Loading data-access/servlet/src/main/java/auth/authz/AuthPolicy.java +4 −16 Original line number Diff line number Diff line Loading @@ -44,7 +44,7 @@ public class AuthPolicy // private String dbUserName; // private String dbPassword; /* public AuthPolicy(String userName, String[] userGroups) { this.userName = userName; Loading @@ -55,7 +55,7 @@ public class AuthPolicy LOGGER.finer("User [Groups]: " + userName + " [ " + String.join(" ", userGroups) + " ]" ); } */ Loading Loading @@ -160,17 +160,10 @@ public class AuthPolicy public String[] filterAuthorized(String[] pubdidArr) { //this.dbConnUrl = dbConnUrl; //this.dbUserName = dbUserName; //this.dbPassword = dbPassword; LOGGER.finer("with String[] trace"); return filterAuthorized(new ArrayList<String>(Arrays.asList(pubdidArr))); } private String[] filterAuthorized(ArrayList<String> pubdidList) { LOGGER.fine("with List <String> trace"); ArrayList<String> pubdidList = new ArrayList<String>(Arrays.asList(pubdidArr)); switch(access) { case PUBLIC_ONLY : Loading Loading @@ -271,10 +264,6 @@ public class AuthPolicy AuthPolicyDb adb; synchronized(AuthPolicyDb.class) { //AuthPolicyDb.dbConnUrl = this.dbConnUrl; //AuthPolicyDb.dbUserName = this.dbUserName; //AuthPolicyDb.dbPassword = this.dbPassword; adb = new AuthPolicyDb(); } Loading @@ -298,7 +287,6 @@ public class AuthPolicy private List<String> pubdidsNotAuthorized(List<AuthPolicyDb.PubdidGroups> pubdidList, String[] userGroups) { LOGGER.fine("trace"); //LOGGER.finer("userGroups: " + String.join(" ",userGroups)); List<String> pubdidsNotAuthorizedList = new LinkedList<String>(); ListIterator<AuthPolicyDb.PubdidGroups> it = pubdidList.listIterator(); Loading data-access/servlet/src/main/java/auth/authz/AuthPolicyDb.java +9 −164 Original line number Diff line number Diff line Loading @@ -31,20 +31,8 @@ public class AuthPolicyDb { private static final Logger LOGGER = Logger.getLogger(AuthPolicyDb.class.getName()); private static final String DB_DRIVER = "org.postgresql.Driver"; private static final AuthZSettings settings = AuthZSettings.getInstance("authpolicy.properties"); static public AuthZSettings.DBConn dbconn = settings.dbConn; private Connection conn; private Statement st; private ResultSet res; AuthPolicyDb(){ conn = null; st = null; res = null; } private static final AuthZSettings.DBConn dbconn = settings.dbConn; public class PubdidGroups Loading @@ -59,36 +47,8 @@ public class AuthPolicyDb } /* private String convertToVlkbPubdid(String obscorePubdid) { final String PUBDID_PREFIX = dbconn.obscorePublisher; if(obscorePubdid.startsWith(PUBDID_PREFIX)) return obscorePubdid.substring( PUBDID_PREFIX.length() ); else return obscorePubdid; } private Set<String> convertToObscorePubdids(Set<String> vlkbPubdids) { final String PUBDID_PREFIX = dbconn.obscorePublisher; Set<String> obscorePubdids = new HashSet<String>(); for(String pubdid : vlkbPubdids) { String obscorePubdid = "\'" + PUBDID_PREFIX + pubdid + "\'"; obscorePubdids.add(obscorePubdid); } return obscorePubdids; } */ public List<PubdidGroups> queryGroupsPrivateOnly(Set<String> uniqPubdids) { //Set<String> uniqObscorePubdids = convertToObscorePubdids(uniqPubdids); Set<String> uniqObscorePubdids = uniqPubdids; String commaSepObscorePubdids = String.join("\',\'", uniqObscorePubdids); Loading @@ -97,20 +57,16 @@ public class AuthPolicyDb String TheQuery = "SELECT obs_publisher_did,groups FROM obscore " + "WHERE (policy = 'PRIV') AND (obs_publisher_did IN (\'"+commaSepObscorePubdids+"\'));"; // FIXME use separate table holding _only_ private data-id's //String TheQuery = "SELECT obs_publisher_did,groups FROM permissions " // + "WHERE (obs_publisher_did IN (\'"+commaSepObscorePubdids+"\'));"; //LOGGER.finest(TheQuery); LOGGER.finer("Connecting to: "+dbconn.uri()+" with optional user/pwd: "+dbconn.userName()+" / ***"); List<PubdidGroups> pubdidGroups = new LinkedList<PubdidGroups>(); try { res = doQuery(TheQuery); try(Connection conn = DriverManager.getConnection(dbconn.uri(), dbconn.userName(), dbconn.password()); Statement st = conn.createStatement(); ResultSet