From 16940097beee0fad554dfcb7249294ff8ac247d4 Mon Sep 17 00:00:00 2001
From: Rob Smart
Date: Wed, 9 Sep 2009 19:42:53 +0100
Subject: The stubs for an authorization service, at the moment the service
will always grant access to an avatar entering the region if requested.
---
OpenSim/Grid/UserServer.Modules/UserManager.cs | 1 +
.../Communications/OGS1/OGS1UserDataPlugin.cs | 1 +
.../Resources/CoreModulePlugin.addin.xml | 2 +
.../LocalAuthorizationServiceConnector.cs | 141 +++++++++++++++++++++
.../RemoteAuthorizationServiceConnector.cs | 113 +++++++++++++++++
OpenSim/Region/Framework/Scenes/Scene.cs | 33 ++++-
.../Authorization/AuthorizationServerConnector.cs | 61 +++++++++
.../Authorization/AuthorizationServerGetHandler.cs | 70 ++++++++++
.../AuthorizationService/AuthorizationService.cs | 56 ++++++++
.../AuthorizationServiceBase.cs | 83 ++++++++++++
.../Authorization/AuthorizationServiceConnector.cs | 91 +++++++++++++
.../Services/Interfaces/IAuthorizationService.cs | 46 +++++++
12 files changed, 697 insertions(+), 1 deletion(-)
create mode 100644 OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/LocalAuthorizationServiceConnector.cs
create mode 100644 OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/RemoteAuthorizationServiceConnector.cs
create mode 100644 OpenSim/Server/Handlers/Authorization/AuthorizationServerConnector.cs
create mode 100644 OpenSim/Server/Handlers/Authorization/AuthorizationServerGetHandler.cs
create mode 100644 OpenSim/Services/AuthorizationService/AuthorizationService.cs
create mode 100644 OpenSim/Services/AuthorizationService/AuthorizationServiceBase.cs
create mode 100644 OpenSim/Services/Connectors/Authorization/AuthorizationServiceConnector.cs
create mode 100644 OpenSim/Services/Interfaces/IAuthorizationService.cs
(limited to 'OpenSim')
diff --git a/OpenSim/Grid/UserServer.Modules/UserManager.cs b/OpenSim/Grid/UserServer.Modules/UserManager.cs
index 0320156..002f232 100644
--- a/OpenSim/Grid/UserServer.Modules/UserManager.cs
+++ b/OpenSim/Grid/UserServer.Modules/UserManager.cs
@@ -166,6 +166,7 @@ namespace OpenSim.Grid.UserServer.Modules
// Account information
responseData["firstname"] = profile.FirstName;
responseData["lastname"] = profile.SurName;
+ responseData["email"] = profile.Email;
responseData["uuid"] = profile.ID.ToString();
// Server Information
responseData["server_inventory"] = profile.UserInventoryURI;
diff --git a/OpenSim/Region/Communications/OGS1/OGS1UserDataPlugin.cs b/OpenSim/Region/Communications/OGS1/OGS1UserDataPlugin.cs
index ec8512a..adc12aa 100644
--- a/OpenSim/Region/Communications/OGS1/OGS1UserDataPlugin.cs
+++ b/OpenSim/Region/Communications/OGS1/OGS1UserDataPlugin.cs
@@ -651,6 +651,7 @@ namespace OpenSim.Region.Communications.OGS1
UserProfileData userData = new UserProfileData();
userData.FirstName = (string)data["firstname"];
userData.SurName = (string)data["lastname"];
+ userData.Email = (string)data["email"];
userData.ID = new UUID((string)data["uuid"]);
userData.Created = Convert.ToInt32(data["profile_created"]);
userData.UserInventoryURI = (string)data["server_inventory"];
diff --git a/OpenSim/Region/CoreModules/Resources/CoreModulePlugin.addin.xml b/OpenSim/Region/CoreModules/Resources/CoreModulePlugin.addin.xml
index 0de5215..f9e61aa 100644
--- a/OpenSim/Region/CoreModules/Resources/CoreModulePlugin.addin.xml
+++ b/OpenSim/Region/CoreModules/Resources/CoreModulePlugin.addin.xml
@@ -26,6 +26,8 @@
+
+
