Mercurial > hg > digilib
changeset 1492:2197975ec945
first version of digilib 2.4 with newly refactored authentication and authorization.
line wrap: on
line diff
--- a/common-bioformats/pom.xml Tue Mar 29 11:39:32 2016 +0200 +++ b/common-bioformats/pom.xml Tue Mar 29 17:30:39 2016 +0200 @@ -3,7 +3,7 @@ <parent> <artifactId>digilib</artifactId> <groupId>digilib</groupId> - <version>2.3-SNAPSHOT</version> + <version>2.4-SNAPSHOT</version> <relativePath>..</relativePath> </parent> <artifactId>digilib-common-bioformats</artifactId>
--- a/common-imagej/pom.xml Tue Mar 29 11:39:32 2016 +0200 +++ b/common-imagej/pom.xml Tue Mar 29 17:30:39 2016 +0200 @@ -3,7 +3,7 @@ <parent> <artifactId>digilib</artifactId> <groupId>digilib</groupId> - <version>2.3-SNAPSHOT</version> + <version>2.4-SNAPSHOT</version> <relativePath>..</relativePath> </parent> <artifactId>digilib-common-imagej</artifactId>
--- a/common-jai/pom.xml Tue Mar 29 11:39:32 2016 +0200 +++ b/common-jai/pom.xml Tue Mar 29 17:30:39 2016 +0200 @@ -3,7 +3,7 @@ <parent> <artifactId>digilib</artifactId> <groupId>digilib</groupId> - <version>2.3-SNAPSHOT</version> + <version>2.4-SNAPSHOT</version> <relativePath>..</relativePath> </parent> <artifactId>digilib-common-jai</artifactId>
--- a/common/pom.xml Tue Mar 29 11:39:32 2016 +0200 +++ b/common/pom.xml Tue Mar 29 17:30:39 2016 +0200 @@ -6,7 +6,7 @@ <parent> <artifactId>digilib</artifactId> <groupId>digilib</groupId> - <version>2.3-SNAPSHOT</version> + <version>2.4-SNAPSHOT</version> </parent> <artifactId>digilib-common</artifactId>
--- a/common/src/main/java/digilib/auth/AuthOpException.java Tue Mar 29 11:39:32 2016 +0200 +++ b/common/src/main/java/digilib/auth/AuthOpException.java Tue Mar 29 17:30:39 2016 +0200 @@ -2,7 +2,7 @@ /* * #%L - * AuthOpException -- Authentication exception class + * AuthOpException -- Authentication/authorization exception class * * Digital Image Library servlet components *
--- a/common/src/main/java/digilib/auth/AuthOps.java Tue Mar 29 11:39:32 2016 +0200 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,68 +0,0 @@ -package digilib.auth; - -/* - * #%L - * AuthOps -- Authentication interface class - * - * Digital Image Library servlet components - * - * %% - * Copyright (C) 2001 - 2013 MPIWG Berlin - * %% - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Lesser Public License for more details. - * - * You should have received a copy of the GNU General Lesser Public - * License along with this program. If not, see - * <http://www.gnu.org/licenses/lgpl-3.0.html>. - * #L% - * Author: Robert Casties (robcast@berlios.de) - */ - -import java.io.File; - -import digilib.conf.DigilibRequest; - -/** Class of operations requiring authentication. */ -public interface AuthOps { - - /** - * Test if the request must be authorized to access the filepath. - * - * Information about the user is taken from the DigilibRequest. - * - * @param request - * DigilibRequest with user information. - * @throws AuthOpException - * Exception thrown on error. - * @return true if the user request must be authorized. - */ - public boolean isAuthRequired(DigilibRequest request) throws AuthOpException; - - /** - * Test if the request is allowed to access filepath. - * - * @param request - * Request with user information. - * @throws AuthOpException - * Exception thrown on error. - * @return true if the request is allowed. - */ - public boolean isAuthorized(DigilibRequest request) throws AuthOpException; - - - /** - * Configure this AuthOps instance. - * - * @param confFile - * @throws AuthOpException - */ - public void setConfig(File confFile) throws AuthOpException; -}
--- a/common/src/main/java/digilib/auth/AuthOpsFactory.java Tue Mar 29 11:39:32 2016 +0200 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,59 +0,0 @@ -package digilib.auth; - -/* - * #%L - * digilib-common - * %% - * Copyright (C) 2013 MPIWG Berlin - * %% - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Lesser Public License for more details. - * - * You should have received a copy of the GNU General Lesser Public - * License along with this program. If not, see - * <http://www.gnu.org/licenses/lgpl-3.0.html>. - * #L% - * Author: Robert Casties (robcast@berlios.de) - */ - -import org.apache.log4j.Logger; - - -/** - * Static factory for AuthOps. - * - * @author casties - * - */ -public class AuthOpsFactory { - /** Log4J logger */ - protected static Logger logger = Logger.getLogger(AuthOpsFactory.class); - - /** AuthOps implementation class */ - protected static Class<AuthOps> authOpsClass; - - public static AuthOps getAuthOpsInstance() { - AuthOps ao = null; - try { - ao = authOpsClass.newInstance(); - } catch (Exception e) { - logger.error("Unable to create AuthOps instance!", e); - } - return ao; - } - - /** set the AuthOps implementation class. - * @param clazz - */ - public static void setAuthOpsClass(Class<AuthOps> clazz) { - AuthOpsFactory.authOpsClass = clazz; - } - -}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/common/src/main/java/digilib/auth/AuthnOps.java Tue Mar 29 17:30:39 2016 +0200 @@ -0,0 +1,54 @@ +package digilib.auth; + +/* + * #%L + * AuthnOps -- Authentication interface class + * + * Digital Image Library servlet components + * + * %% + * Copyright (C) 2016 MPIWG Berlin + * %% + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Lesser Public License for more details. + * + * You should have received a copy of the GNU General Lesser Public + * License along with this program. If not, see + * <http://www.gnu.org/licenses/lgpl-3.0.html>. + * #L% + * Author: Robert Casties (robcast@users.sourceforge.net) + */ + +import digilib.conf.DigilibConfiguration; +import digilib.conf.DigilibRequest; + +/** Class of operations providing authentication. */ +public interface AuthnOps { + + /** + * Test if the user represented by request has the given role. + * + * @param request Request with user information. + * @param role role to be tested. + * @throws AuthOpException + * Exception thrown on error. + * @return true if the user has the role. + */ + public boolean isUserInRole(DigilibRequest request, String role) throws AuthOpException; + + + /** + * Configure this AuthnOps instance. + * + * @param confFile + * @throws AuthOpException + */ + public void init(DigilibConfiguration dlConfig) throws AuthOpException; +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/common/src/main/java/digilib/auth/AuthnOpsFactory.java Tue Mar 29 17:30:39 2016 +0200 @@ -0,0 +1,59 @@ +package digilib.auth; + +/* + * #%L + * Authentication Ops factory. + * %% + * Copyright (C) 2016 MPIWG Berlin + * %% + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Lesser Public License for more details. + * + * You should have received a copy of the GNU General Lesser Public + * License along with this program. If not, see + * <http://www.gnu.org/licenses/lgpl-3.0.html>. + * #L% + * Author: Robert Casties (robcast@users.sourceforge.net) + */ + +import org.apache.log4j.Logger; + + +/** + * Static factory for authentication AuthnOps. + * + * @author casties + * + */ +public class AuthnOpsFactory { + /** Log4J logger */ + protected static Logger logger = Logger.getLogger(AuthnOpsFactory.class); + + /** AuthnOps implementation class */ + protected static Class<AuthnOps> authOpsClass; + + public static AuthnOps getAuthnOpsInstance() { + AuthnOps ao = null; + try { + ao = authOpsClass.newInstance(); + } catch (Exception e) { + logger.error("Unable to create AuthnOps instance!", e); + } + return ao; + } + + /** set the AuthnOps implementation class. + * @param clazz + */ + public static void setAuthnOpsClass(Class<AuthnOps> clazz) { + AuthnOpsFactory.authOpsClass = clazz; + } + +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/common/src/main/java/digilib/auth/AuthzOps.java Tue Mar 29 17:30:39 2016 +0200 @@ -0,0 +1,67 @@ +package digilib.auth; + +/* + * #%L + * AuthzOps -- Authorization interface class + * + * Digital Image Library servlet components + * + * %% + * Copyright (C) 2001 - 2016 MPIWG Berlin + * %% + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Lesser Public License for more details. + * + * You should have received a copy of the