Permalink
Browse files

save+namename issue: post task authorization wasn't activated in main…

….xml and needed checkNewAltTargetURI cumuloimpl
  • Loading branch information...
1 parent 9fa5b29 commit e26d16292281b1c01309572a6935fc3192743907 @timf timf committed Jul 12, 2010
@@ -302,7 +302,8 @@
<!-- these modules can be null (InstanceResourceImpl) -->
<property name="accountingEventAdapter"
ref="nimbus-rm.accounting" />
- <property name="authzCallout"><null/></property>
+ <property name="authzCallout"
+ ref="nimbus-rm.service.binding.AuthorizationCallout" />
</bean>
<bean id="nimbus-rm.home.instance"
@@ -7,6 +7,7 @@
import org.globus.workspace.groupauthz.DecisionLogic;
import org.globus.workspace.groupauthz.GroupRights;
import org.globus.workspace.persistence.WorkspaceDatabaseException;
+import org.globus.workspace.service.binding.authorization.Decision;
import org.globus.workspace.service.binding.vm.VirtualMachinePartition;
import org.nimbustools.api.services.rm.AuthorizationException;
import org.nimbustools.api.services.rm.ResourceRequestDeniedException;
@@ -16,6 +17,7 @@
import javax.sql.DataSource;
import java.io.File;
+import java.net.URI;
/**
* Created by John Bresnahan
@@ -104,7 +106,7 @@ protected String translateCumulus(
}
catch(AuthzDBException wsdbex)
{
- logger.error("iternal db problem", wsdbex);
+ logger.error("internal db problem", wsdbex);
throw new AuthorizationException("Internal problem with the data base " + wsdbex.toString());
}
}
@@ -210,8 +212,13 @@ protected void checkImages(
}
}
- logger.debug("Image " + incomingImageName + " requested");
- logger.debug("Unprop image " + unPropImageName + " requested");
+ if (different_target) {
+ logger.debug("Image '" + incomingImageName + "' requested, unpropagation " +
+ "image is different: '" + unPropImageName + "'");
+ } else {
+ logger.debug("Image '" + incomingImageName + "' requested (unprop is same)");
+ }
+
try
{
// see if we are allowed to read the image
@@ -381,6 +388,11 @@ public void unpropagationFinished(
{
schemeType = AuthzDBAdapter.OBJECT_TYPE_S3;
int [] fileIds = this.cumulusGetFileID(hostport, objectName);
+ if (fileIds[1] < 0) {
+ throw new WorkspaceException("Unpropagation target was not prepared " +
+ "correctly in the database, cannot unpropagate.");
+ }
+
String datakey = authDB.getDataKey(fileIds[1]);
// need to calculate the md5sum and set the size
@@ -418,4 +430,32 @@ public void unpropagationFinished(
throw new WorkspaceException("Workspace database exception occured ", wsdbex);
}
}
+
+ public Integer checkNewAltTargetURI(
+ GroupRights rights,
+ URI altTargetURI,
+ String dn)
+ throws AuthorizationException
+ {
+
+ final String unPropImageName = altTargetURI.toASCIIString();
+ try
+ {
+ // if unpropagting, see if we are allowed to write to the unprop name
+ checkUrl(unPropImageName, dn, true, 0);
+ }
+ catch (WorkspaceDatabaseException e)
+ {
+ final String msg = "ERROR: Partition in " +
+ "binding is not a valid URI? Can't make decision. " +
+ " Error message: " + e.getMessage();
+ logger.error(msg, e);
+ throw new AuthorizationException(msg);
+ } catch (ResourceRequestDeniedException e) {
+ logger.error(e.getMessage());
+ return Decision.DENY;
+ }
+
+ return Decision.PERMIT;
+ }
}
@@ -293,7 +293,8 @@
<!-- these modules can be null (InstanceResourceImpl) -->
<property name="accountingEventAdapter"
ref="nimbus-rm.accounting" />
- <property name="authzCallout"><null/></property>
+ <property name="authzCallout"
+ ref="nimbus-rm.service.binding.AuthorizationCallout" />
</bean>
<bean id="nimbus-rm.home.instance"

0 comments on commit e26d162

Please sign in to comment.