diff --git a/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/LocalAuthorizationServiceConnector.cs b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/LocalAuthorizationServiceConnector.cs
new file mode 100644
index 0000000..7973496
--- /dev/null
+++ b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/LocalAuthorizationServiceConnector.cs
@@ -0,0 +1,141 @@
+/*
+ * Copyright (c) Contributors, http://opensimulator.org/
+ * See CONTRIBUTORS.TXT for a full list of copyright holders.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * * Neither the name of the OpenSimulator Project nor the
+ * names of its contributors may be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+using log4net;
+using Nini.Config;
+using System;
+using System.Collections.Generic;
+using System.Reflection;
+using OpenSim.Framework;
+using OpenSim.Server.Base;
+using OpenSim.Region.Framework.Interfaces;
+using OpenSim.Region.Framework.Scenes;
+using OpenSim.Services.Interfaces;
+using OpenMetaverse;
+
+namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization
+{
+ public class LocalAuthorizationServicesConnector :
+ ISharedRegionModule, IAuthorizationService
+ {
+ private static readonly ILog m_log =
+ LogManager.GetLogger(
+ MethodBase.GetCurrentMethod().DeclaringType);
+
+ private IAuthorizationService m_AuthorizationService;
+
+ private bool m_Enabled = false;
+
+ public Type ReplaceableInterface
+ {
+ get { return null; }
+ }
+
+ public string Name
+ {
+ get { return "LocalAuthorizationServicesConnector"; }
+ }
+
+ public void Initialise(IConfigSource source)
+ {
+ m_log.Info("[AUTHORIZATION CONNECTOR]: Initialise");
+
+ IConfig moduleConfig = source.Configs["Modules"];
+ if (moduleConfig != null)
+ {
+ string name = moduleConfig.GetString("AuthorizationServices", "");
+ if (name == Name)
+ {
+ IConfig authorizationConfig = source.Configs["AuthorizationService"];
+ if (authorizationConfig == null)
+ {
+ m_log.Error("[AUTHORIZATION CONNECTOR]: AuthorizationService missing from OpenSim.ini");
+ return;
+ }
+
+ string serviceDll = authorizationConfig.GetString("LocalServiceModule",
+ String.Empty);
+
+ if (serviceDll == String.Empty)
+ {
+ m_log.Error("[AUTHORIZATION CONNECTOR]: No LocalServiceModule named in section AuthorizationService");
+ return;
+ }
+
+ Object[] args = new Object[] { source };
+ m_AuthorizationService =
+ ServerUtils.LoadPlugin(serviceDll,
+ args);
+
+ if (m_AuthorizationService == null)
+ {
+ m_log.Error("[AUTHORIZATION CONNECTOR]: Can't load authorization service");
+ return;
+ }
+ m_Enabled = true;
+ m_log.Info("[AUTHORIZATION CONNECTOR]: Local authorization connector enabled");
+ }
+ }
+ }
+
+ public void PostInitialise()
+ {
+ }
+
+ public void Close()
+ {
+ }
+
+ public void AddRegion(Scene scene)
+ {
+ if (!m_Enabled)
+ return;
+
+ scene.RegisterModuleInterface(this);
+ }
+
+ public void RemoveRegion(Scene scene)
+ {
+ }
+
+ public void RegionLoaded(Scene scene)
+ {
+ if (!m_Enabled)
+ return;
+
+ m_log.InfoFormat("[AUTHORIZATION CONNECTOR]: Enabled local authorization for region {0}", scene.RegionInfo.RegionName);
+
+
+ }
+
+ public bool isAuthorizedForRegion(UserProfileData user, RegionInfo region)
+ {
+ return m_AuthorizationService.isAuthorizedForRegion( user, region);
+ }
+
+ }
+}
diff --git a/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/RemoteAuthorizationServiceConnector.cs b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/RemoteAuthorizationServiceConnector.cs
new file mode 100644
index 0000000..5870111
