NIHVIVO-1207 Modify IndividualDaoJena to match externally authenticated users with a configured property -- instead of using the hard-coded Cornell e-mail property.
This commit is contained in:
jeb228
parent
d8a8180911
commit
6b874e59ab
9 changed files with 153 additions and 39 deletions
|
|
@ -9,6 +9,7 @@ import javax.servlet.http.HttpSession;
|
|||
import edu.cornell.mannlib.vitro.webapp.auth.identifier.SelfEditingIdentifierFactory.NetId;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.policy.RoleBasedPolicy;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.Individual;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.authenticate.ExternalAuthHelper;
|
||||
import edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory;
|
||||
|
||||
/**
|
||||
|
|
@ -34,7 +35,8 @@ public class FakeSelfEditingIdentifierFactory implements IdentifierBundleFactory
|
|||
NetId netIdToken = new NetId(netid);
|
||||
ib.add(netIdToken);
|
||||
|
||||
String uri = wdf.getIndividualDao().getIndividualURIFromNetId( netid );
|
||||
ExternalAuthHelper helper = ExternalAuthHelper.getBean(request);
|
||||
String uri = helper.getIndividualUriFromNetId(wdf.getIndividualDao(), netid);
|
||||
if( uri != null ){
|
||||
Individual ind = wdf.getIndividualDao().getIndividualByURI(uri);
|
||||
if( ind != null ){
|
||||
|
|
|
|||
|
|
@ -29,6 +29,8 @@ import com.hp.hpl.jena.rdf.model.Resource;
|
|||
|
||||
import edu.cornell.mannlib.vitro.webapp.ConfigurationProperties;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.Individual;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.authenticate.ExternalAuthHelper;
|
||||
import edu.cornell.mannlib.vitro.webapp.dao.IndividualDao;
|
||||
import edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory;
|
||||
|
||||
/**
|
||||
|
|
@ -111,13 +113,16 @@ public class SelfEditingIdentifierFactory implements IdentifierBundleFactory {
|
|||
return null;
|
||||
}
|
||||
|
||||
String uri = wdf.getIndividualDao().getIndividualURIFromNetId(username);
|
||||
IndividualDao indDao = wdf.getIndividualDao();
|
||||
|
||||
ExternalAuthHelper helper = ExternalAuthHelper.getBean(request);
|
||||
String uri = helper.getIndividualUriFromNetId(indDao, username);
|
||||
if (uri == null) {
|
||||
log.debug("could not find an Individual with a netId of "
|
||||
+ username);
|
||||
}
|
||||
|
||||
Individual ind = wdf.getIndividualDao().getIndividualByURI(uri);
|
||||
Individual ind = indDao.getIndividualByURI(uri);
|
||||
if (ind == null) {
|
||||
log.warn("found a URI for the netId " + username
|
||||
+ " but could not build Individual");
|
||||
|
|
|
|||
|
|
@ -39,6 +39,7 @@ import edu.cornell.mannlib.vitro.webapp.beans.ObjectProperty;
|
|||
import edu.cornell.mannlib.vitro.webapp.beans.ObjectPropertyStatement;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.Portal;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.VClass;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.authenticate.ExternalAuthHelper;
|
||||
import edu.cornell.mannlib.vitro.webapp.dao.IndividualDao;
|
||||
import edu.cornell.mannlib.vitro.webapp.dao.ObjectPropertyDao;
|
||||
import edu.cornell.mannlib.vitro.webapp.filestorage.model.FileInfo;
|
||||
|
|
@ -388,8 +389,8 @@ public class EntityController extends VitroHttpServlet {
|
|||
if (netIdStr==null || netIdStr.equals(""))
|
||||
netIdStr = vreq.getParameter("netid");
|
||||
if ( netIdStr != null ){
|
||||
uri = iwDao.getIndividualURIFromNetId(netIdStr);
|
||||
return iwDao.getIndividualByURI(uri);
|
||||
uri = ExternalAuthHelper.getBean(vreq).getIndividualUriFromNetId(iwDao, netIdStr);
|
||||
return iwDao.getIndividualByURI(uri);
|
||||
}
|
||||
|
||||
return null;
|
||||
|
|
|
|||
|
|
@ -0,0 +1,116 @@
|
|||
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
|
||||
|
||||
package edu.cornell.mannlib.vitro.webapp.controller.authenticate;
|
||||
|
||||
import javax.servlet.ServletRequest;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpSession;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
import edu.cornell.mannlib.vitro.webapp.ConfigurationProperties;
|
||||
import edu.cornell.mannlib.vitro.webapp.dao.IndividualDao;
|
||||
|
||||
/**
|
||||
* Capture the properties used by the External Authorization system, and use
|
||||
* them in common ways.
