changeset 1492:2197975ec945

first version of digilib 2.4 with newly refactored authentication and authorization.
author robcast
date Tue, 29 Mar 2016 17:30:39 +0200
parents 8128cbff0dac
children 14a28f8bcc7d
files common-bioformats/pom.xml common-imagej/pom.xml common-jai/pom.xml common/pom.xml common/src/main/java/digilib/auth/AuthOpException.java common/src/main/java/digilib/auth/AuthOps.java common/src/main/java/digilib/auth/AuthOpsFactory.java common/src/main/java/digilib/auth/AuthnOps.java common/src/main/java/digilib/auth/AuthnOpsFactory.java common/src/main/java/digilib/auth/AuthzOps.java common/src/main/java/digilib/auth/AuthzOpsFactory.java common/src/main/java/digilib/conf/DigilibConfiguration.java common/src/main/java/digilib/meta/IndexMetaAuthLoader.java common/src/main/java/digilib/meta/IndexMetaLoader.java doc/pom.xml pdf/pom.xml pom.xml servlet/pom.xml servlet/src/main/java/digilib/auth/AuthzOpsImpl.java servlet/src/main/java/digilib/auth/IpAuthnOps.java servlet/src/main/java/digilib/auth/IpServletAuthnOps.java servlet/src/main/java/digilib/auth/MetaAccessAuthzOps.java servlet/src/main/java/digilib/auth/MetaAccessServletAuthOps.java servlet/src/main/java/digilib/auth/PathAuthzOps.java servlet/src/main/java/digilib/auth/PathServletAuthOps.java servlet/src/main/java/digilib/auth/ServletAuthOpsImpl.java servlet/src/main/java/digilib/conf/DigilibServletConfiguration.java servlet/src/main/java/digilib/servlet/DocumentBean.java servlet2/pom.xml servlet2/src/main/java/digilib/servlet/Scaler.java servlet2/src/main/java/digilib/servlet/ScalerNoThread.java servlet3/pom.xml servlet3/src/main/java/digilib/servlet/Scaler.java text/pom.xml text/src/main/java/digilib/servlet/Texter.java webapp/pom.xml webapp/src/main/webapp/WEB-INF/digilib-config.xml.template webapp/src/main/webapp/api/dlContext-xml.jsp webapp/src/main/webapp/dlContext-xml.jsp webapp/src/main/webapp/jquery/jquery.digilib.js webapp/src/main/webapp/server/dlConfig.jsp
diffstat 41 files changed, 937 insertions(+), 683 deletions(-) [+]
line wrap: on
line diff
--- a/common-bioformats/pom.xml	Tue Mar 29 11:39:32 2016 +0200
+++ b/common-bioformats/pom.xml	Tue Mar 29 17:30:39 2016 +0200
@@ -3,7 +3,7 @@
   <parent>
     <artifactId>digilib</artifactId>
     <groupId>digilib</groupId>
-    <version>2.3-SNAPSHOT</version>
+    <version>2.4-SNAPSHOT</version>
     <relativePath>..</relativePath>
   </parent>
   <artifactId>digilib-common-bioformats</artifactId>
--- a/common-imagej/pom.xml	Tue Mar 29 11:39:32 2016 +0200
+++ b/common-imagej/pom.xml	Tue Mar 29 17:30:39 2016 +0200
@@ -3,7 +3,7 @@
   <parent>
     <artifactId>digilib</artifactId>
     <groupId>digilib</groupId>
-    <version>2.3-SNAPSHOT</version>
+    <version>2.4-SNAPSHOT</version>
     <relativePath>..</relativePath>
   </parent>
   <artifactId>digilib-common-imagej</artifactId>
--- a/common-jai/pom.xml	Tue Mar 29 11:39:32 2016 +0200
+++ b/common-jai/pom.xml	Tue Mar 29 17:30:39 2016 +0200
@@ -3,7 +3,7 @@
   <parent>
     <artifactId>digilib</artifactId>
     <groupId>digilib</groupId>
-    <version>2.3-SNAPSHOT</version>
+    <version>2.4-SNAPSHOT</version>
     <relativePath>..</relativePath>
   </parent>
   <artifactId>digilib-common-jai</artifactId>
--- a/common/pom.xml	Tue Mar 29 11:39:32 2016 +0200
+++ b/common/pom.xml	Tue Mar 29 17:30:39 2016 +0200
@@ -6,7 +6,7 @@
 	<parent>
 		<artifactId>digilib</artifactId>
 		<groupId>digilib</groupId>
-		<version>2.3-SNAPSHOT</version>
+		<version>2.4-SNAPSHOT</version>
 	</parent>
 	
 	<artifactId>digilib-common</artifactId>
--- a/common/src/main/java/digilib/auth/AuthOpException.java	Tue Mar 29 11:39:32 2016 +0200
+++ b/common/src/main/java/digilib/auth/AuthOpException.java	Tue Mar 29 17:30:39 2016 +0200
@@ -2,7 +2,7 @@
 