--- /dev/null
+++ b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/RemoteAuthorizationServiceConnector.cs
@@ -0,0 +1,113 @@
+/*
+ * Copyright (c) Contributors, http://opensimulator.org/
+ * See CONTRIBUTORS.TXT for a full list of copyright holders.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * * Neither the name of the OpenSimulator Project nor the
+ * names of its contributors may be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+using log4net;
+using System;
+using System.Collections.Generic;
+using System.Reflection;
+using Nini.Config;
+using OpenSim.Framework;
+using OpenSim.Services.Connectors;
+using OpenSim.Region.Framework.Interfaces;
+using OpenSim.Region.Framework.Scenes;
+using OpenSim.Services.Interfaces;
+
+namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization
+{
+ public class RemoteAuthorizationServicesConnector :
+ AuthorizationServicesConnector, ISharedRegionModule, IAuthorizationService
+ {
+ private static readonly ILog m_log =
+ LogManager.GetLogger(
+ MethodBase.GetCurrentMethod().DeclaringType);
+
+ private bool m_Enabled = false;
+
+ public Type ReplaceableInterface
+ {
+ get { return null; }
+ }
+
+ public string Name
+ {
+ get { return "RemoteAuthorizationServicesConnector"; }
+ }
+
+ public override void Initialise(IConfigSource source)
+ {
+ IConfig moduleConfig = source.Configs["Modules"];
+ if (moduleConfig != null)
+ {
+ string name = moduleConfig.GetString("AuthorizationServices", "");
+ if (name == Name)
+ {
+ IConfig authorizationConfig = source.Configs["AuthorizationService"];
+ if (authorizationConfig == null)
+ {
+ m_log.Error("[AUTHORIZATION CONNECTOR]: AuthorizationService missing from OpenSim.ini");
+ return;
+ }
+
+ m_Enabled = true;
+
+ base.Initialise(source);
+
+ m_log.Info("[AUTHORIZATION CONNECTOR]: Remote assets enabled");
+ }
+ }
+ }
+
+ public void PostInitialise()
+ {
+ }
+
+ public void Close()
+ {
+ }
+
+ public void AddRegion(Scene scene)
+ {
+ if (!m_Enabled)
+ return;
+
+ scene.RegisterModuleInterface(this);
+ }
+
+ public void RemoveRegion(Scene scene)
+ {
+ }
+
+ public void RegionLoaded(Scene scene)
+ {
+ if (!m_Enabled)
+ return;
+
+ m_log.InfoFormat("[AUTHORIZATION CONNECTOR]: Enabled remote authorization for region {0}", scene.RegionInfo.RegionName);
+
+ }
+ }
+}
diff --git a/OpenSim/Region/Framework/Scenes/Scene.cs b/OpenSim/Region/Framework/Scenes/Scene.cs
index 5e27eff..1346844 100644
--- a/OpenSim/Region/Framework/Scenes/Scene.cs
+++ b/OpenSim/Region/Framework/Scenes/Scene.cs
@@ -134,6 +134,7 @@ namespace OpenSim.Region.Framework.Scenes
public IXfer XferManager;
protected IAssetService m_AssetService = null;
+ protected IAuthorizationService m_AuthorizationService = null;
public IAssetService AssetService
{
@@ -152,6 +153,25 @@ namespace OpenSim.Region.Framework.Scenes
return m_AssetService;
}
}
+
+ public IAuthorizationService AuthorizationService
+ {
+ get
+ {
+ if (m_AuthorizationService == null)
+ {
+ m_AuthorizationService = RequestModuleInterface();
+
+ if (m_AuthorizationService == null)
+ {
+ // don't throw an exception if no authorization service is set for the time being
+ m_log.InfoFormat("[SCENE]: No Authorization service is configured");
+ }
+ }
+
+ return m_AuthorizationService;
+ }
+ }
protected IInventoryService m_InventoryService = null;
@@ -3230,7 +3250,18 @@ namespace OpenSim.Region.Framework.Scenes
if (!m_strictAccessControl) return true;
if (Permissions.IsGod(agent.AgentID)) return true;
-
+