|
||||
*
|
||||
* The first time this bean is requested, it is created from the configuration
|
||||
* properties and cached in the session. After that, the cached version is used.
|
||||
*/
|
||||
public class ExternalAuthHelper {
|
||||
private static final Log log = LogFactory.getLog(ExternalAuthHelper.class);
|
||||
|
||||
private static final ExternalAuthHelper DUMMY_HELPER = new ExternalAuthHelper(
|
||||
null);
|
||||
|
||||
private static final String BEAN_ATTRIBUTE = ExternalAuthHelper.class
|
||||
.getName();
|
||||
|
||||
/**
|
||||
* The configuration property that tells us what property associates an
|
||||
* Individual with a NetID
|
||||
*/
|
||||
private static final String PROPERTY_NETID_MATCHING_PROPERTY = "externalAuth.netidMatchingProperty";
|
||||
|
||||
// ----------------------------------------------------------------------
|
||||
// static methods
|
||||
// ----------------------------------------------------------------------
|
||||
|
||||
/**
|
||||
* If there is no session, there is no bean. If there is a session and no
|
||||
* bean, create one.
|
||||
*
|
||||
* Never returns null.
|
||||
*/
|
||||
public static ExternalAuthHelper getBean(ServletRequest request) {
|
||||
if (!(request instanceof HttpServletRequest)) {
|
||||
log.trace("Not an HttpServletRequest: " + request);
|
||||
return DUMMY_HELPER;
|
||||
}
|
||||
|
||||
HttpSession session = ((HttpServletRequest) request).getSession(false);
|
||||
if (session == null) {
|
||||
log.trace("No session; no need to create one.");
|
||||
return DUMMY_HELPER;
|
||||
}
|
||||
|
||||
Object attr = session.getAttribute(BEAN_ATTRIBUTE);
|
||||
if (attr instanceof ExternalAuthHelper) {
|
||||
log.trace("Found a bean: " + attr);
|
||||
return (ExternalAuthHelper) attr;
|
||||
}
|
||||
|
||||
ExternalAuthHelper bean = buildBean();
|
||||
log.debug("Created a bean: " + bean);
|
||||
session.setAttribute(BEAN_ATTRIBUTE, bean);
|
||||
return bean;
|
||||
}
|
||||
|
||||
private static ExternalAuthHelper buildBean() {
|
||||
// TODO the ConfigurationProperties should be attached to the
|
||||
// ServletContext.