GNU General Lesser Public + * License along with this program. If not, see + * <http://www.gnu.org/licenses/lgpl-3.0.html>. + * #L% + * Author: Robert Casties (robcast@users.sourceforge.net) + */ + +import digilib.conf.DigilibConfiguration; +import digilib.conf.DigilibRequest; + +/** Class of operations providing authorization. */ +public interface AuthzOps { + + /** + * Test if the request must be authorized to access the filepath. + * + * Information about the user is taken from the DigilibRequest. + * + * @param request + * DigilibRequest with user information. + * @throws AuthOpException + * Exception thrown on error. + * @return true if the user request must be authorized. + */ + public boolean isAuthorizationRequired(DigilibRequest request) throws AuthOpException; + + /** + * Test if the request is authorized to access filepath. + * + * @param request + * Request with user information. + * @throws AuthOpException + * Exception thrown on error. + * @return true if the request is allowed. + */ + public boolean isAuthorized(DigilibRequest request) throws AuthOpException; + + + /** + * Configure this AuthzOps instance. + * + * @param confFile + * @throws AuthOpException + */ + public void init(DigilibConfiguration dlConfig) throws AuthOpException; +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/common/src/main/java/digilib/auth/AuthzOpsFactory.java Tue Mar 29 17:30:39 2016 +0200 @@ -0,0 +1,59 @@ +package digilib.auth; + +/* + * #%L + * Authorization Ops factory + * %% + * Copyright (C) 2013 MPIWG Berlin + * %% + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Lesser Public License for more details. + * + * You should have received a copy of the GNU General Lesser Public + * License along with this program. If not, see + * <http://www.gnu.org/licenses/lgpl-3.0.html>. + * #L% + * Author: Robert Casties (robcast@berlios.de) + */ + +import org.apache.log4j.Logger; + + +/** + * Static factory for authorization AuthzOps. + * + * @author casties + * + */ +public class AuthzOpsFactory { + /** Log4J logger */ + protected static Logger logger = Logger.getLogger(AuthzOpsFactory.class); + + /** AuthzOps implementation class */ + protected static Class<AuthzOps> authOpsClass; + + public static AuthzOps getAuthzOpsInstance() { + AuthzOps ao = null; + try { + ao = authOpsClass.newInstance(); + } catch (Exception e) { + logger.error("Unable to create AuthzOps instance!", e); + } + return ao; + } + + /** set the AuthzOps implementation class. + * @param clazz + */ + public static void setAuthzOpsClass(Class<AuthzOps> clazz) { + AuthzOpsFactory.authOpsClass = clazz; + } + +}
--- a/common/src/main/java/digilib/conf/DigilibConfiguration.java Tue Mar 29 11:39:32 2016 +0200 +++ b/common/src/main/java/digilib/conf/DigilibConfiguration.java Tue Mar 29 17:30:39 2016 +0200 @@ -57,7 +57,7 @@ /** digilib version */ public static String getClassVersion() { - return "2.3.9a"; + return "2.4.0a"; } /* non-static getVersion for Java inheritance */
--- a/common/src/main/java/digilib/meta/IndexMetaAuthLoader.java Tue Mar 29 11:39:32 2016 +0200 +++ b/common/src/main/java/digilib/meta/IndexMetaAuthLoader.java Tue Mar 29 17:30:39 2016 +0200 @@ -42,13 +42,15 @@ */ /** - * Class loading index.meta files extracting some image file - * related information. + * Class loading index.meta files extracting some image file related information. + * * Extracts into the MetadataMap all tags in the meta/img tag as key-value * pairs and access conditions under the access key. * * Returns a map with filenames and MetadataMaps. * + * Implemented using javax.xml.stream.XMLStreamReader. + * * @see <a * href="http://intern.mpiwg-berlin.mpg.de/digitalhumanities/mpiwg-metadata-documentation/formate/indexmeta-standard">index.meta * spec</a>
--- a/common/src/main/java/digilib/meta/IndexMetaLoader.java Tue Mar 29 11:39:32 2016 +0200 +++ b/common/src/main/java/digilib/meta/IndexMetaLoader.java Tue Mar 29 17:30:39 2016 +0200 @@ -44,8 +44,12 @@ /** * Class loading index.meta files with metadata extracting some image file related information. + * * Extracts into the MetadataMap all tags in the meta/img tag as key-value pairs and the content of the meta/context tag as XML. - * Returns a map with filenames and MetadataMaps. + * + * Returns a map with filenames and MetadataMaps. + * + * Implemented using javax.xml.parsers.SAXParser. * * @see <a href="http://intern.mpiwg-berlin.mpg.de/digitalhumanities/mpiwg-metadata-documentation/formate/indexmeta-standard">index.meta spec</a> * @author Robert Casties
--- a/doc/pom.xml Tue Mar 29 11:39:32 2016 +0200 +++ b/doc/pom.xml Tue Mar 29 17:30:39 2016 +0200 @@ -3,7 +3,7 @@ <parent> <groupId>digilib</groupId> <artifactId>digilib</artifactId> - <version>2.3-SNAPSHOT</version> + <version>2.4-SNAPSHOT</version> </parent> <artifactId>digilib-doc</artifactId> <packaging>pom</packaging>
--- a/pdf/pom.xml Tue Mar 29 11:39:32 2016 +0200 +++ b/pdf/pom.xml Tue Mar 29 17:30:39 2016 +0200 @@ -4,7 +4,7 @@ <parent> <artifactId>digilib</artifactId> <groupId>digilib</groupId> - <version>2.3-SNAPSHOT</version> + <version>2.4-SNAPSHOT</version> </parent> <artifactId>digilib-pdf</artifactId> <name>digilib-pdf</name>
--- a/pom.xml Tue Mar 29 11:39:32 2016 +0200 +++ b/pom.xml Tue Mar 29 17:30:39 2016 +0200 @@ -9,7 +9,7 @@ <groupId>digilib</groupId> <artifactId>digilib</artifactId> - <version>2.3-SNAPSHOT</version> + <version>2.4-SNAPSHOT</version> <packaging>pom</packaging> <name>digilib</name> @@ -196,57 +196,57 @@ <dependency> <groupId>digilib</groupId> <artifactId>digilib-common</artifactId> - <version>2.3-SNAPSHOT</version> + <version>2.4-SNAPSHOT</version> </dependency> <dependency> <groupId>digilib</groupId> <artifactId>digilib-common-jai</artifactId> - <version>2.3-SNAPSHOT</version> + <version>2.4-SNAPSHOT</version> </dependency> <dependency> <groupId>digilib</groupId> <artifactId>digilib-common-imagej</artifactId> - <version>2.3-SNAPSHOT</version> + <version>2.4-SNAPSHOT</version> </dependency> <dependency> <groupId>digilib</groupId> <artifactId>digilib-common-bioformats</artifactId> - <version>2.3-SNAPSHOT</version> + <version>2.4-SNAPSHOT</version> </dependency> <dependency> <groupId>digilib</groupId> <artifactId>digilib-doc</artifactId> - <version>2.3-SNAPSHOT</version> + <version>2.4-SNAPSHOT</version> </dependency> <dependency> <groupId>digilib</groupId> <artifactId>digilib-pdf</artifactId> - <version>2.3-SNAPSHOT</version> + <version>2.4-SNAPSHOT</version> </dependency> <dependency> <groupId>digilib</groupId> <artifactId>digilib-text</artifactId> - <version>2.3-SNAPSHOT</version> + <version>2.4-SNAPSHOT</version> </dependency> <dependency> <groupId>digilib</groupId> <artifactId>digilib-servlet</artifactId> - <version>2.3-SNAPSHOT</version> + <version>2.4-SNAPSHOT</version> </dependency> <dependency> <groupId>digilib</groupId> <artifactId>digilib-servlet2</artifactId> - <version>2.3-SNAPSHOT</version> + <version>2.4-SNAPSHOT</version> </dependency> <dependency> <groupId>digilib</groupId> <artifactId>digilib-servlet3</artifactId> - <version>2.3-SNAPSHOT</version> + <version>2.4-SNAPSHOT</version> </dependency> <dependency> <groupId>digilib</groupId> <artifactId>digilib-webapp</artifactId> - <version>2.3-SNAPSHOT</version> + <version>2.4-SNAPSHOT</version> </dependency> </dependencies> </dependencyManagement>
