changeset 1177:9c956718f1da

better authorisation classes. new AuthOpsFactory. renamed XMLAuthOps to PathServletAuthOps. new MetaAccessServletAuthOps using "access" metadata.
author robcast
date Thu, 04 Apr 2013 11:21:16 +0200
parents 5f7fd411823c
children 2dd7116ccad3
files common/src/main/java/digilib/auth/AuthOps.java common/src/main/java/digilib/auth/AuthOpsFactory.java common/src/main/java/digilib/conf/DigilibRequest.java common/src/main/java/digilib/image/ImageJobDescription.java servlet/src/main/java/digilib/auth/MetaAccessServletAuthOps.java servlet/src/main/java/digilib/auth/PathServletAuthOps.java servlet/src/main/java/digilib/auth/ServletAuthOps.java servlet/src/main/java/digilib/auth/ServletAuthOpsImpl.java servlet/src/main/java/digilib/auth/XMLAuthOps.java servlet/src/main/java/digilib/servlet/DocumentBean.java servlet2/src/main/java/digilib/servlet/Initialiser.java servlet2/src/main/java/digilib/servlet/Scaler.java servlet2/src/main/java/digilib/servlet/ScalerNoThread.java servlet3/src/main/java/digilib/servlet/Initialiser.java servlet3/src/main/java/digilib/servlet/Scaler.java
diffstat 15 files changed, 655 insertions(+), 551 deletions(-) [+]
line wrap: on
line diff
--- a/common/src/main/java/digilib/auth/AuthOps.java	Wed Apr 03 21:56:01 2013 +0200
+++ b/common/src/main/java/digilib/auth/AuthOps.java	Thu Apr 04 11:21:16 2013 +0200
@@ -26,8 +26,6 @@
  * Author: Robert Casties (robcast@berlios.de)
  */
 
-import java.util.List;
-
 import digilib.conf.DigilibRequest;
 
 /** Class of operations requiring authentication. */
@@ -52,25 +50,4 @@
 	public boolean isAuthorized(DigilibRequest request)
 		throws AuthOpException;
 
-	/** Authorization roles needed for request.
-	 *
-	 * Returns the list of authorization roles that are needed to access the
-	 * specified path. No list means the path is free.
-	 *
-	 * The location information of the request is also considered.
-	 *
-	 * @param request DigilibRequest with address information.
-	 * @throws AuthOpException Exception thrown on error.
-	 * @return List of Strings with role names.
-	 */
-	public List<String> rolesForPath(DigilibRequest request)
-		throws AuthOpException;
-
-	/** Test request authorization against a list of roles.
-	 * @param roles List of Strings with role names.
-	 * @param request ServletRequest with address information.
-	 * @return true if the user information in the request authorizes one of the roles.
-	 */
-	public boolean isRoleAuthorized(List<String> roles, DigilibRequest request);
-
 }
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/common/src/main/java/digilib/auth/AuthOpsFactory.java	Thu Apr 04 11:21:16 2013 +0200
@@ -0,0 +1,37 @@
+/**
+ * 
+ */
+package digilib.auth;
+
+import org.apache.log4j.Logger;
+
+
+/**
+ * @author casties
+ * 
+ */
+public class AuthOpsFactory {
+    /** Log4J logger */
+    protected static Logger logger = Logger.getLogger(AuthOpsFactory.class);
+
+    /** AuthOps implementation class */
+    protected static Class<AuthOps> authOpsClass;
+
+    public static AuthOps getAuthOpsInstance() {
+        AuthOps ao = null;
+        try {
+            ao = authOpsClass.newInstance();
+        } catch (Exception e) {
+            logger.error("Unable to create AuthOps instance!", e);
+        }
+        return ao;
+    }
+
+    /** set the AuthOps implementation class.
+     * @param clazz
+     */
+    public static void setAuthOpsClass(Class<AuthOps> clazz) {
+        AuthOpsFactory.authOpsClass = clazz;
+    }
+
+}
--- a/common/src/main/java/digilib/conf/DigilibRequest.java	Wed Apr 03 21:56:01 2013 +0200
+++ b/common/src/main/java/digilib/conf/DigilibRequest.java	Thu Apr 04 11:21:16 2013 +0200
@@ -33,7 +33,7 @@
 import java.net.URLDecoder;
 import java.util.StringTokenizer;
 
-import digilib.image.DocuImage;
+import digilib.image.ImageJobDescription;
 import digilib.io.FileOps;
 import digilib.util.OptionsSet;
 import digilib.util.Parameter;
@@ -63,7 +63,7 @@
  */
 public class DigilibRequest extends ParameterMap {
 
-	protected DocuImage image; // internal DocuImage instance for this request
+	protected ImageJobDescription ticket; // ImageJobDescription for this request
 
 	public DigilibRequest() {
 		super(30);
@@ -128,9 +128,6 @@
 		newParameter("request.path", "", null, 'i');
 		// base URL (from http:// to below /servlet)
 		newParameter("base.url", null, null, 'i');
-		// DocuImage instance for this request
-		newParameter("docu.image", image, null, 'i');
-		image = null;
 		/*
 		 * Parameters of type 'c' are for the clients use
 		 */
@@ -285,24 +282,18 @@
 		return FileOps.normalName(s);
 	}
 
-	/**
-	 * Returns the image.
-	 * 
-	 * @return DocuImage
-	 */
-	public DocuImage getImage() {
-		return image;
-	}
+    /**
+     * @return the ticket
+     */
+    public ImageJobDescription getJobDescription() {
+        return ticket;
+    }
 
-	/**
-	 * Sets the image.
-	 * 
-	 * @param image
-	 *            The image to set
-	 */
-	public void setImage(DocuImage image) {
-		this.image = image;
-		setValue("docu.image", image);
-	}
+    /**
+     * @param ticket the ticket to set
+     */
+    public void setJobDescription(ImageJobDescription ticket) {
+        this.ticket = ticket;
+    }
 
 }
--- a/common/src/main/java/digilib/image/ImageJobDescription.java	Wed Apr 03 21:56:01 2013 +0200
+++ b/common/src/main/java/digilib/image/ImageJobDescription.java	Thu Apr 04 11:21:16 2013 +0200
@@ -32,6 +32,7 @@
 import org.apache.log4j.Logger;
 
 import digilib.conf.DigilibConfiguration;
+import digilib.conf.DigilibRequest;
 import digilib.image.DocuImage.ColorOp;
 import digilib.io.DocuDirCache;
 import digilib.io.DocuDirectory;
@@ -142,19 +143,34 @@
 	}
 
 
-	/** Creates new ImageJobDescription by merging Parameters from another ParameterMap.
-	 * @param pm
+	/** Creates new ImageJobDescription by merging Parameters from a DigilibRequest.
+	 * @param dlReq
 	 * @param dlcfg
 	 * @return
 	 */
-	public static ImageJobDescription getInstance(ParameterMap pm, DigilibConfiguration dlcfg) {
+	public static ImageJobDescription getInstance(DigilibRequest dlReq, DigilibConfiguration dlcfg) {
 		ImageJobDescription newMap = new ImageJobDescription(dlcfg);
 		// add all params to this map
-		newMap.params.putAll(pm.getParams());
+		newMap.params.putAll(dlReq.getParams());
 		newMap.initOptions();
+		// add ImageJobDescription back into DigilibRequest
+		dlReq.setJobDescription(newMap);
 		return newMap;
 	}
 
