From 2495be9ecfa8aea47e285f63b5bb27b0c133b1f8 Mon Sep 17 00:00:00 2001 From: Andrew Branson Date: Mon, 30 Jun 2014 23:03:03 +0200 Subject: Separated modifying Lookup methods into LookupManager, which is only present in a server process. This stops clients trying to write to the directory without relying on their permissions. --- .../com/c2kernel/lifecycle/instance/predefined/AddDomainPath.java | 7 ++----- .../c2kernel/lifecycle/instance/predefined/RemoveDomainPath.java | 8 ++++---- .../instance/predefined/agent/CreateAgentFromDescription.java | 4 ++-- .../c2kernel/lifecycle/instance/predefined/agent/RemoveAgent.java | 7 +++++-- .../lifecycle/instance/predefined/agent/SetAgentPassword.java | 5 ++++- .../instance/predefined/item/CreateItemFromDescription.java | 4 ++-- .../com/c2kernel/lifecycle/instance/predefined/item/Erase.java | 4 ++-- .../lifecycle/instance/predefined/server/AddDomainContext.java | 5 ++++- .../lifecycle/instance/predefined/server/RemoveDomainContext.java | 5 ++++- 9 files changed, 29 insertions(+), 20 deletions(-) (limited to 'src/main/java/com/c2kernel/lifecycle/instance') diff --git a/src/main/java/com/c2kernel/lifecycle/instance/predefined/AddDomainPath.java b/src/main/java/com/c2kernel/lifecycle/instance/predefined/AddDomainPath.java index 3da17e9..4c02cbb 100644 --- a/src/main/java/com/c2kernel/lifecycle/instance/predefined/AddDomainPath.java +++ b/src/main/java/com/c2kernel/lifecycle/instance/predefined/AddDomainPath.java @@ -15,7 +15,7 @@ import com.c2kernel.lookup.AgentPath; import com.c2kernel.lookup.DomainPath; import com.c2kernel.lookup.InvalidItemPathException; import com.c2kernel.lookup.ItemPath; -import com.c2kernel.lookup.Lookup; +import com.c2kernel.lookup.LookupManager; import com.c2kernel.process.Gateway; import com.c2kernel.utils.Logger; @@ -31,14 +31,11 @@ public class AddDomainPath extends PredefinedStep protected String runActivityLogic(AgentPath agent, int itemSysKey, int transitionID, String requestData) throws InvalidDataException { - Logger.msg(8,"AddAlias::request()"); - Lookup lookupManager = Gateway.getLookup(); - Logger.msg(1,"AddAlias::request() - Starting."); - try { + LookupManager lookupManager = Gateway.getLookupManager(); DomainPath domainPath = new DomainPath(getDataList(requestData)[0], new ItemPath(itemSysKey)); lookupManager.add(domainPath); Logger.msg(8,"AddDomainPath::request() - systemKey:" + itemSysKey + diff --git a/src/main/java/com/c2kernel/lifecycle/instance/predefined/RemoveDomainPath.java b/src/main/java/com/c2kernel/lifecycle/instance/predefined/RemoveDomainPath.java index 1ee5e8c..df1c44e 100644 --- a/src/main/java/com/c2kernel/lifecycle/instance/predefined/RemoveDomainPath.java +++ b/src/main/java/com/c2kernel/lifecycle/instance/predefined/RemoveDomainPath.java @@ -11,11 +11,10 @@ package com.c2kernel.lifecycle.instance.predefined; import com.c2kernel.common.InvalidDataException; -import com.c2kernel.common.ObjectCannotBeUpdated; import com.c2kernel.common.ObjectNotFoundException; import com.c2kernel.lookup.AgentPath; import com.c2kernel.lookup.DomainPath; -import com.c2kernel.lookup.Lookup; +import com.c2kernel.lookup.LookupManager; import com.c2kernel.process.Gateway; import com.c2kernel.utils.Logger; @@ -32,7 +31,7 @@ public class RemoveDomainPath extends PredefinedStep int transitionID, String requestData) throws InvalidDataException { Logger.msg(8,"RemoveDomainPath::request()"); - Lookup lookupManager = Gateway.getLookup(); + Logger.msg(1,"RemoveDomainPath::request() - Starting."); @@ -49,10 +48,11 @@ public class RemoveDomainPath extends PredefinedStep throw new InvalidDataException("Domain path "+domainPath.toString()+" is a context.", ""); } try { + LookupManager lookupManager = Gateway.getLookupManager(); lookupManager.delete(domainPath); Logger.msg(8,"AddAlias::request() - context:" + domainPath.toString() + " DONE."); return requestData; - } catch (ObjectCannotBeUpdated ex) { + } catch (Exception ex) { Logger.error(ex); throw new InvalidDataException("Problem updating directory", ""); } diff --git a/src/main/java/com/c2kernel/lifecycle/instance/predefined/agent/CreateAgentFromDescription.java b/src/main/java/com/c2kernel/lifecycle/instance/predefined/agent/CreateAgentFromDescription.java index 78ef5a9..f311dc1 100644 --- a/src/main/java/com/c2kernel/lifecycle/instance/predefined/agent/CreateAgentFromDescription.java +++ b/src/main/java/com/c2kernel/lifecycle/instance/predefined/agent/CreateAgentFromDescription.java @@ -68,7 +68,7 @@ public class CreateAgentFromDescription extends CreateItemFromDescription CorbaServer factory = Gateway.getCorbaServer(); if (factory == null) throw new AccessRightsException("This process cannot create new Items", ""); ActiveEntity newAgent = (ActiveEntity)factory.createEntity(newAgentPath); - Gateway.getLookup().add(newAgentPath); + Gateway.getLookupManager().add(newAgentPath); // initialise it with its properties and workflow @@ -85,7 +85,7 @@ public class CreateAgentFromDescription extends CreateItemFromDescription // add its domain path Logger.msg(3, "CreateItemFromDescription - Creating "+context); context.setEntity(newAgentPath); - Gateway.getLookup().add(context); + Gateway.getLookupManager().add(context); return requestData; } catch (Exception e) { Logger.error(e); diff --git a/src/main/java/com/c2kernel/lifecycle/instance/predefined/agent/RemoveAgent.java b/src/main/java/com/c2kernel/lifecycle/instance/predefined/agent/RemoveAgent.java index 80281cc..0630f6c 100644 --- a/src/main/java/com/c2kernel/lifecycle/instance/predefined/agent/RemoveAgent.java +++ b/src/main/java/com/c2kernel/lifecycle/instance/predefined/agent/RemoveAgent.java @@ -1,5 +1,6 @@ package com.c2kernel.lifecycle.instance.predefined.agent; +import com.c2kernel.common.CannotManageException; import com.c2kernel.common.InvalidDataException; import com.c2kernel.common.ObjectCannotBeUpdated; import com.c2kernel.common.ObjectNotFoundException; @@ -41,6 +42,8 @@ public class RemoveAgent extends PredefinedStep { } catch (ObjectNotFoundException e) { Logger.error(e); throw new InvalidDataException("Tried to remove "+agentName+" from Role "+role.getName()+" that doesn't exist.", ""); + } catch (CannotManageException e) { + throw new InvalidDataException("Tried to alter roles in a non-server process.", ""); } } @@ -54,8 +57,8 @@ public class RemoveAgent extends PredefinedStep { //remove entity path try { - Gateway.getLookup().delete(targetAgent); - } catch (ObjectCannotBeUpdated e) { + Gateway.getLookupManager().delete(targetAgent); + } catch (Exception e) { throw new InvalidDataException("Error deleting AgentPath for "+agentName, ""); } return requestData; diff --git a/src/main/java/com/c2kernel/lifecycle/instance/predefined/agent/SetAgentPassword.java b/src/main/java/com/c2kernel/lifecycle/instance/predefined/agent/SetAgentPassword.java index 102e8e2..09fdefe 100644 --- a/src/main/java/com/c2kernel/lifecycle/instance/predefined/agent/SetAgentPassword.java +++ b/src/main/java/com/c2kernel/lifecycle/instance/predefined/agent/SetAgentPassword.java @@ -2,6 +2,7 @@ package com.c2kernel.lifecycle.instance.predefined.agent; import java.security.NoSuchAlgorithmException; +import com.c2kernel.common.CannotManageException; import com.c2kernel.common.InvalidDataException; import com.c2kernel.common.ObjectCannotBeUpdated; import com.c2kernel.common.ObjectNotFoundException; @@ -36,7 +37,7 @@ public class SetAgentPassword extends PredefinedStep { throw new InvalidDataException("Requires 1 param: new password", ""); try { - Gateway.getLookup().setAgentPassword(targetAgent, params[0]); + Gateway.getLookupManager().setAgentPassword(targetAgent, params[0]); } catch (ObjectNotFoundException e) { Logger.error(e); throw new InvalidDataException("Agent "+agentName+" not found.", ""); @@ -46,6 +47,8 @@ public class SetAgentPassword extends PredefinedStep { } catch (NoSuchAlgorithmException e) { Logger.error(e); throw new InvalidDataException("Cryptographic libraries for password hashing not found.", ""); + } catch (CannotManageException e) { + throw new InvalidDataException("Cannot set agent password in a non-server process.", ""); } params[1] = "REDACTED"; // censor user's password from outcome diff --git a/src/main/java/com/c2kernel/lifecycle/instance/predefined/item/CreateItemFromDescription.java b/src/main/java/com/c2kernel/lifecycle/instance/predefined/item/CreateItemFromDescription.java index 5d6c0b9..f63c188 100644 --- a/src/main/java/com/c2kernel/lifecycle/instance/predefined/item/CreateItemFromDescription.java +++ b/src/main/java/com/c2kernel/lifecycle/instance/predefined/item/CreateItemFromDescription.java @@ -89,7 +89,7 @@ public class CreateItemFromDescription extends PredefinedStep CorbaServer factory = Gateway.getCorbaServer(); if (factory == null) throw new AccessRightsException("This process cannot create new Items", ""); TraceableEntity newItem = (TraceableEntity)factory.createEntity(entityPath); - Gateway.getLookup().add(entityPath); + Gateway.getLookupManager().add(entityPath); // initialise it with its properties and workflow @@ -106,7 +106,7 @@ public class CreateItemFromDescription extends PredefinedStep // add its domain path Logger.msg(3, "CreateItemFromDescription - Creating "+context); context.setEntity(entityPath); - Gateway.getLookup().add(context); + Gateway.getLookupManager().add(context); return requestData; } catch (Exception e) { Logger.error(e); diff --git a/src/main/java/com/c2kernel/lifecycle/instance/predefined/item/Erase.java b/src/main/java/com/c2kernel/lifecycle/instance/predefined/item/Erase.java index 2e868c4..81eb329 100644 --- a/src/main/java/com/c2kernel/lifecycle/instance/predefined/item/Erase.java +++ b/src/main/java/com/c2kernel/lifecycle/instance/predefined/item/Erase.java @@ -53,14 +53,14 @@ public class Erase extends PredefinedStep DomainPath path = (DomainPath)domPaths.next(); // delete them if (path.getSysKey() == itemSysKey) - Gateway.getLookup().delete(path); + Gateway.getLookupManager().delete(path); } //clear out all storages Gateway.getStorage().removeCluster(itemSysKey, "", null); //remove entity path - Gateway.getLookup().delete(new ItemPath(itemSysKey)); + Gateway.getLookupManager().delete(new ItemPath(itemSysKey)); } catch( Exception ex ) { diff --git a/src/main/java/com/c2kernel/lifecycle/instance/predefined/server/AddDomainContext.java b/src/main/java/com/c2kernel/lifecycle/instance/predefined/server/AddDomainContext.java index a931143..585f96f 100644 --- a/src/main/java/com/c2kernel/lifecycle/instance/predefined/server/AddDomainContext.java +++ b/src/main/java/com/c2kernel/lifecycle/instance/predefined/server/AddDomainContext.java @@ -2,6 +2,7 @@ package com.c2kernel.lifecycle.instance.predefined.server; import java.util.Stack; +import com.c2kernel.common.CannotManageException; import com.c2kernel.common.InvalidDataException; import com.c2kernel.common.ObjectAlreadyExistsException; import com.c2kernel.common.ObjectCannotBeUpdated; @@ -35,12 +36,14 @@ public class AddDomainContext extends PredefinedStep { while(!pathsToAdd.empty()) { pathToAdd = pathsToAdd.pop(); try { - Gateway.getLookup().add(pathToAdd); + Gateway.getLookupManager().add(pathToAdd); } catch (ObjectAlreadyExistsException e) { Logger.error("Context "+pathToAdd+" inconsistently exists."); } catch (ObjectCannotBeUpdated e) { Logger.error(e); throw new InvalidDataException("Exception adding path "+pathToAdd+": "+e.getMessage(), ""); + } catch (CannotManageException e) { + throw new InvalidDataException("Cannot alter directory in a non-server process", ""); } } return requestData; diff --git a/src/main/java/com/c2kernel/lifecycle/instance/predefined/server/RemoveDomainContext.java b/src/main/java/com/c2kernel/lifecycle/instance/predefined/server/RemoveDomainContext.java index a55f7dd..956166a 100644 --- a/src/main/java/com/c2kernel/lifecycle/instance/predefined/server/RemoveDomainContext.java +++ b/src/main/java/com/c2kernel/lifecycle/instance/predefined/server/RemoveDomainContext.java @@ -1,5 +1,6 @@ package com.c2kernel.lifecycle.instance.predefined.server; +import com.c2kernel.common.CannotManageException; import com.c2kernel.common.InvalidDataException; import com.c2kernel.common.ObjectCannotBeUpdated; import com.c2kernel.common.ObjectNotFoundException; @@ -31,10 +32,12 @@ public class RemoveDomainContext extends PredefinedStep { throw new InvalidDataException("Context "+pathToDelete+" is not empty. Cannot delete.", ""); try { - Gateway.getLookup().delete(pathToDelete); + Gateway.getLookupManager().delete(pathToDelete); } catch (ObjectCannotBeUpdated e) { Logger.error(e); throw new InvalidDataException("Exception deleting path"+pathToDelete+": "+e.getMessage(), ""); + } catch (CannotManageException e) { + throw new InvalidDataException("Cannot alter directory in a non-server process", ""); } return requestData; } -- cgit v1.2.3