litvinovg/vitro
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Get rid of FakeSelfEditing.

Browse source
This commit is contained in:
j2blake 2011-04-26 21:21:21 +00:00
parent 34c858500d
commit 6c8c6bcfae
6 changed files with 0 additions and 496 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
webapp/config/web.xml
View file

@ -187,14 +187,6 @@
<listener-class>edu.cornell.mannlib.vitro.webapp.dao.jena.VClassGroupCache$Setup</listener-class>
</listener>
<!--
<listener>
<listener-class>
edu.cornell.mannlib.vitro.webapp.auth.identifier.SetupFakeSelfEditingIdentifierFactory
</listener-class>
</listener>
-->
<!--
<listener>
<listener-class>
@ -410,15 +402,6 @@
<url-pattern>/freemarkersamples</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>FakeSelfEditController</servlet-name>
<servlet-class>edu.cornell.mannlib.vitro.webapp.controller.FakeSelfEditController</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>FakeSelfEditController</servlet-name>
<url-pattern>/admin/fakeselfedit</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>SiteAdminController</servlet-name>
<servlet-class>edu.cornell.mannlib.vitro.webapp.controller.freemarker.SiteAdminController</servlet-class>

70
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/FakeSelfEditingIdentifierFactory.java
View file

@ -1,70 +0,0 @@
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
package edu.cornell.mannlib.vitro.webapp.auth.identifier;
import javax.servlet.ServletContext;
import javax.servlet.ServletRequest;
import javax.servlet.http.HttpSession;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.SelfEditingIdentifierFactory.NetId;
import edu.cornell.mannlib.vitro.webapp.auth.policy.RoleBasedPolicy;
import edu.cornell.mannlib.vitro.webapp.beans.Individual;
import edu.cornell.mannlib.vitro.webapp.beans.SelfEditingConfiguration;
import edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory;
/**
* Attempts to simulate the action of SelfEditingIdentifierFactory.java using the
* request attribute FAKE_SELF_EDIT_NETID.
*/
public class FakeSelfEditingIdentifierFactory implements IdentifierBundleFactory{
public static final String FAKE_SELF_EDIT_NETID = "fakeSelfEditingNetid";
public IdentifierBundle getIdentifierBundle(ServletRequest request,
HttpSession session, ServletContext context) {
WebappDaoFactory wdf = ((WebappDaoFactory)context.getAttribute("webappDaoFactory"));
IdentifierBundle ib = new ArrayIdentifierBundle();
ib.add( RoleBasedPolicy.AuthRole.ANYBODY);
String netid = null;
if( session != null )
netid = (String)session.getAttribute(FAKE_SELF_EDIT_NETID );
if( netid != null ){
NetId netIdToken = new NetId(netid);
ib.add(netIdToken);
SelfEditingConfiguration sec = SelfEditingConfiguration.getBean(request);
String uri = sec.getIndividualUriFromUsername(wdf.getIndividualDao(), netid);
if( uri != null ){
Individual ind = wdf.getIndividualDao().getIndividualByURI(uri);
if( ind != null ){
String causeOfBlacklist = SelfEditingIdentifierFactory.checkForBlacklisted(ind, context);
if( causeOfBlacklist == SelfEditingIdentifierFactory.NOT_BLACKLISTED )
ib.add( new SelfEditingIdentifierFactory.SelfEditing( ind, SelfEditingIdentifierFactory.NOT_BLACKLISTED, true ) );
else
ib.add( new SelfEditingIdentifierFactory.SelfEditing( ind, causeOfBlacklist, true) );
}
}
}
return ib;
}
public static void putFakeIdInSession(String netid, HttpSession session){
session.setAttribute(FAKE_SELF_EDIT_NETID , netid);
}
public static void clearFakeIdInSession( HttpSession session){
session.removeAttribute(FAKE_SELF_EDIT_NETID);
}
public static String getFakeIdFromSession(HttpSession session) {
Object netid = session.getAttribute(FAKE_SELF_EDIT_NETID);
if (netid instanceof String) {
return (String) netid;
} else {
return null;
}
}
}

35
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/SetupFakeSelfEditingIdentifierFactory.java
View file