|
||||
String netidMatchingPropertyUri = ConfigurationProperties
|
||||
.getProperty(PROPERTY_NETID_MATCHING_PROPERTY);
|
||||
return new ExternalAuthHelper(netidMatchingPropertyUri);
|
||||
}
|
||||
|
||||
// ----------------------------------------------------------------------
|
||||
// the bean
|
||||
// ----------------------------------------------------------------------
|
||||
|
||||
private final String netidMatchingPropertyUri;
|
||||
|
||||
public ExternalAuthHelper(String netidMatchingPropertyUri) {
|
||||
if (netidMatchingPropertyUri == null) {
|
||||
this.netidMatchingPropertyUri = null;
|
||||
} else {
|
||||
this.netidMatchingPropertyUri = netidMatchingPropertyUri.trim();
|
||||
}
|
||||
}
|
||||
|
||||
public String getIndividualUriFromNetId(IndividualDao indDao, String netId) {
|
||||
if (indDao == null) {
|
||||
return null;
|
||||
}
|
||||
if (netId == null) {
|
||||
return null;
|
||||
}
|
||||
if (netidMatchingPropertyUri == null) {
|
||||
return null;
|
||||
}
|
||||
|
||||
String uri = indDao.getIndividualURIFromNetId(netId,
|
||||
netidMatchingPropertyUri);
|
||||
log.debug("Netid =" + netId + ", individual URI=" + uri);
|
||||
return uri;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return "ExternalAuthHelper[netidMatchingPropertyUri="
|
||||
+ netidMatchingPropertyUri + "]";
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -17,7 +17,7 @@ import edu.cornell.mannlib.vitro.webapp.ConfigurationProperties;
|
|||
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.login.LoginProcessBean;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.login.LoginProcessBean.Message;
|
||||
import edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory;
|
||||
import edu.cornell.mannlib.vitro.webapp.dao.IndividualDao;
|
||||
|
||||
/**
|
||||
* Handle the return from the external authorization login server. If we are
|
||||
|
|
@ -30,7 +30,7 @@ public class LoginExternalAuthReturn extends BaseLoginServlet {
|
|||
/* This configuration property tells us what header contains the username. */
|
||||
public static final String PROPERTY_EXTERNAL_AUTH_USERNAME_HEADER = "externalAuth.headerName";
|
||||
|
||||
/** The complaint we make if there is no such property. */
|
||||
/** The complaint we make if there is no such property. */
|
||||
private static final Message MESSAGE_NO_EXTERNAL_AUTH_USERNAME = new LoginProcessBean.Message(
|
||||
"deploy.properties doesn't contain a value for '"
|
||||
+ PROPERTY_EXTERNAL_AUTH_USERNAME_HEADER + "'",
|
||||
|
|
@ -70,7 +70,7 @@ public class LoginExternalAuthReturn extends BaseLoginServlet {
|
|||
MESSAGE_NO_EXTERNAL_AUTH_USERNAME);
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
String username = req.getHeader(externalAuthUsernameHeader);
|
||||
String uri = getAssociatedIndividualUri(username, req);
|
||||
|
||||
|
|
@ -99,9 +99,10 @@ public class LoginExternalAuthReturn extends BaseLoginServlet {
|
|||
if (username == null) {
|
||||
return null;
|
||||
}
|
||||
VitroRequest vreq = new VitroRequest(req);
|
||||
WebappDaoFactory wdf = vreq.getWebappDaoFactory();
|
||||
return wdf.getIndividualDao().getIndividualURIFromNetId(username);
|
||||
IndividualDao indDao = new VitroRequest(req).getWebappDaoFactory()
|
||||
.getIndividualDao();
|
||||
return ExternalAuthHelper.getBean(req).getIndividualUriFromNetId(
|
||||
indDao, username);
|
||||
}
|
||||
|
||||
private void removeLoginProcessArtifacts(HttpServletRequest req) {
|
||||
|
|
|
|||
|
|
@ -39,6 +39,7 @@ import edu.cornell.mannlib.vitro.webapp.beans.ObjectPropertyStatement;
|
|||
