Mailing-List: contact commits-help@manifoldcf.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@manifoldcf.apache.org
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r1496224 - in
 /manifoldcf/branches/CONNECTORS-703/framework:
 authority-servlet/src/main/java/org/apache/manifoldcf/authorityservlet/RecordACLServlet.java
 pull-agent/src/main/java/org/apache/manifoldcf/authorities/interfaces/UserRecord.java
Date: Mon, 24 Jun 2013 21:29:10 -0000
To: commits@manifoldcf.apache.org
From: kwright@apache.org
Message-Id: <20130624212910.6BA462388A74@eris.apache.org>

Author: kwright
Date: Mon Jun 24 21:29:10 2013
New Revision: 1496224

URL: http://svn.apache.org/r1496224
Log:
Add RecordACLServlet; not yet complete but using UserRecords everywhere.

Added:
    manifoldcf/branches/CONNECTORS-703/framework/authority-servlet/src/main/java/org/apache/manifoldcf/authorityservlet/RecordACLServlet.java   (with props)
Modified:
    manifoldcf/branches/CONNECTORS-703/framework/pull-agent/src/main/java/org/apache/manifoldcf/authorities/interfaces/UserRecord.java

Added: manifoldcf/branches/CONNECTORS-703/framework/authority-servlet/src/main/java/org/apache/manifoldcf/authorityservlet/RecordACLServlet.java
URL: http://svn.apache.org/viewvc/manifoldcf/branches/CONNECTORS-703/framework/authority-servlet/src/main/java/org/apache/manifoldcf/authorityservlet/RecordACLServlet.java?rev=1496224&view=auto
==============================================================================
--- manifoldcf/branches/CONNECTORS-703/framework/authority-servlet/src/main/java/org/apache/manifoldcf/authorityservlet/RecordACLServlet.java (added)
+++ manifoldcf/branches/CONNECTORS-703/framework/authority-servlet/src/main/java/org/apache/manifoldcf/authorityservlet/RecordACLServlet.java Mon Jun 24 21:29:10 2013
@@ -0,0 +1,303 @@
+/* $Id$ */
+
+/**
+* Licensed to the Apache Software Foundation (ASF) under one or more
+* contributor license agreements. See the NOTICE file distributed with
+* this work for additional information regarding copyright ownership.
+* The ASF licenses this file to You under the Apache License, Version 2.0
+* (the "License"); you may not use this file except in compliance with
+* the License. You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package org.apache.manifoldcf.authorityservlet;
+
+import org.apache.manifoldcf.core.interfaces.*;
+import org.apache.manifoldcf.authorities.interfaces.*;
+import org.apache.manifoldcf.authorities.system.ManifoldCF;
+import org.apache.manifoldcf.authorities.system.Logging;
+import org.apache.manifoldcf.authorities.system.RequestQueue;
+import org.apache.manifoldcf.authorities.system.AuthRequest;
+
+import java.io.*;
+import java.util.*;
+import java.net.*;
+
+import javax.servlet.*;
+import javax.servlet.http.*;
+
+/** This servlet class is meant to receive a portion of a user record and return a list of access tokens.
+* The domain sequence and user name are expected to be sent as an argument on the url
+* (the multivalued "domain" argument), and the single-valued "username" argument.  For example:
+*
+* ?domain=activedirectory&domain=foo.com&username=johnqpublic
+*
+* The response will simply be a list of access tokens separated by newlines.
+*
+* Errors will simply report back with an empty acl.
+*
+* The content type will always be text/plain.
+*/
+public class RecordACLServlet extends HttpServlet
+{
+  public static final String _rcsid = "@(#)$Id$";
+
+  protected final static String AUTHORIZED_VALUE = "AUTHORIZED:";
+  protected final static String UNREACHABLE_VALUE = "UNREACHABLEAUTHORITY:";
+  protected final static String UNAUTHORIZED_VALUE = "UNAUTHORIZED:";
+  protected final static String USERNOTFOUND_VALUE = "USERNOTFOUND:";
+
+  protected final static String ID_PREFIX = "ID:";
+  protected final static String TOKEN_PREFIX = "TOKEN:";
+
+  /** The init method.
+  */
+  public void init(ServletConfig config)
+    throws ServletException
+  {
+    super.init(config);
+    try
+    {
+      // Set up the environment
+      //ManifoldCF.initializeEnvironment();
+      IThreadContext itc = ThreadContextFactory.make();
+      ManifoldCF.startSystem(itc);
+    }
+    catch (ManifoldCFException e)
+    {
+      Logging.misc.error("Error starting authority service: "+e.getMessage(),e);
+      throw new ServletException("Error starting authority service: "+e.getMessage(),e);
+    }
+
+  }
+
+  /** The destroy method.
+  */
+  public void destroy()
+  {
+    try
+    {
+      // Set up the environment
+      //ManifoldCF.initializeEnvironment();
+      IThreadContext itc = ThreadContextFactory.make();
+      ManifoldCF.stopSystem(itc);
+    }
+    catch (ManifoldCFException e)
+    {
+      Logging.misc.error("Error shutting down authority service: "+e.getMessage(),e);
+    }
+    super.destroy();
+  }
+
+  /** The get method.
+  */
+  protected void doGet(HttpServletRequest request, HttpServletResponse response)
+    throws ServletException, IOException
+  {
+    try
+    {
+      // Set up the environment
+      //ManifoldCF.initializeEnvironment();
+
+      Logging.authorityService.debug("Received request");
+
+      String[] domains = request.getParameterValues("domain");
+      if (domains == null)
+      {
+        response.sendError(response.SC_BAD_REQUEST);
+        return;
+      }
+
+      String userID = request.getParameter("username");
+      if (userID == null)
+      {
+        response.sendError(response.SC_BAD_REQUEST);
+        return;
+      }
+
+      UserRecord userRecord = null;
+      int domainIndex = domains.length;
+      while (--domainIndex >= 0)
+      {
+        if (userRecord == null)
+        {
+          userRecord = new UserRecord();
+          userRecord.setDomainValue(domains[domainIndex], userID);
+        }
+        else
+        {
+          UserRecord newUserRecord = new UserRecord();
+          newUserRecord.setDomainValue(domains[domainIndex], userRecord);
+          userRecord = newUserRecord;
+        }
+      }
+
+      boolean idneeded = false;
+      boolean aclneeded = true;
+
+      String idneededValue = request.getParameter("idneeded");
+      if (idneededValue != null)
+      {
+        if (idneededValue.equals("true"))
+          idneeded = true;
+        else if (idneededValue.equals("false"))
+          idneeded = false;
+      }
+      String aclneededValue = request.getParameter("aclneeded");