+ UserProfileData userProfile = CommsManager.UserService.GetUserProfile(agent.AgentID);
+
+ if(AuthorizationService!=null)
+ {
+ if(!AuthorizationService.isAuthorizedForRegion(userProfile,RegionInfo))
+ {
+ m_log.WarnFormat("[CONNECTION BEGIN]: Denied access to: {0} ({1} {2}) at {3} because the user does not have access to the region",
+ agent.AgentID, agent.firstname, agent.lastname, RegionInfo.RegionName);
+ return false;
+ }
+ }
if (m_regInfo.EstateSettings.IsBanned(agent.AgentID))
{
diff --git a/OpenSim/Server/Handlers/Authorization/AuthorizationServerConnector.cs b/OpenSim/Server/Handlers/Authorization/AuthorizationServerConnector.cs
new file mode 100644
index 0000000..725cf78
--- /dev/null
+++ b/OpenSim/Server/Handlers/Authorization/AuthorizationServerConnector.cs
@@ -0,0 +1,61 @@
+/*
+ * Copyright (c) Contributors, http://opensimulator.org/
+ * See CONTRIBUTORS.TXT for a full list of copyright holders.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * * Neither the name of the OpenSimulator Project nor the
+ * names of its contributors may be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+using System;
+using Nini.Config;
+using OpenSim.Server.Base;
+using OpenSim.Services.Interfaces;
+using OpenSim.Framework.Servers.HttpServer;
+using OpenSim.Server.Handlers.Base;
+
+namespace OpenSim.Server.Handlers.Authorization
+{
+ public class AuthorizationServerConnector : ServiceConnector
+ {
+ private IAuthorizationService m_AuthorizationService;
+
+ public AuthorizationServerConnector(IConfigSource config, IHttpServer server) :
+ base(config, server)
+ {
+ IConfig serverConfig = config.Configs["AuthorizationService"];
+ if (serverConfig == null)
+ throw new Exception("No section 'Server' in config file");
+
+ string authorizationService = serverConfig.GetString("LocalServiceModule",
+ String.Empty);
+
+ if (authorizationService == String.Empty)
+ throw new Exception("No AuthorizationService in config file");
+
+ Object[] args = new Object[] { config };
+ m_AuthorizationService =
+ ServerUtils.LoadPlugin(authorizationService, args);
+
+ server.AddStreamHandler(new AuthorizationServerGetHandler(m_AuthorizationService));
+ }
+ }
+}
diff --git a/OpenSim/Server/Handlers/Authorization/AuthorizationServerGetHandler.cs b/OpenSim/Server/Handlers/Authorization/AuthorizationServerGetHandler.cs
new file mode 100644
index 0000000..4e4960c
--- /dev/null
+++ b/OpenSim/Server/Handlers/Authorization/AuthorizationServerGetHandler.cs
@@ -0,0 +1,70 @@
+/*
+ * Copyright (c) Contributors, http://opensimulator.org/
+ * See CONTRIBUTORS.TXT for a full list of copyright holders.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * * Neither the name of the OpenSimulator Project nor the
+ * names of its contributors may be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+using Nini.Config;
+using log4net;
+using System;
+using System.IO;
+using System.Reflection;
+using System.Net;
+using System.Text;
+using System.Text.RegularExpressions;
+using System.Xml;
+using System.Xml.Serialization;
+using OpenSim.Server.Base;
+using OpenSim.Services.Interfaces;
+using OpenSim.Framework;
+using OpenSim.Framework.Servers.HttpServer;
+
+namespace OpenSim.Server.Handlers.Authorization
+{
+ public class AuthorizationServerGetHandler : BaseStreamHandler
+ {
+ private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
+
+
+ public AuthorizationServerGetHandler(IAuthorizationService service) :
+ base("GET", "/authorization")
+ {
+ }
+
