Fix #316

ceskaexpedice · Mar 30, 2016 · 07b4ee9 · 07b4ee9 · leiblix · Mar 30, 2016
1 parent 71b6b14
commit 07b4ee9
Show file tree

Hide file tree

Showing 16 changed files with 158 additions and 67 deletions.
diff --git a/common/src/main/java/cz/incad/kramerius/database/impl/res/current.db.version b/common/src/main/java/cz/incad/kramerius/database/impl/res/current.db.version
@@ -1 +1 @@
-6.6.1
+6.6.2
diff --git a/common/src/main/java/cz/incad/kramerius/processes/LRProcess.java b/common/src/main/java/cz/incad/kramerius/processes/LRProcess.java
@@ -80,7 +80,7 @@ public interface LRProcess {
 	 * Plan process to start
 	 * @param paramsMapping Parameters mapping
 	 */
-	public void planMe(Properties paramsMapping);
+	public void planMe(Properties paramsMapping, String ipAddress);
 
 
 
@@ -336,4 +336,16 @@ public interface LRProcess {
      */
     public void setParametersMapping(Properties parametersMapping);
 
+    /**
+     * Returns IP address associated with HTTP request
+     * @return
+     */
+    public String getPlannedIPAddress();
+
+    /**
+     * Sets IP address 
+     * @param ipAddr
+     */
+    public void setPlannedIPAddress(String ipAddr);
+
 }
diff --git a/common/src/main/java/cz/incad/kramerius/processes/database/ProcessDatabaseInitializator.java b/common/src/main/java/cz/incad/kramerius/processes/database/ProcessDatabaseInitializator.java
@@ -16,6 +16,8 @@
  */
 package cz.incad.kramerius.processes.database;
 
+import static cz.incad.kramerius.database.cond.ConditionsInterpretHelper.versionCondition;
+
 import java.io.IOException;
 import java.io.InputStream;
 import java.nio.charset.Charset;
@@ -61,6 +63,9 @@ public static void initDatabase(Connection connection, VersionService versionSer
                     alterProcessTableAuthToken(connection);
                     alterProcessTableProcess2TokenAuthToken(connection);
                 }
+                if (!DatabaseUtils.columnExists(connection, "PROCESSES","IP_ADDR")) {
+                    alterProcessTableIPADDR(connection);
+                }
             } else if ((v.equals("5.0.0")) || (v.equals("5.1.0")))  {
                 if (!DatabaseUtils.columnExists(connection, "PROCESSES","BATCH_STATUS")) {
                     alterProcessTableBatchState(connection);
@@ -76,6 +81,9 @@ public static void initDatabase(Connection connection, VersionService versionSer
                     alterProcessTableAuthToken(connection);
                     alterProcessTableProcess2TokenAuthToken(connection);
                 }
+                if (!DatabaseUtils.columnExists(connection, "PROCESSES","IP_ADDR")) {
+                    alterProcessTableIPADDR(connection);
+                }
             } else if (v.equals("5.1.0"))  {
                 if (!DatabaseUtils.columnExists(connection, "PROCESSES","FINISHED")) {
                     alterProcessTableFinished(connection);
@@ -87,6 +95,9 @@ public static void initDatabase(Connection connection, VersionService versionSer
                     alterProcessTableAuthToken(connection);
                     alterProcessTableProcess2TokenAuthToken(connection);
                 }
+                if (!DatabaseUtils.columnExists(connection, "PROCESSES","IP_ADDR")) {
+                    alterProcessTableIPADDR(connection);
+                }
             } else if (v.equals("5.2.0"))  {
                 if (!DatabaseUtils.columnExists(connection, "PROCESSES","TOKEN_ACTIVE")) {
                     alterProcessTableTokenActive(connection);
@@ -95,11 +106,21 @@ public static void initDatabase(Connection connection, VersionService versionSer
                     alterProcessTableAuthToken(connection);
                     alterProcessTableProcess2TokenAuthToken(connection);
                 }
+                if (!DatabaseUtils.columnExists(connection, "PROCESSES","IP_ADDR")) {
+                    alterProcessTableIPADDR(connection);
+                }
             } else if (v.equals("5.3.0"))  {
                 if (!DatabaseUtils.columnExists(connection, "PROCESSES","AUTH_TOKEN")) {
                     alterProcessTableAuthToken(connection);
                     alterProcessTableProcess2TokenAuthToken(connection);
                 }
+                if (!DatabaseUtils.columnExists(connection, "PROCESSES","IP_ADDR")) {
+                    alterProcessTableIPADDR(connection);
+                }
+            } else if (versionCondition(v, ">", "5.3.0"))  {
+                if (!DatabaseUtils.columnExists(connection, "PROCESSES","IP_ADDR")) {
+                    alterProcessTableIPADDR(connection);
+                }
             }
         } catch (SQLException e) {
             LOGGER.log(Level.SEVERE,e.getMessage(),e);
@@ -108,6 +129,17 @@ public static void initDatabase(Connection connection, VersionService versionSer
         }
     }
 
+    private static void alterProcessTableIPADDR(Connection con) throws SQLException {
+        PreparedStatement prepareStatement = con.prepareStatement(
+                "ALTER TABLE PROCESSES ADD COLUMN IP_ADDR VARCHAR(255);");
+            try {
+                int r = prepareStatement.executeUpdate();
+                LOGGER.log(Level.FINEST, "ALTER TABLE: updated rows {0}", r);
+            } finally {
+                DatabaseUtils.tryClose(prepareStatement);
+            }
+    }
+
     /** No version defined in db */
     public static void nullVersionInitialization(Connection connection) throws SQLException, IOException {
         if (!DatabaseUtils.tableExists(connection,"PROCESSES")) {
@@ -148,6 +180,9 @@ public static void nullVersionInitialization(Connection connection) throws SQLEx
             alterProcessTableAuthToken(connection);
             alterProcessTableProcess2TokenAuthToken(connection);
         }
+        if (!DatabaseUtils.columnExists(connection, "PROCESSES","IP_ADDR")) {
+            alterProcessTableIPADDR(connection);
+        }
     }
 
     public static void createToken2SessionkeysMapping(Connection connection) throws SQLException, IOException {

diff --git a/common/src/main/java/cz/incad/kramerius/processes/database/ProcessDatabaseUtils.java b/common/src/main/java/cz/incad/kramerius/processes/database/ProcessDatabaseUtils.java
@@ -109,8 +109,10 @@ public static void registerProcess(Connection con, LRProcess lp, User user, Stri
                 "   PARAMS_MAPPING , " + //11
                 "   BATCH_STATUS ," + //12
                 "   TOKEN_ACTIVE, " + //
-                "   AUTH_TOKEN) " + // 13
-                "       values " +
+                "   AUTH_TOKEN,"+ //13
+                "   IP_ADDR"+ // 14
+                "   ) " + 
+                "   values " +
                 "   (" +
                 "       ?," + //1 - DEFID
                 "       ?," + //2 - UUID
@@ -126,7 +128,8 @@ public static void registerProcess(Connection con, LRProcess lp, User user, Stri
                 "       ?," + //11 PARAMS_MAPPING
                 "       ?," + //12 BATCH_STATUS
                 "       TRUE," + //
-                "       ?" + //13 AUTH_TOKEN
+                "       ?," + //13 AUTH_TOKEN
+                "       ?" + //14 IP_ADDR
                 "   )");
         try {
             prepareStatement.setString(1, lp.getDefinitionId());
@@ -156,6 +159,7 @@ public static void registerProcess(Connection con, LRProcess lp, User user, Stri
             prepareStatement.setString(11, storedParams);
             prepareStatement.setInt(12, lp.getBatchState().getVal());
             prepareStatement.setString(13, lp.getAuthToken());
+            prepareStatement.setString(14, lp.getPlannedIPAddress());
 
             prepareStatement.executeUpdate();
         } finally {
@@ -297,7 +301,7 @@ public static void deleteTokenMappings(LRProcess lrProcess, Connection con) thro
     public static String [] QUERY_PROCESS_COLUMNS= {
         "p.DEFID,PID", "p.UUID", "p.STATUS", "p.PLANNED", "p.STARTED",
         "p.NAME AS PNAME", "p.PARAMS", "p.STARTEDBY", "p.TOKEN", "p.FINISHED", 
-        "p.loginname","p.surname","p.firstname","p.user_key","p.params_mapping", "p.batch_status","p.AUTH_TOKEN" 
+        "p.loginname","p.surname","p.firstname","p.user_key","p.params_mapping", "p.batch_status","p.AUTH_TOKEN","p.IP_ADDR" 
     };
 
