NIHVIVO-1207 Make the external auth-header a configuration property. Clean up SelfEditingIdentifierFactory and VitroRequestPrep.

2010-11-17 15:48:19 +00:00 · 2010-11-17 15:48:19 +00:00 · b9230edaf2
commit b9230edaf2
parent 831d2209e9
4 changed files with 169 additions and 131 deletions
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/SelfEditingIdentifierFactory.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/SelfEditingIdentifierFactory.java
@ -27,78 +27,154 @@ import com.hp.hpl.jena.rdf.model.Model;
 import com.hp.hpl.jena.rdf.model.RDFNode;
 import com.hp.hpl.jena.rdf.model.Resource;
 import edu.cornell.mannlib.vitro.webapp.ConfigurationProperties;
 import edu.cornell.mannlib.vitro.webapp.beans.Individual;
 import edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory;
 /**
 * Pulls a netId out of the CUWebAuth REMOTE_USER header.
 *
- * @author bdc34
+ * @author bdc34, trashed by jeb228
 */
 public class SelfEditingIdentifierFactory implements IdentifierBundleFactory {
-    public final static String httpHeaderForNetId = "REMOTE_USER";
+	private static final Log log = LogFactory.getLog(SelfEditingIdentifierFactory.class);
 	/**
 	 * The configuration property that names the HTTP header that will hold the
 	 * username from the external authorization system.
 	 */
 	private static final String PROPERTY_EXTERNAL_AUTH_HEADER_NAME = "externalAuth.headerName";
-    private static final Log log = LogFactory.getLog(SelfEditingIdentifierFactory.class.getName());
+	private final static String ATTRIBUTE_NETID = "SelfEditingIdentifierFactory.netid";
-
+	private final static String ATTRIBUTE_SELFID = "SelfEditingIdentifierFactory.selfid";
    public IdentifierBundle getIdentifierBundle(ServletRequest request, HttpSession session, ServletContext context) {
       IdentifierBundle idb = getFromCUWebAuthHeader(request,session,context);       
       if( idb != null )
           return idb;
       else
           return getFromSession(session);       
    }
    private IdentifierBundle getFromCUWebAuthHeader(ServletRequest request, HttpSession session,ServletContext context){
        String cuwebauthUser = ((HttpServletRequest)request).getHeader(CUWEBAUTH_REMOTE_USER_HEADER);
        log.debug("Looking for CUWebAuth header " + CUWEBAUTH_REMOTE_USER_HEADER + " found : '" + cuwebauthUser +"'");
        if( cuwebauthUser == null || cuwebauthUser.length() == 0){
                log.debug("No CUWebAuthUser string found");
                return null;
        }
        if( cuwebauthUser.length() > 100){
            log.info("CUWebAuthUser is longer than 100 chars, this may be a malicious request");
            return null;
        }
        if( context == null ){
            log.error("ServletContext was null");
            return null;
        }                                         
        NetId netid = new NetId(cuwebauthUser);                        
        SelfEditing selfE = null;
        IdentifierBundle idb = new ArrayIdentifierBundle();
        idb.add(netid);
        log.debug("added NetId object to IdentifierBundle from CUWEBAUTH header");            
        //VitroRequest vreq = new VitroRequest((HttpServletRequest)request);
        WebappDaoFactory wdf = (WebappDaoFactory)context.getAttribute("webappDaoFactory");
        if( wdf == null ){
            log.error("Could not get a WebappDaoFactory from the ServletContext");
            return null;
        }
        String uri = wdf.getIndividualDao().getIndividualURIFromNetId(cuwebauthUser);
        if( uri != null){
            Individual ind = wdf.getIndividualDao().getIndividualByURI(uri);
            if( ind != null ){
                String blacklisted = checkForBlacklisted(ind, context);
                selfE = new SelfEditing( ind ,blacklisted , false);                
                idb.add(  selfE );
                log.debug("Found an Individual for netId " + cuwebauthUser + " URI: " + ind.getURI() );
            }else{
                log.warn("found a URI for the netId " + cuwebauthUser + " but could not build Individual");
            }
        }else{
            log.debug("could not find an Individual with a netId of " + cuwebauthUser );
        }        
        putNetIdInSession(session, selfE, netid);            
        return idb;
    }
 	private static final int MAXIMUM_USERNAME_LENGTH = 100;
 	public IdentifierBundle getIdentifierBundle(ServletRequest request,
 			HttpSession session, ServletContext context) {
 		if (session == null) {
 			log.debug("session is null.");
 			return null;
 		}
 		if (!(request instanceof HttpServletRequest)) {
 			log.debug("request is null or not an HttpServletRequest");
 			return null;
 		}
 		HttpServletRequest req = (HttpServletRequest) request;
 		log.debug("request is for " + req.getRequestURI());
 		NetId netId = figureNetId(req);
 		SelfEditing selfId = figureSelfEditingId(req, netId);
 		putIdsInSession(req, netId, selfId);
 		return getIdsFromSession(session);
