void parseMarkup() throws JspException{
try {
int preStart = -1;
int templateStart = -1;
int postStart = -1;
InputStream fis = new FileInputStream (pageContext.getServletContext().getRealPath(new String())+PATH_SEP+MARKUP_FILE_PATH+usePage);
InputStream bis = new BufferedInputStream(fis);
BufferedReader in = new BufferedReader(new InputStreamReader(bis));
List<String> lines = new ArrayList<String>();
lines.add(""); // 0th line
int lineIndex = 0;
while (in.ready()) {
++lineIndex;
String currentLine = in.readLine();
if (currentLine != null && currentLine.indexOf("<!--") ==0 && currentLine.indexOf("@pre")>0 ) {
preStart = lineIndex;
} else if (currentLine != null && currentLine.indexOf("<!--") ==0 && currentLine.indexOf("@template")>0 ) {
templateStart = lineIndex;
} else if (currentLine != null && currentLine.indexOf("<!--") ==0 && currentLine.indexOf("@post")>0 ) {
postStart = lineIndex;
}
lines.add(currentLine);
}
in.close();
StringBuffer preMarkupB = new StringBuffer();
StringBuffer postMarkupB = new StringBuffer();
StringBuffer templateMarkupB = new StringBuffer();
if (templateStart>preStart && preStart>0) {
for (int i=preStart+1; i<templateStart; i++) {
preMarkupB.append(lines.get(i)).append("\n");
}
} else {
System.out.println("DynamicFieldsTag could not find @pre markup in "+MARKUP_FILE_PATH+usePage);
throw new JspException("DynamicFieldsTag could not parse @pre markup section");
}
preMarkup = preMarkupB.toString();
if (postStart>templateStart && templateStart>0) {
for (int i=templateStart+1; i<postStart; i++) {
templateMarkupB.append(lines.get(i)).append("\n");
}
} else {
System.out.println("DynamicFieldsTag could not find @template markup in "+MARKUP_FILE_PATH+usePage);
throw new JspException("DynamicFieldsTag could not parse @template markup section");
}
templateMarkup = templateMarkupB.toString();
if (postStart>0) {
for (int i=postStart+1; i<lines.size(); i++) {
postMarkupB.append(lines.get(i)).append("\n");
}
} else {
System.out.println("DynamicFieldsTag could not find @post markup in "+MARKUP_FILE_PATH+usePage);
throw new JspException("DynamicFieldsTag could not parse @post markup section");
}
postMarkup = postMarkupB.toString();
} catch (FileNotFoundException e) {
System.out.println("DynamicFieldsTag could not find markup file at "+pageContext.getServletContext().getRealPath(new String())+"\\"+MARKUP_FILE_PATH+usePage);
} catch (IOException ioe) {
System.out.println("DynamicFieldsTag encountered IOException reading "+pageContext.getServletContext().getRealPath(new String())+"\\"+MARKUP_FILE_PATH+usePage);
}
}
public String strReplace(String input, String pattern, String replacement) {
String[] piece = input.split(pattern);
StringBuffer output = new StringBuffer();
for (int i=0; i<piece.length; i++) {
output.append(piece[i]);
if (i<piece.length-1)
output.append(replacement);
}
return output.toString();
}
public int doEndTag() throws JspException {
try {
parseMarkup();
JspWriter out = pageContext.getOut();
HashMap values = null;
try {
FormObject foo = getFormObject();
List<DynamicField> dynfs = foo.getDynamicFields();
Iterator<DynamicField> dynIt = dynfs.iterator();
int i = 9899;
while (dynIt.hasNext()) {
DynamicField dynf = dynIt.next();
StringBuffer genTaName = new StringBuffer().append("_").append(dynf.getTable()).append("_");
genTaName.append("-1").append("_");
Iterator pparamIt = dynf.getRowTemplate().getParameterMap().keySet().iterator();
while(pparamIt.hasNext()) {
String key = (String) pparamIt.next();
String value = (String) dynf.getRowTemplate().getParameterMap().get(key);
byte[] valueInBase64 = Base64.encodeBase64(value.getBytes());
genTaName.append(key).append(":").append(new String(valueInBase64)).append(";");
}
String preWithVars = new String(preMarkup);
preWithVars = strReplace(preWithVars,type+"NN",Integer.toString(i));
preWithVars = strReplace(preWithVars,"\\$genTaName",genTaName.toString());
preWithVars = strReplace(preWithVars,"\\$fieldName",dynf.getName());
out.print(preWithVars);
Iterator<DynamicFieldRow> rowIt = dynf.getRowList().iterator();
while (rowIt.hasNext()) {
++i;
DynamicFieldRow row = rowIt.next();
if (row.getValue()==null)
row.setValue("");
if (row.getValue().length()>0) {
StringBuffer taName = new StringBuffer().append("_").append(dynf.getTable()).append("_");
taName.append(row.getId()).append("_");
Iterator paramIt = row.getParameterMap().keySet().iterator();
while(paramIt.hasNext()) {
String key = (String) paramIt.next();
String value = (String) row.getParameterMap().get(key);
byte[] valueInBase64 = Base64.encodeBase64(value.getBytes());
taName.append(key).append(":").append(new String(valueInBase64)).append(";");
}
if (row.getValue().length()>0) {
String templateWithVars = new String(templateMarkup);
templateWithVars = strReplace(templateWithVars,type+"NN",Integer.toString(i));
templateWithVars = strReplace(templateWithVars,"\\$taName",taName.toString());
templateWithVars = strReplace(templateWithVars,"\\$\\$",row.getValue());
out.print(templateWithVars);
}
}
}
out.print(postMarkup);
}
// output the row template for the javascript to clone
out.println("<!-- row template inserted by DynamicFieldsTag -->");
String hiddenTemplatePreMarkup = new String(preMarkup);
// bit of a hack to hide the template from the user:
hiddenTemplatePreMarkup = strReplace(hiddenTemplatePreMarkup,"display\\:none\\;","");
hiddenTemplatePreMarkup = strReplace(hiddenTemplatePreMarkup,"display\\:block\\;","");
hiddenTemplatePreMarkup = strReplace(hiddenTemplatePreMarkup,"display\\:inline\\;","");
hiddenTemplatePreMarkup = strReplace(hiddenTemplatePreMarkup,"style\\=\\\"","style=\"display:none;");
out.print(hiddenTemplatePreMarkup);
String hiddenTemplateTemplateMarkup = new String(templateMarkup);
hiddenTemplateTemplateMarkup = strReplace(hiddenTemplateTemplateMarkup, "\\$\\$", "");
out.print(hiddenTemplateTemplateMarkup);
out.print(postMarkup);
} catch (Exception e){
System.out.println("DynamicFieldsTag could not get the form object");
}
} catch(Exception ex) {
throw new JspException(ex.getMessage());
}
return SKIP_BODY;
}
}

58
webapp/src/edu/cornell/mannlib/vedit/tags/EditTag.java Normal file
View file

@ -0,0 +1,58 @@
package edu.cornell.mannlib.vedit.tags;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import java.util.HashMap;
import javax.servlet.jsp.JspException;
import javax.servlet.jsp.PageContext;
import javax.servlet.jsp.tagext.TagSupport;
import javax.servlet.jsp.JspWriter;
import edu.cornell.mannlib.vedit.beans.EditProcessObject;
import edu.cornell.mannlib.vedit.beans.FormObject;
import org.apache.commons.lang.StringEscapeUtils;
public class EditTag extends TagSupport {
private String name = null;
public void setName( String name ) {
this.name = name;
}
public int doEndTag() throws JspException {
return SKIP_BODY;
}
public EditProcessObject getEpo() {
EditProcessObject epo = null;
String epoKey = null;
String epoKeyAttr = (String) pageContext.getRequest().getAttribute("epoKey");
if (epoKeyAttr != null) {
epoKey = epoKeyAttr;
}
else {
String epoKeyParam = (String) pageContext.getRequest().getParameter("epoKey");
if (epoKeyParam != null) {
epoKey = epoKeyParam;
}
}
HashMap epoHash = (HashMap) pageContext.getSession().getAttribute("epoHash");
try {
epo = (EditProcessObject) epoHash.get(epoKey);
} catch (NullPointerException npe) {
System.out.println("Null epoHash in edu.cornell.mannlib.vitro.edu.tags.utils.TagUtils.getEpo()");
}
return epo;
}
public FormObject getFormObject() {
FormObject foo=null;
try {
foo=getEpo().getFormObject();
} catch (NullPointerException npe) {
System.out.println("Null epo in edu.cornell.mannlib.vitro.edit.tags.utils.TagUtils.getFormObject()");
}
return foo;
}
}

40
webapp/src/edu/cornell/mannlib/vedit/tags/ErrorTag.java Normal file
View file

@ -0,0 +1,40 @@
package edu.cornell.mannlib.vedit.tags;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import javax.servlet.jsp.JspException;
import javax.servlet.jsp.tagext.TagSupport;
import javax.servlet.jsp.JspWriter;
import edu.cornell.mannlib.vedit.beans.FormObject;
import edu.cornell.mannlib.vedit.tags.EditTag;
import org.apache.commons.lang.StringEscapeUtils;
/** This tag allows validation error messages to be displayed on a form JSP **/
public class ErrorTag extends EditTag {
private String name = null;
public void setName( String name ) {
this.name = name;
}
public int doEndTag() throws JspException {
try {
JspWriter out = pageContext.getOut();
String errors = null;
try {
errors = (String) getFormObject().getErrorMap().get(name);
} catch (Exception e){
System.out.println("Could not get the form object from which to extract validation error message.");
}
if (errors != null){
out.print(StringEscapeUtils.escapeHtml((String) errors));
}
} catch(Exception ex) {
throw new JspException(ex.getMessage());
}
return SKIP_BODY;
}
}

70
webapp/src/edu/cornell/mannlib/vedit/tags/OptionTag.java Normal file
View file

@ -0,0 +1,70 @@
package edu.cornell.mannlib.vedit.tags;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import org.apache.commons.collections.map.ListOrderedMap;
import org.apache.commons.collections.OrderedMapIterator;
import java.util.List;
import java.util.Iterator;
import java.io.IOException;
import javax.servlet.jsp.JspException;
import javax.servlet.jsp.JspWriter;
import edu.cornell.mannlib.vedit.beans.Option;
import edu.cornell.mannlib.vedit.tags.EditTag;
import org.apache.commons.lang.StringEscapeUtils;
public class OptionTag extends EditTag {
private String name = null;
public void setName( String name ) {
this.name = name;
}
private void outputOptionsMarkup(List optList, JspWriter out) throws IOException {
Iterator it = optList.iterator();
while (it.hasNext()){
Option opt = (Option) it.next();
if (opt.getValue() == null)
opt.setValue("");
if (opt.getBody() == null)
opt.setBody("");
out.print("<option value=\""+StringEscapeUtils.escapeHtml(opt.getValue())+"\"");
if (opt.getSelected())
out.print(" selected=\"selected\"");
out.print(">");
out.print(StringEscapeUtils.escapeHtml(opt.getBody()));
out.print("</option>\n");
}
}
public int doEndTag() throws JspException {
try {
JspWriter out = pageContext.getOut();
List optList = null;
ListOrderedMap optGroups = null;
try {
optList = (List) getFormObject().getOptionLists().get(name);
outputOptionsMarkup(optList,out);
} catch (ClassCastException e){
// maybe it's a ListOrderedMap of optgroups
optGroups = (ListOrderedMap) getFormObject().getOptionLists().get(name);
OrderedMapIterator ogKey = optGroups.orderedMapIterator();
while (ogKey.hasNext()) {
String optGroupName = (String) ogKey.next();
out.println("<optgroup label=\""+StringEscapeUtils.escapeHtml(optGroupName)+"\">");
outputOptionsMarkup((List)optGroups.get(optGroupName),out);
out.println("</optgroup>");
}
} catch (NullPointerException npe) {
System.out.println("OptionTag could not find option list for "+name);
}
} catch(Exception ex) {
ex.printStackTrace();
throw new JspException(ex.getMessage());
}
return SKIP_BODY; // EVAL_PAGE; did colnames only //EVAL_PAGE in connection pooled version;
}
}

48
webapp/src/edu/cornell/mannlib/vedit/tags/ValueTag.java Normal file
View file

@ -0,0 +1,48 @@
package edu.cornell.mannlib.vedit.tags;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import java.util.HashMap;
import javax.servlet.jsp.JspException;
import javax.servlet.jsp.tagext.TagSupport;
import javax.servlet.jsp.JspWriter;
import edu.cornell.mannlib.vedit.beans.FormObject;
import org.apache.commons.lang.StringEscapeUtils;
import edu.cornell.mannlib.vedit.tags.EditTag;
public class ValueTag extends EditTag {
private String name = null;
public void setName( String name ) {
this.name = name;
}
public int doEndTag() throws JspException {
try {
JspWriter out = pageContext.getOut();
HashMap values = null;
try {
// FormObject foo = (FormObject) pageContext.getSession().getAttribute("FormObject");
// FormObject foo = TagUtils.getFormObject(pageContext);
FormObject foo = getFormObject();
values = foo.getValues();
} catch (Exception e){
System.out.println("Could not get the form object from which to build an option list");
}
if (values != null){
String value = (String) values.get(name);
if (value != null)
out.print(StringEscapeUtils.escapeHtml(value));
} else {
System.out.println("ValueTag unable to get HashMap of form values");
}
} catch(Exception ex) {
throw new JspException(ex.getMessage());
}
return SKIP_BODY;
}
}

416
webapp/src/edu/cornell/mannlib/vedit/util/FormUtils.java Normal file
View file

@ -0,0 +1,416 @@
package edu.cornell.mannlib.vedit.util;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import java.lang.reflect.Method;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import edu.cornell.mannlib.vedit.beans.EditProcessObject;
import edu.cornell.mannlib.vedit.beans.FormObject;
import edu.cornell.mannlib.vedit.beans.Option;
import edu.cornell.mannlib.vitro.webapp.beans.Ontology;
import edu.cornell.mannlib.vitro.webapp.beans.VClass;
import edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory;
public class FormUtils {
protected static final Log log = LogFactory.getLog(FormUtils.class.getName());
/* this class needs to be reworked */
public static String htmlFormFromBean (Object bean, String action, FormObject foo) {
return htmlFormFromBean(bean,action,null,foo,new HashMap());
}
public static String htmlFormFromBean (Object bean, String action, FormObject foo, HashMap badValuesHash) {
return htmlFormFromBean(bean,action,null,foo,badValuesHash);
}
/**
* Creates a basic XHTML editing form for a bean class
*
* This is the simplest version, creating an input field for each and every setter method in the bean.
*
* @param bean the bean class for which an editing form should be built
* @return XHTML markup of an editing form for the specified class
* @author bjl23
*/
public static String htmlFormFromBean (Object bean, String action, EditProcessObject epo, FormObject foo, HashMap BadValuesHash) {
String formMarkup = "";
Class beanClass = (epo != null && epo.getBeanClass() != null) ? epo.getBeanClass() : bean.getClass();
Method[] meths = beanClass.getMethods();
for (int i=0; i<meths.length; i++) {
if (meths[i].getName().indexOf("set") == 0) {
// we have a setter method
Method currMeth = meths[i];
Class[] currMethParamTypes = currMeth.getParameterTypes();
Class currMethType = currMethParamTypes[0];
String currMethTypeStr = currMethType.toString();
if (currMethTypeStr.equals("int") || currMethTypeStr.indexOf("class java.lang.String")>-1 || currMethTypeStr.indexOf("class java.util.Date")>-1) {
//we only want people directly to type in ints, strings, and dates
//of course, most of the ints are probably foreign keys anyway...
String elementName = currMeth.getName().substring(3,currMeth.getName().length());
formMarkup += "<tr><td align=\"right\">";
formMarkup += "<p><strong>"+elementName+"</strong></p>";
formMarkup += "</td><td>";
formMarkup += "<input name=\""+elementName+"\" ";
//if int, make a smaller box
if (currMethTypeStr.equals("int")){
formMarkup += " size=\"11\" maxlength=\"11\" ";
}
else
formMarkup += "size=\"75%\" ";
//see if there's something in the bean using
//the related getter method
Class[] paramClass = new Class[1];
paramClass[0] = currMethType;
try {
Method getter = beanClass.getMethod("get"+elementName,(Class[]) null);
Object existingData = null;
try {
existingData = getter.invoke(bean, (Object[]) null);
} catch (Exception e) {
log.error ("Exception invoking getter method");
}
String value = "";
if (existingData != null){
if (existingData instanceof String){
value += existingData;
}
else if (!(existingData instanceof Integer && (Integer)existingData <= -10000)) {
value += existingData.toString();
}
}
String badValue = (String) BadValuesHash.get(elementName);
if (badValue != null)
value = badValue;
formMarkup += " value=\""+StringEscapeUtils.escapeHtml(value)+"\" ";
foo.getValues().put(elementName, value);
} catch (NoSuchMethodException e) {
// System.out.println("Could not find method get"+elementName+"()");
}
formMarkup += "/>\n";
formMarkup += "</td></tr>";
}
}
}
return formMarkup;
}
public static List /*of Option*/ makeOptionListFromBeans (List beanList, String valueField, String bodyField, String selectedValue, String selectedBody) {
return makeOptionListFromBeans (beanList, valueField, bodyField, selectedValue, selectedBody, true);
}
public static List /*of Option*/ makeOptionListFromBeans (List beanList, String valueField, String bodyField, String selectedValue, String selectedBody, boolean forceSelectedInclusion) {
List optList = new LinkedList();
if (beanList == null)
return optList;
Iterator beanIt = beanList.iterator();
boolean foundSelectedValueInBeans = false;
while (beanIt.hasNext()){
Object bean = beanIt.next();
String value="";
Method valueMeth = null;
Object valueObj = null;
try {
valueMeth = bean.getClass().getMethod("get"+valueField, (Class[]) null);
valueObj = valueMeth.invoke(bean, (Object[]) null);
} catch (Exception e) {
log.warn("Could not find method get"+valueField+" on "+bean.getClass());
}
if (valueObj != null){
value = valueObj.toString();
}
String body="";
Method bodyMeth = null;
Object bodyObj = null;
try {
bodyMeth = bean.getClass().getMethod("get"+bodyField, (Class[]) null);
bodyObj = bodyMeth.invoke(bean, (Object[]) null);
} catch (Exception e) {
log.warn(" could not find method get"+bodyField);
}
if (bodyObj != null){
body = bodyObj.toString();
}
Option opt = new Option();
opt.setValue(value);
opt.setBody(body);
if (selectedValue != null){
if (selectedValue.equals(value)) {
opt.setSelected(true);
foundSelectedValueInBeans = true;
}
} else {
if (selectedBody != null){
if (selectedBody.equals(body)) {
opt.setSelected(true);
foundSelectedValueInBeans = true;
}
}
}
optList.add(opt);
}
/* if the list of beans doesn't include the selected value/body, insert it anyway so we don't inadvertently change the value of the
field to the first thing that happens to be in the select list */
boolean skipThisStep = !forceSelectedInclusion;
// for now, if the value is a negative integer, we won't try to preserve it, as the bean was probably just instantiated
// should switch to a more robust way of handling inital bean values later
if (selectedValue == null) {
skipThisStep = true;
} else {
try {
int selectedValueInt = Integer.decode(selectedValue);
if (selectedValueInt < 0)
skipThisStep = true;
} catch (NumberFormatException e) {}
}
if (!foundSelectedValueInBeans && !skipThisStep) {
log.trace("Adding the selected option!");
Option sOpt = new Option();
sOpt.setValue(selectedValue);
if (selectedBody == null || selectedBody.length() == 0)
sOpt.setBody(selectedValue.toString());
else
sOpt.setBody(selectedBody);
sOpt.setSelected(true);
optList.add(sOpt);
}
return optList;
}
public static List<Option> makeVClassOptionList(WebappDaoFactory wadf, String selectedVClassURI) {
List<Option> vclassOptionList = new LinkedList<Option>();
for (VClass vclass : wadf.getVClassDao().getAllVclasses()) {
Option option = new Option();
option.setValue(vclass.getURI());
if ( (selectedVClassURI != null) && (vclass.getURI() != null) && (selectedVClassURI.equals(vclass.getURI())) ) {
option.setSelected(true);
}
String ontologyName = null;
if (vclass.getNamespace() != null) {
Ontology ont = wadf.getOntologyDao().getOntologyByURI(vclass.getNamespace());
if ( (ont != null) && (ont.getName() != null) ) {
ontologyName = ont.getName();
}
}
StringBuffer classNameBuffer = new StringBuffer();
if (vclass.getName() != null) {
classNameBuffer.append(vclass.getName());
}
if (ontologyName != null) {
classNameBuffer.append(" (").append(ontologyName).append(")");
}
option.setBody(classNameBuffer.toString());
vclassOptionList.add(option);
}
return vclassOptionList;
}
public static void beanSet(Object newObj, String field, String value) {
beanSet (newObj, field, value, null);
}
public static void beanSet(Object newObj, String field, String value, EditProcessObject epo) {
SimpleDateFormat standardDateFormat = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
SimpleDateFormat minutesOnlyDateFormat = new SimpleDateFormat("yyyy-MM-dd HH:mm");
Class cls = (epo != null && epo.getBeanClass() != null) ? epo.getBeanClass() : newObj.getClass();
Class[] paramList = new Class[1];
paramList[0] = String.class;
boolean isInt = false;
boolean isDate = false;
boolean isBoolean = false;
Method setterMethod = null;
try {
setterMethod = cls.getMethod("set"+field,paramList);
} catch (NoSuchMethodException e) {
//let's try int
paramList[0] = int.class;
try {
setterMethod = cls.getMethod("set"+field,paramList);
isInt = true;
} catch (NoSuchMethodException f) {
//boolean
paramList[0] = boolean.class;
try {
setterMethod = cls.getMethod("set"+field,paramList);
isBoolean = true;
//System.out.println("Found boolean field "+field);
} catch (NoSuchMethodException h) {
//let's try Date!
paramList[0] = Date.class;
try {
// this isn't so great ; should probably be in a validator
if(value != null && value.length() > 0 && value.indexOf(":") < 1) {
value += " 00:00:00";
}
setterMethod = cls.getMethod("set"+field,paramList);
isDate = true;
} catch (NoSuchMethodException g) {
//System.out.println("beanSet could not find a setter method for "+field+" in "+cls.getName());
}
}
}
}
Object[] arglist = new Object[1];
if (isInt)
arglist[0] = Integer.decode(value);
else if (isDate)
if (value != null && value.length()>0) {
try {
arglist[0] = standardDateFormat.parse(value);
} catch (ParseException p) {
try {
arglist[0] = minutesOnlyDateFormat.parse(value);
} catch (ParseException q) {
log.error(FormUtils.class.getName()+" could not parse"+value+" to a Date object.");
throw new IllegalArgumentException("Please enter a date/time in one of these formats: '2007-07-07', '2007-07-07 07:07', or '2007-07-07 07:07:07'");
}
}
} else {
arglist[0] = null;
}
else if (isBoolean) {
arglist[0] = (value.equalsIgnoreCase("true"));
//System.out.println("Setting "+field+" "+value+" "+arglist[0]);
} else {
arglist[0] = value;
}
try {
setterMethod.invoke(newObj,arglist);
} catch (Exception e) {
// System.out.println("Couldn't invoke method");
// System.out.println(e.getMessage());
// System.out.println(field+" "+arglist[0]);
}
}
/**
* Takes a bean and uses all of its setter methods to set null values
* @return
*/
public static Object nullBean(Object bean){
Class cls = bean.getClass();
Method[] meths = cls.getMethods();
for (int i=0; i<meths.length; ++i){
Method meth = meths[i];
if (meth.getName().indexOf("set")==0){
try{
meth.invoke(bean,(Object[]) null);
} catch (Exception e) {
log.error ("edu.cornell.mannlib.vitro.edit.FormUtils nullBean(Object) unable to use "+meth.getName()+" to set null.");
}
}
}
return bean;
}
/**
* Takes any nonnull values from an overlay bean and sets them on a base bean
* @param base
* @param overlay
* @return overlaid bean
*/
public static Object overlayBean (Object base, Object overlay) throws IllegalArgumentException {
Class baseCls = base.getClass();
Class overlayCls = overlay.getClass();
if (overlayCls != baseCls)
throw new IllegalArgumentException("overlayBean requires two objects of the same type");
Method[] meths = overlayCls.getMethods();
for (int i=0; i<meths.length; ++i){
Method meth = meths[i];
String methName = meth.getName();
if (methName.indexOf("get")==0){
try {
Object overlayObj = meth.invoke(overlay,(Object[]) null);
if (overlayObj != null) {
String setterName = "set"+methName.substring(3,methName.length());
Class setterArgClass = null;
if (overlayObj instanceof Integer)
setterArgClass = int.class;
else
setterArgClass = overlayObj.getClass();
Class[] setterArgClasses = new Class[1];
setterArgClasses[0] = setterArgClass;
try {
Method setterMeth = baseCls.getMethod(setterName,setterArgClasses);
Object[] setterObjs = new Object[1];
setterObjs[0] = overlayObj;
setterMeth.invoke(base,setterObjs);
} catch (NoSuchMethodException e) {
log.error("edu.cornell.mannlib.vitro.edit.FormUtils.overlayBean(Object,Object) could not find setter method "+setterName);
}
}
} catch (Exception e) {
log.error("edu.cornell.mannlib.vitro.edit.FormUtils overlayBean(Object,Object) could not invoke getter method "+methName);
}
}
}
return base;
}
/**
* Decodes a Base-64-encoded String of format key:value;key2:value2;key3:value, and puts the keys and values in a Map
* @param params
* @return
*/
public static Map beanParamMapFromString(String params) {
String[] param = params.split(";");
Map beanParamMap = new HashMap();
for (int i=0; i<param.length; i++) {
String[] p = param[i].split(":");
beanParamMap.put(p[0],new String(Base64.decodeBase64(p[1].getBytes())));
}
return beanParamMap;
}
}

128
webapp/src/edu/cornell/mannlib/vedit/util/OperationUtils.java Normal file
View file

@ -0,0 +1,128 @@
package edu.cornell.mannlib.vedit.util;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import java.lang.reflect.Method;
import java.lang.reflect.InvocationTargetException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import edu.cornell.mannlib.vedit.beans.EditProcessObject;
import edu.cornell.mannlib.vitro.webapp.auth.policy.JenaNetidPolicy.ContextSetup;
public class OperationUtils{
private static final Log log = LogFactory.getLog(OperationUtils.class.getName());
public static void beanSetAndValidate(Object newObj, String field, String value, EditProcessObject epo){
Class cls = (epo.getBeanClass() != null) ? epo.getBeanClass() : newObj.getClass();
Class[] paramList = new Class[1];
paramList[0] = String.class;
boolean isInt = false;
boolean isBoolean = false;
Method setterMethod = null;
try {
setterMethod = cls.getMethod("set"+field,paramList);
} catch (NoSuchMethodException e) {
//let's try int
paramList[0] = int.class;
try {
setterMethod = cls.getMethod("set"+field,paramList);
isInt = true;
} catch (NoSuchMethodException f) {
//let's try boolean
paramList[0]=boolean.class;
try {
setterMethod = cls.getMethod("set"+field,paramList);
isBoolean = true;
log.debug("found boolean field "+field);
} catch (NoSuchMethodException g) {
log.error("beanSet could not find an appropriate String, int, or boolean setter method for "+field);
}
}
}
Object[] arglist = new Object[1];
if (isInt)
arglist[0] = Integer.decode(value);
else if (isBoolean)
arglist[0] = (value.equalsIgnoreCase("TRUE"));
else
arglist[0] = value;
try {
setterMethod.invoke(newObj,arglist);
} catch (Exception e) {
System.out.println("Couldn't invoke method");
System.out.println(e.getMessage());
System.out.println(field+" "+arglist[0]);
}
}
/**
* Takes a bean and clones it using reflection.
* Any fields without standard getter/setter methods will not be copied.
* @param bean
* @return
*/
public static Object cloneBean (Object bean) {
return cloneBean(bean, bean.getClass());
}
/**
* Takes a bean and clones it using reflection.
* Any fields without standard getter/setter methods will not be copied.
* @param bean
* @return
*/
public static Object cloneBean (Object bean, Class beanClass){
Object newBean = null;
try {
newBean = beanClass.newInstance();
Method[] beanMeths = beanClass.getMethods();
for (int i=0; i<beanMeths.length ; ++i){
String methName = beanMeths[i].getName();
if (methName.indexOf("get")==0){
String fieldName = methName.substring(3,methName.length());
Class returnType = beanMeths[i].getReturnType();
try {
Class[] args = new Class[1];
args[0] = returnType;
Method setterMethod = beanClass.getMethod("set"+fieldName,args);
try {
Object fieldVal = beanMeths[i].invoke(bean,(Object[])null);
try {
Object[] setArgs = new Object[1];
setArgs[0] = fieldVal;
setterMethod.invoke(newBean,setArgs);
} catch (IllegalAccessException iae) {
System.out.println("edu.cornell.mannlib.vitro.edit.utils.OperationUtils encountered IllegalAccessException invoking "+setterMethod.getName());
} catch (InvocationTargetException ite) {
System.out.println("edu.cornell.mannlib.vitro.edit.utils.OperationUtils encountered InvocationTargetException invoking "+setterMethod.getName());
System.out.println(ite.getTargetException().getClass().toString());
}
} catch (IllegalAccessException iae) {
System.out.println(OperationUtils.class.getName()+" encountered IllegalAccessException invoking "+beanMeths[i].getName());
} catch (InvocationTargetException ite) {
System.out.println(OperationUtils.class.getName()+" encountered InvocationTargetException invoking "+beanMeths[i].getName());
System.out.println(ite.getTargetException().getClass().toString());
} catch (IllegalArgumentException iae) {
// System.out.println(OperationUtils.class.getName()+" found that "+beanMeths[i].getName()+" requires one or more arguments. Skipping.");
}
} catch (NoSuchMethodException nsme){
// ignore this field because there is no setter method
}
}
}
} catch (InstantiationException ie){
System.out.println("edu.cornell.mannlib.vitro.edit.utils.OperationUtils.cloneBean("+bean.getClass().toString()+") could not instantiate new instance of bean.");
System.out.println(ie.getStackTrace());
} catch (IllegalAccessException iae){
System.out.println("edu.cornell.mannlib.vitro.edit.utils.OperationUtils.cloneBean("+bean.getClass().toString()+") encountered illegal access exception instantiating new bean.");
System.out.println(iae.getStackTrace());
}
return newBean;
}
}

