Ticket #379: 379.patch

components/dsl/resources/ome/dsl/data.vm

@@ -1 +1 @@
 begin;
 set constraints all deferred;
 
-insert into experimenter (id,version,omename,firstname,lastname)
-        values (0,0,'root','root','root');
-insert into event (id,time,status,experimenter) values (0,now(),'BOOTSTRAP',0);
+insert into experimenter (id,permissions,version,omename,firstname,lastname)
+        values (0,0,0,'root','root','root');
+insert into event (id,permissions,time,status,experimenter) values (0,0,now(),'BOOTSTRAP',0);
 insert into experimentergroup (id,permissions,version,owner_id,group_id,creation_id,update_id,name)
         values (0,-35,0,0,0,0,0,'system');
 insert into experimentergroup (id,permissions,version,owner_id,group_id,creation_id,update_id,name)

components/dsl/resources/ome/dsl/mapping.vm

@@ -10 +10 @@
 <!DOCTYPE hibernate-mapping PUBLIC
     "-//Hibernate/Hibernate Mapping DTD 3.0//EN"
     "http://hibernate.sourceforge.net/hibernate-mapping-3.0.dtd" >
-    
+
 <hibernate-mapping>
 #if($type.superclass)<joined-subclass
 #else<class
 #end
-    name="${type.id}" 
+    name="${type.id}"
     table="${type.table}"
     abstract="$type.abstract"
     select-before-update="true"
@@ -32 +32 @@
           public final static String OWNER_FILTER = "${ofilter}";
           public final static String GROUP_FILTER = "${gfilter}";
           public final static String EVENT_FILTER = "${efilter}";
-          public final static String PERMS_FILTER = "${pfilter}";  
+          public final static String PERMS_FILTER = "${pfilter}";
 #foreach( $prop in $type.properties)
 #if($prop.one2Many)
 #set( $UC_NAME = "${prop.name.toUpperCase()}")
@@ -44 +44 @@
 #end
         </meta>
 #end
-        <meta attribute="class-code"> 
+        <meta attribute="class-code">
 /* These values are defined in dsl/resources/ome/dsl/mapping.vm:
  * -------------------------------------------------------------
  * Explanation of serialVersionUID ex 0000000 03 00 00 01 03 01 L;
@@ -55 +55 @@
  * 14-15 : release type   (M)
  * 16-17 : release number (2)
  * 18-19 : increment per delta // any changes to the dsl or mapping files
- */ 
-          private static final long serialVersionUID = 0000000030000010301L;                     
+ */
+          private static final long serialVersionUID = 0000000030000010301L;
         </meta>
 ##
 ## INTERFACES:
@@ -72 +72 @@
 #set( $name_idx = ${type.id.lastIndexOf(".")} )
 #set( $name_idx = ${name_idx} + 1 )
 #set( $name_max = ${type.id.length()} )
-#set( $name_end = ${type.id.substring($name_idx,$name_max)} ) 
+#set( $name_end = ${type.id.substring($name_idx,$name_max)} )
         public $name_end (String value) {
           setValue(value);
         }
@@ -85 +85 @@
 #foreach( $prop in $type.properties)
 #if($prop.class.name == "ome.dsl.LinkParent")
         <meta attribute="link-parent">$prop.type</meta>
-#elseif($prop.class.name == "ome.dsl.LinkChild") 
-        <meta attribute="link-child">$prop.type</meta>  
+#elseif($prop.class.name == "ome.dsl.LinkChild")
+        <meta attribute="link-child">$prop.type</meta>
 #end
 #end
 #end
@@ -95 +95 @@
          COMMON
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
 #####################################################################INHERITANCE
-#if(!$type.superclass) 
+#if(!$type.superclass)
         <id name="id" type="java.lang.Long" column="id">
-            <meta attribute="setter-scope">protected</meta>        
+            <meta attribute="setter-scope">protected</meta>
             <meta attribute="field-description">
               The DB unique identifier for this object. You are not responsible for
-              setting the id; however, it can be useful for creating "unloaded" 
-              versions of your objects.            
+              setting the id; however, it can be useful for creating "unloaded"
+              versions of your objects.
             </meta>
             <generator class="sequence">
                 <param name="sequence">seq_${type.table}</param>
@@ -110 +110 @@
 
