Cas security

geoportal_1/README.md

@@ -0,0 +1,2 @@
+UC Berkeley Opengeoportal Fork
+==================================

geoportal_1/src/main/java/org/OpenGeoPortal/Download/Methods/WfsDownloadMethod.java

@@ -43,6 +43,8 @@ public String createDownloadRequest() throws Exception {
 		//info needed: geometry column, bbox coords, epsg code, workspace & layername
 	 	//all client bboxes should be passed as lat-lon coords.  we will need to get the appropriate epsg code for the layer 
 	 	//in order to return the file in original projection to the user (will also need to transform the bbox)
+
+	    logger.info("Layer name in WfsDownloadMethod: " + this.currentLayer.getLayerNameNS());
 		String layerName = this.currentLayer.getLayerNameNS();
 		SolrRecord layerInfo = this.currentLayer.getLayerInfo();
 		BoundingBox nativeBounds = new BoundingBox(layerInfo.getMinX(), layerInfo.getMinY(), layerInfo.getMaxX(), layerInfo.getMaxY());

geoportal_1/src/main/java/org/OpenGeoPortal/Ogc/Wfs/WfsGetFeature.java

@@ -1,8 +1,16 @@
 package org.OpenGeoPortal.Ogc.Wfs;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
 import org.OpenGeoPortal.Download.Types.BoundingBox;
 
 public class WfsGetFeature {
+
+    	final static Logger logger = LoggerFactory.getLogger(WfsGetFeature.class);
+
+
+
 	public static String createWfsGetFeatureRequest(String layerName, String workSpace, String nameSpace, String outputFormat, String filter) throws Exception {
 		return createWfsGetFeatureRequest(layerName, workSpace, nameSpace, -1, "", outputFormat, filter);
 
@@ -26,21 +34,38 @@ private static String getAttributeString(String attrName, String value){
 
 	public static String createWfsGetFeatureRequest(String layerName, String workSpace, String nameSpace, int maxFeatures, String epsgCode, String outputFormat, String filter) throws Exception {
 
-		//--generate POST message
-		//info needed: geometry column, bbox coords, epsg code, workspace & layername
+
+	    logger.info("In createWfsGetFeatureRequest passed in, layerName: " + layerName + ", workSpace: " + workSpace);
+
+
+	    //--generate POST message
+	    //info needed: geometry column, bbox coords, epsg code, workspace & layername
 
+	    if (!workSpace.trim().isEmpty()){
+		if (layerName.contains(":")){
+		    layerName = layerName.substring(layerName.indexOf(":") + 1);
+		}
+		layerName = workSpace + ":" + layerName;
+	    } else {
+	    }
+
+
+	    /* old code
 		if (!workSpace.trim().isEmpty()){
 			layerName = workSpace + ":" + layerName;
 		} else {
 			if (layerName.contains(":")){
 				layerName = layerName.substring(layerName.indexOf(":"));
 			}
 		}
+	    */
+		logger.info("In createWfsGetFeatureRequest converted, layerName: " + layerName); 
+
 		String getFeatureRequest = "<wfs:GetFeature service=\"WFS\" version=\"1.0.0\""
 			+ " outputFormat=\"" + outputFormat + "\""
 			+ getAttributeString("maxfeatures", maxFeatures)
 			+ getAttributeString("srsName", epsgCode)	
-			+ getNameSpaceString(workSpace, nameSpace)
+       			+ getNameSpaceString(workSpace, nameSpace)
   			+ " xmlns:wfs=\"http://www.opengis.net/wfs\""
   			+ " xmlns:ogc=\"http://www.opengis.net/ogc\""
   			+ " xmlns:gml=\"http://www.opengis.net/gml\""
@@ -52,6 +77,9 @@ public static String createWfsGetFeatureRequest(String layerName, String workSpa
   			+ "</wfs:Query>"
 			+ "</wfs:GetFeature>";
 
+		logger.info("Feature Request: " + getFeatureRequest);
+
+
     	return getFeatureRequest;
 	}
 