import edu.cornell.mannlib.vitro.webapp.beans.Portal;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.VClass;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.authenticate.ExternalAuthHelper;
|
||||
import edu.cornell.mannlib.vitro.webapp.dao.IndividualDao;
|
||||
import edu.cornell.mannlib.vitro.webapp.dao.ObjectPropertyDao;
|
||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.EditConfiguration;
|
||||
|
|
@ -365,7 +366,7 @@ public class IndividualController extends FreemarkerHttpServlet {
|
|||
if (netIdStr==null || netIdStr.equals(""))
|
||||
netIdStr = vreq.getParameter("netid");
|
||||
if ( netIdStr != null ){
|
||||
uri = iwDao.getIndividualURIFromNetId(netIdStr);
|
||||
uri = ExternalAuthHelper.getBean(vreq).getIndividualUriFromNetId(iwDao, netIdStr);
|
||||
return iwDao.getIndividualByURI(uri);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -128,7 +128,8 @@ public interface IndividualDao extends ObjectSourceIface {
|
|||
|
||||
List<Keyword> getKeywordObjectsForIndividual(String individualURI);
|
||||
|
||||
String getIndividualURIFromNetId(String netIdStr);
|
||||
/** In most cases, it's best to let ExternalAuthHelper call this for you. */
|
||||
String getIndividualURIFromNetId(String netIdStr, String netidMatchingPropertyUri);
|
||||
|
||||
String getNetId(String entityURI);
|
||||
|
||||
|
|
|
|||
|
|
@ -86,8 +86,8 @@ class IndividualDaoFiltering extends BaseFiltering implements IndividualDao{
|
|||
}
|
||||
|
||||
|
||||
public String getIndividualURIFromNetId(String netIdStr) {
|
||||
String uri = innerIndividualDao.getIndividualURIFromNetId(netIdStr);
|
||||
public String getIndividualURIFromNetId(String netIdStr, String netidMatchingPropertyUri) {
|
||||
String uri = innerIndividualDao.getIndividualURIFromNetId(netIdStr, netidMatchingPropertyUri);
|
||||
if( uri == null ) return null;
|
||||
Individual ent = getIndividualByURI(uri);
|
||||
if( ent != null && filters.getIndividualFilter().fn(ent) )
|
||||
|
|
|
|||
|
|
@ -678,38 +678,25 @@ public class IndividualDaoJena extends JenaBaseDao implements IndividualDao {
|
|||
return keywords;
|
||||
}
|
||||
|
||||
public String getIndividualURIFromNetId(String netIdStr) {
|
||||
final String netidProp = "http://vivo.library.cornell.edu/ns/0.1#CornellemailnetId";
|
||||
String outUri = null;
|
||||
|
||||
Property prop = getOntModel().getProperty(netidProp);
|
||||
public String getIndividualURIFromNetId(String netIdStr, String netidMatchingPropertyUri) {
|
||||
if (netidMatchingPropertyUri == null) {
|
||||
return null;
|
||||
}
|
||||
|
||||
Property prop = getOntModel().getProperty(netidMatchingPropertyUri);
|
||||
Literal netid = getOntModel().createLiteral(netIdStr);
|
||||
|
||||
ResIterator stmts = null;
|
||||
try{
|
||||
stmts = getOntModel().listSubjectsWithProperty(prop,(RDFNode)netid);
|
||||
while(stmts.hasNext()){
|
||||
Resource st = stmts.nextResource();
|
||||
outUri = st.getURI();
|
||||
break;
|
||||
stmts = getOntModel().listResourcesWithProperty(prop, netid);
|
||||
if (stmts.hasNext()) {
|
||||
return stmts.nextResource().getURI();
|
||||
} else {
|
||||
return null;
|
||||
}
|
||||
} finally{
|
||||
if( stmts != null ) stmts.close();
|
||||
}
|
||||
if( outUri != null ) return outUri;
|
||||
|
||||
netid = getOntModel().createLiteral(netIdStr + "@cornell.edu");
|
||||
try{
|
||||
stmts = getOntModel().listSubjectsWithProperty(prop,(RDFNode)netid);
|
||||
while(stmts.hasNext()){
|
||||
Resource st = stmts.nextResource();
|
||||
outUri = st.getURI();
|
||||
break;
|
||||
}
|
||||
} finally{
|
||||
if( stmts != null ) stmts.close();
|
||||
}
|
||||
return outUri;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue