save+namename issue: post task authorization wasn't activated in main…

….xml and needed checkNewAltTargetURI cumuloimpl
nimbusproject · Jul 12, 2010 · e26d162 · e26d162
1 parent 9fa5b29
commit e26d162
Show file tree

Hide file tree

Showing 3 changed files with 47 additions and 5 deletions.
diff --git a/service/service/java/source/etc/workspace-service/other/main.xml b/service/service/java/source/etc/workspace-service/other/main.xml
@@ -302,7 +302,8 @@
         <!-- these modules can be null (InstanceResourceImpl) -->
         <property name="accountingEventAdapter"
                   ref="nimbus-rm.accounting" />
-        <property name="authzCallout"><null/></property>
+        <property name="authzCallout"
+                  ref="nimbus-rm.service.binding.AuthorizationCallout" />
     </bean>
 
     <bean id="nimbus-rm.home.instance"

diff --git a/service/service/java/source/src/org/globus/workspace/sqlauthz/AuthzDecisionLogic.java b/service/service/java/source/src/org/globus/workspace/sqlauthz/AuthzDecisionLogic.java
@@ -7,6 +7,7 @@
 import org.globus.workspace.groupauthz.DecisionLogic;
 import org.globus.workspace.groupauthz.GroupRights;
 import org.globus.workspace.persistence.WorkspaceDatabaseException;
+import org.globus.workspace.service.binding.authorization.Decision;
 import org.globus.workspace.service.binding.vm.VirtualMachinePartition;
 import org.nimbustools.api.services.rm.AuthorizationException;
 import org.nimbustools.api.services.rm.ResourceRequestDeniedException;
@@ -16,6 +17,7 @@
 
 import javax.sql.DataSource;
 import java.io.File;
+import java.net.URI;
 
 /**
  * Created by John Bresnahan
@@ -104,7 +106,7 @@ protected String translateCumulus(
         }
         catch(AuthzDBException wsdbex)
         {
-            logger.error("iternal db problem", wsdbex);
+            logger.error("internal db problem", wsdbex);
             throw new AuthorizationException("Internal problem with the data base " + wsdbex.toString()); 
         }
     }
@@ -210,8 +212,13 @@ protected void checkImages(
                 }
             }            
 
-            logger.debug("Image " + incomingImageName + " requested");
-            logger.debug("Unprop image " + unPropImageName + " requested");
+            if (different_target) {
+                logger.debug("Image '" + incomingImageName + "' requested, unpropagation " +
+                        "image is different: '" + unPropImageName + "'");
+            } else {
+                logger.debug("Image '" + incomingImageName + "' requested (unprop is same)");
+            }
+
             try
             {
                 // see if we are allowed to read the image
@@ -381,6 +388,11 @@ public void unpropagationFinished(
             {
                 schemeType = AuthzDBAdapter.OBJECT_TYPE_S3;
                 int [] fileIds = this.cumulusGetFileID(hostport, objectName);
+                if (fileIds[1] < 0) {
+                    throw new WorkspaceException("Unpropagation target was not prepared " +
+                            "correctly in the database, cannot unpropagate.");
+                }
+
                 String datakey = authDB.getDataKey(fileIds[1]);
 
                 // need to calculate the md5sum and set the size
@@ -418,4 +430,32 @@ public void unpropagationFinished(
             throw new WorkspaceException("Workspace database exception occured ", wsdbex);
         }
     }
+
+    public Integer checkNewAltTargetURI(
+        GroupRights rights,
+        URI altTargetURI,
+        String dn)
+            throws AuthorizationException
+    {
+
+        final String unPropImageName = altTargetURI.toASCIIString();
+        try
+        {
+            // if unpropagting, see if we are allowed to write to the unprop name
+            checkUrl(unPropImageName, dn, true, 0);
+        }
+        catch (WorkspaceDatabaseException e)
+        {
+            final String msg = "ERROR: Partition in " +
+                "binding is not a valid URI? Can't make decision. " +
+                    " Error message: " + e.getMessage();
+            logger.error(msg, e);
+            throw new AuthorizationException(msg);
+        } catch (ResourceRequestDeniedException e) {
+            logger.error(e.getMessage());
+            return Decision.DENY;
+        }
+
+        return Decision.PERMIT;
+    }
 }
diff --git a/...service/java/tests/suites/basic/home/services/etc/nimbus/workspace-service/other/main.xml b/...service/java/tests/suites/basic/home/services/etc/nimbus/workspace-service/other/main.xml
@@ -293,7 +293,8 @@
         <!-- these modules can be null (InstanceResourceImpl) -->
         <property name="accountingEventAdapter"
                   ref="nimbus-rm.accounting" />
-        <property name="authzCallout"><null/></property>
+        <property name="authzCallout"
+                  ref="nimbus-rm.service.binding.AuthorizationCallout" />
     </bean>
 
     <bean id="nimbus-rm.home.instance"