 /*
  * #%L
- * AuthOpException -- Authentication exception class
+ * AuthOpException -- Authentication/authorization exception class
  * 
  * Digital Image Library servlet components
  * 
--- a/common/src/main/java/digilib/auth/AuthOps.java	Tue Mar 29 11:39:32 2016 +0200
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,68 +0,0 @@
-package digilib.auth;
-
-/*
- * #%L
- * AuthOps -- Authentication interface class
- * 
- * Digital Image Library servlet components
- * 
- * %%
- * Copyright (C) 2001 - 2013 MPIWG Berlin
- * %%
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as 
- * published by the Free Software Foundation, either version 3 of the 
- * License, or (at your option) any later version.
- * 
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Lesser Public License for more details.
- * 
- * You should have received a copy of the GNU General Lesser Public 
- * License along with this program.  If not, see
- * <http://www.gnu.org/licenses/lgpl-3.0.html>.
- * #L%
- * Author: Robert Casties (robcast@berlios.de)
- */
-
-import java.io.File;
-
-import digilib.conf.DigilibRequest;
-
-/** Class of operations requiring authentication. */
-public interface AuthOps {
-
-    /**
-     * Test if the request must be authorized to access the filepath.
-     * 
-     * Information about the user is taken from the DigilibRequest.
-     * 
-     * @param request
-     *            DigilibRequest with user information.
-     * @throws AuthOpException
-     *             Exception thrown on error.
-     * @return true if the user request must be authorized.
-     */
-    public boolean isAuthRequired(DigilibRequest request) throws AuthOpException;
-
-    /**
-     * Test if the request is allowed to access filepath.
-     * 
-     * @param request
-     *            Request with user information.
-     * @throws AuthOpException
-     *             Exception thrown on error.
-     * @return true if the request is allowed.
-     */
-    public boolean isAuthorized(DigilibRequest request) throws AuthOpException;
-
-
-    /**
-     * Configure this AuthOps instance.
-     * 
-     * @param confFile
-     * @throws AuthOpException
-     */
-    public void setConfig(File confFile) throws AuthOpException;
-}
--- a/common/src/main/java/digilib/auth/AuthOpsFactory.java	Tue Mar 29 11:39:32 2016 +0200
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,59 +0,0 @@
-package digilib.auth;
-
-/*
- * #%L
- * digilib-common
- * %%
- * Copyright (C) 2013 MPIWG Berlin
- * %%
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as 
- * published by the Free Software Foundation, either version 3 of the 
- * License, or (at your option) any later version.
- * 
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Lesser Public License for more details.
- * 
- * You should have received a copy of the GNU General Lesser Public 
- * License along with this program.  If not, see
- * <http://www.gnu.org/licenses/lgpl-3.0.html>.
- * #L%
- * Author: Robert Casties (robcast@berlios.de)
- */
-
-import org.apache.log4j.Logger;
-
-
-/**
- * Static factory for AuthOps.
- * 
- * @author casties
- * 
- */
-public class AuthOpsFactory {
-    /** Log4J logger */
-    protected static Logger logger = Logger.getLogger(AuthOpsFactory.class);
-
-    /** AuthOps implementation class */
-    protected static Class<AuthOps> authOpsClass;
-
-    public static AuthOps getAuthOpsInstance() {
-        AuthOps ao = null;
-        try {
-            ao = authOpsClass.newInstance();
-        } catch (Exception e) {
-            logger.error("Unable to create AuthOps instance!", e);
-        }
-        return ao;
-    }
-
-    /** set the AuthOps implementation class.
-     * @param clazz
-     */
-    public static void setAuthOpsClass(Class<AuthOps> clazz) {
-        AuthOpsFactory.authOpsClass = clazz;
-    }
-
-}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/common/src/main/java/digilib/auth/AuthnOps.java	Tue Mar 29 17:30:39 2016 +0200
@@ -0,0 +1,54 @@
+package digilib.auth;
+
+/*
+ * #%L
+ * AuthnOps -- Authentication interface class
+ * 
+ * Digital Image Library servlet components
+ * 
+ * %%
+ * Copyright (C) 2016 MPIWG Berlin
+ * %%
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as 
+ * published by the Free Software Foundation, either version 3 of the 
+ * License, or (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Lesser Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Lesser Public 
+ * License along with this program.  If not, see
+ * <http://www.gnu.org/licenses/lgpl-3.0.html>.
+ * #L%
+ * Author: Robert Casties (robcast@users.sourceforge.net)
+ */
+
+import digilib.conf.DigilibConfiguration;
+import digilib.conf.DigilibRequest;
+
+/** Class of operations providing authentication. */
+public interface AuthnOps {
+
+    /**
+     * Test if the user represented by request has the given role.
+     * 
+     * @param request Request with user information.
+     * @param role role to be tested.
+     * @throws AuthOpException
+     *             Exception thrown on error.
+     * @return true if the user has the role.
+     */
+    public boolean isUserInRole(DigilibRequest request, String role) throws AuthOpException;
+
+
+    /**
+     * Configure this AuthnOps instance.
+     * 
+     * @param confFile
+     * @throws AuthOpException
+     */
+    public void init(DigilibConfiguration dlConfig) throws AuthOpException;
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/common/src/main/java/digilib/auth/AuthnOpsFactory.java	Tue Mar 29 17:30:39 2016 +0200
@@ -0,0 +1,59 @@
+package digilib.auth;
+
+/*
+ * #%L
+ * Authentication Ops factory.
+ * %%
+ * Copyright (C) 2016 MPIWG Berlin
+ * %%
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as 
+ * published by the Free Software Foundation, either version 3 of the 
+ * License, or (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Lesser Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Lesser Public 
+ * License along with this program.  If not, see
+ * <http://www.gnu.org/licenses/lgpl-3.0.html>.
+ * #L%
+ * Author: Robert Casties (robcast@users.sourceforge.net)
+ */
+
+import org.apache.log4j.Logger;
+
+
+/**
+ * Static factory for authentication AuthnOps.
+ * 
+ * @author casties
+ * 
+ */
+public class AuthnOpsFactory {
+    /** Log4J logger */
+    protected static Logger logger = Logger.getLogger(AuthnOpsFactory.class);
+
+    /** AuthnOps implementation class */
+    protected static Class<AuthnOps> authOpsClass;
+
+    public static AuthnOps getAuthnOpsInstance() {
+        AuthnOps ao = null;
+        try {
+            ao = authOpsClass.newInstance();
+        } catch (Exception e) {
+            logger.error("Unable to create AuthnOps instance!", e);
+        }
+        return ao;
+    }
+
+    /** set the AuthnOps implementation class.
+     * @param clazz
+     */
+    public static void setAuthnOpsClass(Class<AuthnOps> clazz) {
+        AuthnOpsFactory.authOpsClass = clazz;
+    }
+
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/common/src/main/java/digilib/auth/AuthzOps.java	Tue Mar 29 17:30:39 2016 +0200
@@ -0,0 +1,67 @@
+package digilib.auth;
+
+/*
+ * #%L
+ * AuthzOps -- Authorization interface class
+ * 
+ * Digital Image Library servlet components
+ * 
+ * %%
+ * Copyright (C) 2001 - 2016 MPIWG Berlin
+ * %%
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as 
+ * published by the Free Software Foundation, either version 3 of the 
+ * License, or (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Lesser Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Lesser Public 
+ * License along with this program.  If not, see
+ * <http://www.gnu.org/licenses/lgpl-3.0.html>.
+ * #L%
+ * Author: Robert Casties (robcast@users.sourceforge.net)
+ */
+
+import digilib.conf.DigilibConfiguration;
+import digilib.conf.DigilibRequest;
+
+/** Class of operations providing authorization. */
+public interface AuthzOps {
+
+    /**
+     * Test if the request must be authorized to access the filepath.
+     * 
+     * Information about the user is taken from the DigilibRequest.
+     * 
+     * @param request
+     *            DigilibRequest with user information.
+     * @throws AuthOpException
+     *             Exception thrown on error.
+     * @return true if the user request must be authorized.
+     */
+    public boolean isAuthorizationRequired(DigilibRequest request) throws AuthOpException;
+
+    /**
+     * Test if the request is authorized to access filepath.
+     * 
+     * @param request
+     *            Request with user information.
+     * @throws AuthOpException
+     *             Exception thrown on error.
+     * @return true if the request is allowed.
+     */
+    public boolean isAuthorized(DigilibRequest request) throws AuthOpException;
+
+
+    /**
+     * Configure this AuthzOps instance.
+     * 
+     * @param confFile
+     * @throws AuthOpException
+     */
+    public void init(DigilibConfiguration dlConfig) throws AuthOpException;
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/common/src/main/java/digilib/auth/AuthzOpsFactory.java	Tue Mar 29 17:30:39 2016 +0200
@@ -0,0 +1,59 @@
+package digilib.auth;
+
+/*
+ * #%L
+ * Authorization Ops factory
+ * %%
+ * Copyright (C) 2013 MPIWG Berlin
+ * %%
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as 
+ * published by the Free Software Foundation, either version 3 of the 
+ * License, or (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Lesser Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Lesser Public 
+ * License along with this program.  If not, see
+ * <http://www.gnu.org/licenses/lgpl-3.0.html>.
+ * #L%
+ * Author: Robert Casties (robcast@berlios.de)
+ */
+
+import org.apache.log4j.Logger;
+
+
+/**
+ * Static factory for authorization AuthzOps.
+ * 
+ * @author casties
+ * 
+ */
+public class AuthzOpsFactory {
+    /** Log4J logger */
+    protected static Logger logger = Logger.getLogger(AuthzOpsFactory.class);
+
+    /** AuthzOps implementation class */
+    protected static Class<AuthzOps> authOpsClass;
+
+    public static AuthzOps getAuthzOpsInstance() {
+        AuthzOps ao = null;
+        try {
+            ao = authOpsClass.newInstance();
+        } catch (Exception e) {
+            logger.error("Unable to create AuthzOps instance!", e);
+        }
+        return ao;
+    }
+
+    /** set the AuthzOps implementation class.
+     * @param clazz
+     */
+    public static void setAuthzOpsClass(Class<AuthzOps> clazz) {
+        AuthzOpsFactory.authOpsClass = clazz;
+    }
+
+}
--- a/common/src/main/java/digilib/conf/DigilibConfiguration.java	Tue Mar 29 11:39:32 2016 +0200
+++ b/common/src/main/java/digilib/conf/DigilibConfiguration.java	Tue Mar 29 17:30:39 2016 +0200
@@ -57,7 +57,7 @@
 
     /** digilib version */
     public static String getClassVersion() {
-        return "2.3.9a";
+        return "2.4.0a";
     }
 
     /* non-static getVersion for Java inheritance */
--- a/common/src/main/java/digilib/meta/IndexMetaAuthLoader.java	Tue Mar 29 11:39:32 2016 +0200
+++ b/common/src/main/java/digilib/meta/IndexMetaAuthLoader.java	Tue Mar 29 17:30:39 2016 +0200
@@ -42,13 +42,15 @@
  */
 
 /**
- * Class loading index.meta files extracting some image file
- * related information.
+ * Class loading index.meta files extracting some image file related information.
+ * 
  * Extracts into the MetadataMap all tags in the meta/img tag as key-value
  * pairs and access conditions under the access key.
  * 
  * Returns a map with filenames and MetadataMaps.
  * 
+ * Implemented using javax.xml.stream.XMLStreamReader.
+ * 
  * @see <a
  *      href="http://intern.mpiwg-berlin.mpg.de/digitalhumanities/mpiwg-metadata-documentation/formate/indexmeta-standard">index.meta
  *      spec</a>
--- a/common/src/main/java/digilib/meta/IndexMetaLoader.java	Tue Mar 29 11:39:32 2016 +0200
+++ b/common/src/main/java/digilib/meta/IndexMetaLoader.java	Tue Mar 29 17:30:39 2016 +0200
@@ -44,8 +44,12 @@
 
 /**
  * Class loading index.meta files with metadata extracting some image file related information.
+ * 
  * Extracts into the MetadataMap all tags in the meta/img tag as key-value pairs and the content of the meta/context tag as XML.
- * Returns a map with filenames and MetadataMaps. 
+ * 
+ * Returns a map with filenames and MetadataMaps.
+ * 
+ * Implemented using javax.xml.parsers.SAXParser.
  * 
  * @see <a href="http://intern.mpiwg-berlin.mpg.de/digitalhumanities/mpiwg-metadata-documentation/formate/indexmeta-standard">index.meta spec</a>
  * @author Robert Casties
--- a/doc/pom.xml	Tue Mar 29 11:39:32 2016 +0200
+++ b/doc/pom.xml	Tue Mar 29 17:30:39 2016 +0200
@@ -3,7 +3,7 @@
   <parent>
     <groupId>digilib</groupId>
     <artifactId>digilib</artifactId>
-    <version>2.3-SNAPSHOT</version>
+    <version>2.4-SNAPSHOT</version>
   </parent>
   <artifactId>digilib-doc</artifactId>
   <packaging>pom</packaging>
--- a/pdf/pom.xml	Tue Mar 29 11:39:32 2016 +0200
+++ b/pdf/pom.xml	Tue Mar 29 17:30:39 2016 +0200
@@ -4,7 +4,7 @@
 	<parent>
 		<artifactId>digilib</artifactId>
 		<groupId>digilib</groupId>
-		<version>2.3-SNAPSHOT</version>
+		<version>2.4-SNAPSHOT</version>
 	</parent>
 	<artifactId>digilib-pdf</artifactId>
 	<name>digilib-pdf</name>
--- a/pom.xml	Tue Mar 29 11:39:32 2016 +0200
+++ b/pom.xml	Tue Mar 29 17:30:39 2016 +0200
@@ -9,7 +9,7 @@
 
   <groupId>digilib</groupId>
   <artifactId>digilib</artifactId>
-  <version>2.3-SNAPSHOT</version>
+  <version>2.4-SNAPSHOT</version>
   <packaging>pom</packaging>
 