 #*
 #if(!$type.immutable)
-        <version name="version" type="java.lang.Integer" 
+        <version name="version" type="java.lang.Integer"
                 column="version" unsaved-value="negative">
             <meta attribute="setter-scope">protected</meta>
             <meta attribute="field-description">
               This version number is controlled by the database for optimisitic
               locking.
             </meta>
-        </version>           
+        </version>
 #end
 *#
 
         <component name="details" class="ome.model.internal.Details">
             <meta attribute="field-description">
-              The details of this object correspond to low-level system 
-              information. Owner, permissions, 
-            </meta>        
+              The details of this object correspond to low-level system
+              information. Owner, permissions,
+            </meta>
             <meta attribute="default-value">new Details()</meta>
-#if(!$type.global)      
-            <many-to-one name="owner" class="ome.model.meta.Experimenter" 
+#if(!$type.global)
+            <many-to-one name="owner" class="ome.model.meta.Experimenter"
                 column="owner_id" not-null="true" cascade="$cascade_settings"/>
-            <many-to-one name="group" class="ome.model.meta.ExperimenterGroup" 
+            <many-to-one name="group" class="ome.model.meta.ExperimenterGroup"
                 column="group_id" not-null="true" cascade="$cascade_settings"/>
             <!-- creationEvent is not updateable -->
-            <many-to-one name="creationEvent" class="ome.model.meta.Event" 
+            <many-to-one name="creationEvent" class="ome.model.meta.Event"
                 column="creation_id" update="false"
-                not-null="true" cascade="$cascade_settings"/>           
+                not-null="true" cascade="$cascade_settings"/>
 #if(!$type.immutable)
-            <many-to-one name="updateEvent" class="ome.model.meta.Event" 
+            <many-to-one name="updateEvent" class="ome.model.meta.Event"
                 column="update_id" update="true"
-                not-null="true" cascade="$cascade_settings"/>                   
+                not-null="true" cascade="$cascade_settings"/>
 #end
+#end
             <component name="permissions" class="ome.model.internal.Permissions">
                 <!-- meta is ignored. We control Details -->
                                 <meta attribute="default-value">new Permissions(Permissions.DEFAULT)</meta>
-                <property name="perm1" not-null="true" 
-                    type="long" column="permissions"/> 
+                <property name="perm1" not-null="true"
+                    type="long" column="permissions"/>
                 <!-- TODO possibly just default CHMOD here -->
             </component>
-#end
                         <!-- Even global objects can have external info -->
             <many-to-one name="externalInfo" class="ome.model.meta.ExternalInfo"
                 column="external_id" not-null="false" unique="true"
                 cascade="$cascade_settings,delete"/>
         </component>
-        
+
 #else ###############################################################INHERITANCE
 #set($superId = ${type.typeToColumn($type.superclass)} )
         <key column="${superId}_id"/>
-#end 
+#end
 #####################################################################INHERITANCE
 <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
          INTERFACE-BASED
@@ -173 +173 @@
 #end
 
 #if($type.named)
-        <property name="name" type="java.lang.String" 
+        <property name="name" type="java.lang.String"
                 column="name" not-null="true" length="256"/>
 #end
 
 #if($type.described)
-        <property name="description" type="text" 
+        <property name="description" type="text"
                 column="description" length="256"/>
 #end
-        
+
 <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
          SPECIFIC
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
@@ -191 +191 @@
 #if($prop.class.name == "ome.dsl.EntryField") #############################TYPE
 ## This is handled by ome/dsl/data.vm
 ###########################################################################TYPE
-#elseif($prop.one2Many && $prop.tag) 
+#elseif($prop.one2Many && $prop.tag)
 
     <one-to-one
         name="${prop.name}"
@@ -201 +201 @@
         lazy="false"
       >
       <meta attribute="scope-set">protected</meta>
-      <formula>'true'</formula> 
+      <formula>'true'</formula>
       <formula>id</formula>
     </one-to-one>
 