+ public override byte[] Handle(string path, Stream request,
+ OSHttpRequest httpRequest, OSHttpResponse httpResponse)
+ {
+ byte[] result = new byte[0];
+
+ string[] p = SplitParams(path);
+
+ if (p.Length == 0)
+ return result;
+
+ // Process web request
+
+ return result;
+ }
+ }
+}
diff --git a/OpenSim/Services/AuthorizationService/AuthorizationService.cs b/OpenSim/Services/AuthorizationService/AuthorizationService.cs
new file mode 100644
index 0000000..e779325
--- /dev/null
+++ b/OpenSim/Services/AuthorizationService/AuthorizationService.cs
@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) Contributors, http://opensimulator.org/
+ * See CONTRIBUTORS.TXT for a full list of copyright holders.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * * Neither the name of the OpenSimulator Project nor the
+ * names of its contributors may be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+using System;
+using System.Reflection;
+using Nini.Config;
+using log4net;
+using OpenSim.Framework;
+using OpenSim.Framework.Console;
+using OpenSim.Data;
+using OpenSim.Services.Interfaces;
+using OpenMetaverse;
+
+namespace OpenSim.Services.AuthorizationService
+{
+ public class AuthorizationService : AuthorizationServiceBase, IAuthorizationService
+ {
+ private static readonly ILog m_log =
+ LogManager.GetLogger(
+ MethodBase.GetCurrentMethod().DeclaringType);
+
+ public AuthorizationService(IConfigSource config) : base(config)
+ {
+ m_log.Info("[AUTHORIZATION CONNECTOR]: Local Authorization service enabled");
+ }
+
+ public bool isAuthorizedForRegion(UserProfileData user, RegionInfo region)
+ {
+ return true;
+ }
+ }
+}
diff --git a/OpenSim/Services/AuthorizationService/AuthorizationServiceBase.cs b/OpenSim/Services/AuthorizationService/AuthorizationServiceBase.cs
new file mode 100644
index 0000000..9e6d070
--- /dev/null
+++ b/OpenSim/Services/AuthorizationService/AuthorizationServiceBase.cs
@@ -0,0 +1,83 @@
+/*
+ * Copyright (c) Contributors, http://opensimulator.org/
+ * See CONTRIBUTORS.TXT for a full list of copyright holders.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * * Neither the name of the OpenSimulator Project nor the
+ * names of its contributors may be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+using System;
+using System.Reflection;
+using Nini.Config;
+using OpenSim.Framework;
+using OpenSim.Data;
+using OpenSim.Services.Interfaces;
+using OpenSim.Services.Base;
+
+namespace OpenSim.Services.AuthorizationService
+{
+ public class AuthorizationServiceBase : ServiceBase
+ {
+ protected IAssetDataPlugin m_Database = null;
+
+ public AuthorizationServiceBase(IConfigSource config) : base(config)
+ {
+ string dllName = String.Empty;
+ string connString = String.Empty;
+
+ //
+ // Try reading the [AuthorizationService] section first, if it exists
+ //
+ IConfig assetConfig = config.Configs["AuthorizationService"];
+ if (assetConfig != null)
+ {
+ dllName = assetConfig.GetString("StorageProvider", dllName);
+ connString = assetConfig.GetString("ConnectionString", connString);
+ }
+
+ //
+ // Try reading the [DatabaseService] section, if it exists
+ //
+ IConfig dbConfig = config.Configs["DatabaseService"];
+ if (dbConfig != null)
+ {
+ if (dllName == String.Empty)
+ dllName = dbConfig.GetString("StorageProvider", String.Empty);
+ if (connString == String.Empty)
+ connString = dbConfig.GetString("ConnectionString", String.Empty);
+ }
+
+ //
+ // We tried, but this doesn't exist. We can't proceed.
