@Override
 public final void enforceGetDatastreamHistory(Context context, String pid, String datastreamId)
     throws AuthzException {
   try {
     logger.debug("Entered enforceGetDatastreamHistory");
     String target = Constants.ACTION.GET_DATASTREAM_HISTORY.uri;
     context.setActionAttributes(null);
     MultiValueMap<URI> resourceAttributes = new MultiValueMap<URI>();
     try {
       resourceAttributes.set(Constants.DATASTREAM.ID.attributeId, datastreamId);
     } catch (Exception e) {
       context.setResourceAttributes(null);
       throw new AuthzOperationalException(
           target + " couldn't set " + Constants.DATASTREAM.ID.uri, e);
     }
     context.setResourceAttributes(resourceAttributes);
     xacmlPep.enforce(
         context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri),
         target,
         Constants.ACTION.APIM.uri,
         pid,
         extractNamespace(pid),
         context);
   } finally {
     logger.debug("Exiting enforceGetDatastreamHistory");
   }
 }
 @Override
 public void enforceGetDatastreamDissemination(
     Context context, String pid, String datastreamId, Date asOfDate) throws AuthzException {
   try {
     logger.debug("Entered enforceGetDatastreamDissemination");
     String target = Constants.ACTION.GET_DATASTREAM_DISSEMINATION.uri;
     context.setActionAttributes(null);
     MultiValueMap<URI> resourceAttributes = new MultiValueMap<URI>();
     URI name = null;
     try {
       name = Constants.DATASTREAM.ID.attributeId;
       resourceAttributes.set(name, datastreamId);
       name = Constants.RESOURCE.AS_OF_DATETIME.attributeId;
       resourceAttributes.set(name, ensureDate(asOfDate, context));
     } catch (Exception e) {
       context.setResourceAttributes(null);
       throw new AuthzOperationalException(target + " couldn't set " + name, e);
     }
     context.setResourceAttributes(resourceAttributes);
     xacmlPep.enforce(
         context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri),
         target,
         Constants.ACTION.APIA.uri,
         pid,
         extractNamespace(pid),
         context);
   } finally {
     logger.debug("Exiting enforceGetDatastreamDissemination");
   }
 }
 @Override
 public final void enforceIngest(Context context, String pid, String format, String ingestEncoding)
     throws AuthzException {
   try {
     logger.debug("Entered enforceIngest");
     String target = Constants.ACTION.INGEST.uri;
     context.setActionAttributes(null);
     MultiValueMap<URI> resourceAttributes = new MultiValueMap<URI>();
     URI name = null;
     try {
       name = Constants.OBJECT.FORMAT_URI.attributeId;
       resourceAttributes.set(name, format);
       name = Constants.OBJECT.ENCODING.attributeId;
       resourceAttributes.set(name, ingestEncoding);
     } catch (Exception e) {
       context.setResourceAttributes(null);
       throw new AuthzOperationalException(target + " couldn't set " + name, e);
     }
     context.setResourceAttributes(resourceAttributes);
     xacmlPep.enforce(
         context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri),
         target,
         Constants.ACTION.APIM.uri,
         pid,
         extractNamespace(pid),
         context);
   } finally {
     logger.debug("Exiting enforceIngest");
   }
 }
 @Override
 public final void enforceModifyObject(
     Context context, String pid, String objectNewState, String objectNewOwnerId)
     throws AuthzException {
   try {
     logger.debug("Entered enforceModifyObject");
     String target = Constants.ACTION.MODIFY_OBJECT.uri;
     context.setActionAttributes(null);
     MultiValueMap<URI> resourceAttributes = new MultiValueMap<URI>();
     URI name = null;
     try {
       name = Constants.OBJECT.NEW_STATE.attributeId;
       resourceAttributes.set(name, objectNewState);
       if (objectNewOwnerId != null) {
         name = Constants.OBJECT.OWNER.attributeId;
         resourceAttributes.set(name, objectNewOwnerId.split(m_ownerIdSeparator));
       }
     } catch (Exception e) {
       context.setResourceAttributes(null);
       throw new AuthzOperationalException(target + " couldn't set " + name, e);
     }
     context.setResourceAttributes(resourceAttributes);
     xacmlPep.enforce(
         context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri),
         target,
         Constants.ACTION.APIM.uri,
         pid,
         extractNamespace(pid),
         context);
   } finally {
     logger.debug("Exiting enforceModifyObject");
   }
 }
 @Override
 public void enforce_Internal_DSState(Context context, String id, String state)
     throws AuthzException {
   try {
     logger.debug("Entered enforce_Internal_DSState");
     String target = Constants.ACTION.INTERNAL_DSSTATE.uri;
     context.setActionAttributes(null);
     MultiValueMap<URI> resourceAttributes = new MultiValueMap<URI>();
     try {
       resourceAttributes.set(Constants.DATASTREAM.ID.attributeId, id);
     } catch (Exception e) {
       context.setResourceAttributes(null);
       throw new AuthzOperationalException(
           target + " couldn't set " + Constants.DATASTREAM.ID.uri, e);
     }
     try {
       resourceAttributes.set(Constants.DATASTREAM.STATE.attributeId, state);
     } catch (Exception e) {
       context.setResourceAttributes(null);
       throw new AuthzOperationalException(
           target + " couldn't set " + Constants.DATASTREAM.STATE.uri, e);
     }
     context.setResourceAttributes(resourceAttributes);
     xacmlPep.enforce(
         context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri),
         target,
         Constants.ACTION.APIA.uri,
         "",
         "",
         context);
   } finally {
     logger.debug("Exiting enforce_Internal_DSState");
   }
 }
 @Override
 public final void enforceGetObjectXML(Context context, String pid, String objectXmlEncoding)
     throws AuthzException {
   try {
     logger.debug("Entered enforceGetObjectXML");
     String target = Constants.ACTION.GET_OBJECT_XML.uri;
     context.setActionAttributes(null);
     MultiValueMap<URI> resourceAttributes = new MultiValueMap<URI>();
     try {
       resourceAttributes.set(Constants.OBJECT.ENCODING.attributeId, objectXmlEncoding);
     } catch (Exception e) {
       context.setResourceAttributes(null);
       throw new AuthzOperationalException(
           target + " couldn't set " + Constants.OBJECT.ENCODING.uri, e);
     }
     context.setResourceAttributes(resourceAttributes);
     xacmlPep.enforce(
         context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri),
         target,
         Constants.ACTION.APIM.uri,
         pid,
         extractNamespace(pid),
         context);
   } finally {
     logger.debug("Exiting enforceGetObjectXML");
   }
 }
 @Override
 public final void enforceGetNextPid(Context context, String namespace, int nNewPids)
     throws AuthzException {
   try {
     logger.debug("Entered enforceGetNextPid");
     String target = Constants.ACTION.GET_NEXT_PID.uri;
     context.setActionAttributes(null);
     MultiValueMap<URI> resourceAttributes = new MultiValueMap<URI>();
     try {
       String nNewPidsAsString = Integer.toString(nNewPids);
       resourceAttributes.set(Constants.OBJECT.N_PIDS.attributeId, nNewPidsAsString);
     } catch (Exception e) {
       context.setResourceAttributes(null);
       throw new AuthzOperationalException(
           target + " couldn't set " + Constants.OBJECT.N_PIDS.uri, e);
     }
     context.setResourceAttributes(resourceAttributes);
     xacmlPep.enforce(
         context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri),
         target,
         Constants.ACTION.APIM.uri,
         "",
         namespace,
         context);
   } finally {
     logger.debug("Exiting enforceGetNextPid");
   }
 }
 @Override
 public void enforceRetrieveFile(Context context, String fileURI) throws AuthzException {
   try {
     logger.debug("Entered enforceRetrieveFile for {}", fileURI);
     String target = Constants.ACTION.RETRIEVE_FILE.uri;
     context.setActionAttributes(null);
     try {
       MultiValueMap<URI> resourceAttributes = new MultiValueMap<URI>();
       resourceAttributes.set(Constants.DATASTREAM.FILE_URI.attributeId, fileURI);
       context.setResourceAttributes(resourceAttributes);
     } catch (Exception e) {
       context.setResourceAttributes(null);
       throw new AuthzOperationalException(
           target + " couldn't be set " + Constants.DATASTREAM.FILE_URI.uri, e);
     }