+    /** Creates new ImageJobDescription by merging Parameters from another ParameterMap.
+     * @param pm
+     * @param dlcfg
+     * @return
+     */
+    public static ImageJobDescription getInstance(ParameterMap pm, DigilibConfiguration dlcfg) {
+        ImageJobDescription newMap = new ImageJobDescription(dlcfg);
+        // add all params to this map
+        newMap.params.putAll(pm.getParams());
+        newMap.initOptions();
+        return newMap;
+    }
+
 	
 	/** Returns the mime-type (of the input). 
 	 * @return
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/servlet/src/main/java/digilib/auth/MetaAccessServletAuthOps.java	Thu Apr 04 11:21:16 2013 +0200
@@ -0,0 +1,174 @@
+package digilib.auth;
+
+/*
+ * #%L
+ * XMLAuthOps -- Authentication class implementation using XML files
+ * 
+ * Digital Image Library servlet components
+ * 
+ * %%
+ * Copyright (C) 2001 - 2013 MPIWG Berlin
+ * %%
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as 
+ * published by the Free Software Foundation, either version 3 of the 
+ * License, or (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Lesser Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Lesser Public 
+ * License along with this program.  If not, see
+ * <http://www.gnu.org/licenses/lgpl-3.0.html>.
+ * #L%
+ * Author: Robert Casties (robcast@berlios.de)
+ */
+
+import java.io.File;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+
+import digilib.conf.DigilibServletRequest;
+import digilib.io.DocuDirent;
+import digilib.meta.MetadataMap;
+import digilib.util.HashTree;
+import digilib.util.XMLListLoader;
+
+/**
+ * Implementation of AuthOps using "access" information from file metadata and
+ * roles mapped to IP-number ranges defined in an XML config file.
+ * 
+ * The configuration file is read by an XMLListLoader into HashTree objects for
+ * IP numbers.
+ */
+public class MetaAccessServletAuthOps extends ServletAuthOpsImpl {
+
+    private File configFile;
+    private HashTree authIPs;
+    private Map<String, List<String>> rolesMap;
+
+    /**
+     * Constructor taking an XML config file.
+     * 
+     * @param confFile
+     *            Configuration file.
+     * @throws AuthOpException
+     *             Exception thrown on error.
+     */
+    public MetaAccessServletAuthOps(File confFile) throws AuthOpException {
+        configFile = confFile;
+        init();
+    }
+
+    /**
+     * Set configuration file.
+     * 
+     * @param confFile
+     *            XML config file.
+     * @throws AuthOpException
+     *             Exception thrown on error.
+     */
+    public void setConfig(File confFile) throws AuthOpException {
+        configFile = confFile;
+        init();
+    }
+
+    /**
+     * Initialize.
+     * 
+     * Read configuration files and setup authorization arrays.
+     * 
+     * @throws AuthOpException
+     *             Exception thrown on error.
+     */
+    public void init() throws AuthOpException {
+        logger.debug("IpRoleServletAuthops.init (" + configFile + ")");
+        Map<String, String> ipList = null;
+        Map<String, String> roleList = null;
+        try {
+            // load authIPs
+            XMLListLoader ipLoader = new XMLListLoader("digilib-addresses", "address", "ip", "role");
+            ipList = ipLoader.loadUri(configFile.toURI());
+            // load role mappings
+            XMLListLoader roleLoader = new XMLListLoader("digilib-access", "access", "type", "role");
+            roleList = roleLoader.loadUri(configFile.toURI());
+        } catch (Exception e) {
+            throw new AuthOpException("ERROR loading authorization config file: " + e);
+        }
+        if ((ipList == null)||(roleList == null)) {
+            throw new AuthOpException("ERROR unable to load authorization config file!");
+        }
+        // setup ip tree
+        authIPs = new HashTree(ipList, ".", ",");
+        // convert role list to map, splitting roles by ","
+        rolesMap = new HashMap<String,List<String>>(roleList.size());
+        for (String k : roleList.keySet()) {
+            String rs = roleList.get(k);
+            String[] ra = rs.split(",");
+            rolesMap.put(k, Arrays.asList(ra));
+        }
+    }
+
+    /**
+     * Return authorization roles needed for request.
+     * 
+     * Returns the list of authorization roles that are needed to access the
+     * specified path. No list means the path is free.
+     * 
+     * The location information of the request is also considered.
+     * 
+     * @param request
+     *            ServletRequest with address information.
+     * @throws AuthOpException
+     *             Exception thrown on error.
+     * @return List of Strings with role names.
+     */
+    @Override
+    public List<String> rolesForPath(DigilibServletRequest dlRequest) throws AuthOpException {
+        HttpServletRequest request = dlRequest.getServletRequest();
+        logger.debug("rolesForPath (" + dlRequest.getFilePath() + ") by [" + request.getRemoteAddr() + "]");
+        /*
+         * check if the requests address provides a role
+         */
+        List<String> provided = authIPs.match(request.getRemoteAddr());
+        if ((provided != null) && (provided.contains("ALL"))) {
+            // ALL switches off checking;
+            return null;
+        }
+        /*
+         * get access restrictions from metadata
+         */
+        String access = null;
+        try {
+            DocuDirent imgs = (DocuDirent) dlRequest.getJobDescription().getImageSet();
+            MetadataMap meta = imgs.getMeta().getFileMeta();
+            access = meta.get("access");
+        } catch (Exception e) {
+            logger.error("Error getting meta for file!", e);
+            throw new AuthOpException("Error getting meta for file access!");
+        }
+        if (access == null) {
+            // no access restriction - allow
+            return null;
+        }
+        // check provided against required roles
+        List<String> required = rolesMap.get(access);
+        // do any provided roles match?
+        if ((provided != null) && (required != null)) {
+            for (String prov : provided) {
+                if (required.contains(prov)) {
+                    // satisfied
+                    return null;
+                }
+            }
+        }
+        return required;
+    }
+
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/servlet/src/main/java/digilib/auth/PathServletAuthOps.java	Thu Apr 04 11:21:16 2013 +0200
@@ -0,0 +1,151 @@
+package digilib.auth;
+
+/*
+ * #%L
+ * XMLAuthOps -- Authentication class implementation using XML files
+ * 
+ * Digital Image Library servlet components
+ * 
+ * %%
+ * Copyright (C) 2001 - 2013 MPIWG Berlin
+ * %%
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as 
+ * published by the Free Software Foundation, either version 3 of the 
+ * License, or (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Lesser Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Lesser Public 
+ * License along with this program.  If not, see
+ * <http://www.gnu.org/licenses/lgpl-3.0.html>.
+ * #L%
+ * Author: Robert Casties (robcast@berlios.de)
+ */
+
+import java.io.File;
+import java.util.List;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+
+import digilib.conf.DigilibServletRequest;
+import digilib.util.HashTree;
+import digilib.util.XMLListLoader;
+
+/**
+ * Implementation of AuthOps using paths defined in an XML config file.
+ * 
+ * The configuration file is read by an XMLListLoader into HashTree objects for
+ * authentication paths and IP numbers.
+ */
+public class PathServletAuthOps extends ServletAuthOpsImpl {
+
+    private File configFile;
+    private HashTree authPaths;
+    private HashTree authIPs;
+
+    /**
+     * Constructor taking an XML config file.
+     * 
+     * @param u
+     *            utils object
+     * @param confFile
+     *            Configuration file.
+     * @throws AuthOpException
+     *             Exception thrown on error.
+     */
+    public PathServletAuthOps(File confFile) throws AuthOpException {
+        configFile = confFile;
+        init();
+    }
+
+    /**
+     * Set configuration file.
+     * 