 

diff --git a/common/src/main/java/cz/incad/kramerius/processes/impl/AbstractLRProcessImpl.java b/common/src/main/java/cz/incad/kramerius/processes/impl/AbstractLRProcessImpl.java
@@ -36,6 +36,7 @@
 import cz.incad.kramerius.processes.LRProcessManager;
 import cz.incad.kramerius.processes.States;
 import cz.incad.kramerius.security.User;
+import cz.incad.kramerius.utils.IPAddressUtils;
 import cz.incad.kramerius.utils.conf.KConfiguration;
 
 public abstract class AbstractLRProcessImpl implements LRProcess {
@@ -62,7 +63,7 @@ public abstract class AbstractLRProcessImpl implements LRProcess {
     private String loginname;
     private String firstname;
     private String surname;
-
+    
     private User user;
     private String loggedUserKey;
 
@@ -71,9 +72,12 @@ public abstract class AbstractLRProcessImpl implements LRProcess {
     private boolean masterProcess;
 
     private List<String> parameters = new ArrayList<String>();
-
     private Properties parametersMapping = new Properties();
 
+    private String ipAddress;
+
+
+
     public AbstractLRProcessImpl(LRProcessDefinition definition,
             LRProcessManager manager, KConfiguration configuration) {
         super();
@@ -113,10 +117,11 @@ public long getStartTime() {
         return this.startTime;
     }
 
-    public void planMe(Properties paramsMapping) {
+    public void planMe(Properties paramsMapping, String ipAddress) {
         this.state = States.PLANNED;
+        this.ipAddress = ipAddress;
         this.setPlannedTime(System.currentTimeMillis());
-
+        
         manager.registerLongRunningProcess(this, getLoggedUserKey(),
                 paramsMapping);
     }
@@ -141,8 +146,8 @@ public void startMe(boolean wait, String krameriusAppLib,
             command.add("-D" + ProcessStarter.MAIN_CLASS_KEY + "="
                     + this.definition.getMainClass());
 
-//            command.add("-D" + IsActionAllowedFromRequest.X_IP_FORWARD + "="
-//                    + remoteAddr);
+            command.add("-D" + IPAddressUtils.X_IP_FORWARD + "="
+                    + this.ipAddress);
 
             command.add("-D" + ProcessStarter.UUID_KEY + "=" + this.uuid);
             command.add("-D" + ProcessStarter.TOKEN_KEY + "="
@@ -473,4 +478,15 @@ public long getFinishedTime() {
     public void setFinishedTime(long finishedtime) {
         this.finishedTime = finishedtime;
     }
+
+    @Override
+    public String getPlannedIPAddress() {
+        return this.ipAddress;
+    }
+
+    @Override
+    public void setPlannedIPAddress(String ipAddr) {
+        this.ipAddress = ipAddr;
+    }
+
 }
diff --git a/common/src/main/java/cz/incad/kramerius/processes/impl/DatabaseProcessManager.java b/common/src/main/java/cz/incad/kramerius/processes/impl/DatabaseProcessManager.java
@@ -453,6 +453,7 @@ private LRProcess processFromResultSet(ResultSet rs) throws SQLException {
         String userKey = rs.getString("USER_KEY");
         String paramsMapping = rs.getString("params_mapping");
         int batchStatus = rs.getInt("BATCH_STATUS");
+        String ipAddr = rs.getString("IP_ADDR");
 