   <name>digilib</name>
@@ -196,57 +196,57 @@
       <dependency>
         <groupId>digilib</groupId>
         <artifactId>digilib-common</artifactId>
-        <version>2.3-SNAPSHOT</version>
+        <version>2.4-SNAPSHOT</version>
       </dependency>
       <dependency>
         <groupId>digilib</groupId>
         <artifactId>digilib-common-jai</artifactId>
-        <version>2.3-SNAPSHOT</version>
+        <version>2.4-SNAPSHOT</version>
       </dependency>
       <dependency>
         <groupId>digilib</groupId>
         <artifactId>digilib-common-imagej</artifactId>
-        <version>2.3-SNAPSHOT</version>
+        <version>2.4-SNAPSHOT</version>
       </dependency>
       <dependency>
         <groupId>digilib</groupId>
         <artifactId>digilib-common-bioformats</artifactId>
-        <version>2.3-SNAPSHOT</version>
+        <version>2.4-SNAPSHOT</version>
       </dependency>
       <dependency>
         <groupId>digilib</groupId>
         <artifactId>digilib-doc</artifactId>
-        <version>2.3-SNAPSHOT</version>
+        <version>2.4-SNAPSHOT</version>
       </dependency>
       <dependency>
         <groupId>digilib</groupId>
         <artifactId>digilib-pdf</artifactId>
-        <version>2.3-SNAPSHOT</version>
+        <version>2.4-SNAPSHOT</version>
       </dependency>
       <dependency>
         <groupId>digilib</groupId>
         <artifactId>digilib-text</artifactId>
-        <version>2.3-SNAPSHOT</version>
+        <version>2.4-SNAPSHOT</version>
       </dependency>
       <dependency>
         <groupId>digilib</groupId>
         <artifactId>digilib-servlet</artifactId>
-        <version>2.3-SNAPSHOT</version>
+        <version>2.4-SNAPSHOT</version>
       </dependency>
       <dependency>
         <groupId>digilib</groupId>
         <artifactId>digilib-servlet2</artifactId>
-        <version>2.3-SNAPSHOT</version>
+        <version>2.4-SNAPSHOT</version>
       </dependency>
       <dependency>
         <groupId>digilib</groupId>
         <artifactId>digilib-servlet3</artifactId>
-        <version>2.3-SNAPSHOT</version>
+        <version>2.4-SNAPSHOT</version>
       </dependency>
       <dependency>
         <groupId>digilib</groupId>
         <artifactId>digilib-webapp</artifactId>
-        <version>2.3-SNAPSHOT</version>
+        <version>2.4-SNAPSHOT</version>
       </dependency>
     </dependencies>
   </dependencyManagement>
--- a/servlet/pom.xml	Tue Mar 29 11:39:32 2016 +0200
+++ b/servlet/pom.xml	Tue Mar 29 17:30:39 2016 +0200
@@ -5,7 +5,7 @@
   <parent>
     <groupId>digilib</groupId>
     <artifactId>digilib</artifactId>
-    <version>2.3-SNAPSHOT</version>
+    <version>2.4-SNAPSHOT</version>
   </parent>
   <artifactId>digilib-servlet</artifactId>
   <name>digilib-servlet</name>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/servlet/src/main/java/digilib/auth/AuthzOpsImpl.java	Tue Mar 29 17:30:39 2016 +0200
@@ -0,0 +1,113 @@
+package digilib.auth;
+
+/*
+ * #%L
+ *  AuthOps -- Authentication class implementation
+ *
+ *  Digital Image Library servlet components
+ *  
+ * %%
+ * Copyright (C) 2001 - 2013 MPIWG Berlin
+ * %%
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as 
+ * published by the Free Software Foundation, either version 3 of the 
+ * License, or (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Lesser Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Lesser Public 
+ * License along with this program.  If not, see
+ * <http://www.gnu.org/licenses/lgpl-3.0.html>.
+ * #L%
+ * Author: Robert Casties (robcast@berlios.de)
+ */
+
+import java.util.List;
+
+import org.apache.log4j.Logger;
+
+import digilib.conf.DigilibConfiguration;
+import digilib.conf.DigilibRequest;
+import digilib.conf.DigilibServletRequest;
+
+/**
+ * Basic implementation of AuthOps interface.
+ * 
+ * Provides basic implementations. Only rolesForPath needs to be implemented by
+ * specific implementations.
+ */
+public abstract class AuthzOpsImpl implements AuthzOps {
+
+    /** general logger for this class */
+    protected Logger logger = Logger.getLogger(this.getClass());
+    
+    /** authentication instance */
+    protected AuthnOps authnOps;
+
+    /* (non-Javadoc)
+     * @see digilib.auth.AuthzOps#init(digilib.conf.DigilibConfiguration)
+     */
+    @Override
+    public abstract void init(DigilibConfiguration dlConfig) throws AuthOpException;
+
+    /**
+     * @see digilib.auth.AuthzOps#isAuthorizationRequired(digilib.conf.DigilibRequest)
+     */
+    public boolean isAuthorizationRequired(DigilibRequest request) throws AuthOpException {
+        // check permissions
+        List<String> rolesRequired = rolesForPath((DigilibServletRequest) request);
+        return (rolesRequired != null);
+    }
+
+    /**
+     * @see digilib.auth.AuthzOps#isAuthorized(digilib.conf.DigilibRequest)
+     */
+    public boolean isAuthorized(DigilibRequest request) throws AuthOpException {
+        List<String> rolesRequired = rolesForPath((DigilibServletRequest) request);
+        if (rolesRequired == null) return true;
+        return isRoleAuthorized(rolesRequired, (DigilibServletRequest) request);
+    }
+
+    /**
+     * Test request authorization against a list of roles.
+     * 
+     * @param rolesRequired
+     *            List of Strings with role names.
+     * @param request
+     *            ServletRequest with address information.
+     * @return true if the user information in the request authorizes one of the roles.
+     * @throws AuthOpException 
+     */
+    public boolean isRoleAuthorized(List<String> rolesRequired, DigilibServletRequest request) throws AuthOpException {
+        if (rolesRequired == null) return true;
+        for (String r : rolesRequired) {
+            logger.debug("Testing role: " + r);
+            if (authnOps.isUserInRole(request, r)) {
+                logger.debug("Role Authorized");
+                return true;
+            }
+        }
+        return false;
+    }
+
+    /**
+     * Authorization roles needed for request.
+     * 
+     * Returns the list of authorization roles that are needed to access the
+     * specified path. No list means the path is free.
+     * 
+     * The location information of the request is also considered.
+     * 
+     * @param request
+     *            DigilibRequest with address information.
+     * @throws AuthOpException
+     *             Exception thrown on error.
+     * @return List of Strings with role names.
+     */
+    public abstract List<String> rolesForPath(DigilibServletRequest request) throws AuthOpException;
+
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/servlet/src/main/java/digilib/auth/IpAuthnOps.java	Tue Mar 29 17:30:39 2016 +0200
@@ -0,0 +1,112 @@
+package digilib.auth;
+
+/*
+ * #%L
+ * Authentication class implementation using IP addresses
+ * 
+ * Digital Image Library servlet components
+ * 
+ * %%
+ * Copyright (C) 2016 MPIWG Berlin
+ * %%
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as 
+ * published by the Free Software Foundation, either version 3 of the 
+ * License, or (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Lesser Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Lesser Public 
+ * License along with this program.  If not, see
+ * <http://www.gnu.org/licenses/lgpl-3.0.html>.
+ * #L%
+ * Author: Robert Casties (robcast@berlios.de)
+ */
+
+import java.io.File;
+import java.util.List;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.log4j.Logger;
+
+import digilib.conf.DigilibConfiguration;
+import digilib.conf.DigilibRequest;
+import digilib.conf.DigilibServletRequest;
+import digilib.util.HashTree;
+import digilib.util.XMLListLoader;
+
+/**
+ * Implements AuthnOps using paths defined in an XML config file.
+ * 
+ * The name of the configuration file is read from the digilib config parameter "auth-file".
+ * <p/>
+ * The tag "digilib-adresses" is read from the configuration file:
+ * <pre>  
+ * {@code
+ * <digilib-addresses>
+ *   <address ip="130.92.68" role="eastwood-coll,ptolemaios-geo" />
+ *   <address ip="130.92.151" role="wtwg" />
+ * </digilib-addresses>
+ * }
+ * </pre>
+ * A computer with an ip address that matches "ip" is automatically granted all roles under "role".
+ * The ip address is matched from the left (in full quads). Roles under "role" must be separated by comma only (no spaces). 
+ * 
+ */
+public class IpAuthnOps implements AuthnOps {
+
+    /** general logger for this class */
+    protected Logger logger = Logger.getLogger(this.getClass());
+
+    protected File configFile;
+    protected HashTree authIPs;
+
+    /**
+     * Initialize authentication operations.
+     * 
+     * Reads tag "digilib-adresses" from configuration file 
+     * and sets up authentication arrays.
+     * 
+     * @throws AuthOpException
+     *             Exception thrown on error.
+     */
+    @Override
+    public void init(DigilibConfiguration dlConfig) throws AuthOpException {
+        configFile = dlConfig.getAsFile("auth-file");
+        logger.debug("ipauthnops.init (" + configFile + ")");
+        Map<String, String> ipList = null;
+        try {
+            // load authIPs
+            XMLListLoader ipLoader = new XMLListLoader("digilib-addresses", "address", "ip", "role");
+            ipList = ipLoader.loadUri(configFile.toURI());
+        } catch (Exception e) {
+            throw new AuthOpException("ERROR loading authorization config file: " + e);
+        }
+        if (ipList == null) {
+            throw new AuthOpException("ERROR unable to load authorization config file!");
+        }
+        // setup ip tree
+        authIPs = new HashTree(ipList, ".", ",");
+    }
+
+    /* (non-Javadoc)
+     * @see digilib.auth.AuthnOps#isUserInRole(digilib.conf.DigilibRequest, java.lang.String)
+     */
+    @Override
+    public boolean isUserInRole(DigilibRequest dlRequest, String role) throws AuthOpException {
+        // check if the requests address provides a role
+        HttpServletRequest request = ((DigilibServletRequest) dlRequest).getServletRequest();
+        String ip = request.getRemoteAddr();
+        List<String> provided = authIPs.match(ip);
+        if ((provided != null) && (provided.contains(role))) {
+            return true;
+        }
+        return false;
+    }
+
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/servlet/src/main/java/digilib/auth/IpServletAuthnOps.java	Tue Mar 29 17:30:39 2016 +0200
@@ -0,0 +1,73 @@
+package digilib.auth;
+
+/*
+ * #%L
+ * Authentication class implementation using IP addresses and Servlet user information
+ * 
+ * Digital Image Library servlet components
+ * 
+ * %%
+ * Copyright (C) 2016 MPIWG Berlin
+ * %%
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as 
+ * published by the Free Software Foundation, either version 3 of the 
+ * License, or (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Lesser Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Lesser Public 
+ * License along with this program.  If not, see
+ * <http://www.gnu.org/licenses/lgpl-3.0.html>.
+ * #L%
+ * Author: Robert Casties (robcast@berlios.de)
+ */
+
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+
+import digilib.conf.DigilibRequest;
+import digilib.conf.DigilibServletRequest;
+
+/**
+ * Implements AuthnOps using paths defined in an XML config file and Servlet API isUserInRole().
+ * 
+ * The name of the configuration file is read from the digilib config parameter "auth-file".
+ * <p/>
+ * The tag "digilib-adresses" is read from the configuration file:
+ * <pre>  
+ * {@code
+ * <digilib-addresses>
+ *   <address ip="130.92.68" role="eastwood-coll,ptolemaios-geo" />
+ *   <address ip="130.92.151" role="wtwg" />
+ * </digilib-addresses>
+ * }
+ * </pre>
+ * A computer with an ip address that matches "ip" is automatically granted all roles under "role".
+ * The ip address is matched from the left (in full quads). Roles under "role" must be separated by comma only (no spaces). 
+ * 
+ * Uses ServletRequest.isUserInRole() if roles provided by IP are not sufficient.
+ */
+public class IpServletAuthnOps extends IpAuthnOps {
+
+    /* (non-Javadoc)
+     * @see digilib.auth.IpAuthnOps#isUserInRole(digilib.conf.DigilibRequest, java.lang.String)
+     */
+    @Override
+    public boolean isUserInRole(DigilibRequest dlRequest, String role) throws AuthOpException {
+        // check if the requests address provides a role
+        HttpServletRequest request = ((DigilibServletRequest) dlRequest).getServletRequest();
+        String ip = request.getRemoteAddr();
+        List<String> provided = authIPs.match(ip);
+        if ((provided != null) && (provided.contains(role))) {
+            return true;
+        }
+        // use the ServletRequest
+        return request.isUserInRole(role);
+    }
+
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/servlet/src/main/java/digilib/auth/MetaAccessAuthzOps.java	Tue Mar 29 17:30:39 2016 +0200
@@ -0,0 +1,161 @@
+package digilib.auth;
+
+/*
+ * #%L
+ * Authorization class implementation using access information from 
+ * file metadata.
+ * 
+ * Digital Image Library servlet components
+ * 
+ * %%
+ * Copyright (C) 2013-2016 MPIWG Berlin
+ * %%
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as 