     xacmlPep.enforce(
         context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri),
         target,
         Constants.ACTION.APIM.uri,
         "",
         extractNamespace(fileURI),
         context);
   } finally {
     logger.debug("Exiting enforceRetrieveFile");
   }
 }
 @Override
 public void enforcePurgeRelationship(
     Context context,
     String pid,
     String predicate,
     String object,
     boolean isLiteral,
     String datatype)
     throws AuthzException {
   try {
     logger.debug("Entered enforcePurgeRelationship");
     String target = Constants.ACTION.PURGE_RELATIONSHIP.uri;
     context.setActionAttributes(null);
     MultiValueMap<URI> resourceAttributes = new MultiValueMap<URI>();
     try {
       resourceAttributes.set(Constants.OBJECT.PID.attributeId, pid);
     } catch (Exception e) {
       context.setResourceAttributes(null);
       throw new AuthzOperationalException(
           target + " couldn't set " + Constants.OBJECT.PID.uri, e);
     }
     context.setResourceAttributes(resourceAttributes);
     xacmlPep.enforce(
         context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri),
         target,
         Constants.ACTION.APIM.uri,
         pid,
         extractNamespace(pid),
         context);
   } finally {
     logger.debug("Exiting enforcePurgeRelationship");
   }
 }
 @Override
 public void enforceGetObjectProfile(Context context, String pid, Date asOfDate)
     throws AuthzException {
   try {
     logger.debug("Entered enforceGetObjectProfile");
     String target = Constants.ACTION.GET_OBJECT_PROFILE.uri;
     context.setActionAttributes(null);
     MultiValueMap<URI> resourceAttributes = new MultiValueMap<URI>();
     try {
       resourceAttributes.set(
           Constants.RESOURCE.AS_OF_DATETIME.attributeId, ensureDate(asOfDate, context));
     } catch (Exception e) {
       context.setResourceAttributes(null);
       throw new AuthzOperationalException(
           target + " couldn't set " + Constants.RESOURCE.AS_OF_DATETIME.uri, e);
     }
     context.setResourceAttributes(resourceAttributes);
     xacmlPep.enforce(
         context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri),
         target,
         Constants.ACTION.APIA.uri,
         pid,
         extractNamespace(pid),
         context);
   } finally {
     logger.debug("Exiting enforceGetObjectProfile");
   }
 }
 @Override
 public final void enforceSetDatastreamVersionable(
     Context context, String pid, String datastreamId, boolean datastreamNewVersionable)
     throws AuthzException {
   try {
     logger.debug("Entered enforceSetDatastreamVersionable");
     String target = Constants.ACTION.SET_DATASTREAM_VERSIONABLE.uri;
     context.setActionAttributes(null);
     MultiValueMap<URI> resourceAttributes = new MultiValueMap<URI>();
     URI name = null;
     try {
       name = Constants.DATASTREAM.ID.attributeId;
       resourceAttributes.set(name, datastreamId);
       name = Constants.DATASTREAM.NEW_VERSIONABLE.attributeId;
       resourceAttributes.set(name, new Boolean(datastreamNewVersionable).toString());
     } catch (Exception e) {
       context.setResourceAttributes(null);
       throw new AuthzOperationalException(target + " couldn't set " + name, e);
     }
     context.setResourceAttributes(resourceAttributes);
     xacmlPep.enforce(
         context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri),
         target,
         Constants.ACTION.APIM.uri,
         pid,
         extractNamespace(pid),
         context);
   } finally {
     logger.debug("Exiting enforceSetDatastreamVersionable");
   }
 }
 @SuppressWarnings("deprecation")
 @Override
 public void enforceGetDissemination(
     Context context,
     String pid,
     String sDefPid,
     String methodName,
     Date asOfDate,
     String objectState,
     String sDefState,
     String sDepPid,
     String sDepState,
     String dissState)
     throws AuthzException {
   try {
     logger.debug("Entered enforceGetDissemination");
     String target = Constants.ACTION.GET_DISSEMINATION.uri;
     context.setActionAttributes(null);
     MultiValueMap<URI> resourceAttributes = new MultiValueMap<URI>();
     URI name = null;
     try {
       name = Constants.SDEF.PID.attributeId;