res = st.executeQuery(TheQuery);) { while (res.next()) { //String pubdid = convertToVlkbPubdid(res.getString("obs_publisher_did")); String pubdid = res.getString("obs_publisher_did"); Array groupsArr = res.getArray("groups"); Loading @@ -129,31 +85,12 @@ public class AuthPolicyDb logSqlExInfo(se); se.printStackTrace(); } catch (ClassNotFoundException e) { LOGGER.severe("DB driver "+ DB_DRIVER +" not found: " + e.getMessage()); e.printStackTrace(); } finally { closeAll(); } return pubdidGroups; } private void closeAll() private void logSqlExInfo(SQLException se) { if(res != null ) try { res.close(); } catch(Exception e) {LOGGER.severe("DB ResultSet::close() failed");} if(st != null ) try { st.close(); } catch(Exception e) {LOGGER.severe("DB Statement::close() failed");} if(conn != null ) try { conn.close();} catch(Exception e) {LOGGER.severe("DB Connection::close() failed");} } private void logSqlExInfo(SQLException se){ /* dbconn.print_class_vars(); */ LOGGER.severe("SQLState : " + se.getSQLState()); LOGGER.severe("ErrorCode: " + se.getErrorCode()); LOGGER.severe("Message : " + se.getMessage()); Loading @@ -164,97 +101,5 @@ public class AuthPolicyDb } } private ResultSet doQuery(String TheQuery) throws SQLException, ClassNotFoundException { /* https://docs.oracle.com/javase/tutorial/jdbc/basics/connecting.html : Any JDBC 4.0 drivers that are found in your class path are automatically loaded. (However, you must manually load any drivers prior to JDBC 4.0 with the method Class.forName.) */ // try { // Class.forName(DB_DRIVER); /* OR DriverManager.registerDriver(new org.postgresql.Driver()); */ //LOGGER.finest(getRegisteredDriverList()); // FIXME seems DriverManager expects jdbc:postgresql driver scheme, it does not support postgresql:// scheme // additionally: // jdbc:postgresql:// scheme does not support username:password in the URL. // So: // receive postgresql:// scheme with user:password and convert to jdbc:postgresql:// // by extracting userName and password from the URL-string and prepending 'jdbc:' // /* LOGGER.finest("DBMS URL: " + dbConnUrl); URI dbConnUri = new URI(dbConnUrl); String userInfoString = dbConnUri.getUserInfo(); if(userInfoString == null) throw new AssertionError("DBMS URL must contain user:password but it is: " + dbConnUrl); String[] userInfo = userInfoString.split(":"); if(userInfo.length < 2) throw new AssertionError("DBMS URL must contain user:password but it is: " + dbConnUrl); String userName = userInfo[0]; String password = userInfo[1]; String dbConnJdbcUrl = "jdbc:" + dbConnUrl.replace(userInfoString + "@", ""); // LOGGER.finest("DBMS URL: " + dbConnUrl);*/ // LOGGER.finest("DBMS userName: " + dbUserName); // LOGGER.finest("DBMS password: " + dbPassword); // conn = DriverManager.getConnection(dbConnUrl, dbUserName, dbPassword); // st = conn.createStatement(); // } catch (Exception e){ e.printStackTrace();} // new LOGGER.finer("Connecting to: " + dbconn.uri() + " with optional user/pwd: " + dbconn.userName() + " / " + dbconn.password() ); Connection conn = DriverManager.getConnection(dbconn.uri(), dbconn.userName(), dbconn.password()); Statement st = conn.createStatement(); ResultSet res = st.executeQuery(TheQuery); return res; // new end // return st.executeQuery(TheQuery); } private String getClasspathString() { StringBuffer classpath = new StringBuffer("getClasspathString:\r\n"); ClassLoader applicationClassLoader = this.getClass().getClassLoader(); if (applicationClassLoader == null) { applicationClassLoader = ClassLoader.getSystemClassLoader(); } URL[] urls = ((URLClassLoader)applicationClassLoader).getURLs(); for(int i=0; i < urls.length; i++) { classpath.append(urls[i].getFile()).append("\r\n"); } return classpath.toString(); } private String getRegisteredDriverList() { StringBuffer drvList = new StringBuffer("getRegisteredDriverList:\r\n"); for (Enumeration e = DriverManager.getDrivers(); e.hasMoreElements(); ) { Driver d = (Driver) e.nextElement(); String driverClass = d.getClass().getName(); drvList.append(driverClass).append("\r\n"); } return drvList.toString(); } } Loading