@ -1,35 +0,0 @@
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
package edu.cornell.mannlib.vitro.webapp.auth.identifier;
import javax.servlet.ServletContextEvent;
import javax.servlet.ServletContextListener;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory;
public class SetupFakeSelfEditingIdentifierFactory implements ServletContextListener{
private static final Log log = LogFactory.getLog(SetupFakeSelfEditingIdentifierFactory.class.getName());
@Override
public void contextInitialized(ServletContextEvent sce) {
WebappDaoFactory wdf = (WebappDaoFactory)sce.getServletContext().getAttribute("webappDaoFactory");
if( wdf == null ){
log.debug("SetupFakeSelfEditingIdentifierFactory: need a " +
"WebappDaoFactory in ServletContext, none found, factory will " +
"not be created");
return;
}
IdentifierBundleFactory ibfToAdd = new FakeSelfEditingIdentifierFactory();
ActiveIdentifierBundleFactories.addFactory(sce, ibfToAdd);
}
@Override
public void contextDestroyed(ServletContextEvent sce) {
// Nothing to do.
}
}

145
webapp/src/edu/cornell/mannlib/vitro/webapp/controller/FakeSelfEditController.java
View file

@ -1,145 +0,0 @@
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
package edu.cornell.mannlib.vitro.webapp.controller;
import java.io.IOException;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.FakeSelfEditingIdentifierFactory;
import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseMiscellaneousAdminPages;
/**
* TODO This is caught in the middle of the transition from LoginFormBean to LoginStatusBean.
*/
public class FakeSelfEditController extends VitroHttpServlet {
// TODO When the LoginFormBean goes away, these should too.
private static final String ATTRIBUTE_LOGIN_FORM_BEAN = "loginHandler";
private static final String ATTRIBUTE_LOGIN_FORM_SAVE = "saveLoginHandler";
private static final String ATTRIBUTE_LOGIN_STATUS_BEAN = "loginStatus";
private static final String ATTRIBUTE_LOGIN_STATUS_SAVE = "saveLoginStatus";
private static final Log log = LogFactory
.getLog(FakeSelfEditController.class.getName());
@Override
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws IOException, ServletException {
try {
super.doGet(request, response);
VitroRequest vreq = new VitroRequest(request);
HttpSession session = request.getSession();
if (!isAuthorized(vreq, session)) {
redirectToLoginPage(request, response);
} else if (vreq.getParameter("force") != null) {
startFaking(vreq, response);
} else if (vreq.getParameter("stopfaking") != null) {
stopFaking(vreq, response, session);
} else {
showTheForm(vreq, response, session);
}
} catch (Exception e) {
log.error("FakeSelfEditController could not forward to view.");
log.error(e, e);
}
}
private boolean isAuthorized(VitroRequest vreq, HttpSession session) {
boolean isFakingAlready = (session.getAttribute(ATTRIBUTE_LOGIN_STATUS_SAVE) != null);
boolean isAdmin = PolicyHelper.isAuthorizedForActions(vreq, new UseMiscellaneousAdminPages());
log.debug("isFakingAlready: " + isFakingAlready + ", isAdmin: " + isAdmin);
return isAdmin || isFakingAlready;
}
private void startFaking(VitroRequest vreq, HttpServletResponse response)
throws IOException {
HttpSession session = vreq.getSession();
String id = vreq.getParameter("netid");
FakeSelfEditingIdentifierFactory.putFakeIdInSession(id, session);
// Remove the login bean - so we are ONLY self-editing
moveAttribute(session, ATTRIBUTE_LOGIN_FORM_BEAN,
ATTRIBUTE_LOGIN_FORM_SAVE);
moveAttribute(session, ATTRIBUTE_LOGIN_STATUS_BEAN,
ATTRIBUTE_LOGIN_STATUS_SAVE);
log.debug("Start faking as " + id);
response.sendRedirect(vreq.getContextPath() + Controllers.ENTITY
+ "?netid=" + id);
}
private void stopFaking(VitroRequest request, HttpServletResponse response,
HttpSession session) throws IOException {
FakeSelfEditingIdentifierFactory.clearFakeIdInSession(session);
// Restore our original login status.
restoreAttribute(session, ATTRIBUTE_LOGIN_FORM_BEAN,
ATTRIBUTE_LOGIN_FORM_SAVE);
restoreAttribute(session, ATTRIBUTE_LOGIN_STATUS_BEAN,
ATTRIBUTE_LOGIN_STATUS_SAVE);
log.debug("Stop faking.");
response.sendRedirect(request.getContextPath() + "/");
}
private void showTheForm(VitroRequest request,
HttpServletResponse response, HttpSession session)
throws ServletException, IOException {
// Logged in as site admin: Form not yet submitted
request.setAttribute("msg", figureMessage(session));
request.setAttribute("title", "Self-Edit Test");
request.setAttribute("bodyJsp", "/admin/fakeselfedit.jsp");
RequestDispatcher rd = request
.getRequestDispatcher(Controllers.BASIC_JSP);
rd.forward(request, response);
}
/**
* Check if already logged in from previous form submission
*/
private String figureMessage(HttpSession session) {
String netid = FakeSelfEditingIdentifierFactory.getFakeIdFromSession(session);
if (netid != null) {
return "You are testing self-editing as '" + netid + "'.";
} else {
return "You have not configured a netid to test self-editing.";
}
}
private void moveAttribute(HttpSession session,
String realAttribute, String saveAttribute) {
Object value = session.getAttribute(realAttribute);
if (value != null) {
session.setAttribute(saveAttribute, value);
session.removeAttribute(realAttribute);
}
}
private void restoreAttribute(HttpSession session,
String realAttribute, String saveAttribute) {
Object value = session.getAttribute(saveAttribute);
if (value != null) {
session.setAttribute(realAttribute, value);
session.removeAttribute(saveAttribute);
}
}
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
}
}

23
webapp/web/admin/fakeselfedit.jsp
View file

@ -1,23 +0,0 @@
<%-- $This file is distributed under the terms of the license in /doc/license.txt$ --%>
<%@ taglib prefix="c" uri="http://java.sun.com/jstl/core" %>
<%-- doesn't use <vitro:requiresAuthorizationFor> becuase the controller does complex authorization. --%>
<div id="content">
<h2>Configure Self-Edit Testing</h2>
<p>${msg}</p>
<form action="<c:url value="/admin/fakeselfedit"/>" >
<input type="text" name="netid" value="${netid}"/>
<input type="hidden" name="force" value="1"/>
&nbsp;<input type="submit" value="use this netid for testing"/>
</form>
<br />
<form action="<c:url value="/admin/fakeselfedit"/>" >
<input type="hidden" name="stopfaking" value="1"/>
<input type="submit" value="stop using netid for testing"/>
</form>
</div> <!-- content -->

206
webapp/web/admin/temporaryLogin.jsp
View file

@ -1,206 +0,0 @@
<%-- $This file is distributed under the terms of the license in /doc/license.txt$ --%>
<%@ page import="com.hp.hpl.jena.rdf.model.*" %>
<%@ page import="edu.cornell.mannlib.vitro.webapp.filters.VitroRequestPrep" %>
<%@ page import="java.util.Enumeration" %>
<%@ page import="edu.cornell.mannlib.vitro.webapp.auth.identifier.FakeSelfEditingIdentifierFactory" %>
<%@ page import="edu.cornell.mannlib.vitro.webapp.auth.policy.setup.CuratorEditingPolicySetup" %>
<%@ page import="edu.cornell.mannlib.vitro.webapp.controller.Controllers" %>
<%@ taglib prefix="c" uri="http://java.sun.com/jstl/core" %>
<%@ taglib prefix="vitro" uri="/WEB-INF/tlds/VitroUtils.tld" %>
<vitro:requiresAuthorizationFor classNames="edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseMiscellaneousCuratorPages" />
<%
if( request.getParameter("force") != null ){
String netid = request.getParameter("netid");
// note that this affects the current user's session, not the whole servlet context
FakeSelfEditingIdentifierFactory.clearFakeIdInSession( session );
FakeSelfEditingIdentifierFactory.putFakeIdInSession( netid , session );
// don't want to do this because would affect the whole session
// if (!LoginStatusBean.getBean(request).isLoggedInAtLeast(LoginStatusBean.CURATOR)) {
// CuratorEditingPolicySetup.removeAllCuratorEditingPolicies(getServletConfig().getServletContext());
//} %>
<jsp:forward page="/edit/login.jsp"/>
<% }
String loggedOutNetId = (String)session.getAttribute(FakeSelfEditingIdentifierFactory.FAKE_SELF_EDIT_NETID);
if( request.getParameter("stopfaking") != null){
FakeSelfEditingIdentifierFactory.clearFakeIdInSession( session );
// don't want to do this because would affect the whole session
// if (!LoginStatusBean.getBean(request).isLoggedInAtLeast(LoginStatusBean.CURATOR)) {
// CuratorEditingPolicySetup.replaceCuratorEditing(getServletConfig().getServletContext(),(Model)application.getAttribute("jenaOntModel"));
//}
%><c:redirect url="/"></c:redirect><%
}
String netid = (String)session.getAttribute(FakeSelfEditingIdentifierFactory.FAKE_SELF_EDIT_NETID);
String msg = "You have not configured a netid for testing self-editing. ";
if( netid != null )
msg = "You are testing self-editing as '" + netid + "'.";
else
netid = "";
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head><title>CUWebLogin</title>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<link rel="stylesheet" type="text/css" href="temporaryLoginFiles/main.css">
<link rel="stylesheet" type="text/css" href="temporaryLoginFiles/filter.css">
<link rel="stylesheet" type="text/css" href="temporaryLoginFiles/dialogs.css">
<script language="JavaScript">
<!--
function OpenCertDetails()
{
thewindow=window.open('https://www.thawte.com/cgi/server/certdetails.exe?code=uscorn123-1',