559
webapp/src/edu/cornell/mannlib/vedit/util/Stemmer.java Normal file
View file

@ -0,0 +1,559 @@
package edu.cornell.mannlib.vedit.util;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
/*
Porter stemmer in Java. The original paper is in
Porter, 1980, An algorithm for suffix stripping, Program, Vol. 14,
no. 3, pp 130-137,
See also http://www.tartarus.org/~martin/PorterStemmer
History:
Release 1
Bug 1 (reported by Gonzalo Parra 16/10/99) fixed as marked below.
The words 'aed', 'eed', 'oed' leave k at 'a' for step 3, and b[k-1]
is then out outside the bounds of b.
Release 2
Similarly,
Bug 2 (reported by Steve Dyrdahl 22/2/00) fixed as marked below.
'ion' by itself leaves j = -1 in the test for 'ion' in step 5, and
b[j] is then outside the bounds of b.
Release 3
Considerably revised 4/9/00 in the light of many helpful suggestions
from Brian Goetz of Quiotix Corporation (brian@quiotix.com).
Release 4
*/
import java.io.*;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import edu.cornell.mannlib.vitro.webapp.auth.policy.JenaNetidPolicy.ContextSetup;
/**
* Stemmer, implementing the Porter Stemming Algorithm
*
* The Stemmer class transforms a word into its root form. The input
* word can be provided a character at time (by calling add()), or at once
* by calling one of the various stem(something) methods.
*/
class Stemmer
{ private char[] b;
private int i, /* offset into b */
i_end, /* offset to end of stemmed word */
j, k;
private static final int INC = 50;
/* unit of size whereby b is increased */
private static final Log log = LogFactory.getLog(Stemmer.class.getName());
public Stemmer()
{ b = new char[INC];
i = 0;
i_end = 0;
}
/**
* Add a character to the word being stemmed. When you are finished
* adding characters, you can call stem(void) to stem the word.
*/
public void add(char ch)
{ if (i == b.length)
{ char[] new_b = new char[i+INC];
for (int c = 0; c < i; c++) new_b[c] = b[c];
b = new_b;
}
b[i++] = ch;
}
/** Adds wLen characters to the word being stemmed contained in a portion
* of a char[] array. This is like repeated calls of add(char ch), but
* faster.
*/
public void add(char[] w, int wLen)
{ if (i+wLen >= b.length)
{ char[] new_b = new char[i+wLen+INC];
for (int c = 0; c < i; c++) new_b[c] = b[c];
b = new_b;
}
for (int c = 0; c < wLen; c++) b[i++] = w[c];
}
/**
* After a word has been stemmed, it can be retrieved by toString(),
* or a reference to the internal buffer can be retrieved by getResultBuffer
* and getResultLength (which is generally more efficient.)
*/
public String toString() { return new String(b,0,i_end); }
/**
* Returns the length of the word resulting from the stemming process.
*/
public int getResultLength() { return i_end; }
/**
* Returns a reference to a character buffer containing the results of
* the stemming process. You also need to consult getResultLength()
* to determine the length of the result.
*/
public char[] getResultBuffer() { return b; }
/* cons(i) is true <=> b[i] is a consonant. */
private final boolean cons(int i)
{ switch (b[i])
{ case 'a': case 'e': case 'i': case 'o': case 'u': return false;
case 'y': return (i==0) ? true : !cons(i-1);
default: return true;
}
}
/* m() measures the number of consonant sequences between 0 and j. if c is
a consonant sequence and v a vowel sequence, and <..> indicates arbitrary
presence,
<c><v> gives 0
<c>vc<v> gives 1
<c>vcvc<v> gives 2
<c>vcvcvc<v> gives 3
....
*/
private final int m()
{ int n = 0;
int i = 0;
while(true)
{ if (i > j) return n;
if (! cons(i)) break; i++;
}
i++;
while(true)
{ while(true)
{ if (i > j) return n;
if (cons(i)) break;
i++;
}
i++;
n++;
while(true)
{ if (i > j) return n;
if (! cons(i)) break;
i++;
}
i++;
}
}
/* vowelinstem() is true <=> 0,...j contains a vowel */
private final boolean vowelinstem()
{ int i; for (i = 0; i <= j; i++) if (! cons(i)) return true;
return false;
}
/* doublec(j) is true <=> j,(j-1) contain a double consonant. */
private final boolean doublec(int j)
{ if (j < 1) return false;
if (b[j] != b[j-1]) return false;
return cons(j);
}
/* cvc(i) is true <=> i-2,i-1,i has the form consonant - vowel - consonant
and also if the second c is not w,x or y. this is used when trying to
restore an e at the end of a short word. e.g.
cav(e), lov(e), hop(e), crim(e), but
snow, box, tray.
*/
private final boolean cvc(int i)
{ if (i < 2 || !cons(i) || cons(i-1) || !cons(i-2)) return false;
{ int ch = b[i];
if (ch == 'w' || ch == 'x' || ch == 'y') return false;
}
return true;
}
private final boolean ends(String s)
{ int l = s.length();
int o = k-l+1;
if (o < 0) return false;
for (int i = 0; i < l; i++) if (b[o+i] != s.charAt(i)) return false;
j = k-l;
return true;
}
/* setto(s) sets (j+1),...k to the characters in the string s, readjusting
k. */
private final void setto(String s)
{ int l = s.length();
int o = j+1;
for (int i = 0; i < l; i++) b[o+i] = s.charAt(i);
k = j+l;
}
/* r(s) is used further down. */
private final void r(String s) { if (m() > 0) setto(s); }
/* step1() gets rid of plurals and -ed or -ing. e.g.
caresses -> caress
ponies -> poni
ties -> ti
caress -> caress
cats -> cat
feed -> feed
agreed -> agree
disabled -> disable
matting -> mat
mating -> mate
meeting -> meet
milling -> mill
messing -> mess
meetings -> meet
*/
private final void step1()
{ if (b[k] == 's')
{ if (ends("sses")) k -= 2; else
if (ends("ies")) setto("i"); else
if (b[k-1] != 's') k--;
}
if (ends("eed")) { if (m() > 0) k--; } else
if ((ends("ed") || ends("ing")) && vowelinstem())
{ k = j;
if (ends("at")) setto("ate"); else
if (ends("bl")) setto("ble"); else
if (ends("iz")) setto("ize"); else
if (doublec(k))
{ k--;
{ int ch = b[k];
if (ch == 'l' || ch == 's' || ch == 'z') k++;
}
}
else if (m() == 1 && cvc(k)) setto("e");
}
}
/* step2() turns terminal y to i when there is another vowel in the stem. */
private final void step2() { if (ends("y") && vowelinstem()) b[k] = 'i'; }
/* step3() maps double suffices to single ones. so -ization ( = -ize plus
-ation) maps to -ize etc. note that the string before the suffix must give
m() > 0. */
private final void step3() { if (k == 0) return; /* For Bug 1 */ switch (b[k-1])
{
case 'a': if (ends("ational")) { r("ate"); break; }
if (ends("tional")) { r("tion"); break; }
break;
case 'c': if (ends("enci")) { r("ence"); break; }
if (ends("anci")) { r("ance"); break; }
break;
case 'e': if (ends("izer")) { r("ize"); break; }
break;
case 'l': if (ends("bli")) { r("ble"); break; }
if (ends("alli")) { r("al"); break; }
if (ends("entli")) { r("ent"); break; }
if (ends("eli")) { r("e"); break; }
if (ends("ousli")) { r("ous"); break; }
break;
case 'o': if (ends("ization")) { r("ize"); break; }
if (ends("ation")) { r("ate"); break; }
if (ends("ator")) { r("ate"); break; }
break;
case 's': if (ends("alism")) { r("al"); break; }
if (ends("iveness")) { r("ive"); break; }
if (ends("fulness")) { r("ful"); break; }
if (ends("ousness")) { r("ous"); break; }
break;
case 't': if (ends("aliti")) { r("al"); break; }
if (ends("iviti")) { r("ive"); break; }
if (ends("biliti")) { r("ble"); break; }
break;
case 'g': if (ends("logi")) { r("log"); break; }
} }
/* step4() deals with -ic-, -full, -ness etc. similar strategy to step3. */
private final void step4() { switch (b[k])
{
case 'e': if (ends("icate")) { r("ic"); break; }
if (ends("ative")) { r(""); break; }
if (ends("alize")) { r("al"); break; }
break;
case 'i': if (ends("iciti")) { r("ic"); break; }
break;
case 'l': if (ends("ical")) { r("ic"); break; }
if (ends("ful")) { r(""); break; }
break;
case 's': if (ends("ness")) { r(""); break; }
break;
} }
/* step5() takes off -ant, -ence etc., in context <c>vcvc<v>. */
private final void step5()
{ if (k == 0) return; /* for Bug 1 */ switch (b[k-1])
{ case 'a': if (ends("al")) break; return;
case 'c': if (ends("ance")) break;
if (ends("ence")) break; return;
case 'e': if (ends("er")) break; return;
case 'i': if (ends("ic")) break; return;
case 'l': if (ends("able")) break;
if (ends("ible")) break; return;
case 'n': if (ends("ant")) break;
if (ends("ement")) break;
if (ends("ment")) break;
/* element etc. not stripped before the m */
if (ends("ent")) break; return;
case 'o': if (ends("ion") && j >= 0 && (b[j] == 's' || b[j] == 't')) break;
/* j >= 0 fixes Bug 2 */
if (ends("ou")) break; return;
/* takes care of -ous */
case 's': if (ends("ism")) break; return;
case 't': if (ends("ate")) break;
if (ends("iti")) break; return;
case 'u': if (ends("ous")) break; return;
case 'v': if (ends("ive")) break; return;
case 'z': if (ends("ize")) break; return;
default: return;
}
if (m() > 1) k = j;
}
/* step6() removes a final -e if m() > 1. */
private final void step6()
{ j = k;
if (b[k] == 'e')
{ int a = m();
if (a > 1 || a == 1 && !cvc(k-1)) k--;
}
if (b[k] == 'l' && doublec(k) && m() > 1) k--;
}
/** Stem the word placed into the Stemmer buffer through calls to add().
* Returns true if the stemming process resulted in a word different
* from the input. You can retrieve the result with
* getResultLength()/getResultBuffer() or toString().
*/
public void stem()
{ k = i - 1;
if (k > 1) { step1(); step2(); step3(); step4(); step5(); step6(); }
i_end = k+1; i = 0;
}
public static String StemString( String inputStr, int maxLength )
{
String outputStr="";
int previousCh=0;
char[] w = new char[maxLength];
char[] inputArray = inputStr.toCharArray();
Stemmer s = new Stemmer();
int inputArrayIndex=0, stemmerInputBufferIndex=0, ch=0;
for ( inputArrayIndex=0; inputArrayIndex<inputArray.length; inputArrayIndex++ ) {
ch = inputArray[inputArrayIndex];
if ( Character.isLetter((char) ch)) {
stemmerInputBufferIndex = 0; // start collecting letters for a new word
while ( inputArrayIndex < inputArray.length ) { // keep reading until hit character other than a letter
ch = Character.toLowerCase((char) ch);
w[stemmerInputBufferIndex] = (char) ch;
if (stemmerInputBufferIndex < maxLength-1 ) {
stemmerInputBufferIndex++;
}
if ( inputArrayIndex < inputArray.length-1 ) {
previousCh = ch;
ch = inputArray[++inputArrayIndex];
if ( !Character.isLetter((char) ch) ) { // parse the word in preparation for starting a new one
for (int c = 0; c < stemmerInputBufferIndex; c++) { // copy to stemmer internal buffer
s.add(w[c]);
}
s.stem();
{
String u;
u = s.toString();
outputStr += u;
if ( ch == '-' ) { // replace - with space
outputStr += " ";
} else if ( ch == '.' ) {
if ( Character.isDigit( (char) previousCh )) {
outputStr += ".";
} else {
outputStr += " ";
//previousCh = 32; // set to whitespace; extra spaces should be filtered out on next pass
}
} else {
Character Ch = new Character((char) ch);
outputStr += Ch.toString();
}
stemmerInputBufferIndex=0; // to avoid repeats after )
}
break;
}
} else {
break;
}
}
} else if ( Character.isWhitespace((char) ch) ) {
if ( !Character.isWhitespace((char) previousCh ) ) {
if ( previousCh != '.' ) {
Character Ch = new Character((char) ch);
outputStr += Ch.toString();
}
}
} else if ( ch == '(' ) { // open paren; copy all characters until close paren
while ( ch != ')' ) {
if ( inputArrayIndex < inputArray.length ) {
ch = inputArray[inputArrayIndex++];
} else {
log.trace ("");
log.trace("1 short of EOS in paren at pos: " + inputArrayIndex + " of " + inputStr );
break;
}
Character Ch = new Character((char) ch);
//outputStr += Ch.toString();
//System.out.print( Ch.toString() );
}
//log.trace("");
/* not needed -- just duplicates close paren
if ( ch == ')') {
Character Ch = new Character((char) ch);
outputStr += Ch.toString();
log.trace( Ch.toString() );
}
*/
stemmerInputBufferIndex=0;
} else if ( ch == ')' ) { // when is last character of input string
Character Ch = new Character((char) ch);
outputStr += Ch.toString();
log.trace( Ch.toString() );
log.trace("found close paren at position: " + inputArrayIndex + " of input term " + inputStr );
} else if ( ch == '-' ) { // replace - with space
outputStr += " ";
} else if ( ch == '.' ) {
if ( Character.isDigit( (char) previousCh )) {
outputStr += ".";
} else {
outputStr += " ";
//previousCh = 32; // set to whitespace; extra spaces should be filtered out on next pass
}
} else {
Character Ch = new Character((char) ch);
outputStr += Ch.toString();
}
previousCh = ch;
if (ch < 0) break;
}
if ( stemmerInputBufferIndex > 0 ) {
for (int c = 0; c < stemmerInputBufferIndex; c++) {
s.add(w[c]);
}
s.stem();
String u;
u = s.toString();
outputStr += u;
}
return outputStr == null ? ( outputStr.equals("") ? null : outputStr.trim() ) : outputStr.trim();
}
/*
public static void main(String[] args)
{
char[] w = new char[501];
Stemmer s = new Stemmer();
for (int i = 0; i < args.length; i++)
try
{
FileInputStream in = new FileInputStream(args[i]);
try
{ while(true)
{ int ch = in.read();
if (Character.isLetter((char) ch))
{
int j = 0;
while(true)
{ ch = Character.toLowerCase((char) ch);
w[j] = (char) ch;
if (j < 500) j++;
ch = in.read();
if (!Character.isLetter((char) ch))
{
// to test add(char ch)
for (int c = 0; c < j; c++) s.add(w[c]);
// or, to test add(char[] w, int j)
// s.add(w, j);
s.stem();
{ String u;
// and now, to test toString() :
u = s.toString();
// to test getResultBuffer(), getResultLength() :
// u = new String(s.getResultBuffer(), 0, s.getResultLength());
System.out.print(u);
}
break;
}
}
}
if (ch < 0) break;
System.out.print((char)ch);
}
}
catch (IOException e)
{ log.trace("error reading " + args[i]);
break;
}
}
catch (FileNotFoundException e)
{ log.trace("file " + args[i] + " not found");
break;
}
}
*/
public static void main(String[] args)
{
char[] w = new char[501];
Stemmer s = new Stemmer();
for (int i = 0; i < args.length; i++) {
System.out.println( StemString( args[i], 100 ));
}
}
}

36
webapp/src/edu/cornell/mannlib/vedit/validator/ValidationObject.java Normal file
View file

@ -0,0 +1,36 @@
package edu.cornell.mannlib.vedit.validator;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
public class ValidationObject {
private boolean valid = false;
private String message;
private Object validatedObject = null;
public boolean getValid(){
return valid;
}
public void setValid(boolean valid){
this.valid = valid;
}
public String getMessage(){
return message;
}
public void setMessage(String message){
this.message = message;
}
public Object getValidatedObject(){
return validatedObject;
}
public void setValidatedObject(Object validatedObject){
this.validatedObject = validatedObject;
}
}

9
webapp/src/edu/cornell/mannlib/vedit/validator/Validator.java Normal file
View file

@ -0,0 +1,9 @@
package edu.cornell.mannlib.vedit.validator;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
public interface Validator {
public ValidationObject validate(Object obj) throws IllegalArgumentException;
}

44
webapp/src/edu/cornell/mannlib/vedit/validator/impl/EnumValuesValidator.java Normal file
View file

@ -0,0 +1,44 @@
package edu.cornell.mannlib.vedit.validator.impl;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import edu.cornell.mannlib.vedit.validator.*;
import java.util.HashSet;
import java.util.Iterator;
public class EnumValuesValidator implements Validator {
private HashSet legalValues = new HashSet();
public ValidationObject validate(Object obj){
ValidationObject vo = new ValidationObject();
if (legalValues.contains((String)obj)){
vo.setValid(true);
} else {
vo.setValid(false);
if (legalValues.size()<7){
String msgString = "Please enter one of ";
Iterator valuesIt = legalValues.iterator();
while (valuesIt.hasNext()) {
String legalValue = (String) valuesIt.next();
msgString += "'"+legalValue+"'";
if (valuesIt.hasNext())
msgString += ", ";
else
msgString += ".";
}
vo.setMessage(msgString);
}
else {
vo.setMessage("Please enter a legal value.");
}
}
vo.setValidatedObject(obj);
return vo;
}
public EnumValuesValidator (String[] legalValues){
for (int i=0; i<legalValues.length; i++)
this.legalValues.add(legalValues[i]);
}
}

54
webapp/src/edu/cornell/mannlib/vedit/validator/impl/IntValidator.java Normal file
View file

@ -0,0 +1,54 @@
package edu.cornell.mannlib.vedit.validator.impl;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import edu.cornell.mannlib.vedit.validator.Validator;
import edu.cornell.mannlib.vedit.validator.ValidationObject;
public class IntValidator implements Validator {
protected int minVal = -1;
protected int maxVal = -1;
public ValidationObject validate (Object obj) throws IllegalArgumentException {
ValidationObject vo = new ValidationObject();
int theInt = -1;
if (obj instanceof String) {
try {
theInt = Integer.parseInt((String) obj);
} catch (NumberFormatException e) {
vo.setValid(false);
vo.setMessage("Please enter an integer");
vo.setValidatedObject(obj);
return vo;
}
} else {
try {
theInt = ((Integer) obj).intValue();
} catch (Exception e) {
vo.setValid(false);
vo.setMessage("Please enter an integer");
vo.setValidatedObject(obj);
return vo;
}
}
if ( theInt < minVal || theInt > maxVal ) {
vo.setValid(false);
vo.setMessage("Enter a number between "+minVal+" and "+maxVal);
} else {
vo.setValid(true);
}
vo.setValidatedObject(obj);
return vo;
}
public IntValidator (int minVal, int maxVal){
this.minVal = minVal;
this.maxVal = maxVal;
}
}

26
webapp/src/edu/cornell/mannlib/vedit/validator/impl/RequiredFieldValidator.java Normal file
View file

@ -0,0 +1,26 @@
package edu.cornell.mannlib.vedit.validator.impl;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import edu.cornell.mannlib.vedit.validator.Validator;
import edu.cornell.mannlib.vedit.validator.ValidationObject;
public class RequiredFieldValidator implements Validator {
public ValidationObject validate (Object obj) throws IllegalArgumentException {
ValidationObject vo = new ValidationObject();
if (obj==null || (obj instanceof String && ((String)obj).length()==0)) {
vo.setValid(false);
vo.setMessage("Please enter a value");
} else {
vo.setValid(true);
}
vo.setValidatedObject(obj);
return vo;
}
}

32
webapp/src/edu/cornell/mannlib/vedit/validator/impl/UrlValidator.java Normal file
View file

@ -0,0 +1,32 @@
package edu.cornell.mannlib.vedit.validator.impl;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import edu.cornell.mannlib.vedit.validator.Validator;
import edu.cornell.mannlib.vedit.validator.ValidationObject;
import java.util.regex.*;
public class UrlValidator implements Validator {
public ValidationObject validate (Object obj) throws IllegalArgumentException {
ValidationObject vo = new ValidationObject();
String theString = null;
if (!(obj instanceof String)){
throw new IllegalArgumentException("Expected instance of String");
}
Pattern pat = Pattern.compile("[a-z]{3,5}*://.*\\.[a-z]{2,4}");
Matcher mat = pat.matcher(theString);
if (mat.matches()){
vo.setValid(true);
} else {
vo.setValid(false);
vo.setMessage("Please enter a valid URL");
}
vo.setValidatedObject(obj);
return vo;
}
}

53
webapp/src/edu/cornell/mannlib/vedit/validator/impl/XMLNameValidator.java Normal file
View file

@ -0,0 +1,53 @@
package edu.cornell.mannlib.vedit.validator.impl;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import edu.cornell.mannlib.vedit.validator.Validator;
import edu.cornell.mannlib.vedit.validator.ValidationObject;
public class XMLNameValidator implements Validator {
private final static String ERR_MSG = "Must start with a letter or '_' and use only letters, digits, '.', '-' or '_'. No spaces allowed.";
Pattern pat = null;
boolean permitEmpty = false;
public XMLNameValidator() {
pat = Pattern.compile("[A-Za-z_][A-Za-z0-9_\\-\\.]*");
}
public XMLNameValidator(boolean permitEmpty) {
this();
this.permitEmpty = permitEmpty;
}
public ValidationObject validate (Object obj) throws IllegalArgumentException {
ValidationObject vo = new ValidationObject();
String theString = null;
try {
theString = (String) obj;
} catch (ClassCastException e) {
throw new IllegalArgumentException("Expected instance of String");
}
if (permitEmpty && (theString == null || "".equals(theString))) {
vo.setValid(true);
} else {
Matcher mat = pat.matcher(theString);
if (mat.matches()){
vo.setValid(true);
} else {
vo.setValid(false);
vo.setMessage(ERR_MSG);
}
}
vo.setValidatedObject(obj);
return vo;
}
}

111
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/AuthTestController.java Normal file
View file

@ -0,0 +1,111 @@
package edu.cornell.mannlib.vitro.webapp.auth;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.ServletIdentifierBundleFactory;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ServletPolicyList;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddDataPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddObjectPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
import edu.cornell.mannlib.vitro.webapp.controller.VitroHttpServlet;
/**
* Tests and gives info about the auth sysetm
*
* @author bdc34
*
*/
public class AuthTestController extends VitroHttpServlet {
public void doGet(HttpServletRequest req, HttpServletResponse res )
throws IOException, ServletException{
super.doGet(req,res);
HttpSession session = req.getSession(false);
IdentifierBundle ids = ServletIdentifierBundleFactory.getIdBundleForRequest(req,session,getServletContext());
ServletOutputStream out = res.getOutputStream();
listIdentifiers(out,ids);
checkAuths(out,ids, getServletContext());
}
private void listIdentifiers(ServletOutputStream out, IdentifierBundle ids) throws IOException{
out.println("<h1>Identifiers: </h1>");
out.println("<table>");
for( Object obj: ids){
if( obj == null ){
out.println("<tr>obj was null</tr>");
continue;
}
out.println("<tr>");
out.println("<td>"+obj.getClass().getName() + "</td>");
out.println("<td>"+obj.toString() + "</td>");
out.println("</tr>");
}
out.println("</table>");
}
private void checkAuths(ServletOutputStream out, IdentifierBundle ids, ServletContext servletContext)
throws IOException{
ServletPolicyList policy = ServletPolicyList.getPolicies(servletContext);
out.println("<h1>Authorization tests:</h1>");
if( policy == null ) { out.println("No Policy objects found in ServletContext. ");
}
out.println("<table>");
for(RequestedAction action: actions){
out.println("<tr><td>"+action.getClass().getName()+"</td>");
try {
PolicyDecision pd = policy.isAuthorized(ids, action);
if( pd == null)
out.println("<td>ERROR: PolicyDecision was null</td><td/>");
else{
out.println("<td>"+ pd.getAuthorized() +"</td>");
out.println("<td>"+ pd.getMessage() +"</td>");
}
} catch (Exception e) {
out.println("<td> exception: " + e + "</td>");
e.printStackTrace();
}
}
out.println("</table>");
}
private static List<RequestedAction> actions = new ArrayList<RequestedAction>();
static{
actions.add(new AddDataPropStmt("http://some.non.existing.resource", "http://some.non.existing.dataproperty", "bogus value", null, null));
actions.add(new AddObjectPropStmt("http://vivo.library.cornell.edu/abox#entity11821","vitro:headOf","http://vivo.library.cornell.edu/abox#entity1"));
actions.add(new AddObjectPropStmt("http://vivo.library.cornell.edu/abox#entity123","vitro:headOf","http://vivo.library.cornell.edu/abox#entity1"));
// actions.add(new AddResource("http://bogus.REsourceType.uri","http://bogus.uri"));
// actions.add(new DropObjectPropStmt());
// actions.add(new DefineObjectProperty());
// actions.add(new DefineDataProperty());
// actions.add(new RemoveOwlClass());
// actions.add(new CreateOwlClass());
//
// actions.add(new AddNewUser());
// actions.add(new LoadOntology());
// actions.add(new RebuildTextIndex());
// actions.add(new RemoveUser());
// actions.add(new ServerStatus());
// actions.add(new UpdateTextIndex());
// actions.add(new UploadFile("http://uri.of.entity.to.associate/uploaded/file/with","http://uri.of.association.property"));
}
}

95
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/filters/AuthSetupForRequest.java Normal file
View file

@ -0,0 +1,95 @@
package edu.cornell.mannlib.vitro.webapp.auth.filters;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundleFactory;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.ServletIdentifierBundleFactory;
import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyList;
import edu.cornell.mannlib.vitro.webapp.auth.policy.RequestPolicyList;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ServletPolicyList;
/**
* Setup an IdentifierBundle and PolicyList for the request and put it in the request scope.
*
* It expects to get the IdentifierBundleFactory from ServletIdentifierBundleFactory and
* PolicyList from ServletPolicyList;
*
* @author bdc34
*
*/
public class AuthSetupForRequest implements Filter {
ServletContext context;
public void init(FilterConfig filterConfig) throws ServletException {
context = filterConfig.getServletContext();
}
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
//get a factory that will convert Requests into Identifiers
IdentifierBundleFactory idbf = ServletIdentifierBundleFactory.getIdentifierBundleFactory(context);
//try to get the session
HttpSession session = null;
if( servletRequest instanceof HttpServletRequest)
session = ((HttpServletRequest)servletRequest).getSession(false);
//get Identifiers and stick in Request scope
try{
if( idbf != null ){
IdentifierBundle ib = idbf.getIdentifierBundle(servletRequest, session, context);
servletRequest.setAttribute(IDENTIFIER_BUNDLE, ib);
}
}catch(RuntimeException rx){
log.warn("could not get Identifier Bundle",rx);
}
//get the policies that are in effect for the context and add to Request Scope
PolicyList plist = ServletPolicyList.getPolicies(context);
servletRequest.setAttribute(RequestPolicyList.POLICY_LIST , plist);
filterChain.doFilter(servletRequest, servletResponse);
}
public void destroy() { }
private static final Log log = LogFactory.getLog(AuthSetupForRequest.class);
private static final String IDENTIFIER_BUNDLE = "IdentifierBundle";
/* ************ static utility methods ********************* */
public static IdentifierBundle getIdentifierBundle(HttpServletRequest req){
if( req != null )
return (IdentifierBundle)req.getAttribute(IDENTIFIER_BUNDLE);
else
return null;
}
public static PolicyList getPolicyList( HttpServletRequest req){
if( req != null ){
HttpSession sess = req.getSession(false);
if( sess != null ){
return (PolicyList)sess.getAttribute(RequestPolicyList.POLICY_LIST);
}else{
return null;
}
}else{
return null;
}
}
}

14
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/ArrayIdentifierBundle.java Normal file
View file

@ -0,0 +1,14 @@
package edu.cornell.mannlib.vitro.webapp.auth.identifier;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import java.util.ArrayList;
/**
* Most common implementation of a List of Identifiers (IdentifierBundle).
* @author bdc34
*
*/
public class ArrayIdentifierBundle extends ArrayList<Identifier> implements IdentifierBundle{
}

48
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/CuratorEditingIdentifierFactory.java Normal file
View file

@ -0,0 +1,48 @@
package edu.cornell.mannlib.vitro.webapp.auth.identifier;
import javax.servlet.ServletContext;
import javax.servlet.ServletRequest;
import javax.servlet.http.HttpSession;
import edu.cornell.mannlib.vedit.beans.LoginFormBean;
import edu.cornell.mannlib.vitro.webapp.auth.policy.RoleBasedPolicy;
import edu.cornell.mannlib.vitro.webapp.auth.policy.RoleBasedPolicy.AuthRole;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
public class CuratorEditingIdentifierFactory implements IdentifierBundleFactory{
public IdentifierBundle getIdentifierBundle(ServletRequest request,
HttpSession session, ServletContext context) {
IdentifierBundle ib = new ArrayIdentifierBundle();
ib.add( RoleBasedPolicy.AuthRole.ANYBODY);
if( session != null ){
LoginFormBean f = (LoginFormBean) session.getAttribute( "loginHandler" );
try{
if( f != null && Integer.parseInt( f.getLoginRole() ) >= LoginFormBean.CURATOR){
ib.add(new CuratorEditingId(f.getLoginRole(),f.getUserURI()));
ib.add(AuthRole.CURATOR);
}
}catch(NumberFormatException th){}
}
return ib;
}
public static class CuratorEditingId extends RoleIdentifier {
final String role;
final String uri;
public CuratorEditingId( String role, String uri) {
this.role = role;
this.uri = uri;
}
public String getRole() { return role; }
public String getUri(){ return uri; }
public String toString(){ return uri; }
}
}

52
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/DbAdminEditingIdentifierFactory.java Normal file
View file

@ -0,0 +1,52 @@
package edu.cornell.mannlib.vitro.webapp.auth.identifier;
import javax.servlet.ServletContext;
import javax.servlet.ServletRequest;
import javax.servlet.http.HttpSession;
import edu.cornell.mannlib.vedit.beans.LoginFormBean;
import edu.cornell.mannlib.vitro.webapp.auth.policy.RoleBasedPolicy;
import edu.cornell.mannlib.vitro.webapp.auth.policy.RoleBasedPolicy.AuthRole;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
public class DbAdminEditingIdentifierFactory implements IdentifierBundleFactory{
public IdentifierBundle getIdentifierBundle(ServletRequest request,
HttpSession session, ServletContext context) {
IdentifierBundle ib = new ArrayIdentifierBundle();
ib.add( RoleBasedPolicy.AuthRole.ANYBODY);
if( session != null ){
LoginFormBean f = (LoginFormBean) session.getAttribute( "loginHandler" );
try{
if( f != null && Integer.parseInt( f.getLoginRole() ) >= LoginFormBean.DBA){
ib.add(new DbAdminEditingId(f.getLoginRole(),f.getUserURI()));
ib.add(AuthRole.DBA);
}
}catch(NumberFormatException th){}
}
return ib;
}
public static class DbAdminEditingId extends RoleIdentifier{
final String role;
final String uri;
public DbAdminEditingId( String role, String uri) {
this.role = role;
this.uri = uri;
}
public String getRole() {
return role;
}
public String getUri(){ return uri; }
public String toString(){
return "DbAdmin role of " + getRole();
}
}
}