+     * @param confFile
+     *            XML config file.
+     * @throws AuthOpException
+     *             Exception thrown on error.
+     */
+    public void setConfig(File confFile) throws AuthOpException {
+        configFile = confFile;
+        init();
+    }
+
+    /**
+     * Initialize.
+     * 
+     * Read configuration files and setup authentication arrays.
+     * 
+     * @throws AuthOpException
+     *             Exception thrown on error.
+     */
+    public void init() throws AuthOpException {
+        logger.debug("xmlauthops.init (" + configFile + ")");
+        Map<String, String> pathList = null;
+        Map<String, String> ipList = null;
+        try {
+            // load authPaths
+            XMLListLoader pathLoader = new XMLListLoader("digilib-paths", "path", "name", "role");
+            pathList = pathLoader.loadUri(configFile.toURI());
+            // load authIPs
+            XMLListLoader ipLoader = new XMLListLoader("digilib-addresses", "address", "ip", "role");
+            ipList = ipLoader.loadUri(configFile.toURI());
+        } catch (Exception e) {
+            throw new AuthOpException("ERROR loading authorization config file: " + e);
+        }
+        if ((pathList == null) || (ipList == null)) {
+            throw new AuthOpException("ERROR unable to load authorization config file!");
+        }
+        // setup path tree
+        authPaths = new HashTree(pathList, "/", ",");
+        // setup ip tree
+        authIPs = new HashTree(ipList, ".", ",");
+    }
+
+    /**
+     * Return authorization roles needed for request.
+     * 
+     * Returns the list of authorization roles that are needed to access the
+     * specified path. No list means the path is free.
+     * 
+     * The location information of the request is also considered.
+     * 
+     * @param filepath
+     *            filepath to be accessed.
+     * @param request
+     *            ServletRequest with address information.
+     * @throws AuthOpException
+     *             Exception thrown on error.
+     * @return List of Strings with role names.
+     */
+    public List<String> rolesForPath(DigilibServletRequest dlRequest) throws digilib.auth.AuthOpException {
+        String filepath = dlRequest.getFilePath();
+        HttpServletRequest request = dlRequest.getServletRequest();
+        logger.debug("rolesForPath (" + filepath + ") by [" + request.getRemoteAddr() + "]");
+
+        // check if the requests address provides a role
+        List<String> provided = authIPs.match(request.getRemoteAddr());
+        if ((provided != null) && (provided.contains("ALL"))) {
+            // ALL switches off checking;
+            return null;
+        }
+        // which roles are required?
+        List<String> required = authPaths.match(filepath);
+        // do any provided roles match?
+        if ((provided != null) && (required != null)) {
+            for (int i = 0; i < provided.size(); i++) {
+                if (required.contains(provided.get(i))) {
+                    // satisfied
+                    return null;
+                }
+            }
+        }
+        return required;
+    }
+
+}
--- a/servlet/src/main/java/digilib/auth/ServletAuthOps.java	Wed Apr 03 21:56:01 2013 +0200
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,158 +0,0 @@
-package digilib.auth;
-
-/*
- * #%L
- *  AuthOps -- Authentication class implementation
- *
- *  Digital Image Library servlet components
- *  
- * %%
- * Copyright (C) 2001 - 2013 MPIWG Berlin
- * %%
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as 
- * published by the Free Software Foundation, either version 3 of the 
- * License, or (at your option) any later version.
- * 
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Lesser Public License for more details.
- * 
- * You should have received a copy of the GNU General Lesser Public 
- * License along with this program.  If not, see
- * <http://www.gnu.org/licenses/lgpl-3.0.html>.
- * #L%
- * Author: Robert Casties (robcast@berlios.de)
- */
-
-import java.util.List;
-
-import javax.servlet.http.HttpServletRequest;
-
-import org.apache.log4j.Logger;
-
-import digilib.conf.DigilibRequest;
-import digilib.conf.DigilibServletRequest;
-
-/**
- * Basic implementation of AuthOps interface.
- * 
- * Provides basic implementations. Only rolesForPath needs to be implemented by
- * specific implementations.
- */
-public abstract class ServletAuthOps implements AuthOps {
-
-    /** general logger for this class */
-    protected Logger logger = Logger.getLogger(this.getClass());
-
-    /** Default constructor. */
-    public ServletAuthOps() {
-        try {
-            init();
-        } catch (AuthOpException e) {
-        }
-    }
-
-    /**
-     * Test if the request is allowed to access filepath.
-     * 
-     * @param filepath
-     *            filepath to be acessed.
-     * @param request
-     *            Request with user information.
-     * @throws AuthOpException
-     *             Exception thrown on error.
-     * @return true if the request is allowed.
-     */
-    public boolean isAuthRequired(String filepath, HttpServletRequest request) throws AuthOpException {
-        // check permissions
-        List<String> rolesRequired = rolesForPath(filepath, request);
-        return (rolesRequired != null);
-    }
-
-    /**
-     * @see digilib.auth.AuthOps#isAuthRequired(digilib.conf.DigilibRequest)
-     */
-    public boolean isAuthRequired(DigilibRequest request) throws AuthOpException {
-        // check permissions
-        List<String> rolesRequired = rolesForPath(request);
-        return (rolesRequired != null);
-    }
-
-    /**
-     * Return authorization roles needed for request.
-     * 
-     * Returns a list of authorization roles that would be allowed to access the
-     * specified path. The location information of the request is considered
-     * also.
-     * 
-     * @param filepath
-     *            filepath to be accessed.
-     * @param request
-     *            ServletRequest with address information.
-     * @throws AuthOpException
-     *             Exception thrown on error.
-     * @return List of Strings with role names.
-     */
-    public boolean isAuthorized(String filepath, HttpServletRequest request) throws AuthOpException {
-        List<String> rolesAllowed = rolesForPath(filepath, request);
-        return isRoleAuthorized(rolesAllowed, request);
-    }
-
-    /**
-     * @see digilib.auth.AuthOps#isAuthorized(digilib.conf.DigilibRequest)
-     */
-    public boolean isAuthorized(DigilibRequest request) throws AuthOpException {
-        List<String> rolesAllowed = rolesForPath(request);
-        return isRoleAuthorized(rolesAllowed, request);
-    }
-
-    /**
-     * Test request authorization against a list of roles.
-     * 
-     * @param roles
-     *            List of Strings with role names.
-     * @param request
-     *            ServletRequest with address information.
-     * @return true if the user information in the request authorizes one of the
-     *         roles.
-     */
-    public boolean isRoleAuthorized(List<String> roles, HttpServletRequest request) {
-        for (String s : roles) {
-            logger.debug("Testing role: " + s);
-            if (request.isUserInRole(s)) {
-                logger.debug("Role Authorized");
-                return true;
-            }
-        }
-        return false;
-    }
-
-    /**
-     * @see digilib.auth.AuthOps#isRoleAuthorized(java.util.List,
-     *      digilib.conf.DigilibRequest)
-     */
-    public boolean isRoleAuthorized(List<String> roles, DigilibRequest request) {
-        for (String s : roles) {
-            logger.debug("Testing role: " + s);
-            if (((DigilibServletRequest) request).getServletRequest().isUserInRole(s)) {
-                logger.debug("Role Authorized");
-                return true;
-            }
-        }
-        return false;
-    }
-
-    public abstract void init() throws AuthOpException;
-
-    public abstract List<String> rolesForPath(String filepath, HttpServletRequest request) throws AuthOpException;
-
-    /**
-     * @see digilib.auth.AuthOps#rolesForPath(digilib.conf.DigilibRequest)
-     */
