AuthValidator.php
Go to the documentation of this file.
00001 <?php 00002 00005 00026 class AuthValidator extends WebService 00027 { 00029 private $db; 00030 00032 private $conneg; 00033 00035 private $dtdURL; 00036 00038 private $errorMessages = ""; 00039 00041 private $requester_ip = ""; 00042 00044 private $requested_datasets = ""; 00045 00047 private $requested_ws_uri = ""; 00048 00050 private $valid = "False"; 00051 00053 public static $supportedSerializations = 00054 array ("application/json", "application/rdf+xml", "application/rdf+n3", "application/*", "text/xml", "text/*", 00055 "*/*"); 00056 00058 private $errorMessenger = 00059 '{ 00060 "ws": "/ws/auth/validator/", 00061 "_200": { 00062 "id": "WS-AUTH-VALIDATOR-200", 00063 "level": "Warning", 00064 "name": "No requester IP available", 00065 "description": "No requester IP address defined for this query" 00066 }, 00067 "_201": { 00068 "id": "WS-AUTH-VALIDATOR-201", 00069 "level": "Warning", 00070 "name": "No target dataset", 00071 "description": "No target dataset defined for this query" 00072 }, 00073 "_202": { 00074 "id": "WS-AUTH-VALIDATOR-202", 00075 "level": "Warning", 00076 "name": "No web service URI available", 00077 "description": "NO target web service URI defined for this query" 00078 }, 00079 "_300": { 00080 "id": "WS-AUTH-VALIDATOR-300", 00081 "level": "Fatal", 00082 "name": "Can\'t get the CRUD permissions of the target web service", 00083 "description": "An error occured when wetried to get the CRUD permissions of the target web service" 00084 }, 00085 "_301": { 00086 "id": "WS-AUTH-VALIDATOR-301", 00087 "level": "Warning", 00088 "name": "Target web service not registered", 00089 "description": "Target web service not registered to this Web Services Framework" 00090 }, 00091 "_302": { 00092 "id": "WS-AUTH-VALIDATOR-302", 00093 "level": "Fatal", 00094 "name": "Can\'t get the list of datasets accessible to this user", 00095 "description": "An error occured when we tried to get the list of datasets accessible to this user" 00096 }, 00097 "_303": { 00098 "id": "WS-AUTH-VALIDATOR-303", 00099 "level": "Warning", 00100 "name": "No access defined", 00101 "description": "No access defined for this requester IP , dataset and web service" 00102 }, 00103 "_304": { 00104 "id": "WS-AUTH-VALIDATOR-304", 00105 "level": "Warning", 00106 "name": "No create permissions", 00107 "description": "The target web service needs create access and the requested user doesn\'t have this access for that dataset." 00108 }, 00109 "_305": { 00110 "id": "WS-AUTH-VALIDATOR-305", 00111 "level": "Warning", 00112 "name": "No update permissions", 00113 "description": "The target web service needs update access and the requested user doesn\'t have this access for that dataset." 00114 }, 00115 "_306": { 00116 "id": "WS-AUTH-VALIDATOR-306", 00117 "level": "Warning", 00118 "name": "No read permissions", 00119 "description": "The target web service needs read access and the requested user doesn\'t have this access for that dataset." 00120 }, 00121 "_307": { 00122 "id": "WS-AUTH-VALIDATOR-307", 00123 "level": "Warning", 00124 "name": "No delete permissions", 00125 "description": "The target web service needs delete access and the requested user doesn\'t have this access for that dataset." 00126 } 00127 }'; 00128 00129 00145 function __construct($requester_ip, $requested_datasets, $requested_ws_uri) 00146 { 00147 parent::__construct(); 00148 00149 $this->db = new DB_Virtuoso($this->db_username, $this->db_password, $this->db_dsn, $this->db_host); 00150 00151 $this->requester_ip = $requester_ip; 00152 $this->requested_datasets = $requested_datasets; 00153 $this->requested_ws_uri = $requested_ws_uri; 00154 00155 $this->uri = $this->wsf_base_url . "/wsf/ws/auth/validator/"; 00156 $this->title = "Authentication Validator Web Service"; 00157 $this->crud_usage = new CrudUsage(FALSE, TRUE, FALSE, FALSE); 00158 $this->endpoint = $this->wsf_base_url . "/ws/auth/validator/"; 00159 00160 $this->dtdURL = "auth/authValidator.dtd"; 00161 00162 $this->errorMessenger = json_decode($this->errorMessenger); 00163 } 00164 00165 function __destruct() 00166 { 00167 parent::__destruct(); 00168 00169 if(isset($this->db)) 00170 { 00171 @$this->db->close(); 00172 } 00173 } 00174 00187 protected function validateQuery() { return TRUE; } 00188 00199 public function pipeline_getError() { return ($this->conneg->error); } 00200 00211 public function pipeline_getResultset() { return ""; } 00212 00225 public function injectDoctype($xmlDoc) 00226 { 00227 $posHeader = strpos($xmlDoc, '"?