 	}
 	private NetId figureNetId(HttpServletRequest req) {
 		String externalAuthHeaderName = ConfigurationProperties.getProperty(PROPERTY_EXTERNAL_AUTH_HEADER_NAME);
 		if (isEmpty(externalAuthHeaderName)) {
 			log.debug(PROPERTY_EXTERNAL_AUTH_HEADER_NAME + " property is not configured.");
 			return null;
 		}
 		String externalUsername = req.getHeader(externalAuthHeaderName);
 		if (isEmpty(externalUsername)) {
 			log.debug("The external username is empty.");
 			return null;
 		}
 		if (externalUsername.length() > MAXIMUM_USERNAME_LENGTH) {
 			log.info("The external username is longer than " + MAXIMUM_USERNAME_LENGTH
 					+ " chars; this may be a malicious request");
 			return null;
 		}
 		return new NetId(externalUsername);
 	}
 	private SelfEditing figureSelfEditingId(HttpServletRequest request,
 			NetId netId) {
 		if (netId == null) {
 			return null;
 		}
 		String username = netId.getValue();
 		HttpSession session = request.getSession(false);
 		if (session == null) {
 			return null;
 		}
 		ServletContext context = session.getServletContext();
 		WebappDaoFactory wdf = (WebappDaoFactory) context
 				.getAttribute("webappDaoFactory");
 		if (wdf == null) {
 			log.error("Could not get a WebappDaoFactory from the ServletContext");
 			return null;
 		}
 		String uri = wdf.getIndividualDao().getIndividualURIFromNetId(username);
 		if (uri == null) {
 			log.debug("could not find an Individual with a netId of "
 					+ username);
 		}
 		Individual ind = wdf.getIndividualDao().getIndividualByURI(uri);
 		if (ind == null) {
 			log.warn("found a URI for the netId " + username
 					+ " but could not build Individual");
 			return null;
 		}
 		log.debug("Found an Individual for netId " + username + " URI: " + uri);
 		String blacklisted = checkForBlacklisted(ind, context);
 		return new SelfEditing(ind, blacklisted, false);
 	}
 	private void putIdsInSession(HttpServletRequest request, NetId netId,
 			SelfEditing selfId) {
 		// If there is no session, and nothing to store, we're done.
 		HttpSession session = request.getSession(false);
 		if ((session == null) && (netId == null) && (selfId == null)) {
 			return;
 		}
 		// If there is a session, set or clear the attributes as appropriate.
 		session = request.getSession();
 		session.setAttribute(ATTRIBUTE_NETID, netId);
 		session.setAttribute(ATTRIBUTE_SELFID, selfId);
 	}
 	private IdentifierBundle getIdsFromSession(HttpSession session) {
 		NetId netId = (NetId) session.getAttribute(ATTRIBUTE_NETID);
 		SelfEditing selfId = (SelfEditing) session.getAttribute(ATTRIBUTE_SELFID);
 		if (netId == null && selfId == null) {
 			log.debug("no self-editing IDs in the session");
 			return null;
 		}
 		IdentifierBundle idb = new ArrayIdentifierBundle();
 		if (netId != null) {
 			idb.add(netId);
 			log.debug("added NetId from session: " + netId);
 		}
 		if (selfId != null) {
 			idb.add(selfId);
 			log.debug("added SelfEditing from Session: " + selfId);
 		}
 		return idb;
 	}
 	private boolean isEmpty(String string) {
 		return (string == null || string.isEmpty());
 	}
 	// ----------------------------------------------------------------------
 	// static utility methods
 	// ----------------------------------------------------------------------
    public static final String NOT_BLACKLISTED = null;   
    private final static String BLACKLIST_SPARQL_DIR = "/admin/selfEditBlacklist";
    /**
     * Runs through .sparql files in the BLACKLIST_SPARQL_DIR, the first that returns one
     * or more rows will be cause the user to be blacklisted.  The first variable from
@ -210,44 +286,27 @@ public class SelfEditingIdentifierFactory implements IdentifierBundleFactory {
        return null;
    }
-    private IdentifierBundle getFromSession( HttpSession session ){
+    public static SelfEditing getSelfEditingIdentifier( IdentifierBundle whoToAuth ){
-    	if (session == null) {
+        if( whoToAuth == null ) return null;        
-    		return null;
+        for(Identifier id : whoToAuth){
-    	}
+            if (id instanceof SelfEditing) 
-    	
+                return (SelfEditing)id;                           
-        NetId netid = (NetId)session.getAttribute(NETID_IN_SESSION);
+        }
-        SelfEditing sed = (SelfEditing)session.getAttribute(URI_IN_SESSION);
+        return null;
-        
+    }
-        if( netid != null || sed != null ){
+    
-            IdentifierBundle idb = new ArrayIdentifierBundle();
+    public static String getSelfEditingUri( IdentifierBundle whoToAuth){
-            if( netid != null){
+        SelfEditing sid = getSelfEditingIdentifier(whoToAuth);
-                idb.add(netid);
+        if( sid != null )
-                log.debug("added NetId from session");
+            return sid.getValue();
-            }
+        else
            if( sed != null ){
                idb.add(sed);
                log.debug("added SelfEditing from Session");
            }