data-access/servlet/src/main/java/auth/authz/AuthPolicy.java +4 −16 Original line number Diff line number Diff line Loading @@ -44,7 +44,7 @@ public class AuthPolicy // private String dbUserName; // private String dbPassword; /* public AuthPolicy(String userName, String[] userGroups) { this.userName = userName; Loading @@ -55,7 +55,7 @@ public class AuthPolicy LOGGER.finer("User [Groups]: " + userName + " [ " + String.join(" ", userGroups) + " ]" ); } */ Loading Loading @@ -160,17 +160,10 @@ public class AuthPolicy public String[] filterAuthorized(String[] pubdidArr) { //this.dbConnUrl = dbConnUrl; //this.dbUserName = dbUserName; //this.dbPassword = dbPassword; LOGGER.finer("with String[] trace"); return filterAuthorized(new ArrayList<String>(Arrays.asList(pubdidArr))); } private String[] filterAuthorized(ArrayList<String> pubdidList) { LOGGER.fine("with List <String> trace"); ArrayList<String> pubdidList = new ArrayList<String>(Arrays.asList(pubdidArr)); switch(access) { case PUBLIC_ONLY : Loading Loading @@ -271,10 +264,6 @@ public class AuthPolicy AuthPolicyDb adb; synchronized(AuthPolicyDb.class) { //AuthPolicyDb.dbConnUrl = this.dbConnUrl; //AuthPolicyDb.dbUserName = this.dbUserName; //AuthPolicyDb.dbPassword = this.dbPassword; adb = new AuthPolicyDb(); } Loading @@ -298,7 +287,6 @@ public class AuthPolicy private List<String> pubdidsNotAuthorized(List<AuthPolicyDb.PubdidGroups> pubdidList, String[] userGroups) { LOGGER.fine("trace"); //LOGGER.finer("userGroups: " + String.join(" ",userGroups)); List<String> pubdidsNotAuthorizedList = new LinkedList<String>(); ListIterator<AuthPolicyDb.PubdidGroups> it = pubdidList.listIterator(); Loading
data-access/servlet/src/main/java/auth/authz/AuthPolicyDb.java +9 −164 Original line number Diff line number Diff line Loading @@ -31,20 +31,8 @@ public class AuthPolicyDb { private static final Logger LOGGER = Logger.getLogger(AuthPolicyDb.class.getName()); private static final String DB_DRIVER = "org.postgresql.Driver"; private static final AuthZSettings settings = AuthZSettings.getInstance("authpolicy.properties"); static public AuthZSettings.DBConn dbconn = settings.dbConn; private Connection conn; private Statement st; private ResultSet res; AuthPolicyDb(){ conn = null; st = null; res = null; } private static final AuthZSettings.DBConn dbconn = settings.dbConn; public class PubdidGroups Loading @@ -59,36 +47,8 @@ public class AuthPolicyDb } /* private String convertToVlkbPubdid(String obscorePubdid) { final String PUBDID_PREFIX = dbconn.obscorePublisher; if(obscorePubdid.startsWith(PUBDID_PREFIX)) return obscorePubdid.substring( PUBDID_PREFIX.length() ); else return obscorePubdid; } private Set<String> convertToObscorePubdids(Set<String> vlkbPubdids) { final String PUBDID_PREFIX = dbconn.obscorePublisher; Set<String> obscorePubdids = new HashSet<String>(); for(String pubdid : vlkbPubdids) { String obscorePubdid = "\'" + PUBDID_PREFIX + pubdid + "\'"; obscorePubdids.add(obscorePubdid); } return obscorePubdids; } */ public List<PubdidGroups> queryGroupsPrivateOnly(Set<String> uniqPubdids) { //Set<String> uniqObscorePubdids = convertToObscorePubdids(uniqPubdids); Set<String> uniqObscorePubdids = uniqPubdids; String commaSepObscorePubdids = String.join("\',\'", uniqObscorePubdids); Loading @@ -97,20 +57,16 @@ public class AuthPolicyDb String TheQuery = "SELECT obs_publisher_did,groups FROM obscore " + "WHERE (policy = 'PRIV') AND (obs_publisher_did IN (\'"+commaSepObscorePubdids+"\'));"; // FIXME use separate table holding _only_ private data-id's //String TheQuery = "SELECT obs_publisher_did,groups FROM permissions " // + "WHERE (obs_publisher_did IN (\'"+commaSepObscorePubdids+"\'));"; //LOGGER.finest(TheQuery); LOGGER.finer("Connecting to: "+dbconn.uri()+" with optional user/pwd: "+dbconn.userName()+" / ***"); List<PubdidGroups> pubdidGroups = new LinkedList<PubdidGroups>(); try { res = doQuery(TheQuery); try(Connection conn = DriverManager.getConnection(dbconn.uri(), dbconn.userName(), dbconn.password()); Statement st = conn.createStatement(); ResultSet