49
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/EditorEditingIdentifierFactory.java Normal file
View file

@ -0,0 +1,49 @@
package edu.cornell.mannlib.vitro.webapp.auth.identifier;
import javax.servlet.ServletContext;
import javax.servlet.ServletRequest;
import javax.servlet.http.HttpSession;
import edu.cornell.mannlib.vedit.beans.LoginFormBean;
import edu.cornell.mannlib.vitro.webapp.auth.policy.RoleBasedPolicy;
import edu.cornell.mannlib.vitro.webapp.auth.policy.RoleBasedPolicy.AuthRole;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
public class EditorEditingIdentifierFactory implements IdentifierBundleFactory{
public IdentifierBundle getIdentifierBundle(ServletRequest request,
HttpSession session, ServletContext context) {
IdentifierBundle ib = new ArrayIdentifierBundle();
ib.add( RoleBasedPolicy.AuthRole.ANYBODY);
if( session != null ){
LoginFormBean f = (LoginFormBean) session.getAttribute( "loginHandler" );
try{
if( f != null && Integer.parseInt( f.getLoginRole() ) >= LoginFormBean.EDITOR){
ib.add(new EditorEditingId(f.getLoginRole(), f.getUserURI()));
ib.add(AuthRole.EDITOR);
}
}catch(NumberFormatException th){ }
}
return ib;
}
public static class EditorEditingId implements Identifier {
final String role;
final String uri;
public EditorEditingId( String role, String uri) {
this.role = role;
this.uri = uri;
}
public String getUri(){ return uri; }
public String getRole() {
return role;
}
public String toString(){
return "Editor role of " + getRole();
}
}
}

60
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/FakeSelfEditingIdentifierFactory.java Normal file
View file

@ -0,0 +1,60 @@
package edu.cornell.mannlib.vitro.webapp.auth.identifier;
import javax.servlet.ServletContext;
import javax.servlet.ServletRequest;
import javax.servlet.http.HttpSession;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.SelfEditingIdentifierFactory.NetId;
import edu.cornell.mannlib.vitro.webapp.auth.policy.RoleBasedPolicy;
import edu.cornell.mannlib.vitro.webapp.beans.Individual;
import edu.cornell.mannlib.vitro.webapp.dao.IndividualDao;
import edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
/**
* Attempts to simulate the action of NetIdIdentifierFactory.java using the
* request attribute FAKE_SELF_EDIT_NETID.
*/
public class FakeSelfEditingIdentifierFactory implements IdentifierBundleFactory{
public static final String FAKE_SELF_EDIT_NETID = "fakeSelfEditingNetid";
public IdentifierBundle getIdentifierBundle(ServletRequest request,
HttpSession session, ServletContext context) {
WebappDaoFactory wdf = ((WebappDaoFactory)context.getAttribute("webappDaoFactory"));
IdentifierBundle ib = new ArrayIdentifierBundle();
ib.add( RoleBasedPolicy.AuthRole.ANYBODY);
String netid = null;
if( session != null )
netid = (String)session.getAttribute(FAKE_SELF_EDIT_NETID );
if( netid != null ){
NetId netIdToken = new NetId(netid);
ib.add(netIdToken);
String uri = wdf.getIndividualDao().getIndividualURIFromNetId( netid );
if( uri != null ){
Individual ind = wdf.getIndividualDao().getIndividualByURI(uri);
if( ind != null ){
String causeOfBlacklist = SelfEditingIdentifierFactory.checkForBlacklisted(ind, context);
if( causeOfBlacklist == SelfEditingIdentifierFactory.NOT_BLACKLISTED )
ib.add( new SelfEditingIdentifierFactory.SelfEditing( ind, SelfEditingIdentifierFactory.NOT_BLACKLISTED ) );
else
ib.add( new SelfEditingIdentifierFactory.SelfEditing( ind, causeOfBlacklist ) );
}
}
}
return ib;
}
public static void putFakeIdInSession(String netid, HttpSession session){
session.setAttribute(FAKE_SELF_EDIT_NETID , netid);
}
public static void clearFakeIdInSession( HttpSession session){
session.removeAttribute(FAKE_SELF_EDIT_NETID);
}
}

30
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/Identifier.java Normal file
View file

@ -0,0 +1,30 @@
package edu.cornell.mannlib.vitro.webapp.auth.identifier;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
/**
* Indicates who the user is and what roles/groups they belong to.
* The objects returned by this could be anything. For example, RoleBacedPolicy
* looks for RoleBacedPolicy.AuthRole objects.
*
* This is a marker interface to indicate that a object is an identifier,
* implementations of Identifier may provide any sort of identifying functionality or
* methods.
*
* <h3>Justification for a methodless interface</h3>
* This is better than using Object since having method signatures that have
* Identifier at least indicates the intent of the parameter, even if it is the
* same to the compiler.
*
* Policy objects are expected to examine the IdentiferBundle to find the
* information needed to make a decision. There is no set pattern as to
* what will and will not be a configuration of Identifiers that will create
* a AUTHORIZED decision. Reflection, Pattern Matching or something similar
* will be needed.
*
* We have no compile time information about what will structures will map
* to which Authorization, let's not pretend that we do.
*/
public interface Identifier {
}

13
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/IdentifierBundle.java Normal file
View file

@ -0,0 +1,13 @@
package edu.cornell.mannlib.vitro.webapp.auth.identifier;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import java.util.List;
/**
* A group of Identifiers, very commonly used in method signatures
* since a session will usually have more than one associated identifier.
*/
public interface IdentifierBundle extends List <Identifier>{
/* this is just typed List, and just barely. */
}

23
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/IdentifierBundleFactory.java Normal file
View file

@ -0,0 +1,23 @@
package edu.cornell.mannlib.vitro.webapp.auth.identifier;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import javax.servlet.ServletContext;
import javax.servlet.ServletRequest;
import javax.servlet.http.HttpSession;
/**
* Creates an IdentifierBundle for a ServletRequest/HttpSession. Useful
* for getting the identifiers that should be associated with a request to
* a servlet or a JSP.
*
* We have this method signature because these are the object that are accessible
* from JSP TagSupport.pageContext.
*
* @author bdc34
*
*/
public interface IdentifierBundleFactory {
public IdentifierBundle getIdentifierBundle(ServletRequest request, HttpSession session, ServletContext context);
}

29
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/RoleIdentifier.java Normal file
View file

@ -0,0 +1,29 @@
package edu.cornell.mannlib.vitro.webapp.auth.identifier;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import edu.cornell.mannlib.vitro.webapp.auth.identifier.SelfEditingIdentifierFactory.SelfEditing;
public abstract class RoleIdentifier implements Identifier {
public abstract String getRole();
public abstract String getUri();
public static String getUri( Identifier id){
if( id == null ) return null;
if( id instanceof RoleIdentifier ){
return ((RoleIdentifier)id).getUri();
}else{
return null;
}
}
public static String getUri( IdentifierBundle idb){
for( Identifier id : idb ){
if (id instanceof RoleIdentifier) {
RoleIdentifier roleId = (RoleIdentifier) id;
return roleId.getUri();
}
}
return null;
}
}

67
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/SelfEditing2RoleIdentifierFactory.java Normal file
View file

@ -0,0 +1,67 @@
package edu.cornell.mannlib.vitro.webapp.auth.identifier;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import javax.servlet.ServletContext;
import javax.servlet.ServletContextEvent;
import javax.servlet.ServletContextListener;
import javax.servlet.ServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import com.hp.hpl.jena.ontology.OntModel;
import edu.cornell.mannlib.vitro.webapp.auth.policy.RoleBasedPolicy.AuthRole;
import edu.cornell.mannlib.vitro.webapp.auth.policy.setup.SelfEditingPolicySetup;
import edu.cornell.mannlib.vitro.webapp.beans.User;
import edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory;
/**
* Checks to see if the Individual associated with a SelfEditingIdentifier
* has Admin, Curator or Editor rights. This ignores black listing.
*
* This should be added to the IdentifierFactory list after the
* SelfEditingIdentiferFactory.
*
* SelfEditing2RoleIdentifierSetup can be used in web.xml to add this class
* to the IdentifierFactory list of a servlet context.
*
* @author bdc34
*
*/
public class SelfEditing2RoleIdentifierFactory implements
IdentifierBundleFactory {
public IdentifierBundle getIdentifierBundle(ServletRequest request,
HttpSession session, ServletContext context) {
IdentifierBundle whoToAuth = ServletIdentifierBundleFactory.getExistingIdBundle(request);
if( whoToAuth != null ){
WebappDaoFactory wdf = (WebappDaoFactory)context.getAttribute("webappDaoFactory");
if( wdf == null )
return whoToAuth;
SelfEditingIdentifierFactory.SelfEditing selfEditing =
SelfEditingIdentifierFactory.getSelfEditingIdentifier(whoToAuth);
if( selfEditing != null ){
User user = wdf.getUserDao().getUserByURI(selfEditing.getIndividual().getURI());
if( user != null){
String role = user.getRoleURI();
if("role/:50".equals(role)){
whoToAuth.add( AuthRole.DBA );
}
if("role/:4".equals(role)){
whoToAuth.add( AuthRole.CURATOR);
}
if("role/:3".equals(role)){
whoToAuth.add( AuthRole.EDITOR);
}
if("role/:2".equals(role)){
whoToAuth.add( AuthRole.USER );
}
}
}
}
return whoToAuth;
}
}

308
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/SelfEditingIdentifierFactory.java Normal file
View file

@ -0,0 +1,308 @@
package edu.cornell.mannlib.vitro.webapp.auth.identifier;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import java.io.File;
import java.io.FileFilter;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import javax.servlet.ServletContext;
import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import com.hp.hpl.jena.query.Query;
import com.hp.hpl.jena.query.QueryExecution;
import com.hp.hpl.jena.query.QueryExecutionFactory;
import com.hp.hpl.jena.query.QueryFactory;
import com.hp.hpl.jena.query.QuerySolution;
import com.hp.hpl.jena.query.ResultSet;
import com.hp.hpl.jena.rdf.model.Literal;
import com.hp.hpl.jena.rdf.model.Model;
import com.hp.hpl.jena.rdf.model.RDFNode;
import com.hp.hpl.jena.rdf.model.Resource;
import edu.cornell.mannlib.vitro.webapp.beans.Individual;
import edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory;
/**
* Pulls a netId out of the CUWebAuth REMOTE_USER header.
*
*
* @author bdc34
*
*/
public class SelfEditingIdentifierFactory implements IdentifierBundleFactory {
public final static String httpHeaderForNetId = "REMOTE_USER";
private static final Log log = LogFactory.getLog(SelfEditingIdentifierFactory.class.getName());
public IdentifierBundle getIdentifierBundle(ServletRequest request, HttpSession session, ServletContext context) {
IdentifierBundle idb = getFromCUWebAuthHeader(request,session,context);
if( idb != null )
return idb;
else
return getFromSession(request,session);
}
private IdentifierBundle getFromCUWebAuthHeader(ServletRequest request, HttpSession session,ServletContext context){
String cuwebauthUser = ((HttpServletRequest)request).getHeader(CUWEBAUTH_REMOTE_USER_HEADER);
log.debug("Looking for CUWebAuth header " + CUWEBAUTH_REMOTE_USER_HEADER + " found : '" + cuwebauthUser +"'");
if( cuwebauthUser == null || cuwebauthUser.length() == 0){
log.debug("No CUWebAuthUser string found");
return null;
}
if( cuwebauthUser.length() > 100){
log.info("CUWebAuthUser is longer than 100 chars, this may be a malicious request");
return null;
}
if( context == null ){
log.error("ServletContext was null");
return null;
}
NetId netid = new NetId(cuwebauthUser);
SelfEditing selfE = null;
IdentifierBundle idb = new ArrayIdentifierBundle();
idb.add(netid);
log.debug("added NetId object to IdentifierBundle from CUWEBAUTH header");
//VitroRequest vreq = new VitroRequest((HttpServletRequest)request);
WebappDaoFactory wdf = (WebappDaoFactory)context.getAttribute("webappDaoFactory");
if( wdf == null ){
log.error("Could not get a WebappDaoFactory from the ServletContext");
return null;
}
String uri = wdf.getIndividualDao().getIndividualURIFromNetId(cuwebauthUser);
if( uri != null){
Individual ind = wdf.getIndividualDao().getIndividualByURI(uri);
if( ind != null ){
String blacklisted = checkForBlacklisted(ind, context);
selfE = new SelfEditing( ind ,blacklisted );
idb.add( selfE );
log.debug("Found an Individual for netId " + cuwebauthUser + " URI: " + ind.getURI() );
}else{
log.warn("found a URI for the netId " + cuwebauthUser + " but could not build Individual");
}
}else{
log.debug("could not find an Individual with a netId of " + cuwebauthUser );
}
putNetIdInSession(session, selfE, netid);
return idb;
}
/**
* Runs through .sparql files in the BLACKLIST_SPARQL_DIR, the first that returns one
* or more rows will be cause the user to be blacklisted. The first variable from
* the first solution set will be returned.
*/
public static String checkForBlacklisted(Individual ind, ServletContext context) {
if( ind == null || context == null ) {
log.error("could not check for Blacklist, null individual or context");
return NOT_BLACKLISTED;
}
String realPath = context.getRealPath(BLACKLIST_SPARQL_DIR);
File blacklistDir = new File(realPath );
if( !blacklistDir.exists()){
log.debug("could not find blacklist directory " + realPath);
return NOT_BLACKLISTED;
}
if( ! blacklistDir.canRead() || ! blacklistDir.isDirectory() ){
log.debug("cannot read blacklist directory " + realPath);
return NOT_BLACKLISTED;
}
log.debug("checking directlry " + realPath + " for blacklisting sparql query files");
File[] files = blacklistDir.listFiles(new FileFilter(){
public boolean accept(File pathname) {
return pathname.getName().endsWith(".sparql");
}}
);
String reasonForBlacklist = NOT_BLACKLISTED;
for( File file : files ){
try{
reasonForBlacklist = runSparqlFileForBlacklist( file, ind, context);
if( reasonForBlacklist != NOT_BLACKLISTED )
break;
}catch(RuntimeException ex){
log.error("Could not run blacklist check query for file " +
file.getAbsolutePath() + file.separatorChar + file.getName(),
ex);
}
}
return reasonForBlacklist;
}
/**
* Runs the SPARQL query in the file with the uri of the individual
* substituted in. If there are any solution sets, then the URI of
* the variable named "cause" will be returned, make sure that it is a
* resource with a URI. Otherwise null will be returned.
* The URI of ind will be substituted into the query where ever the
* token "?individualURI" is found.
*/
private static String runSparqlFileForBlacklist
(File file, Individual ind, ServletContext context)
{
if( !file.canRead() ){
log.debug("cannot read blacklisting SPARQL file " + file.getName());
return NOT_BLACKLISTED;
}
String queryString = null;
FileInputStream fis = null;
try{
fis = new FileInputStream(file);
byte b[]= new byte[fis.available()];
fis.read(b);
queryString = new String(b);
}catch( FileNotFoundException fnfe){
log.debug(fnfe);
return NOT_BLACKLISTED;
}catch( IOException ioe){
log.debug(ioe);
return NOT_BLACKLISTED;
}finally{
try {
fis.close();
} catch (IOException e) {
log.warn("could not close file", e);
}
}
if( queryString == null || queryString.length() == 0 ){
log.debug(file.getName() + " is empty");
return NOT_BLACKLISTED;
}
Model model = (Model)context.getAttribute("jenaOntModel");
queryString = queryString.replaceAll("\\?individualURI", "<" + ind.getURI() + ">");
log.debug(queryString);
Query query = QueryFactory.create(queryString);
QueryExecution qexec = QueryExecutionFactory.create(query,model);
try{
ResultSet results = qexec.execSelect();
while(results.hasNext()){
QuerySolution solution = results.nextSolution();
if( solution.contains("cause") ){
RDFNode node = solution.get("cause");
if( node.canAs( Resource.class ) ){
Resource x = solution.getResource("cause");
return x.getURI();
}else if( node.canAs(Literal.class)){
Literal x = (Literal)node.as(Literal.class);
return x.getString();
}
}else{
log.error("Query solution must contain a variable \"cause\" of type Resource or Literal.");
return null;
}
}
}finally{ qexec.close(); }
return null;
}
private IdentifierBundle getFromSession(ServletRequest req, HttpSession session ){
NetId netid = (NetId)session.getAttribute(NETID_IN_SESSION);
SelfEditing sed = (SelfEditing)session.getAttribute(URI_IN_SESSION);
if( netid != null || sed != null ){
IdentifierBundle idb = new ArrayIdentifierBundle();
if( netid != null){
idb.add(netid);
log.debug("added NetId from session");
}
if( sed != null ){
idb.add(sed);
log.debug("added SelfEditing from Session");
}
return idb;
}else
return null;
}
protected final static String NETID_IN_SESSION = "NetIdIdentifierFactory.netid";
protected final static String URI_IN_SESSION = "NetIdIdentifierFactory.uri";
public static void putNetIdInSession( HttpSession session, SelfEditing se, NetId ni){
session.setAttribute(NETID_IN_SESSION, ni);
session.setAttribute(URI_IN_SESSION, se);
}
public static void clearNetIdFromSession( HttpSession session ){
session.removeAttribute(NETID_IN_SESSION);
session.removeAttribute(URI_IN_SESSION);
}
/********************** NetId inner class *************************/
public static class NetId implements Identifier{
public final String value;
public NetId(String value){
this.value = value;
}
public String getValue(){return value;}
public String toString(){ return value;}
}
/**
* An identifier with the Individual that represents the human self-editor.
*/
public static class SelfEditing implements Identifier{
final Individual individual;
final String blacklisted;
public SelfEditing ( Individual individual, String blacklisted){
if( individual == null )
throw new IllegalArgumentException("Individual must not be null");
this.individual = individual;
this.blacklisted = blacklisted;
}
public String getValue(){
return individual.getURI();
}
public Individual getIndividual(){
return individual;
}
public String getBlacklisted(){
return blacklisted;
}
public String toString(){
return "SelfEditing as " + getValue() +
(getBlacklisted()!=null? " blacklisted by via " + getBlacklisted():"");
}
}
public static SelfEditing getSelfEditingIdentifier( IdentifierBundle whoToAuth ){
if( whoToAuth == null ) return null;
for(Identifier id : whoToAuth){
if (id instanceof SelfEditing)
return (SelfEditing)id;
}
return null;
}
public static String getSelfEditingUri( IdentifierBundle whoToAuth){
SelfEditing sid = getSelfEditingIdentifier(whoToAuth);
if( sid != null )
return sid.getValue();
else
return null;
}
public static final String NOT_BLACKLISTED = null;
private final static String BLACKLIST_SPARQL_DIR = "/admin/selfEditBlacklist";
private final static String CUWEBAUTH_REMOTE_USER_HEADER = "REMOTE_USER";
}

87
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/ServletIdentifierBundleFactory.java Normal file
View file

@ -0,0 +1,87 @@
package edu.cornell.mannlib.vitro.webapp.auth.identifier;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import java.util.ArrayList;
import java.util.Collections;
import javax.servlet.ServletContext;
import javax.servlet.ServletRequest;
import javax.servlet.http.HttpSession;
/**
* This class is intended to provide access to a IdentifierBundleFactory in the
* servlet context.
*
* @author bdc34
*
*/
public class ServletIdentifierBundleFactory extends ArrayList<IdentifierBundleFactory> implements IdentifierBundleFactory {
public static String IDENTIFIER_BUNDLE_FACTORY = "IdentifierBundleFactory";
public static String IDENTIFIER_BUNDLE = "IdentifierBundle";
/* ****************** static utility methods *************************/
/**
* Use this method to get an IdentifierBundleFactory for the servlet.
* @param sc
* @return
*/
public static ServletIdentifierBundleFactory getIdentifierBundleFactory(ServletContext sc){
if( sc != null ){
Object obj = sc.getAttribute(IDENTIFIER_BUNDLE_FACTORY);
if( obj != null && obj instanceof ServletIdentifierBundleFactory ){
return (ServletIdentifierBundleFactory)obj;
}else{
ServletIdentifierBundleFactory sibf = new ServletIdentifierBundleFactory();
sc.setAttribute(IDENTIFIER_BUNDLE_FACTORY, sibf);
return sibf;
}
}else{
return null;
}
}
/**
* Gets IdentifierBundle for a request.
* Session may be null.
*/
public static IdentifierBundle getIdBundleForRequest(ServletRequest request, HttpSession session, ServletContext sc){
if( request == null ) return null;
IdentifierBundle ib = (IdentifierBundle)request.getAttribute(IDENTIFIER_BUNDLE);
if( ib != null ) return ib;
IdentifierBundleFactory ibf = getIdentifierBundleFactory(sc);
ib = ibf.getIdentifierBundle(request,session,sc);
request.setAttribute(IDENTIFIER_BUNDLE, ib);
return ib;
}
public static IdentifierBundle getExistingIdBundle(ServletRequest request){
if( request == null ) return null;
IdentifierBundle ib = (IdentifierBundle)request.getAttribute(IDENTIFIER_BUNDLE);
if( ib != null ) return ib;
else
return null;
}
public static void addIdentifierBundleFactory(ServletContext sc, IdentifierBundleFactory ibfToAdd){
ServletIdentifierBundleFactory serverIbf = getIdentifierBundleFactory(sc);
serverIbf.add( ibfToAdd );
}
/**
* Consider using getIdBundleForRequest instead of this method.
*/
public IdentifierBundle getIdentifierBundle(ServletRequest request, HttpSession session, ServletContext context) {
IdentifierBundle ib = new ArrayIdentifierBundle();
for(IdentifierBundleFactory ibf : this){
if( ibf != null ){
IdentifierBundle obj = ibf.getIdentifierBundle(request,session, context);
if( obj != null )
ib.addAll( obj );
}
}
return ib;
}
}

35
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/SetupFakeSelfEditingIdentifierFactory.java Normal file
View file

@ -0,0 +1,35 @@
package edu.cornell.mannlib.vitro.webapp.auth.identifier;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import javax.servlet.ServletContext;
import javax.servlet.ServletContextEvent;
import javax.servlet.ServletContextListener;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory;
public class SetupFakeSelfEditingIdentifierFactory implements ServletContextListener{
private static final Log log = LogFactory.getLog(SetupFakeSelfEditingIdentifierFactory.class.getName());
public void contextInitialized(ServletContextEvent sce) {
ServletContext sc = sce.getServletContext();
WebappDaoFactory wdf = (WebappDaoFactory)sce.getServletContext().getAttribute("webappDaoFactory");
if( wdf == null ){
log.debug("SetupFakeSelfEditingIdentifierFactory: need a " +
"WebappDaoFactory in ServletContext, none found, factory will " +
"not be created");
return;
}
IdentifierBundleFactory ibfToAdd = new FakeSelfEditingIdentifierFactory();
ServletIdentifierBundleFactory.addIdentifierBundleFactory(sc, ibfToAdd);
}
public void contextDestroyed(ServletContextEvent sce) {
}
}

92
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/UserToIndIdentifierFactory.java Normal file
View file

@ -0,0 +1,92 @@
package edu.cornell.mannlib.vitro.webapp.auth.identifier;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import javax.servlet.ServletContext;
import javax.servlet.ServletRequest;
import javax.servlet.http.HttpSession;
import edu.cornell.mannlib.vedit.beans.LoginFormBean;
import edu.cornell.mannlib.vitro.webapp.beans.Individual;
import edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory;
/**
* Check to see if the User is logged in, find Individuals that the User mayEditAs,
* and and those Individuals as identifiers.
*
* @author bdc34
*
*/
public class UserToIndIdentifierFactory implements IdentifierBundleFactory {
public IdentifierBundle getIdentifierBundle(
ServletRequest request,
HttpSession session,
ServletContext context) {
if( session != null ){
// is the request logged in as a User?
LoginFormBean loginBean = (LoginFormBean) session.getAttribute("loginHandler");
if( loginBean != null && "authenticated".equals(loginBean.getLoginStatus() )){
String userURI = loginBean.getUserURI();
WebappDaoFactory wdf = (WebappDaoFactory)context.getAttribute("webappDaoFactory");
// get Individuals that the User mayEditAs
List<String> mayEditAsUris =
wdf.getUserDao().getIndividualsUserMayEditAs(userURI);
// make self editing Identifiers for those Individuals
IdentifierBundle idb = new ArrayIdentifierBundle();
idb.add( new UserIdentifier(userURI,mayEditAsUris) );
//Also make a self-editing identifier.
//There is not need for SelfEditingIdentifierFactory because SelfEditing
//identifiers are created here.
for( String personUri : mayEditAsUris){
if( personUri != null ){
Individual person = wdf.getIndividualDao().getIndividualByURI(personUri);
if( person != null ){
idb.add( new SelfEditingIdentifierFactory.SelfEditing(person,null) );
}
}
}
return idb;
}
}
return null;
}
public static List<String> getIndividualsForUser(IdentifierBundle ids) {
if( ids == null )
return Collections.EMPTY_LIST;
//find the user id
List<String> uris = new ArrayList<String>();
for( Identifier id : ids ){
if( id instanceof UserIdentifier){
uris.addAll( ((UserIdentifier)id).getMayEditAsURIs() );
}
}
return uris;
}
public class UserIdentifier implements Identifier {
private final String userURI;
private final List<String> mayEditAsURIs;
public UserIdentifier(String userURI, List<String> mayEditAsURIs) {
super();
this.userURI = userURI;
this.mayEditAsURIs = Collections.unmodifiableList(mayEditAsURIs);
}
public String getUserURI() {
return userURI;
}
public List<String> getMayEditAsURIs() {
return mayEditAsURIs;
}
}
}

160
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/BaseVisitingPolicy.java Normal file
View file

@ -0,0 +1,160 @@
package edu.cornell.mannlib.vitro.webapp.auth.policy;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.VisitingPolicyIface;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddDataPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddObjectPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddResource;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropDataPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropObjectPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropResource;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.EditDataPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.EditObjPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.AddNewUser;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.LoadOntology;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.RebuildTextIndex;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.RemoveUser;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.ServerStatus;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.UpdateTextIndex;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.UploadFile;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.CreateOwlClass;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.DefineDataProperty;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.DefineObjectProperty;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.RemoveOwlClass;
public class BaseVisitingPolicy implements VisitingPolicyIface {
public PolicyDecision defaultDecision(){
return new BasicPolicyDecision(Authorization.INCONCLUSIVE, "BaseVisitingPolicy default");
}
public PolicyDecision visit(IdentifierBundle ids, CreateOwlClass action) {
return defaultDecision();
}
public PolicyDecision visit(IdentifierBundle ids, RemoveOwlClass action) {
return defaultDecision();
}
public PolicyDecision visit(IdentifierBundle ids, DefineDataProperty action) {
return defaultDecision();
}
public PolicyDecision visit(IdentifierBundle ids,
DefineObjectProperty action) {
return defaultDecision();
}
public PolicyDecision visit(IdentifierBundle ids, AddObjectPropStmt action) {
return defaultDecision();
}
public PolicyDecision visit(IdentifierBundle ids, DropResource action) {
return defaultDecision();
}
public PolicyDecision visit(IdentifierBundle ids, DropDataPropStmt action) {
return defaultDecision();
}
public PolicyDecision visit(IdentifierBundle ids, DropObjectPropStmt action) {
return defaultDecision();
}
public PolicyDecision visit(IdentifierBundle ids, AddResource action) {
return defaultDecision();
}
public PolicyDecision visit(IdentifierBundle ids, AddDataPropStmt action) {
return defaultDecision();
}
public PolicyDecision visit(IdentifierBundle ids, AddNewUser action) {
return defaultDecision();
}
public PolicyDecision visit(IdentifierBundle ids, RemoveUser action) {
return defaultDecision();
}
public PolicyDecision visit(IdentifierBundle ids, LoadOntology action) {
return defaultDecision();
}
public PolicyDecision visit(IdentifierBundle ids, RebuildTextIndex action) {
return defaultDecision();
}
public PolicyDecision visit(IdentifierBundle ids, UpdateTextIndex action) {
return defaultDecision();
}
public PolicyDecision visit(IdentifierBundle ids, UploadFile action) {
return defaultDecision();
}
public PolicyDecision visit(IdentifierBundle ids, ServerStatus action) {
return defaultDecision();
}
public PolicyDecision visit(IdentifierBundle ids, EditDataPropStmt action) {
return defaultDecision();
}
public PolicyDecision visit(IdentifierBundle ids, EditObjPropStmt action) {
return defaultDecision();
}
public PolicyDecision isAuthorized(IdentifierBundle whoToAuth,
RequestedAction whatToAuth) {
if( whatToAuth != null )
return whatToAuth.accept(this, whoToAuth);
else
return new BasicPolicyDecision(Authorization.INCONCLUSIVE, "What to auth was null.");
}
}

58
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/BasicPolicyDecision.java Normal file
View file

@ -0,0 +1,58 @@
package edu.cornell.mannlib.vitro.webapp.auth.policy;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
/**
* Represents the result of querying a Policy for permission to perform
* a RequestedAction.
*/
public class BasicPolicyDecision implements PolicyDecision{
String debuggingInfo;
String message;
String StackTrace;
Authorization authorized;
public BasicPolicyDecision( Authorization authorized, String message) {
super();
this.message = message;
this.authorized = authorized;
}
public Authorization getAuthorized() {
return authorized;
}
public BasicPolicyDecision setAuthorized(Authorization auth) {
this.authorized = auth;
return this;
}
public String getDebuggingInfo() {
return debuggingInfo;
}
public BasicPolicyDecision setDebuggingInfo(String debuggingInfo) {
this.debuggingInfo = debuggingInfo;
return this;
}
public String getMessage() {
return message;
}
public BasicPolicyDecision setMessage(String message) {
this.message = message;
return this;
}
public String getStackTrace() {
return StackTrace;
}
public void setStackTrace(String stackTrace) {
StackTrace = stackTrace;
}
public String toString(){
return authorized + ": " + message;
}
}

434
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/CuratorEditingPolicy.java Normal file
View file

