public void fromString(String iRecordId) { if (iRecordId != null) iRecordId = iRecordId.trim(); if (iRecordId == null || iRecordId.isEmpty()) { clusterId = CLUSTER_ID_INVALID; clusterPosition = CLUSTER_POS_INVALID; return; } if (!OStringSerializerHelper.contains(iRecordId, SEPARATOR)) throw new IllegalArgumentException( "Argument '" + iRecordId + "' is not a RecordId in form of string. Format must be: <cluster-id>:<cluster-position>"); final List<String> parts = OStringSerializerHelper.split(iRecordId, SEPARATOR, PREFIX); if (parts.size() != 2) throw new IllegalArgumentException( "Argument received '" + iRecordId + "' is not a RecordId in form of string. Format must be: #<cluster-id>:<cluster-position>. Example: #3:12"); clusterId = Integer.parseInt(parts.get(0)); checkClusterLimits(); clusterPosition = OClusterPositionFactory.INSTANCE.valueOf(parts.get(1)); }
public static void checkFetchPlanValid(final String iFetchPlan) { if (iFetchPlan != null && !iFetchPlan.isEmpty()) { // CHECK IF THERE IS SOME FETCH-DEPTH final List<String> planParts = OStringSerializerHelper.split(iFetchPlan, ' '); if (!planParts.isEmpty()) { for (String planPart : planParts) { final List<String> parts = OStringSerializerHelper.split(planPart, ':'); if (parts.size() != 2) { throw new IllegalArgumentException("Fetch plan '" + iFetchPlan + "' is invalid"); } } } else { throw new IllegalArgumentException("Fetch plan '" + iFetchPlan + "' is invalid"); } } }
protected ODatabaseDocumentTx getProfiledDatabaseInstance(final OHttpRequest iRequest) throws InterruptedException { if (iRequest.authorization == null) throw new OSecurityAccessException(iRequest.databaseName, "No user and password received"); final List<String> parts = OStringSerializerHelper.split(iRequest.authorization, ':'); return OSharedDocumentDatabase.acquire(iRequest.databaseName, parts.get(0), parts.get(1)); }
public static boolean isFetchPlanValid(final String iFetchPlan) { if (iFetchPlan != null && !iFetchPlan.isEmpty()) { // CHECK IF THERE IS SOME FETCH-DEPTH final List<String> planParts = OStringSerializerHelper.split(iFetchPlan, ' '); if (!planParts.isEmpty()) { for (String planPart : planParts) { final List<String> parts = OStringSerializerHelper.split(planPart, ':'); if (parts.size() != 2) { return false; } } } else { return false; } } return true; }
public static Map<String, Integer> buildFetchPlan(final String iFetchPlan) { final Map<String, Integer> fetchPlan = new HashMap<String, Integer>(); fetchPlan.put(ROOT_FETCH, 0); if (iFetchPlan != null) { // CHECK IF THERE IS SOME FETCH-DEPTH final List<String> planParts = OStringSerializerHelper.split(iFetchPlan, ' '); if (!planParts.isEmpty()) { List<String> parts; for (String planPart : planParts) { parts = OStringSerializerHelper.split(planPart, ':'); if (parts.size() != 2) throw new IllegalArgumentException("Wrong fetch plan: " + planPart); fetchPlan.put(parts.get(0), Integer.parseInt(parts.get(1))); } } } return fetchPlan; }
@Override public boolean beforeExecute(final OHttpRequest iRequest, OHttpResponse iResponse) throws IOException { final String[] urlParts = iRequest.url.substring(1).split("/"); if (urlParts.length < 2) throw new OHttpRequestException( "Syntax error in URL. Expected is: <command>/<database>[/...]"); iRequest.databaseName = urlParts[1].replace(DBNAME_DIR_SEPARATOR, '/'); final List<String> authenticationParts = iRequest.authorization != null ? OStringSerializerHelper.split(iRequest.authorization, ':') : null; if (iRequest.sessionId == null || iRequest.sessionId.length() == 1) { // NO SESSION if (iRequest.authorization == null || SESSIONID_LOGOUT.equals(iRequest.sessionId)) { sendAuthorizationRequest(iRequest, iResponse, iRequest.databaseName); return false; } else return authenticate(iRequest, iResponse, authenticationParts, iRequest.databaseName); } else { // CHECK THE SESSION VALIDITY final OHttpSession currentSession = OHttpSessionManager.getInstance().getSession(iRequest.sessionId); if (currentSession == null) { // SESSION EXPIRED sendAuthorizationRequest(iRequest, iResponse, iRequest.databaseName); return false; } else if (!currentSession.getDatabaseName().equals(iRequest.databaseName)) { // SECURITY PROBLEM: CROSS DATABASE REQUEST! OLogManager.instance() .warn( this, "Session %s is trying to access to the database '%s', but has been authenticated against the database '%s'", iRequest.sessionId, iRequest.databaseName, currentSession.getDatabaseName()); sendAuthorizationRequest(iRequest, iResponse, iRequest.databaseName); return false; } else if (authenticationParts != null && !currentSession.getUserName().equals(authenticationParts.get(0))) { // SECURITY PROBLEM: CROSS DATABASE REQUEST! OLogManager.instance() .warn( this, "Session %s is trying to access to the database '%s' with user '%s', but has been authenticated with user '%s'", iRequest.sessionId, iRequest.databaseName, authenticationParts.get(0), currentSession.getUserName()); sendAuthorizationRequest(iRequest, iResponse, iRequest.databaseName); return false; } return true; } }