res = st.executeQuery(TheQuery);) { while (res.next()) { //String pubdid = convertToVlkbPubdid(res.getString("obs_publisher_did")); String pubdid = res.getString("obs_publisher_did"); Array groupsArr = res.getArray("groups"); Loading @@ -129,31 +85,12 @@ public class AuthPolicyDb logSqlExInfo(se); se.printStackTrace(); } catch (ClassNotFoundException e) { LOGGER.severe("DB driver "+ DB_DRIVER +" not found: " + e.getMessage()); e.printStackTrace(); } finally { closeAll(); } return pubdidGroups; } private void closeAll() private void logSqlExInfo(SQLException se) { if(res != null ) try { res.close(); } catch(Exception e) {LOGGER.severe("DB ResultSet::close() failed");} if(st != null ) try { st.close(); } catch(Exception e) {LOGGER.severe("DB Statement::close() failed");} if(conn != null ) try { conn.close();} catch(Exception e) {LOGGER.severe("DB Connection::close() failed");} } private void logSqlExInfo(SQLException se){ /* dbconn.print_class_vars(); */ LOGGER.severe("SQLState : " + se.getSQLState()); LOGGER.severe("ErrorCode: " + se.getErrorCode()); LOGGER.severe("Message : " + se.getMessage()); Loading @@ -164,97 +101,5 @@ public class AuthPolicyDb } } private ResultSet doQuery(String TheQuery) throws SQLException, ClassNotFoundException { /* https://docs.oracle.com/javase/tutorial/jdbc/basics/connecting.html : Any JDBC 4.0 drivers that are found in your class path are automatically loaded. (However, you must manually load any drivers prior to JDBC 4.0 with the method Class.forName.) */ // try { // Class.forName(DB_DRIVER); /* OR DriverManager.registerDriver(new org.postgresql.Driver()); */ //LOGGER.finest(getRegisteredDriverList()); // FIXME seems DriverManager expects jdbc:postgresql driver scheme, it does not support postgresql:// scheme // additionally: // jdbc:postgresql:// scheme does not support username:password in the URL. // So: // receive postgresql:// scheme with user:password and convert to jdbc:postgresql:// // by extracting userName and password from the URL-string and prepending 'jdbc:' // /* LOGGER.finest("DBMS URL: " + dbConnUrl); URI dbConnUri = new URI(dbConnUrl); String userInfoString = dbConnUri.getUserInfo(); if(userInfoString == null) throw new AssertionError("DBMS URL must contain user:password but it is: " + dbConnUrl); String[] userInfo = userInfoString.split(":"); if(userInfo.length < 2) throw new AssertionError("DBMS URL must contain user:password but it is: " + dbConnUrl); String userName = userInfo[0]; String password = userInfo[1]; String dbConnJdbcUrl = "jdbc:" + dbConnUrl.replace(userInfoString + "@", ""); // LOGGER.finest("DBMS URL: " + dbConnUrl);*/ // LOGGER.finest("DBMS userName: " + dbUserName); // LOGGER.finest("DBMS password: " + dbPassword); // conn = DriverManager.getConnection(dbConnUrl, dbUserName, dbPassword); // st = conn.createStatement(); // } catch (Exception e){ e.printStackTrace();} // new LOGGER.finer("Connecting to: " + dbconn.uri() + " with optional user/pwd: " + dbconn.userName() + " / " + dbconn.password() ); Connection conn = DriverManager.getConnection(dbconn.uri(), dbconn.userName(), dbconn.password()); Statement st = conn.createStatement(); ResultSet res = st.executeQuery(TheQuery); return res; // new end // return st.executeQuery(TheQuery); } private String getClasspathString() { StringBuffer classpath = new StringBuffer("getClasspathString:\r\n"); ClassLoader applicationClassLoader = this.getClass().getClassLoader(); if (applicationClassLoader == null) { applicationClassLoader = ClassLoader.getSystemClassLoader(); } URL[] urls = ((URLClassLoader)applicationClassLoader).getURLs(); for(int i=0; i < urls.length; i++) { classpath.append(urls[i].getFile()).append("\r\n"); } return classpath.toString(); } private String getRegisteredDriverList() { StringBuffer drvList = new StringBuffer("getRegisteredDriverList:\r\n"); for (Enumeration e = DriverManager.getDrivers(); e.hasMoreElements(); ) { Driver d = (Driver) e.nextElement(); String driverClass = d.getClass().getName(); drvList.append(driverClass).append("\r\n"); } return drvList.toString(); } }