>') + 3; 00228 $xmlDoc = substr($xmlDoc, 0, $posHeader) 00229 . "\n<!DOCTYPE resultset PUBLIC \"-//Structured Dynamics LLC//Auth Validator DTD 0.1//EN\" \"" 00230 . $this->dtdBaseURL . $this->dtdURL . "\">" . substr($xmlDoc, $posHeader, strlen($xmlDoc) - $posHeader); 00231 00232 return ($xmlDoc); 00233 } 00234 00253 public function ws_conneg($accept, $accept_charset, $accept_encoding, $accept_language) 00254 { 00255 $this->conneg = 00256 new Conneg($accept, $accept_charset, $accept_encoding, $accept_language, AuthValidator::$supportedSerializations); 00257 00258 // Check for errors 00259 if($this->requester_ip == "") 00260 { 00261 $this->conneg->setStatus(400); 00262 $this->conneg->setStatusMsg("Bad Request"); 00263 $this->conneg->setStatusMsgExt($this->errorMessenger->_200->name); 00264 $this->conneg->setStatusMsgExt($this->errorMessenger->_200->name); 00265 $this->conneg->setError($this->errorMessenger->_200->id, $this->errorMessenger->ws, 00266 $this->errorMessenger->_200->name, $this->errorMessenger->_200->description, "", 00267 $this->errorMessenger->_200->level); 00268 00269 return; 00270 } 00271 00272 if($this->requested_datasets == "") 00273 { 00274 $this->conneg->setStatus(400); 00275 $this->conneg->setStatusMsg("Bad Request"); 00276 $this->conneg->setStatusMsgExt($this->errorMessenger->_201->name); 00277 $this->conneg->setStatusMsgExt($this->errorMessenger->_->name); 00278 $this->conneg->setError($this->errorMessenger->_201->id, $this->errorMessenger->ws, 00279 $this->errorMessenger->_201->name, $this->errorMessenger->_201->description, "", 00280 $this->errorMessenger->_201->level); 00281 00282 return; 00283 } 00284 00285 if($this->requested_ws_uri == "") 00286 { 00287 $this->conneg->setStatus(400); 00288 $this->conneg->setStatusMsg("Bad Request"); 00289 $this->conneg->setStatusMsgExt($this->errorMessenger->_->name); 00290 $this->conneg->setStatusMsgExt($this->errorMessenger->_->name); 00291 $this->conneg->setError($this->errorMessenger->_202->id, $this->errorMessenger->ws, 00292 $this->errorMessenger->_202->name, $this->errorMessenger->_202->description, "", 00293 $this->errorMessenger->_202->level); 00294 00295 return; 00296 } 00297 } 00298 00317 public function pipeline_conneg($accept, $accept_charset, $accept_encoding, $accept_language) 00318 { $this->ws_conneg($accept, $accept_charset, $accept_encoding, $accept_language); } 00319 00330 public function pipeline_getResponseHeaderStatus() { return $this->conneg->getStatus(); } 00331 00342 public function pipeline_getResponseHeaderStatusMsg() { return $this->conneg->getStatusMsg(); } 00343 00356 public function pipeline_getResponseHeaderStatusMsgExt() { return $this->conneg->getStatusMsgExt(); } 00357 00368 public function pipeline_serialize() { return ""; } 00369 00378 public function pipeline_serialize_reification() { return ""; } 00379 00390 public function ws_serialize() { return ""; } 00391 00404 public function ws_respond($content) 00405 { 00406 // First send the header of the request 00407 $this->conneg->respond(); 00408 00409 // second, send the content of the request 00410 00411 // Make sure there is no error. 00412 if($this->conneg->getStatus() == 200) 00413 { 00414 echo $content; 00415 } 00416 00417 $this->__destruct(); 00418 } 00419 00420 00430 public function process() 00431 { 00432 // Make sure there was no conneg error prior to this process call 00433 if($this->conneg->getStatus() == 200) 00434 { 00435 // Get the CRUD usage of the target web service 00436 $resultset = 00437 $this->db->query($this->db->build_sparql_query("select ?