--- a/servlet/pom.xml Tue Mar 29 11:39:32 2016 +0200 +++ b/servlet/pom.xml Tue Mar 29 17:30:39 2016 +0200 @@ -5,7 +5,7 @@ <parent> <groupId>digilib</groupId> <artifactId>digilib</artifactId> - <version>2.3-SNAPSHOT</version> + <version>2.4-SNAPSHOT</version> </parent> <artifactId>digilib-servlet</artifactId> <name>digilib-servlet</name>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/servlet/src/main/java/digilib/auth/AuthzOpsImpl.java Tue Mar 29 17:30:39 2016 +0200 @@ -0,0 +1,113 @@ +package digilib.auth; + +/* + * #%L + * AuthOps -- Authentication class implementation + * + * Digital Image Library servlet components + * + * %% + * Copyright (C) 2001 - 2013 MPIWG Berlin + * %% + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Lesser Public License for more details. + * + * You should have received a copy of the GNU General Lesser Public + * License along with this program. If not, see + * <http://www.gnu.org/licenses/lgpl-3.0.html>. + * #L% + * Author: Robert Casties (robcast@berlios.de) + */ + +import java.util.List; + +import org.apache.log4j.Logger; + +import digilib.conf.DigilibConfiguration; +import digilib.conf.DigilibRequest; +import digilib.conf.DigilibServletRequest; + +/** + * Basic implementation of AuthOps interface. + * + * Provides basic implementations. Only rolesForPath needs to be implemented by + * specific implementations. + */ +public abstract class AuthzOpsImpl implements AuthzOps { + + /** general logger for this class */ + protected Logger logger = Logger.getLogger(this.getClass()); + + /** authentication instance */ + protected AuthnOps authnOps; + + /* (non-Javadoc) + * @see digilib.auth.AuthzOps#init(digilib.conf.DigilibConfiguration) + */ + @Override + public abstract void init(DigilibConfiguration dlConfig) throws AuthOpException; + + /** + * @see digilib.auth.AuthzOps#isAuthorizationRequired(digilib.conf.DigilibRequest) + */ + public boolean isAuthorizationRequired(DigilibRequest request) throws AuthOpException { + // check permissions + List<String> rolesRequired = rolesForPath((DigilibServletRequest) request); + return (rolesRequired != null); + } + + /** + * @see digilib.auth.AuthzOps#isAuthorized(digilib.conf.DigilibRequest) + */ + public boolean isAuthorized(DigilibRequest request) throws AuthOpException { + List<String> rolesRequired = rolesForPath((DigilibServletRequest) request); + if (rolesRequired == null) return true; + return isRoleAuthorized(rolesRequired, (DigilibServletRequest) request); + } + + /** + * Test request authorization against a list of roles. + * + * @param rolesRequired + * List of Strings with role names. + * @param request + * ServletRequest with address information. + * @return true if the user information in the request authorizes one of the roles. + * @throws AuthOpException + */ + public boolean isRoleAuthorized(List<String> rolesRequired, DigilibServletRequest request) throws AuthOpException { + if (rolesRequired == null) return true; + for (String r : rolesRequired) { + logger.debug("Testing role: " + r); + if (authnOps.isUserInRole(request, r)) { + logger.debug("Role Authorized"); + return true; + } + } + return false; + } + + /** + * Authorization roles needed for request. + * + * Returns the list of authorization roles that are needed to access the + * specified path. No list means the path is free. + * + * The location information of the request is also considered. + * + * @param request + * DigilibRequest with address information. + * @throws AuthOpException + * Exception thrown on error. + * @return List of Strings with role names. + */ + public abstract List<String> rolesForPath(DigilibServletRequest request) throws AuthOpException; + +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/servlet/src/main/java/digilib/auth/IpAuthnOps.java Tue Mar 29 17:30:39 2016 +0200 @@ -0,0 +1,112 @@ +package digilib.auth; + +/* + * #%L + * Authentication class implementation using IP addresses + * + * Digital Image Library servlet components + * + * %% + * Copyright (C) 2016 MPIWG Berlin + * %% + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Lesser Public License for more details. + * + * You should have received a copy of the GNU General Lesser Public + * License along with this program. If not, see + * <http://www.gnu.org/licenses/lgpl-3.0.html>. + * #L% + * Author: Robert Casties (robcast@berlios.de) + */ + +import java.io.File; +import java.util.List; +import java.util.Map; + +import javax.servlet.http.HttpServletRequest; + +import org.apache.log4j.Logger; + +import digilib.conf.DigilibConfiguration; +import digilib.conf.DigilibRequest; +import digilib.conf.DigilibServletRequest; +import digilib.util.HashTree; +import digilib.util.XMLListLoader; + +/** + * Implements AuthnOps using paths defined in an XML config file. + * + * The name of the configuration file is read from the digilib config parameter "auth-file". + * <p/> + * The tag "digilib-adresses" is read from the configuration file: + * <pre> + * {@code + * <digilib-addresses> + * <address ip="130.92.68" role="eastwood-coll,ptolemaios-geo" /> + * <address ip="130.92.151" role="wtwg" /> + * </digilib-addresses> + * } + * </pre> + * A computer with an ip address that matches "ip" is automatically granted all roles under "role". + * The ip address is matched from the left (in full quads). Roles under "role" must be separated by comma only (no spaces). + * + */ +public class IpAuthnOps implements AuthnOps { + + /** general logger for this class */ + protected Logger logger = Logger.getLogger(this.getClass()); + + protected File configFile; + protected HashTree authIPs; + + /** + * Initialize authentication operations. + * + * Reads tag "digilib-adresses" from configuration file + * and sets up authentication arrays. + * + * @throws AuthOpException + * Exception thrown on error. + */ + @Override + public void init(DigilibConfiguration dlConfig) throws AuthOpException { + configFile = dlConfig.getAsFile("auth-file"); + logger.debug("ipauthnops.init (" + configFile + ")"); + Map<String, String> ipList = null; + try { + // load authIPs + XMLListLoader ipLoader = new XMLListLoader("digilib-addresses", "address", "ip", "role"); + ipList = ipLoader.loadUri(configFile.toURI()); + } catch (Exception e) { + throw new AuthOpException("ERROR loading authorization config file: " + e); + } + if (ipList == null) { + throw new AuthOpException("ERROR unable to load authorization config file!"); + } + // setup ip tree + authIPs = new HashTree(ipList, ".", ","); + } + + /* (non-Javadoc) + * @see digilib.auth.AuthnOps#isUserInRole(digilib.conf.DigilibRequest, java.lang.String) + */ + @Override + public boolean isUserInRole(DigilibRequest dlRequest, String role) throws AuthOpException { + // check if the requests address provides a role + HttpServletRequest request = ((DigilibServletRequest) dlRequest).getServletRequest(); + String ip = request.getRemoteAddr(); + List<String> provided = authIPs.match(ip); + if ((provided != null) && (provided.contains(role))) { + return true; + } + return false; + } + +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/servlet/src/main/java/digilib/auth/IpServletAuthnOps.java Tue Mar 29 17:30:39 2016 +0200 @@ -0,0 +1,73 @@ +package digilib.auth; + +/* + * #%L + * Authentication class implementation using IP addresses and Servlet user information + * + * Digital Image Library servlet components + * + * %% + * Copyright (C) 2016 MPIWG Berlin + * %% + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Lesser Public License for more details. + * + * You should have received a copy of the GNU General Lesser Public + * License along with this program. If not, see + * <http://www.gnu.org/licenses/lgpl-3.0.html>. + * #L% + * Author: Robert Casties (robcast@berlios.de) + */ + +import java.util.List; + +import javax.servlet.http.HttpServletRequest; + +import digilib.conf.DigilibRequest; +import digilib.conf.DigilibServletRequest; + +/** + * Implements AuthnOps using paths defined in an XML config file and Servlet API isUserInRole(). + * + * The name of the configuration file is read from the digilib config parameter "auth-file". + * <p/> + * The tag "digilib-adresses" is read from the configuration file: + * <pre> + * {@code + * <digilib-addresses> + * <address ip="130.92.68" role="eastwood-coll,ptolemaios-geo" /> + * <address ip="130.92.151" role="wtwg" /> + * </digilib-addresses> + * } + * </pre> + * A computer with an ip address that matches "ip" is automatically granted all roles under "role". + * The ip address is matched from the left (in full quads). Roles under "role" must be separated by comma only (no spaces). + * + * Uses ServletRequest.isUserInRole() if roles provided by IP are not sufficient. + */ +public class IpServletAuthnOps extends IpAuthnOps { + + /* (non-Javadoc) + * @see digilib.auth.IpAuthnOps#isUserInRole(digilib.conf.DigilibRequest, java.lang.String) + */ + @Override + public boolean isUserInRole(DigilibRequest dlRequest, String role) throws AuthOpException { + // check