+ * published by the Free Software Foundation, either version 3 of the 
+ * License, or (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Lesser Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Lesser Public 
+ * License along with this program.  If not, see
+ * <http://www.gnu.org/licenses/lgpl-3.0.html>.
+ * #L%
+ * Author: Robert Casties (robcast@users.souceforge.net)
+ */
+
+import java.io.File;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+
+import digilib.conf.DigilibConfiguration;
+import digilib.conf.DigilibServletConfiguration;
+import digilib.conf.DigilibServletRequest;
+import digilib.image.ImageJobDescription;
+import digilib.io.DocuDirCache;
+import digilib.io.DocuDirent;
+import digilib.io.FileOpException;
+import digilib.meta.MetadataMap;
+import digilib.util.XMLListLoader;
+
+/**
+ * Implementation of AuthzOps using "access" information from file metadata. 
+ * 
+ * Requires FileMeta implementation providing "access", e.g. digilib.meta.IndexMetaFileMeta. 
+ * 
+ * The name of the configuration file is read from the digilib config parameter "auth-file".
+ * <p/>
+ * Tags "digilib-access" and "digilib-adresses" are read from the configuration file:
+ * <pre>
+ * {@code
+ * <digilib-access>
+ *   <access type="group:mpiwg" role="mpiwg-user"/>
+ * </digilib-access>
+ * }
+ * </pre>
+ * A user must supply one of the roles under "role" to access any object with the metadata "access" type of "type".
+ * Roles under "role" must be separated by comma only (no spaces).
+ * 
+ */
+public class MetaAccessAuthzOps extends AuthzOpsImpl {
+
+    private File configFile;
+    private Map<String, List<String>> rolesMap;
+
+    /**
+     * Initialize authentication operations.
+     * 
+     * Reads tag "digilib-access" from configuration file 
+     * and sets up authentication arrays.
+     * 
+     * @throws AuthOpException
+     *             Exception thrown on error.
+     */
+    @Override
+    public void init(DigilibConfiguration dlConfig) throws AuthOpException {
+        configFile = dlConfig.getAsFile("auth-file");
+        logger.debug("IpRoleServletAuthops.init (" + configFile + ")");
+        Map<String, String> roleList = null;
+        try {
+            // load role mappings
+            XMLListLoader roleLoader = new XMLListLoader("digilib-access", "access", "type", "role");
+            roleList = roleLoader.loadUri(configFile.toURI());
+        } catch (Exception e) {
+            throw new AuthOpException("ERROR loading authorization config file: " + e);
+        }
+        if (roleList == null) {
+            throw new AuthOpException("ERROR unable to load authorization config file!");
+        }
+        // convert role list to map, splitting roles by ","
+        rolesMap = new HashMap<String,List<String>>(roleList.size());
+        for (String k : roleList.keySet()) {
+            String rs = roleList.get(k);
+            String[] ra = rs.split(",");
+            rolesMap.put(k, Arrays.asList(ra));
+        }
+        // set authentication
+        this.authnOps = (AuthnOps) dlConfig.getValue(DigilibServletConfiguration.AUTHN_OP_KEY);
+    }
+
+    /**
+     * Return authorization roles needed for request.
+     * 
+     * Returns the list of authorization roles that are needed to access the
+     * specified path. No list means the path is free.
+     * 
+     * The location information of the request is also considered.
+     * 
+     * @param request
+     *            ServletRequest with address information.
+     * @throws AuthOpException
+     *             Exception thrown on error.
+     * @return List of Strings with role names.
+     */
+    @Override
+    public List<String> rolesForPath(DigilibServletRequest dlRequest) throws AuthOpException {
+        HttpServletRequest request = dlRequest.getServletRequest();
+        DocuDirent imgs;
+        try {
+            // try to get image file from JobDescription
+            ImageJobDescription ticket = dlRequest.getJobDescription();
+            if (ticket != null) {
+                imgs = (DocuDirent) ticket.getImageSet();
+            } else {
+                // try to get image file from DirCache
+                DigilibConfiguration config = dlRequest.getDigilibConfig();
+                DocuDirCache cache = (DocuDirCache) config.getValue(DigilibServletConfiguration.DIR_CACHE_KEY);
+                imgs = cache.getFile(dlRequest.getFilePath(), dlRequest.getAsInt("pn"));
+            }
+        } catch (FileOpException e) {
+            throw new AuthOpException("No file for auth check!");
+        }
+        /*
+         * get access restrictions from metadata
+         */
+        String access = null;
+        try {
+            imgs.checkMeta();
+            MetadataMap meta = imgs.getMeta().getFileMeta();
+            access = meta.get("access");
+        } catch (Exception e) {
+            logger.error("Error getting access meta for file!");
+        }
+        if (access == null) {
+            // no access restriction - allow
+            logger.debug("rolesForPath (" + imgs.getName() + ") by [" + request.getRemoteAddr() + "]: (none)");
+            return null;
+        }
+        // get required roles
+        List<String> required = rolesMap.get(access);
+        logger.debug("rolesForPath (" + imgs.getName() + ") by [" + request.getRemoteAddr() + "]: "+required);
+        return required;
+    }
+
+}
--- a/servlet/src/main/java/digilib/auth/MetaAccessServletAuthOps.java	Tue Mar 29 11:39:32 2016 +0200
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,204 +0,0 @@
-package digilib.auth;
-
-/*
- * #%L
- * Authentication class implementation using access information from 
- * file metadata.
- * 
- * Digital Image Library servlet components
- * 
- * %%
- * Copyright (C) 2013 MPIWG Berlin
- * %%
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as 
- * published by the Free Software Foundation, either version 3 of the 
- * License, or (at your option) any later version.
- * 
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Lesser Public License for more details.
- * 
- * You should have received a copy of the GNU General Lesser Public 
- * License along with this program.  If not, see
- * <http://www.gnu.org/licenses/lgpl-3.0.html>.
- * #L%
- * Author: Robert Casties (robcast@berlios.de)
- */
-
-import java.io.File;
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import javax.servlet.http.HttpServletRequest;
-
-import digilib.conf.DigilibConfiguration;
-import digilib.conf.DigilibServletConfiguration;
-import digilib.conf.DigilibServletRequest;
-import digilib.image.ImageJobDescription;
-import digilib.io.DocuDirCache;
-import digilib.io.DocuDirent;
-import digilib.io.FileOpException;
-import digilib.meta.MetadataMap;
-import digilib.util.HashTree;
-import digilib.util.XMLListLoader;
-
-/**
- * Implementation of AuthOps using "access" information from file metadata and
- * roles mapped to IP-number ranges defined in an XML config file.
- * <p/>
- * Tags "digilib-access" and "digilib-adresses" are read from the configuration file:
- * <pre>
- * {@code
- * <digilib-access>
- *   <access type="group:mpiwg" role="user"/>
- * </digilib-access>
- * }
- * </pre>
- * A user must supply one of the roles under "role" to access any object with the metadata "access" type of "type".
- * Roles under "role" must be separated by comma only (no spaces).
- * <pre>  
- * {@code
- * <digilib-addresses>
- *   <address ip="130.92.68" role="eastwood-coll,ptolemaios-geo" />
- *   <address ip="130.92.151" role="ALL" />
- * </digilib-addresses>
- * }
- * </pre>
- * A computer with an ip address that matches "ip" is automatically granted all roles under "role".
- * The ip address is matched from the left (in full quads). Roles under "role" must be separated by comma only (no spaces). 
- * 
- */
-public class MetaAccessServletAuthOps extends ServletAuthOpsImpl {
-
-    private File configFile;
-    private HashTree authIPs;
-    private Map<String, List<String>> rolesMap;
-
-    /**
-     * Set configuration file.
-     * 
-     * @param confFile
-     *            XML config file.
-     * @throws AuthOpException
-     *             Exception thrown on error.
-     */
-    public void setConfig(File confFile) throws AuthOpException {
-        configFile = confFile;
-        init();
-    }
-
-    /**
-     * Initialize authentication operations.
-     * 
-     * Reads tags "digilib-access" and "digilib-adresses" from configuration file 
-     * and sets up authentication arrays.
-     * 
-     * @throws AuthOpException
-     *             Exception thrown on error.
-     */
-    public void init() throws AuthOpException {
-        logger.debug("IpRoleServletAuthops.init (" + configFile + ")");
-        Map<String, String> ipList = null;
-        Map<String, String> roleList = null;
-        try {
-            // load authIPs
-            XMLListLoader ipLoader = new XMLListLoader("digilib-addresses", "address", "ip", "role");
-            ipList = ipLoader.loadUri(configFile.toURI());
-            // load role mappings
-            XMLListLoader roleLoader = new XMLListLoader("digilib-access", "access", "type", "role");
-            roleList = roleLoader.loadUri(configFile.toURI());
-        } catch (Exception e) {
-            throw new AuthOpException("ERROR loading authorization config file: " + e);
-        }
-        if ((ipList == null)||(roleList == null)) {
-            throw new AuthOpException("ERROR unable to load authorization config file!");
-        }
-        // setup ip tree
-        authIPs = new HashTree(ipList, ".", ",");
-        // convert role list to map, splitting roles by ","
-        rolesMap = new HashMap<String,List<String>>(roleList.size());
-        for (String k : roleList.keySet()) {
-            String rs = roleList.get(k);
-            String[] ra = rs.split(",");
-            rolesMap.put(k, Arrays.asList(ra));
-        }
-    }
-
-    /**
-     * Return authorization roles needed for request.
-     * 
-     * Returns the list of authorization roles that are needed to access the
-     * specified path. No list means the path is free.
-     * 
-     * The location information of the request is also considered.
-     * 
-     * @param request
-     *            ServletRequest with address information.
-     * @throws AuthOpException
-     *             Exception thrown on error.
-     * @return List of Strings with role names.
-     */
-    @Override
-    public List<String> rolesForPath(DigilibServletRequest dlRequest) throws AuthOpException {
-        HttpServletRequest request = dlRequest.getServletRequest();
-        DocuDirent imgs;
-        try {
-            // try to get image file from JobDescription
-            ImageJobDescription ticket = dlRequest.getJobDescription();
-            if (ticket != null) {
-                imgs = (DocuDirent) ticket.getImageSet();
-            } else {
-                // try to get image file from DirCache
-                DigilibConfiguration config = dlRequest.getDigilibConfig();
-                DocuDirCache cache = (DocuDirCache) config.getValue(DigilibServletConfiguration.DIR_CACHE_KEY);
-                imgs = cache.getFile(dlRequest.getFilePath(), dlRequest.getAsInt("pn"));
-            }
-        } catch (FileOpException e) {
-            throw new AuthOpException("No file for auth check!");
-        }
-        /*
-         * check if the requests address provides a role
-         */
-        List<String> provided = authIPs.match(request.getRemoteAddr());
-        if ((provided != null) && (provided.contains("ALL"))) {
-            // ALL switches off checking;
-            logger.debug("rolesForPath (" + imgs.getName() + ") by [" + request.getRemoteAddr() + "]: (ip-all)");
-            return null;
-        }
-        /*
-         * get access restrictions from metadata
-         */
-        String access = null;
-        try {
-            imgs.checkMeta();
-            MetadataMap meta = imgs.getMeta().getFileMeta();
-            access = meta.get("access");
-        } catch (Exception e) {
-            logger.error("Error getting access meta for file!");
-        }
-        if (access == null) {
-            // no access restriction - allow
-            logger.debug("rolesForPath (" + imgs.getName() + ") by [" + request.getRemoteAddr() + "]: (none)");
-            return null;
-        }
-        // check provided against required roles
-        List<String> required = rolesMap.get(access);
-        // do any provided roles match?
-        if ((provided != null) && (required != null)) {
-            for (String prov : provided) {
-                if (required.contains(prov)) {
-                    // satisfied
-                    logger.debug("rolesForPath (" + imgs.getName() + ") by [" + request.getRemoteAddr() + "]: (provided)");
-                    return null;
-                }
-            }
-        }
-        logger.debug("rolesForPath (" + imgs.getName() + ") by [" + request.getRemoteAddr() + "]: "+required);
-        return required;
-    }
-
-}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/servlet/src/main/java/digilib/auth/PathAuthzOps.java	Tue Mar 29 17:30:39 2016 +0200
