Beispiel #1
0
  public void fromString(String iRecordId) {
    if (iRecordId != null) iRecordId = iRecordId.trim();

    if (iRecordId == null || iRecordId.isEmpty()) {
      clusterId = CLUSTER_ID_INVALID;
      clusterPosition = CLUSTER_POS_INVALID;
      return;
    }

    if (!OStringSerializerHelper.contains(iRecordId, SEPARATOR))
      throw new IllegalArgumentException(
          "Argument '"
              + iRecordId
              + "' is not a RecordId in form of string. Format must be: <cluster-id>:<cluster-position>");

    final List<String> parts = OStringSerializerHelper.split(iRecordId, SEPARATOR, PREFIX);

    if (parts.size() != 2)
      throw new IllegalArgumentException(
          "Argument received '"
              + iRecordId
              + "' is not a RecordId in form of string. Format must be: #<cluster-id>:<cluster-position>. Example: #3:12");

    clusterId = Integer.parseInt(parts.get(0));
    checkClusterLimits();
    clusterPosition = OClusterPositionFactory.INSTANCE.valueOf(parts.get(1));
  }
Beispiel #2
0
  public static void checkFetchPlanValid(final String iFetchPlan) {

    if (iFetchPlan != null && !iFetchPlan.isEmpty()) {
      // CHECK IF THERE IS SOME FETCH-DEPTH
      final List<String> planParts = OStringSerializerHelper.split(iFetchPlan, ' ');
      if (!planParts.isEmpty()) {
        for (String planPart : planParts) {
          final List<String> parts = OStringSerializerHelper.split(planPart, ':');
          if (parts.size() != 2) {
            throw new IllegalArgumentException("Fetch plan '" + iFetchPlan + "' is invalid");
          }
        }
      } else {
        throw new IllegalArgumentException("Fetch plan '" + iFetchPlan + "' is invalid");
      }
    }
  }
  protected ODatabaseDocumentTx getProfiledDatabaseInstance(final OHttpRequest iRequest)
      throws InterruptedException {
    if (iRequest.authorization == null)
      throw new OSecurityAccessException(iRequest.databaseName, "No user and password received");

    final List<String> parts = OStringSerializerHelper.split(iRequest.authorization, ':');

    return OSharedDocumentDatabase.acquire(iRequest.databaseName, parts.get(0), parts.get(1));
  }
Beispiel #4
0
  public static boolean isFetchPlanValid(final String iFetchPlan) {

    if (iFetchPlan != null && !iFetchPlan.isEmpty()) {
      // CHECK IF THERE IS SOME FETCH-DEPTH
      final List<String> planParts = OStringSerializerHelper.split(iFetchPlan, ' ');
      if (!planParts.isEmpty()) {
        for (String planPart : planParts) {
          final List<String> parts = OStringSerializerHelper.split(planPart, ':');
          if (parts.size() != 2) {
            return false;
          }
        }
      } else {
        return false;
      }
    }

    return true;
  }
Beispiel #5
0
  public static Map<String, Integer> buildFetchPlan(final String iFetchPlan) {
    final Map<String, Integer> fetchPlan = new HashMap<String, Integer>();
    fetchPlan.put(ROOT_FETCH, 0);
    if (iFetchPlan != null) {
      // CHECK IF THERE IS SOME FETCH-DEPTH
      final List<String> planParts = OStringSerializerHelper.split(iFetchPlan, ' ');
      if (!planParts.isEmpty()) {

        List<String> parts;
        for (String planPart : planParts) {
          parts = OStringSerializerHelper.split(planPart, ':');
          if (parts.size() != 2)
            throw new IllegalArgumentException("Wrong fetch plan: " + planPart);

          fetchPlan.put(parts.get(0), Integer.parseInt(parts.get(1)));
        }
      }
    }
    return fetchPlan;
  }
  @Override
  public boolean beforeExecute(final OHttpRequest iRequest, OHttpResponse iResponse)
      throws IOException {
    final String[] urlParts = iRequest.url.substring(1).split("/");
    if (urlParts.length < 2)
      throw new OHttpRequestException(
          "Syntax error in URL. Expected is: <command>/<database>[/...]");

    iRequest.databaseName = urlParts[1].replace(DBNAME_DIR_SEPARATOR, '/');
    final List<String> authenticationParts =
        iRequest.authorization != null
            ? OStringSerializerHelper.split(iRequest.authorization, ':')
            : null;

    if (iRequest.sessionId == null || iRequest.sessionId.length() == 1) {
      // NO SESSION
      if (iRequest.authorization == null || SESSIONID_LOGOUT.equals(iRequest.sessionId)) {
        sendAuthorizationRequest(iRequest, iResponse, iRequest.databaseName);
        return false;
      } else return authenticate(iRequest, iResponse, authenticationParts, iRequest.databaseName);

    } else {
      // CHECK THE SESSION VALIDITY
      final OHttpSession currentSession =
          OHttpSessionManager.getInstance().getSession(iRequest.sessionId);
      if (currentSession == null) {
        // SESSION EXPIRED
        sendAuthorizationRequest(iRequest, iResponse, iRequest.databaseName);
        return false;

      } else if (!currentSession.getDatabaseName().equals(iRequest.databaseName)) {

        // SECURITY PROBLEM: CROSS DATABASE REQUEST!
        OLogManager.instance()
            .warn(
                this,
                "Session %s is trying to access to the database '%s', but has been authenticated against the database '%s'",
                iRequest.sessionId,
                iRequest.databaseName,
                currentSession.getDatabaseName());
        sendAuthorizationRequest(iRequest, iResponse, iRequest.databaseName);
        return false;

      } else if (authenticationParts != null
          && !currentSession.getUserName().equals(authenticationParts.get(0))) {

        // SECURITY PROBLEM: CROSS DATABASE REQUEST!
        OLogManager.instance()
            .warn(
                this,
                "Session %s is trying to access to the database '%s' with user '%s', but has been authenticated with user '%s'",
                iRequest.sessionId,
                iRequest.databaseName,
                authenticationParts.get(0),
                currentSession.getUserName());
        sendAuthorizationRequest(iRequest, iResponse, iRequest.databaseName);
        return false;
      }

      return true;
    }
  }