@@ -234 +234 @@
         inverse="true"
 #if($prop.class.name == "ome.dsl.ChildLink" )
         cascade="all-delete-orphan">
-        <meta attribute="link-add-method">${prop.target}</meta>        
-        <meta attribute="link-add-order">this,addition</meta>                                
+        <meta attribute="link-add-method">${prop.target}</meta>
+        <meta attribute="link-add-order">this,addition</meta>
         <meta attribute="link-add-next">parent</meta>
-        <meta attribute="link-add-other">child</meta>        
-#elseif($prop.class.name == "ome.dsl.ParentLink")         
+        <meta attribute="link-add-other">child</meta>
+#elseif($prop.class.name == "ome.dsl.ParentLink")
         cascade="all-delete-orphan">
-        <meta attribute="link-add-method">${prop.target}</meta>        
+        <meta attribute="link-add-method">${prop.target}</meta>
         <meta attribute="link-add-order">addition,this</meta>
-        <meta attribute="link-add-next">child</meta>                  
-        <meta attribute="link-add-other">parent</meta>                      
+        <meta attribute="link-add-next">child</meta>
+        <meta attribute="link-add-other">parent</meta>
 #else
         cascade="$cascade_settings">
-        <meta attribute="set-add-method">${prop.inverse}</meta>        
+        <meta attribute="set-add-method">${prop.inverse}</meta>
 #end
         <key column="${prop.foreignKey}" not-null="${prop.required}"/>
         <one-to-many class="${prop.type}"/>
@@ -258 +258 @@
         <filter name="${pfilter}_${UC_NAME}" condition=":permsStr = permissions"/>
 #end
     </set>
-    
+
 #end ## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ORDERED
 #elseif($prop.foreignKey) ## REGULAR M-1 ##################################TYPE
 
@@ -266 +266 @@
 #if($prop.tag)
     <properties name="${prop.tag}Tag">
     <property name="${prop.tag}" type="java.lang.Boolean"/>
-#end    
+#end
     <many-to-one
         name="${prop.name}"
         class="${prop.type}"
@@ -275 +275 @@
         unique="${prop.unique}"
         cascade="$cascade_settings"
         insert="${prop.insert}"
-        update="${prop.update}"        
+        update="${prop.update}"
      >
 
-#if($prop.class.name == "ome.dsl.LinkParent" || $prop.class.name == "ome.dsl.LinkChild") 
+#if($prop.class.name == "ome.dsl.LinkParent" || $prop.class.name == "ome.dsl.LinkChild")
            <meta attribute="property-type">IObject</meta>
 #elseif($prop.inverse && $prop.tag)
            <meta attribute="WORKAROUND">${prop.inverse}</meta>
@@ -292 +292 @@
 
 #else ## REGULAR PROPERTY #################################################TYPE
 
-    <property name="${prop.name}" type="${prop.type}" 
-        not-null="${prop.required}" unique="${prop.unique}" 
+    <property name="${prop.name}" type="${prop.type}"
+        not-null="${prop.required}" unique="${prop.unique}"
         update="${prop.update}"
      />
 
@@ -316 +316 @@
   <filter-def name="${ofilter}">
     <filter-param type="java.lang.Long" name="ownerId"/>
   </filter-def>
-  
+
   <filter-def name="${gfilter}">
     <filter-param type="java.lang.Long" name="groupId"/>
   </filter-def>
-  
+
   <filter-def name="${efilter}">
-        <filter-param type="java.lang.Long" name="eventId"/>  
+        <filter-param type="java.lang.Long" name="eventId"/>
   </filter-def>
-  
+
   <filter-def name="${pfilter}">
     <filter-param type="java.lang.String" name="permsStr"/>
   </filter-def>
-  
+
 #foreach( $prop in $type.properties )
 #if($prop.one2Many)
 #set( $UC_NAME = "${prop.name.toUpperCase()}")
   <filter-def name="${ofilter}_${UC_NAME}">
     <filter-param type="java.lang.Long" name="ownerId"/>
   </filter-def>
-  
+
   <filter-def name="${gfilter}_${UC_NAME}">
     <filter-param type="java.lang.Long" name="groupId"/>
   </filter-def>
-  
+
   <filter-def name="${efilter}_${UC_NAME}">
-        <filter-param type="java.lang.Long" name="eventId"/>  
+        <filter-param type="java.lang.Long" name="eventId"/>
   </filter-def>
-  
+
   <filter-def name="${pfilter}_${UC_NAME}">
     <filter-param type="java.lang.String" name="permsStr"/>
   </filter-def>

components/server/src/ome/services/util/OmeroAroundInvoke.java

@@ -58 +58 @@
     private transient BeanHelper beanHelper = new BeanHelper(this.getClass());
     