if the requests address provides a role + HttpServletRequest request = ((DigilibServletRequest) dlRequest).getServletRequest(); + String ip = request.getRemoteAddr(); + List<String> provided = authIPs.match(ip); + if ((provided != null) && (provided.contains(role))) { + return true; + } + // use the ServletRequest + return request.isUserInRole(role); + } + +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/servlet/src/main/java/digilib/auth/MetaAccessAuthzOps.java Tue Mar 29 17:30:39 2016 +0200 @@ -0,0 +1,161 @@ +package digilib.auth; + +/* + * #%L + * Authorization class implementation using access information from + * file metadata. + * + * Digital Image Library servlet components + * + * %% + * Copyright (C) 2013-2016 MPIWG Berlin + * %% + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Lesser Public License for more details. + * + * You should have received a copy of the GNU General Lesser Public + * License along with this program. If not, see + * <http://www.gnu.org/licenses/lgpl-3.0.html>. + * #L% + * Author: Robert Casties (robcast@users.souceforge.net) + */ + +import java.io.File; +import java.util.Arrays; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import javax.servlet.http.HttpServletRequest; + +import digilib.conf.DigilibConfiguration; +import digilib.conf.DigilibServletConfiguration; +import digilib.conf.DigilibServletRequest; +import digilib.image.ImageJobDescription; +import digilib.io.DocuDirCache; +import digilib.io.DocuDirent; +import digilib.io.FileOpException; +import digilib.meta.MetadataMap; +import digilib.util.XMLListLoader; + +/** + * Implementation of AuthzOps using "access" information from file metadata. + * + * Requires FileMeta implementation providing "access", e.g. digilib.meta.IndexMetaFileMeta. + * + * The name of the configuration file is read from the digilib config parameter "auth-file". + * <p/> + * Tags "digilib-access" and "digilib-adresses" are read from the configuration file: + * <pre> + * {@code + * <digilib-access> + * <access type="group:mpiwg" role="mpiwg-user"/> + * </digilib-access> + * } + * </pre> + * A user must supply one of the roles under "role" to access any object with the metadata "access" type of "type". + * Roles under "role" must be separated by comma only (no spaces). + * + */ +public class MetaAccessAuthzOps extends AuthzOpsImpl { + + private File configFile; + private Map<String, List<String>> rolesMap; + + /** + * Initialize authentication operations. + * + * Reads tag "digilib-access" from configuration file + * and sets up authentication arrays. + * + * @throws AuthOpException + * Exception thrown on error. + */ + @Override + public void init(DigilibConfiguration dlConfig) throws AuthOpException { + configFile = dlConfig.getAsFile("auth-file"); + logger.debug("IpRoleServletAuthops.init (" + configFile + ")"); + Map<String, String> roleList = null; + try { + // load role mappings + XMLListLoader roleLoader = new XMLListLoader("digilib-access", "access", "type", "role"); + roleList = roleLoader.loadUri(configFile.toURI()); + } catch (Exception e) { + throw new AuthOpException("ERROR loading authorization config file: " + e); + } + if (roleList == null) { + throw new AuthOpException("ERROR unable to load authorization config file!"); + } + // convert role list to map, splitting roles by "," + rolesMap = new HashMap<String,List<String>>(roleList.size()); + for (String k : roleList.keySet()) { + String rs = roleList.get(k); + String[] ra = rs.split(","); + rolesMap.put(k, Arrays.asList(ra)); + } + // set authentication + this.authnOps = (AuthnOps) dlConfig.getValue(DigilibServletConfiguration.AUTHN_OP_KEY); + } + + /** + * Return authorization roles needed for request. + * + * Returns the list of authorization roles that are needed to access the + * specified path. No list means the path is free. + * + * The location information of the request is also considered. + * + * @param request + * ServletRequest with address information. + * @throws AuthOpException + * Exception thrown on error. + * @return List of Strings with role names. + */ + @Override + public List<String> rolesForPath(DigilibServletRequest dlRequest) throws AuthOpException { + HttpServletRequest request = dlRequest.getServletRequest(); + DocuDirent imgs; + try { + // try to get image file from JobDescription + ImageJobDescription ticket = dlRequest.getJobDescription(); + if (ticket != null) { + imgs = (DocuDirent) ticket.getImageSet(); + } else { + // try to get image file from DirCache + DigilibConfiguration config = dlRequest.getDigilibConfig(); + DocuDirCache cache = (DocuDirCache) config.getValue(DigilibServletConfiguration.DIR_CACHE_KEY); + imgs = cache.getFile(dlRequest.getFilePath(), dlRequest.getAsInt("pn")); + } + } catch (FileOpException e) { + throw new AuthOpException("No file for auth check!"); + } + /* + * get access restrictions from metadata + */ + String access = null; + try { + imgs.checkMeta(); + MetadataMap meta = imgs.getMeta().getFileMeta(); + access = meta.get("access"); + } catch (Exception e) { + logger.error("Error getting access meta for file!"); + } + if (access == null) { + // no access restriction - allow + logger.debug("rolesForPath (" + imgs.getName() + ") by [" + request.getRemoteAddr() + "]: (none)"); + return null; + } + // get required roles + List<String> required = rolesMap.get(access); + logger.debug("rolesForPath (" + imgs.getName() + ") by [" + request.getRemoteAddr() + "]: "+required); + return required; + } + +}
--- a/servlet/src/main/java/digilib/auth/MetaAccessServletAuthOps.java Tue Mar 29 11:39:32 2016 +0200 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,204 +0,0 @@ -package digilib.auth; - -/* - * #%L - * Authentication class implementation using access information from - * file metadata. - * - * Digital Image Library servlet components - * - * %% - * Copyright (C) 2013 MPIWG Berlin - * %% - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Lesser Public License for more details. - * - * You should have received a copy of the GNU General Lesser Public - * License along with this program. If not, see - * <http://www.gnu.org/licenses/lgpl-3.0.html>. - * #L% - * Author: Robert Casties (robcast@berlios.de) - */ - -import java.io.File; -import java.util.Arrays; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -import javax.servlet.http.HttpServletRequest; - -import digilib.conf.DigilibConfiguration; -import digilib.conf.DigilibServletConfiguration; -import digilib.conf.DigilibServletRequest; -import digilib.image.ImageJobDescription; -import digilib.io.DocuDirCache; -import digilib.io.DocuDirent; -import digilib.io.FileOpException; -import digilib.meta.MetadataMap; -import digilib.util.HashTree; -import digilib.util.XMLListLoader; - -/** - * Implementation of AuthOps using "access" information from file metadata and - * roles mapped to IP-number ranges defined in an XML config file. - * <p/> - * Tags "digilib-access" and "digilib-adresses" are read from the configuration file: - * <pre> - * {@code - * <digilib-access> - * <access type="group:mpiwg" role="user"/> - * </digilib-access> - * } - * </pre> - * A user must supply one of the roles under "role" to access any object with the metadata "access" type of "type". - * Roles under "role" must be separated by comma only (no spaces). - * <pre> - * {@code - * <digilib-addresses> - * <address ip="130.92.68" role="eastwood-coll,ptolemaios-geo" /> - * <address ip="130.92.151" role="ALL" /> - * </digilib-addresses> - * } - * </pre> - * A computer with an ip address that matches "ip" is automatically granted all roles under "role". - * The ip address is matched from the left (in full quads). Roles under "role" must be separated by comma only (no spaces). - * - */ -public class MetaAccessServletAuthOps extends ServletAuthOpsImpl { - - private File configFile; - private HashTree authIPs; - private Map<String, List<String>> rolesMap; - - /** - * Set configuration file. - * - * @param confFile - * XML config file. - * @throws AuthOpException - * Exception thrown on error. - */ - public void setConfig(File confFile) throws AuthOpException { - configFile = confFile; - init(); - } - - /** - * Initialize authentication operations. - * - * Reads tags "digilib-access" and "digilib-adresses" from configuration file - * and sets up authentication arrays. - * - * @throws AuthOpException - * Exception thrown on error. - */ - public void init() throws AuthOpException { - logger.debug("IpRoleServletAuthops.init (" + configFile + ")"); - Map<String, String> ipList = null; - Map<String, String> roleList = null; - try { - // load authIPs - XMLListLoader ipLoader = new XMLListLoader("digilib-addresses", "address", "ip", "role"); - ipList = ipLoader.loadUri(configFile.toURI()); - // load role mappings - XMLListLoader roleLoader = new XMLListLoader("digilib-access", "access", "type", "role"); - roleList = roleLoader.loadUri(configFile.toURI()); - } catch (Exception e) { - throw new AuthOpException("ERROR loading authorization config file: " + e); - } - if ((ipList == null)||(roleList == null)) { - throw new AuthOpException("ERROR unable to load authorization config file!"); - } - // setup ip tree - authIPs = new HashTree(ipList, ".", ","); - // convert role list to map, splitting roles by "," - rolesMap = new HashMap<String,List<String>>(roleList.size()); - for (String k : roleList.keySet()) { - String rs = roleList.get(k); - String[] ra = rs.split(","); - rolesMap.put(k, Arrays.asList(ra)); - } - } - - /** - * Return authorization roles needed for request. - * - * Returns the list of authorization roles that are needed to access the - * specified path. No list means the path is free. - * - * The location information of the request is also considered. - * - * @param request - * ServletRequest with address information. - * @throws AuthOpException - * Exception thrown on error. - * @return List of Strings with role names. - */ - @Override - public List<String> rolesForPath(DigilibServletRequest dlRequest) throws AuthOpException { - HttpServletRequest request = dlRequest.getServletRequest(); - DocuDirent imgs; - try { - // try to get image file from JobDescription - ImageJobDescription ticket = dlRequest.getJobDescription(); - if (ticket != null) { - imgs = (DocuDirent) ticket.getImageSet(); - } else { - // try to get image file from DirCache - DigilibConfiguration config = dlRequest.getDigilibConfig(); - DocuDirCache cache = (DocuDirCache) config.getValue(DigilibServletConfiguration.DIR_CACHE_KEY); - imgs = cache.getFile(dlRequest.getFilePath(), dlRequest.getAsInt("pn")); - } - } catch (FileOpException e) { - throw new AuthOpException("No file for auth check!"); - } - /* - * check if the requests address provides a role - */ - List<String> provided = authIPs.match(request.getRemoteAddr()); - if ((provided != null) && (provided.contains("ALL"))) { - // ALL switches off checking; - logger.debug("rolesForPath (" + imgs.getName() + ") by [" + request.getRemoteAddr() + "]: (ip-all)"); - return null; - } - /* - * get access restrictions from metadata - */ - String access = null; - try { - imgs.checkMeta(); - MetadataMap meta = imgs.getMeta().getFileMeta(); - access = meta.get("access"); - } catch (Exception e) { - logger.error("Error getting access meta for file!"); - } - if (access == null) { - // no access restriction - allow - logger.debug("rolesForPath (" + imgs.getName() + ") by [" + request.getRemoteAddr() + "]: (none)"); - return null; - } - // check provided against required roles - List<String> required = rolesMap.get(access); - // do any provided roles match? - if ((provided != null) && (required != null)) { - for (String prov : provided) { - if (required.contains(prov)) { - // satisfied - logger.debug("rolesForPath (" + imgs.getName() + ") by [" + request.getRemoteAddr() + "]: (provided)"); - return null; - } - } - } - logger.debug("rolesForPath (" + imgs.getName() + ") by [" + request.getRemoteAddr() + "]: "+required); - return required; - } - -}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/servlet/src/main/java/digilib/auth/PathAuthzOps.java Tue Mar 29 17:30:39 2016 +0200 @@ -0,0 +1,116 @@ +package digilib.auth; + +/* + * #%L + * XMLAuthOps -- Authentication class implementation using XML files + * + * Digital Image Library servlet components + * + * %% + * Copyright (C) 2001 - 2013 MPIWG Berlin + * %% + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Lesser Public License for more details. + * + * You should have received a copy of the GNU General Lesser Public + * License along with this program. If not, see + * <http://www.gnu.org/licenses/lgpl-3.0.html>. + * #L% + * Author: Robert Casties (robcast@berlios.de) + */ + +import java.io.File; +import java.util.List; +import java.util.Map; + +import javax.servlet.http.HttpServletRequest; + +import digilib.conf.DigilibConfiguration; +import digilib.conf.DigilibServletConfiguration; +import digilib.conf.DigilibServletRequest; +import digilib.util.HashTree; +import digilib.util.XMLListLoader; + +/** + * Implements AuthzOps using paths defined in an XML config file. + * + * The name of the configuration file is read from the digilib config parameter "auth-file". + * <p/> + * The tag "digilib-paths" is read from the configuration file: + * <pre> + * {@code + * <digilib-paths> + * <path name="histast/eastwood-collection" role="eastwood-coll" /> + * </digilib-paths> + * } + * </pre> + * A user must supply one of the roles under "role" to access the directory "name". + * Roles under "role" must be separated by comma only (no spaces). + * <pre> + * + */ +public class PathAuthzOps extends AuthzOpsImpl { + + private File configFile; + private HashTree authPaths; + + /** + * Initialize authentication operations. + * + * Reads tag "digilib-paths" from configuration file + * and sets up authentication arrays. + * + * @throws AuthOpException + * Exception thrown on error. + */ + @Override + public void init(DigilibConfiguration dlConfig) throws AuthOpException { + configFile = dlConfig.getAsFile("auth-file"); + logger.debug("xmlauthops.init (" + configFile + ")"); + Map<String, String> pathList = null; + try { + // load authPaths + XMLListLoader pathLoader = new XMLListLoader("digilib-paths", "path", "name", "role"); + pathList = pathLoader.loadUri(configFile.toURI()); + } catch (Exception e) { + throw new AuthOpException("ERROR loading authorization config file: " + e); + } + if (pathList == null) { + throw new AuthOpException("ERROR unable to load authorization config file!"); + } + // setup path tree + authPaths = new HashTree(pathList, "/", ","); + // set authentication + this.authnOps = (AuthnOps) dlConfig.getValue(DigilibServletConfiguration.AUTHN_OP_KEY); + } + + /** + * Return authorization roles needed for request. + * + * Returns the list of authorization roles that are required to access the + * specified path. No list means the path is free. + * + * @param dlRequest + * DigilibServletRequest with image path and remote address information. + * @throws AuthOpException + * Exception thrown on error. + * @return List of Strings with role names. + */ + public List<String> rolesForPath(DigilibServletRequest dlRequest) throws digilib.auth.AuthOpException { + String filepath = dlRequest.getFilePath(); + HttpServletRequest request = dlRequest.getServletRequest(); + logger.debug("rolesForPath (" + filepath + ") by [" + request.getRemoteAddr() + "]"); + + // which roles are required? + List<String> required = authPaths.match(filepath); + return required; + } + +}