       resourceAttributes.set(name, sDefPid);
       name = Constants.SDEF.NAMESPACE.attributeId;
       resourceAttributes.set(name, extractNamespace(sDefPid));
       name = Constants.DISSEMINATOR.METHOD.attributeId;
       resourceAttributes.set(name, methodName);
       name = Constants.SDEP.PID.attributeId;
       resourceAttributes.set(name, sDepPid);
       name = Constants.SDEP.NAMESPACE.attributeId;
       resourceAttributes.set(name, extractNamespace(sDepPid));
       name = Constants.OBJECT.STATE.attributeId;
       resourceAttributes.set(name, objectState);
       name = Constants.DISSEMINATOR.STATE.attributeId;
       resourceAttributes.set(name, dissState);
       name = Constants.SDEF.STATE.attributeId;
       resourceAttributes.set(name, sDefState);
       name = Constants.SDEP.STATE.attributeId;
       resourceAttributes.set(name, sDepState);
       name = Constants.RESOURCE.AS_OF_DATETIME.attributeId;
       resourceAttributes.set(name, ensureDate(asOfDate, context));
     } catch (Exception e) {
       context.setResourceAttributes(null);
       throw new AuthzOperationalException(target + " couldn't set " + name, e);
     }
     context.setResourceAttributes(resourceAttributes);
     xacmlPep.enforce(
         context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri),
         target,
         Constants.ACTION.APIA.uri,
         pid,
         extractNamespace(pid),
         context);
   } finally {
     logger.debug("Exiting enforceGetDissemination");
   }
 }
 /**
  * Enforce authorization for adding a datastream to an object. Provide attributes for the
  * authorization decision and wrap that xacml decision.
  *
  * <p>The following attributes are available for use in authorization policies during a call to
  * this method.
  *
  * <p>action attributes
  *
  * <ul>
  *   <li>urn:fedora:names:fedora:2.1:action:id ==
  *       urn:fedora:names:fedora:2.1:action:id-addDatastream
  *   <li>urn:fedora:names:fedora:2.1:action:api == urn:fedora:names:fedora:2.1:action:api-m
  * </ul>
  *
  * <p>resource attributes of object to which datastream would be added
  *
  * <ul>
  *   <li>urn:fedora:names:fedora:2.1:resource:object:pid
  *   <li>urn:fedora:names:fedora:2.1:resource:object:namespace (if pid is "x:y", namespace is "x")
  * </ul>
  *
  * <p>resource attributes of datastream which would be added
  *
  * <ul>
  *   <li>urn:fedora:names:fedora:2.1:resource:datastream:mimeType
  *   <li>urn:fedora:names:fedora:2.1:resource:datastream:formatUri
  *   <li>urn:fedora:names:fedora:2.1:resource:datastream:state
  *   <li>urn:fedora:names:fedora:2.1:resource:datastream:id
  *   <li>urn:fedora:names:fedora:2.1:resource:datastream:location
  *   <li>urn:fedora:names:fedora:2.1:resource:datastream:controlGroup
  *   <li>urn:fedora:names:fedora:2.1:resource:datastream:altIds
  *   <li>urn:fedora:names:fedora:2.1:resource:datastream:checksumType
  *   <li>urn:fedora:names:fedora:2.1:resource:datastream:checksum
  * </ul>
  */
 @Override
 public final void enforceAddDatastream(
     Context context,
     String pid,
     String dsId,
     String[] altIDs,
     String MIMEType,
     String formatURI,
     String dsLocation,
     String controlGroup,
     String dsState,
     String checksumType,
     String checksum)
     throws AuthzException {
   try {
     logger.debug("Entered enforceAddDatastream");
     String target = Constants.ACTION.ADD_DATASTREAM.uri;
     context.setActionAttributes(null);
     MultiValueMap<URI> resourceAttributes = new MultiValueMap<URI>();
     URI name = null;
     try {
       name = Constants.DATASTREAM.MIME_TYPE.attributeId;
       resourceAttributes.set(name, MIMEType);
       name = Constants.DATASTREAM.FORMAT_URI.attributeId;
       resourceAttributes.set(name, formatURI);
       name = Constants.DATASTREAM.STATE.attributeId;
       resourceAttributes.set(name, dsState);
       name = Constants.DATASTREAM.ID.attributeId;
       resourceAttributes.set(name, dsId);
       name = Constants.DATASTREAM.LOCATION.attributeId;
       resourceAttributes.set(name, dsLocation);
       name = Constants.DATASTREAM.CONTROL_GROUP.attributeId;
       resourceAttributes.set(name, controlGroup);
       name = Constants.DATASTREAM.ALT_IDS.attributeId;