@@ -0,0 +1,116 @@
+package digilib.auth;
+
+/*
+ * #%L
+ * XMLAuthOps -- Authentication class implementation using XML files
+ * 
+ * Digital Image Library servlet components
+ * 
+ * %%
+ * Copyright (C) 2001 - 2013 MPIWG Berlin
+ * %%
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as 
+ * published by the Free Software Foundation, either version 3 of the 
+ * License, or (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Lesser Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Lesser Public 
+ * License along with this program.  If not, see
+ * <http://www.gnu.org/licenses/lgpl-3.0.html>.
+ * #L%
+ * Author: Robert Casties (robcast@berlios.de)
+ */
+
+import java.io.File;
+import java.util.List;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+
+import digilib.conf.DigilibConfiguration;
+import digilib.conf.DigilibServletConfiguration;
+import digilib.conf.DigilibServletRequest;
+import digilib.util.HashTree;
+import digilib.util.XMLListLoader;
+
+/**
+ * Implements AuthzOps using paths defined in an XML config file. 
+ * 
+ * The name of the configuration file is read from the digilib config parameter "auth-file".
+ * <p/>
+ * The tag "digilib-paths" is read from the configuration file:
+ * <pre>
+ * {@code
+ * <digilib-paths>
+ *   <path name="histast/eastwood-collection" role="eastwood-coll" />
+ * </digilib-paths>
+ * }
+ * </pre>
+ * A user must supply one of the roles under "role" to access the directory "name".
+ * Roles under "role" must be separated by comma only (no spaces).
+ * <pre>  
+ * 
+ */
+public class PathAuthzOps extends AuthzOpsImpl {
+
+    private File configFile;
+    private HashTree authPaths;
+
+    /**
+     * Initialize authentication operations.
+     * 
+     * Reads tag "digilib-paths" from configuration file 
+     * and sets up authentication arrays.
+     * 
+     * @throws AuthOpException
+     *             Exception thrown on error.
+     */
+    @Override
+    public void init(DigilibConfiguration dlConfig) throws AuthOpException {
+        configFile = dlConfig.getAsFile("auth-file");
+        logger.debug("xmlauthops.init (" + configFile + ")");
+        Map<String, String> pathList = null;
+        try {
+            // load authPaths
+            XMLListLoader pathLoader = new XMLListLoader("digilib-paths", "path", "name", "role");
+            pathList = pathLoader.loadUri(configFile.toURI());
+        } catch (Exception e) {
+            throw new AuthOpException("ERROR loading authorization config file: " + e);
+        }
+        if (pathList == null) {
+            throw new AuthOpException("ERROR unable to load authorization config file!");
+        }
+        // setup path tree
+        authPaths = new HashTree(pathList, "/", ",");
+        // set authentication
+        this.authnOps = (AuthnOps) dlConfig.getValue(DigilibServletConfiguration.AUTHN_OP_KEY);
+    }
+
+    /**
+     * Return authorization roles needed for request.
+     * 
+     * Returns the list of authorization roles that are required to access the
+     * specified path. No list means the path is free.
+     * 
+     * @param dlRequest
+     *            DigilibServletRequest with image path and remote address information.
+     * @throws AuthOpException
+     *             Exception thrown on error.
+     * @return List of Strings with role names.
+     */
+    public List<String> rolesForPath(DigilibServletRequest dlRequest) throws digilib.auth.AuthOpException {
+        String filepath = dlRequest.getFilePath();
+        HttpServletRequest request = dlRequest.getServletRequest();
+        logger.debug("rolesForPath (" + filepath + ") by [" + request.getRemoteAddr() + "]");
+
+        // which roles are required?
+        List<String> required = authPaths.match(filepath);
+        return required;
+    }
+
+}
--- a/servlet/src/main/java/digilib/auth/PathServletAuthOps.java	Tue Mar 29 11:39:32 2016 +0200
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,154 +0,0 @@
-package digilib.auth;
-
-/*
- * #%L
- * XMLAuthOps -- Authentication class implementation using XML files
- * 
- * Digital Image Library servlet components
- * 
- * %%
- * Copyright (C) 2001 - 2013 MPIWG Berlin
- * %%
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as 
- * published by the Free Software Foundation, either version 3 of the 
- * License, or (at your option) any later version.
- * 
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Lesser Public License for more details.
- * 
- * You should have received a copy of the GNU General Lesser Public 
- * License along with this program.  If not, see
- * <http://www.gnu.org/licenses/lgpl-3.0.html>.
- * #L%
- * Author: Robert Casties (robcast@berlios.de)
- */
-
-import java.io.File;
-import java.util.List;
-import java.util.Map;
-
-import javax.servlet.http.HttpServletRequest;
-
-import digilib.conf.DigilibServletRequest;
-import digilib.util.HashTree;
-import digilib.util.XMLListLoader;
-
-/**
- * Implements AuthOps using paths defined in an XML config file.
- * <p/>
- * Tags "digilib-paths" and "digilib-adresses" are read from the configuration file:
- * <pre>
- * {@code
- * <digilib-paths>
- *   <path name="histast/eastwood-collection" role="eastwood-coll" />
- * </digilib-paths>
- * }
- * </pre>
- * A user must supply one of the roles under "role" to access the directory "name".
- * Roles under "role" must be separated by comma only (no spaces).
- * <pre>  
- * {@code
- * <digilib-addresses>
- *   <address ip="130.92.68" role="eastwood-coll,ptolemaios-geo" />
- *   <address ip="130.92.151" role="ALL" />
- * </digilib-addresses>
- * }
- * </pre>
- * A computer with an ip address that matches "ip" is automatically granted all roles under "role".
- * The ip address is matched from the left (in full quads). Roles under "role" must be separated by comma only (no spaces). 
- * 
- */
-public class PathServletAuthOps extends ServletAuthOpsImpl {
-
-    private File configFile;
-    private HashTree authPaths;
-    private HashTree authIPs;
-
-    /**
-     * Set configuration file.
-     * 
-     * @param confFile
-     *            XML config file.
-     * @throws AuthOpException
-     *             Exception thrown on error.
-     */
-    public void setConfig(File confFile) throws AuthOpException {
-        configFile = confFile;
-        init();
-    }
-
-    /**
-     * Initialize authentication operations.
-     * 
-     * Reads tags "digilib-paths" and "digilib-adresses" from configuration file 
-     * and sets up authentication arrays.
-     * 
-     * @throws AuthOpException
-     *             Exception thrown on error.
-     */
-    public void init() throws AuthOpException {
-        logger.debug("xmlauthops.init (" + configFile + ")");
-        Map<String, String> pathList = null;
-        Map<String, String> ipList = null;
-        try {
-            // load authPaths
-            XMLListLoader pathLoader = new XMLListLoader("digilib-paths", "path", "name", "role");
-            pathList = pathLoader.loadUri(configFile.toURI());
-            // load authIPs
-            XMLListLoader ipLoader = new XMLListLoader("digilib-addresses", "address", "ip", "role");
-            ipList = ipLoader.loadUri(configFile.toURI());
-        } catch (Exception e) {
-            throw new AuthOpException("ERROR loading authorization config file: " + e);
-        }
-        if ((pathList == null) || (ipList == null)) {
-            throw new AuthOpException("ERROR unable to load authorization config file!");
-        }
-        // setup path tree
-        authPaths = new HashTree(pathList, "/", ",");
-        // setup ip tree
-        authIPs = new HashTree(ipList, ".", ",");
-    }
-
-    /**
-     * Return authorization roles needed for request.
-     * 
-     * Returns the list of authorization roles that are required to access the
-     * specified path. No list means the path is free.
-     * 
-     * The location information of the request is determined by ServletRequest.getRemoteAddr().
-     * 
-     * @param dlRequest
-     *            DigilibServletRequest with image path and remote address information.
-     * @throws AuthOpException
-     *             Exception thrown on error.
-     * @return List of Strings with role names.
-     */
-    public List<String> rolesForPath(DigilibServletRequest dlRequest) throws digilib.auth.AuthOpException {
-        String filepath = dlRequest.getFilePath();
-        HttpServletRequest request = dlRequest.getServletRequest();
-        logger.debug("rolesForPath (" + filepath + ") by [" + request.getRemoteAddr() + "]");
-
-        // check if the requests address provides a role
-        List<String> provided = authIPs.match(request.getRemoteAddr());
-        if ((provided != null) && (provided.contains("ALL"))) {
-            // ALL switches off checking;
-            return null;
-        }
-        // which roles are required?
-        List<String> required = authPaths.match(filepath);
-        // do any provided roles match?
-        if ((provided != null) && (required != null)) {
-            for (int i = 0; i < provided.size(); i++) {
-                if (required.contains(provided.get(i))) {
-                    // satisfied
-                    return null;
-                }
-            }
-        }
-        return required;
-    }
-
-}
--- a/servlet/src/main/java/digilib/auth/ServletAuthOpsImpl.java	Tue Mar 29 11:39:32 2016 +0200
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,105 +0,0 @@
-package digilib.auth;
-
-/*
- * #%L
- *  AuthOps -- Authentication class implementation
- *
- *  Digital Image Library servlet components
- *  
- * %%
- * Copyright (C) 2001 - 2013 MPIWG Berlin
- * %%
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as 
- * published by the Free Software Foundation, either version 3 of the 
- * License, or (at your option) any later version.
- * 
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Lesser Public License for more details.
- * 
- * You should have received a copy of the GNU General Lesser Public 
- * License along with this program.  If not, see
- * <http://www.gnu.org/licenses/lgpl-3.0.html>.
- * #L%
- * Author: Robert Casties (robcast@berlios.de)
- */
-
-import java.util.List;
-
-import org.apache.log4j.Logger;
-
-import digilib.conf.DigilibRequest;
-import digilib.conf.DigilibServletRequest;
-
-/**
- * Basic implementation of AuthOps interface.
- * 
- * Provides basic implementations. Only rolesForPath needs to be implemented by
- * specific implementations.
- */
-public abstract class ServletAuthOpsImpl implements AuthOps {
-
-    /** general logger for this class */
-    protected Logger logger = Logger.getLogger(this.getClass());
-
-    public abstract void init() throws AuthOpException;
-
-    /**
-     * @see digilib.auth.AuthOps#isAuthRequired(digilib.conf.DigilibRequest)
-     */
-    public boolean isAuthRequired(DigilibRequest request) throws AuthOpException {
-        // check permissions
-        List<String> rolesRequired = rolesForPath((DigilibServletRequest) request);
-        return (rolesRequired != null);
-    }
-
-    /**
-     * @see digilib.auth.AuthOps#isAuthorized(digilib.conf.DigilibRequest)
-     */
-    public boolean isAuthorized(DigilibRequest request) throws AuthOpException {
-        List<String> rolesRequired = rolesForPath((DigilibServletRequest) request);
-        if (rolesRequired == null) return true;
-        return isRoleAuthorized(rolesRequired, (DigilibServletRequest) request);
-    }
-
-    /**
-     * Test request authorization against a list of roles.
-     * 
-     * @param rolesRequired
-     *            List of Strings with role names.
-     * @param request
-     *            ServletRequest with address information.
-     * @return true if the user information in the request authorizes one of the
-     *         roles.
-     */
-    public boolean isRoleAuthorized(List<String> rolesRequired, DigilibServletRequest request) {
-        if (rolesRequired == null) return true;
-        for (String s : rolesRequired) {
-            logger.debug("Testing role: " + s);
-            if (request.getServletRequest().isUserInRole(s)) {
-                logger.debug("Role Authorized");
-                return true;
-            }
-        }
-        return false;
-    }
-
-    /**
-     * Authorization roles needed for request.
-     * 
-     * Returns the list of authorization roles that are needed to access the
-     * specified path. No list means the path is free.
-     * 
-     * The location information of the request is also considered.
-     * 
-     * @param request
-     *            DigilibRequest with address information.
-     * @throws AuthOpException
-     *             Exception thrown on error.
-     * @return List of Strings with role names.
-     */
-    public abstract List<String> rolesForPath(DigilibServletRequest request) throws AuthOpException;
-
-}
--- a/servlet/src/main/java/digilib/conf/DigilibServletConfiguration.java	Tue Mar 29 11:39:32 2016 +0200
+++ b/servlet/src/main/java/digilib/conf/DigilibServletConfiguration.java	Tue Mar 29 17:30:39 2016 +0200
@@ -42,8 +42,10 @@
 import org.apache.log4j.xml.DOMConfigurator;
 import org.xml.sax.SAXException;
 