_wsf ?_create ?_read ?_update ?_delete from <" 00438 . $this->wsf_graph . "> where {?_wsf a <http://purl.org/ontology/wsf#WebServiceFramework>." . 00439 " ?_wsf <http://purl.org/ontology/wsf#hasWebService> <$this->requested_ws_uri>. " . 00440 "<$this->requested_ws_uri> <http://purl.org/ontology/wsf#hasCrudUsage> ?crudUsage. " . 00441 "?crudUsage <http://purl.org/ontology/wsf#create> ?_create; <http://purl.org/ontology/wsf#read> " . 00442 "?_read; <http://purl.org/ontology/wsf#update> ?_update; <http://purl.org/ontology/wsf#delete> " . 00443 "?_delete. }", array ('_wsf', '_create', '_read', '_update', '_delete'), FALSE)); 00444 00445 if(odbc_error()) 00446 { 00447 $this->conneg->setStatus(500); 00448 $this->conneg->setStatusMsg("Internal Error"); 00449 $this->conneg->setStatusMsgExt($this->errorMessenger->_300->name); 00450 $this->conneg->setError($this->errorMessenger->_300->id, $this->errorMessenger->ws, 00451 $this->errorMessenger->_300->name, $this->errorMessenger->_300->description, odbc_errormsg(), 00452 $this->errorMessenger->_300->level); 00453 return; 00454 } 00455 elseif(odbc_fetch_row($resultset)) 00456 { 00457 $wsf = odbc_result($resultset, 1); 00458 $ws_create = odbc_result($resultset, 2); 00459 $ws_read = odbc_result($resultset, 3); 00460 $ws_update = odbc_result($resultset, 4); 00461 $ws_delete = odbc_result($resultset, 5); 00462 } 00463 00464 unset($resultset); 00465 00466 // Check if the web service is registered 00467 if($wsf == "") 00468 { 00469 $this->conneg->setStatus(500); 00470 $this->conneg->setStatusMsg("Internal Error"); 00471 $this->conneg->setStatusMsgExt($this->errorMessenger->_301->name); 00472 $this->conneg->setError($this->errorMessenger->_301->id, $this->errorMessenger->ws, 00473 $this->errorMessenger->_301->name, $this->errorMessenger->_301->description, 00474 "Target web service ($this->requested_ws_uri) not registered to this Web Services Framework", 00475 $this->errorMessenger->_301->level); 00476 return; 00477 } 00478 00479 // Check the list of datasets 00480 $datasets = explode(";", $this->requested_datasets); 00481 00482 foreach($datasets as $dataset) 00483 { 00484 // Decode potentially encoded ";" character. 00485 $dataset = str_ireplace("%3B", ";", $dataset); 00486 00487 $query = 00488 "select ?_access ?_create ?_read ?_update ?_delete 00489 from <" . $this->wsf_graph 00490 . "> 00491 where 00492 { 00493 { 00494 ?_access <http://purl.org/ontology/wsf#webServiceAccess> <$this->requested_ws_uri>; 00495 <http://purl.org/ontology/wsf#datasetAccess> <$dataset>; 00496 <http://purl.org/ontology/wsf#registeredIP> ?ip; 00497 <http://purl.org/ontology/wsf#create> ?_create; 00498 <http://purl.org/ontology/wsf#read> ?_read; 00499 <http://purl.org/ontology/wsf#update> ?_update; 00500 <http://purl.org/ontology/wsf#delete> ?_delete. 00501 filter(str(?ip) = \"$this->requester_ip\"). 00502 } 00503 UNION 00504 { 00505 ?_access <http://purl.org/ontology/wsf#webServiceAccess> <$this->requested_ws_uri>; 00506 <http://purl.org/ontology/wsf#datasetAccess> <$dataset>; 00507 <http://purl.org/ontology/wsf#registeredIP> ?ip; 00508 <http://purl.org/ontology/wsf#create> ?_create; 00509 <http://purl.org/ontology/wsf#read> ?_read; 00510 <http://purl.org/ontology/wsf#update> ?_update; 00511 <http://purl.org/ontology/wsf#delete> ?_delete. 00512 filter(str(?ip) = \"0.0.0.0\"). 00513 } 00514 }"; 00515 00516 $resultset = @$this->db->query($this->db->build_sparql_query(str_replace(array ("\n", "\r", "\t"), " ", $query), 00517 array ('_access', '_create', '_read', '_update', '_delete'), FALSE)); 00518 00519 $access = array(); 00520 $create = array(); 00521 $read = array(); 00522 $update = array(); 00523 $delete = array(); 00524 00525 if(odbc_error()) 00526 { 00527 $this->conneg->setStatus(500); 00528 $this->conneg->setStatusMsg("Internal Error"); 00529 $this->conneg->setStatusMsgExt($this->errorMessenger->_302->name); 00530 $this->conneg->setError($this->errorMessenger->_302->id, $this->errorMessenger->ws, 00531 $this->errorMessenger->_302->name, $this->errorMessenger->_302->description, odbc_errormsg(), 