       resourceAttributes.set(name, altIDs);
       name = Constants.DATASTREAM.CHECKSUM_TYPE.attributeId;
       resourceAttributes.set(name, checksumType);
       name = Constants.DATASTREAM.CHECKSUM.attributeId;
       resourceAttributes.set(name, checksum);
     } catch (Exception e) {
       context.setResourceAttributes(null);
       throw new AuthzOperationalException(target + " couldn't set " + name, e);
     }
     context.setResourceAttributes(resourceAttributes);
     xacmlPep.enforce(
         context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri),
         target,
         Constants.ACTION.APIM.uri,
         pid,
         extractNamespace(pid),
         context);
   } finally {
     logger.debug("Exiting enforceAddDatastream");
   }
 }
 @Override
 public void enforceReloadPolicies(Context context) throws AuthzException {
   try {
     logger.debug("Entered enforceReloadPolicies");
     String target = Constants.ACTION.RELOAD_POLICIES.uri;
     context.setResourceAttributes(null);
     context.setActionAttributes(null);
     xacmlPep.enforce(
         context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri), target, "", "", "", context);
   } finally {
     logger.debug("Exiting enforceReloadPolicies");
   }
 }
 @Override
 public final void enforceModifyDatastreamByReference(
     Context context,
     String pid,
     String datastreamId,
     String[] datastreamNewAltIDs,
     String datastreamNewMimeType,
     String datastreamNewFormatURI,
     String datastreamNewLocation,
     String datastreamNewChecksumType,
     String datastreamNewChecksum)
     throws AuthzException {
   try {
     logger.debug("Entered enforceModifyDatastreamByReference");
     String target = Constants.ACTION.MODIFY_DATASTREAM_BY_REFERENCE.uri;
     context.setActionAttributes(null);
     MultiValueMap<URI> resourceAttributes = new MultiValueMap<URI>();
     URI name = null;
     try {
       name = Constants.DATASTREAM.ID.attributeId;
       resourceAttributes.set(name, datastreamId);
       name = Constants.DATASTREAM.NEW_MIME_TYPE.attributeId;
       resourceAttributes.set(name, datastreamNewMimeType);
       name = Constants.DATASTREAM.NEW_FORMAT_URI.attributeId;
       resourceAttributes.set(name, datastreamNewFormatURI);
       name = Constants.DATASTREAM.NEW_LOCATION.attributeId;
       resourceAttributes.set(name, datastreamNewLocation);
       name = Constants.DATASTREAM.NEW_ALT_IDS.attributeId;
       resourceAttributes.set(name, datastreamNewAltIDs);
       name = Constants.DATASTREAM.NEW_CHECKSUM_TYPE.attributeId;
       resourceAttributes.set(name, datastreamNewChecksumType);
       name = Constants.DATASTREAM.NEW_CHECKSUM.attributeId;
       resourceAttributes.set(name, datastreamNewChecksum);
     } catch (Exception e) {
       context.setResourceAttributes(null);
       throw new AuthzOperationalException(target + " couldn't set " + name, e);
     }
     context.setResourceAttributes(resourceAttributes);
     xacmlPep.enforce(
         context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri),
         target,
         Constants.ACTION.APIM.uri,
         pid,
         extractNamespace(pid),
         context);
   } finally {
     logger.debug("Exiting enforceModifyDatastreamByReference");
   }
 }
 @Override
 public void enforceGetObjectHistory(Context context, String pid) throws AuthzException {
   try {
     logger.debug("Entered enforceGetObjectHistory");
     String target = Constants.ACTION.GET_OBJECT_HISTORY.uri;
     context.setActionAttributes(null);
     context.setResourceAttributes(null);
     xacmlPep.enforce(
         context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri),
         target,
         Constants.ACTION.APIA.uri,
         pid,
         extractNamespace(pid),
         context);
   } finally {
     logger.debug("Exiting enforceGetObjectHistory");
   }
 }
 @Override
 public void enforceRIFindObjects(Context context) throws AuthzException {
   try {
     logger.debug("Entered enforceRIFindObjects");
     String target = Constants.ACTION.RI_FIND_OBJECTS.uri;
     context.setActionAttributes(null);
     context.setResourceAttributes(null);
     xacmlPep.enforce(
         context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri),
