Changeset 5892 for DASISH

Timestamp:

12/05/14 13:53:55 (9 years ago)

Author:

olhsha@mpi.nl

Message:

removed (commented) insecure api that allowed to download pictures from the Internet (URL) to the database

Location:

DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend

Files:

• CHANGES.txt (modified) (1 diff)
• UPDATE.txt (modified) (1 diff)
• pom.xml (modified) (1 diff)
• src/main/java/eu/dasish/annotation/backend/rest/CachedRepresentationResource.java (modified) (1 diff)
• src/main/java/eu/dasish/annotation/backend/rest/DebugResource.java (modified) (1 diff)
• src/main/webapp/WEB-INF/shhaa.xml (modified) (1 diff)
• src/main/webapp/WEB-INF/web.xml (modified) (5 diffs)
• src/main/webapp/index.jsp (modified) (2 diffs)

DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend/CHANGES.txt

@@ -74 +74 @@
 November 20, 2014.  A new feature: an "all" access mode is added. The user with this permission have 
 the same rights as the owner, that it he can update permissions on the annotation
-and delete it at all. Also, the pieces of code handling permissions, have been refactored. 
+and delete it at all. Also, the pieces of code handling permissions, have been refactored.
+
+November 24, 2014. The inconvenience is fixed. In the previous version when the user with "write"
+access tried to update the whole annotation (including persmissions) the server ignored permission
+update part but the user was not notified. Now it is fixed: 403 is thrown is the permissions differ 
+from the given ones.
+
+December 5, 2014. The insecure API that allows to download pictures from the internet to the 
+database, as a cahced representation, has been removed (commented in the code). This API was used
+for convenience to created demo data, and was not a part of the specification.

DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend/UPDATE.txt

@@ -1 @@
-Placing tarball: take the tar-ball of the new  version 1.6.1-basic-authentication, and follow the 
-standard MPI deployment procedure. The "current-nonshib" should link to this package.
+This is the a simple deployemnt that does not demand changings in the context.xml, web.xml-s
+and in the database.
 
-No changings are to be done in context.xml and in the data-base because they are the same as
-for the sibboleth version, abd it works.
+Placing tarball: take the tar-ball of the version 1.6.3-basic-authentication, and follow the 
+standard first MPI deployment procedure. The "current" for lux17:mpi.nl/ds/webannotator-basic
+(respectively corpus1:mpi.nl/ds/webannotator-basic) should link to  this package.
 
-The splitting between logging of shibboleth and basic versions will be implemented in 
-next deployments
 
 

DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend/pom.xml

@@ -5 +5 @@
     <groupId>eu.dasish.annotation</groupId>
     <artifactId>annotator-backend</artifactId>
-    <version>1.6.1-basic-authentication</version>    
+    <version>1.6.3-shibboleth</version>    
     <packaging>war</packaging>
     <name>annotator-backend Jersey Webapp</name>

DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend/src/main/java/eu/dasish/annotation/backend/rest/CachedRepresentationResource.java

@@ -181 +181 @@
     }
 
-    @PUT
-    @Consumes("text/plain")
-    @Produces(MediaType.APPLICATION_XML)
-    @Path("{cachedid: " + BackendConstants.regExpIdentifier + "}/path/{isurl}")
-    public String updateCachedBlobFromFile(@PathParam("cachedid") String cachedIdentifier,
-            @PathParam("isurl") String isURL, String blobPath) throws IOException {
-        Map params = new HashMap();
-        InputStream input;
-
-        if (isURL.equals("URL")) {
-            URL blob = new URL(blobPath);
-            input = blob.openStream();
-        } else {
-            input = new FileInputStream(blobPath);
-        }
-
-        params.put("stream", input);
-        try {
-            Integer result = (Integer) (new RequestWrappers(this)).wrapRequestResource(params, new UpdateCachedBlob(), Resource.CACHED_REPRESENTATION, Access.WRITE, cachedIdentifier);
-            input.close();
-            if (result != null) {
-                return result + "rows are updated";
-            } else {
-                return "Nothing is updated. ";
-            }
-        } catch (NotInDataBaseException e1) {
-            httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, e1.getMessage());
-            return e1.getMessage();
-        } catch (ForbiddenException e2) {
-            httpServletResponse.sendError(HttpServletResponse.SC_FORBIDDEN, e2.getMessage());
-            return e2.getMessage();
-        }
-
-    }
-
+//    @PUT
+//    @Consumes("text/plain")
+//    @Produces(MediaType.APPLICATION_XML)
+//    @Path("{cachedid: " + BackendConstants.regExpIdentifier + "}/path/{isurl}")
+//    public String updateCachedBlobFromFile(@PathParam("cachedid") String cachedIdentifier,
+//            @PathParam("isurl") String isURL, String blobPath) throws IOException {
+//        Map params = new HashMap();
+//        InputStream input;
+//
+//        if (isURL.equals("URL")) {
+//            URL blob = new URL(blobPath);
+//            input = blob.openStream();
+//        } else {
+//            input = new FileInputStream(blobPath);
+//        }
+//
+//        params.put("stream", input);
+//        try {
+//            Integer result = (Integer) (new RequestWrappers(this)).wrapRequestResource(params, new UpdateCachedBlob(), Resource.CACHED_REPRESENTATION, Access.WRITE, cachedIdentifier);
+//            input.close();
+//            if (result != null) {
+//                return result + "rows are updated";
+//            } else {
+//                return "Nothing is updated. ";
+//            }
+//        } catch (NotInDataBaseException e1) {
+//            httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND, e1.getMessage());
+//            return e1.getMessage();
+//        } catch (ForbiddenException e2) {
+//            httpServletResponse.sendError(HttpServletResponse.SC_FORBIDDEN, e2.getMessage());
+//            return e2.getMessage();
+//        }
+//
+//    }
+//
     private class UpdateCachedBlob implements ILambda<Map, Integer> {
 

DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend/src/main/java/eu/dasish/annotation/backend/rest/DebugResource.java

@@ -164 +164 @@
         Number remotePrincipalID = this.getPrincipalID();
         if (remotePrincipalID == null) {
-            return "null in;ogged principal";
+            return "null inlogged principal";
         }
         String typeOfAccount = dbDispatcher.getTypeOfPrincipalAccount(remotePrincipalID);

DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend/src/main/webapp/WEB-INF/shhaa.xml

@@ -38 +38 @@
                 <username>anonymous</username>
             </fallback>
-            <sso action="lI">https://lux17.mpi.nl/Shibboleth.sso/Login</sso> 
-            <slo action="lO">https://lux17.mpi.nl/Shibboleth.sso/Logout</slo> 
+            <sso action="lI">https://corpus1.mpi.nl/Shibboleth.sso/Login</sso> 
+            <slo action="lO">https://corpus1.mpi.nl/Shibboleth.sso/Logout</slo> 
         </authentication>
         

DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend/src/main/webapp/WEB-INF/web.xml

@@ -40 +40 @@
     <context-param>
         <param-name>eu.dasish.annotation.backend.isShibbolethSession</param-name>
-        <param-value>false</param-value>
+        <param-value>true</param-value>
     </context-param>
     <context-param>
@@ -48 +48 @@
     <context-param>
         <param-name>eu.dasish.annotation.backend.logout.shibboleth</param-name>
-        <param-value>https://lux17.mpi.nl/Shibboleth.sso/Logout</param-value> 
+        <param-value>https://corpus1.mpi.nl/Shibboleth.sso/Logout</param-value> 
     </context-param>
     
@@ -111 +111 @@
    
     <!-- Spring security -->
-     <filter>
+<!--      <filter>
         <filter-name>springSecurityFilterChain</filter-name>
         <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
@@ -118 +118 @@
         <filter-name>springSecurityFilterChain</filter-name>
         <url-pattern>/*</url-pattern>
-    </filter-mapping>
+    </filter-mapping> -->
     
-    <!--  Shibboleth filter -->
-   <!-- <filter>
+    <!-- Shibboleth filter -->
+  <filter>
         <filter-name>AAIFilter</filter-name>
         <filter-class>de.mpg.aai.shhaa.AuthFilter</filter-class>
@@ -128 +128 @@
         <filter-name>AAIFilter</filter-name>
         <url-pattern>/*</url-pattern>
-    </filter-mapping> -->
+    </filter-mapping>
     
   </web-app>  

DASISH/t5.6/backend/annotator-backend/trunk/annotator-backend/src/main/webapp/index.jsp