'anew',config='height=400,width=450,toolbar=no,menubar=no,scrollbars=yes,resizable=no,location=no,directories=no,status=yes');
}
// -->
</script>
</head><body onload="cuwl_focus_netid();">
<!-- header 1 -->
<div class="wrapper" id="header1wrap">
<div class="inner" id="header1">
<div id="logo">
<a href="http://www.cornell.edu/" title="Cornell University"><img src="temporaryLoginFiles/cu.gif" alt="Cornell University" border="0" height="23" width="211"></a>
</div>
</div>
</div>
<!-- end header 1 -->
<hr class="hidden">
<!-- header 2 -->
<div id="header2wrap">
<!-- these two divs are just for background color -->
<div id="header2left">&nbsp;</div>
<div id="header2right">&nbsp;</div>
<!-- end background divs -->
<div id="header2">
<div id="title"><a href="http://www.cit.cornell.edu/authent/new/cuwl/cuwl.html"><img src="temporaryLoginFiles/cuwl-title.png" alt="CUWebLogin" border="0" height="74" width="213"></a></div>
<div id="manage">
Cornell University Login
</div>
</div>
</div>
<!-- end header 2 -->
<!-- header 3 -->
<div class="wrapper" id="header3wrap">
<div class="inner" id="header3">
<span>
<a href="http://www.cit.cornell.edu/identity/cuweblogin.html">About
CUWebLogin</a>
</span>
</div>
</div>
<!-- end header 3 -->
<!-- ---------------------------- BEGIN main body -->
<div class="wrapper" id="main">
<div class="inner" id="content">
<hr class="hidden">
<form name="dialog" method="post" action="temporaryLogin.jsp">
<table>
<tbody><tr>
<td id="loginboxcell">
<table class="loginbox" id="webloginbox">
<tbody><tr id="toprow">
<td>
<img src="temporaryLoginFiles/logindogs.gif" alt="">
</td>
<td>
<img src="temporaryLoginFiles/KfWeb.gif" alt="Kerberos for Web"><br>
<em>
Please enter your Cornell NetID
</em>
</td>
</tr>
<tr>
<td>
&nbsp;
</td>
<td>
<table id="entrybox">
<tbody><tr>
<td>NetID:</td>
<td>
<input class="textinput" name="netid" type="text" value="" />
<input type="hidden" name="force" value="1"/>
</td>
</tr>
<tr>
<td><!-- Password: --></td>
<td>
<strong>For testing purposes only</strong>.
</td>
</tr>
</tbody></table>
</td>
</tr>
<tr>
<td>
&nbsp;
</td>
<td id="buttoncell">
<input class="inputsubmitHead" name="cancel" value="Cancel" onclick="cancel_submit();" type="button">
<input class="inputsubmitHead" name="ok" value="OK" type="submit">
</td>
</tr>
</tbody></table>
</td>
<td id="infocell">
<br>
<table id="reasonbox">
<tbody><tr><td>
<c:if test="${!empty param.stopfaking}">
You have successfully logged out from <%=loggedOutNetId%>.
<c:url var="profileHref" value="/entity">
<c:param name="netid" value="<%=loggedOutNetId%>" />
</c:url>
Return to that <a href="${profileHref}" title="view your public profile">public profile</a>.
</c:if>
</td></tr>
</tbody></table>
<br>
<!-- The Web site you are visiting requires you to authenticate with your NetID and Password -->
<br>
<!-- <a href="javascript:OpenCertDetails()">
<IMG SRC="/images/thawte-seal.gif" BORDER=0 ALT='Click here for SSL Cert Details'>
</a> -->
<!-- GeoTrust True Site [tm] Smart Icon tag. Do not edit. -->
<!-- <SCRIPT LANGUAGE="JavaScript" TYPE="text/javascript" SRC="//smarticon.geotrust.com/si.js"></SCRIPT> -->
<!-- <img src="temporaryLoginFiles/quickssl_anim.gif" border="0"> -->
<!-- end GeoTrust Smart Icon tag -->
<br>
</td>
</tr>
</tbody></table>
</form>
<hr class="hidden">
</div>
</div>
<!-- ---------------------------- END main body -->
<!-- footer include in -->
<div class="wrapper" id="footer">
<div class="inner">
<em>Mann Library Notice:</em> <strong>This IS NOT an official CUWebLogin
screen. It is meant for testing purposes only</strong>.
</div>
</div>
<!-- footer include out -->
</body></html>