servlets.UserSession
String checkSession(PrintWriter out, HttpServletRequest request) -
if there is userName cookie in the request, returns the userName from the cookie.
Otherwise returns an xml error message.
void setCookie(String cookieName, String cookieValue, HttpServletResponse response)
includes the cookie in the servlet repsonse.
String getCookie(String cookieName, HttpServletRequest request)
called by servlets.UserSession.checkSession and servlets.Utils.tabSection
If there is a cookie named "userName", uses the value of the cookie to determine user's login name
Otherwise returns null.
For each message the axis2 rampart module verifies the signature on
the message using the enclosed certificate. It also validates the
certificate as being signed by one of the trust anchors (CAs) stored in
its keystore. So far we trust the DOEGrids CA, the ESnet Root CA 1, the
ESnet SSL Server Certificates CA, the DCS Test CA, the JRA3_Prototype
CA,
the nortel CA, and the OASIS interop CA.
Once the message has been validated the corresponding method:
create,cancel,list,query in OSCARSSkeleton is called. Each method
starts out with a checkUser call which first calls setOperationContext
oscars.OSCARSSkeleton
private void setOperationContext() - called by checkUser
extracts the users DN and issuers DN from the message context which are then
stored in private variables within the OSCARSSkeleton.
String checkUser()
Calls set OperationContext and checks that a certificate was found. This should only fail if
the axis2/rampart configuration is wrong.
Then calls userManager.loginFromDN to check if the DN is entered in the user table and to get the
login name which is used for subsequent authorization.
aaa/UserManager
String LoginFromDN(String DN) -called from OSCARSSkeleton.checkUser
uses UserDAO to lookup DN and return login name
String verifyLogin(String userName, String password) - called from servlets.AuthenticateUser.doGet
user UserDAO to see if user is already authenticate
if not looks up login Name
looks up enrypted password and compares to input password
AuthValue checkAccess(String userName, String resourceName,
String permissionName)
called by
servlets(AuthenticateUser,CancelReservations,QueryReservations,ListReservations,
UserAdd,userAddForm,UserModify,UserQuery,UserRemove)
OSCARSSkeleton.listReservations,queryReservations,cancelReservation,
createPath,refreshPath,teardownPath,
getNetworkTopology,initiateTopologyPull,
verifies that this user has the specified permission to the specified resource
gets userid, resourceid and permissionid from the appropropriate tables
queries authorization table based the the userid, resourceid and permissionid tuple.
AuthValue checkModResAccess(String userName, String resourceName, String permissionName,
int reqBandwidth, int reqDuration, boolean specPathElems, boolean specGRI)
called by
servlets(CreateReservationForm,createReservation,createReservationform)
OSCARSSkelton.createReservation
also contains the methods to create, query, list and delete users.
UserManger
private LogWrapper log;
private String salt;
Session session; From HibernateUtil.getSessionFactory("aaa").getCurrentSession();
aaa.User
contains all the items in the user table with get and set methods
adapted from a Middlegen class automatically generated
private Integer id; /** identifier field */
private String login; /** persistent field */
private String certificate; /** nullable persistent field */
private String certSubject; /** nullable persistent field */
private String lastName; /** persistent field */
private String firstName; /** persistent field */
private String emailPrimary; /** persistent field */
private String phonePrimary; /** persistent field */
private String password; /** nullable persistent field */
private String description; /** nullable persistent field */
private String emailSecondary; /** nullable persistent field */
private String phoneSecondary; /** nullable persistent field */
private String status; /** nullable persistent field */
private String activationKey; /** nullable persistent field */
private Long lastActiveTime; /** nullable persistent field */
private Long registerTime; /** nullable persistent field */
private Institution institution; /** persistent field */
aaa.Authorization
adapted from a Middlegen class automatically generated
contains the items from the authorization table with get and set methods
aaa.Resource
adapted from an Middlegen class automatically generated
contains the items from the authorization table with get and set methods
aaa.Permissions
adapted from an Middlegen class automatically generated
contains the items from the permissions table with get and set methods