@ -0,0 +1,434 @@
package edu.cornell.mannlib.vitro.webapp.auth.policy;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import edu.cornell.mannlib.vedit.beans.LoginFormBean;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.CuratorEditingIdentifierFactory;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.Identifier;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.VisitingPolicyIface;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddDataPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddObjectPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddResource;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropDataPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropObjectPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropResource;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.EditDataPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.EditObjPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.AddNewUser;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.LoadOntology;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.RebuildTextIndex;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.RemoveUser;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.ServerStatus;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.UpdateTextIndex;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.UploadFile;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.AdminRequestedAction;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.OntoRequestedAction;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.CreateOwlClass;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.DefineDataProperty;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.DefineObjectProperty;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.RemoveOwlClass;
import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
import com.hp.hpl.jena.rdf.model.impl.Util;
/**
* Policy to use for Vivo Curator-Editing for use at Cornell.
* All methods in this class should be thread safe
* and side effect free.
*/
public class CuratorEditingPolicy implements VisitingPolicyIface {
protected static Log log = LogFactory.getLog( CuratorEditingPolicy.class );
/** regex for extracting a namespace from a URI */
// Do not use this; use Jena's splitNamespace() util instead.
//private Pattern ns = Pattern.compile("([^#]*#)[^#]*");
/**
* Namespaces from which Curator Editors should not be able to use resources.
*/
private Set<String> prohibitedNs;
/** URIs of properties that CuratorEditors should not be able to use in statements*/
protected Set<String>prohibitedProperties;
/** URIs of resources that CuratorEditors should not be able to use in statements*/
protected Set<String>prohibitedResources;
/** Indicates which Authorization to use when the user isn't explicitly authorized. */
protected Authorization defaultFailure = Authorization.INCONCLUSIVE;
/** URIs of properties from prohibited namespaces that Curator Editors need to be
* able to edit */
protected Set<String> editableVitroUris;
public CuratorEditingPolicy(
Set<String>prohibitedProperties,
Set<String>prohibitedResources,
Set<String>prohibitedNamespaces,
Set<String>editableVitroUris ){
if( prohibitedProperties != null )
this.prohibitedProperties = prohibitedProperties;
else
this.prohibitedProperties = Collections.EMPTY_SET;
if( prohibitedResources != null )
this.prohibitedResources = prohibitedResources;
else
this.prohibitedResources = Collections.EMPTY_SET;
if( prohibitedNamespaces != null )
this.prohibitedNs = prohibitedNamespaces;
else{
prohibitedNs = new HashSet<String>();
prohibitedNs.add( VitroVocabulary.vitroURI);
prohibitedNs.add( VitroVocabulary.OWL );
prohibitedNs.add("");
}
if( editableVitroUris != null )
this.editableVitroUris = editableVitroUris;
else{
this.editableVitroUris = new HashSet<String>();
this.editableVitroUris.add(VitroVocabulary.MONIKER);
this.editableVitroUris.add(VitroVocabulary.BLURB);
this.editableVitroUris.add(VitroVocabulary.MODTIME);
this.editableVitroUris.add(VitroVocabulary.TIMEKEY);
this.editableVitroUris.add(VitroVocabulary.CITATION);
this.editableVitroUris.add(VitroVocabulary.IMAGEFILE);
this.editableVitroUris.add(VitroVocabulary.IMAGETHUMB);
this.editableVitroUris.add(VitroVocabulary.LINK);
this.editableVitroUris.add(VitroVocabulary.PRIMARY_LINK);
this.editableVitroUris.add(VitroVocabulary.ADDITIONAL_LINK);
this.editableVitroUris.add(VitroVocabulary.LINK_ANCHOR);
this.editableVitroUris.add(VitroVocabulary.LINK_URL);
this.editableVitroUris.add(VitroVocabulary.KEYWORD_INDIVIDUALRELATION);
this.editableVitroUris.add(VitroVocabulary.KEYWORD_INDIVIDUALRELATION_INVOLVESKEYWORD);
this.editableVitroUris.add(VitroVocabulary.KEYWORD_INDIVIDUALRELATION_INVOLVESINDIVIDUAL);
this.editableVitroUris.add(VitroVocabulary.KEYWORD_INDIVIDUALRELATION_MODE);
}
}
public PolicyDecision isAuthorized(IdentifierBundle whomToAuth, RequestedAction whatToAuth) {
BasicPolicyDecision pd = new BasicPolicyDecision(this.defaultFailure,"not yet set");
if( whomToAuth == null )
return pd.setMessage("whomToAuth was null");
if(whatToAuth == null)
return pd.setMessage("whatToAuth was null");
String roleStr = getRoleOf(whomToAuth);
if (roleStr == null)
return pd.setMessage("Unable to get a role for the curator from IdBundle");
try{
if( Integer.parseInt( roleStr ) /*<*/ != LoginFormBean.CURATOR)
return pd.setMessage("CuratorEditingPolicy found role of "+roleStr+" but only authorizes for users logged in as CURATOR or higher");
}catch(NumberFormatException nef){}
if (whatToAuth instanceof OntoRequestedAction)
return pd.setMessage("CuratorEditingPolicy doesn't authorize OntoRequestedActions");
if (whatToAuth instanceof AdminRequestedAction)
return pd.setMessage("CuratorEditingPolicy doesn't authorize AdminRequestedActions");
//kick off the visitor pattern
return whatToAuth.accept(this, whomToAuth);
}
protected String getRoleOf( IdentifierBundle whomToAuth) {
if( whomToAuth == null ) return null;
for(Identifier id : whomToAuth){
if (id instanceof CuratorEditingIdentifierFactory.CuratorEditingId) {
return ((CuratorEditingIdentifierFactory.CuratorEditingId)id).getRole();
}
}
return null;
}
protected boolean canModifyResource(String uri){
if( uri == null || uri.length() == 0 )
return false;
if( editableVitroUris.contains( uri ) )
return true;
String namespace = uri.substring(0, Util.splitNamespace(uri));
//Matcher match = ns.matcher(uri);
//if( match.matches() && match.groupCount() > 0){
// String namespace = match.group(1);
if( prohibitedNs.contains( namespace ) ) {
log.debug("The uri "+uri+" represents a resource that cannot be modified because it matches a prohibited namespace");
return false;
}
//}
return true;
}
protected boolean canModifyPredicate(String uri){
if( uri == null || uri.length() == 0 )
return false;
if( editableVitroUris.contains( uri ) )
return true;
if( prohibitedProperties.contains(uri)) {
log.debug("The uri "+uri+" represents a predicate that cannot be modified because it is on a list of properties prohibited from curator editing");
return false;
}
String namespace = uri.substring(0, Util.splitNamespace(uri));
//Matcher match = ns.matcher(uri);
//if( match.matches() && match.groupCount() > 0){
// String namespace = match.group(1);
if( prohibitedNs.contains( namespace ) ) {
log.debug("The uri "+uri+" represents a predicate that cannot be modified because it matches a prohibited namespace");
return false;
}
//}
return true;
}
public PolicyDecision visit(IdentifierBundle ids, AddObjectPropStmt action) {
if( ids == null || action == null )
return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy, null action or ids");
//cannot edit resources related to system
if( !canModifyResource( action.uriOfObject ) )
return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy does not grant access to admin resources; " +
"cannot modify " + action.uriOfObject);
if( !canModifyResource( action.uriOfSubject ) )
return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy does not grant access to admin resources; " +
"cannot modify " + action.uriOfSubject);
if( !canModifyPredicate( action.uriOfPredicate ) )
return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy does not grant access to admin predicates; " +
"cannot modify " + action.uriOfPredicate);
return new BasicPolicyDecision(Authorization.AUTHORIZED,"CuratorEditingPolicy: user can edit allowed properties of anybody");
/* see SelfEditingPolicy for examples of any individual-based policy decisions */
}
public PolicyDecision visit(IdentifierBundle ids, DropResource action) {
if( ids == null || action == null )
return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy, null action or ids");
if( prohibitedNs.contains( action.getSubjectUri() ) )
return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy does not removal of admin resources");
return new BasicPolicyDecision(Authorization.AUTHORIZED,"CuratorEditingPolicy: may remove resource");
}
public PolicyDecision visit(IdentifierBundle ids, AddResource action) {
if( ids == null || action == null )
return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy, null action or ids");
if( prohibitedNs.contains( action.getSubjectUri() ) )
return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy does not allow creation of admin resources");
return new BasicPolicyDecision(Authorization.AUTHORIZED,"CuratorEditingPolicy: may add resource");
}
public PolicyDecision visit(IdentifierBundle ids, DropDataPropStmt action) {
if( ids == null || action == null ) {
log.debug("CuratorEditingPolicy for DropDataPropStmt is inconclusive because the test has null action or ids");
return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy, null action or ids");
}
//cannot edit resources related to system
if( prohibitedNs.contains( action.uriOfSubject() ) ) { // jc55 was getResourceURI()
log.debug("CuratorEditingPolicy for DropDatapropStmt is inconclusive because it does not grant access to admin resources");
return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy does not grant access to admin resources");
}
//many predicates are prohibited by namespace but there are many ones that curator editors need to work with
if( prohibitedNs.contains(action.uriOfPredicate() ) && ! editableVitroUris.contains( action.uriOfPredicate() ) ) {
log.debug("CuratorEditingPolicy for DropDatapropStmt is inconclusive because it does not grant access to admin controls");
return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy does not grant access to admin controls");
}
//cannot edit resources related to system
if( !canModifyResource( action.uriOfSubject() ) ) {
log.debug("CuratorEditingPolicy for EditDatapropStmt action is inconclusive because it does not grant access to admin resources; cannot modify " + action.uriOfSubject());
return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy does not grant access to admin resources; " +
"cannot modify " + action.uriOfSubject());
}
if( !canModifyPredicate( action.uriOfPredicate() ) ) {
log.debug("CuratorEditingPolicy for EditDatapropStmt is inconclusive because it does not grant access to admin predicates; cannot modify " + action.uriOfPredicate());
return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy does not grant access to admin predicates; " +
"cannot modify " + action.uriOfPredicate());
}
log.debug("CuratorEditingPolicy for DropDatapropStmt returns authorization because the user is a curator");
return new BasicPolicyDecision(Authorization.AUTHORIZED,"CuratorEditingPolicy: user is may drop data property statement");
/* see SelfEditingPolicy for examples of any individual-based policy decisions */
}
public PolicyDecision visit(IdentifierBundle ids, DropObjectPropStmt action) {
if( ids == null || action == null )
return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy, null action or ids");
//cannot edit resources related to system
if( !canModifyResource( action.uriOfObject ) )
return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy does not grant access to admin resources; " +
"cannot modify " + action.uriOfObject);
if( !canModifyResource( action.uriOfSubject ) )
return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy does not grant access to admin resources; " +
"cannot modify " + action.uriOfSubject);
if( !canModifyPredicate( action.uriOfPredicate ) )
return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy does not grant access to admin predicates; " +
"cannot modify " + action.uriOfPredicate);
return new BasicPolicyDecision(Authorization.AUTHORIZED,"CuratorEditingPolicy: user can edit any individual");
/* see SelfEditingPolicy for examples of any individual-based policy decisions */
}
public PolicyDecision visit(IdentifierBundle ids, AddDataPropStmt action) {
if( ids == null || action == null )
return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy, null action or ids");
//cannot edit resources related to system
if( prohibitedNs.contains( action.getResourceUri() ) )
return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy does not grant access to admin resources");
//many predicates are prohibited by namespace but there are many ones that curator editors need to work with
if( prohibitedNs.contains(action.getDataPropUri() ) && ! editableVitroUris.contains( action.getDataPropUri() ) )
return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy does not grant access to admin controls");
if( !canModifyPredicate( action.getDataPropUri() ) ) {
log.debug("CuratorEditingPolicy for AddDataPropStmt does not grant access to prohibited predicates or certain namespaces: cannot modify " + action.getDataPropUri());
return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy for AddDataPropStmt does not grant access to prohibited predicates or certain namespaces: " +
"cannot modify " + action.getDataPropUri());
}
return new BasicPolicyDecision(Authorization.AUTHORIZED,"CuratorEditingPolicy: user may add this data property statement");
/* see SelfEditingPolicy for examples of any individual-based policy decisions */
}
public PolicyDecision visit(IdentifierBundle ids, EditDataPropStmt action) {
if( ids == null || action == null ) {
log.debug("CuratorEditingPolicy for EditDataPropStmt is inconclusive because the test has null action or ids");
return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy, null action or ids");
}
//cannot edit resources related to system
if( !canModifyResource( action.uriOfSubject() ) ) {
log.debug("CuratorEditingPolicy for EditDatapropStmt action is inconclusive because it does not grant access to admin resources; cannot modify " + action.uriOfSubject());
return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy does not grant access to admin resources; " +
"cannot modify " + action.uriOfSubject());
}
if( !canModifyPredicate( action.uriOfPredicate() ) ) {
log.debug("CuratorEditingPolicy for EditDataPropStmt does not grant access to prohibited predicates or certain namespaces: cannot modify " + action.uriOfPredicate());
return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy for EditDataPropStmt does not grant access to prohibited predicates or certain namespaces: " +
"cannot modify " + action.uriOfPredicate());
}
log.debug("CuratorEditingPolicy for EditDatapropStmt returns authorization because the user is a curator");
return new BasicPolicyDecision(Authorization.AUTHORIZED,"CuratorEditingPolicy: user may edit data property statement");
/* see SelfEditingPolicy for examples of any individual-based policy decisions */
}
public PolicyDecision visit(IdentifierBundle ids, EditObjPropStmt action) {
if( ids == null || action == null )
return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy, null action or ids");
//cannot edit resources related to system
if( !canModifyResource( action.uriOfObject ) )
return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy does not grant access to admin resources; " +
"cannot modify " + action.uriOfObject);
if( !canModifyResource( action.uriOfSubject ) )
return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy does not grant access to admin resources; " +
"cannot modify " + action.uriOfSubject);
if( !canModifyPredicate( action.uriOfPredicate ) )
return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy does not grant access to admin predicates; " +
"cannot modify " + action.uriOfPredicate);
return new BasicPolicyDecision(Authorization.AUTHORIZED,"CuratorEditingPolicy: user may edit any individual");
/* see SelfEditingPolicy for examples of any individual-based policy decisions */
}
public PolicyDecision visit(IdentifierBundle ids, UploadFile action) {
return new BasicPolicyDecision(Authorization.AUTHORIZED,"CuratorEditingPolicy: may upload files");
}
// *** the following actions are generally not part of curator editing *** //
public PolicyDecision visit(IdentifierBundle ids, AddNewUser action) {
return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"CuratorEditingPolicy does not authorize administrative modifications");
}
public PolicyDecision visit(IdentifierBundle ids, RemoveUser action) {
return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"CuratorEditingPolicy does not authorize administrative modifications");
}
public PolicyDecision visit(IdentifierBundle ids, LoadOntology action) {
return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"CuratorEditingPolicy does not authorize administrative modifications");
}
public PolicyDecision visit(IdentifierBundle ids, RebuildTextIndex action) {
return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"CuratorEditingPolicy does not authorize administrative modifications");
}
public PolicyDecision visit(IdentifierBundle ids, UpdateTextIndex action) {
return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"CuratorEditingPolicy does not authorize administrative modifications");
}
public PolicyDecision visit(IdentifierBundle ids, ServerStatus action) {
return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"CuratorEditingPolicy does not authorize administrative modifications");
}
public PolicyDecision visit(IdentifierBundle ids, CreateOwlClass action) {
return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"CuratorEditingPolicy does not authorize administrative modifications");
}
public PolicyDecision visit(IdentifierBundle ids, RemoveOwlClass action) {
return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"CuratorEditingPolicy does not authorize administrative modifications");
}
public PolicyDecision visit(IdentifierBundle ids, DefineDataProperty action) {
return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"CuratorEditingPolicy does not authorize administrative modifications");
}
public PolicyDecision visit(IdentifierBundle ids, DefineObjectProperty action) {
return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"CuratorEditingPolicy does not authorize administrative modifications");
}
public String toString(){
return "CuratorEditingPolicy " + hashCode()
+ " nspaces: " + prohibitedNs.size() + " prohibited Props: "
+ prohibitedProperties.size() + " prohibited resources: "
+ prohibitedResources.size();
}
}

437
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/DbAdminEditingPolicy.java Normal file
View file

@ -0,0 +1,437 @@
package edu.cornell.mannlib.vitro.webapp.auth.policy;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import com.hp.hpl.jena.rdf.model.impl.Util;
import edu.cornell.mannlib.vedit.beans.LoginFormBean;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.DbAdminEditingIdentifierFactory;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.Identifier;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.DbAdminEditingIdentifierFactory.DbAdminEditingId;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.VisitingPolicyIface;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddDataPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddObjectPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddResource;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropDataPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropObjectPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropResource;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.EditDataPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.EditObjPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.AddNewUser;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.LoadOntology;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.RebuildTextIndex;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.RemoveUser;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.ServerStatus;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.UpdateTextIndex;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.UploadFile;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.AdminRequestedAction;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.OntoRequestedAction;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.CreateOwlClass;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.DefineDataProperty;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.DefineObjectProperty;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.RemoveOwlClass;
import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
/**
* Policy to use for Vivo non-privileged but user accouunt-based editing
* All methods in this class should be thread safe
* and side effect free.
*/
public class DbAdminEditingPolicy implements VisitingPolicyIface {
protected static Log log = LogFactory.getLog( DbAdminEditingPolicy.class );
/** regex for extracting a namespace from a URI */
// Do not use this; use Jena's splitNamespace() util instead.
//private Pattern ns = Pattern.compile("([^#]*#)[^#]*");
/**
* Namespaces from which DbAdmins should not be able to use resources.
*/
private Set<String> prohibitedNs;
/** URIs of properties that DbAdmins should not be able to use in statements*/
protected Set<String>prohibitedProperties;
/** URIs of resources that DbAdmins should not be able to use in statements*/
protected Set<String>prohibitedResources;
/** Indicates which Authorization to use when the user isn't explicitly authorized. */
protected Authorization defaultFailure = Authorization.INCONCLUSIVE;
/** URIs of properties from prohibited namespaces that DbAdmins need to be
* able to edit */
protected Set<String> editableVitroUris;
public DbAdminEditingPolicy(
Set<String>prohibitedProperties,
Set<String>prohibitedResources,
Set<String>prohibitedNamespaces,
Set<String>editableVitroUris ){
if( prohibitedProperties != null )
this.prohibitedProperties = prohibitedProperties;
else
this.prohibitedProperties = Collections.EMPTY_SET;
if( prohibitedResources != null )
this.prohibitedResources = prohibitedResources;
else
this.prohibitedResources = Collections.EMPTY_SET;
if( prohibitedNamespaces != null )
this.prohibitedNs = prohibitedNamespaces;
else{
prohibitedNs = new HashSet<String>();
prohibitedNs.add( VitroVocabulary.vitroURI);
prohibitedNs.add( VitroVocabulary.OWL );
prohibitedNs.add("");
}
if( editableVitroUris != null )
this.editableVitroUris = editableVitroUris;
else{
this.editableVitroUris = new HashSet<String>();
this.editableVitroUris.add(VitroVocabulary.MONIKER);
this.editableVitroUris.add(VitroVocabulary.BLURB);
this.editableVitroUris.add(VitroVocabulary.MODTIME);
this.editableVitroUris.add(VitroVocabulary.TIMEKEY);
this.editableVitroUris.add(VitroVocabulary.CITATION);
this.editableVitroUris.add(VitroVocabulary.IMAGEFILE);
this.editableVitroUris.add(VitroVocabulary.IMAGETHUMB);
this.editableVitroUris.add(VitroVocabulary.LINK);
this.editableVitroUris.add(VitroVocabulary.PRIMARY_LINK);
this.editableVitroUris.add(VitroVocabulary.ADDITIONAL_LINK);
this.editableVitroUris.add(VitroVocabulary.LINK_ANCHOR);
this.editableVitroUris.add(VitroVocabulary.LINK_URL);
this.editableVitroUris.add(VitroVocabulary.KEYWORD_INDIVIDUALRELATION);
this.editableVitroUris.add(VitroVocabulary.KEYWORD_INDIVIDUALRELATION_INVOLVESKEYWORD);
this.editableVitroUris.add(VitroVocabulary.KEYWORD_INDIVIDUALRELATION_INVOLVESINDIVIDUAL);
this.editableVitroUris.add(VitroVocabulary.KEYWORD_INDIVIDUALRELATION_MODE);
}
}
public PolicyDecision isAuthorized(IdentifierBundle whomToAuth, RequestedAction whatToAuth) {
BasicPolicyDecision pd = new BasicPolicyDecision(this.defaultFailure,"not yet set");
if( whomToAuth == null )
return pd.setMessage("whomToAuth was null");
if(whatToAuth == null)
return pd.setMessage("whatToAuth was null");
String roleStr = getRoleOf(whomToAuth);
if (roleStr == null)
return pd.setMessage("Unable to get a role for the dbAdmin from IdBundle");
try{
if( Integer.parseInt( roleStr ) /*<*/ != LoginFormBean.DBA) {
return pd.setMessage("DbAdminEditingPolicy found role of "+roleStr+" and only authorizes for users logged in as DB_ADMIN");
}
} catch(NumberFormatException nef){}
if (whatToAuth instanceof OntoRequestedAction)
return pd.setMessage("DbAdminEditingPolicy doesn't authorize OntoRequestedActions");
if (whatToAuth instanceof AdminRequestedAction)
return pd.setMessage("DbAdminEditingPolicy doesn't authorize AdminRequestedActions");
//kick off the visitor pattern
return whatToAuth.accept(this, whomToAuth);
}
protected String getRoleOf( IdentifierBundle whomToAuth) {
if( whomToAuth == null ) return null;
for(Identifier id : whomToAuth){
if (id instanceof DbAdminEditingIdentifierFactory.DbAdminEditingId) {
return ((DbAdminEditingIdentifierFactory.DbAdminEditingId)id).getRole();
}
}
return null;
}
protected boolean canModifyResource(String uri){
if( uri == null || uri.length() == 0 )
return false;
if( editableVitroUris.contains( uri ) )
return true;
String namespace = uri.substring(0, Util.splitNamespace(uri));
//Matcher match = ns.matcher(uri);
//if( match.matches() && match.groupCount() > 0){
// String namespace = match.group(1);
if( prohibitedNs.contains( namespace ) ) {
log.debug("The uri "+uri+" represents a resource that cannot be modified because it matches a prohibited namespace");
return false;
}
//}
return true;
}
protected boolean canModifyPredicate(String uri){
if( uri == null || uri.length() == 0 )
return false;
if( editableVitroUris.contains( uri ) ) // properties like moniker that are never (currently) set non-editable
return true;
if( prohibitedProperties.contains(uri)) {
log.debug("The uri "+uri+" represents a predicate that cannot be modified because it is on a list of properties prohibited from dbAdmin editing");
return false;
}
String namespace = uri.substring(0, Util.splitNamespace(uri));
//Matcher match = ns.matcher(uri);
//if( match.matches() && match.groupCount() > 0){
// String namespace = match.group(1);
if( prohibitedNs.contains( namespace ) ) {
log.debug("The uri "+uri+" represents a predicate that cannot be modified because it matches a prohibited namespace");
return false;
}
//}
return true;
}
public PolicyDecision visit(IdentifierBundle ids, AddObjectPropStmt action) {
if( ids == null || action == null )
return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy, null action or ids");
//cannot edit resources related to system
if( !canModifyResource( action.uriOfObject ) )
return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy does not grant access to admin resources; " +
"cannot modify " + action.uriOfObject);
if( !canModifyResource( action.uriOfSubject ) )
return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy does not grant access to admin resources; " +
"cannot modify " + action.uriOfSubject);
if( !canModifyPredicate( action.uriOfPredicate ) )
return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy does not grant access to prohibited predicates or certain namespaces: " +
"cannot modify " + action.uriOfPredicate);
return new BasicPolicyDecision(Authorization.AUTHORIZED,"DbAdminEditingPolicy: user can edit allowed properties of anybody");
/* see SelfEditingPolicy for examples of any individual-based policy decisions */
}
public PolicyDecision visit(IdentifierBundle ids, DropResource action) {
if( ids == null || action == null )
return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy, null action or ids");
if( prohibitedNs.contains( action.getSubjectUri() ) )
return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy does not removal of admin resources");
return new BasicPolicyDecision(Authorization.AUTHORIZED,"DbAdminEditingPolicy: may remove resource");
}
public PolicyDecision visit(IdentifierBundle ids, AddResource action) {
if( ids == null || action == null )
return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy, null action or ids");
if( prohibitedNs.contains( action.getSubjectUri() ) )
return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy does not allow creation of admin resources");
return new BasicPolicyDecision(Authorization.AUTHORIZED,"DbAdminEditingPolicy: may add resource");
}
public PolicyDecision visit(IdentifierBundle ids, DropDataPropStmt action) {
if( ids == null || action == null ) {
log.debug("DbAdminEditingPolicy for DropDataPropStmt is inconclusive because the test has null action or ids");
return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy, null action or ids");
}
//cannot edit resources related to system
if( prohibitedNs.contains( action.uriOfSubject() ) ) { // jc55 was getResourceURI()
log.debug("DbAdminEditingPolicy for DropDatapropStmt is inconclusive because it does not grant access to admin resources");
return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy does not grant access to admin resources");
}
//many predicates are prohibited by namespace but there are many ones that dbAdmin editors need to work with
if( prohibitedNs.contains(action.uriOfPredicate() ) && ! editableVitroUris.contains( action.uriOfPredicate() ) ) {
log.debug("DbAdminEditingPolicy for DropDatapropStmt is inconclusive because it does not grant access to admin controls");
return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy does not grant access to admin controls");
}
//cannot edit resources related to system
if( !canModifyResource( action.uriOfSubject() ) ) {
log.debug("DbAdminEditingPolicy for EditDatapropStmt action is inconclusive because it does not grant access to admin resources; cannot modify " + action.uriOfSubject());
return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy does not grant access to admin resources; " +
"cannot modify " + action.uriOfSubject());
}
if( !canModifyPredicate( action.uriOfPredicate() ) ) {
log.debug("DbAdminEditingPolicy does not grant access to prohibited predicates or certain namespaces: cannot modify " + action.uriOfPredicate());
return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy does not grant access to prohibited predicates or certain namespaces: " +
"cannot modify " + action.uriOfPredicate());
}
log.debug("DbAdminEditingPolicy for DropDatapropStmt returns authorization because the user is a dbAdmin");
return new BasicPolicyDecision(Authorization.AUTHORIZED,"DbAdminEditingPolicy: user is may drop data property statement");
/* see SelfEditingPolicy for examples of any individual-based policy decisions */
}
public PolicyDecision visit(IdentifierBundle ids, DropObjectPropStmt action) {
if( ids == null || action == null )
return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy, null action or ids");
//cannot edit resources related to system
if( !canModifyResource( action.uriOfObject ) )
return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy does not grant access to admin resources; " +
"cannot modify " + action.uriOfObject);
if( !canModifyResource( action.uriOfSubject ) )
return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy does not grant access to admin resources; " +
"cannot modify " + action.uriOfSubject);
if( !canModifyPredicate( action.uriOfPredicate ) )
return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy does not grant access to prohibited predicates or certain namespaces: " +
"cannot modify " + action.uriOfPredicate);
return new BasicPolicyDecision(Authorization.AUTHORIZED,"DbAdminEditingPolicy: user can edit any individual");
/* see SelfEditingPolicy for examples of any individual-based policy decisions */
}
public PolicyDecision visit(IdentifierBundle ids, AddDataPropStmt action) {
if( ids == null || action == null )
return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy has null action or ids");
//cannot edit resources related to system
if( prohibitedNs.contains( action.getResourceUri() ) )
return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy does not grant access to admin resources from prohibited namespaces");
//many predicates are prohibited by namespace but there are many ones that dbAdmin editors need to work with
if( prohibitedNs.contains(action.getDataPropUri() ) && ! editableVitroUris.contains( action.getDataPropUri() ) )
return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy does not grant access to admin controls");
if( !canModifyPredicate( action.getDataPropUri() ) ) {
log.debug("DbAdminEditingPolicy for AddDataPropStmt does not grant access to prohibited predicates or certain namespaces: cannot modify " + action.getDataPropUri());
return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy for AddDataPropStmt does not grant access to prohibited predicates or certain namespaces: " +
"cannot modify " + action.getDataPropUri());
}
return new BasicPolicyDecision(Authorization.AUTHORIZED,"DbAdminEditingPolicy: user may add this data property statement");
/* see SelfEditingPolicy for examples of any individual-based policy decisions */
}
public PolicyDecision visit(IdentifierBundle ids, EditDataPropStmt action) {
if( ids == null || action == null ) {
log.debug("DbAdminEditingPolicy for EditDataPropStmt is inconclusive because the test has null action or ids");
return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy, null action or ids");
}
//cannot edit resources related to system
if( !canModifyResource( action.uriOfSubject() ) ) {
log.debug("DbAdminEditingPolicy for EditDatapropStmt action is inconclusive because it does not grant access to admin resources; cannot modify " + action.uriOfSubject());
return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy does not grant access to admin resources; " +
"cannot modify " + action.uriOfSubject());
}
if( !canModifyPredicate( action.uriOfPredicate() ) ) {
log.debug("DbAdminEditingPolicy for EditDataPropStmt does not grant access to prohibited predicates or certain namespaces: cannot modify " + action.uriOfPredicate());
return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy for EditDataPropStmt does not grant access to prohibited predicates or certain namespaces: " +
"cannot modify " + action.uriOfPredicate());
}
log.debug("DbAdminEditingPolicy for EditDatapropStmt returns authorization because the user is a dbAdmin");
return new BasicPolicyDecision(Authorization.AUTHORIZED,"DbAdminEditingPolicy: user may edit data property statement");
/* see SelfEditingPolicy for examples of any individual-based policy decisions */
}
public PolicyDecision visit(IdentifierBundle ids, EditObjPropStmt action) {
if( ids == null || action == null )
return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy, null action or ids");
//cannot edit resources related to system
if( !canModifyResource( action.uriOfObject ) )
return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy does not grant access to admin resources; " +
"cannot modify " + action.uriOfObject);
if( !canModifyResource( action.uriOfSubject ) )
return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy does not grant access to admin resources; " +
"cannot modify " + action.uriOfSubject);
if( !canModifyPredicate( action.uriOfPredicate ) )
return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy for EditObjPropStmt does not grant access to prohibited predicates or certain namespaces: " +
"cannot modify " + action.uriOfPredicate);
return new BasicPolicyDecision(Authorization.AUTHORIZED,"DbAdminEditingPolicy: user may edit any individual");
/* see SelfEditingPolicy for examples of any individual-based policy decisions */
}
public PolicyDecision visit(IdentifierBundle ids, UploadFile action) {
return new BasicPolicyDecision(Authorization.AUTHORIZED,"DbAdminEditingPolicy: may upload files");
}
// *** the following actions are generally not part of dbAdmin editing *** //
public PolicyDecision visit(IdentifierBundle ids, AddNewUser action) {
return new BasicPolicyDecision(Authorization.AUTHORIZED,"DbAdminEditingPolicy does authorize administrative modifications");
}
public PolicyDecision visit(IdentifierBundle ids, RemoveUser action) {
return new BasicPolicyDecision(Authorization.AUTHORIZED,"DbAdminEditingPolicy does authorize administrative modifications");
}
public PolicyDecision visit(IdentifierBundle ids, LoadOntology action) {
return new BasicPolicyDecision(Authorization.AUTHORIZED,"DbAdminEditingPolicy does authorize administrative modifications");
}
public PolicyDecision visit(IdentifierBundle ids, RebuildTextIndex action) {
return new BasicPolicyDecision(Authorization.AUTHORIZED,"DbAdminEditingPolicy does authorize administrative modifications");
}
public PolicyDecision visit(IdentifierBundle ids, UpdateTextIndex action) {
return new BasicPolicyDecision(Authorization.AUTHORIZED,"DbAdminEditingPolicy does authorize administrative modifications");
}
public PolicyDecision visit(IdentifierBundle ids, ServerStatus action) {
return new BasicPolicyDecision(Authorization.AUTHORIZED,"DbAdminEditingPolicy does authorize administrative modifications");
}
public PolicyDecision visit(IdentifierBundle ids, CreateOwlClass action) {
return new BasicPolicyDecision(Authorization.AUTHORIZED,"DbAdminEditingPolicy does not authorize administrative modifications");
}
public PolicyDecision visit(IdentifierBundle ids, RemoveOwlClass action) {
return new BasicPolicyDecision(Authorization.AUTHORIZED,"DbAdminEditingPolicy does authorize administrative modifications");
}
public PolicyDecision visit(IdentifierBundle ids, DefineDataProperty action) {
return new BasicPolicyDecision(Authorization.AUTHORIZED,"DbAdminEditingPolicy does authorize administrative modifications");
}
public PolicyDecision visit(IdentifierBundle ids, DefineObjectProperty action) {
return new BasicPolicyDecision(Authorization.AUTHORIZED,"DbAdminEditingPolicy does authorize administrative modifications");
}
public String toString(){
return "DbAdminEditingPolicy " + hashCode()
+ " nspaces: " + prohibitedNs.size() + " prohibited Props: "
+ prohibitedProperties.size() + " prohibited resources: "
+ prohibitedResources.size();
}
}