geoportal_1/src/main/java/org/OpenGeoPortal/Ogc/Wfs/WfsGetFeature.java~

@@ -0,0 +1,112 @@
+package org.OpenGeoPortal.Ogc.Wfs;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import org.OpenGeoPortal.Download.Types.BoundingBox;
+
+public class WfsGetFeature {
+
+    	final static Logger logger = LoggerFactory.getLogger(WfsGetFeature.class);
+
+
+
+	public static String createWfsGetFeatureRequest(String layerName, String workSpace, String nameSpace, String outputFormat, String filter) throws Exception {
+		return createWfsGetFeatureRequest(layerName, workSpace, nameSpace, -1, "", outputFormat, filter);
+
+	}
+
+	private static String getAttributeString(String attrName, int value){
+		String attrString = "";
+		if(value > 0){
+			attrString = " " + attrName + "=\"" + Integer.toString(value) + "\""; 
+		}
+		return attrString;
+	}
+
+	private static String getAttributeString(String attrName, String value){
+		String attrString = "";
+		if(!value.trim().isEmpty()){
+			attrString = " " + attrName + "=\"" + value.trim() + "\""; 
+		}
+		return attrString;
+	}
+
+	public static String createWfsGetFeatureRequest(String layerName, String workSpace, String nameSpace, int maxFeatures, String epsgCode, String outputFormat, String filter) throws Exception {
+
+
+	    logger.info("In createWfsGetFeatureRequest passed in, layerName: " + layerName + ", workSpace: " + workSpace);
+
+
+	    //--generate POST message
+	    //info needed: geometry column, bbox coords, epsg code, workspace & layername
+
+	    if (!workSpace.trim().isEmpty()){
+		if (layerName.contains(":")){
+		    layerName = layerName.substring(layerName.indexOf(":") + 1);
+		}
+		layerName = workSpace + ":" + layerName;
+	    } else {
+	    }
+
+
+	    /* old code
+		if (!workSpace.trim().isEmpty()){
+			layerName = workSpace + ":" + layerName;
+		} else {
+			if (layerName.contains(":")){
+				layerName = layerName.substring(layerName.indexOf(":"));
+			}
+		}
+	    */
+		logger.info("In createWfsGetFeatureRequest converted, layerName: " + layerName); 
+
+		String getFeatureRequest = "<wfs:GetFeature service=\"WFS\" version=\"1.0.0\""
+			+ " outputFormat=\"" + outputFormat + "\""
+			+ getAttributeString("maxfeatures", maxFeatures)
+			+ getAttributeString("srsName", epsgCode)	
+       			+ getNameSpaceString(workSpace, nameSpace)
+  			+ " xmlns:wfs=\"http://www.opengis.net/wfs\""
+  			+ " xmlns:ogc=\"http://www.opengis.net/ogc\""
+  			+ " xmlns:gml=\"http://www.opengis.net/gml\""
+  			+ " xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\""
+  			+ " xsi:schemaLocation=\"http://www.opengis.net/wfs"
+            + " http://schemas.opengis.net/wfs/1.0.0/WFS-basic.xsd\">"
+  			+ "<wfs:Query typeName=\"" + layerName + "\">"
+  			+ filter
+  			+ "</wfs:Query>"
+			+ "</wfs:GetFeature>";
+
+		logger.info("Feature Request: " + getFeatureRequest);
+
+
+    	return getFeatureRequest;
+	}
+
+	public static String getMethod(){
+		return "POST";
+	}
+
+	private static String getNameSpaceString(String workSpace, String nameSpace){
+		//if either is missing, skip the whole thing
+		String nsString = "";
+		if (!workSpace.trim().isEmpty() && !nameSpace.trim().isEmpty()){
+			nsString = " xmlns:" + workSpace + "=\"" + nameSpace + "\"";
+		}
+		return nsString;
+	}
+
+	public static String getBboxFilter(BoundingBox bounds, String geometryColumn, int epsgCode){
+
+		String bboxFilter = "<ogc:Filter>"
+  		+		"<ogc:BBOX>"
+    	+			"<ogc:PropertyName>" + geometryColumn + "</ogc:PropertyName>"
+    	+			bounds.generateGMLBox(epsgCode)
+    	+		"</ogc:BBOX>"
+  		+	"</ogc:Filter>";
+
+		return bboxFilter;
+	}
+
+
+}

geoportal_1/src/main/java/org/OpenGeoPortal/Security/IframeLoginController.java

@@ -0,0 +1,52 @@
+package org.OpenGeoPortal.Security;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.ResponseBody;
+import org.springframework.web.servlet.ModelAndView;
+
+import java.io.*;
+
+import org.codehaus.jackson.map.ObjectMapper;
+import org.codehaus.jackson.map.ObjectWriter;
+//import com.fasterxml.jackson.core.JsonProcessingException;
+//import com.fasterxml.jackson.databind.ObjectMapper;
+//import com.fasterxml.jackson.databind.ObjectWriter;
+
+@Controller
+public class IframeLoginController {
+	@Autowired
+	@Qualifier("formLoginService")
+	LoginService loginService;
+
+	private @Value("${ogp.domain}") String localDomain;
+
+	final Logger logger = LoggerFactory.getLogger(this.getClass());
+
+	@RequestMapping(value="restricted/weblogin", method=RequestMethod.GET)
+	@ResponseBody public ModelAndView getStatus() throws IOException {
+		logger.debug("Login status checked");
+
+		  String sendingPage = localDomain;
+		  //create the model to return
+		  ModelAndView mav = new ModelAndView("iframeLogin"); 
+		  LoginStatus status = loginService.getStatus();
+
+		  ObjectWriter ow = new ObjectMapper().writer().withDefaultPrettyPrinter();
+		  String json = ow.writeValueAsString(status);
+
+		  //test
+		  //json = json.replace("false", "true");
+		  mav.addObject("authStatus", json);
+		  mav.addObject("sendingPage", sendingPage);
+
+		  return mav;
+	}
+
+}