+ //
+ if (dllName.Equals(String.Empty))
+ throw new Exception("No StorageProvider configured");
+
+ m_Database = LoadPlugin(dllName);
+ if (m_Database == null)
+ throw new Exception("Could not find a storage interface in the given module");
+
+ m_Database.Initialise(connString);
+
+ }
+ }
+}
diff --git a/OpenSim/Services/Connectors/Authorization/AuthorizationServiceConnector.cs b/OpenSim/Services/Connectors/Authorization/AuthorizationServiceConnector.cs
new file mode 100644
index 0000000..a0cdc30
--- /dev/null
+++ b/OpenSim/Services/Connectors/Authorization/AuthorizationServiceConnector.cs
@@ -0,0 +1,91 @@
+/*
+ * Copyright (c) Contributors, http://opensimulator.org/
+ * See CONTRIBUTORS.TXT for a full list of copyright holders.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * * Neither the name of the OpenSimulator Project nor the
+ * names of its contributors may be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+using log4net;
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Reflection;
+using Nini.Config;
+using OpenSim.Framework;
+using OpenSim.Framework.Communications;
+using OpenSim.Framework.Servers.HttpServer;
+using OpenSim.Services.Interfaces;
+using OpenMetaverse;
+
+namespace OpenSim.Services.Connectors
+{
+ public class AuthorizationServicesConnector : IAuthorizationService
+ {
+ private static readonly ILog m_log =
+ LogManager.GetLogger(
+ MethodBase.GetCurrentMethod().DeclaringType);
+
+ private string m_ServerURI = String.Empty;
+
+ public AuthorizationServicesConnector()
+ {
+ }
+
+ public AuthorizationServicesConnector(string serverURI)
+ {
+ m_ServerURI = serverURI.TrimEnd('/');
+ }
+
+ public AuthorizationServicesConnector(IConfigSource source)
+ {
+ Initialise(source);
+ }
+
+ public virtual void Initialise(IConfigSource source)
+ {
+ IConfig authorizationConfig = source.Configs["AuthorizationService"];
+ if (authorizationConfig == null)
+ {
+ m_log.Error("[AUTHORIZATION CONNECTOR]: AuthorizationService missing from OpanSim.ini");
+ throw new Exception("Authorization connector init error");
+ }
+
+ string serviceURI = authorizationConfig.GetString("AuthorizationServerURI",
+ String.Empty);
+
+ if (serviceURI == String.Empty)
+ {
+ m_log.Error("[AUTHORIZATION CONNECTOR]: No Server URI named in section AssetService");
+ throw new Exception("Authorization connector init error");
+ }
+ m_ServerURI = serviceURI;
+ }
+
+ public bool isAuthorizedForRegion(UserProfileData user, RegionInfo region)
+ {
+ // call remote service
+ return true;
+ }
+
+ }
+}
diff --git a/OpenSim/Services/Interfaces/IAuthorizationService.cs b/OpenSim/Services/Interfaces/IAuthorizationService.cs
new file mode 100644
index 0000000..e8b7298
--- /dev/null
+++ b/OpenSim/Services/Interfaces/IAuthorizationService.cs
@@ -0,0 +1,46 @@
+/*
+ * Copyright (c) Contributors, http://opensimulator.org/
+ * See CONTRIBUTORS.TXT for a full list of copyright holders.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * * Neither the name of the OpenSimulator Project nor the
+ * names of its contributors may be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+using System;
+using OpenSim.Framework;
+
+namespace OpenSim.Services.Interfaces
+{
+ // Generic Authorization service used for authorizing principals in a particular region
+
+ public interface IAuthorizationService
+ {
+ //////////////////////////////////////////////////////
+ // Authorized
+ //
+ // This method returns a simple true false indicating
+ // whether or not a user has access to the region
+ //
+ bool isAuthorizedForRegion(UserProfileData user, RegionInfo region);
+
+ }
+}
--
cgit v1.1
From 953ef780c5858b70b3b2da551640c93105feb12c Mon Sep 17 00:00:00 2001
From: Rob Smart
Date: Thu, 10 Sep 2009 16:13:18 +0100
Subject: adding in working functionality for the remote connector
---
.../RemoteAuthorizationServiceConnector.cs | 2 +-