435
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/EditorEditingPolicy.java Normal file
View file

@ -0,0 +1,435 @@
package edu.cornell.mannlib.vitro.webapp.auth.policy;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import com.hp.hpl.jena.rdf.model.impl.Util;
import edu.cornell.mannlib.vedit.beans.LoginFormBean;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.EditorEditingIdentifierFactory;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.Identifier;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.VisitingPolicyIface;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddDataPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddObjectPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddResource;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropDataPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropObjectPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropResource;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.EditDataPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.EditObjPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.AddNewUser;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.LoadOntology;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.RebuildTextIndex;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.RemoveUser;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.ServerStatus;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.UpdateTextIndex;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.UploadFile;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.AdminRequestedAction;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.OntoRequestedAction;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.CreateOwlClass;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.DefineDataProperty;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.DefineObjectProperty;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.RemoveOwlClass;
import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
/**
* Policy to use for Vivo non-privileged but user accouunt-based editing
* All methods in this class should be thread safe
* and side effect free.
*/
public class EditorEditingPolicy implements VisitingPolicyIface{
protected static Log log = LogFactory.getLog( EditorEditingPolicy.class );
/** regex for extracting a namespace from a URI */
// Do not use this; use Jena's splitNamespace() util instead.
//private Pattern ns = Pattern.compile("([^#]*#)[^#]*");
/**
* Namespaces from which Editors should not be able to use resources.
*/
private Set<String> prohibitedNs;
/** URIs of properties that Editors should not be able to use in statements*/
protected Set<String>prohibitedProperties;
/** URIs of resources that Editors should not be able to use in statements*/
protected Set<String>prohibitedResources;
/** Indicates which Authorization to use when the user isn't explicitly authorized. */
protected Authorization defaultFailure = Authorization.INCONCLUSIVE;
/** URIs of properties from prohibited namespaces that Editors need to be
* able to edit */
protected Set<String> editableVitroUris;
public EditorEditingPolicy(
Set<String>prohibitedProperties,
Set<String>prohibitedResources,
Set<String>prohibitedNamespaces,
Set<String>editableVitroUris ){
if( prohibitedProperties != null )
this.prohibitedProperties = prohibitedProperties;
else
this.prohibitedProperties = Collections.EMPTY_SET;
if( prohibitedResources != null )
this.prohibitedResources = prohibitedResources;
else
this.prohibitedResources = Collections.EMPTY_SET;
if( prohibitedNamespaces != null )
this.prohibitedNs = prohibitedNamespaces;
else{
prohibitedNs = new HashSet<String>();
prohibitedNs.add( VitroVocabulary.vitroURI);
prohibitedNs.add( VitroVocabulary.OWL );
prohibitedNs.add("");
}
if( editableVitroUris != null )
this.editableVitroUris = editableVitroUris;
else{
this.editableVitroUris = new HashSet<String>();
this.editableVitroUris.add(VitroVocabulary.MONIKER);
this.editableVitroUris.add(VitroVocabulary.BLURB);
this.editableVitroUris.add(VitroVocabulary.MODTIME);
this.editableVitroUris.add(VitroVocabulary.TIMEKEY);
this.editableVitroUris.add(VitroVocabulary.CITATION);
this.editableVitroUris.add(VitroVocabulary.IMAGEFILE);
this.editableVitroUris.add(VitroVocabulary.IMAGETHUMB);
this.editableVitroUris.add(VitroVocabulary.LINK);
this.editableVitroUris.add(VitroVocabulary.PRIMARY_LINK);
this.editableVitroUris.add(VitroVocabulary.ADDITIONAL_LINK);
this.editableVitroUris.add(VitroVocabulary.LINK_ANCHOR);
this.editableVitroUris.add(VitroVocabulary.LINK_URL);
this.editableVitroUris.add(VitroVocabulary.KEYWORD_INDIVIDUALRELATION);
this.editableVitroUris.add(VitroVocabulary.KEYWORD_INDIVIDUALRELATION_INVOLVESKEYWORD);
this.editableVitroUris.add(VitroVocabulary.KEYWORD_INDIVIDUALRELATION_INVOLVESINDIVIDUAL);
this.editableVitroUris.add(VitroVocabulary.KEYWORD_INDIVIDUALRELATION_MODE);
}
}
public PolicyDecision isAuthorized(IdentifierBundle whomToAuth, RequestedAction whatToAuth) {
BasicPolicyDecision pd = new BasicPolicyDecision(this.defaultFailure,"not yet set");
if( whomToAuth == null )
return pd.setMessage("whomToAuth was null");
if(whatToAuth == null)
return pd.setMessage("whatToAuth was null");
String roleStr = getRoleOf(whomToAuth);
if (roleStr == null)
return pd.setMessage("Unable to get a role for the editor from IdBundle");
try{
if( Integer.parseInt( roleStr ) /*<*/ != LoginFormBean.EDITOR)
return pd.setMessage("EditorEditingPolicy found role of "+roleStr+" but only authorizes for users logged in as EDITOR or higher");
}catch(NumberFormatException nef){}
if (whatToAuth instanceof OntoRequestedAction)
return pd.setMessage("EditorEditingPolicy doesn't authorize OntoRequestedActions");
if (whatToAuth instanceof AdminRequestedAction)
return pd.setMessage("EditorEditingPolicy doesn't authorize AdminRequestedActions");
//kick off the visitor pattern
return whatToAuth.accept(this, whomToAuth);
}
protected String getRoleOf( IdentifierBundle whomToAuth) {
if( whomToAuth == null ) return null;
for(Identifier id : whomToAuth){
if (id instanceof EditorEditingIdentifierFactory.EditorEditingId) {
return ((EditorEditingIdentifierFactory.EditorEditingId)id).getRole();
}
}
return null;
}
protected boolean canModifyResource(String uri){
if( uri == null || uri.length() == 0 )
return false;
if( editableVitroUris.contains( uri ) )
return true;
String namespace = uri.substring(0, Util.splitNamespace(uri));
//Matcher match = ns.matcher(uri);
//if( match.matches() && match.groupCount() > 0){
// String namespace = match.group(1);
if( prohibitedNs.contains( namespace ) ) {
log.debug("The uri "+uri+" represents a resource that cannot be modified because it matches a prohibited namespace");
return false;
}
//}
return true;
}
protected boolean canModifyPredicate(String uri){
if( uri == null || uri.length() == 0 )
return false;
if( editableVitroUris.contains( uri ) )
return true;
if( prohibitedProperties.contains(uri)) {
log.debug("The uri "+uri+" represents a predicate that cannot be modified because it is on a list of properties prohibited from editor editing");
return false;
}
String namespace = uri.substring(0, Util.splitNamespace(uri));
//Matcher match = ns.matcher(uri);
//if( match.matches() && match.groupCount() > 0){
// String namespace = match.group(1);
if( prohibitedNs.contains( namespace ) ) {
log.debug("The uri "+uri+" represents a predicate that cannot be modified because it matches a prohibited namespace");
return false;
}
//}
return true;
}
public PolicyDecision visit(IdentifierBundle ids, AddObjectPropStmt action) {
if( ids == null || action == null )
return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy, null action or ids");
//cannot edit resources related to system
if( !canModifyResource( action.uriOfObject ) )
return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy does not grant access to admin resources; " +
"cannot modify " + action.uriOfObject);
if( !canModifyResource( action.uriOfSubject ) )
return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy does not grant access to admin resources; " +
"cannot modify " + action.uriOfSubject);
if( !canModifyPredicate( action.uriOfPredicate ) )
return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy does not grant access to admin predicates; " +
"cannot modify " + action.uriOfPredicate);
return new BasicPolicyDecision(Authorization.AUTHORIZED,"EditorEditingPolicy: user can edit allowed properties of anybody");
/* see SelfEditingPolicy for examples of any individual-based policy decisions */
}
public PolicyDecision visit(IdentifierBundle ids, DropResource action) {
if( ids == null || action == null )
return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy, null action or ids");
if( prohibitedNs.contains( action.getSubjectUri() ) )
return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy does not removal of admin resources");
return new BasicPolicyDecision(Authorization.AUTHORIZED,"EditorEditingPolicy: may remove resource");
}
public PolicyDecision visit(IdentifierBundle ids, AddResource action) {
if( ids == null || action == null )
return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy, null action or ids");
if( prohibitedNs.contains( action.getSubjectUri() ) )
return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy does not allow creation of admin resources");
return new BasicPolicyDecision(Authorization.AUTHORIZED,"EditorEditingPolicy: may add resource");
}
public PolicyDecision visit(IdentifierBundle ids, DropDataPropStmt action) {
if( ids == null || action == null ) {
log.debug("EditorEditingPolicy for DropDataPropStmt is inconclusive because the test has null action or ids");
return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy, null action or ids");
}
//cannot edit resources related to system
if( prohibitedNs.contains( action.uriOfSubject() ) ) { // jc55 was getResourceURI()
log.debug("EditorEditingPolicy for DropDatapropStmt is inconclusive because it does not grant access to admin resources");
return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy does not grant access to admin resources");
}
//many predicates are prohibited by namespace but there are many ones that editor editors need to work with
if( prohibitedNs.contains(action.uriOfPredicate() ) && ! editableVitroUris.contains( action.uriOfPredicate() ) ) {
log.debug("EditorEditingPolicy for DropDatapropStmt is inconclusive because it does not grant access to admin controls");
return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy does not grant access to admin controls");
}
//cannot edit resources related to system
if( !canModifyResource( action.uriOfSubject() ) ) {
log.debug("EditorEditingPolicy for EditDatapropStmt action is inconclusive because it does not grant access to admin resources; cannot modify " + action.uriOfSubject());
return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy does not grant access to admin resources; " +
"cannot modify " + action.uriOfSubject());
}
if( !canModifyPredicate( action.uriOfPredicate() ) ) {
log.debug("EditorEditingPolicy for EditDatapropStmt is inconclusive because it does not grant access to admin predicates; cannot modify " + action.uriOfPredicate());
return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy does not grant access to admin predicates; " +
"cannot modify " + action.uriOfPredicate());
}
log.debug("EditorEditingPolicy for DropDatapropStmt returns authorization because the user is a editor");
return new BasicPolicyDecision(Authorization.AUTHORIZED,"EditorEditingPolicy: user is may drop data property statement");
/* see SelfEditingPolicy for examples of any individual-based policy decisions */
}
public PolicyDecision visit(IdentifierBundle ids, DropObjectPropStmt action) {
if( ids == null || action == null )
return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy, null action or ids");
//cannot edit resources related to system
if( !canModifyResource( action.uriOfObject ) )
return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy does not grant access to admin resources; " +
"cannot modify " + action.uriOfObject);
if( !canModifyResource( action.uriOfSubject ) )
return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy does not grant access to admin resources; " +
"cannot modify " + action.uriOfSubject);
if( !canModifyPredicate( action.uriOfPredicate ) )
return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy does not grant access to admin predicates; " +
"cannot modify " + action.uriOfPredicate);
return new BasicPolicyDecision(Authorization.AUTHORIZED,"EditorEditingPolicy: user can edit any individual");
/* see SelfEditingPolicy for examples of any individual-based policy decisions */
}
public PolicyDecision visit(IdentifierBundle ids, AddDataPropStmt action) {
if( ids == null || action == null )
return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy, null action or ids");
//cannot edit resources related to system
if( prohibitedNs.contains( action.getResourceUri() ) )
return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy does not grant access to admin resources");
//many predicates are prohibited by namespace but there are many ones that editor editors need to work with
if( prohibitedNs.contains(action.getDataPropUri() ) && ! editableVitroUris.contains( action.getDataPropUri() ) )
return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy does not grant access to admin controls");
if( !canModifyPredicate( action.getDataPropUri() ) ) {
log.debug("EditorEditingPolicy for AddDataPropStmt does not grant access to prohibited predicates or certain namespaces: cannot modify " + action.getDataPropUri());
return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy for AddDataPropStmt does not grant access to prohibited predicates or certain namespaces: " +
"cannot modify " + action.getDataPropUri());
}
return new BasicPolicyDecision(Authorization.AUTHORIZED,"EditorEditingPolicy: user may add this data property statement");
/* see SelfEditingPolicy for examples of any individual-based policy decisions */
}
public PolicyDecision visit(IdentifierBundle ids, EditDataPropStmt action) {
if( ids == null || action == null ) {
log.debug("EditorEditingPolicy for EditDataPropStmt is inconclusive because the test has null action or ids");
return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy, null action or ids");
}
//cannot edit resources related to system
if( !canModifyResource( action.uriOfSubject() ) ) {
log.debug("EditorEditingPolicy for EditDatapropStmt action is inconclusive because it does not grant access to admin resources; cannot modify " + action.uriOfSubject());
return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy does not grant access to admin resources; " +
"cannot modify " + action.uriOfSubject());
}
if( !canModifyPredicate( action.uriOfPredicate() ) ) {
log.debug("EditorEditingPolicy for EditDataPropStmt does not grant access to prohibited predicates or certain namespaces: cannot modify " + action.uriOfPredicate());
return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy for EditDataPropStmt does not grant access to prohibited predicates or certain namespaces: " +
"cannot modify " + action.uriOfPredicate());
}
log.debug("EditorEditingPolicy for EditDatapropStmt returns authorization because the user is a editor");
return new BasicPolicyDecision(Authorization.AUTHORIZED,"EditorEditingPolicy: user may edit data property statement");
/* see SelfEditingPolicy for examples of any individual-based policy decisions */
}
public PolicyDecision visit(IdentifierBundle ids, EditObjPropStmt action) {
if( ids == null || action == null )
return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy, null action or ids");
//cannot edit resources related to system
if( !canModifyResource( action.uriOfObject ) )
return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy does not grant access to admin resources; " +
"cannot modify " + action.uriOfObject);
if( !canModifyResource( action.uriOfSubject ) )
return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy does not grant access to admin resources; " +
"cannot modify " + action.uriOfSubject);
if( !canModifyPredicate( action.uriOfPredicate ) )
return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy does not grant access to admin predicates; " +
"cannot modify " + action.uriOfPredicate);
return new BasicPolicyDecision(Authorization.AUTHORIZED,"EditorEditingPolicy: user may edit any individual");
/* see SelfEditingPolicy for examples of any individual-based policy decisions */
}
public PolicyDecision visit(IdentifierBundle ids, UploadFile action) {
return new BasicPolicyDecision(Authorization.AUTHORIZED,"EditorEditingPolicy: may upload files");
}
// *** the following actions are generally not part of editor editing *** //
public PolicyDecision visit(IdentifierBundle ids, AddNewUser action) {
return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"EditorEditingPolicy does not authorize administrative modifications");
}
public PolicyDecision visit(IdentifierBundle ids, RemoveUser action) {
return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"EditorEditingPolicy does not authorize administrative modifications");
}
public PolicyDecision visit(IdentifierBundle ids, LoadOntology action) {
return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"EditorEditingPolicy does not authorize administrative modifications");
}
public PolicyDecision visit(IdentifierBundle ids, RebuildTextIndex action) {
return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"EditorEditingPolicy does not authorize administrative modifications");
}
public PolicyDecision visit(IdentifierBundle ids, UpdateTextIndex action) {
return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"EditorEditingPolicy does not authorize administrative modifications");
}
public PolicyDecision visit(IdentifierBundle ids, ServerStatus action) {
return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"EditorEditingPolicy does not authorize administrative modifications");
}
public PolicyDecision visit(IdentifierBundle ids, CreateOwlClass action) {
return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"EditorEditingPolicy does not authorize administrative modifications");
}
public PolicyDecision visit(IdentifierBundle ids, RemoveOwlClass action) {
return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"EditorEditingPolicy does not authorize administrative modifications");
}
public PolicyDecision visit(IdentifierBundle ids, DefineDataProperty action) {
return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"EditorEditingPolicy does not authorize administrative modifications");
}
public PolicyDecision visit(IdentifierBundle ids, DefineObjectProperty action) {
return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"EditorEditingPolicy does not authorize administrative modifications");
}
public String toString(){
return "EditorEditingPolicy " + hashCode()
+ " nspaces: " + prohibitedNs.size() + " prohibited Props: "
+ prohibitedProperties.size() + " prohibited resources: "
+ prohibitedResources.size();
}
}

18
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/Ids2QueryBindings.java Normal file
View file

@ -0,0 +1,18 @@
package edu.cornell.mannlib.vitro.webapp.auth.policy;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import java.util.List;
import com.hp.hpl.jena.query.QuerySolutionMap;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
public interface Ids2QueryBindings {
/**
* Returns null if no binding can be made. In some implementations this
* might be different than an empty QuerySolutionMap. Must be thread safe.
*/
public List<QuerySolutionMap> makeScopeBinding(IdentifierBundle ids, RequestedAction action );
}

502
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/JenaNetidPolicy.java Normal file
View file

@ -0,0 +1,502 @@
package edu.cornell.mannlib.vitro.webapp.auth.policy;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import java.io.InputStream;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import javax.servlet.ServletContextEvent;
import javax.servlet.ServletContextListener;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import com.hp.hpl.jena.query.Query;
import com.hp.hpl.jena.query.QueryExecution;
import com.hp.hpl.jena.query.QueryExecutionFactory;
import com.hp.hpl.jena.query.QueryFactory;
import com.hp.hpl.jena.query.QuerySolutionMap;
import com.hp.hpl.jena.rdf.model.Model;
import com.hp.hpl.jena.rdf.model.ModelFactory;
import com.thoughtworks.xstream.XStream;
import com.thoughtworks.xstream.io.xml.DomDriver;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.Identifier;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.SelfEditingIdentifierFactory;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.ServletIdentifierBundleFactory;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.SelfEditingIdentifierFactory.NetId;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.DefaultInconclusivePolicy;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.VisitingPolicyIface;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddDataPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddObjectPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddResource;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropDataPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropObjectPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropResource;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.EditDataPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.EditObjPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.AddNewUser;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.LoadOntology;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.RebuildTextIndex;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.RemoveUser;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.ServerStatus;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.UpdateTextIndex;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.UploadFile;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.AdminRequestedAction;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.OntoRequestedAction;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.CreateOwlClass;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.DefineDataProperty;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.DefineObjectProperty;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.RemoveOwlClass;
import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
/**
* This policy looks for a netid in the IdentifierBundle and will use that netid
* as a anchor in SPARQL queries. These queries are intended to specify the relations
* that allow authorization.
*
* We could use things other than SPARQL. Other possibilities:
* Some java driven code that worked with the the jena Model
* Fresnel Selector Language (FSL)
* SWRL?
*
* example of how to set up the xml:
*
* <code>
<edu.cornell.mannlib.vitro.webapp.auth.policy.JenaNetidPolicy>
<name>Example Policy</name>
<prefixes>PREFIX rdf: &lt;http://www.w3.org/1999/02/22-rdf-syntax-ns#&gt;
PREFIX rdfs: &lt;http://www.w3.org/2000/01/rdf-schema#&gt;
PREFIX vivoa: &lt;http://vivo.library.cornell.edu/abox#&gt;
PREFIX vivo: &lt;http://vivo.library.cornell.edu/ns/0.1#&gt;
PREFIX vitro: &lt;http://lowe.mannlib.cornell.edu/ns/vitro/0.1/vitro.owl#&gt;
</prefixes>
<actionToQueryStr>
<entry>
<string>edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropDataPropStmt</string>
<list>
<string>ASK WHERE { ?subject vitro:netid ?netid }</string>
<string>ASK WHERE { ?object vitro:netid ?netid }</string>
</list>
</entry>
<entry>
<string>edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropObjectPropStmt</string>
<list>
<string>ASK WHERE { ?subject vitro:netid ?netid }</string>
<string>ASK WHERE { ?object vitro:netid ?netid }</string>
</list>
</entry>
<entry>
<string>edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddObjectPropStmt</string>
<list>
<string>ASK WHERE { ?subject vitro:netid ?netid }</string>
<string>ASK WHERE { ?object vitro:netid ?netid }</string>
</list>
</entry>
<entry>
<string>edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddDataPropStmt</string>
<list>
<string>ASK WHERE { ?subject vitro:netid ?netid }</string>
<string>ASK WHERE { ?object vitro:netid ?netid }</string>
</list>
</entry>
</actionToQueryStr>
</edu.cornell.mannlib.vitro.webapp.auth.policy.JenaNetidPolicy>
</code>
* @author bdc34
*
*/
public class JenaNetidPolicy extends DefaultInconclusivePolicy implements VisitingPolicyIface {
protected transient Model model = ModelFactory.createDefaultModel();
private transient HashMap<String,Query> queryStrToQuery = new HashMap<String,Query>();
/** human readable name for this policy */
protected String name="Unnamed Policy";
/** prefixes for SPARQL queries. */
protected String prefixes = DEFAULT_PREFIXES;
/** Specifies the type of Authorization returned when the SPARQL query succeeds. This allows us to
* create a JenaNetidPolicy that returns UNAUTHORIZED when the some set of conditions are meet. */
protected Authorization authForSuccessfulQuery = Authorization.AUTHORIZED;
/** The SPARQL queries. They should all be of the type ASK and
* they should all have the variable ?netid */
protected HashMap<String,List<String>> actionToQueryStr = new HashMap<String,List<String>>();
/* *************************** Constructors ******************************* */
/**
* See JenaNetidPolicy.setupDefault() for the sparql queries that will
* be used by the default JenaNetidPolicy.
*/
public JenaNetidPolicy(Model model){
if( model == null ){
this.model = ModelFactory.createDefaultModel();
}else{
this.model = model;
}
setupDefault();
}
/**
* Loads sparql statements for policy from a JSON text file.
*
* @param model
* @param sparqlStmts
*/
public JenaNetidPolicy(Model model, InputStream policySpec){
this(model, policySpec, Authorization.AUTHORIZED);
}
/*
* Load xml policy files with this.getClass().getResourceAsStream()
* Notice that / is the path seperator and strings that lack
* a leading slash are relative to the package of the this.getClass().
*/
public JenaNetidPolicy(Model model, String resource){
this(model, JenaNetidPolicy.class.getResourceAsStream(resource));
}
public JenaNetidPolicy(Model model, InputStream policySpec, Authorization authForSuccessfulQuery){
this.authForSuccessfulQuery = authForSuccessfulQuery;
XStream x = new XStream(new DomDriver());
//XStream x = new XStream();
JenaNetidPolicy jnip =(JenaNetidPolicy) x.fromXML( policySpec );
this.actionToQueryStr = jnip.actionToQueryStr;
this.prefixes = jnip.prefixes;
this.name = jnip.name;
this.model = model;
}
/* *********************** Methods ************************************ */
public PolicyDecision isAuthorized(IdentifierBundle whoToAuth,
RequestedAction whatToAuth) {
BasicPolicyDecision pd = new BasicPolicyDecision(Authorization.INCONCLUSIVE,"not yet set");
if( whoToAuth == null )
return pd.setMessage("whoToAuth was null");
if(whatToAuth == null)
return pd.setMessage("whatToAuth was null");
String netid = getNetid(whoToAuth);
if (netid == null)
return pd.setMessage("Unable to get netid from IdBundle");
//kick off the visitor pattern
return whatToAuth.accept(this, whoToAuth);
}
/* ************************* visit methods ************************** */
public PolicyDecision visit(IdentifierBundle ids, AddResource action) {
log.debug("doing AddResource");
List<String> queryStrs = actionToQueryStr.get(action.getClass().getName());
if( queryStrs == null || queryStrs.size() ==0 )
return new BasicPolicyDecision(Authorization.INCONCLUSIVE,
"no queryies found for action" + action.getClass().getName());
QuerySolutionMap parameters = new QuerySolutionMap();
parameters.add("netid", model.createLiteral( getNetid(ids) ));
parameters.add("subject",model.createResource( action.getSubjectUri() ));
return doQueries(queryStrs,parameters,action);
}
public PolicyDecision visit(IdentifierBundle ids, DropResource action) {
log.debug("doing DropResource");
BasicPolicyDecision pd = new BasicPolicyDecision(Authorization.INCONCLUSIVE, "");
List<String> queryStrs = actionToQueryStr.get(action.getClass().getName());
if( queryStrs == null || queryStrs.size() ==0 )
return new BasicPolicyDecision(Authorization.INCONCLUSIVE,
"no queryies found for action" + action.getClass().getName());
QuerySolutionMap parameters = new QuerySolutionMap();
parameters.add("netid", model.createLiteral( getNetid(ids) ));
parameters.add("subject",model.createResource( action.getSubjectUri() ));
return doQueries(queryStrs,parameters,action);
}
public PolicyDecision visit(IdentifierBundle ids, AddObjectPropStmt action) {
log.debug("doing AddObjectPropStmt in visit()");
List<String> queryStrs = actionToQueryStr.get(action.getClass().getName());
if( queryStrs == null || queryStrs.size() ==0 )
return new BasicPolicyDecision(Authorization.INCONCLUSIVE,
"no queryies found for action" + action.getClass().getName());
QuerySolutionMap parameters = new QuerySolutionMap();
parameters.add("netid", model.createLiteral( getNetid(ids) ));
parameters.add("subject",model.createResource( action.getUriOfSubject() )) ;
parameters.add("object", model.createResource( action.getUriOfObject() )) ;
parameters.add("predicate", model.createResource( action.getUriOfPredicate() )) ;
return doQueries(queryStrs,parameters,action);
}
public PolicyDecision visit(IdentifierBundle ids, DropObjectPropStmt action) {
log.debug("doing DropObjectPropStmt");
List<String> queryStrs = actionToQueryStr.get(action.getClass().getName());
if( queryStrs == null || queryStrs.size() ==0 )
return new BasicPolicyDecision(Authorization.INCONCLUSIVE,
"no queryies found for action" + action.getClass().getName());
QuerySolutionMap parameters = new QuerySolutionMap();
parameters.add("netid", model.createLiteral( getNetid(ids) ));
parameters.add("subject",model.createResource( action.getUriOfSubject() )) ;
parameters.add("object", model.createResource( action.getUriOfObject() )) ;
parameters.add("predicate", model.createResource( action.getUriOfPredicate() )) ;
return doQueries(queryStrs,parameters,action);
}
public PolicyDecision visit(IdentifierBundle ids, AddDataPropStmt action) {
log.debug("doing AddDataPropStmt");
List<String> queryStrs = actionToQueryStr.get(action.getClass().getName());
if( queryStrs == null || queryStrs.size() ==0 )
return new BasicPolicyDecision(Authorization.INCONCLUSIVE,
"no queryies found for action" + action.getClass().getName());
QuerySolutionMap parameters = new QuerySolutionMap();
parameters.add("netid", model.createLiteral( getNetid(ids) ));
parameters.add("subject",model.createResource( action.getResourceUri() )) ;
parameters.add("predicate", model.createResource( action.getDataPropUri() )) ;
parameters.add("literalValue", model.createLiteral(action.getData() ));
return doQueries(queryStrs,parameters,action);
}
public PolicyDecision visit(IdentifierBundle ids, DropDataPropStmt action) {
log.debug("doing DropDataPropStmt");
List<String> queryStrs = actionToQueryStr.get(action.getClass().getName());
if( queryStrs == null || queryStrs.size() ==0 )
return new BasicPolicyDecision(Authorization.INCONCLUSIVE,
"no queries found for action" + action.getClass().getName());
QuerySolutionMap parameters = new QuerySolutionMap();
parameters.add("netid", model.createLiteral( getNetid(ids) ));
parameters.add("subject",model.createResource( action.uriOfSubject() )) ;
parameters.add("predicate", model.createResource( action.uriOfPredicate() )) ;
parameters.add("literalValue", model.createLiteral(action.data() )); // caution: will always do untyped things
return doQueries(queryStrs,parameters,action);
}
/* ******************************** utilities ****************************** */
private PolicyDecision doQueries(List<String>queryStrs, QuerySolutionMap parameters, RequestedAction action){
SparqlPolicyDecision pd = new SparqlPolicyDecision(Authorization.INCONCLUSIVE,"");
for(String quStr : queryStrs){
Query query = getQueryForQueryStr(quStr);
pd.setQuery(query);
QueryExecution qexec = QueryExecutionFactory.create(query, model, parameters);
pd.setQexec(qexec);
boolean pathFound = qexec.execAsk();
if( pathFound ){
pd.setAuthorized(authForSuccessfulQuery);
pd.setMessage(action.getClass().getName() + " permited by " + quStr);
if( log.isDebugEnabled()){
log.debug(action.getClass().getName() + " permited by " + quStr);
log.debug(query);
}
break;
} else {
if( log.isDebugEnabled()){
log.debug(action.getClass().getName() + " no results for " + query);
log.debug(query);
}
}
}
return pd;
}
private Query getQueryForQueryStr(String queryStr){
Query q = queryStrToQuery.get(queryStr);
if( q == null ){
q = QueryFactory.create(prefixes + queryStr);
queryStrToQuery.put(queryStr, q);
}
return q;
}
private QuerySolutionMap idsToSolutionMap(IdentifierBundle id){
// right now we can only turn netids into QSMs
String netid = getNetid(id);
if( netid == null || netid.length() == 0)
return null;
QuerySolutionMap qsm = new QuerySolutionMap();
Model m = ModelFactory.createDefaultModel();
qsm.add("netid",m.createLiteral(netid));
return qsm;
}
private String getNetid(IdentifierBundle whoToAuth) {
String netidStr = null;
for(Identifier id : whoToAuth){
if (id instanceof NetId) {
NetId netid = (NetId) id;
netidStr = netid.getValue();
break;
}
}
if( log.isDebugEnabled() )
log.debug("netid was " + (netidStr!=null?netidStr:"null") );
return netidStr;
}
/**
* An inner class used to setup everything that's needed for
* a JenaNetidPolicy. This setups the JenaNetidPolicy and a
* NetIdIdentifierFactory.
*
* @author bdc34
*
*/
public class ContextSetup implements ServletContextListener {
public void contextInitialized(ServletContextEvent sce) {
try{
log.trace("Setting up JenaNetidPolicy");
Model model = (Model) sce.getServletContext().getAttribute("jenaOntModel");
if( model == null ){
log.error("could not get jenaOntModel from JenaBaseDao, JenaNetidPolicy will not work");
}
JenaNetidPolicy jnip = new JenaNetidPolicy(model);
ServletPolicyList spl = ServletPolicyList.getPolicies(sce.getServletContext());
spl.add(jnip);
SelfEditingIdentifierFactory niif =new SelfEditingIdentifierFactory();
ServletIdentifierBundleFactory.addIdentifierBundleFactory(sce.getServletContext(), niif);
}catch(Exception e){
log.error("could not create AuthorizationFactory: " + e);
e.printStackTrace();
}
}
public void contextDestroyed(ServletContextEvent sce) { /*nothing*/ }
}
private void setupDefault(){
// --- AddObjectPropStmt ---
// may have 4 parameters: netid, object, predicate, and subject.
ArrayList <String> queries = new ArrayList<String>();
queries.add( "ASK WHERE { ?subject vitro:netid ?netid }");
queries.add( "ASK WHERE { ?object vitro:netid ?netid }");
actionToQueryStr.put( AddObjectPropStmt.class.getName(), queries);
// --- DropObjectPropStmt ---
queries = new ArrayList<String>();
queries.add( "ASK WHERE { ?subject vitro:netid ?netid }");
queries.add( "ASK WHERE { ?object vitro:netid ?netid }");
actionToQueryStr.put( DropObjectPropStmt.class.getName(), queries);
// --- DropDataPropStmt ---
queries = new ArrayList<String>();
queries.add( "ASK WHERE { ?subject vitro:netid ?netid }");
queries.add( "ASK WHERE { ?object vitro:netid ?netid }");
actionToQueryStr.put( DropDataPropStmt.class.getName(), queries);
// --- AddDataPropStmt ---
queries = new ArrayList<String>();
queries.add( "ASK WHERE { ?subject vitro:netid ?netid }");
queries.add( "ASK WHERE { ?object vitro:netid ?netid }");
actionToQueryStr.put( AddDataPropStmt.class.getName(), queries);
// --- DropResource ---
queries = new ArrayList<String>();
queries.add( "ASK WHERE { ?subject vitro:netid ?netid }");
queries.add( "ASK WHERE { ?object vitro:netid ?netid }");
actionToQueryStr.put( DropObjectPropStmt.class.getName(), queries);
// --- AddResource ---
queries = new ArrayList<String>();
queries.add( "ASK WHERE { ?subject vitro:netid ?netid }");
queries.add( "ASK WHERE { ?object vitro:netid ?netid }");
actionToQueryStr.put( DropObjectPropStmt.class.getName(), queries);
}
public final static String netIdPropUri = VitroVocabulary.vitroURI+ "netid";
private static final Log log = LogFactory.getLog(JenaNetidPolicy.class.getName());
public final static String DEFAULT_PREFIXES =
"PREFIX rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"+
"PREFIX rdfs: <http://www.w3.org/2000/01/rdf-schema#>\n"+
"PREFIX vivoa: <http://vivo.library.cornell.edu/abox#>\n"+
"PREFIX vivo: <http://vivo.library.cornell.edu/ns/0.1#>\n"+
"PREFIX vitro: <"+ VitroVocabulary.vitroURI+">\n";
public PolicyDecision visit(IdentifierBundle ids, CreateOwlClass action) {
return UNAUTH;
}
public PolicyDecision visit(IdentifierBundle ids, RemoveOwlClass action) {
return UNAUTH;
}
public PolicyDecision visit(IdentifierBundle ids, DefineDataProperty action) {
return UNAUTH;
}
public PolicyDecision visit(IdentifierBundle ids, DefineObjectProperty action){
return UNAUTH;
}
public PolicyDecision visit(IdentifierBundle ids, AddNewUser action) {
return UNAUTH;
}
public PolicyDecision visit(IdentifierBundle ids, RemoveUser action) {
return UNAUTH;
}
public PolicyDecision visit(IdentifierBundle ids, LoadOntology action) {
return UNAUTH;
}
public PolicyDecision visit(IdentifierBundle ids, RebuildTextIndex action) {
return UNAUTH;
}
public PolicyDecision visit(IdentifierBundle ids, UpdateTextIndex action) {
return UNAUTH;
}
public PolicyDecision visit(IdentifierBundle ids, UploadFile action) {
return UNAUTH;
}
public PolicyDecision visit(IdentifierBundle ids, ServerStatus action) {
return UNAUTH;
}
public PolicyDecision visit(IdentifierBundle ids, EditDataPropStmt action) {
return UNAUTH;
}
public PolicyDecision visit(IdentifierBundle ids, EditObjPropStmt action) {
return UNAUTH;
}
private final PolicyDecision UNAUTH = new PolicyDecision(){
public Authorization getAuthorized() {return Authorization.UNAUTHORIZED; }
public String getMessage() {
return "JenaNetidPolicy doesn't authorize admin or onto editing actions";
}
public String getDebuggingInfo() { return ""; }
public String getStackTrace() { return ""; }
};
}