@@ -55 +55 @@
         GET <a href="api/authentication/principal">api/authentication/principal</a> <br> 
         GET <a href="api/principals/admin">api/principals/admin</a><br> 
-        GET <a href="api/principals/00000000-0000-0000-0000-0000000000112">api/principals/00000000-0000-0000-0000-0000000000112</a> <br> 
-        GET <a href="api/principals/00000000-0000-0000-0000-0000000000112/current">api/principals/00000000-0000-0000-0000-0000000000112/current</a><br>  
+        GET <a href="api/principals/a0000000-0000-0000-0000-0000000000114">api/principals/a0000000-0000-0000-0000-0000000000114</a> <br> 
+        GET <a href="api/principals/a0000000-0000-0000-0000-0000000000114/current">api/principals/a0000000-0000-0000-0000-0000000000114/current</a><br>  
 <!--        !Problem: how to ask the servlet if the given user is logged in, may be by some other running somewhere client<br> -->
-        GET <a href="api/principals/info?email=Twan.Goosen@mpi.nl">api/principals/info?email=Twan.Goosen@mpi.nl</a>  <br>
+        GET <a href="api/principals/info?email=Twan.Goosen@mpi.nl">api/principals/info?email=twan.Goosen@mpi.nl</a>  <br>
         GET <a href="api/annotations?link=Sagrada&matchMode=contains">api/annotations?link=Sagrada&matchMode=contains</a>  <br>
         GET <a href="api/annotations?link=http://nl.wikipedia.org/wiki/Sagrada_Fam%C3%ADlia&matchMode=exact">api/annotations?link=http://nl.wikipedia.org/wiki/Sagrada_Fam%C3%ADlia&matchMode=exact</a>  <br>
@@ -65 +65 @@
         GET <a href="api/annotations?link=http://nl.wikipedia.org/wiki/Sagrada_Fam%C3%ADlia">api/annotations?link=http://nl.wikipedia.org/wiki/Sagrada_Fam%C3%ADlia</a>  <br>
         GET <a href="api/annotations?link=http://nl.wikipedia.org/wiki/Antoni_Gaud%C3%AD">api/annotations?link=http://nl.wikipedia.org/wiki/Antoni_Gaud%C3%AD</a>  <br>
-        GET <a href="api/annotations?after=2013-02-04 15:57:58.046908&before=2014-06-25 10:08:16.213186">api/annotations?after=2014-02-04 15:57:58.046908&before=2014-04-06 10:08:16.213186</a><br> 
+        GET <a href="api/annotations?after=2013-02-04 15:57:58.046908&before=2014-12-31 10:08:16.213186">api/annotations?after=2014-02-04 15:57:58.046908&before=2014-12-31 10:08:16.213186</a><br> 
 <!--        !Comment: What is "namespace" query parameter? Must be implemented and tested <br>-->
-        GET <a href="api/annotations/00000000-0000-0000-0000-000000000022">api/annotations/00000000-0000-0000-0000-000000000022</a>  </br>
-        GET <a href="api/annotations/00000000-0000-0000-0000-000000000022/targets">api/annotations/00000000-0000-0000-0000-000000000022/targets</a>  </br>
-        GET <a href="api/annotations/00000000-0000-0000-0000-000000000022/permissions">api/annotations/00000000-0000-0000-0000-000000000022/permissions</a><br>
-        GET <a href="api/targets/00000000-0000-0000-0000-000000000032">api/targets/00000000-0000-0000-0000-000000000032</a>  <br>
-        GET <a href="api/targets/00000000-0000-0000-0000-000000000032/versions">api/targets/00000000-0000-0000-0000-000000000032/versions</a>   <br>
-        GET <a href="api/cached/b0d3f18c-eecf-40ea-9979-eecbbdca7d68/metadata">api/cached/b0d3f18c-eecf-40ea-9979-eecbbdca7d68/metadata</a><br>
-        GET <a href="api/cached/b0d3f18c-eecf-40ea-9979-eecbbdca7d68/stream">api/cached/b0d3f18c-eecf-40ea-9979-eecbbdca7d68/stream</a><br> 
-        GET <a href="api/cached/00000000-0000-0000-0000-000000000051/content">api/cached/00000000-0000-0000-0000-000000000051/content</a><br> 
-        GET <a href="api/cached/de82f9d5-6b84-4c9d-8b8a-0736c8b1dd79/stream">api/cached/de82f9d5-6b84-4c9d-8b8a-0736c8b1dd79/stream</a><br> 
+        GET <a href="api/annotations/a0000000-0000-0000-0000-000000000022">api/annotations/a0000000-0000-0000-0000-000000000022</a>  </br>
+        GET <a href="api/annotations/a0000000-0000-0000-0000-000000000022/targets">api/annotations/a0000000-0000-0000-0000-000000000022/targets</a>  </br>
+        GET <a href="api/annotations/a0000000-0000-0000-0000-000000000022/permissions">api/annotations/a0000000-0000-0000-0000-000000000022/permissions</a><br>
+        GET <a href="api/targets/a0000000-0000-0000-0000-000000000032">api/targets/a0000000-0000-0000-0000-000000000032</a>  <br>
+        GET <a href="api/targets/a0000000-0000-0000-0000-000000000032/versions">api/targets/a0000000-0000-0000-0000-000000000032/versions</a>   <br>
+        GET <a href="api/cached/a0000000-0000-0000-0000-000000000051/metadata">api/cached/a0000000-0000-0000-0000-000000000051/metadata</a><br>
+        GET <a href="api/cached/a0000000-0000-0000-0000-000000000511/content">api/cached/a0000000-0000-0000-0000-0000000000511/content</a><br> 
+        GET <a href="api/cached/a0000000-0000-0000-0000-000000000051/stream">api/cached/a0000000-0000-0000-0000-000000000051/stream</a><br>