--- a/servlet/src/main/java/digilib/auth/PathServletAuthOps.java Tue Mar 29 11:39:32 2016 +0200 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,154 +0,0 @@ -package digilib.auth; - -/* - * #%L - * XMLAuthOps -- Authentication class implementation using XML files - * - * Digital Image Library servlet components - * - * %% - * Copyright (C) 2001 - 2013 MPIWG Berlin - * %% - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Lesser Public License for more details. - * - * You should have received a copy of the GNU General Lesser Public - * License along with this program. If not, see - * <http://www.gnu.org/licenses/lgpl-3.0.html>. - * #L% - * Author: Robert Casties (robcast@berlios.de) - */ - -import java.io.File; -import java.util.List; -import java.util.Map; - -import javax.servlet.http.HttpServletRequest; - -import digilib.conf.DigilibServletRequest; -import digilib.util.HashTree; -import digilib.util.XMLListLoader; - -/** - * Implements AuthOps using paths defined in an XML config file. - * <p/> - * Tags "digilib-paths" and "digilib-adresses" are read from the configuration file: - * <pre> - * {@code - * <digilib-paths> - * <path name="histast/eastwood-collection" role="eastwood-coll" /> - * </digilib-paths> - * } - * </pre> - * A user must supply one of the roles under "role" to access the directory "name". - * Roles under "role" must be separated by comma only (no spaces). - * <pre> - * {@code - * <digilib-addresses> - * <address ip="130.92.68" role="eastwood-coll,ptolemaios-geo" /> - * <address ip="130.92.151" role="ALL" /> - * </digilib-addresses> - * } - * </pre> - * A computer with an ip address that matches "ip" is automatically granted all roles under "role". - * The ip address is matched from the left (in full quads). Roles under "role" must be separated by comma only (no spaces). - * - */ -public class PathServletAuthOps extends ServletAuthOpsImpl { - - private File configFile; - private HashTree authPaths; - private HashTree authIPs; - - /** - * Set configuration file. - * - * @param confFile - * XML config file. - * @throws AuthOpException - * Exception thrown on error. - */ - public void setConfig(File confFile) throws AuthOpException { - configFile = confFile; - init(); - } - - /** - * Initialize authentication operations. - * - * Reads tags "digilib-paths" and "digilib-adresses" from configuration file - * and sets up authentication arrays. - * - * @throws AuthOpException - * Exception thrown on error. - */ - public void init() throws AuthOpException { - logger.debug("xmlauthops.init (" + configFile + ")"); - Map<String, String> pathList = null; - Map<String, String> ipList = null; - try { - // load authPaths - XMLListLoader pathLoader = new XMLListLoader("digilib-paths", "path", "name", "role"); - pathList = pathLoader.loadUri(configFile.toURI()); - // load authIPs - XMLListLoader ipLoader = new XMLListLoader("digilib-addresses", "address", "ip", "role"); - ipList = ipLoader.loadUri(configFile.toURI()); - } catch (Exception e) { - throw new AuthOpException("ERROR loading authorization config file: " + e); - } - if ((pathList == null) || (ipList == null)) { - throw new AuthOpException("ERROR unable to load authorization config file!"); - } - // setup path tree - authPaths = new HashTree(pathList, "/", ","); - // setup ip tree - authIPs = new HashTree(ipList, ".", ","); - } - - /** - * Return authorization roles needed for request. - * - * Returns the list of authorization roles that are required to access the - * specified path. No list means the path is free. - * - * The location information of the request is determined by ServletRequest.getRemoteAddr(). - * - * @param dlRequest - * DigilibServletRequest with image path and remote address information. - * @throws AuthOpException - * Exception thrown on error. - * @return List of Strings with role names. - */ - public List<String> rolesForPath(DigilibServletRequest dlRequest) throws digilib.auth.AuthOpException { - String filepath = dlRequest.getFilePath(); - HttpServletRequest request = dlRequest.getServletRequest(); - logger.debug("rolesForPath (" + filepath + ") by [" + request.getRemoteAddr() + "]"); - - // check if the requests address provides a role - List<String> provided = authIPs.match(request.getRemoteAddr()); - if ((provided != null) && (provided.contains("ALL"))) { - // ALL switches off checking; - return null; - } - // which roles are required? - List<String> required = authPaths.match(filepath); - // do any provided roles match? - if ((provided != null) && (required != null)) { - for (int i = 0; i < provided.size(); i++) { - if (required.contains(provided.get(i))) { - // satisfied - return null; - } - } - } - return required; - } - -}
--- a/servlet/src/main/java/digilib/auth/ServletAuthOpsImpl.java Tue Mar 29 11:39:32 2016 +0200 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,105 +0,0 @@ -package digilib.auth; - -/* - * #%L - * AuthOps -- Authentication class implementation - * - * Digital Image Library servlet components - * - * %% - * Copyright (C) 2001 - 2013 MPIWG Berlin - * %% - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Lesser Public License for more details. - * - * You should have received a copy of the GNU General Lesser Public - * License along with this program. If not, see - * <http://www.gnu.org/licenses/lgpl-3.0.html>. - * #L% - * Author: Robert Casties (robcast@berlios.de) - */ - -import java.util.List; - -import org.apache.log4j.Logger; - -import digilib.conf.DigilibRequest; -import digilib.conf.DigilibServletRequest; - -/** - * Basic implementation of AuthOps interface. - * - * Provides basic implementations. Only rolesForPath needs to be implemented by - * specific implementations. - */ -public abstract class ServletAuthOpsImpl implements AuthOps { - - /** general logger for this class */ - protected Logger logger = Logger.getLogger(this.getClass()); - - public abstract void init() throws AuthOpException; - - /** - * @see digilib.auth.AuthOps#isAuthRequired(digilib.conf.DigilibRequest) - */ - public boolean isAuthRequired(DigilibRequest request) throws AuthOpException { - // check permissions - List<String> rolesRequired = rolesForPath((DigilibServletRequest) request); - return (rolesRequired != null); - } - - /** - * @see digilib.auth.AuthOps#isAuthorized(digilib.conf.DigilibRequest) - */ - public boolean isAuthorized(DigilibRequest request) throws AuthOpException { - List<String> rolesRequired = rolesForPath((DigilibServletRequest) request); - if (rolesRequired == null) return true; - return isRoleAuthorized(rolesRequired, (DigilibServletRequest) request); - } - - /** - * Test request authorization against a list of roles. - * - * @param rolesRequired - * List of Strings with role names. - * @param request - * ServletRequest with address information. - * @return true if the user information in the request authorizes one of the - * roles. - */ - public boolean isRoleAuthorized(List<String> rolesRequired, DigilibServletRequest request) { - if (rolesRequired == null) return true; - for (String s : rolesRequired) { - logger.debug("Testing role: " + s); - if (request.getServletRequest().isUserInRole(s)) { - logger.debug("Role Authorized"); - return true; - } - } - return false; - } - - /** - * Authorization roles needed for request. - * - * Returns the list of authorization roles that are needed to access the - * specified path. No list means the path is free. - * - * The location information of the request is also considered. - * - * @param request - * DigilibRequest with address information. - * @throws AuthOpException - * Exception thrown on error. - * @return List of Strings with role names. - */ - public abstract List<String> rolesForPath(DigilibServletRequest request) throws AuthOpException; - -}