59
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyList.java Normal file
View file

@ -0,0 +1,59 @@
package edu.cornell.mannlib.vitro.webapp.auth.policy;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import java.util.ArrayList;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
/**
* This is a List of Policy Objects that implements PolciyIface. The intent
* is to make it easy to query a list of policies for a PolicyDecision.
*
* The Policy objects in the PolicyList are queried for authorization in order
* and return the first AUTHORIZED or UNAUTHROIZED decision. INCONCLUSIVE
* or null decisions will be ignored and the next policy on the list will
* be queried.
*
*
* @author bdc34
*
*/
public class PolicyList extends ArrayList<PolicyIface> implements PolicyIface{
private static final Log log = LogFactory.getLog(PolicyList.class.getName());
public PolicyList(){
super();
}
public PolicyDecision isAuthorized(IdentifierBundle whoToAuth, RequestedAction whatToAuth) {
PolicyDecision pd = null;
for(PolicyIface policy : this){
try{
pd = policy.isAuthorized(whoToAuth, whatToAuth);
if( pd != null ){
if( pd.getAuthorized() == Authorization.AUTHORIZED )
break;
if( pd.getAuthorized() == Authorization.UNAUTHORIZED )
break;
// if( pd.getAuthorized() == Authorization.INCONCLUSIVE )
// continue;
} else{
log.debug("policy " + policy.toString() + " returned a null PolicyDecision");
}
}catch(Throwable th){
log.error("ignoring exception in policy " + policy.toString(), th );
}
}
return pd;
}
}

45
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/RequestPolicyList.java Normal file
View file

@ -0,0 +1,45 @@
package edu.cornell.mannlib.vitro.webapp.auth.policy;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import javax.servlet.ServletRequest;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
/**
* This is store and get policies with a Request.
*/
public class RequestPolicyList extends PolicyList{
public final static String POLICY_LIST = "PolicyList";
private static final Log log = LogFactory.getLog( RequestPolicyList.class );
@SuppressWarnings("unchecked")
public static PolicyList getPolicies(ServletRequest request){
PolicyList list = null;
try{
list = (PolicyList)request.getAttribute(POLICY_LIST);
}catch(ClassCastException cce){
log.error(POLICY_LIST +" server context attribute was not of type PolicyList");
}
if( list == null ){
list = new RequestPolicyList();
request.setAttribute(POLICY_LIST, list);
}
return list;
}
public static void addPolicy(ServletRequest request, PolicyIface policy){
PolicyList policies = getPolicies(request);
if( !policies.contains(policy) ){
policies.add(policy);
log.info("Added policy: " + policy.toString());
}else{
log.info("Ignored attempt to add redundent policy.");
}
}
}

186
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/RoleBasedPolicy.java Normal file
View file

@ -0,0 +1,186 @@
package edu.cornell.mannlib.vitro.webapp.auth.policy;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import java.util.HashMap;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import edu.cornell.mannlib.vedit.beans.LoginFormBean;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.Identifier;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.DefaultInconclusivePolicy;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.VisitingPolicyIface;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddDataPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddObjectPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddResource;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropDataPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropObjectPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropResource;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.AddNewUser;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.LoadOntology;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.RebuildTextIndex;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.RemoveUser;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.ServerStatus;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.UpdateTextIndex;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.UploadFile;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.CreateOwlClass;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.DefineDataProperty;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.DefineObjectProperty;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.RemoveOwlClass;
/**
* Policy that mimics the authorization roles of the old system. So each
* principle that is to be authorized needs to be associated with an individual
* in the model and the individual needs to have a ObjectPropertyStatement between it and
* a authorization role.
*
* ex.
*
* vivo:indvidual23323 vivo:cornellNetId "bdc34".
* vivo:indvidual22323 vitro:authRole <role://50>.
*
* Notice that this policy doesn't need setup because it will look for
* an authorization role identifier in the model.
*
* @author bdc34
*
*/
public class RoleBasedPolicy extends DefaultInconclusivePolicy implements PolicyIface {
private static final Log log = LogFactory.getLog(RoleBasedPolicy.class.getName());
/**
* What is the minimum AuthRole needed to perform a given action?
*/
private static Map<Class,AuthRole> actionToMinRole = new HashMap<Class,AuthRole>();
static{
//anybody actions
//view resources?
//user actions
//allow netid authenticated people to do things?
//edit actions
actionToMinRole.put(AddDataPropStmt.class, AuthRole.EDITOR);
actionToMinRole.put(AddObjectPropStmt.class, AuthRole.EDITOR);
actionToMinRole.put(AddResource.class, AuthRole.EDITOR);
actionToMinRole.put(DropDataPropStmt.class, AuthRole.EDITOR);
actionToMinRole.put(DropObjectPropStmt.class, AuthRole.EDITOR);
actionToMinRole.put(DropResource.class, AuthRole.EDITOR);
actionToMinRole.put(UploadFile.class, AuthRole.EDITOR);
actionToMinRole.put(ServerStatus.class, AuthRole.EDITOR);
actionToMinRole.put(UpdateTextIndex.class, AuthRole.EDITOR);
//curator actions
actionToMinRole.put(DefineDataProperty.class, AuthRole.CURATOR);
actionToMinRole.put(DefineObjectProperty.class, AuthRole.CURATOR);
actionToMinRole.put(CreateOwlClass.class, AuthRole.CURATOR);
actionToMinRole.put(RemoveOwlClass.class, AuthRole.CURATOR);
//dba actions (dba role is allowed to do anything)
actionToMinRole.put(AddNewUser.class, AuthRole.DBA);
actionToMinRole.put(LoadOntology.class, AuthRole.DBA);
actionToMinRole.put(RemoveUser.class, AuthRole.DBA);
actionToMinRole.put(RebuildTextIndex.class, AuthRole.DBA);
};
public PolicyDecision isAuthorized(IdentifierBundle whomToAuth, RequestedAction whatToAuth) {
if( whomToAuth == null ){
log.error( "null was passed as whoToAuth" );
return new BasicPolicyDecision(Authorization.INCONCLUSIVE,"null was passed as whoToAuth");
}
if( whatToAuth == null ){
log.error("null was passed as whatToAuth");
return new BasicPolicyDecision(Authorization.INCONCLUSIVE,"null was passed as whatToAuth");
}
//dba can do anything
if( AuthRole.DBA.thisRoleOrGreater(whomToAuth))
return new BasicPolicyDecision(Authorization.AUTHORIZED,"in DBA role");
//We need to find the class of the RequestedAction since that
//encodes what type of action is being requested.
Class requesetClass = whatToAuth.getClass();
AuthRole minmumRoleForAction = actionToMinRole.get(requesetClass);
if( minmumRoleForAction == null ){
String msg = "no minimum role found for action " + whatToAuth.getClass().getName();
log.error(msg);
return new BasicPolicyDecision(Authorization.UNAUTHORIZED,msg);
}
if( minmumRoleForAction.thisRoleOrGreater(whomToAuth) )
return new BasicPolicyDecision(Authorization.AUTHORIZED,"authorized for role");
else
return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"not authorized for role");
}
/**
* Because it extends AbstractPolicySetup and implements this method, RoleBasedPolicy
* can be used as a ServletContextListener that puts its self on the ServletPolicyList
* at servlet context initialization.
*
* Notice that this method also setups the IdentifierBundleFactory that it needs.
*/
// @Override
// public List<PolicyIface> createPolicies(ServletContextEvent sce) {
// List<PolicyIface> list = new ArrayList<PolicyIface>(1);
// list.add(new RoleBasedPolicy());
//
// //notice that the idBundleFactory gets created here,
// JenaRoleIdentifierBundleFactory jibf = new JenaRoleIdentifierBundleFactory(userModelUri);
// ServletIdentifierBundleFactory.addIdentifierBundleFactory(sce.getServletContext(),jibf);
//
// return list;
// }
/********************** Roles *****************************************/
public static enum AuthRole implements Identifier {
// ANYBODY("http://vitro.mannlib.cornell.edu/authRole#anybody",0),
// USER("http://vitro.mannlib.cornell.edu/authRole#user",1),
// EDITOR("http://vitro.mannlib.cornell.edu/authRole#editor",2),
// CURATOR("http://vitro.mannlib.cornell.edu/authRole#curator",3),
// DBA("http://vitro.mannlib.cornell.edu/authRole#dba",50);
ANYBODY( "role:/0" ,LoginFormBean.ANYBODY),
USER( "role:/1" ,LoginFormBean.NON_EDITOR),
EDITOR( "role:/4" ,LoginFormBean.EDITOR),
CURATOR( "role:/5" ,LoginFormBean.CURATOR),
DBA( "role:/50",LoginFormBean.DBA);
private final String roleUri;
private final int level;
AuthRole(String uri, int level) {
this.roleUri = uri;
this.level = level;
}
public String roleUri() { return roleUri; }
public int level() {return level;}
/** returns null if not found */
public static AuthRole convertUriToAuthRole(String uri){
for( AuthRole role : AuthRole.values()){
if( role.roleUri().equals( uri ))
return role;
}
return null;
}
public boolean thisRoleOrGreater(IdentifierBundle ibundle){
if( ibundle == null )
return false;
for(Object obj : ibundle){
if( obj instanceof AuthRole &&
((AuthRole)obj).level() >= this.level())
return true;
}
return false;
}
}/* end of enum AuthRole */
}/* end of class RoleBasedPolicy */

479
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicy.java Normal file
View file

@ -0,0 +1,479 @@
package edu.cornell.mannlib.vitro.webapp.auth.policy;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import com.hp.hpl.jena.rdf.model.impl.Util;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.Identifier;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.SelfEditingIdentifierFactory;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.SelfEditingIdentifierFactory.SelfEditing;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.VisitingPolicyIface;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddDataPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddObjectPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddResource;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropDataPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropObjectPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropResource;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.EditDataPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.EditObjPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.AddNewUser;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.LoadOntology;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.RebuildTextIndex;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.RemoveUser;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.ServerStatus;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.UpdateTextIndex;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.UploadFile;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.AdminRequestedAction;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.OntoRequestedAction;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.CreateOwlClass;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.DefineDataProperty;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.DefineObjectProperty;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.RemoveOwlClass;
import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
/**
* Policy to use for Vivo Self-Editing based on NetId for use at Cornell.
* All methods in this class should be thread safe
* and side effect free.
*/
public class SelfEditingPolicy implements VisitingPolicyIface {
protected static Log log = LogFactory.getLog( SelfEditingPolicy.class );
/** regex for extracting a namespace from a URI */
// Do not use this; use Jena's splitNamespace() util instead.
//private Pattern ns = Pattern.compile("([^#]*#)[^#]*");
/**
* Namespaces from which Self Editors should not be able to use resources.
*/
private Set<String> prohibitedNs;
/** URIs of properties that SelfEditors should not be able to use in statements*/
protected Set<String>prohibitedProperties;
/** URIs of resources that SelfEditors should not be able to use in statements*/
protected Set<String>prohibitedResources;
/** Indicates which Authorization to use when the user isn't explicitly authorized. */
private static Authorization defaultFailure = Authorization.INCONCLUSIVE;
/** URIs of properties from prohibited namespaces that Self Editors need to be
* able to edit */
protected Set<String> editableVitroUris;
public SelfEditingPolicy(
Set<String>prohibitedProperties,
Set<String>prohibitedResources,
Set<String>prohibitedNamespaces,
Set<String> editableVitroUris ){
if( prohibitedProperties != null )
this.prohibitedProperties = prohibitedProperties;
else
this.prohibitedProperties = Collections.EMPTY_SET;
if( prohibitedResources != null )
this.prohibitedResources = prohibitedResources;
else
this.prohibitedResources = Collections.EMPTY_SET;
if( prohibitedNamespaces != null )
this.prohibitedNs = prohibitedNamespaces;
else{
prohibitedNs = new HashSet<String>();
prohibitedNs.add( VitroVocabulary.vitroURI);
prohibitedNs.add( VitroVocabulary.OWL );
prohibitedNs.add("");
}
if( editableVitroUris != null )
this.editableVitroUris = editableVitroUris;
else{
this.editableVitroUris = new HashSet<String>();
this.editableVitroUris.add(VitroVocabulary.MONIKER);
this.editableVitroUris.add(VitroVocabulary.BLURB);
this.editableVitroUris.add(VitroVocabulary.MODTIME);
this.editableVitroUris.add(VitroVocabulary.TIMEKEY);
this.editableVitroUris.add(VitroVocabulary.CITATION);
this.editableVitroUris.add(VitroVocabulary.IMAGEFILE);
this.editableVitroUris.add(VitroVocabulary.IMAGETHUMB);
this.editableVitroUris.add(VitroVocabulary.LINK);
this.editableVitroUris.add(VitroVocabulary.PRIMARY_LINK);
this.editableVitroUris.add(VitroVocabulary.ADDITIONAL_LINK);
this.editableVitroUris.add(VitroVocabulary.LINK_ANCHOR);
this.editableVitroUris.add(VitroVocabulary.LINK_URL);
this.editableVitroUris.add(VitroVocabulary.KEYWORD_INDIVIDUALRELATION);
this.editableVitroUris.add(VitroVocabulary.KEYWORD_INDIVIDUALRELATION_INVOLVESKEYWORD);
this.editableVitroUris.add(VitroVocabulary.KEYWORD_INDIVIDUALRELATION_INVOLVESINDIVIDUAL);
this.editableVitroUris.add(VitroVocabulary.KEYWORD_INDIVIDUALRELATION_MODE);
}
}
public PolicyDecision isAuthorized(IdentifierBundle whoToAuth, RequestedAction whatToAuth) {
BasicPolicyDecision pd = new BasicPolicyDecision(this.defaultFailure,"not yet set");
if( whoToAuth == null )
return pd.setMessage("whoToAuth was null");
if(whatToAuth == null)
return pd.setMessage("whatToAuth was null");
SelfEditingIdentifierFactory.SelfEditing selfEditId = SelfEditingIdentifierFactory.getSelfEditingIdentifier(whoToAuth);
if( selfEditId == null )
return pd.setMessage("no SelfEditing Identifier found in IdentifierBundle");
if( selfEditId.getBlacklisted() != null ){
//pd.setAuthorized(Authorization.UNAUTHORIZED);
return pd.setMessage("user blacklisted because of " + selfEditId.getBlacklisted());
}
String editorUri = selfEditId.getValue();
if (editorUri == null)
return new BasicPolicyDecision(Authorization.INCONCLUSIVE,
"No Identifiers Related to SelfEditing found");
if (whatToAuth instanceof OntoRequestedAction)
return pd.setMessage("JenaNetidPolicy doesn't authorize OntoRequestedActions");
if (whatToAuth instanceof AdminRequestedAction)
return pd.setMessage("JenaNetidPolicy doesn't authorize AdminRequestedActions");
//kick off the visitor pattern
return whatToAuth.accept(this, whoToAuth);
}
protected String getUriOfEditor( IdentifierBundle whoToAuth) {
if( whoToAuth == null ) return null;
String uriStr = null;
for(Identifier id : whoToAuth){
if (id instanceof SelfEditing) {
SelfEditing seu = (SelfEditing) id;
uriStr = seu.getValue();
log.debug("found SelfEditingUri" + uriStr);
break;
}
}
return uriStr;
}
protected boolean canModifyResource(String uri){
if( uri == null || uri.length() == 0 )
return false;
if( editableVitroUris.contains( uri ) )
return true;
String namespace = uri.substring(0, Util.splitNamespace(uri));
//Matcher match = ns.matcher(uri);
//if( match.matches() && match.groupCount() > 0){
// String namespace = match.group(1);
if( prohibitedNs.contains( namespace ) ) {
log.debug("The uri "+uri+" represents a resource that cannot be modified because it matches a prohibited namespace");
return false;
}
//}
return true;
}
protected boolean canModifyPredicate(String uri){
if( uri == null || uri.length() == 0 )
return false;
if( editableVitroUris.contains( uri ) )
return true;
if( prohibitedProperties.contains(uri)) {
log.debug("The uri "+uri+" represents a predicate that cannot be modified because it is on a list of properties prohibited from self editing");
return false;
}
String namespace = uri.substring(0, Util.splitNamespace(uri));
//Matcher match = ns.matcher(uri);
//if( match.matches() && match.groupCount() > 0){
// String namespace = match.group(1);
if( prohibitedNs.contains( namespace ) ) {
log.debug("The uri "+uri+" represents a predicate that cannot be modified because it matches a prohibited namespace");
return false;
}
//}
return true;
}
public PolicyDecision visit(IdentifierBundle ids, AddObjectPropStmt action) {
if( ids == null || action == null )
return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy, null action or ids");
//cannot edit resources related to system
if( !canModifyResource( action.uriOfObject ) )
return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy does not grant access to admin resources; " +
"cannot modify " + action.uriOfObject);
if( !canModifyResource( action.uriOfSubject ) )
return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy does not grant access to admin resources; " +
"cannot modify " + action.uriOfSubject);
if( !canModifyPredicate( action.uriOfPredicate ) )
return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy does not grant access to admin predicates; " +
"cannot modify " + action.uriOfPredicate);
String userUri = getUriOfEditor(ids);
if( userUri == null )
return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy, no uri found for editor");
if( userUri.equals( action.uriOfObject ) )
return new BasicPolicyDecision(Authorization.AUTHORIZED,"SelfEditingPolicy: user is object of statement");
if( userUri.equals( action.uriOfSubject ) )
return new BasicPolicyDecision(Authorization.AUTHORIZED,"SelfEditingPolicy: user is subject of statement");
return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy: no close relation to editor");
}
public PolicyDecision visit(IdentifierBundle ids, DropResource action) {
if( ids == null || action == null )
return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy, null action or ids");
if( prohibitedNs.contains( action.getSubjectUri() ) )
return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy does not removal of admin resources");
return new BasicPolicyDecision(Authorization.AUTHORIZED,"SelfEditingPolicy: may remove resource");
}
public PolicyDecision visit(IdentifierBundle ids, AddResource action) {
if( ids == null || action == null )
return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy, null action or ids");
if( prohibitedNs.contains( action.getSubjectUri() ) )
return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy does not allow creation of admin resources");
return new BasicPolicyDecision(Authorization.AUTHORIZED,"SelfEditingPolicy: may add resource");
}
public PolicyDecision visit(IdentifierBundle ids, DropDataPropStmt action) {
if( ids == null || action == null ) {
log.debug("SelfEditingPolicy for DropDataPropStmt is inconclusive because the test has null action or ids");
return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy, null action or ids");
}
//cannot edit resources related to system
if( prohibitedNs.contains( action.uriOfSubject() ) ) {
log.debug("SelfEditingPolicy for DropDatapropStmt is inconclusive because it does not grant access to admin resources");
return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy does not grant access to admin resources");
}
//many predicates are prohibited by namespace but there are many ones that self editors need to work with
if( prohibitedNs.contains(action.uriOfPredicate() ) && ! editableVitroUris.contains( action.uriOfPredicate() ) ) {
log.debug("SelfEditingPolicy for DropDatapropStmt is inconclusive because it does not grant access to admin controls");
return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy does not grant access to admin controls");
}
if( !canModifyPredicate( action.uriOfPredicate() ) )
return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy does not grant access to admin predicates; " +
"cannot modify " + action.uriOfPredicate());
String userUri = getUriOfEditor(ids);
if( userUri == null ) {
log.debug("SelfEditingPolicy for DropDatapropStmt is inconclusive because found no uri for editor");
return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy, no uri found for editor");
}
if( userUri.equals( action.uriOfSubject() ) ) {
log.debug("SelfEditingPolicy for DropDatapropStmt authorizes since user is subject of statement");
return new BasicPolicyDecision(Authorization.AUTHORIZED,"SelfEditingPolicy: user is subject of statement");
}
log.debug("SelfEditingPolicy for DropDatapropStmt returns inconclusive because the statement has no close relation to the editor");
return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy: no close relation to editor");
}
public PolicyDecision visit(IdentifierBundle ids, DropObjectPropStmt action) {
if( ids == null || action == null )
return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy, null action or ids");
//cannot edit resources related to system
if( !canModifyResource( action.uriOfObject ) )
return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy does not grant access to admin resources; " +
"cannot modify " + action.uriOfObject);
if( !canModifyResource( action.uriOfSubject ) )
return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy does not grant access to admin resources; " +
"cannot modify " + action.uriOfSubject);
if( !canModifyPredicate( action.uriOfPredicate ) )
return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy does not grant access to admin predicates; " +
"cannot modify " + action.uriOfPredicate);
String userUri = getUriOfEditor(ids);
if( userUri == null )
return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy, no uri found for editor");
if( userUri.equals( action.uriOfObject ) )
return new BasicPolicyDecision(Authorization.AUTHORIZED,"SelfEditingPolicy: user is object of statement");
if( userUri.equals( action.uriOfSubject ) )
return new BasicPolicyDecision(Authorization.AUTHORIZED,"SelfEditingPolicy: user is subject of statement");
return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy: no close relation to editor");
}
public PolicyDecision visit(IdentifierBundle ids, AddDataPropStmt action) {
if( ids == null || action == null )
return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy, null action or ids");
//cannot edit resources related to system
if( prohibitedNs.contains( action.getResourceUri() ) )
return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy does not grant access to admin resources");
//many predicates are prohibited by namespace but there are many ones that self editors need to work with
if( prohibitedNs.contains(action.getDataPropUri() ) && ! editableVitroUris.contains( action.getDataPropUri() ) )
return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy does not grant access to admin controls");
if( !canModifyPredicate( action.getDataPropUri() ) )
return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy does not grant access to admin predicates; " +
"cannot modify " + action.getDataPropUri());
String userUri = getUriOfEditor(ids);
if( userUri == null )
return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy, no uri found for editor");
if( userUri.equals( action.getResourceUri() ) )
return new BasicPolicyDecision(Authorization.AUTHORIZED,"SelfEditingPolicy: user is subject of statement");
return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy: no close relation to editor");
}
public PolicyDecision visit(IdentifierBundle ids, EditDataPropStmt action) {
if( ids == null || action == null ) {
log.debug("SelfEditingPolicy for EditDataPropStmt is inconclusive because the test has null action or ids");
return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy, null action or ids");
}
//cannot edit resources related to system
if( !canModifyResource( action.uriOfSubject() ) ) {
log.debug("SelfEditingPolicy for EditDatapropStmt action is inconclusive because it does not grant access to admin resources; cannot modify " + action.uriOfSubject());
return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy does not grant access to admin resources; " +
"cannot modify " + action.uriOfSubject());
}
if( !canModifyPredicate( action.uriOfPredicate() ) ) {
log.debug("SelfEditingPolicy for EditDatapropStmt is inconclusive because it does not grant access to admin predicates; cannot modify " + action.uriOfPredicate());
return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy does not grant access to admin predicates; " +
"cannot modify " + action.uriOfPredicate());
}
String userUri = getUriOfEditor(ids);
if( userUri == null ) {
log.debug("SelfEditingPolicy for EditDatapropStmt returns inconclusive because no uri was found for editor");
return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy, no uri found for editor");
}
if( userUri.equals( action.uriOfSubject() ) ) {
log.debug("SelfEditingPolicy for EditDatapropStmt returns authorization because the user is subject of statement");
return new BasicPolicyDecision(Authorization.AUTHORIZED,"SelfEditingPolicy: user is subject of statement");
}
log.debug("SelfEditingPolicy for EditDatapropStmt returns inconclusive because the statement has no close relation to the editor");
return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy: no close relation to editor");
}
public PolicyDecision visit(IdentifierBundle ids, EditObjPropStmt action) {
if( ids == null || action == null )
return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy, null action or ids");
//cannot edit resources related to system
if( !canModifyResource( action.uriOfObject ) )
return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy does not grant access to admin resources; " +
"cannot modify " + action.uriOfObject);
if( !canModifyResource( action.uriOfSubject ) )
return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy does not grant access to admin resources; " +
"cannot modify " + action.uriOfSubject);
if( !canModifyPredicate( action.uriOfPredicate ) )
return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy does not grant access to admin predicates; " +
"cannot modify " + action.uriOfPredicate);
String userUri = getUriOfEditor(ids);
if( userUri == null )
return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy, no uri found for editor");
if( userUri.equals( action.uriOfObject ) )
return new BasicPolicyDecision(Authorization.AUTHORIZED,"SelfEditingPolicy: user is object of statement");
if( userUri.equals( action.uriOfSubject ) )
return new BasicPolicyDecision(Authorization.AUTHORIZED,"SelfEditingPolicy: user is subject of statement");
return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy: editor not involved in triple");
}
public PolicyDecision visit(IdentifierBundle ids, UploadFile action) {
return new BasicPolicyDecision(Authorization.AUTHORIZED,"SelfEditingPolicy: may upload files");
}
// *** the following actions are generally not part of self editing *** //
public PolicyDecision visit(IdentifierBundle ids, AddNewUser action) {
return new BasicPolicyDecision(Authorization.INCONCLUSIVE,"SelfEditingPolicy does not authorize administrative modifications");
}
public PolicyDecision visit(IdentifierBundle ids, RemoveUser action) {
return new BasicPolicyDecision(Authorization.INCONCLUSIVE,"SelfEditingPolicy does not authorize administrative modifications");
}
public PolicyDecision visit(IdentifierBundle ids, LoadOntology action) {
return new BasicPolicyDecision(Authorization.INCONCLUSIVE,"SelfEditingPolicy does not authorize administrative modifications");
}
public PolicyDecision visit(IdentifierBundle ids, RebuildTextIndex action) {
return new BasicPolicyDecision(Authorization.INCONCLUSIVE,"SelfEditingPolicy does not authorize administrative modifications");
}
public PolicyDecision visit(IdentifierBundle ids, UpdateTextIndex action) {
return new BasicPolicyDecision(Authorization.INCONCLUSIVE,"SelfEditingPolicy does not authorize administrative modifications");
}
public PolicyDecision visit(IdentifierBundle ids, ServerStatus action) {
return new BasicPolicyDecision(Authorization.INCONCLUSIVE,"SelfEditingPolicy does not authorize administrative modifications");
}
public PolicyDecision visit(IdentifierBundle ids, CreateOwlClass action) {
return new BasicPolicyDecision(Authorization.INCONCLUSIVE,"SelfEditingPolicy does not authorize administrative modifications");
}
public PolicyDecision visit(IdentifierBundle ids, RemoveOwlClass action) {
return new BasicPolicyDecision(Authorization.INCONCLUSIVE,"SelfEditingPolicy does not authorize administrative modifications");
}
public PolicyDecision visit(IdentifierBundle ids, DefineDataProperty action) {
return new BasicPolicyDecision(Authorization.INCONCLUSIVE,"SelfEditingPolicy does not authorize administrative modifications");
}
public PolicyDecision visit(IdentifierBundle ids, DefineObjectProperty action) {
return new BasicPolicyDecision(Authorization.INCONCLUSIVE,"SelfEditingPolicy does not authorize administrative modifications");
}
public String toString(){
return "SelfEditingPolicy " + hashCode()
+ " nspaces: " + prohibitedNs.size() + " prohibited Props: "
+ prohibitedProperties.size() + " prohibited resources: "
+ prohibitedResources.size();
}
public static void setDefaultFailure( Authorization defaultFail){
SelfEditingPolicy.defaultFailure = defaultFail;
}
}

106
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/ServletPolicyList.java Normal file
View file

@ -0,0 +1,106 @@
package edu.cornell.mannlib.vitro.webapp.auth.policy;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import java.util.ListIterator;
import javax.servlet.ServletContext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import com.hp.hpl.jena.rdf.model.Model;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.VisitingPolicyIface;
/**
* This is a PolicyList that can do isAuthorized and stashes a singleton
* in the ServletContext.
*
* The intent of this class is to allow a single point for policies
* in a ServletContext. example:
* <code>
* Authorization canIDoIt = ServletPolicyList.getPolicies( getServletContext() ).isAuthorized( IdBundle, action );
* </code>
*
* @author bdc34
*
*/
public class ServletPolicyList extends PolicyList {
protected static String POLICY_LIST = "policy_list";
private static final Log log = LogFactory.getLog(ServletPolicyList.class.getName());
/**
* This is for general public use to get a list of policies for the ServletContext.
* @param sc
* @return
*/
@SuppressWarnings("unchecked")
public static ServletPolicyList getPolicies(ServletContext sc){
ServletPolicyList list = null;
try{
list = (ServletPolicyList)sc.getAttribute(POLICY_LIST);
}catch(ClassCastException cce){
log.error(POLICY_LIST +" server context attribute was not of type List<PolicyIface>");
}
if( list == null ){
list = new ServletPolicyList();
sc.setAttribute(POLICY_LIST, list);
}
return list;
}
public static void addPolicy(ServletContext sc, PolicyIface policy){
ServletPolicyList policies = getPolicies(sc);
if( !policies.contains(policy) ){
policies.add(policy);
log.info("Added policy: " + policy.toString());
}else{
log.info("Ignored attempt to add redundent policy.");
}
}
/**
* This adds the policy to the front of the list but it may be moved further down
* the list by other policies that are later added using this method.
*/
public static void addPolicyAtFront(ServletContext sc, PolicyIface policy){
ServletPolicyList policies = getPolicies(sc);
if( !policies.contains(policy) ){
policies.add(0,policy);
log.info("Added policy at front of ServletPolicyList: " + policy.toString());
}else{
log.info("Ignored attempt to add redundent policy.");
}
}
/**
* Replace first instance of policy found in policy list. If no instance
* is found in list add at end of the list.
*
* @param sc
* @param policy
*/
public static void replacePolicy(ServletContext sc, PolicyIface policy){
if( sc == null )
throw new IllegalArgumentException( "replacePolicy() needs a non-null ServletContext");
if( policy == null )
return;
Class clzz = policy.getClass();
ServletPolicyList spl = ServletPolicyList.getPolicies(sc);
ListIterator<PolicyIface> it = spl.listIterator();
boolean replaced = false;
while(it.hasNext()){
VisitingPolicyIface p = (VisitingPolicyIface)it.next();
if( clzz.isAssignableFrom(p.getClass()) ){
it.set( policy );
replaced = true;
}
}
if( ! replaced ){
ServletPolicyList.addPolicy(sc, policy);
}
}
}

292
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/SparqlPolicy.java Normal file
View file

@ -0,0 +1,292 @@
package edu.cornell.mannlib.vitro.webapp.auth.policy;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import java.io.InputStream;
import java.util.HashMap;
import java.util.List;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import com.hp.hpl.jena.query.Query;
import com.hp.hpl.jena.query.QueryExecution;
import com.hp.hpl.jena.query.QueryExecutionFactory;
import com.hp.hpl.jena.query.QueryFactory;
import com.hp.hpl.jena.query.QuerySolutionMap;
import com.hp.hpl.jena.rdf.model.Model;
import com.hp.hpl.jena.rdf.model.ModelFactory;
import com.thoughtworks.xstream.XStream;
import com.thoughtworks.xstream.io.xml.DomDriver;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.DefaultInconclusivePolicy;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.VisitingPolicyIface;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddDataPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddObjectPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddResource;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropDataPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropObjectPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropResource;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.EditDataPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.EditObjPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.AddNewUser;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.LoadOntology;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.RebuildTextIndex;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.RemoveUser;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.ServerStatus;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.UpdateTextIndex;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.UploadFile;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.CreateOwlClass;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.DefineDataProperty;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.DefineObjectProperty;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.RemoveOwlClass;
/**
* This policy maps strings in the IdentifierBundle to a QuerySolutioinMap in order
* to bind identifiers with unbound variables in SPARQL queries.
* These queries are intended to specify the relations that allow authorization.
* If the query return no rows will be interpreted as unauthorized and a
* query returning one or more rows will be interpreted as authorized.
*
* @author bdc34
*
*/
public class SparqlPolicy extends DefaultInconclusivePolicy implements VisitingPolicyIface{
protected Model model = ModelFactory.createDefaultModel();
private HashMap<String,Query> queryStrToQuery = new HashMap<String,Query>();
/** human readable name for this policy */
protected String name="Unnamed Policy";
/** prefixes for SPARQL queries. */
protected String prefixes = "";
/** The SPARQL queries. They should all be of the type ASK */
protected HashMap<String,List<String>> actionToQueryStr = new HashMap<String,List<String>>();
/** Function to transform identifiers into a QuerySolutionMap */
private Ids2QueryBindings binder;
private String resource = null;
/**
* Load XML policy files with this.getClass().getResourceAsStream()
* Notice that / is the path separator and strings that lack
* a leading slash are relative to the package of the this.getClass().
*/
public SparqlPolicy(Model model, Ids2QueryBindings binder, String resource){
if( model == null )
throw new IllegalArgumentException("model must not be null.");
if( binder == null )
throw new IllegalArgumentException("binder must not be null.");
if( resource == null )
throw new IllegalArgumentException("resource must not be null.");
this.model = model;
this.binder = binder;
this.resource = resource;
loadPolicy();
}
public void loadPolicy(){
InputStream policySpec = SparqlPolicy.class.getResourceAsStream(resource);
XStream x = new XStream(new DomDriver());
SparqlPolicy jnip =(SparqlPolicy) x.fromXML( policySpec );
this.actionToQueryStr = jnip.actionToQueryStr;
this.prefixes = jnip.prefixes;
this.name = jnip.name;
try{
policySpec.close();
}catch(Throwable th){}
}
/* *********************** Methods ************************************ */
public PolicyDecision isAuthorized(IdentifierBundle whoToAuth,
RequestedAction whatToAuth) {
if( whoToAuth == null )
return new BasicPolicyDecision(Authorization.INCONCLUSIVE,"whoToAuth was null");
if(whatToAuth == null)
return new BasicPolicyDecision(Authorization.INCONCLUSIVE,"whatToAuth was null");
List<String> queryStrs = actionToQueryStr.get(whatToAuth.getClass().getName());
if( queryStrs == null || queryStrs.size() ==0 )
return new BasicPolicyDecision(Authorization.INCONCLUSIVE,
"no queryies found for action" + whatToAuth.getClass().getName());
//kick off the visitor pattern which generally just calls doQueries()
return whatToAuth.accept(this, whoToAuth);
}
private PolicyDecision doQueries(List<String>queryStrs, IdentifierBundle ids, RequestedAction action){
SparqlPolicyDecision pd = new SparqlPolicyDecision(Authorization.INCONCLUSIVE,"");
List<QuerySolutionMap> bindings = binder.makeScopeBinding(ids, action);
for( QuerySolutionMap scope: bindings ){
for(String quStr : queryStrs){
Query query = getQueryForQueryStr(quStr);
pd.setQuery(query);
QueryExecution qexec = QueryExecutionFactory.create(query, model, scope);
pd.setQexec(qexec);
boolean pathFound = qexec.execAsk();
if( pathFound ){
pd.setAuthorized(Authorization.AUTHORIZED);
pd.setMessage(action.getClass().getName() + " permited by " + quStr);
if( log.isDebugEnabled()){
log.debug(action.getClass().getName() + " permited by " + quStr);
log.debug(query);
}
return pd;
} else {
if( log.isDebugEnabled()){
log.debug(action.getClass().getName() + " no results for " + query);
log.debug(query);
}
}
}
}
return pd;
}
private Query getQueryForQueryStr(String queryStr){
//memoize queries
Query q = queryStrToQuery.get(queryStr);
if( q == null ){
q = QueryFactory.create(prefixes + queryStr);
queryStrToQuery.put(queryStr, q);
}
return q;
}
/* ***************** Visit methods ********************** */
private final String pkg = "edu.cornell.mannlib.vitro.webapp.auth.requestedAction.";
public PolicyDecision visit(IdentifierBundle ids, AddObjectPropStmt action) {
return doQueries(actionToQueryStr.get(pkg +"AddObjectPropStmt"),ids,action);
}
public PolicyDecision visit(IdentifierBundle ids, DropResource action) {
return doQueries(actionToQueryStr.get(pkg +"DropResource"),ids,action);
}
public PolicyDecision visit(IdentifierBundle ids, DropDataPropStmt action) {
return doQueries(actionToQueryStr.get(pkg +"DropDataPropStmt"),ids,action);
}
public PolicyDecision visit(IdentifierBundle ids, DropObjectPropStmt action) {
return doQueries(actionToQueryStr.get(pkg +"DropObjectPropStmt"),ids,action);
}
public PolicyDecision visit(IdentifierBundle ids, AddResource action) {
return doQueries(actionToQueryStr.get(pkg +"AddResource"),ids,action);
}
public PolicyDecision visit(IdentifierBundle ids, AddDataPropStmt action) {
return doQueries(actionToQueryStr.get(pkg +"AddDataPropStmt"),ids,action);
}
public PolicyDecision visit(IdentifierBundle ids, UploadFile action) {
return doQueries(actionToQueryStr.get(pkg +"UploadFile"),ids,action);
}
public PolicyDecision visit(IdentifierBundle ids, EditDataPropStmt action) {
return doQueries(actionToQueryStr.get(pkg +"EditDataPropStmt"),ids,action);
}
public PolicyDecision visit(IdentifierBundle ids, EditObjPropStmt action) {
return doQueries(actionToQueryStr.get(pkg +"EditObjPropStmt"),ids,action);
}
/* **** Currently the following actions are unauthorized by this policy **** */
public PolicyDecision visit(IdentifierBundle ids, CreateOwlClass action) {
return UNAUTH;
}
public PolicyDecision visit(IdentifierBundle ids, RemoveOwlClass action) {
return UNAUTH;
}
public PolicyDecision visit(IdentifierBundle ids, DefineDataProperty action) {
return UNAUTH;
}
public PolicyDecision visit(IdentifierBundle ids,
DefineObjectProperty action) {
return UNAUTH;
}
public PolicyDecision visit(IdentifierBundle ids, ServerStatus action) {
return UNAUTH;
}
public PolicyDecision visit(IdentifierBundle ids, AddNewUser action) {
return UNAUTH;
}
public PolicyDecision visit(IdentifierBundle ids, RemoveUser action) {
return UNAUTH;
}
public PolicyDecision visit(IdentifierBundle ids, LoadOntology action) {
return UNAUTH;
}
public PolicyDecision visit(IdentifierBundle ids, RebuildTextIndex action) {
return UNAUTH;
}
public PolicyDecision visit(IdentifierBundle ids, UpdateTextIndex action) {
return UNAUTH;
}
private static final Log log = LogFactory.getLog(SparqlPolicy.class.getName());
private final PolicyDecision UNAUTH = new PolicyDecision(){
public Authorization getAuthorized() {return Authorization.UNAUTHORIZED; }
public String getMessage() {
return name + " SparqlPolicy doesn't authorize admin or onto editing actions";
}
public String getDebuggingInfo() { return ""; }
public String getStackTrace() { return ""; }
};
/*
* example of how to set up the xml:
*
* <code>
<edu.cornell.mannlib.vitro.webapp.auth.policy.JenaNetidPolicy>
<name>Example Policy</name>
<prefixes>PREFIX rdf: &lt;http://www.w3.org/1999/02/22-rdf-syntax-ns#&gt;
PREFIX rdfs: &lt;http://www.w3.org/2000/01/rdf-schema#&gt;
PREFIX vivoa: &lt;http://vivo.library.cornell.edu/abox#&gt;
PREFIX vivo: &lt;http://vivo.library.cornell.edu/ns/0.1#&gt;
PREFIX vitro: &lt;http://lowe.mannlib.cornell.edu/ns/vitro/0.1/vitro.owl#&gt;
</prefixes>
<actionToQueryStr>
<entry>
<string>edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropDataPropStmt</string>
<list>
<string>ASK WHERE { ?subject vitro:netid ?netid }</string>
<string>ASK WHERE { ?object vitro:netid ?netid }</string>
</list>
</entry>
<entry>
<string>edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropObjectPropStmt</string>
<list>
<string>ASK WHERE { ?subject vitro:netid ?netid }</string>
<string>ASK WHERE { ?object vitro:netid ?netid }</string>
</list>
</entry>
<entry>
<string>edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddObjectPropStmt</string>
<list>
<string>ASK WHERE { ?subject vitro:netid ?netid }</string>
<string>ASK WHERE { ?object vitro:netid ?netid }</string>
</list>
</entry>
<entry>
<string>edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddDataPropStmt</string>
<list>
<string>ASK WHERE { ?subject vitro:netid ?netid }</string>
<string>ASK WHERE { ?object vitro:netid ?netid }</string>
</list>
</entry>
</actionToQueryStr>
</edu.cornell.mannlib.vitro.webapp.auth.policy.JenaNetidPolicy>
</code>
*/
}

61
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/SparqlPolicyDecision.java Normal file
View file

@ -0,0 +1,61 @@
package edu.cornell.mannlib.vitro.webapp.auth.policy;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import com.hp.hpl.jena.query.Query;
import com.hp.hpl.jena.query.QueryExecution;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
/**
* Extends the BasicPolicyDecision with additional debugging information about the
* sparql queries that were run to create the decision.
*
* @author bdc34
*
*/
public class SparqlPolicyDecision extends BasicPolicyDecision {
Query query = null;
QueryExecution qexec = null;
public SparqlPolicyDecision(Authorization authorized, String message) {
super(authorized, message);
}
public QueryExecution getQexec() {
return qexec;
}
public void setQexec(QueryExecution qexec) {
this.qexec = qexec;
}
public Query getQuery() {
return query;
}
public void setQuery(Query query) {
this.query = query;
}
@Override
public String getDebuggingInfo() {
String msg = "";
if( super.getDebuggingInfo() != null && super.getDebuggingInfo().length() > 0)
msg = super.getDebuggingInfo() + '\n';
if( query != null )
msg= msg + "query: \n" + query.toString() + '\n';
else
msg = msg + " query was null \n";
if( qexec != null )
msg = msg + "query exec: \n" + qexec.toString();
else
msg = msg + " query exec was null \n";
return msg;
}
}

10
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/ifaces/Authorization.java Normal file
View file

@ -0,0 +1,10 @@
package edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
public enum Authorization {
AUTHORIZED, //explicitly authorized
UNAUTHORIZED, //explicitly not authorized
INCONCLUSIVE;
}

51
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/ifaces/DefaultAuthorizedPolicy.java Normal file
View file

@ -0,0 +1,51 @@
package edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.policy.BasicPolicyDecision;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddDataPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddObjectPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddResource;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropDataPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropObjectPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropResource;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.EditDataPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.EditObjPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.AddNewUser;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.LoadOntology;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.RebuildTextIndex;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.RemoveUser;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.ServerStatus;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.UpdateTextIndex;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.UploadFile;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.CreateOwlClass;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.DefineDataProperty;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.DefineObjectProperty;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.RemoveOwlClass;
/**
* a policy where every type of action is authorized as INCONCLUSIVE
* by default.
*
* @author bdc34
*
*/
public class DefaultAuthorizedPolicy implements PolicyIface{
public PolicyDecision isAuthorized(IdentifierBundle whoToAuth,
RequestedAction whatToAuth) {
if (whoToAuth == null)
return new BasicPolicyDecision(Authorization.AUTHORIZED,
"null was passed as whoToAuth");
if (whatToAuth == null)
return new BasicPolicyDecision(Authorization.AUTHORIZED,
"null was passed as whatToAuth");
return AUTHORIZED_DECISION;
}
protected static PolicyDecision AUTHORIZED_DECISION = new BasicPolicyDecision(
Authorization.AUTHORIZED,
"This is the default decision defined in DefaultAuthorizedPolicy");
}

50
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/ifaces/DefaultInconclusivePolicy.java Normal file
View file

@ -0,0 +1,50 @@
package edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.policy.BasicPolicyDecision;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddDataPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddObjectPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddResource;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropDataPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropObjectPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropResource;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.EditDataPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.EditObjPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.AddNewUser;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.LoadOntology;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.RebuildTextIndex;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.RemoveUser;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.ServerStatus;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.UpdateTextIndex;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.UploadFile;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.CreateOwlClass;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.DefineDataProperty;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.DefineObjectProperty;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.RemoveOwlClass;
/**
* a policy where every type of action is authorized as INCONCLUSIVE
* by default.
*
* @author bdc34
*
*/
public class DefaultInconclusivePolicy implements PolicyIface{
public PolicyDecision isAuthorized(IdentifierBundle whoToAuth,
RequestedAction whatToAuth) {
if (whoToAuth == null)
return new BasicPolicyDecision(Authorization.INCONCLUSIVE,
"null was passed as whoToAuth");
if (whatToAuth == null)
return new BasicPolicyDecision(Authorization.INCONCLUSIVE,
"null was passed as whatToAuth");
return INCONCLUSIVE_DECISION;
}
protected static PolicyDecision INCONCLUSIVE_DECISION = new BasicPolicyDecision(
Authorization.INCONCLUSIVE,
"THis is the default decision defined in DefaultInconclusivePolicy");
}

52
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/ifaces/DefaultUnauthorizedPolicy.java Normal file
View file

@ -0,0 +1,52 @@
package edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.policy.BasicPolicyDecision;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddDataPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddObjectPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddResource;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropDataPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropObjectPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropResource;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.EditDataPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.EditObjPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.AddNewUser;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.LoadOntology;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.RebuildTextIndex;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.RemoveUser;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.ServerStatus;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.UpdateTextIndex;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.UploadFile;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.CreateOwlClass;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.DefineDataProperty;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.DefineObjectProperty;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.RemoveOwlClass;
/**
*
*a policy where every type of action is authorized as UNAUTHORIZED
* by default. This can be useful for a unauthenticated session or
* as the last policy on a PolicyList to force INCONCLUSIVE decisions
* to UNAUTHORIZED.
*/
public class DefaultUnauthorizedPolicy implements PolicyIface{
protected static PolicyDecision UNAUTHORIZED_DECISION = new BasicPolicyDecision(
Authorization.UNAUTHORIZED,
"This is the default decision defined in DefaultUnauthorizedPolicy");
public PolicyDecision isAuthorized(IdentifierBundle whoToAuth,
RequestedAction whatToAuth) {
if (whoToAuth == null)
return new BasicPolicyDecision(Authorization.UNAUTHORIZED,
"null was passed as whoToAuth");
if (whatToAuth == null)
return new BasicPolicyDecision(Authorization.UNAUTHORIZED,
"null was passed as whatToAuth");
return UNAUTHORIZED_DECISION;
}
}

11
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/ifaces/PolicyDecision.java Normal file
View file

@ -0,0 +1,11 @@
package edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
public interface PolicyDecision {
public Authorization getAuthorized();
public String getStackTrace();
public String getMessage();
public String getDebuggingInfo();
}

19
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/ifaces/PolicyIface.java Normal file
View file

@ -0,0 +1,19 @@
package edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
/**
* Represents the process of mapping an identifier that represents a user or
* principle and a action they are requesting to true, representing authorized or
* false, representing unauthorized.
*
* @author bdc34
*
*/
public interface PolicyIface {
public PolicyDecision isAuthorized(IdentifierBundle whoToAuth, RequestedAction whatToAuth);
}

90
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/ifaces/VisitingPolicyIface.java Normal file
View file

@ -0,0 +1,90 @@
package edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddDataPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddObjectPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddResource;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropDataPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropObjectPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropResource;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.EditDataPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.EditObjPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.AddNewUser;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.LoadOntology;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.RebuildTextIndex;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.RemoveUser;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.ServerStatus;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.UpdateTextIndex;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.UploadFile;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.CreateOwlClass;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.DefineDataProperty;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.DefineObjectProperty;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.RemoveOwlClass;
/**
* This is a interface to write a policy that uses the Visitor pattern.
* In general this should be avoided, just implement PolicyIface.
*
* @author bdc34
*
*/
public interface VisitingPolicyIface extends PolicyIface {
//visitor pattern abstract visitor:
public abstract PolicyDecision visit(IdentifierBundle ids,
CreateOwlClass action);
public abstract PolicyDecision visit(IdentifierBundle ids,
RemoveOwlClass action);
public abstract PolicyDecision visit(IdentifierBundle ids,
DefineDataProperty action);
public abstract PolicyDecision visit(IdentifierBundle ids,
DefineObjectProperty action);
public abstract PolicyDecision visit(IdentifierBundle ids,
AddObjectPropStmt action);
public abstract PolicyDecision visit(IdentifierBundle ids,
DropResource action);
public abstract PolicyDecision visit(IdentifierBundle ids,
DropDataPropStmt action);
public abstract PolicyDecision visit(IdentifierBundle ids,
DropObjectPropStmt action);
public abstract PolicyDecision visit(IdentifierBundle ids,
AddResource action);
public abstract PolicyDecision visit(IdentifierBundle ids,
AddDataPropStmt action);
public abstract PolicyDecision visit(IdentifierBundle ids, AddNewUser action);
public abstract PolicyDecision visit(IdentifierBundle ids, RemoveUser action);
public abstract PolicyDecision visit(IdentifierBundle ids,
LoadOntology action);
public abstract PolicyDecision visit(IdentifierBundle ids,
RebuildTextIndex action);
public abstract PolicyDecision visit(IdentifierBundle ids,
UpdateTextIndex action);
public abstract PolicyDecision visit(IdentifierBundle ids, UploadFile action);
public abstract PolicyDecision visit(IdentifierBundle ids,
ServerStatus action);
public abstract PolicyDecision visit(IdentifierBundle ids,
EditDataPropStmt action);
public abstract PolicyDecision visit(IdentifierBundle ids,
EditObjPropStmt action);
}

35
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/AlwaysAuthorizePolicySetup.java Normal file
View file

@ -0,0 +1,35 @@
package edu.cornell.mannlib.vitro.webapp.auth.policy.setup;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import javax.servlet.ServletContextEvent;
import javax.servlet.ServletContextListener;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ServletPolicyList;
import edu.cornell.mannlib.vitro.webapp.auth.policy.JenaNetidPolicy.ContextSetup;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.DefaultAuthorizedPolicy;
public class AlwaysAuthorizePolicySetup implements ServletContextListener {
private static final Log log = LogFactory.getLog(AlwaysAuthorizePolicySetup.class.getName());
public void contextInitialized(ServletContextEvent sce) {
try{
log.trace("WARNING: Setting up AlwaysAuthorizePolicySetup.");
ServletPolicyList.addPolicy(sce.getServletContext(), new DefaultAuthorizedPolicy() );
}catch(Exception e){
log.error("could not create AuthorizationFactory: " + e);
e.printStackTrace();
}
}
public void contextDestroyed(ServletContextEvent sce) { /*nothing*/ }
}

96
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/CuratorEditingPolicySetup.java Normal file
View file

@ -0,0 +1,96 @@
package edu.cornell.mannlib.vitro.webapp.auth.policy.setup;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import java.util.EnumSet;
import java.util.HashSet;
import java.util.ListIterator;
import java.util.Set;
import javax.servlet.ServletContext;
import javax.servlet.ServletContextEvent;
import javax.servlet.ServletContextListener;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import com.hp.hpl.jena.ontology.OntModel;
import com.hp.hpl.jena.rdf.model.Model;
import com.hp.hpl.jena.rdf.model.ResIterator;
import com.hp.hpl.jena.rdf.model.Resource;
import com.hp.hpl.jena.rdf.model.ResourceFactory;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.CuratorEditingIdentifierFactory;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundleFactory;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.ServletIdentifierBundleFactory;
import edu.cornell.mannlib.vitro.webapp.auth.policy.CuratorEditingPolicy;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ServletPolicyList;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.VisitingPolicyIface;
import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean;
import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
/**
* Sets up RoleBasedPolicy and IdentifierBundleFactory.
* This will cause the vitro native login to add Identifiers that can
* be used by the Auth system and the in-line editing.
*
* To use this add it as a listener to the web.xml.
*
* See RoleBasedPolicy.java
*
* @author bdc34
*
*/
public class CuratorEditingPolicySetup implements ServletContextListener {
private static final Log log = LogFactory.getLog(CuratorEditingPolicySetup.class.getName());
public void contextInitialized(ServletContextEvent sce) {
try{
log.debug("Setting up CuratorEditingPolicy");
//need to make a policy and add it to the ServeltContext
OntModel model = (OntModel)sce.getServletContext().getAttribute("jenaOntModel");
CuratorEditingPolicy cep = makeCuratorEditPolicyFromModel(model);
ServletPolicyList.addPolicy(sce.getServletContext(), cep);
//need to put an IdentifierFactory for CuratorEditingIds into the ServletContext
IdentifierBundleFactory ibfToAdd = new CuratorEditingIdentifierFactory();
ServletIdentifierBundleFactory.addIdentifierBundleFactory(sce.getServletContext(), ibfToAdd);
log.debug( "Finished setting up CuratorEditingPolicy: " + cep );
}catch(Exception e){
log.error("could not run CuratorEditingPolicySetup: " + e);
e.printStackTrace();
}
}
public void contextDestroyed(ServletContextEvent sce) { /*nothing*/ }
public static CuratorEditingPolicy makeCuratorEditPolicyFromModel( Model model ){
CuratorEditingPolicy pol = null;
if( model == null )
pol = new CuratorEditingPolicy(null,null,null,null);
else{
Set<String> prohibitedProps = new HashSet<String>();
//ResIterator it = model.listSubjectsWithProperty( model.createProperty( VitroVocabulary.PROPERTY_CURATOREDITPROHIBITEDANNOT ) );
// need to iterate through one level higher than CURATOR (the higher of current 2 targeted levels) plus all higher levels
for (BaseResourceBean.RoleLevel e : EnumSet.range(BaseResourceBean.RoleLevel.DB_ADMIN,BaseResourceBean.RoleLevel.NOBODY)) {
ResIterator it = model.listSubjectsWithProperty( model.createProperty( VitroVocabulary.PROHIBITED_FROM_UPDATE_BELOW_ROLE_LEVEL_ANNOT),ResourceFactory.createResource(e.getURI()));
while( it.hasNext() ){
Resource resource = it.nextResource();
if( resource != null && resource.getURI() != null ) {
log.debug("adding \""+resource.getURI()+"\" to properties prohibited from inline curator editing ("+e.getLabel()+")");
prohibitedProps.add( resource.getURI() );
}
}
}
pol = new CuratorEditingPolicy(prohibitedProps,null,null,null);
}
return pol;
}
public static void replaceCuratorEditing( ServletContext sc, Model model ){
ServletPolicyList.replacePolicy(sc, makeCuratorEditPolicyFromModel(model));
}
}

95
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/DbAdminEditingPolicySetup.java Normal file
View file