geoportal_1/src/main/java/org/OpenGeoPortal/Security/SimpleCasUserService.java

@@ -0,0 +1,96 @@
+package org.OpenGeoPortal.Security;
+/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.cas.userdetails.AbstractCasAssertionUserDetailsService;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.util.Assert;
+import org.apache.commons.lang.ArrayUtils;
+import org.jasig.cas.client.validation.Assertion;
+
+import java.util.List;
+import java.util.ArrayList;
+
+/**
+* Populates the {@link org.springframework.security.core.GrantedAuthority}s for a user by reading a list of attributes that were returned as
+* part of the CAS response. Each attribute is read and each value of the attribute is turned into a GrantedAuthority. If the attribute has no
+* value then its not added.
+* 
+* --modified: if the user has been authenticated via CAS, they are granted the role "ROLE_USER".  If the user is found in the admins list, they
+* are also granted the role "ROLE_ADMIN".  Note that at this point the admin user has no special privileges in the application.  the addition is
+* for future functionality and parity with the LDAP authorization as it stands.
+*
+* @author Scott Battaglia, modified Chris Barnett
+* @since 3.0
+*/
+public final class SimpleCasUserService implements UserDetailsService {
+
+    protected String admins;
+    protected String[] adminList;
+    final Logger logger = LoggerFactory.getLogger(this.getClass());
+
+    private static final String NON_EXISTENT_PASSWORD_VALUE = "NO_PASSWORD";
+
+    private String[] attributes = null;
+
+    private boolean convertToUpperCase = true;
+
+    public void setAdmins(String admins){
+	admins = admins.replace(" ", "");
+	adminList = admins.split(",");
+    }
+
+    protected Boolean isAdmin(String username){
+	return ArrayUtils.contains(adminList, username);
+    }
+
+
+    public SimpleCasUserService() {}
+
+    public SimpleCasUserService(final String[] attributes) {
+        Assert.notNull(attributes, "attributes cannot be null.");//should null attributes be allowed, since we are not using CAS attributes for our roles?
+       // Assert.isTrue(attributes.length > 0, "At least one attribute is required to retrieve roles from.");
+        this.attributes = attributes;
+    }
+
+    /**
+* Converts the returned attribute values to uppercase values.
+*
+* @param convertToUpperCase true if it should convert, false otherwise.
+*/
+    public void setConvertToUpperCase(final boolean convertToUpperCase) {
+        this.convertToUpperCase = convertToUpperCase;
+    }
+
+    public UserDetails loadUserByUsername(String userName) {
+
+        final List<GrantedAuthority> grantedAuthorities = new ArrayList<GrantedAuthority>();
+	if(userName == null || userName.equals("")) {
+	} else if(userName.equals("175219")) {
+	    grantedAuthorities.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
+	}
+
+	if(userName != null && !userName.equals("")) {
+	    grantedAuthorities.add(new SimpleGrantedAuthority("ROLE_USER"));
+	}
+	return new User(userName, NON_EXISTENT_PASSWORD_VALUE, true, true, true, true, grantedAuthorities);
+    }
+}

geoportal_1/src/main/java/org/OpenGeoPortal/Utilities/Http/HttpComponentsHttpRequester.java

@@ -112,18 +112,19 @@ public InputStream sendRequest(String serviceURL, String requestString,
 		return sendRequest(serviceURL, requestString, requestMethod, "text/xml");
 	}
 
-	protected InputStream sendPostRequest(String serviceURL,
-			String requestBody, String contentType) {
+	protected InputStream sendPostRequest(String serviceURL, String requestBody, String contentType) {
 		HttpClient httpclient = ogpHttpClient.getHttpClient();
 		InputStream replyStream = null;
+
 		try {
 			HttpPost httppost = new HttpPost(serviceURL);
-			logger.debug(requestBody);
+			logger.info("Request body in sendPostRequest: " + requestBody);
 			StringEntity postEntity = new StringEntity(requestBody, ContentType.create(contentType, "UTF-8"));
 			httppost.setEntity(postEntity);
 			logger.info("executing POST request to " + httppost.getURI());
 			HttpResponse response = httpclient.execute(httppost);
 			this.setStatus(response.getStatusLine().getStatusCode());
+			logger.info("response in sendPostRequest: " + response.getStatusLine());
 			this.setHeaders(response.getAllHeaders());
 			HttpEntity entity = response.getEntity();