-import digilib.auth.AuthOps;
-import digilib.auth.AuthOpsFactory;
+import digilib.auth.AuthnOps;
+import digilib.auth.AuthnOpsFactory;
+import digilib.auth.AuthzOps;
+import digilib.auth.AuthzOpsFactory;
 import digilib.image.DocuImage;
 import digilib.io.AliasingDocuDirCache;
 import digilib.io.DocuDirCache;
@@ -76,7 +78,9 @@
  */
 public class DigilibServletConfiguration extends DigilibConfiguration implements ServletContextListener {
 
-    public static final String AUTH_OP_KEY = "servlet.auth.op";
+    public static final String AUTHN_OP_KEY = "servlet.authn.op";
+
+    public static final String AUTHZ_OP_KEY = "servlet.authz.op";
 
     public static final String IMAGEEXECUTOR_KEY = "servlet.worker.imageexecutor";
 
@@ -114,12 +118,15 @@
         newParameter(DIR_CACHE_KEY, null, null, 's');
         // Executor for image operations
         newParameter(IMAGEEXECUTOR_KEY, null, null, 's');
-        // AuthOps instance
-        newParameter(AUTH_OP_KEY, null, null, 's');
+        // AuthnOps instance
+        newParameter(AUTHN_OP_KEY, null, null, 's');
+        // AuthzOps instance
+        newParameter(AUTHZ_OP_KEY, null, null, 's');
         // classes TODO: do we need these as parameters?
         newParameter("servlet.filemeta.class", null, null, 's');
         newParameter("servlet.dirmeta.class", null, null, 's');
-        newParameter("servlet.authops.class", null, null, 's');
+        newParameter("servlet.authnops.class", null, null, 's');
+        newParameter("servlet.authzops.class", null, null, 's');
         newParameter("servlet.docudirectory.class", null, null, 's');
         newParameter("servlet.version", getVersion(), null, 's');
 
@@ -156,8 +163,10 @@
         newParameter("filemeta-class", "digilib.meta.IndexMetaFileMeta", null, 'f');
         // DirMeta implementation
         newParameter("dirmeta-class", "digilib.meta.IndexMetaDirMeta", null, 'f');
-        // AuthOps implementation
-        newParameter("authops-class", "digilib.auth.PathServletAuthOps", null, 'f');
+        // AuthnOps implementation
+        newParameter("authnops-class", "digilib.auth.IpAuthnOps", null, 'f');
+        // AuthzOps implementation
+        newParameter("authzops-class", "digilib.auth.PathAuthzOps", null, 'f');
         // DocuDirectory implementation
         newParameter("docudirectory-class", "digilib.io.BaseDirDocuDirectory", null, 'f');
 
