diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/SelfEditingIdentifierFactory.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/SelfEditingIdentifierFactory.java index 6d308e175..5ec2fb491 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/SelfEditingIdentifierFactory.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/SelfEditingIdentifierFactory.java @@ -27,78 +27,154 @@ import com.hp.hpl.jena.rdf.model.Model; import com.hp.hpl.jena.rdf.model.RDFNode; import com.hp.hpl.jena.rdf.model.Resource; +import edu.cornell.mannlib.vitro.webapp.ConfigurationProperties; import edu.cornell.mannlib.vitro.webapp.beans.Individual; import edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory; /** * Pulls a netId out of the CUWebAuth REMOTE_USER header. * - * @author bdc34 + * @author bdc34, trashed by jeb228 */ public class SelfEditingIdentifierFactory implements IdentifierBundleFactory { - public final static String httpHeaderForNetId = "REMOTE_USER"; + private static final Log log = LogFactory.getLog(SelfEditingIdentifierFactory.class); + + /** + * The configuration property that names the HTTP header that will hold the + * username from the external authorization system. + */ + private static final String PROPERTY_EXTERNAL_AUTH_HEADER_NAME = "externalAuth.headerName"; - private static final Log log = LogFactory.getLog(SelfEditingIdentifierFactory.class.getName()); - - public IdentifierBundle getIdentifierBundle(ServletRequest request, HttpSession session, ServletContext context) { - IdentifierBundle idb = getFromCUWebAuthHeader(request,session,context); - if( idb != null ) - return idb; - else - return getFromSession(session); - } - - private IdentifierBundle getFromCUWebAuthHeader(ServletRequest request, HttpSession session,ServletContext context){ - String cuwebauthUser = ((HttpServletRequest)request).getHeader(CUWEBAUTH_REMOTE_USER_HEADER); - log.debug("Looking for CUWebAuth header " + CUWEBAUTH_REMOTE_USER_HEADER + " found : '" + cuwebauthUser +"'"); - - if( cuwebauthUser == null || cuwebauthUser.length() == 0){ - log.debug("No CUWebAuthUser string found"); - return null; - } - if( cuwebauthUser.length() > 100){ - log.info("CUWebAuthUser is longer than 100 chars, this may be a malicious request"); - return null; - } - if( context == null ){ - log.error("ServletContext was null"); - return null; - } - - NetId netid = new NetId(cuwebauthUser); - SelfEditing selfE = null; - - IdentifierBundle idb = new ArrayIdentifierBundle(); - idb.add(netid); - log.debug("added NetId object to IdentifierBundle from CUWEBAUTH header"); - //VitroRequest vreq = new VitroRequest((HttpServletRequest)request); - - WebappDaoFactory wdf = (WebappDaoFactory)context.getAttribute("webappDaoFactory"); - if( wdf == null ){ - log.error("Could not get a WebappDaoFactory from the ServletContext"); - return null; - } - - String uri = wdf.getIndividualDao().getIndividualURIFromNetId(cuwebauthUser); - - if( uri != null){ - Individual ind = wdf.getIndividualDao().getIndividualByURI(uri); - if( ind != null ){ - String blacklisted = checkForBlacklisted(ind, context); - - selfE = new SelfEditing( ind ,blacklisted , false); - idb.add( selfE ); - log.debug("Found an Individual for netId " + cuwebauthUser + " URI: " + ind.getURI() ); - }else{ - log.warn("found a URI for the netId " + cuwebauthUser + " but could not build Individual"); - } - }else{ - log.debug("could not find an Individual with a netId of " + cuwebauthUser ); - } - putNetIdInSession(session, selfE, netid); - return idb; - } + private final static String ATTRIBUTE_NETID = "SelfEditingIdentifierFactory.netid"; + private final static String ATTRIBUTE_SELFID = "SelfEditingIdentifierFactory.selfid"; + private static final int MAXIMUM_USERNAME_LENGTH = 100; + + public IdentifierBundle getIdentifierBundle(ServletRequest request, + HttpSession session, ServletContext context) { + if (session == null) { + log.debug("session is null."); + return null; + } + if (!(request instanceof HttpServletRequest)) { + log.debug("request is null or not an HttpServletRequest"); + return null; + } + HttpServletRequest req = (HttpServletRequest) request; + log.debug("request is for " + req.getRequestURI()); + + NetId netId = figureNetId(req); + SelfEditing selfId = figureSelfEditingId(req, netId); + putIdsInSession(req, netId, selfId); + + return getIdsFromSession(session); + } + + private NetId figureNetId(HttpServletRequest req) { + String externalAuthHeaderName = ConfigurationProperties.getProperty(PROPERTY_EXTERNAL_AUTH_HEADER_NAME); + if (isEmpty(externalAuthHeaderName)) { + log.debug(PROPERTY_EXTERNAL_AUTH_HEADER_NAME + " property is not configured."); + return null; + } + + String externalUsername = req.getHeader(externalAuthHeaderName); + if (isEmpty(externalUsername)) { + log.debug("The external username is empty."); + return null; + } + if (externalUsername.length() > MAXIMUM_USERNAME_LENGTH) { + log.info("The external username is longer than " + MAXIMUM_USERNAME_LENGTH + + " chars; this may be a malicious request"); + return null; + } + + return new NetId(externalUsername); + } + + private SelfEditing figureSelfEditingId(HttpServletRequest request, + NetId netId) { + if (netId == null) { + return null; + } + String username = netId.getValue(); + + HttpSession session = request.getSession(false); + if (session == null) { + return null; + } + + ServletContext context = session.getServletContext(); + WebappDaoFactory wdf = (WebappDaoFactory) context + .getAttribute("webappDaoFactory"); + if (wdf == null) { + log.error("Could not get a WebappDaoFactory from the ServletContext"); + return null; + } + + String uri = wdf.getIndividualDao().getIndividualURIFromNetId(username); + if (uri == null) { + log.debug("could not find an Individual with a netId of " + + username); + } + + Individual ind = wdf.getIndividualDao().getIndividualByURI(uri); + if (ind == null) { + log.warn("found a URI for the netId " + username + + " but could not build Individual"); + return null; + } + + log.debug("Found an Individual for netId " + username + " URI: " + uri); + String blacklisted = checkForBlacklisted(ind, context); + return new SelfEditing(ind, blacklisted, false); + } + + private void putIdsInSession(HttpServletRequest request, NetId netId, + SelfEditing selfId) { + // If there is no session, and nothing to store, we're done. + HttpSession session = request.getSession(false); + if ((session == null) && (netId == null) && (selfId == null)) { + return; + } + + // If there is a session, set or clear the attributes as appropriate. + session = request.getSession(); + session.setAttribute(ATTRIBUTE_NETID, netId); + session.setAttribute(ATTRIBUTE_SELFID, selfId); + } + + private IdentifierBundle getIdsFromSession(HttpSession session) { + NetId netId = (NetId) session.getAttribute(ATTRIBUTE_NETID); + SelfEditing selfId = (SelfEditing) session.getAttribute(ATTRIBUTE_SELFID); + + if (netId == null && selfId == null) { + log.debug("no self-editing IDs in the session"); + return null; + } + + IdentifierBundle idb = new ArrayIdentifierBundle(); + if (netId != null) { + idb.add(netId); + log.debug("added NetId from session: " + netId); + } + if (selfId != null) { + idb.add(selfId); + log.debug("added SelfEditing from Session: " + selfId); + } + return idb; + } + + private boolean isEmpty(String string) { + return (string == null || string.isEmpty()); + } + + // ---------------------------------------------------------------------- + // static utility methods + // ---------------------------------------------------------------------- + + public static final String NOT_BLACKLISTED = null; + private final static String BLACKLIST_SPARQL_DIR = "/admin/selfEditBlacklist"; + /** * Runs through .sparql files in the BLACKLIST_SPARQL_DIR, the first that returns one * or more rows will be cause the user to be blacklisted. The first variable from @@ -210,44 +286,27 @@ public class SelfEditingIdentifierFactory implements IdentifierBundleFactory { return null; } - private IdentifierBundle getFromSession( HttpSession session ){ - if (session == null) { - return null; - } - - NetId netid = (NetId)session.getAttribute(NETID_IN_SESSION); - SelfEditing sed = (SelfEditing)session.getAttribute(URI_IN_SESSION); - - if( netid != null || sed != null ){ - IdentifierBundle idb = new ArrayIdentifierBundle(); - if( netid != null){ - idb.add(netid); - log.debug("added NetId from session"); - } - if( sed != null ){ - idb.add(sed); - log.debug("added SelfEditing from Session"); - } - return idb; - }else + public static SelfEditing getSelfEditingIdentifier( IdentifierBundle whoToAuth ){ + if( whoToAuth == null ) return null; + for(Identifier id : whoToAuth){ + if (id instanceof SelfEditing) + return (SelfEditing)id; + } + return null; + } + + public static String getSelfEditingUri( IdentifierBundle whoToAuth){ + SelfEditing sid = getSelfEditingIdentifier(whoToAuth); + if( sid != null ) + return sid.getValue(); + else return null; } + + // ---------------------------------------------------------------------- + // Helper classes + // ---------------------------------------------------------------------- - - protected final static String NETID_IN_SESSION = "NetIdIdentifierFactory.netid"; - protected final static String URI_IN_SESSION = "NetIdIdentifierFactory.uri"; - - public