public void fromString(String iRecordId) {
if (iRecordId != null) iRecordId = iRecordId.trim();
if (iRecordId == null || iRecordId.isEmpty()) {
clusterId = CLUSTER_ID_INVALID;
clusterPosition = CLUSTER_POS_INVALID;
return;
}
if (!OStringSerializerHelper.contains(iRecordId, SEPARATOR))
throw new IllegalArgumentException(
"Argument '"
+ iRecordId
+ "' is not a RecordId in form of string. Format must be: <cluster-id>:<cluster-position>");
final List<String> parts = OStringSerializerHelper.split(iRecordId, SEPARATOR, PREFIX);
if (parts.size() != 2)
throw new IllegalArgumentException(
"Argument received '"
+ iRecordId
+ "' is not a RecordId in form of string. Format must be: #<cluster-id>:<cluster-position>. Example: #3:12");
clusterId = Integer.parseInt(parts.get(0));
checkClusterLimits();
clusterPosition = OClusterPositionFactory.INSTANCE.valueOf(parts.get(1));
}
public static void checkFetchPlanValid(final String iFetchPlan) {
if (iFetchPlan != null && !iFetchPlan.isEmpty()) {
// CHECK IF THERE IS SOME FETCH-DEPTH
final List<String> planParts = OStringSerializerHelper.split(iFetchPlan, ' ');
if (!planParts.isEmpty()) {
for (String planPart : planParts) {
final List<String> parts = OStringSerializerHelper.split(planPart, ':');
if (parts.size() != 2) {
throw new IllegalArgumentException("Fetch plan '" + iFetchPlan + "' is invalid");
}
}
} else {
throw new IllegalArgumentException("Fetch plan '" + iFetchPlan + "' is invalid");
}
}
}
protected ODatabaseDocumentTx getProfiledDatabaseInstance(final OHttpRequest iRequest)
throws InterruptedException {
if (iRequest.authorization == null)
throw new OSecurityAccessException(iRequest.databaseName, "No user and password received");
final List<String> parts = OStringSerializerHelper.split(iRequest.authorization, ':');
return OSharedDocumentDatabase.acquire(iRequest.databaseName, parts.get(0), parts.get(1));
}
public static boolean isFetchPlanValid(final String iFetchPlan) {
if (iFetchPlan != null && !iFetchPlan.isEmpty()) {
// CHECK IF THERE IS SOME FETCH-DEPTH
final List<String> planParts = OStringSerializerHelper.split(iFetchPlan, ' ');
if (!planParts.isEmpty()) {
for (String planPart : planParts) {
final List<String> parts = OStringSerializerHelper.split(planPart, ':');
if (parts.size() != 2) {
return false;
}
}
} else {
return false;
}
}
return true;
}
public static Map<String, Integer> buildFetchPlan(final String iFetchPlan) {
final Map<String, Integer> fetchPlan = new HashMap<String, Integer>();
fetchPlan.put(ROOT_FETCH, 0);
if (iFetchPlan != null) {
// CHECK IF THERE IS SOME FETCH-DEPTH
final List<String> planParts = OStringSerializerHelper.split(iFetchPlan, ' ');
if (!planParts.isEmpty()) {
List<String> parts;
for (String planPart : planParts) {
parts = OStringSerializerHelper.split(planPart, ':');
if (parts.size() != 2)
throw new IllegalArgumentException("Wrong fetch plan: " + planPart);
fetchPlan.put(parts.get(0), Integer.parseInt(parts.get(1)));
}
}
}
return fetchPlan;
}
@Override
public boolean beforeExecute(final OHttpRequest iRequest, OHttpResponse iResponse)
throws IOException {
final String[] urlParts = iRequest.url.substring(1).split("/");
if (urlParts.length < 2)
throw new OHttpRequestException(
"Syntax error in URL. Expected is: <command>/<database>[/...]");
iRequest.databaseName = urlParts[1].replace(DBNAME_DIR_SEPARATOR, '/');
final List<String> authenticationParts =
iRequest.authorization != null
? OStringSerializerHelper.split(iRequest.authorization, ':')
: null;
if (iRequest.sessionId == null || iRequest.sessionId.length() == 1) {
// NO SESSION
if (iRequest.authorization == null || SESSIONID_LOGOUT.equals(iRequest.sessionId)) {
sendAuthorizationRequest(iRequest, iResponse, iRequest.databaseName);
return false;
} else return authenticate(iRequest, iResponse, authenticationParts, iRequest.databaseName);
} else {
// CHECK THE SESSION VALIDITY
final OHttpSession currentSession =
OHttpSessionManager.getInstance().getSession(iRequest.sessionId);
if (currentSession == null) {
// SESSION EXPIRED
sendAuthorizationRequest(iRequest, iResponse, iRequest.databaseName);
return false;
} else if (!currentSession.getDatabaseName().equals(iRequest.databaseName)) {
// SECURITY PROBLEM: CROSS DATABASE REQUEST!
OLogManager.instance()
.warn(
this,
"Session %s is trying to access to the database '%s', but has been authenticated against the database '%s'",
iRequest.sessionId,
iRequest.databaseName,
currentSession.getDatabaseName());
sendAuthorizationRequest(iRequest, iResponse, iRequest.databaseName);
return false;
} else if (authenticationParts != null
&& !currentSession.getUserName().equals(authenticationParts.get(0))) {
// SECURITY PROBLEM: CROSS DATABASE REQUEST!
OLogManager.instance()
.warn(
this,
"Session %s is trying to access to the database '%s' with user '%s', but has been authenticated with user '%s'",
iRequest.sessionId,
iRequest.databaseName,
authenticationParts.get(0),
currentSession.getUserName());
sendAuthorizationRequest(iRequest, iResponse, iRequest.databaseName);
return false;
}
return true;
}
}