         target,
         Constants.ACTION.APIA.uri,
         "",
         "",
         context);
   } finally {
     logger.debug("Exiting enforceRIFindObjects");
   }
 }
 @Override
 public void enforceDescribeRepository(Context context) throws AuthzException {
   try {
     logger.debug("Entered enforceDescribeRepository");
     String target = Constants.ACTION.DESCRIBE_REPOSITORY.uri;
     context.setActionAttributes(null);
     context.setResourceAttributes(null);
     xacmlPep.enforce(
         context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri),
         target,
         Constants.ACTION.APIA.uri,
         "",
         "",
         context);
   } finally {
     logger.debug("Exiting enforceDescribeRepository");
   }
 }
  @Override
  public Object invoke(Object proxy, Method method, Object[] args) throws Throwable {
    // TODO only hook the changing methods
    // args[0] = context
    // args[1] = pid
    Context context = (Context) args[0];
    String pid = args[1].toString();
    // from context, get username
    String username = context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri);
    sharedLockResource database = sharedLockResource.getInstance();

    // check pid and username against databaseAccessor
    if (database.isAvailableForThisUser(pid, username)) {
      return method.invoke(target, args);
    } else {
      throw new IllegalAccessException("Attempted to use a method on a locked object");
    }
  }
 private final String ensureDate(Date date, Context context) throws AuthzOperationalException {
   if (date == null) {
     date = context.now();
   }
   String dateAsString;
   try {
     dateAsString = dateAsString(date);
   } catch (Throwable t) {
     throw new AuthzOperationalException("couldn't make date a string", t);
   }
   return dateAsString;
 }
예제 #21
0
    /**
     * Constructor for ProfileSerializeThread.
     *
     * @param PID The persistent identifier of the specified digital object.
     * @param methodDefs An array of ObjectMethodsDefs.
     * @param versDateTime The version datetime stamp of the request.
     * @param pw A PipedWriter to which the serialization info is written.
     */
    public ObjectMethodsDefSerializerThread(
        Context context,
        String PID,
        ObjectMethodsDef[] methodDefs,
        Date versDateTime,
        PipedWriter pw) {
      this.pw = pw;
      this.PID = PID;
      this.methodDefs = methodDefs;
      this.versDateTime = versDateTime;
      fedoraServerPort = context.getEnvironmentValue(HTTP_REQUEST.SERVER_PORT.attributeId);

      fedoraAppServerContext = context.getEnvironmentValue(Constants.FEDORA_APP_CONTEXT_NAME);
      if (HTTP_REQUEST.SECURE.uri.equals(
          context.getEnvironmentValue(HTTP_REQUEST.SECURITY.attributeId))) {
        fedoraServerProtocol = HTTPS;
      } else if (HTTP_REQUEST.INSECURE.uri.equals(
          context.getEnvironmentValue(HTTP_REQUEST.SECURITY.attributeId))) {
        fedoraServerProtocol = HTTP;
      }
    }
 @Override
 public final void enforceListObjectInResourceIndexResults(Context context, String pid)
     throws AuthzException {
   try {
     logger.debug("Entered enforceListObjectInResourceIndexResults");
     String target = Constants.ACTION.LIST_OBJECT_IN_RESOURCE_INDEX_RESULTS.uri;
     if (enforceListObjectInResourceIndexResults) {
       context.setActionAttributes(null);
       context.setResourceAttributes(null);
       xacmlPep.enforce(
           context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri),
           target,
           Constants.ACTION.APIA.uri,
           pid,
           extractNamespace(pid),
           context);
     }
   } finally {
     logger.debug("Exiting enforceListObjectInResourceIndexResults");
   }
 }
예제 #23
0
  private void writeContextPassword(Context context, XMLEventWriter writer)
      throws XMLStreamException {
    String password = context.getPassword();
    if (password == null) {
      password = "";
    }

    putStartTag(writer, QNAME_TAG_PASSWORD);
    putAttribute(writer, QNAME_ATTR_PASSWORD_TYPE, PASSWORD_CIPHER_TYPE);
    putCharacters(writer, encipherPassword(context, password));
    putEndTag(writer, QNAME_TAG_PASSWORD);
  }
 @Override