static void putNetIdInSession( HttpSession session, SelfEditing se, NetId ni){ - session.setAttribute(NETID_IN_SESSION, ni); - session.setAttribute(URI_IN_SESSION, se); - } - - public static void clearNetIdFromSession( HttpSession session ){ - session.removeAttribute(NETID_IN_SESSION); - session.removeAttribute(URI_IN_SESSION); - } - - /********************** NetId inner class *************************/ public static class NetId implements Identifier{ public final String value; public NetId(String value){ @@ -288,30 +347,11 @@ public class SelfEditingIdentifierFactory implements IdentifierBundleFactory { } public String toString(){ return "SelfEditing as " + getValue() + - (getBlacklisted()!=null? " blacklisted by via " + getBlacklisted():""); + (getBlacklisted()!=null? " blacklisted via " + getBlacklisted():""); } public boolean isFake() { return faked; } } - public static SelfEditing getSelfEditingIdentifier( IdentifierBundle whoToAuth ){ - if( whoToAuth == null ) return null; - for(Identifier id : whoToAuth){ - if (id instanceof SelfEditing) - return (SelfEditing)id; - } - return null; - } - - public static String getSelfEditingUri( IdentifierBundle whoToAuth){ - SelfEditing sid = getSelfEditingIdentifier(whoToAuth); - if( sid != null ) - return sid.getValue(); - else - return null; - } - public static final String NOT_BLACKLISTED = null; - private final static String BLACKLIST_SPARQL_DIR = "/admin/selfEditBlacklist"; - private final static String CUWEBAUTH_REMOTE_USER_HEADER = "REMOTE_USER"; } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/filters/VitroRequestPrep.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/filters/VitroRequestPrep.java index e8633be02..a18620221 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/filters/VitroRequestPrep.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/filters/VitroRequestPrep.java @@ -20,8 +20,8 @@ import javax.servlet.http.HttpSession; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import edu.cornell.mannlib.vitro.webapp.auth.identifier.Identifier; import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle; +import edu.cornell.mannlib.vitro.webapp.auth.identifier.SelfEditingIdentifierFactory; import edu.cornell.mannlib.vitro.webapp.auth.identifier.SelfEditingIdentifierFactory.SelfEditing; import edu.cornell.mannlib.vitro.webapp.auth.identifier.ServletIdentifierBundleFactory; import edu.cornell.mannlib.vitro.webapp.beans.ApplicationBean; @@ -412,18 +412,19 @@ public class VitroRequestPrep implements Filter { if (session == null) { return false; } + ServletContext sc = session.getServletContext(); - - IdentifierBundle idBundle = ServletIdentifierBundleFactory - .getIdBundleForRequest(request, session, sc); - - for (Identifier id : idBundle) { - if (id instanceof SelfEditing) { - return true; - } + IdentifierBundle idBundle = ServletIdentifierBundleFactory.getIdBundleForRequest(request, session, sc); + if (idBundle == null) { + return false; } - - return false; + + SelfEditing selfId = SelfEditingIdentifierFactory.getSelfEditingIdentifier(idBundle); + if (selfId == null) { + return false; + } + + return true; } public void destroy() { diff --git a/webapp/web/admin/temporaryLogin.jsp b/webapp/web/admin/temporaryLogin.jsp index 425425ef4..e728f2580 100644 --- a/webapp/web/admin/temporaryLogin.jsp +++ b/webapp/web/admin/temporaryLogin.jsp @@ -15,7 +15,6 @@ <% if( request.getParameter("force") != null ){ - VitroRequestPrep.forceToSelfEditing(request); String netid = request.getParameter("netid"); // note that this affects the current user's session, not the whole servlet context FakeSelfEditingIdentifierFactory.clearFakeIdInSession( session ); @@ -28,7 +27,6 @@ <% } String loggedOutNetId = (String)session.getAttribute(FakeSelfEditingIdentifierFactory.FAKE_SELF_EDIT_NETID); if( request.getParameter("stopfaking") != null){ - VitroRequestPrep.forceOutOfSelfEditing(request); FakeSelfEditingIdentifierFactory.clearFakeIdInSession( session ); // don't want to do this because would affect the whole session // if (!LoginStatusBean.getBean(request).isLoggedInAtLeast(LoginStatusBean.CURATOR)) { diff --git a/webapp/web/admin/testnetid.jsp b/webapp/web/admin/testnetid.jsp index a8b542377..10b77821e 100644 --- a/webapp/web/admin/testnetid.jsp +++ b/webapp/web/admin/testnetid.jsp @@ -74,7 +74,6 @@ private void checkNetId( String inNetId, JspWriter out, HttpServletRequest reque }else{ out.println("could not find a Individual with the neditd of " + inNetId ); } - //putNetIdInSession(session, selfE, netid); }else{ out.println("no remote user value found or value was longer than 100 chars.");