--- a/servlet/src/main/java/digilib/conf/DigilibServletConfiguration.java Tue Mar 29 11:39:32 2016 +0200 +++ b/servlet/src/main/java/digilib/conf/DigilibServletConfiguration.java Tue Mar 29 17:30:39 2016 +0200 @@ -42,8 +42,10 @@ import org.apache.log4j.xml.DOMConfigurator; import org.xml.sax.SAXException; -import digilib.auth.AuthOps; -import digilib.auth.AuthOpsFactory; +import digilib.auth.AuthnOps; +import digilib.auth.AuthnOpsFactory; +import digilib.auth.AuthzOps; +import digilib.auth.AuthzOpsFactory; import digilib.image.DocuImage; import digilib.io.AliasingDocuDirCache; import digilib.io.DocuDirCache; @@ -76,7 +78,9 @@ */ public class DigilibServletConfiguration extends DigilibConfiguration implements ServletContextListener { - public static final String AUTH_OP_KEY = "servlet.auth.op"; + public static final String AUTHN_OP_KEY = "servlet.authn.op"; + + public static final String AUTHZ_OP_KEY = "servlet.authz.op"; public static final String IMAGEEXECUTOR_KEY = "servlet.worker.imageexecutor"; @@ -114,12 +118,15 @@ newParameter(DIR_CACHE_KEY, null, null, 's'); // Executor for image operations newParameter(IMAGEEXECUTOR_KEY, null, null, 's'); - // AuthOps instance - newParameter(AUTH_OP_KEY, null, null, 's'); + // AuthnOps instance + newParameter(AUTHN_OP_KEY, null, null, 's'); + // AuthzOps instance + newParameter(AUTHZ_OP_KEY, null, null, 's'); // classes TODO: do we need these as parameters? newParameter("servlet.filemeta.class", null, null, 's'); newParameter("servlet.dirmeta.class", null, null, 's'); - newParameter("servlet.authops.class", null, null, 's'); + newParameter("servlet.authnops.class", null, null, 's'); + newParameter("servlet.authzops.class", null, null, 's'); newParameter("servlet.docudirectory.class", null, null, 's'); newParameter("servlet.version", getVersion(), null, 's'); @@ -156,8 +163,10 @@ newParameter("filemeta-class", "digilib.meta.IndexMetaFileMeta", null, 'f'); // DirMeta implementation newParameter("dirmeta-class", "digilib.meta.IndexMetaDirMeta", null, 'f'); - // AuthOps implementation - newParameter("authops-class", "digilib.auth.PathServletAuthOps", null, 'f'); + // AuthnOps implementation + newParameter("authnops-class", "digilib.auth.IpAuthnOps", null, 'f'); + // AuthzOps implementation + newParameter("authzops-class", "digilib.auth.PathAuthzOps", null, 'f'); // DocuDirectory implementation newParameter("docudirectory-class", "digilib.io.BaseDirDocuDirectory", null, 'f'); @@ -293,13 +302,23 @@ } catch (ClassNotFoundException e) { logger.error("Error setting Metadata classes!"); } - try { - // initialise AuthOpsFactory - Class<AuthOps> authOpsClass = (Class<AuthOps>) Class.forName(config.getAsString("authops-class")); - config.setValue("servlet.authops.class", authOpsClass); - AuthOpsFactory.setAuthOpsClass(authOpsClass); - } catch (ClassNotFoundException e) { - logger.error("Error setting AuthOps class!"); + if (config.getAsBoolean("use-authorization")) { + try { + // initialise AuthnOpsFactory + Class<AuthnOps> authnOpsClass = (Class<AuthnOps>) Class.forName(config.getAsString("authnops-class")); + config.setValue("servlet.authzops.class", authnOpsClass); + AuthnOpsFactory.setAuthnOpsClass(authnOpsClass); + } catch (ClassNotFoundException e) { + logger.error("Error setting AuthnOps class!"); + } + try { + // initialise AuthzOpsFactory + Class<AuthzOps> authzOpsClass = (Class<AuthzOps>) Class.forName(config.getAsString("authzops-class")); + config.setValue("servlet.authzops.class", authzOpsClass); + AuthzOpsFactory.setAuthzOpsClass(authzOpsClass); + } catch (ClassNotFoundException e) { + logger.error("Error setting AuthzOps class!"); + } } try { // initialise DocuDirectoryFactory @@ -334,16 +353,19 @@ dirCache = new DocuDirCache(FileClass.IMAGE, this); } config.setValue(DIR_CACHE_KEY, dirCache); - // useAuthentication + // useAuthorization if (config.getAsBoolean("use-authorization")) { - AuthOps authOp = AuthOpsFactory.getAuthOpsInstance(); - // get config file + // set auth config file File authConf = ServletOps.getConfigFile((File) config.getValue("auth-file"), context); - if (authConf != null) { - authOp.setConfig(authConf); - } - config.setValue(AUTH_OP_KEY, authOp); config.setValue("auth-file", authConf); + // initialise AuthnOps + AuthnOps authnOps = AuthnOpsFactory.getAuthnOpsInstance(); + authnOps.init(this); + config.setValue(AUTHN_OP_KEY, authnOps); + // initialise AuthzOps (requires AuthnOps) + AuthzOps authzOps = AuthzOpsFactory.getAuthzOpsInstance(); + authzOps.init(this); + config.setValue(AUTHZ_OP_KEY, authzOps); } // digilib worker threads int nt = config.getAsInt("worker-threads");
--- a/servlet/src/main/java/digilib/servlet/DocumentBean.java Tue Mar 29 11:39:32 2016 +0200 +++ b/servlet/src/main/java/digilib/servlet/DocumentBean.java Tue Mar 29 17:30:39 2016 +0200 @@ -36,7 +36,7 @@ import org.apache.log4j.Logger; import digilib.auth.AuthOpException; -import digilib.auth.AuthOps; +import digilib.auth.AuthzOps; import digilib.conf.DigilibServletConfiguration; import digilib.conf.DigilibServletRequest; import digilib.io.DocuDirCache; @@ -52,10 +52,10 @@ private static Logger logger = Logger.getLogger("digilib.docubean"); // AuthOps object to check authorization - private AuthOps authOp; + private AuthzOps authzOp; // use authorization database - private boolean useAuthentication = true; + private boolean useAuthorization = true; // path to add for authenticated access private String authURLPath = ""; @@ -102,10 +102,10 @@ /* * authentication */ - useAuthentication = dlConfig.getAsBoolean("use-authorization"); - authOp = (AuthOps) dlConfig.getValue("servlet.auth.op"); + useAuthorization = dlConfig.getAsBoolean("use-authorization"); + authzOp = (AuthzOps) dlConfig.getValue("servlet.authz.op"); authURLPath = dlConfig.getAsString("auth-url-path"); - if (useAuthentication && (authOp == null)) { + if (useAuthorization && (authzOp == null)) { throw new ServletException( "ERROR: use-authorization configured but no AuthOp!"); } @@ -117,7 +117,7 @@ public boolean isAuthRequired(DigilibServletRequest request) throws AuthOpException { logger.debug("isAuthRequired"); - return useAuthentication ? authOp.isAuthRequired(request) : false; + return useAuthorization ? authzOp.isAuthorizationRequired(request) : false; } /** @@ -125,7 +125,7 @@ */ public boolean isAuthorized(DigilibServletRequest request) throws AuthOpException { logger.debug("isAuthorized"); - return useAuthentication ? authOp.isAuthorized(request) : true; + return useAuthorization ? authzOp.isAuthorized(request) : true; } /** @@ -143,8 +143,8 @@ public boolean doAuthentication(DigilibServletRequest request, HttpServletResponse response) throws Exception { logger.debug("doAuthentication"); - if (!useAuthentication) { - // shortcut if no authentication + if (!useAuthorization) { + // shortcut if no authorization return true; } // quick fix: add auth-url-path to base.url
--- a/servlet2/pom.xml Tue Mar 29 11:39:32 2016 +0200 +++ b/servlet2/pom.xml Tue Mar 29 17:30:39 2016 +0200 @@ -5,7 +5,7 @@ <parent> <artifactId>digilib</artifactId> <groupId>digilib</groupId> - <version>2.3-SNAPSHOT</version> + <version>2.4-SNAPSHOT</version> </parent> <artifactId>digilib-servlet2</artifactId> <name>digilib-servlet2</name>
--- a/servlet2/src/main/java/digilib/servlet/Scaler.java Tue Mar 29 11:39:32 2016 +0200 +++ b/servlet2/src/main/java/digilib/servlet/Scaler.java Tue Mar 29 17:30:39 2016 +0200 @@ -40,7 +40,7 @@ import org.apache.log4j.Logger; import digilib.auth.AuthOpException; -import digilib.auth.AuthOps; +import digilib.auth.AuthzOps; import digilib.conf.DigilibServletConfiguration; import digilib.conf.DigilibServletRequest; import digilib.image.DocuImage; @@ -106,8 +106,8 @@ /** use authorization database */ protected boolean useAuthorization = false; - /** AuthOps instance */ - protected AuthOps authOp; + /** AuthzOps instance */ + protected AuthzOps authzOp; /** * Initialisation on first run. @@ -138,7 +138,7 @@ logger.info("Scaler uses " + dlConfig.getValue("servlet.docuimage.version")); // set our AuthOps useAuthorization = dlConfig.getAsBoolean("use-authorization"); - authOp = (AuthOps) dlConfig.getValue("servlet.auth.op"); + authzOp = (AuthzOps) dlConfig.getValue(DigilibServletConfiguration.AUTHZ_OP_KEY); // DocuDirCache instance dirCache = (DocuDirCache) dlConfig.getValue("servlet.dir.cache"); @@ -245,7 +245,7 @@ // check permissions if (useAuthorization) { // is the current request/user authorized? - if (!authOp.isAuthorized(dlRequest)) { + if (!authzOp.isAuthorized(dlRequest)) { // send deny answer and abort throw new AuthOpException(); }
--- a/servlet2/src/main/java/digilib/servlet/ScalerNoThread.java Tue Mar 29 11:39:32 2016 +0200 +++ b/servlet2/src/main/java/digilib/servlet/ScalerNoThread.java Tue Mar 29 17:30:39 2016 +0200 @@ -36,7 +36,7 @@ import org.apache.log4j.Logger; import digilib.auth.AuthOpException; -import digilib.auth.AuthOps; +import digilib.auth.AuthzOps; import digilib.conf.DigilibServletConfiguration; import digilib.conf.DigilibServletRequest; import digilib.image.DocuImage; @@ -98,7 +98,7 @@ protected boolean useAuthorization = true; /** AuthOps instance */ - protected AuthOps authOp; + protected AuthzOps authzOp; /** * Initialisation on first run. @@ -124,7 +124,7 @@ } // set our AuthOps useAuthorization = dlConfig.getAsBoolean("use-authorization"); - authOp = (AuthOps) dlConfig.getValue("servlet.auth.op"); + authzOp = (AuthzOps) dlConfig.getValue(DigilibServletConfiguration.AUTHZ_OP_KEY); // DocuDirCache instance dirCache = (DocuDirCache) dlConfig.getValue("servlet.dir.cache"); @@ -227,7 +227,7 @@ // check permissions if (useAuthorization) { // is the current request/user authorized? - if (!authOp.isAuthorized(dlRequest)) { + if (!authzOp.isAuthorized(dlRequest)) { // send deny answer and abort throw new AuthOpException(); }