            return idb;
        }else 
            return null;
    }
    // ----------------------------------------------------------------------
 	// Helper classes
 	// ----------------------------------------------------------------------
    protected final static String NETID_IN_SESSION = "NetIdIdentifierFactory.netid";
    protected final static String URI_IN_SESSION = "NetIdIdentifierFactory.uri";
    public static void putNetIdInSession( HttpSession session, SelfEditing se, NetId ni){
        session.setAttribute(NETID_IN_SESSION, ni);
        session.setAttribute(URI_IN_SESSION, se);
    }
    public static void clearNetIdFromSession( HttpSession session ){
        session.removeAttribute(NETID_IN_SESSION);
        session.removeAttribute(URI_IN_SESSION);
    }
    /********************** NetId inner class *************************/
    public static class NetId implements Identifier{
        public final String value;
        public NetId(String value){
@ -288,30 +347,11 @@ public class SelfEditingIdentifierFactory implements IdentifierBundleFactory {
        }
        public String toString(){
            return "SelfEditing as " + getValue() +
-            (getBlacklisted()!=null?  " blacklisted by via " + getBlacklisted():"");
+            (getBlacklisted()!=null?  " blacklisted via " + getBlacklisted():"");
        }
        public boolean isFake() {
            return faked;
        }
    }
    public static SelfEditing getSelfEditingIdentifier( IdentifierBundle whoToAuth ){
        if( whoToAuth == null ) return null;        
        for(Identifier id : whoToAuth){
            if (id instanceof SelfEditing) 
                return (SelfEditing)id;                           
        }
        return null;
    }
    public static String getSelfEditingUri( IdentifierBundle whoToAuth){
        SelfEditing sid = getSelfEditingIdentifier(whoToAuth);
        if( sid != null )
            return sid.getValue();
        else
            return null;
    }
    public static final String NOT_BLACKLISTED = null;   
    private final static String BLACKLIST_SPARQL_DIR = "/admin/selfEditBlacklist";
    private final static String CUWEBAUTH_REMOTE_USER_HEADER = "REMOTE_USER";
 }
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/filters/VitroRequestPrep.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/filters/VitroRequestPrep.java
@ -20,8 +20,8 @@ import javax.servlet.http.HttpSession;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.Identifier;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.SelfEditingIdentifierFactory;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.SelfEditingIdentifierFactory.SelfEditing;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.ServletIdentifierBundleFactory;
 import edu.cornell.mannlib.vitro.webapp.beans.ApplicationBean;
@ -412,18 +412,19 @@ public class VitroRequestPrep implements Filter {
 		if (session == null) {
 			return false;
 		}
 		ServletContext sc = session.getServletContext();
-
+		IdentifierBundle idBundle = ServletIdentifierBundleFactory.getIdBundleForRequest(request, session, sc);
-		IdentifierBundle idBundle = ServletIdentifierBundleFactory
+		if (idBundle == null) {
-				.getIdBundleForRequest(request, session, sc);
+			return false;
 		for (Identifier id : idBundle) {
 			if (id instanceof SelfEditing) {
 				return true;
 			}
 		}
-
+		
-		return false;
+		SelfEditing selfId = SelfEditingIdentifierFactory.getSelfEditingIdentifier(idBundle);
 		if (selfId == null) {
 			return false;
 		}
 		return true;
 	}
    public void destroy() {       
--- a/webapp/web/admin/temporaryLogin.jsp
+++ b/webapp/web/admin/temporaryLogin.jsp
@ -15,7 +15,6 @@
 <%
    if(  request.getParameter("force") != null ){        
        VitroRequestPrep.forceToSelfEditing(request);
        String netid = request.getParameter("netid");
        // note that this affects the current user's session, not the whole servlet context
        FakeSelfEditingIdentifierFactory.clearFakeIdInSession( session );
@ -28,7 +27,6 @@
 <%  }
    String loggedOutNetId = (String)session.getAttribute(FakeSelfEditingIdentifierFactory.FAKE_SELF_EDIT_NETID);
    if( request.getParameter("stopfaking") != null){
        VitroRequestPrep.forceOutOfSelfEditing(request);
        FakeSelfEditingIdentifierFactory.clearFakeIdInSession( session );        
     	// don't want to do this because would affect the whole session
        // if (!LoginStatusBean.getBean(request).isLoggedInAtLeast(LoginStatusBean.CURATOR)) {
--- a/webapp/web/admin/testnetid.jsp
+++ b/webapp/web/admin/testnetid.jsp
@ -74,7 +74,6 @@ private void checkNetId( String inNetId, JspWriter out, HttpServletRequest reque
        }else{
            out.println("could not find a Individual with the neditd of " + inNetId );
        }
            //putNetIdInSession(session, selfE, netid);            
    }else{
        out.println("no remote user value found or value was longer than 100 chars.");