     /** Interceptors that are determinined at compile time by server/build.xml
-     *  The REPLACE token will be replaced with a (possibly) empty comma-
+     *  The string "ome.security.basic.BasicSecurityWiring" may be replaced by a
      *  comma separated list of strings representing the class names of 
      *  HardWiredInterceptor subclasses which are prepended to the list of
      *  interceptors for each call. Note: these interceptors will NOT be applied
      *  to server internal calls.
      */
     private final static List<HardWiredInterceptor> CPTORS = HardWiredInterceptor
-            .parse(new String[] { /* @REPLACE@ */});
+            .parse(new String[] { "ome.security.basic.BasicSecurityWiring"});
 
     private transient Log logger = LogFactory.getLog(this.getClass());
 
@@ -114 +114 @@
     protected final Object loginAndSpringWrap(InvocationContext context)
             throws Exception {
         try {
-            login();
             return call(context);
         } catch (Throwable t) {
             throw beanHelper.translateException(t);
-        } finally {
-            logout();
         }
 
     }
 
-    private void login() {
-        Principal p;
-        if (sessionContext.getCallerPrincipal() instanceof Principal) {
-            p = (Principal) sessionContext.getCallerPrincipal();
-            securitySystem.login(p);
-            if (logger.isDebugEnabled()) {
-                logger.debug("Running with user: " + p.getName());
-            }
-        } else {
-            throw new ApiUsageException(
-                    "ome.system.Principal instance must be provided on login.");
-        }
-
-    }
-
-    private void logout() {
-        securitySystem.logout();
-    }
-
     private Object call(InvocationContext context) throws Throwable {
 
         Object bean = context.getBean();

components/server/src/ome/security/JBossLoginModule.java

@@ -8 +8 @@
 package ome.security;
 
 // Java imports
+import java.security.Principal;
+
 import javax.security.auth.login.LoginException;
 
 // Third-party libraries
@@ -18 +20 @@
 /**
  * configured in jboss-login.xml to add logic to the JBoss authentication
  * procedure.
- * 
+ *
  * Specifically, we override {@link #validatePassword(String, String)} here in
  * order to interpret empty string passwords as "open", i.e. any password will
  * be accepted. This eases entry into the system in that passwords can be
  * initially ignored.
- * 
+ *
  * @author Josh Moore &nbsp;&nbsp;&nbsp;&nbsp; <a
  *         href="mailto:josh.moore@gmx.de">josh.moore@gmx.de</a>
  * @version 1.0 <small> (<b>Internal version:</b> $Rev$ $Date$) </small>
@@ -56 +58 @@
                 : expectedPassword.trim());
     }
 
+    @Override
+    public boolean login() throws LoginException {
+        // TODO Auto-generated method stub
+        boolean b = super.login();
+        if (!b) {
+            Object username = sharedState.get("javax.security.auth.login.name");
+            Object password = sharedState.get("javax.security.auth.login.password");
+            System.err.println("Login failed:"+username+"//"+password);
+        }
+        return b;
+    }
+
 }

components/server/src/ome/security/basic/CurrentDetails.java

@@ -39 +39 @@
  * user must be set (the creation of a new user is only allowed if the current
  * user is set to root; root always exists. QED.) The event must also be set.
  * Umask is optional.
- * 
+ *
  * This information is stored in a Details object, but unlike Details which
  * assumes that an empty value signifies increased security levels, empty values
  * here signifiy reduced security levels. E.g.,
- * 
+ *
  * Details: user == null ==> object belongs to root CurrentDetails: user == null
  * ==> current user is "nobody" (anonymous)
- * 
+ *
  */
 class CurrentDetails {
     private static Log log = LogFactory.getLog(CurrentDetails.class);
@@ -106 +106 @@
         l.setEntityType(klass.getName()); // TODO could be id to Type entity
         l.setEntityId(id);
         l.setEvent(getCreationEvent());
+        Details d = new Details();
+        d.setPermissions(new Permissions());
+        l.setDetails(d);
         list.add(l);
     }
 

components/server/src/ome/security/basic/BasicSecurityWiring.java

@@ -1 +1 @@
 /*
  *   $Id$
  *
- *   Copyright 2006 University of Dundee. All rights reserved.
+ *   Copyright 2007 Glencoe Software, Inc. All rights reserved.
  *   Use is subject to license terms supplied in LICENSE.txt
  */
 
-package ome.services.icy.fire;
+package ome.security.basic;
 
 import ome.conditions.ApiUsageException;
 import ome.logic.HardWiredInterceptor;
@@ -60 +60 @@
         securitySystem.logout();
     }
 
-}
- No newline at end of file
+}