//AbstractService.java
//------------------------
//part of YaCy
//(C) by Michael Peter Christen; mc@anomic.de
//first published on http://www.anomic.de
//Frankfurt, Germany, 2005
//
//this file was contributed by Martin Thelian
//last major change: $LastChangedDate$ by $LastChangedBy$
//Revision: $LastChangedRevision$
//
//This program is free software; you can redistribute it and/or modify
//it under the terms of the GNU General Public License as published by
//the Free Software Foundation; either version 2 of the License, or
//(at your option) any later version.
//
//This program is distributed in the hope that it will be useful,
//but WITHOUT ANY WARRANTY; without even the implied warranty of
//MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
//GNU General Public License for more details.
//
//You should have received a copy of the GNU General Public License
//along with this program; if not, write to the Free Software
//Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
//
//Using this software in any meaning (reading, learning, copying, compiling,
//running) means that you agree that the Author(s) is (are) not responsible
//for cost, loss of data or any harm that may be caused directly or indirectly
//by usage of this softare or this documentation. The usage of this software
//is on your own risk. The installation and usage (starting/running) of this
//software may allow other people or application to access your computer and
//any attached devices and is highly dependent on the configuration of the
//software which must be done by the user of the software; the author(s) is
//(are) also not responsible for proper configuration and usage of the
//software, even if provoked by documentation provided together with
//the software.
//
//Any changes to this file according to the GPL as documented in the file
//gpl.txt aside this file in the shipment you received can be done to the
//lines that follows this copyright notice here, but changes must not be
//done inside the copyright notive above. A re-distribution must contain
//the intact and unchanged copyright notice.
//Contributions and changes to the program code must be marked as such.
package de.anomic.soap;
import java.io.ByteArrayInputStream;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.axis.AxisFault;
import org.apache.axis.Message;
import org.apache.axis.MessageContext;
import org.apache.axis.message.SOAPEnvelope;
import org.apache.axis.message.SOAPHeaderElement;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import de.anomic.data.userDB;
import de.anomic.http.httpHeader;
import de.anomic.http.httpd;
import de.anomic.plasma.plasmaSwitchboard;
import de.anomic.server.serverSwitch;
public abstract class AbstractService {
protected serverSwitch switchboard;
protected httpHeader requestHeader;
protected MessageContext messageContext;
protected ServerContext serverContext;
protected static final boolean NO_AUTHENTICATION = false;
protected static final boolean AUTHENTICATION_NEEDED = true;
/**
* This function is called by the available service functions to
* extract all needed informations from the SOAP message context.
* @throws AxisFault
*/
protected void extractMessageContext(boolean authenticate) throws AxisFault {
this.messageContext = MessageContext.getCurrentContext();
this.switchboard = (serverSwitch) this.messageContext.getProperty(httpdSoapHandler.MESSAGE_CONTEXT_SERVER_SWITCH);
this.requestHeader = (httpHeader) this.messageContext.getProperty(httpdSoapHandler.MESSAGE_CONTEXT_HTTP_HEADER);
this.serverContext = (ServerContext) this.messageContext.getProperty(httpdSoapHandler.MESSAGE_CONTEXT_SERVER_CONTEXT);
if (authenticate) {
String authInfo = this.doAuthentication();
// modify headers
// This is needed for plasmaSwitchboard.adminAuthenticated to work
this.requestHeader.put(httpHeader.AUTHORIZATION,"Basic " + authInfo);
this.requestHeader.put("CLIENTIP","localhost");
}
}
/**
* Doing the user authentication. To improve security, this client
* accepts the base64 encoded and md5 hashed password directly.
*
* @throws AxisFault if the authentication could not be done successfully
*/
protected String doAuthentication() throws AxisFault {
// accessing the SOAP request message
Message message = this.messageContext.getRequestMessage();
// getting the contained soap envelope
SOAPEnvelope envelope = message.getSOAPEnvelope();
// getting the proper soap header containing the authorization field
SOAPHeaderElement authElement = envelope.getHeaderByName(httpdSoapHandler.serviceHeaderNamespace, "Authorization");
if (authElement != null) {
String adminAccountBase64MD5 = this.switchboard.getConfig(httpd.ADMIN_ACCOUNT_B64MD5,"");
// the base64 encoded and md5 hashed authentication string
String authString = authElement.getValue();
if (authString.length() == 0) throw new AxisFault("log-in required");
// validate MD5 hash against the user-DB
SOAPHeaderElement userElement = envelope.getHeaderByName(httpdSoapHandler.serviceHeaderNamespace, "Username");
if (userElement != null) {
String userName = userElement.getValue();
userDB.Entry userEntry = ((plasmaSwitchboard)this.switchboard).userDB.md5Auth(userName,authString);
if (userEntry.hasRight(userDB.Entry.SOAP_RIGHT))
// we need to return the ADMIN_ACCOUNT_B64MD5 here because some servlets also do
// user/admin authentication
return adminAccountBase64MD5;
}
// validate MD5 hash against the static-admin account
if (!(adminAccountBase64MD5.equals(authString))) {
throw new AxisFault("log-in required");
}
return adminAccountBase64MD5;
}
throw new AxisFault("log-in required");
}
protected Document convertContentToXML(String contentString) throws Exception {
return convertContentToXML(contentString.getBytes("UTF-8"));
}
protected Document convertContentToXML(byte[] content) throws Exception {
Document doc = null;
try {
DocumentBuilderFactory newDocBuilderFactory = DocumentBuilderFactory.newInstance();
// // disable dtd validation
// newDocBuilderFactory.setValidating(false);
// newDocBuilderFactory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
// newDocBuilderFactory.setFeature("http://xml.org/sax/features/validation", false);
//
DocumentBuilder newDocBuilder = newDocBuilderFactory.newDocumentBuilder();
ByteArrayInputStream byteIn = new ByteArrayInputStream(content);
doc = newDocBuilder.parse(byteIn);
} catch (Exception e) {
String errorMessage = "Unable to parse the search result XML data. " + e.getClass().getName() + ". " + e.getMessage();
throw new Exception(errorMessage);
}
return doc;
}
public Document createNewXMLDocument(String rootElementName) throws ParserConfigurationException {
// creating a new document builder factory
DocumentBuilderFactory newDocBuilderFactory = DocumentBuilderFactory.newInstance();
// creating a new document builder
DocumentBuilder newDocBuilder = newDocBuilderFactory.newDocumentBuilder();
// creating a new xml document
Document newXMLDocument = newDocBuilder.newDocument();
if (rootElementName != null) {
// creating the xml root document
Element rootElement = newXMLDocument.createElement(rootElementName);
newXMLDocument.appendChild(rootElement);
}
return newXMLDocument;
}
}