00532 $this->errorMessenger->_302->level); 00533 } 00534 00535 while(odbc_fetch_row($resultset)) 00536 { 00537 array_push($access, strtolower(odbc_result($resultset, 1))); 00538 array_push($create, strtolower(odbc_result($resultset, 2))); 00539 array_push($read, strtolower(odbc_result($resultset, 3))); 00540 array_push($update, strtolower(odbc_result($resultset, 4))); 00541 array_push($delete, strtolower(odbc_result($resultset, 5))); 00542 } 00543 00544 unset($resultset); 00545 00546 // Check if an access is defined for this IP, dataset and registered web service 00547 if(count($access) <= 0) 00548 { 00549 $this->conneg->setStatus(403); 00550 $this->conneg->setStatusMsg("Forbidden"); 00551 $this->conneg->setStatusMsgExt($this->errorMessenger->_303->name); 00552 $this->conneg->setError($this->errorMessenger->_303->id, $this->errorMessenger->ws, 00553 $this->errorMessenger->_303->name, $this->errorMessenger->_303->description, 00554 "No access defined for this requester IP ($this->requester_ip), dataset ($dataset) and web service ($this->requested_ws_uri)", 00555 $this->errorMessenger->_303->level); 00556 return; 00557 } 00558 00559 // Check if the user has permissions to perform one of the CRUD operation needed by the web service 00560 00561 if(strtolower($ws_create) == "true") 00562 { 00563 if(array_search("true", $create) === FALSE) 00564 { 00565 $this->conneg->setStatus(403); 00566 $this->conneg->setStatusMsg("Forbidden"); 00567 $this->conneg->setStatusMsgExt($this->errorMessenger->_304->name); 00568 $this->conneg->setError($this->errorMessenger->_304->id, $this->errorMessenger->ws, 00569 $this->errorMessenger->_304->name, $this->errorMessenger->_304->description, 00570 "The target web service ($this->requested_ws_uri) needs create access and the requested user ($this->requester_ip) doesn't have this access for that dataset ($dataset).", 00571 $this->errorMessenger->_304->level); 00572 } 00573 } 00574 00575 if(strtolower($ws_update) == "true") 00576 { 00577 if(array_search("true", $update) === FALSE) 00578 { 00579 $this->conneg->setStatus(403); 00580 $this->conneg->setStatusMsg("Forbidden"); 00581 $this->conneg->setStatusMsgExt($this->errorMessenger->_305->name); 00582 $this->conneg->setError($this->errorMessenger->_305->id, $this->errorMessenger->ws, 00583 $this->errorMessenger->_305->name, $this->errorMessenger->_305->description, 00584 "The target web service ($this->requested_ws_uri) needs update access and the requested user ($this->requester_ip) doesn't have this access for that dataset ($dataset).", 00585 $this->errorMessenger->_305->level); 00586 } 00587 } 00588 00589 if(strtolower($ws_read) == "true") 00590 { 00591 if(array_search("true", $read) === FALSE) 00592 { 00593 $this->conneg->setStatus(403); 00594 $this->conneg->setStatusMsg("Forbidden"); 00595 $this->conneg->setStatusMsgExt($this->errorMessenger->_306->name); 00596 $this->conneg->setError($this->errorMessenger->_306->id, $this->errorMessenger->ws, 00597 $this->errorMessenger->_306->name, $this->errorMessenger->_306->description, 00598 "The target web service ($this->requested_ws_uri) needs read access and the requested user ($this->requester_ip) doesn't have this access for that dataset ($dataset).", 00599 $this->errorMessenger->_306->level); 00600 00601 return; 00602 } 00603 } 00604 00605 if(strtolower($ws_delete) == "true") 00606 { 00607 if(array_search("true", $delete) === FALSE) 00608 { 00609 $this->conneg->setStatus(403); 00610 $this->conneg->setStatusMsg("Forbidden"); 00611 $this->conneg->setStatusMsgExt($this->errorMessenger->_307->name); 00612 $this->conneg->setError($this->errorMessenger->_307->id, $this->errorMessenger->ws, 00613 $this->errorMessenger->_307->name, $this->errorMessenger->_307->description, 00614 "The target web service needs delete access and the requested user doesn't have this access for that dataset.", 00615 $this->errorMessenger->_307->level); 00616 00617 return; 00618 } 00619 } 00620 } 00621 } 00622 } 00623 } 00624 00626 00627 ?>
Structured Dynamics LLC. All rights reserved.