-    public List<String> rolesForPath(DigilibRequest request) throws AuthOpException {
-        return rolesForPath(request.getFilePath(), ((DigilibServletRequest) request).getServletRequest());
-    }
-
-}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/servlet/src/main/java/digilib/auth/ServletAuthOpsImpl.java	Thu Apr 04 11:21:16 2013 +0200
@@ -0,0 +1,111 @@
+package digilib.auth;
+
+/*
+ * #%L
+ *  AuthOps -- Authentication class implementation
+ *
+ *  Digital Image Library servlet components
+ *  
+ * %%
+ * Copyright (C) 2001 - 2013 MPIWG Berlin
+ * %%
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as 
+ * published by the Free Software Foundation, either version 3 of the 
+ * License, or (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Lesser Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Lesser Public 
+ * License along with this program.  If not, see
+ * <http://www.gnu.org/licenses/lgpl-3.0.html>.
+ * #L%
+ * Author: Robert Casties (robcast@berlios.de)
+ */
+
+import java.util.List;
+
+import org.apache.log4j.Logger;
+
+import digilib.conf.DigilibRequest;
+import digilib.conf.DigilibServletRequest;
+
+/**
+ * Basic implementation of AuthOps interface.
+ * 
+ * Provides basic implementations. Only rolesForPath needs to be implemented by
+ * specific implementations.
+ */
+public abstract class ServletAuthOpsImpl implements AuthOps {
+
+    /** general logger for this class */
+    protected Logger logger = Logger.getLogger(this.getClass());
+
+    /** Default constructor. */
+    public ServletAuthOpsImpl() {
+        try {
+            init();
+        } catch (AuthOpException e) {
+        }
+    }
+
+    public abstract void init() throws AuthOpException;
+
+    /**
+     * @see digilib.auth.AuthOps#isAuthRequired(digilib.conf.DigilibRequest)
+     */
+    public boolean isAuthRequired(DigilibRequest request) throws AuthOpException {
+        // check permissions
+        List<String> rolesRequired = rolesForPath((DigilibServletRequest) request);
+        return (rolesRequired != null);
+    }
+
+    /**
+     * @see digilib.auth.AuthOps#isAuthorized(digilib.conf.DigilibRequest)
+     */
+    public boolean isAuthorized(DigilibRequest request) throws AuthOpException {
+        List<String> rolesAllowed = rolesForPath((DigilibServletRequest) request);
+        return isRoleAuthorized(rolesAllowed, (DigilibServletRequest) request);
+    }
+
+    /**
+     * Test request authorization against a list of roles.
+     * 
+     * @param roles
+     *            List of Strings with role names.
+     * @param request
+     *            ServletRequest with address information.
+     * @return true if the user information in the request authorizes one of the
+     *         roles.
+     */
+    public boolean isRoleAuthorized(List<String> roles, DigilibServletRequest request) {
+        for (String s : roles) {
+            logger.debug("Testing role: " + s);
+            if (request.getServletRequest().isUserInRole(s)) {
+                logger.debug("Role Authorized");
+                return true;
+            }
+        }
+        return false;
+    }
+
+    /**
+     * Authorization roles needed for request.
+     * 
+     * Returns the list of authorization roles that are needed to access the
+     * specified path. No list means the path is free.
+     * 
+     * The location information of the request is also considered.
+     * 
+     * @param request
+     *            DigilibRequest with address information.
+     * @throws AuthOpException
+     *             Exception thrown on error.
+     * @return List of Strings with role names.
+     */
+    public abstract List<String> rolesForPath(DigilibServletRequest request) throws AuthOpException;
+
+}
--- a/servlet/src/main/java/digilib/auth/XMLAuthOps.java	Wed Apr 03 21:56:01 2013 +0200
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,142 +0,0 @@
-package digilib.auth;
-
-/*
- * #%L
- * XMLAuthOps -- Authentication class implementation using XML files
- * 
- * Digital Image Library servlet components
- * 
- * %%
- * Copyright (C) 2001 - 2013 MPIWG Berlin
- * %%
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as 
- * published by the Free Software Foundation, either version 3 of the 
- * License, or (at your option) any later version.
- * 
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Lesser Public License for more details.
- * 
- * You should have received a copy of the GNU General Lesser Public 
- * License along with this program.  If not, see
- * <http://www.gnu.org/licenses/lgpl-3.0.html>.
- * #L%
- * Author: Robert Casties (robcast@berlios.de)
- */
-
-import java.io.File;
-import java.util.List;
-import java.util.Map;
-
-import javax.servlet.http.HttpServletRequest;
-
-import digilib.util.HashTree;
-import digilib.util.XMLListLoader;
-
-/** Implementation of AuthOps using XML files.
- *
- * The configuration file is read by an XMLListLoader into HashTree objects for 
- * authentication paths and IP numbers.
- */
-public class XMLAuthOps extends ServletAuthOps {
-
-	private File configFile;
-	private HashTree authPaths;
-	private HashTree authIPs;
-
-	/** Constructor taking an XML config file.
-	 *
-	 * @param u utils object
-	 * @param confFile Configuration file.
-	 * @throws AuthOpException Exception thrown on error.
-	 */
-	public XMLAuthOps(File confFile) throws AuthOpException {
-		configFile = confFile;
-		init();
-	}
-
-	/** Set configuration file.
-	 *
-	 * @param confFile XML config file.
-	 * @throws AuthOpException Exception thrown on error.
-	 */
-	public void setConfig(File confFile) throws AuthOpException {
-		configFile = confFile;
-		init();
-	}
-
-	/** Initialize.
-	 *
-	 * Read configuration files and setup authentication arrays.
-	 *
-	 * @throws AuthOpException Exception thrown on error.
-	 */
-	public void init() throws AuthOpException {
-		logger.debug("xmlauthops.init (" + configFile + ")");
-		Map<String, String> pathList = null;
-		Map<String, String> ipList = null;
-		try {
-			// load authPaths
-			XMLListLoader pathLoader =
-				new XMLListLoader("digilib-paths", "path", "name", "role");
-			pathList = pathLoader.loadUri(configFile.toURI());
-			// load authIPs
-			XMLListLoader ipLoader =
-				new XMLListLoader("digilib-addresses", "address", "ip", "role");
-			ipList = ipLoader.loadUri(configFile.toURI());
-		} catch (Exception e) {
-			throw new AuthOpException(
-				"ERROR loading authorization config file: " + e);
-		}
-		if ((pathList == null) || (ipList == null)) {
-			throw new AuthOpException("ERROR unable to load authorization config file!");
-		}
-		// setup path tree
-		authPaths = new HashTree(pathList, "/", ",");
-		// setup ip tree
-		authIPs = new HashTree(ipList, ".", ",");
-	}
-
-	/** Return authorization roles needed for request.
-	 *
-	 * Returns the list of authorization roles that are needed to access the
-	 * specified path. No list means the path is free.
-	 *
-	 * The location information of the request is also considered.
-	 *
-	 * @param filepath filepath to be accessed.
-	 * @param request ServletRequest with address information.
-	 * @throws AuthOpException Exception thrown on error.
-	 * @return List of Strings with role names.
-	 */
-	public List<String> rolesForPath(String filepath, HttpServletRequest request)
-		throws digilib.auth.AuthOpException {
-		logger.debug("rolesForPath ("
-				+ filepath
-				+ ") by ["
-				+ request.getRemoteAddr()
-				+ "]");
-
-		// check if the requests address provides a role
-		List<String> provided = authIPs.match(request.getRemoteAddr());
-		if ((provided != null) && (provided.contains("ALL"))) {
-			// ALL switches off checking;
-			return null;
-		}
-		// which roles are required?
-		List<String> required = authPaths.match(filepath);
-		// do any provided roles match?
-		if ((provided != null) && (required != null)) {
-			for (int i = 0; i < provided.size(); i++) {
-				if (required.contains(provided.get(i))) {
-					// satisfied
-					return null;
-				}
-			}
-		}
-		return required;
-	}
-
-}
--- a/servlet/src/main/java/digilib/servlet/DocumentBean.java	Wed Apr 03 21:56:01 2013 +0200
+++ b/servlet/src/main/java/digilib/servlet/DocumentBean.java	Thu Apr 04 11:21:16 2013 +0200
@@ -132,24 +132,6 @@
 	}
 