--- a/servlet3/pom.xml Tue Mar 29 11:39:32 2016 +0200 +++ b/servlet3/pom.xml Tue Mar 29 17:30:39 2016 +0200 @@ -3,7 +3,7 @@ <parent> <artifactId>digilib</artifactId> <groupId>digilib</groupId> - <version>2.3-SNAPSHOT</version> + <version>2.4-SNAPSHOT</version> </parent> <artifactId>digilib-servlet3</artifactId> <name>digilib-servlet3</name>
--- a/servlet3/src/main/java/digilib/servlet/Scaler.java Tue Mar 29 11:39:32 2016 +0200 +++ b/servlet3/src/main/java/digilib/servlet/Scaler.java Tue Mar 29 17:30:39 2016 +0200 @@ -41,9 +41,10 @@ import org.apache.log4j.Logger; import digilib.auth.AuthOpException; -import digilib.auth.AuthOps; +import digilib.auth.AuthzOps; import digilib.conf.DigilibConfiguration; import digilib.conf.DigilibServlet3Configuration; +import digilib.conf.DigilibServletConfiguration; import digilib.conf.DigilibServletRequest; import digilib.image.DocuImage; import digilib.image.ImageJobDescription; @@ -107,8 +108,8 @@ /** use authorization database */ protected boolean useAuthorization = false; - /** AuthOps instance */ - protected AuthOps authOp; + /** AuthzOps instance */ + protected AuthzOps authzOp; /** * Initialisation on first run. @@ -137,7 +138,7 @@ logger.info("Scaler uses " + dlConfig.getValue("servlet.docuimage.version")); // set our AuthOps useAuthorization = dlConfig.getAsBoolean("use-authorization"); - authOp = (AuthOps) dlConfig.getValue("servlet.auth.op"); + authzOp = (AuthzOps) dlConfig.getValue(DigilibServletConfiguration.AUTHZ_OP_KEY); // DocuDirCache instance dirCache = (DocuDirCache) dlConfig.getValue("servlet.dir.cache"); @@ -274,7 +275,7 @@ */ if (useAuthorization) { // is the current request/user authorized? - if (!authOp.isAuthorized(dlRequest)) { + if (!authzOp.isAuthorized(dlRequest)) { // send deny answer and abort throw new AuthOpException(); }
--- a/text/pom.xml Tue Mar 29 11:39:32 2016 +0200 +++ b/text/pom.xml Tue Mar 29 17:30:39 2016 +0200 @@ -4,7 +4,7 @@ <parent> <artifactId>digilib</artifactId> <groupId>digilib</groupId> - <version>2.3-SNAPSHOT</version> + <version>2.4-SNAPSHOT</version> </parent> <artifactId>digilib-text</artifactId> <name>digilib-text</name>
--- a/text/src/main/java/digilib/servlet/Texter.java Tue Mar 29 11:39:32 2016 +0200 +++ b/text/src/main/java/digilib/servlet/Texter.java Tue Mar 29 17:30:39 2016 +0200 @@ -38,7 +38,7 @@ import org.apache.log4j.Logger; -import digilib.auth.AuthOps; +import digilib.auth.AuthzOps; import digilib.conf.DigilibServletConfiguration; import digilib.conf.DigilibServletRequest; import digilib.conf.TextServletConfiguration; @@ -74,7 +74,7 @@ FileOps fileOp; /** AuthOps instance */ - AuthOps authOp; + AuthzOps authzOp; /** ServletOps instance */ ServletOps servletOp; @@ -83,7 +83,7 @@ DocuDirCache dirCache; /** use authentication */ - boolean useAuthentication = false; + boolean useAuthorization = false; /* * (non-Javadoc) @@ -109,8 +109,8 @@ + tlVersion + ") *****"); // set our AuthOps - useAuthentication = dlConfig.getAsBoolean("use-authorization"); - authOp = (AuthOps) dlConfig.getValue("servlet.auth.op"); + useAuthorization = dlConfig.getAsBoolean("use-authorization"); + authzOp = (AuthzOps) dlConfig.getValue(DigilibServletConfiguration.AUTHZ_OP_KEY); // DocuDirCache instance dirCache = (DocuDirCache) dlConfig.getValue(TextServletConfiguration.TEXT_DIR_CACHE_KEY); }
--- a/webapp/pom.xml Tue Mar 29 11:39:32 2016 +0200 +++ b/webapp/pom.xml Tue Mar 29 17:30:39 2016 +0200 @@ -6,7 +6,7 @@ <parent> <artifactId>digilib</artifactId> <groupId>digilib</groupId> - <version>2.3-SNAPSHOT</version> + <version>2.4-SNAPSHOT</version> </parent> <artifactId>digilib-webapp</artifactId> <name>digilib-webapp</name>
--- a/webapp/src/main/webapp/WEB-INF/digilib-config.xml.template Tue Mar 29 11:39:32 2016 +0200 +++ b/webapp/src/main/webapp/WEB-INF/digilib-config.xml.template Tue Mar 29 17:30:39 2016 +0200 @@ -55,7 +55,10 @@ <parameter name="use-authorization" value="false" /> <!-- Java class to use for authentication --> - <parameter name="authops-class" value="digilib.auth.PathServletAuthOps" /> + <parameter name="authzops-class" value="digilib.auth.IpAuthnOps" /> + + <!-- Java class to use for authorization --> + <parameter name="authzops-class" value="digilib.auth.PathAuthzOps" /> <!-- URL location of XML file with authorization requirements. --> <parameter name="auth-file" value="digilib-auth.xml" />
--- a/webapp/src/main/webapp/api/dlContext-xml.jsp Tue Mar 29 11:39:32 2016 +0200 +++ b/webapp/src/main/webapp/api/dlContext-xml.jsp Tue Mar 29 17:30:39 2016 +0200 @@ -25,8 +25,7 @@ digilib.conf.DigilibServletRequest, digilib.io.DocuDirCache, digilib.io.DocuDirent, - java.util.HashMap, - java.io.File"%><%! + digilib.meta.MetadataMap"%><%! // create DocumentBean instance for all JSP requests DocumentBean docBean = new DocumentBean(); @@ -54,11 +53,11 @@ int pn = dlRequest.getAsInt("pn"); String fn = dlRequest.getFilePath(); String ctx = ""; -DocuDirent f = dirCache.getFile(fn, pn, digilib.io.FileOps.FileClass.IMAGE); +DocuDirent f = dirCache.getFile(fn, pn); if (f != null) { //ctx = "hasfile:"+f.getName(); f.checkMeta(); - HashMap meta = f.getMeta().getFileMeta(); + MetadataMap meta = f.getMeta().getFileMeta(); if (meta != null) { //ctx = "JSP:hasmeta!"; if (meta.containsKey("context")) {
--- a/webapp/src/main/webapp/dlContext-xml.jsp Tue Mar 29 11:39:32 2016 +0200 +++ b/webapp/src/main/webapp/dlContext-xml.jsp Tue Mar 29 17:30:39 2016 +0200 @@ -25,8 +25,7 @@ digilib.conf.DigilibServletRequest, digilib.io.DocuDirCache, digilib.io.DocuDirent, - java.util.HashMap, - java.io.File"%><%! + digilib.meta.MetadataMap"%><%! // create DocumentBean instance for all JSP requests DocumentBean docBean = new DocumentBean(); @@ -54,11 +53,11 @@ int pn = dlRequest.getAsInt("pn"); String fn = dlRequest.getFilePath(); String ctx = ""; -DocuDirent f = dirCache.getFile(fn, pn, digilib.io.FileOps.FileClass.IMAGE); +DocuDirent f = dirCache.getFile(fn, pn); if (f != null) { //ctx = "hasfile:"+f.getName(); f.checkMeta(); - HashMap meta = f.getMeta().getFileMeta(); + MetadataMap meta = f.getMeta().getFileMeta(); if (meta != null) { //ctx = "JSP:hasmeta!"; if (meta.containsKey("context")) {
--- a/webapp/src/main/webapp/jquery/jquery.digilib.js Tue Mar 29 11:39:32 2016 +0200 +++ b/webapp/src/main/webapp/jquery/jquery.digilib.js Tue Mar 29 17:30:39 2016 +0200 @@ -45,7 +45,7 @@ var defaults = { // version of this script - 'version' : 'jquery.digilib.js 2.3.9a', + 'version' : 'jquery.digilib.js 2.4.0a', // logo url 'logoUrl' : 'img/digilib-logo-text1.png', // homepage url (behind logo)
--- a/webapp/src/main/webapp/server/dlConfig.jsp Tue Mar 29 11:39:32 2016 +0200 +++ b/webapp/src/main/webapp/server/dlConfig.jsp Tue Mar 29 17:30:39 2016 +0200 @@ -25,6 +25,7 @@ digilib.conf.DigilibServletConfiguration, digilib.conf.DigilibServletRequest, digilib.io.DocuDirCache, + digilib.image.DocuImage, digilib.image.DocuImageFactory, java.io.File"%> <%! @@ -54,8 +55,7 @@ // dir cache DocuDirCache dirCache = (DocuDirCache) dlConfig.getValue("servlet.dir.cache"); // image JobCenter -DigilibJobCenter imageProcessor = (DigilibJobCenter)dlConfig.getValue("servlet.worker.imageexecutor"); - +DigilibJobCenter<DocuImage> imageProcessor = (DigilibJobCenter<DocuImage>) dlConfig.getValue("servlet.worker.imageexecutor"); %> <html> @@ -196,8 +196,8 @@ <p>Supported image types</p> <ul> <% - java.util.Iterator dlfs = DocuImageFactory.getInstance().getSupportedFormats(); - for (Object f = dlfs.next(); dlfs.hasNext(); f = dlfs.next()) { + java.util.Iterator<String> dlfs = DocuImageFactory.getInstance().getSupportedFormats(); + for (String f = dlfs.next(); dlfs.hasNext(); f = dlfs.next()) { %> <li><%= (String)f %></li> <%