 
         LRProcessDefinition definition = this.lrpdm.getLongRunningProcessDefinition(definitionId);
@@ -485,6 +486,9 @@ private LRProcess processFromResultSet(ResultSet rs) throws SQLException {
         if (finished != null) {
             process.setFinishedTime(finished.getTime());
         }
+        if (ipAddr != null) {
+            process.setPlannedIPAddress(ipAddr);
+        }
 
         return process;
     }

diff --git a/common/src/main/java/cz/incad/kramerius/processes/impl/ProcessStarter.java b/common/src/main/java/cz/incad/kramerius/processes/impl/ProcessStarter.java
@@ -44,7 +44,7 @@
 import cz.incad.kramerius.processes.annotations.Process;
 import cz.incad.kramerius.processes.logging.LoggingLoader;
 import cz.incad.kramerius.processes.utils.ProcessUtils;
-import cz.incad.kramerius.security.impl.http.IsActionAllowedFromRequest;
+import cz.incad.kramerius.utils.IPAddressUtils;
 
 /**
  * Process starting point 
@@ -81,7 +81,7 @@ public static void main(String[] args)  {
         try {
 
             String mainClass = System.getProperty(MAIN_CLASS_KEY);
-            String forwardIP = System.getProperty(IsActionAllowedFromRequest.X_IP_FORWARD);
+            //String forwardIP = System.getProperty(IPAddressUtils.X_IP_FORWARD);
 
             outStream = createPrintStream(System.getProperty(SOUT_FILE));
             errStream = createPrintStream(System.getProperty(SERR_FILE));
@@ -233,7 +233,7 @@ public static byte[] httpGet(String restURL) throws MalformedURLException, IOExc
             URLConnection connection = url.openConnection();
             // authentication token -> identify user
             connection.addRequestProperty("auth-token",System.getProperty(AUTH_TOKEN_KEY));
-
+            connection.addRequestProperty(IPAddressUtils.X_IP_FORWARD, System.getProperty(IPAddressUtils.X_IP_FORWARD));
             InputStream inputStream = connection.getInputStream();
             byte[] buffer = new byte[1 << 12];
             int read = -1;

diff --git a/common/src/main/java/cz/incad/kramerius/security/impl/http/IsActionAllowedFromRequest.java b/common/src/main/java/cz/incad/kramerius/security/impl/http/IsActionAllowedFromRequest.java
@@ -19,15 +19,11 @@
 import java.net.InetAddress;
 import java.net.UnknownHostException;
 import java.security.Principal;
-import java.util.Arrays;
-import java.util.List;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
 import javax.servlet.http.HttpServletRequest;
 
-import org.apache.commons.configuration.Configuration;
-
 import com.google.inject.Inject;
 import com.google.inject.Provider;
 
@@ -42,26 +38,14 @@
 import cz.incad.kramerius.security.User;
 import cz.incad.kramerius.security.UserManager;
 import cz.incad.kramerius.security.impl.UserImpl;
+import cz.incad.kramerius.utils.IPAddressUtils;
 import cz.incad.kramerius.utils.NetworkUtils;
-import cz.incad.kramerius.utils.StringUtils;
 import cz.incad.kramerius.utils.conf.KConfiguration;
 
 public class IsActionAllowedFromRequest implements IsActionAllowed {
 
     public static final Logger LOGGER = Logger.getLogger(IsActionAllowedFromRequest.class.getName());
 
-    public static final String X_IP_FORWARD = "X_IP_FORWARD";
-    static String[] LOCALHOSTS = {"127.0.0.1","localhost","0:0:0:0:0:0:0:1","::1"};
-    static {
-        try {
-            LOCALHOSTS = NetworkUtils.getLocalhostsAddress();
-        } catch (Exception e) {
-            LOGGER.log(Level.SEVERE, e.getMessage(), e);
-            LOCALHOSTS = new String[] {"127.0.0.1","localhost","0:0:0:0:0:0:0:1","::1"};
-        }
-    }
-
-
     private Logger logger;
     private Provider<HttpServletRequest> provider;
 