 	/**
-	 * return a list of authorization roles needed for request to access the
-	 * specified path
-	 */
-	public List<String> rolesForPath(DigilibServletRequest request) throws AuthOpException {
-		logger.debug("rolesForPath");
-		return useAuthentication ? authOp.rolesForPath(request) : null;
-	}
-
-	/**
-	 * check request authorization against a list of roles
-	 */
-	public boolean isRoleAuthorized(List<String> roles, DigilibServletRequest request) {
-		logger.debug("isRoleAuthorized");
-		return useAuthentication ? authOp.isRoleAuthorized(roles, request)
-				: true;
-	}
-
-	/**
 	 * check for authenticated access and redirect if necessary
 	 */
 	public boolean doAuthentication(HttpServletResponse response)
--- a/servlet2/src/main/java/digilib/servlet/Initialiser.java	Wed Apr 03 21:56:01 2013 +0200
+++ b/servlet2/src/main/java/digilib/servlet/Initialiser.java	Thu Apr 04 11:21:16 2013 +0200
@@ -42,7 +42,7 @@
 import org.apache.log4j.xml.DOMConfigurator;
 
 import digilib.auth.AuthOps;
-import digilib.auth.XMLAuthOps;
+import digilib.auth.PathServletAuthOps;
 import digilib.conf.DigilibServletConfiguration;
 import digilib.image.DocuImage;
 import digilib.io.AliasingDocuDirCache;
@@ -134,7 +134,7 @@
 					// XML version
 					File authConf = ServletOps.getConfigFile((File) dlConfig
 							.getValue("auth-file"), context);
-					AuthOps authOp = new XMLAuthOps(authConf);
+					AuthOps authOp = new PathServletAuthOps(authConf);
 					dlConfig.setValue("servlet.auth.op", authOp);
 					dlConfig.setValue("auth-file", authConf);
 				}
--- a/servlet2/src/main/java/digilib/servlet/Scaler.java	Wed Apr 03 21:56:01 2013 +0200
+++ b/servlet2/src/main/java/digilib/servlet/Scaler.java	Thu Apr 04 11:21:16 2013 +0200
@@ -27,7 +27,6 @@
 
 import java.io.File;
 import java.io.IOException;
-import java.util.List;
 import java.util.concurrent.ExecutionException;
 import java.util.concurrent.Future;
 
@@ -54,21 +53,26 @@
 import digilib.util.DigilibJobCenter;
 
 /**
- * Version of Scaler servlet that uses a thread pool but not Servlet 3.0 async API. 
+ * Version of Scaler servlet that uses a thread pool but not Servlet 3.0 async
+ * API.
  */
 public class Scaler extends HttpServlet {
 
     private static final long serialVersionUID = -5439198888139362735L;
 
     /** digilib servlet version (for all components) */
-    public static final String version = "2.1.5 noasync";
+    public static final String version = "2.1.6 noasync";
 
     /** servlet error codes */
-    public static enum Error {UNKNOWN, AUTH, FILE, IMAGE};
-    
+    public static enum Error {
+        UNKNOWN, AUTH, FILE, IMAGE
+    };
+
     /** type of error message */
-    public static enum ErrMsg {IMAGE, TEXT, CODE};
-    
+    public static enum ErrMsg {
+        IMAGE, TEXT, CODE
+    };
+
     /** logger for accounting requests */
     protected static Logger accountlog = Logger.getLogger("account.request");
 
@@ -116,18 +120,14 @@
     public void init(ServletConfig config) throws ServletException {
         super.init(config);
 
-        System.out
-                .println("***** Digital Image Library Image Scaler Servlet (version "
-                        + version + ") *****");
+        System.out.println("***** Digital Image Library Image Scaler Servlet (version " + version + ") *****");
         // say hello in the log file
-        logger.info("***** Digital Image Library Image Scaler Servlet (version "
-                + version + ") *****");
+        logger.info("***** Digital Image Library Image Scaler Servlet (version " + version + ") *****");
 
         // get our ServletContext
         ServletContext context = config.getServletContext();
         // see if there is a Configuration instance
-        dlConfig = (DigilibServletConfiguration) context
-                .getAttribute("digilib.servlet.configuration");
+        dlConfig = (DigilibServletConfiguration) context.getAttribute("digilib.servlet.configuration");
         if (dlConfig == null) {
             // no Configuration
             throw new ServletException("No Configuration!");
@@ -142,8 +142,7 @@
         dirCache = (DocuDirCache) dlConfig.getValue("servlet.dir.cache");
 
         // Executor
-        imageJobCenter = (DigilibJobCenter<DocuImage>) dlConfig
-                .getValue("servlet.worker.imageexecutor");
+        imageJobCenter = (DigilibJobCenter<DocuImage>) dlConfig.getValue("servlet.worker.imageexecutor");
 
         denyImgFile = ServletOps.getFile(dlConfig.getAsFile("denied-image"), context);
         errorImgFile = ServletOps.getFile(dlConfig.getAsFile("error-image"), context);
@@ -151,13 +150,13 @@
         sendFileAllowed = dlConfig.getAsBoolean("sendfile-allowed");
     }
 
-    /** Returns modification time relevant to the request for caching.
+    /**
+     * Returns modification time relevant to the request for caching.
      * 
      * @see javax.servlet.http.HttpServlet#getLastModified(javax.servlet.http.HttpServletRequest)
      */
     public long getLastModified(HttpServletRequest request) {
-        accountlog.debug("GetLastModified from " + request.getRemoteAddr()
-                + " for " + request.getQueryString());
+        accountlog.debug("GetLastModified from " + request.getRemoteAddr() + " for " + request.getQueryString());
         long mtime = -1;
         // create new request
         DigilibServletRequest dlReq = new DigilibServletRequest(request);
@@ -165,47 +164,52 @@
         if (dd != null) {
             mtime = dd.getDirMTime() / 1000 * 1000;
         }
-        logger.debug("  returns "+mtime);
+        logger.debug("  returns " + mtime);
         return mtime;
     }
 
-    /* (non-Javadoc)
-     * @see javax.servlet.http.HttpServlet#doGet(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+    /*
+     * (non-Javadoc)
+     * 
+     * @see
+     * javax.servlet.http.HttpServlet#doGet(javax.servlet.http.HttpServletRequest
+     * , javax.servlet.http.HttpServletResponse)
      */
     public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException {
         accountlog.info("GET from " + request.getRemoteAddr());
         this.processRequest(request, response);
     }
 