 public void enforceResolveDatastream(Context context, Date ticketIssuedDateTime)
     throws AuthzException {
   try {
     logger.debug("Entered enforceResolveDatastream");
     String target = Constants.ACTION.RESOLVE_DATASTREAM.uri;
     context.setResourceAttributes(null);
     MultiValueMap<URI> actionAttributes = new MultiValueMap<URI>();
     try {
       String ticketIssuedDateTimeString = DateUtility.convertDateToString(ticketIssuedDateTime);
       actionAttributes.set(
           Constants.RESOURCE.TICKET_ISSUED_DATETIME.attributeId, ticketIssuedDateTimeString);
     } catch (Exception e) {
       context.setActionAttributes(null);
       throw new AuthzOperationalException(
           target + " couldn't set " + Constants.RESOURCE.TICKET_ISSUED_DATETIME.uri, e);
     }
     context.setActionAttributes(actionAttributes);
     xacmlPep.enforce(
         context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri), target, "", "", "", context);
   } finally {
     logger.debug("Exiting enforceResolveDatastream");
   }
 }
예제 #25
0
 private void writeContextNow(Context context, XMLEventWriter writer) throws XMLStreamException {
   putStartTag(writer, QNAME_TAG_NOW);
   putCharacters(writer, JournalHelper.formatDate(context.now()));
   putEndTag(writer, QNAME_TAG_NOW);
 }
예제 #26
0
 private void writeContextNoOp(Context context, XMLEventWriter writer) throws XMLStreamException {
   putStartTag(writer, QNAME_TAG_NOOP);
   putCharacters(writer, String.valueOf(context.getNoOp()));
   putEndTag(writer, QNAME_TAG_NOOP);
 }
예제 #27
0
 private String encipherPassword(Context context, String password) {
   String key = JournalHelper.formatDate(context.now());
   return PasswordCipher.encipher(key, password);
 }
예제 #28
0
  public void listMethods(
      Context context,
      String PID,
      Date asOfDateTime,
      boolean xml,
      HttpServletRequest request,
      HttpServletResponse response)
      throws ServerException {

    OutputStreamWriter out = null;
    Date versDateTime = asOfDateTime;
    ObjectMethodsDef[] methodDefs = null;
    PipedWriter pw = null;
    PipedReader pr = null;

    try {
      pw = new PipedWriter();
      pr = new PipedReader(pw);
      methodDefs = m_access.listMethods(context, PID, asOfDateTime);

      // Object Profile found.
      // Serialize the ObjectProfile object into XML
      new ObjectMethodsDefSerializerThread(context, PID, methodDefs, versDateTime, pw).start();
      if (xml) {
        // Return results as raw XML
        response.setContentType(CONTENT_TYPE_XML);

        // Insures stream read from PipedReader correctly translates
        // utf-8
        // encoded characters to OutputStreamWriter.
        out = new OutputStreamWriter(response.getOutputStream(), "UTF-8");
        int bufSize = 4096;
        char[] buf = new char[bufSize];
        int len = 0;
        while ((len = pr.read(buf, 0, bufSize)) != -1) {
          out.write(buf, 0, len);
        }
        out.flush();
      } else {
        // Transform results into an html table
        response.setContentType(CONTENT_TYPE_HTML);
        out = new OutputStreamWriter(response.getOutputStream(), "UTF-8");
        File xslFile = new File(m_server.getHomeDir(), "access/listMethods.xslt");
        Templates template = XmlTransformUtility.getTemplates(xslFile);
        Transformer transformer = template.newTransformer();
        transformer.setParameter("fedora", context.getEnvironmentValue(FEDORA_APP_CONTEXT_NAME));
        transformer.transform(new StreamSource(pr), new StreamResult(out));
      }
      out.flush();
    } catch (ServerException e) {
      throw e;
    } catch (Throwable th) {
      String message = "Error listing methods";
      logger.error(message, th);
      throw new GeneralException(message, th);
    } finally {
      try {
        if (pr != null) {
          pr.close();
        }
        if (out != null) {
          out.close();
        }
      } catch (Throwable th) {
        String message =
            "[ListMethodsServlet] An error has occured. "
                + " The error was a \" "
                + th.getClass().getName()
                + " \". Reason: "
                + th.getMessage();
        throw new StreamIOException(message);
      }
    }
  }