+      if (aclneededValue != null)
+      {
+        if (aclneededValue.equals("true"))
+          aclneeded = true;
+        else if (aclneededValue.equals("false"))
+          aclneeded = false;
+      }
+
+      if (Logging.authorityService.isDebugEnabled())
+      {
+        Logging.authorityService.debug("Received authority request for user record '"+userRecord+"'");
+      }
+
+      // MHL for the mapping part
+
+      RequestQueue<AuthRequest> queue = ManifoldCF.getRequestQueue();
+      if (queue == null)
+      {
+        // System wasn't started; return unauthorized
+        throw new ManifoldCFException("System improperly initialized");
+      }
+
+      IThreadContext itc = ThreadContextFactory.make();
+      IAuthorityConnectionManager authConnManager = AuthorityConnectionManagerFactory.make(itc);
+
+      IAuthorityConnection[] connections = authConnManager.getAllConnections();
+      int i = 0;
+
+      AuthRequest[] requests = new AuthRequest[connections.length];
+
+      // Queue up all the requests
+      while (i < connections.length)
+      {
+        IAuthorityConnection ac = connections[i];
+
+        String identifyingString = ac.getDescription();
+        if (identifyingString == null || identifyingString.length() == 0)
+          identifyingString = ac.getName();
+
+        AuthRequest ar = new AuthRequest(userRecord,ac.getClassName(),identifyingString,ac.getConfigParams(),ac.getMaxConnections());
+        queue.addRequest(ar);
+
+        requests[i++] = ar;
+      }
+
+      // Now, work through the returning answers.
+      i = 0;
+
+      // Ask all the registered authorities for their ACLs, and merge the final list together.
+      StringBuilder sb = new StringBuilder();
+      // Set response mime type
+      response.setContentType("text/plain; charset=ISO8859-1");
+      ServletOutputStream out = response.getOutputStream();
+      try
+      {
+        while (i < connections.length)
+        {
+          IAuthorityConnection ac = connections[i];
+          AuthRequest ar = requests[i++];
+
+          if (Logging.authorityService.isDebugEnabled())
+            Logging.authorityService.debug("Waiting for answer from connector class '"+ac.getClassName()+"' for user '"+userID+"'");
+
+          ar.waitForComplete();
+
+          if (Logging.authorityService.isDebugEnabled())
+            Logging.authorityService.debug("Received answer from connector class '"+ac.getClassName()+"' for user '"+userID+"'");
+
+          Throwable exception = ar.getAnswerException();
+          AuthorizationResponse reply = ar.getAnswerResponse();
+          if (exception != null)
+          {
+            // Exceptions are always bad now
+            // The ManifoldCFException here must disable access to the UI without causing a generic badness thing to happen, so use 403.
+            if (exception instanceof ManifoldCFException)
+              response.sendError(response.SC_FORBIDDEN,"From "+ar.getIdentifyingString()+": "+exception.getMessage());
+            else
+              response.sendError(response.SC_INTERNAL_SERVER_ERROR,"From "+ar.getIdentifyingString()+": "+exception.getMessage());
+            return;
+          }
+
+          if (reply.getResponseStatus() == AuthorizationResponse.RESPONSE_UNREACHABLE)
+          {
+            Logging.authorityService.warn("Authority '"+ar.getIdentifyingString()+"' is unreachable for user '"+userRecord+"'");
+            sb.append(UNREACHABLE_VALUE).append(java.net.URLEncoder.encode(ar.getIdentifyingString(),"UTF-8")).append("\n");
+          }
+          else if (reply.getResponseStatus() == AuthorizationResponse.RESPONSE_USERUNAUTHORIZED)
+          {
+            if (Logging.authorityService.isDebugEnabled())
+              Logging.authorityService.debug("Authority '"+ar.getIdentifyingString()+"' does not authorize user '"+userRecord+"'");
+            sb.append(UNAUTHORIZED_VALUE).append(java.net.URLEncoder.encode(ar.getIdentifyingString(),"UTF-8")).append("\n");
+          }
+          else if (reply.getResponseStatus() == AuthorizationResponse.RESPONSE_USERNOTFOUND)
+          {
+            if (Logging.authorityService.isDebugEnabled())
+              Logging.authorityService.debug("User '"+userRecord+"' unknown to authority '"+ar.getIdentifyingString()+"'");
+            sb.append(USERNOTFOUND_VALUE).append(java.net.URLEncoder.encode(ar.getIdentifyingString(),"UTF-8")).append("\n");
+          }
+          else
+            sb.append(AUTHORIZED_VALUE).append(java.net.URLEncoder.encode(ar.getIdentifyingString(),"UTF-8")).append("\n");
+
+          String[] acl = reply.getAccessTokens();
+          if (acl != null)
+          {
+            if (aclneeded)
+            {
+              int j = 0;
+              while (j < acl.length)
+              {
+                if (Logging.authorityService.isDebugEnabled())
+                  Logging.authorityService.debug("  User '"+userID+"' has Acl = '"+acl[j]+"' from authority '"+ar.getIdentifyingString()+"'");
+                sb.append(TOKEN_PREFIX).append(java.net.URLEncoder.encode(ac.getName(),"UTF-8")).append(":").append(java.net.URLEncoder.encode(acl[j++],"UTF-8")).append("\n");
+              }
+            }
+          }
+        }
+
+        if (idneeded)
+          sb.append(ID_PREFIX).append(java.net.URLEncoder.encode(userID,"UTF-8")).append("\n");
+
+        byte[] responseValue = sb.toString().getBytes("ISO8859-1");
+
+        response.setIntHeader("Content-Length", (int)responseValue.length);
+        out.write(responseValue,0,responseValue.length);
+        out.flush();
+      }
+      finally
+      {
+        out.close();
+      }
+
+      if (Logging.authorityService.isDebugEnabled())
+        Logging.authorityService.debug("Done with request for '"+userID+"'");
+    }
+    catch (InterruptedException e)
+    {
+      // Shut down and don't bother to respond
+    }
+    catch (java.io.UnsupportedEncodingException e)
+    {
+      Logging.authorityService.error("Unsupported encoding: "+e.getMessage(),e);
+      throw new ServletException("Fatal error occurred: "+e.getMessage(),e);
+    }
+    catch (ManifoldCFException e)
+    {
+      Logging.authorityService.error("User ACL servlet error: "+e.getMessage(),e);
+      response.sendError(response.SC_INTERNAL_SERVER_ERROR,e.getMessage());
+    }
+  }
+
+}