@@ -105,7 +89,7 @@ public boolean isActionAllowed(User user, String actionName, String pid,String s
     public boolean[] isActionAllowedForAllPath(String actionName, String pid, String stream, ObjectPidsPath path) {
         try {
             User user = this.currentLoggedUser.get();
-            RightCriteriumContext ctx = this.ctxFactory.create(pid,stream, user, getRemoteHost(), getRemoteAddress(KConfiguration.getInstance().getConfiguration()));
+            RightCriteriumContext ctx = this.ctxFactory.create(pid,stream, user, getRemoteHost(), IPAddressUtils.getRemoteAddress(this.provider.get(), KConfiguration.getInstance().getConfiguration()));
             EvaluatingResult[] evalResults = this.rightsManager.resolveAllPath(ctx, pid, path, actionName, user);
             boolean[] results = new boolean[evalResults.length];
             for (int i = 0; i < results.length; i++) {
@@ -118,35 +102,13 @@ public boolean[] isActionAllowedForAllPath(String actionName, String pid, String
         }
     }
 
-    String getRemoteAddress(Configuration conf) {
-        HttpServletRequest httpReq = this.provider.get();
-        String headerFowraded = httpReq.getHeader(X_IP_FORWARD);
-        if (StringUtils.isAnyString(headerFowraded) && matchConfigurationAddress(httpReq, conf)) {
-            return headerFowraded;
-        } else {
-            return httpReq.getRemoteAddr();
-        }
-    }
-
-
-    boolean matchConfigurationAddress(HttpServletRequest httpReq, Configuration conf) {
-        String remoteAddr = httpReq.getRemoteAddr();
-        List<String> forwaredEnabled = conf.getList("x_ip_forwared_enabled_for",Arrays.asList(LOCALHOSTS));
-        if (!forwaredEnabled.isEmpty()) {
-            for (String pattern : forwaredEnabled) {
-                if (remoteAddr.matches(pattern)) return true;
-            }
-        }
-        return false;
-    }
-
     private String getRemoteHost() {
         HttpServletRequest httpReq = this.provider.get();
         return httpReq.getRemoteHost();
     }
 
     public boolean isAllowedInternalForFedoraDocuments(String actionName, String pid, String stream, ObjectPidsPath path, User user) throws RightCriteriumException {
-        RightCriteriumContext ctx = this.ctxFactory.create(pid, stream, user, getRemoteHost(), getRemoteAddress(KConfiguration.getInstance().getConfiguration()));
+        RightCriteriumContext ctx = this.ctxFactory.create(pid, stream, user, getRemoteHost(), IPAddressUtils.getRemoteAddress(this.provider.get(),KConfiguration.getInstance().getConfiguration()));
         EvaluatingResult result = this.rightsManager.resolve(ctx, pid, path, actionName, user);
         return result != null ? resultOfResult(result) : false;
     }

diff --git a/common/src/main/java/cz/incad/kramerius/service/impl/IndexerProcessStarter.java b/common/src/main/java/cz/incad/kramerius/service/impl/IndexerProcessStarter.java
@@ -4,6 +4,7 @@
 import cz.incad.kramerius.processes.impl.ProcessStarter;
 import cz.incad.kramerius.processes.utils.ProcessUtils;
 import cz.incad.kramerius.utils.BasicAuthenticationFilter;
+import cz.incad.kramerius.utils.IPAddressUtils;
 import cz.incad.kramerius.utils.conf.KConfiguration;
 
 import java.io.UnsupportedEncodingException;
@@ -57,6 +58,10 @@ public ClientResponse handle(ClientRequest clientRequest) throws ClientHandlerEx
                 String pwd = System.getProperties().getProperty(PSWD_TOKEN);
                 BasicAuthenticationFilter.encodeUserAndPass(clientRequest, uname, pwd);
             }
+            if (System.getProperties().containsKey(IPAddressUtils.X_IP_FORWARD)) {
+                clientRequest.getHeaders().add(IPAddressUtils.X_IP_FORWARD, System.getProperty(IPAddressUtils.X_IP_FORWARD));
+            }
+
             return getNext().handle(clientRequest);
         }
     }

diff --git a/common/src/main/java/cz/incad/kramerius/utils/DatabaseUtils.java b/common/src/main/java/cz/incad/kramerius/utils/DatabaseUtils.java
@@ -46,8 +46,6 @@ public static boolean columnExists(Connection con, String tableName, String colu
         }
     }
 
-
-
     public static void tryClose(Connection c) {
         try {
             c.close();
-Original file line number
+Diff line change
@@ Expand Up @@
             }
         }
         public static void tryClose(Connection c) {
             try {
                 c.close();
@@ Expand Down @@