@@ -293,13 +302,23 @@
         } catch (ClassNotFoundException e) {
             logger.error("Error setting Metadata classes!");
         }
-        try {
-            // initialise AuthOpsFactory
-            Class<AuthOps> authOpsClass = (Class<AuthOps>) Class.forName(config.getAsString("authops-class"));
-            config.setValue("servlet.authops.class", authOpsClass);
-            AuthOpsFactory.setAuthOpsClass(authOpsClass);
-        } catch (ClassNotFoundException e) {
-            logger.error("Error setting AuthOps class!");
+        if (config.getAsBoolean("use-authorization")) {
+            try {
+                // initialise AuthnOpsFactory
+                Class<AuthnOps> authnOpsClass = (Class<AuthnOps>) Class.forName(config.getAsString("authnops-class"));
+                config.setValue("servlet.authzops.class", authnOpsClass);
+                AuthnOpsFactory.setAuthnOpsClass(authnOpsClass);
+            } catch (ClassNotFoundException e) {
+                logger.error("Error setting AuthnOps class!");
+            }
+            try {
+                // initialise AuthzOpsFactory
+                Class<AuthzOps> authzOpsClass = (Class<AuthzOps>) Class.forName(config.getAsString("authzops-class"));
+                config.setValue("servlet.authzops.class", authzOpsClass);
+                AuthzOpsFactory.setAuthzOpsClass(authzOpsClass);
+            } catch (ClassNotFoundException e) {
+                logger.error("Error setting AuthzOps class!");
+            }
         }
         try {
             // initialise DocuDirectoryFactory
@@ -334,16 +353,19 @@
                 dirCache = new DocuDirCache(FileClass.IMAGE, this);
             }
             config.setValue(DIR_CACHE_KEY, dirCache);
-            // useAuthentication
+            // useAuthorization
             if (config.getAsBoolean("use-authorization")) {
-                AuthOps authOp = AuthOpsFactory.getAuthOpsInstance();
-                // get config file
+                // set auth config file
                 File authConf = ServletOps.getConfigFile((File) config.getValue("auth-file"), context);
-                if (authConf != null) {
-                    authOp.setConfig(authConf);
-                }
-                config.setValue(AUTH_OP_KEY, authOp);
                 config.setValue("auth-file", authConf);
+                // initialise AuthnOps
+                AuthnOps authnOps = AuthnOpsFactory.getAuthnOpsInstance();
+                authnOps.init(this);
+                config.setValue(AUTHN_OP_KEY, authnOps);
+                // initialise AuthzOps (requires AuthnOps)
+                AuthzOps authzOps = AuthzOpsFactory.getAuthzOpsInstance();
+                authzOps.init(this);
+                config.setValue(AUTHZ_OP_KEY, authzOps);
             }
             // digilib worker threads
             int nt = config.getAsInt("worker-threads");
--- a/servlet/src/main/java/digilib/servlet/DocumentBean.java	Tue Mar 29 11:39:32 2016 +0200
+++ b/servlet/src/main/java/digilib/servlet/DocumentBean.java	Tue Mar 29 17:30:39 2016 +0200
@@ -36,7 +36,7 @@
 import org.apache.log4j.Logger;
 
 import digilib.auth.AuthOpException;
-import digilib.auth.AuthOps;
+import digilib.auth.AuthzOps;
 import digilib.conf.DigilibServletConfiguration;
 import digilib.conf.DigilibServletRequest;
 import digilib.io.DocuDirCache;
@@ -52,10 +52,10 @@
 	private static Logger logger = Logger.getLogger("digilib.docubean");
 
 	// AuthOps object to check authorization
-	private AuthOps authOp;
+	private AuthzOps authzOp;
 
 	// use authorization database
-	private boolean useAuthentication = true;
+	private boolean useAuthorization = true;
 
 	// path to add for authenticated access
 	private String authURLPath = "";
@@ -102,10 +102,10 @@
 		/*
 		 * authentication
 		 */
-		useAuthentication = dlConfig.getAsBoolean("use-authorization");
-		authOp = (AuthOps) dlConfig.getValue("servlet.auth.op");
+		useAuthorization = dlConfig.getAsBoolean("use-authorization");
+		authzOp = (AuthzOps) dlConfig.getValue("servlet.authz.op");
 		authURLPath = dlConfig.getAsString("auth-url-path");
-		if (useAuthentication && (authOp == null)) {
+		if (useAuthorization && (authzOp == null)) {
 			throw new ServletException(
 					"ERROR: use-authorization configured but no AuthOp!");
 		}
@@ -117,7 +117,7 @@
 	public boolean isAuthRequired(DigilibServletRequest request)
 			throws AuthOpException {
 		logger.debug("isAuthRequired");
-		return useAuthentication ? authOp.isAuthRequired(request) : false;
+		return useAuthorization ? authzOp.isAuthorizationRequired(request) : false;
 	}
 
 	/**
@@ -125,7 +125,7 @@
 	 */
 	public boolean isAuthorized(DigilibServletRequest request) throws AuthOpException {
 		logger.debug("isAuthorized");
-		return useAuthentication ? authOp.isAuthorized(request) : true;
+		return useAuthorization ? authzOp.isAuthorized(request) : true;
 	}
 
 	/**
@@ -143,8 +143,8 @@
 	public boolean doAuthentication(DigilibServletRequest request,
 			HttpServletResponse response) throws Exception {
 		logger.debug("doAuthentication");
-		if (!useAuthentication) {
-			// shortcut if no authentication
+		if (!useAuthorization) {
+			// shortcut if no authorization
 			return true;
 		}
 		// quick fix: add auth-url-path to base.url
--- a/servlet2/pom.xml	Tue Mar 29 11:39:32 2016 +0200
+++ b/servlet2/pom.xml	Tue Mar 29 17:30:39 2016 +0200
@@ -5,7 +5,7 @@
   <parent>
     <artifactId>digilib</artifactId>
     <groupId>digilib</groupId>
-    <version>2.3-SNAPSHOT</version>
+    <version>2.4-SNAPSHOT</version>
   </parent>
   <artifactId>digilib-servlet2</artifactId>
   <name>digilib-servlet2</name>
--- a/servlet2/src/main/java/digilib/servlet/Scaler.java	Tue Mar 29 11:39:32 2016 +0200
+++ b/servlet2/src/main/java/digilib/servlet/Scaler.java	Tue Mar 29 17:30:39 2016 +0200
@@ -40,7 +40,7 @@
 import org.apache.log4j.Logger;
 
 import digilib.auth.AuthOpException;
-import digilib.auth.AuthOps;
+import digilib.auth.AuthzOps;
 import digilib.conf.DigilibServletConfiguration;
 import digilib.conf.DigilibServletRequest;
 import digilib.image.DocuImage;
@@ -106,8 +106,8 @@
     /** use authorization database */
     protected boolean useAuthorization = false;
 
-    /** AuthOps instance */
-    protected AuthOps authOp;
+    /** AuthzOps instance */
+    protected AuthzOps authzOp;
 
     /**
      * Initialisation on first run.
@@ -138,7 +138,7 @@
         logger.info("Scaler uses " + dlConfig.getValue("servlet.docuimage.version"));
         // set our AuthOps
         useAuthorization = dlConfig.getAsBoolean("use-authorization");
-        authOp = (AuthOps) dlConfig.getValue("servlet.auth.op");
+        authzOp = (AuthzOps) dlConfig.getValue(DigilibServletConfiguration.AUTHZ_OP_KEY);
 
         // DocuDirCache instance
         dirCache = (DocuDirCache) dlConfig.getValue("servlet.dir.cache");
@@ -245,7 +245,7 @@
             // check permissions
             if (useAuthorization) {
                 // is the current request/user authorized?
-                if (!authOp.isAuthorized(dlRequest)) {
+                if (!authzOp.isAuthorized(dlRequest)) {
                     // send deny answer and abort
                     throw new AuthOpException();
                 }
--- a/servlet2/src/main/java/digilib/servlet/ScalerNoThread.java	Tue Mar 29 11:39:32 2016 +0200
+++ b/servlet2/src/main/java/digilib/servlet/ScalerNoThread.java	Tue Mar 29 17:30:39 2016 +0200
@@ -36,7 +36,7 @@
 import org.apache.log4j.Logger;
 
 import digilib.auth.AuthOpException;
-import digilib.auth.AuthOps;
+import digilib.auth.AuthzOps;
 import digilib.conf.DigilibServletConfiguration;
 import digilib.conf.DigilibServletRequest;
 import digilib.image.DocuImage;
@@ -98,7 +98,7 @@
     protected boolean useAuthorization = true;
 
     /** AuthOps instance */
-    protected AuthOps authOp;
+    protected AuthzOps authzOp;
 
     /**
      * Initialisation on first run.
@@ -124,7 +124,7 @@
         }
         // set our AuthOps
         useAuthorization = dlConfig.getAsBoolean("use-authorization");
-        authOp = (AuthOps) dlConfig.getValue("servlet.auth.op");
+        authzOp = (AuthzOps) dlConfig.getValue(DigilibServletConfiguration.AUTHZ_OP_KEY);
 
         // DocuDirCache instance
         dirCache = (DocuDirCache) dlConfig.getValue("servlet.dir.cache");
@@ -227,7 +227,7 @@
             // check permissions
             if (useAuthorization) {
                 // is the current request/user authorized?
-                if (!authOp.isAuthorized(dlRequest)) {
+                if (!authzOp.isAuthorized(dlRequest)) {
                     // send deny answer and abort
                     throw new AuthOpException();
                 }
--- a/servlet3/pom.xml	Tue Mar 29 11:39:32 2016 +0200
+++ b/servlet3/pom.xml	Tue Mar 29 17:30:39 2016 +0200
@@ -3,7 +3,7 @@
   <parent>
     <artifactId>digilib</artifactId>
     <groupId>digilib</groupId>
-    <version>2.3-SNAPSHOT</version>
+    <version>2.4-SNAPSHOT</version>
   </parent>
   <artifactId>digilib-servlet3</artifactId>
   <name>digilib-servlet3</name>
--- a/servlet3/src/main/java/digilib/servlet/Scaler.java	Tue Mar 29 11:39:32 2016 +0200
+++ b/servlet3/src/main/java/digilib/servlet/Scaler.java	Tue Mar 29 17:30:39 2016 +0200
@@ -41,9 +41,10 @@
 import org.apache.log4j.Logger;
 
 import digilib.auth.AuthOpException;
-import digilib.auth.AuthOps;
+import digilib.auth.AuthzOps;
 import digilib.conf.DigilibConfiguration;
 import digilib.conf.DigilibServlet3Configuration;
+import digilib.conf.DigilibServletConfiguration;
 import digilib.conf.DigilibServletRequest;
 import digilib.image.DocuImage;
 import digilib.image.ImageJobDescription;
@@ -107,8 +108,8 @@
     /** use authorization database */
     protected boolean useAuthorization = false;
 