-
-    /* (non-Javadoc)
-     * @see javax.servlet.http.HttpServlet#doPost(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+    /*
+     * (non-Javadoc)
+     * 
+     * @see
+     * javax.servlet.http.HttpServlet#doPost(javax.servlet.http.HttpServletRequest
+     * , javax.servlet.http.HttpServletResponse)
      */
     public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException {
         accountlog.info("POST from " + request.getRemoteAddr());
         this.processRequest(request, response);
     }
-    
 
-	protected void doHead(HttpServletRequest req, HttpServletResponse resp)
-			throws ServletException, IOException {
-		logger.debug("HEAD from "+req.getRemoteAddr());
-		super.doHead(req, resp);
-	}
+    protected void doHead(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
+        logger.debug("HEAD from " + req.getRemoteAddr());
+        super.doHead(req, resp);
+    }
 
-	protected void doOptions(HttpServletRequest req, HttpServletResponse resp)
-			throws ServletException, IOException {
-		logger.debug("OPTIONS from "+req.getRemoteAddr());
-		super.doOptions(req, resp);
-	}
+    protected void doOptions(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
+        logger.debug("OPTIONS from " + req.getRemoteAddr());
+        super.doOptions(req, resp);
+    }
 
-	/** Service this request using the response.
+    /**
+     * Service this request using the response.
+     * 
      * @param request
      * @param response
-     * @throws ServletException 
+     * @throws ServletException
      */
-    public void processRequest(HttpServletRequest request,
-            HttpServletResponse response) throws ServletException {
+    public void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException {
 
         if (dlConfig == null) {
             logger.error("ERROR: No Configuration!");
@@ -224,29 +228,23 @@
         // type of error reporting
         ErrMsg errMsgType = ErrMsg.IMAGE;
         if (dlRequest.hasOption("errtxt")) {
-        	errMsgType = ErrMsg.TEXT;
+            errMsgType = ErrMsg.TEXT;
         } else if (dlRequest.hasOption("errcode")) {
-        	errMsgType = ErrMsg.CODE;
+            errMsgType = ErrMsg.CODE;
         }
-        
+
         try {
-        	/*
-        	 *  check if we can fast-track without scaling
-        	 */
+            /*
+             * check if we can fast-track without scaling
+             */
             ImageInput fileToLoad = (ImageInput) jobTicket.getInput();
 
             // check permissions
             if (useAuthorization) {
-                // get a list of required roles (empty if no restrictions)
-                List<String> rolesRequired = authOp.rolesForPath(dlRequest);
-                if (rolesRequired != null) {
-                    authlog.debug("Role required: " + rolesRequired);
-                    authlog.debug("User: " + request.getRemoteUser());
-                    // is the current request/user authorized?
-                    if (!authOp.isRoleAuthorized(rolesRequired, dlRequest)) {
-                        // send deny answer and abort
-                        throw new AuthOpException();
-                    }
+                // is the current request/user authorized?
+                if (!authOp.isAuthorized(dlRequest)) {
+                    // send deny answer and abort
+                    throw new AuthOpException();
                 }
             }
 
@@ -262,8 +260,9 @@
                 return;
             }
 
-            // if possible, send the image without actually having to transform it
-            if (! jobTicket.isTransformRequired()) {
+            // if possible, send the image without actually having to transform
+            // it
+            if (!jobTicket.isTransformRequired()) {
                 logger.debug("Sending File as is.");
                 ServletOps.sendFile(fileToLoad.getFile(), null, null, response, logger);
                 logger.info("Done in " + (System.currentTimeMillis() - startTime) + "ms");
@@ -285,14 +284,13 @@
             // forced destination image type
             String mt = null;
             if (jobTicket.hasOption("jpg")) {
-            	mt = "image/jpeg";
+                mt = "image/jpeg";
             } else if (jobTicket.hasOption("png")) {
-            	mt = "image/png";
+                mt = "image/png";
             }
             // send image
             ServletOps.sendImage(img, mt, response, logger);
-            logger.debug("Job Processing Time: "
-                    + (System.currentTimeMillis() - startTime) + "ms");
+            logger.debug("Job Processing Time: " + (System.currentTimeMillis() - startTime) + "ms");
 
         } catch (ImageOpException e) {
             logger.error(e.getClass() + ": " + e.getMessage());
@@ -322,8 +320,7 @@
      * @param msg
      * @param response
      */
-    public static void digilibError(ErrMsg type, Error error, String msg,
-            HttpServletResponse response) {
+    public static void digilibError(ErrMsg type, Error error, String msg, HttpServletResponse response) {
         try {
             File img = null;
             int status = 0;
--- a/servlet2/src/main/java/digilib/servlet/ScalerNoThread.java	Wed Apr 03 21:56:01 2013 +0200
+++ b/servlet2/src/main/java/digilib/servlet/ScalerNoThread.java	Thu Apr 04 11:21:16 2013 +0200
@@ -25,7 +25,6 @@
 
 import java.io.File;
 import java.io.IOException;
-import java.util.List;
 
 import javax.servlet.ServletConfig;
 import javax.servlet.ServletContext;
@@ -56,14 +55,18 @@
     private static final long serialVersionUID = 1450947819851623306L;
 
     /** digilib servlet version (for all components) */
-    public static final String version = "2.1.5a nothread";
+    public static final String version = "2.1.6 nothread";
 
     /** servlet error codes */
-    public static enum Error {UNKNOWN, AUTH, FILE, IMAGE};
-    
+    public static enum Error {
+        UNKNOWN, AUTH, FILE, IMAGE
+    };
+
     /** type of error message */
-    public static enum ErrMsg {IMAGE, TEXT, CODE};
-    
+    public static enum ErrMsg {
+        IMAGE, TEXT, CODE
+    };
+
     /** logger for accounting requests */
     protected static Logger accountlog = Logger.getLogger("account.request");
 
@@ -107,18 +110,14 @@
     public void init(ServletConfig config) throws ServletException {
         super.init(config);
 
-        System.out
-                .println("***** Digital Image Library Image Scaler Servlet (version "
-                        + version + ") *****");
+        System.out.println("***** Digital Image Library Image Scaler Servlet (version " + version + ") *****");
         // say hello in the log file
-        logger.info("***** Digital Image Library Image Scaler Servlet (version "
-                + version + ") *****");
+        logger.info("***** Digital Image Library Image Scaler Servlet (version " + version + ") *****");
 
         // get our ServletContext
         ServletContext context = config.getServletContext();
         // see if there is a Configuration instance
-        dlConfig = (DigilibServletConfiguration) context
-                .getAttribute("digilib.servlet.configuration");
+        dlConfig = (DigilibServletConfiguration) context.getAttribute("digilib.servlet.configuration");
         if (dlConfig == null) {
             // no Configuration
             throw new ServletException("No Configuration!");
@@ -130,22 +129,19 @@
         // DocuDirCache instance
         dirCache = (DocuDirCache) dlConfig.getValue("servlet.dir.cache");
 
-        denyImgFile = ServletOps.getFile(
-                (File) dlConfig.getValue("denied-image"), context);
-        errorImgFile = ServletOps.getFile(
-                (File) dlConfig.getValue("error-image"), context);
-        notfoundImgFile = ServletOps.getFile(
-                (File) dlConfig.getValue("notfound-image"), context);
+        denyImgFile = ServletOps.getFile((File) dlConfig.getValue("denied-image"), context);
+        errorImgFile = ServletOps.getFile((File) dlConfig.getValue("error-image"), context);
+        notfoundImgFile = ServletOps.getFile((File) dlConfig.getValue("notfound-image"), context);
         sendFileAllowed = dlConfig.getAsBoolean("sendfile-allowed");
     }
 