@ -0,0 +1,95 @@
package edu.cornell.mannlib.vitro.webapp.auth.policy.setup;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import java.util.HashSet;
import java.util.ListIterator;
import java.util.Set;
import javax.servlet.ServletContext;
import javax.servlet.ServletContextEvent;
import javax.servlet.ServletContextListener;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import com.hp.hpl.jena.ontology.OntModel;
import com.hp.hpl.jena.rdf.model.Model;
import com.hp.hpl.jena.rdf.model.ResIterator;
import com.hp.hpl.jena.rdf.model.Resource;
import com.hp.hpl.jena.rdf.model.ResourceFactory;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.DbAdminEditingIdentifierFactory;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundleFactory;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.ServletIdentifierBundleFactory;
import edu.cornell.mannlib.vitro.webapp.auth.policy.DbAdminEditingPolicy;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ServletPolicyList;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.VisitingPolicyIface;
import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean;
import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
/**
* Sets up RoleBasedPolicy and IdentifierBundleFactory.
* This will cause the vitro native login to add Identifiers that can
* be used by the Auth system and the in-line editing.
*
* To use this add it as a listener to the web.xml.
*
* See RoleBasedPolicy.java
*
* @author bdc34
*
*/
public class DbAdminEditingPolicySetup implements ServletContextListener {
private static final Log log = LogFactory.getLog(DbAdminEditingPolicySetup.class.getName());
public void contextInitialized(ServletContextEvent sce) {
try{
log.debug("Setting up DbAdminEditingPolicy");
//need to make a policy and add it to the ServeltContext
OntModel model = (OntModel)sce.getServletContext().getAttribute("jenaOntModel");
DbAdminEditingPolicy cep = makeDbAdminEditPolicyFromModel(model);
ServletPolicyList.addPolicy(sce.getServletContext(), cep);
//need to put an IdentifierFactory for DbAdminEditingIds into the ServletContext
IdentifierBundleFactory ibfToAdd = new DbAdminEditingIdentifierFactory();
ServletIdentifierBundleFactory.addIdentifierBundleFactory(sce.getServletContext(), ibfToAdd);
log.debug( "Finished setting up DbAdminEditingPolicy: " + cep );
}catch(Exception e){
log.error("could not run DbAdminEditingPolicySetup: " + e);
e.printStackTrace();
}
}
public void contextDestroyed(ServletContextEvent sce) { /*nothing*/ }
public static DbAdminEditingPolicy makeDbAdminEditPolicyFromModel( Model model ){
DbAdminEditingPolicy pol = null;
if( model == null )
pol = new DbAdminEditingPolicy(null,null,null,null);
else{
Set<String> prohibitedProps = new HashSet<String>();
// no need to iterate through any level higher than DB_ADMIN
//for (BaseResourceBean.RoleLevel e : EnumSet.range(BaseResourceBean.RoleLevel.NOBODY,BaseResourceBean.RoleLevel.NOBODY)) {
BaseResourceBean.RoleLevel e = BaseResourceBean.RoleLevel.NOBODY;
ResIterator it = model.listSubjectsWithProperty( model.createProperty( VitroVocabulary.PROHIBITED_FROM_UPDATE_BELOW_ROLE_LEVEL_ANNOT),ResourceFactory.createResource(e.getURI()));
while( it.hasNext() ){
Resource resource = it.nextResource();
if( resource != null && resource.getURI() != null ) {
log.debug("adding \""+resource.getURI()+"\" to properties prohibited from dbAdmin editing ("+e.getLabel()+")");
prohibitedProps.add( resource.getURI() );
}
}
//}
pol = new DbAdminEditingPolicy(prohibitedProps,null,null,null);
}
return pol;
}
public static void replaceDbAdminEditing( ServletContext sc, Model model ){
ServletPolicyList.replacePolicy(sc, makeDbAdminEditPolicyFromModel(model));
}
}

96
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/EditorEditingPolicySetup.java Normal file
View file

@ -0,0 +1,96 @@
package edu.cornell.mannlib.vitro.webapp.auth.policy.setup;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import java.util.EnumSet;
import java.util.HashSet;
import java.util.ListIterator;
import java.util.Set;
import javax.servlet.ServletContext;
import javax.servlet.ServletContextEvent;
import javax.servlet.ServletContextListener;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import com.hp.hpl.jena.ontology.OntModel;
import com.hp.hpl.jena.rdf.model.Model;
import com.hp.hpl.jena.rdf.model.ResIterator;
import com.hp.hpl.jena.rdf.model.Resource;
import com.hp.hpl.jena.rdf.model.ResourceFactory;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.EditorEditingIdentifierFactory;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundleFactory;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.ServletIdentifierBundleFactory;
import edu.cornell.mannlib.vitro.webapp.auth.policy.EditorEditingPolicy;
import edu.cornell.mannlib.vitro.webapp.auth.policy.SelfEditingPolicy;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ServletPolicyList;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.VisitingPolicyIface;
import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean;
import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
/**
* Sets up RoleBasedPolicy and IdentifierBundleFactory.
* This will cause the vitro native login to add Identifiers that can
* be used by the Auth system and the in-line editing.
*
* To use this add it as a listener to the web.xml.
*
* See RoleBasedPolicy.java
*
* @author bdc34
*
*/
public class EditorEditingPolicySetup implements ServletContextListener {
private static final Log log = LogFactory.getLog(EditorEditingPolicySetup.class.getName());
public void contextInitialized(ServletContextEvent sce) {
try{
log.debug("Setting up EditorEditingPolicy");
//need to make a policy and add it to the ServeltContext
OntModel model = (OntModel)sce.getServletContext().getAttribute("jenaOntModel");
EditorEditingPolicy cep = makeEditorEditPolicyFromModel(model);
ServletPolicyList.addPolicy(sce.getServletContext(), cep);
//need to put an IdentifierFactory for EditorEditingIds into the ServletContext
IdentifierBundleFactory ibfToAdd = new EditorEditingIdentifierFactory();
ServletIdentifierBundleFactory.addIdentifierBundleFactory(sce.getServletContext(), ibfToAdd);
log.debug( "Finished setting up EditorEditingPolicy: " + cep );
}catch(Exception e){
log.error("could not run EditorEditingPolicySetup: " + e);
e.printStackTrace();
}
}
public void contextDestroyed(ServletContextEvent sce) { /*nothing*/ }
public static EditorEditingPolicy makeEditorEditPolicyFromModel( Model model ){
EditorEditingPolicy pol = null;
if( model == null )
pol = new EditorEditingPolicy(null,null,null,null);
else{
Set<String> prohibitedProps = new HashSet<String>();
// need to iterate through one level higher than EDITOR (the higher of current 2 targeted levels) plus all higher levels
for (BaseResourceBean.RoleLevel e : EnumSet.range(BaseResourceBean.RoleLevel.CURATOR,BaseResourceBean.RoleLevel.NOBODY)) {
ResIterator it = model.listSubjectsWithProperty( model.createProperty( VitroVocabulary.PROHIBITED_FROM_UPDATE_BELOW_ROLE_LEVEL_ANNOT),ResourceFactory.createResource(e.getURI()));
while( it.hasNext() ){
Resource resource = it.nextResource();
if( resource != null && resource.getURI() != null ) {
log.debug("adding \""+resource.getURI()+"\" to properties prohibited from inline editor editing ("+e.getLabel()+")");
prohibitedProps.add( resource.getURI() );
}
}
}
pol = new EditorEditingPolicy(prohibitedProps,null,null,null);
}
return pol;
}
public static void replaceEditorEditing( ServletContext sc, Model model ){
ServletPolicyList.replacePolicy(sc, makeEditorEditPolicyFromModel(model));
}
}

54
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/JenaNetidPolicySetup.java Normal file
View file

@ -0,0 +1,54 @@
package edu.cornell.mannlib.vitro.webapp.auth.policy.setup;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import javax.servlet.ServletContextEvent;
import javax.servlet.ServletContextListener;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import com.hp.hpl.jena.ontology.OntModel;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.SelfEditingIdentifierFactory;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.ServletIdentifierBundleFactory;
import edu.cornell.mannlib.vitro.webapp.auth.policy.JenaNetidPolicy;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ServletPolicyList;
import edu.cornell.mannlib.vitro.webapp.auth.policy.JenaNetidPolicy.ContextSetup;
/**
* Class used to setup a JenaNetidPolicy using the default.
* This setups the JenaNetidPolicy and a NetIdIdentifierFactory.
*
* See JenaNetidPolicy.setupDefault() for the sparql queries that will
* be used by the default JenaNetidPolicy.
*
* @author bdc34
*
*/
public class JenaNetidPolicySetup implements ServletContextListener {
private static final Log log = LogFactory.getLog(JenaNetidPolicySetup.class.getName());
public void contextInitialized(ServletContextEvent sce) {
try{
log.debug("Setting up JenaNetidPolicy");
JenaNetidPolicy jnip = new JenaNetidPolicy((OntModel) sce.getServletContext().getAttribute("jenaOntModel"));
ServletPolicyList.addPolicy(sce.getServletContext(), jnip);
SelfEditingIdentifierFactory niif =new SelfEditingIdentifierFactory();
ServletIdentifierBundleFactory.addIdentifierBundleFactory(sce.getServletContext(), niif);
}catch(Exception e){
log.error("could not create AuthorizationFactory: " + e);
e.printStackTrace();
}
}
public void contextDestroyed(ServletContextEvent sce) {
/*nothing*/
}
}

50
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/SelfEditing2RoleIdentifierSetup.java Normal file
View file

@ -0,0 +1,50 @@
package edu.cornell.mannlib.vitro.webapp.auth.policy.setup;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import javax.servlet.ServletContextEvent;
import javax.servlet.ServletContextListener;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.SelfEditing2RoleIdentifierFactory;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.ServletIdentifierBundleFactory;
/**
* Add the SelfEditing2RoleIdentifier factory to the IdentifierFactory list
* in the servlet context.
*
* This should be added to the IdentifierFactory list after the
* SelfEditingIdentiferFactory.
*
* This only sets up a IdentifierFactoy that maps SelfEditing identifiers to
* roles associated with the Individual that represents the self editor. This
* does not set up a policy or the SelfEditingIdentifierFactory.
*
* @author bdc34
*
*/
public class SelfEditing2RoleIdentifierSetup implements ServletContextListener{
private static final Log log = LogFactory.getLog(SelfEditing2RoleIdentifierSetup.class.getName());
public void contextDestroyed(ServletContextEvent sce) {
//do nothing
}
public void contextInitialized(ServletContextEvent sce) {
try{
log.debug("Setting up SelfEditing2RoleIdentifier");
SelfEditing2RoleIdentifierFactory niif =new SelfEditing2RoleIdentifierFactory();
ServletIdentifierBundleFactory.addIdentifierBundleFactory(sce.getServletContext(), niif);
log.debug( "SelfEditing2RoleIdentifier has been setup. " );
}catch(Exception e){
log.error("could not run SelfEditing2RoleIdentifier: " + e);
e.printStackTrace();
}
}
}

101
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/SelfEditingPolicySetup.java Normal file
View file

@ -0,0 +1,101 @@
package edu.cornell.mannlib.vitro.webapp.auth.policy.setup;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import java.util.EnumSet;
import java.util.HashSet;
import java.util.ListIterator;
import java.util.Set;
import javax.servlet.ServletContext;
import javax.servlet.ServletContextEvent;
import javax.servlet.ServletContextListener;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import com.hp.hpl.jena.ontology.OntModel;
import com.hp.hpl.jena.rdf.model.Model;
import com.hp.hpl.jena.rdf.model.ResIterator;
import com.hp.hpl.jena.rdf.model.Resource;
import com.hp.hpl.jena.rdf.model.ResourceFactory;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.SelfEditingIdentifierFactory;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.ServletIdentifierBundleFactory;
import edu.cornell.mannlib.vitro.webapp.auth.policy.SelfEditingPolicy;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ServletPolicyList;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.VisitingPolicyIface;
import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean;
import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
/**
* Policy for SelfEditors. This will set up the self-editing policy which
* will will look for SelfEditing identifier in the IdentifierBundle. If
* the user is associated with a URI in the system then they will be allowed
* to edit resources related to that URI.
*
* To use this add it as a listener to the web.xml.
*
* The SelfEditing policy may return
* Authorization.UNAUTHORIZED so it should be at the start of the
* ServletPolicyList if you want it to override other Policies.
* For example, this Listener should be before the curator listener so
* that if a curator is faking selfEditing the capabilities they have
* as curator will not override the results of the SelfEditing policy.
*
* @author bdc34
*
*/
public class SelfEditingPolicySetup implements ServletContextListener {
private static final Log log = LogFactory.getLog(SelfEditingPolicySetup.class.getName());
public void contextInitialized(ServletContextEvent sce) {
try{
log.debug("Setting up SelfEditingPolicy");
OntModel model = (OntModel)sce.getServletContext().getAttribute("jenaOntModel");
replaceSelfEditing(sce.getServletContext(), model);
SelfEditingIdentifierFactory niif =new SelfEditingIdentifierFactory();
ServletIdentifierBundleFactory.addIdentifierBundleFactory(sce.getServletContext(), niif);
log.debug( "SelfEditingPolicy has been setup. " );
}catch(Exception e){
log.error("could not run SelfEditingPolicySetup: " + e);
e.printStackTrace();
}
}
public void contextDestroyed(ServletContextEvent sce) { /*nothing*/ }
public static SelfEditingPolicy makeSelfEditPolicyFromModel( Model model ){
SelfEditingPolicy pol = null;
if( model == null )
pol = new SelfEditingPolicy(null,null,null,null);
else{
Set<String> prohibitedProps = new HashSet<String>();
//ResIterator it = model.listSubjectsWithProperty( model.createProperty( VitroVocabulary.PROPERTY_SELFEDITPROHIBITEDANNOT ) );
// need to iterate through one level higher than SELF (the lowest level where restrictions make sense) plus all higher levels
for (BaseResourceBean.RoleLevel e : EnumSet.range(BaseResourceBean.RoleLevel.EDITOR,BaseResourceBean.RoleLevel.NOBODY)) {
ResIterator it = model.listSubjectsWithProperty( model.createProperty( VitroVocabulary.PROHIBITED_FROM_UPDATE_BELOW_ROLE_LEVEL_ANNOT),ResourceFactory.createResource(e.getURI()));
while( it.hasNext() ){
Resource resource = it.nextResource();
if( resource != null && resource.getURI() != null ) {
log.debug("adding \""+resource.getURI()+"\" to properties prohibited from self-editing ("+e.getLabel()+")");
prohibitedProps.add( resource.getURI() );
}
}
}
pol = new SelfEditingPolicy(prohibitedProps,null,null,null);
}
return pol;
}
public static void replaceSelfEditing( ServletContext sc, Model model ){
ServletPolicyList.replacePolicy(sc, makeSelfEditPolicyFromModel(model));
}
}

74
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AddDataPropStmt.java Normal file
View file

@ -0,0 +1,74 @@
package edu.cornell.mannlib.vitro.webapp.auth.requestedAction;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.VisitingPolicyIface;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestActionConstants;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
public class AddDataPropStmt implements RequestedAction {
protected String resourceUri;
protected String dataPropUri;
protected String data;
protected String dataType;
protected String lang;
public AddDataPropStmt(String resourceUri, String dataPropUri, String value, String dataType, String lang) {
super();
this.resourceUri = resourceUri;
this.dataPropUri = dataPropUri;
this.data= value;
this.dataType = dataType;
this.lang = lang;
}
public String getDataPropUri() {
return dataPropUri;
}
public void setDataPropUri(String dataPropUri) {
this.dataPropUri = dataPropUri;
}
public String getResourceUri() {
return resourceUri;
}
public void setResourceUri(String resourceUri) {
this.resourceUri = resourceUri;
}
public String getData() {
return data;
}
public void setData(String value) {
this.data= value;
}
public String getDataType() {
return dataType;
}
public void setDataType(String dataType) {
this.dataType = dataType;
}
public String getLang() {
return lang;
}
public void setLang(String lang) {
this.lang = lang;
}
public String getURI() {
return RequestActionConstants.actionNamespace + this.getClass().getName();
}
public PolicyDecision accept(VisitingPolicyIface policy, IdentifierBundle ids ){
return policy.visit(ids, this );
}
}

27
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AddObjectPropStmt.java Normal file
View file

@ -0,0 +1,27 @@
package edu.cornell.mannlib.vitro.webapp.auth.requestedAction;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.VisitingPolicyIface;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestActionConstants;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.ThreeParameterAction;
public class AddObjectPropStmt extends ThreeParameterAction implements RequestedAction {
public AddObjectPropStmt(String uriOfSub, String uriOfPred, String uriOfObj){
this.uriOfSubject = uriOfSub;
this.uriOfObject = uriOfObj;
this.uriOfPredicate = uriOfPred;
}
public String getURI() {
return RequestActionConstants.actionNamespace + this.getClass().getName();
}
public PolicyDecision accept(VisitingPolicyIface policy, IdentifierBundle ids){
return policy.visit(ids,this);
}
}

49
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/AddResource.java Normal file
View file

@ -0,0 +1,49 @@
package edu.cornell.mannlib.vitro.webapp.auth.requestedAction;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.VisitingPolicyIface;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestActionConstants;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.SingleParameterAction;
public class AddResource extends SingleParameterAction implements RequestedAction {
private String typeUri;
private String uri;
public AddResource(String typeUri, String uri) {
super();
this.typeUri = typeUri;
this.uri = uri;
}
//This should return a list of type URIs since an Indiviudal can be multiple types.
public String getTypeUri() {
return typeUri;
}
public void setTypeUri(String typeUri) {
this.typeUri = typeUri;
}
//TODO: rename this method to avoid confusion with getURI()
public String getUri() {
return uri;
}
public void setUri(String uri) {
this.uri = uri;
}
/** returns "java//edu.cornell.mannlib.vitro.webapp.auth.requestedAction.CreateResource" */
public String getURI() {
return RequestActionConstants.actionNamespace + this.getClass().getName();
}
public PolicyDecision accept(VisitingPolicyIface policy, IdentifierBundle ids){
return policy.visit(ids,this);
}
}

87
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/DropDataPropStmt.java Normal file
View file

@ -0,0 +1,87 @@
package edu.cornell.mannlib.vitro.webapp.auth.requestedAction;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.VisitingPolicyIface;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestActionConstants;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement;
public class DropDataPropStmt implements RequestedAction {
final DataPropertyStatement dataPropStmt;
public DropDataPropStmt(DataPropertyStatement dps){
this.dataPropStmt = dps;
}
public PolicyDecision accept(VisitingPolicyIface policy, IdentifierBundle whoToAuth) {
return policy.visit(whoToAuth,this);
}
//TODO: rename this method to something like getUriOfSubject
public String uriOfSubject(){ return dataPropStmt.getIndividualURI(); }
//TODO: rename this method to something like getUriOfPredicate
public String uriOfPredicate(){ return dataPropStmt.getDatapropURI(); }
public String data(){ return dataPropStmt.getData(); }
public String lang(){ return dataPropStmt.getLanguage(); }
public String datatype(){return dataPropStmt.getDatatypeURI(); }
public String getURI() {
return RequestActionConstants.actionNamespace + this.getClass().getName();
}
/*
* TODO: needs to be fixed to work with lang/datatype literals
*/
/*
protected String resourceUri;
protected String dataPropUri;
protected String value;
//TODO: needs to be fixed to work with lang/datatype literals
public DropDataPropStmt(String resourceUri, String dataPropUri, String value) {
super();
this.resourceUri = resourceUri;
this.dataPropUri = dataPropUri;
this.value = value;
}
public String getDataPropUri() {
return dataPropUri;
}
public void setDataPropUri(String dataPropUri) {
this.dataPropUri = dataPropUri;
}
public String getResourceUri() {
return resourceUri;
}
public void setResourceUri(String resourceUri) {
this.resourceUri = resourceUri;
}
//TODO: needs to be fixed to work with lang/datatype literals
public String getValue() {
return value;
}
public void setValue(String value) {
this.value = value;
}
public String getURI() {
return RequestActionConstants.actionNamespace + this.getClass().getName();
}
public PolicyDecision accept(PolicyIface policy, IdentifierBundle ids){
return policy.visit(ids,this);
} */
}

26
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/DropObjectPropStmt.java Normal file
View file

@ -0,0 +1,26 @@
package edu.cornell.mannlib.vitro.webapp.auth.requestedAction;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.VisitingPolicyIface;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestActionConstants;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.ThreeParameterAction;
public class DropObjectPropStmt extends ThreeParameterAction implements RequestedAction {
public DropObjectPropStmt(String sub, String pred, String obj){
setUriOfSubject(sub);
setUriOfPredicate(pred);
setUriOfObject(obj);
}
public String getURI() {
return RequestActionConstants.actionNamespace + this.getClass().getName();
}
public PolicyDecision accept(VisitingPolicyIface policy, IdentifierBundle ids){
return policy.visit(ids,this);
}
}

47
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/DropResource.java Normal file
View file

@ -0,0 +1,47 @@
package edu.cornell.mannlib.vitro.webapp.auth.requestedAction;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.VisitingPolicyIface;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestActionConstants;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.SingleParameterAction;
public class DropResource extends SingleParameterAction implements RequestedAction {
private String typeUri;
private String uri;
public DropResource(String typeUri, String uri) {
super();
this.typeUri = typeUri;
this.uri = uri;
}
public String getTypeUri() {
return typeUri;
}
public void setTypeUri(String typeUri) {
this.typeUri = typeUri;
}
public String getUri() {
return uri;
}
public void setUri(String uri) {
this.uri = uri;
}
/** returns "java//edu.cornell.mannlib.vitro.webapp.auth.requestedAction.CreateResource" */
public String getURI() {
return RequestActionConstants.actionNamespace + this.getClass().getName();
}
public PolicyDecision accept(VisitingPolicyIface policy, IdentifierBundle ids){
return policy.visit(ids, (DropResource)this);
}
}

36
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/EditDataPropStmt.java Normal file
View file

@ -0,0 +1,36 @@
package edu.cornell.mannlib.vitro.webapp.auth.requestedAction;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.VisitingPolicyIface;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestActionConstants;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement;
public class EditDataPropStmt implements RequestedAction {
final DataPropertyStatement dataPropStmt;
public EditDataPropStmt(DataPropertyStatement dps){
this.dataPropStmt = dps;
}
public PolicyDecision accept(VisitingPolicyIface policy, IdentifierBundle whoToAuth) {
return policy.visit(whoToAuth,this);
}
public String uriOfSubject(){ return dataPropStmt.getIndividualURI(); }
public String uriOfPredicate(){ return dataPropStmt.getDatapropURI(); }
public String data(){ return dataPropStmt.getData(); }
public String lang(){ return dataPropStmt.getLanguage(); }
public String datatype(){return dataPropStmt.getDatatypeURI(); }
public String getURI() {
return RequestActionConstants.actionNamespace + this.getClass().getName();
}
}

39
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/EditObjPropStmt.java Normal file
View file

@ -0,0 +1,39 @@
package edu.cornell.mannlib.vitro.webapp.auth.requestedAction;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.VisitingPolicyIface;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestActionConstants;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.ThreeParameterAction;
import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement;
import edu.cornell.mannlib.vitro.webapp.beans.ObjectPropertyStatement;
public class EditObjPropStmt extends ThreeParameterAction implements RequestedAction {
public EditObjPropStmt(ObjectPropertyStatement ops){
setUriOfSubject(ops.getSubjectURI());
setUriOfPredicate(ops.getPropertyURI());
setUriOfObject(ops.getObjectURI());
}
public EditObjPropStmt(String subjectUri, String keywordPredUri,
String objectUri) {
setUriOfSubject(subjectUri);
setUriOfPredicate(keywordPredUri);
setUriOfObject(objectUri);
}
public PolicyDecision accept(VisitingPolicyIface policy, IdentifierBundle whoToAuth) {
return policy.visit(whoToAuth,this);
}
public String getURI() {
return RequestActionConstants.actionNamespace + this.getClass().getName();
}
}

19
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/admin/AddNewUser.java Normal file
View file

@ -0,0 +1,19 @@
package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.VisitingPolicyIface;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.AdminRequestedAction;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestActionConstants;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
public class AddNewUser implements RequestedAction, AdminRequestedAction{
public String getURI() {
return RequestActionConstants.actionNamespace + this.getClass().getName();
}
public PolicyDecision accept(VisitingPolicyIface policy, IdentifierBundle ids){
return policy.visit(ids,this);
}
}

29
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/admin/LoadOntology.java Normal file
View file

@ -0,0 +1,29 @@
package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.VisitingPolicyIface;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.AdminRequestedAction;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestActionConstants;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
public class LoadOntology implements RequestedAction , AdminRequestedAction{
protected String ontologyUrl;
public String getOntologyUrl() {
return ontologyUrl;
}
public void setOntologyUrl(String ontologyUrl) {
this.ontologyUrl = ontologyUrl;
}
public String getURI() {
return RequestActionConstants.actionNamespace + this.getClass().getName();
}
public PolicyDecision accept(VisitingPolicyIface policy, IdentifierBundle ids){
return policy.visit(ids,this);
}
}

20
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/admin/RebuildTextIndex.java Normal file
View file

@ -0,0 +1,20 @@
package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.VisitingPolicyIface;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.AdminRequestedAction;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestActionConstants;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
public class RebuildTextIndex implements RequestedAction , AdminRequestedAction{
public String getURI() {
return RequestActionConstants.actionNamespace + this.getClass().getName();
}
public PolicyDecision accept(VisitingPolicyIface policy, IdentifierBundle ids){
return policy.visit(ids,this);
}
}

29
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/admin/RemoveUser.java Normal file
View file

@ -0,0 +1,29 @@
package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.VisitingPolicyIface;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.AdminRequestedAction;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestActionConstants;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
public class RemoveUser implements RequestedAction, AdminRequestedAction{
protected String userUri;
public String getUserUri() {
return userUri;
}
public void setUserUri(String userUri) {
this.userUri = userUri;
}
public String getURI() {
return RequestActionConstants.actionNamespace + this.getClass().getName();
}
public PolicyDecision accept(VisitingPolicyIface policy, IdentifierBundle ids){
return policy.visit(ids,this);
}
}

27
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/admin/ServerStatus.java Normal file
View file

@ -0,0 +1,27 @@
package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.VisitingPolicyIface;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.AdminRequestedAction;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestActionConstants;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
/**
* Represents a request to view information about the server status.
* @author bdc34
*
*/
public class ServerStatus implements RequestedAction, AdminRequestedAction {
/** returns "java://edu.cornell.mannlib.vitro.webapp.auth.requestActions.ServerStatusRequest" */
public String getURI() {
return RequestActionConstants.actionNamespace + this.getClass().getName();
}
public PolicyDecision accept(VisitingPolicyIface policy, IdentifierBundle ids){
return policy.visit(ids,this);
}
}

21
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/admin/UpdateTextIndex.java Normal file
View file

@ -0,0 +1,21 @@
package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.VisitingPolicyIface;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.AdminRequestedAction;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestActionConstants;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
public class UpdateTextIndex implements RequestedAction, AdminRequestedAction{
public String getURI() {
return RequestActionConstants.actionNamespace + this.getClass().getName();
}
public PolicyDecision accept(VisitingPolicyIface policy, IdentifierBundle ids){
return policy.visit(ids,this);
}
}

29
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/admin/UploadFile.java Normal file
View file

@ -0,0 +1,29 @@
package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.VisitingPolicyIface;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.AdminRequestedAction;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestActionConstants;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
public class UploadFile implements RequestedAction, AdminRequestedAction{
protected String subjectUri;
protected String predicateUri;
public UploadFile(String subjectUri, String predicateUri) {
super();
this.subjectUri = subjectUri;
this.predicateUri = predicateUri;
}
public String getURI() {
return RequestActionConstants.actionNamespace + this.getClass().getName();
}
public PolicyDecision accept(VisitingPolicyIface policy, IdentifierBundle ids){
return policy.visit(ids,this);
}
}

8
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ifaces/AdminRequestedAction.java Normal file
View file

@ -0,0 +1,8 @@
package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
/** marker interface */
public interface AdminRequestedAction {
}

7
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ifaces/OntoRequestedAction.java Normal file
View file

@ -0,0 +1,7 @@
package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
/** marker interface */
public interface OntoRequestedAction {
}

10
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ifaces/RequestActionConstants.java Normal file
View file

@ -0,0 +1,10 @@
package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
public class RequestActionConstants {
public static String actionNamespace = "java://";
public static String SOME_URI = "?SOME_URI";
public static String SOME_LITERAL = "?SOME_LITERAL";
}

23
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ifaces/RequestedAction.java Normal file
View file

@ -0,0 +1,23 @@
package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.VisitingPolicyIface;
/* Represents a request to perform an action. */
public interface RequestedAction {
/**
* In its most basic form, a RequestAction needs to have an
* identifier. Sometimes this will be enough. For example
* ServerStatusRequest.
* @return
*/
public String getURI();
public PolicyDecision accept(VisitingPolicyIface policy, IdentifierBundle whoToAuth);
}

16
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ifaces/SingleParameterAction.java Normal file
View file

@ -0,0 +1,16 @@
package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
public abstract class SingleParameterAction implements RequestedAction {
protected String subjectUri;
public String getSubjectUri() {
return subjectUri;
}
public void setSubjectUri(String subjectUri) {
this.subjectUri = subjectUri;
}
}

37
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ifaces/ThreeParameterAction.java Normal file
View file

@ -0,0 +1,37 @@
package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
/**
* A base class for actions that work with a triple.
*
* @author bdc34
*
*/
public abstract class ThreeParameterAction implements RequestedAction{
//TODO: these should not be public
public String uriOfSubject;
public String uriOfObject;
public String uriOfPredicate;
public String getUriOfObject() {
return uriOfObject;
}
public void setUriOfObject(String uriOfObject) {
this.uriOfObject = uriOfObject;
}
public String getUriOfPredicate() {
return uriOfPredicate;
}
public void setUriOfPredicate(String uriOfPredicate) {
this.uriOfPredicate = uriOfPredicate;
}
public String getUriOfSubject() {
return uriOfSubject;
}
public void setUriOfSubject(String uriOfSubject) {
this.uriOfSubject = uriOfSubject;
}
}

24
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ifaces/TwoParameterAction.java Normal file
View file

@ -0,0 +1,24 @@
package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
public abstract class TwoParameterAction implements RequestedAction {
protected String resourceUri;
protected String secondUri;
public String getResourceUri() {
return resourceUri;
}
public void setResourceUri(String resourceUri) {
this.resourceUri = resourceUri;
}
public String getSecondUri() {
return secondUri;
}
public void setSecondUri(String secondUri) {
this.secondUri = secondUri;
}
}

23
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ontology/CreateOwlClass.java Normal file
View file

@ -0,0 +1,23 @@
package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology;
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.VisitingPolicyIface;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.OntoRequestedAction;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestActionConstants;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.SingleParameterAction;
public class CreateOwlClass extends SingleParameterAction implements RequestedAction, OntoRequestedAction {
public String getURI() {
return RequestActionConstants.actionNamespace + this.getClass().getName();
}
public PolicyDecision accept(VisitingPolicyIface policy, IdentifierBundle ids){
return policy.visit(ids,this);
}
}

Some files were not shown because too many files have changed in this diff Show more