Propchange: manifoldcf/branches/CONNECTORS-703/framework/authority-servlet/src/main/java/org/apache/manifoldcf/authorityservlet/RecordACLServlet.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: manifoldcf/branches/CONNECTORS-703/framework/authority-servlet/src/main/java/org/apache/manifoldcf/authorityservlet/RecordACLServlet.java
------------------------------------------------------------------------------
    svn:keywords = Id

Modified: manifoldcf/branches/CONNECTORS-703/framework/pull-agent/src/main/java/org/apache/manifoldcf/authorities/interfaces/UserRecord.java
URL: http://svn.apache.org/viewvc/manifoldcf/branches/CONNECTORS-703/framework/pull-agent/src/main/java/org/apache/manifoldcf/authorities/interfaces/UserRecord.java?rev=1496224&r1=1496223&r2=1496224&view=diff
==============================================================================
--- manifoldcf/branches/CONNECTORS-703/framework/pull-agent/src/main/java/org/apache/manifoldcf/authorities/interfaces/UserRecord.java (original)
+++ manifoldcf/branches/CONNECTORS-703/framework/pull-agent/src/main/java/org/apache/manifoldcf/authorities/interfaces/UserRecord.java Mon Jun 24 21:29:10 2013
@@ -110,5 +110,19 @@ public class UserRecord
   {
     return userInfo.size();
   }
+  
+  /** Convert to string */
+  public synchronized String toString() 
+  {
+    StringBuilder sb = new StringBuilder("{");
+    Iterator<String> iter = iteratorDomains();
+    while (iter.hasNext())
+    {
+      String next = iter.next();
+      sb.append(next).append(":").append(userInfo.get(next).toString());
+      sb.append("}");
+    }
+    return sb.toString();
+  }
 }