-    /** Returns modification time relevant to the request for caching.
+    /**
+     * Returns modification time relevant to the request for caching.
      * 
      * @see javax.servlet.http.HttpServlet#getLastModified(javax.servlet.http.HttpServletRequest)
      */
     public long getLastModified(HttpServletRequest request) {
-        accountlog.debug("GetLastModified from " + request.getRemoteAddr()
-                + " for " + request.getQueryString());
+        accountlog.debug("GetLastModified from " + request.getRemoteAddr() + " for " + request.getQueryString());
         long mtime = -1;
         // create new request
         DigilibServletRequest dlReq = new DigilibServletRequest(request);
@@ -153,47 +149,52 @@
         if (dd != null) {
             mtime = dd.getDirMTime() / 1000 * 1000;
         }
-        logger.debug("  returns "+mtime);
+        logger.debug("  returns " + mtime);
         return mtime;
     }
 
-    /* (non-Javadoc)
-     * @see javax.servlet.http.HttpServlet#doGet(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+    /*
+     * (non-Javadoc)
+     * 
+     * @see
+     * javax.servlet.http.HttpServlet#doGet(javax.servlet.http.HttpServletRequest
+     * , javax.servlet.http.HttpServletResponse)
      */
     public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException {
         accountlog.info("GET from " + request.getRemoteAddr());
         this.processRequest(request, response);
     }
 
-
-    /* (non-Javadoc)
-     * @see javax.servlet.http.HttpServlet#doPost(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+    /*
+     * (non-Javadoc)
+     * 
+     * @see
+     * javax.servlet.http.HttpServlet#doPost(javax.servlet.http.HttpServletRequest
+     * , javax.servlet.http.HttpServletResponse)
      */
     public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException {
         accountlog.info("POST from " + request.getRemoteAddr());
         this.processRequest(request, response);
     }
-    
 
-	protected void doHead(HttpServletRequest req, HttpServletResponse resp)
-			throws ServletException, IOException {
-		logger.debug("HEAD from "+req.getRemoteAddr());
-		super.doHead(req, resp);
-	}
+    protected void doHead(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
+        logger.debug("HEAD from " + req.getRemoteAddr());
+        super.doHead(req, resp);
+    }
 
-	protected void doOptions(HttpServletRequest req, HttpServletResponse resp)
-			throws ServletException, IOException {
-		logger.debug("OPTIONS from "+req.getRemoteAddr());
-		super.doOptions(req, resp);
-	}
+    protected void doOptions(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
+        logger.debug("OPTIONS from " + req.getRemoteAddr());
+        super.doOptions(req, resp);
+    }
 
-	/** Service this request using the response.
+    /**
+     * Service this request using the response.
+     * 
      * @param request
      * @param response
-     * @throws ServletException 
+     * @throws ServletException
      */
-    public void processRequest(HttpServletRequest request,
-            HttpServletResponse response) throws ServletException {
+    public void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException {
 
         if (dlConfig == null) {
             logger.error("ERROR: No Configuration!");
@@ -212,29 +213,23 @@
         // type of error reporting
         ErrMsg errMsgType = ErrMsg.IMAGE;
         if (dlRequest.hasOption("errtxt")) {
-        	errMsgType = ErrMsg.TEXT;
+            errMsgType = ErrMsg.TEXT;
         } else if (dlRequest.hasOption("errcode")) {
-        	errMsgType = ErrMsg.CODE;
+            errMsgType = ErrMsg.CODE;
         }
-        
+
         try {
-        	/*
-        	 *  check if we can fast-track without scaling
-        	 */
+            /*
+             * check if we can fast-track without scaling
+             */
             ImageInput fileToLoad = (ImageInput) jobTicket.getInput();
 
             // check permissions
             if (useAuthorization) {
-                // get a list of required roles (empty if no restrictions)
-                List<String> rolesRequired = authOp.rolesForPath(dlRequest);
-                if (rolesRequired != null) {
-                    authlog.debug("Role required: " + rolesRequired);
-                    authlog.debug("User: " + request.getRemoteUser());
-                    // is the current request/user authorized?
-                    if (!authOp.isRoleAuthorized(rolesRequired, dlRequest)) {
-                        // send deny answer and abort
-                        throw new AuthOpException();
-                    }
+                // is the current request/user authorized?
+                if (!authOp.isAuthorized(dlRequest)) {
+                    // send deny answer and abort
+                    throw new AuthOpException();
                 }
             }
 
@@ -250,8 +245,9 @@
                 return;
             }
 
-            // if possible, send the image without actually having to transform it
-            if (! jobTicket.isTransformRequired()) {
+            // if possible, send the image without actually having to transform
+            // it
+            if (!jobTicket.isTransformRequired()) {
                 logger.debug("Sending File as is.");
                 ServletOps.sendFile(fileToLoad.getFile(), null, null, response, logger);
                 logger.info("Done in " + (System.currentTimeMillis() - startTime) + "ms");
@@ -265,14 +261,13 @@
             // forced destination image type
             String mt = null;
             if (jobTicket.hasOption("jpg")) {
-            	mt = "image/jpeg";
+                mt = "image/jpeg";
             } else if (jobTicket.hasOption("png")) {
-            	mt = "image/png";
+                mt = "image/png";
             }
             // send image
             ServletOps.sendImage(img, mt, response, logger);
-            logger.debug("Job Processing Time: "
-                    + (System.currentTimeMillis() - startTime) + "ms");
+            logger.debug("Job Processing Time: " + (System.currentTimeMillis() - startTime) + "ms");
 
         } catch (ImageOpException e) {
             logger.error(e.getClass() + ": " + e.getMessage());
@@ -295,8 +290,7 @@
      * @param msg
      * @param response
      */
-    public static void digilibError(ErrMsg type, Error error, String msg,
-            HttpServletResponse response) {
+    public static void digilibError(ErrMsg type, Error error, String msg, HttpServletResponse response) {
         try {
             File img = null;
             int status = 0;
--- a/servlet3/src/main/java/digilib/servlet/Initialiser.java	Wed Apr 03 21:56:01 2013 +0200
+++ b/servlet3/src/main/java/digilib/servlet/Initialiser.java	Thu Apr 04 11:21:16 2013 +0200
@@ -43,7 +43,7 @@
 import org.apache.log4j.xml.DOMConfigurator;
 
 import digilib.auth.AuthOps;
-import digilib.auth.XMLAuthOps;
+import digilib.auth.PathServletAuthOps;
 import digilib.conf.DigilibConfiguration;
 import digilib.conf.DigilibServletConfiguration;
 import digilib.image.DocuImage;
@@ -138,7 +138,7 @@
 					// XML version
 					File authConf = ServletOps.getConfigFile((File) dlConfig
 							.getValue("auth-file"), context);
-					AuthOps authOp = new XMLAuthOps(authConf);
+					AuthOps authOp = new PathServletAuthOps(authConf);
 					dlConfig.setValue("servlet.auth.op", authOp);
 					dlConfig.setValue("auth-file", authConf);
 				}
--- a/servlet3/src/main/java/digilib/servlet/Scaler.java	Wed Apr 03 21:56:01 2013 +0200
+++ b/servlet3/src/main/java/digilib/servlet/Scaler.java	Thu Apr 04 11:21:16 2013 +0200
@@ -28,7 +28,6 @@
 
 import java.io.File;
 import java.io.IOException;
-import java.util.List;
 
 import javax.servlet.AsyncContext;
 import javax.servlet.ServletConfig;
@@ -121,18 +120,14 @@
     public void init(ServletConfig config) throws ServletException {
         super.init(config);
 