-    /** AuthOps instance */
-    protected AuthOps authOp;
+    /** AuthzOps instance */
+    protected AuthzOps authzOp;
 
     /**
      * Initialisation on first run.
@@ -137,7 +138,7 @@
         logger.info("Scaler uses " + dlConfig.getValue("servlet.docuimage.version"));
         // set our AuthOps
         useAuthorization = dlConfig.getAsBoolean("use-authorization");
-        authOp = (AuthOps) dlConfig.getValue("servlet.auth.op");
+        authzOp = (AuthzOps) dlConfig.getValue(DigilibServletConfiguration.AUTHZ_OP_KEY);
 
         // DocuDirCache instance
         dirCache = (DocuDirCache) dlConfig.getValue("servlet.dir.cache");
@@ -274,7 +275,7 @@
              */
             if (useAuthorization) {
                 // is the current request/user authorized?
-                if (!authOp.isAuthorized(dlRequest)) {
+                if (!authzOp.isAuthorized(dlRequest)) {
                     // send deny answer and abort
                     throw new AuthOpException();
                 }
--- a/text/pom.xml	Tue Mar 29 11:39:32 2016 +0200
+++ b/text/pom.xml	Tue Mar 29 17:30:39 2016 +0200
@@ -4,7 +4,7 @@
 	<parent>
 		<artifactId>digilib</artifactId>
 		<groupId>digilib</groupId>
-		<version>2.3-SNAPSHOT</version>
+		<version>2.4-SNAPSHOT</version>
 	</parent>
 	<artifactId>digilib-text</artifactId>
 	<name>digilib-text</name>
--- a/text/src/main/java/digilib/servlet/Texter.java	Tue Mar 29 11:39:32 2016 +0200
+++ b/text/src/main/java/digilib/servlet/Texter.java	Tue Mar 29 17:30:39 2016 +0200
@@ -38,7 +38,7 @@
 
 import org.apache.log4j.Logger;
 
-import digilib.auth.AuthOps;
+import digilib.auth.AuthzOps;
 import digilib.conf.DigilibServletConfiguration;
 import digilib.conf.DigilibServletRequest;
 import digilib.conf.TextServletConfiguration;
@@ -74,7 +74,7 @@
 	FileOps fileOp;
 
 	/** AuthOps instance */
-	AuthOps authOp;
+	AuthzOps authzOp;
 
 	/** ServletOps instance */
 	ServletOps servletOp;
@@ -83,7 +83,7 @@
 	DocuDirCache dirCache;
 
 	/** use authentication */
-	boolean useAuthentication = false;
+	boolean useAuthorization = false;
 
 	/*
 	 * (non-Javadoc)
@@ -109,8 +109,8 @@
 				+ tlVersion + ") *****");
 
 		// set our AuthOps
-		useAuthentication = dlConfig.getAsBoolean("use-authorization");
-		authOp = (AuthOps) dlConfig.getValue("servlet.auth.op");
+		useAuthorization = dlConfig.getAsBoolean("use-authorization");
+		authzOp = (AuthzOps) dlConfig.getValue(DigilibServletConfiguration.AUTHZ_OP_KEY);
 		// DocuDirCache instance
 		dirCache = (DocuDirCache) dlConfig.getValue(TextServletConfiguration.TEXT_DIR_CACHE_KEY);
 	}
--- a/webapp/pom.xml	Tue Mar 29 11:39:32 2016 +0200
+++ b/webapp/pom.xml	Tue Mar 29 17:30:39 2016 +0200
@@ -6,7 +6,7 @@
 	<parent>
 		<artifactId>digilib</artifactId>
 		<groupId>digilib</groupId>
-		<version>2.3-SNAPSHOT</version>
+		<version>2.4-SNAPSHOT</version>
 	</parent>
 	<artifactId>digilib-webapp</artifactId>
 	<name>digilib-webapp</name>
--- a/webapp/src/main/webapp/WEB-INF/digilib-config.xml.template	Tue Mar 29 11:39:32 2016 +0200
+++ b/webapp/src/main/webapp/WEB-INF/digilib-config.xml.template	Tue Mar 29 17:30:39 2016 +0200
@@ -55,7 +55,10 @@
   <parameter name="use-authorization" value="false" />
 
   <!-- Java class to use for authentication -->
-  <parameter name="authops-class" value="digilib.auth.PathServletAuthOps" />
+  <parameter name="authzops-class" value="digilib.auth.IpAuthnOps" />
+
+  <!-- Java class to use for authorization -->
+  <parameter name="authzops-class" value="digilib.auth.PathAuthzOps" />
 
   <!-- URL location of XML file with authorization requirements. -->
   <parameter name="auth-file" value="digilib-auth.xml" />
--- a/webapp/src/main/webapp/api/dlContext-xml.jsp	Tue Mar 29 11:39:32 2016 +0200
+++ b/webapp/src/main/webapp/api/dlContext-xml.jsp	Tue Mar 29 17:30:39 2016 +0200
@@ -25,8 +25,7 @@
           digilib.conf.DigilibServletRequest,
           digilib.io.DocuDirCache,
           digilib.io.DocuDirent,
-          java.util.HashMap,
-          java.io.File"%><%!
+          digilib.meta.MetadataMap"%><%!
 // create DocumentBean instance for all JSP requests
 DocumentBean docBean = new DocumentBean();
 
@@ -54,11 +53,11 @@
 int pn = dlRequest.getAsInt("pn");
 String fn = dlRequest.getFilePath();
 String ctx = "";
-DocuDirent f = dirCache.getFile(fn, pn, digilib.io.FileOps.FileClass.IMAGE);
+DocuDirent f = dirCache.getFile(fn, pn);
 if (f != null) {
     //ctx = "hasfile:"+f.getName();
     f.checkMeta();
-    HashMap meta = f.getMeta().getFileMeta();
+    MetadataMap meta = f.getMeta().getFileMeta();
     if (meta != null) {
     	//ctx = "JSP:hasmeta!";
     	if (meta.containsKey("context")) {
--- a/webapp/src/main/webapp/dlContext-xml.jsp	Tue Mar 29 11:39:32 2016 +0200
+++ b/webapp/src/main/webapp/dlContext-xml.jsp	Tue Mar 29 17:30:39 2016 +0200
@@ -25,8 +25,7 @@
           digilib.conf.DigilibServletRequest,
           digilib.io.DocuDirCache,
           digilib.io.DocuDirent,
-          java.util.HashMap,
-          java.io.File"%><%!
+          digilib.meta.MetadataMap"%><%!
 // create DocumentBean instance for all JSP requests
 DocumentBean docBean = new DocumentBean();
 
@@ -54,11 +53,11 @@
 int pn = dlRequest.getAsInt("pn");
 String fn = dlRequest.getFilePath();
 String ctx = "";
-DocuDirent f = dirCache.getFile(fn, pn, digilib.io.FileOps.FileClass.IMAGE);
+DocuDirent f = dirCache.getFile(fn, pn);
 if (f != null) {
     //ctx = "hasfile:"+f.getName();
     f.checkMeta();
-    HashMap meta = f.getMeta().getFileMeta();
+    MetadataMap meta = f.getMeta().getFileMeta();
     if (meta != null) {
     	//ctx = "JSP:hasmeta!";
     	if (meta.containsKey("context")) {
--- a/webapp/src/main/webapp/jquery/jquery.digilib.js	Tue Mar 29 11:39:32 2016 +0200
+++ b/webapp/src/main/webapp/jquery/jquery.digilib.js	Tue Mar 29 17:30:39 2016 +0200
@@ -45,7 +45,7 @@
 
     var defaults = {
         // version of this script
-        'version' : 'jquery.digilib.js 2.3.9a',
+        'version' : 'jquery.digilib.js 2.4.0a',
         // logo url
         'logoUrl' : 'img/digilib-logo-text1.png',
         // homepage url (behind logo)
--- a/webapp/src/main/webapp/server/dlConfig.jsp	Tue Mar 29 11:39:32 2016 +0200
+++ b/webapp/src/main/webapp/server/dlConfig.jsp	Tue Mar 29 17:30:39 2016 +0200
@@ -25,6 +25,7 @@
           digilib.conf.DigilibServletConfiguration,
           digilib.conf.DigilibServletRequest,
           digilib.io.DocuDirCache,
+          digilib.image.DocuImage,
           digilib.image.DocuImageFactory,
           java.io.File"%>
 <%!
@@ -54,8 +55,7 @@
 // dir cache
 DocuDirCache dirCache = (DocuDirCache) dlConfig.getValue("servlet.dir.cache");
 // image JobCenter
-DigilibJobCenter imageProcessor =  (DigilibJobCenter)dlConfig.getValue("servlet.worker.imageexecutor");        
-
+DigilibJobCenter<DocuImage> imageProcessor =  (DigilibJobCenter<DocuImage>) dlConfig.getValue("servlet.worker.imageexecutor");
 %>
 
 <html>
@@ -196,8 +196,8 @@
 <p>Supported image types</p>
 <ul>
 <% 
-  java.util.Iterator dlfs = DocuImageFactory.getInstance().getSupportedFormats();
-  for (Object f = dlfs.next(); dlfs.hasNext(); f = dlfs.next()) {
+  java.util.Iterator<String> dlfs = DocuImageFactory.getInstance().getSupportedFormats();
+  for (String f = dlfs.next(); dlfs.hasNext(); f = dlfs.next()) {
 %>
   <li><%= (String)f %></li>
 <%