-        System.out
-                .println("***** Digital Image Library Image Scaler Servlet (version "
-                        + version + ") *****");
+        System.out.println("***** Digital Image Library Image Scaler Servlet (version " + version + ") *****");
         // say hello in the log file
-        logger.info("***** Digital Image Library Image Scaler Servlet (version "
-                + version + ") *****");
+        logger.info("***** Digital Image Library Image Scaler Servlet (version " + version + ") *****");
 
         // get our ServletContext
         ServletContext context = config.getServletContext();
         // see if there is a Configuration instance
-        dlConfig = (DigilibConfiguration) context
-                .getAttribute("digilib.servlet.configuration");
+        dlConfig = (DigilibConfiguration) context.getAttribute("digilib.servlet.configuration");
         if (dlConfig == null) {
             // no Configuration
             throw new ServletException("No Configuration!");
@@ -147,16 +142,14 @@
         dirCache = (DocuDirCache) dlConfig.getValue("servlet.dir.cache");
 
         // Executor
-        imageJobCenter = (DigilibJobCenter<DocuImage>) dlConfig
-                .getValue("servlet.worker.imageexecutor");
+        imageJobCenter = (DigilibJobCenter<DocuImage>) dlConfig.getValue("servlet.worker.imageexecutor");
 
         denyImgFile = ServletOps.getFile(dlConfig.getAsFile("denied-image"), context);
         errorImgFile = ServletOps.getFile(dlConfig.getAsFile("error-image"), context);
         notfoundImgFile = ServletOps.getFile(dlConfig.getAsFile("notfound-image"), context);
         sendFileAllowed = dlConfig.getAsBoolean("sendfile-allowed");
         try {
-            defaultErrMsgType = ErrMsg.valueOf(dlConfig
-                    .getAsString("default-errmsg-type"));
+            defaultErrMsgType = ErrMsg.valueOf(dlConfig.getAsString("default-errmsg-type"));
         } catch (Exception e) {
             // nothing to do
         }
@@ -168,8 +161,7 @@
      * @see javax.servlet.http.HttpServlet#getLastModified(javax.servlet.http.HttpServletRequest)
      */
     public long getLastModified(HttpServletRequest request) {
-        accountlog.debug("GetLastModified from " + request.getRemoteAddr()
-                + " for " + request.getQueryString());
+        accountlog.debug("GetLastModified from " + request.getRemoteAddr() + " for " + request.getQueryString());
         long mtime = -1;
         try {
             // create new digilib request
@@ -192,8 +184,7 @@
      * javax.servlet.http.HttpServlet#doGet(javax.servlet.http.HttpServletRequest
      * , javax.servlet.http.HttpServletResponse)
      */
-    public void doGet(HttpServletRequest request, HttpServletResponse response)
-            throws ServletException {
+    public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException {
         accountlog.info("GET from " + request.getRemoteAddr());
         this.processRequest(request, response);
     }
@@ -205,20 +196,17 @@
      * javax.servlet.http.HttpServlet#doPost(javax.servlet.http.HttpServletRequest
      * , javax.servlet.http.HttpServletResponse)
      */
-    public void doPost(HttpServletRequest request, HttpServletResponse response)
-            throws ServletException {
+    public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException {
         accountlog.info("POST from " + request.getRemoteAddr());
         this.processRequest(request, response);
     }
 
-    protected void doHead(HttpServletRequest req, HttpServletResponse resp)
-            throws ServletException, IOException {
+    protected void doHead(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
         logger.debug("HEAD from " + req.getRemoteAddr());
         super.doHead(req, resp);
     }
 
-    protected void doOptions(HttpServletRequest req, HttpServletResponse resp)
-            throws ServletException, IOException {
+    protected void doOptions(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
         logger.debug("OPTIONS from " + req.getRemoteAddr());
         super.doOptions(req, resp);
     }
@@ -230,8 +218,7 @@
      * @param response
      * @throws ServletException
      */
-    public void processRequest(HttpServletRequest request,
-            HttpServletResponse response) throws ServletException {
+    public void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException {
 
         if (dlConfig == null) {
             logger.error("ERROR: No Configuration!");
@@ -248,8 +235,7 @@
         // parse request
         DigilibServletRequest dlRequest = new DigilibServletRequest(request);
         // extract the job information
-        final ImageJobDescription jobTicket = ImageJobDescription.getInstance(
-                dlRequest, dlConfig);
+        final ImageJobDescription jobTicket = ImageJobDescription.getInstance(dlRequest, dlConfig);
 
         // type of error reporting
         ErrMsg errMsgType = defaultErrMsgType;
@@ -269,16 +255,10 @@
 
             // check permissions
             if (useAuthorization) {
-                // get a list of required roles (empty if no restrictions)
-                List<String> rolesRequired = authOp.rolesForPath(dlRequest);
-                if (rolesRequired != null) {
-                    authlog.debug("Role required: " + rolesRequired);
-                    authlog.debug("User: " + request.getRemoteUser());
-                    // is the current request/user authorized?
-                    if (!authOp.isRoleAuthorized(rolesRequired, dlRequest)) {
-                        // send deny answer and abort
-                        throw new AuthOpException();
-                    }
+                // is the current request/user authorized?
+                if (!authOp.isAuthorized(dlRequest)) {
+                    // send deny answer and abort
+                    throw new AuthOpException();
                 }
             }
 
@@ -289,10 +269,8 @@
                     mt = "application/octet-stream";
                 }
                 logger.debug("Sending RAW File as is.");
-                ServletOps.sendFile(fileToLoad.getFile(), mt, null, response,
-                        logger);
-                logger.info("Done in "
-                        + (System.currentTimeMillis() - startTime) + "ms");
+                ServletOps.sendFile(fileToLoad.getFile(), mt, null, response, logger);
+                logger.info("Done in " + (System.currentTimeMillis() - startTime) + "ms");
                 return;
             }
 
@@ -300,10 +278,8 @@
             // it
             if (!jobTicket.isTransformRequired()) {
                 logger.debug("Sending File as is.");
-                ServletOps.sendFile(fileToLoad.getFile(), null, null, response,
-                        logger);
-                logger.info("Done in "
-                        + (System.currentTimeMillis() - startTime) + "ms");
+                ServletOps.sendFile(fileToLoad.getFile(), null, null, response, logger);
+                logger.info("Done in " + (System.currentTimeMillis() - startTime) + "ms");
                 return;
             }
 
@@ -317,8 +293,7 @@
             // worker job is done asynchronously
             AsyncContext asyncCtx = request.startAsync(request, response);
             // create job
-            AsyncServletWorker job = new AsyncServletWorker(dlConfig,
-                    jobTicket, asyncCtx, errMsgType, startTime);
+            AsyncServletWorker job = new AsyncServletWorker(dlConfig, jobTicket, asyncCtx, errMsgType, startTime);
             // AsyncServletWorker is its own AsyncListener
             asyncCtx.addListener(job);
             // submit job
@@ -349,8 +324,7 @@
      * @param msg
      * @param response
      */
-    public static void digilibError(ErrMsg type, Error error, String msg,
-            HttpServletResponse response) {
+    public static void digilibError(ErrMsg type, Error error, String msg, HttpServletResponse response) {
         try {
             File img = null;
             int status = 0;