.../Authorization/AuthorizationServerGetHandler.cs | 37 ++++++++++++++++++----
.../Authorization/AuthorizationServiceConnector.cs | 36 ++++++++++++++++++---
3 files changed, 64 insertions(+), 11 deletions(-)
(limited to 'OpenSim')
diff --git a/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/RemoteAuthorizationServiceConnector.cs b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/RemoteAuthorizationServiceConnector.cs
index 5870111..b0d8baa 100644
--- a/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/RemoteAuthorizationServiceConnector.cs
+++ b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/RemoteAuthorizationServiceConnector.cs
@@ -76,7 +76,7 @@ namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization
base.Initialise(source);
- m_log.Info("[AUTHORIZATION CONNECTOR]: Remote assets enabled");
+ m_log.Info("[AUTHORIZATION CONNECTOR]: Remote authorization enabled");
}
}
}
diff --git a/OpenSim/Server/Handlers/Authorization/AuthorizationServerGetHandler.cs b/OpenSim/Server/Handlers/Authorization/AuthorizationServerGetHandler.cs
index 4e4960c..9e4c00e 100644
--- a/OpenSim/Server/Handlers/Authorization/AuthorizationServerGetHandler.cs
+++ b/OpenSim/Server/Handlers/Authorization/AuthorizationServerGetHandler.cs
@@ -55,16 +55,41 @@ namespace OpenSim.Server.Handlers.Authorization
public override byte[] Handle(string path, Stream request,
OSHttpRequest httpRequest, OSHttpResponse httpResponse)
{
- byte[] result = new byte[0];
+ // always return success for now, this is just stub functionality
+ return SuccessResult();
+ }
+
+ private byte[] SuccessResult()
+ {
+ XmlDocument doc = new XmlDocument();
+
+ XmlNode xmlnode = doc.CreateNode(XmlNodeType.XmlDeclaration,
+ "", "");
+
+ doc.AppendChild(xmlnode);
- string[] p = SplitParams(path);
+ XmlElement rootElement = doc.CreateElement("", "Authorization",
+ "");
- if (p.Length == 0)
- return result;
+ doc.AppendChild(rootElement);
- // Process web request
+ XmlElement result = doc.CreateElement("", "Result", "");
+ result.AppendChild(doc.CreateTextNode("success"));
+
+ rootElement.AppendChild(result);
+
+ return DocToBytes(doc);
+ }
+
+ private byte[] DocToBytes(XmlDocument doc)
+ {
+ MemoryStream ms = new MemoryStream();
+ XmlTextWriter xw = new XmlTextWriter(ms, null);
+ xw.Formatting = Formatting.Indented;
+ doc.WriteTo(xw);
+ xw.Flush();
- return result;
+ return ms.GetBuffer();
}
}
}
diff --git a/OpenSim/Services/Connectors/Authorization/AuthorizationServiceConnector.cs b/OpenSim/Services/Connectors/Authorization/AuthorizationServiceConnector.cs
index a0cdc30..151d96a 100644
--- a/OpenSim/Services/Connectors/Authorization/AuthorizationServiceConnector.cs
+++ b/OpenSim/Services/Connectors/Authorization/AuthorizationServiceConnector.cs
@@ -46,6 +46,7 @@ namespace OpenSim.Services.Connectors
MethodBase.GetCurrentMethod().DeclaringType);
private string m_ServerURI = String.Empty;
+ private bool m_ResponseOnFailure = true;
public AuthorizationServicesConnector()
{
@@ -66,7 +67,7 @@ namespace OpenSim.Services.Connectors
IConfig authorizationConfig = source.Configs["AuthorizationService"];
if (authorizationConfig == null)
{
- m_log.Error("[AUTHORIZATION CONNECTOR]: AuthorizationService missing from OpanSim.ini");
+ m_log.Error("[AUTHORIZATION CONNECTOR]: AuthorizationService missing from OpenSim.ini");
throw new Exception("Authorization connector init error");
}
@@ -75,16 +76,43 @@ namespace OpenSim.Services.Connectors
if (serviceURI == String.Empty)
{
- m_log.Error("[AUTHORIZATION CONNECTOR]: No Server URI named in section AssetService");
+ m_log.Error("[AUTHORIZATION CONNECTOR]: No Server URI named in section AuthorizationService");
throw new Exception("Authorization connector init error");
}
m_ServerURI = serviceURI;
+
+ // this dictates what happens if the remote service fails, if the service fails and the value is true
+ // the user is authorized for the region.
+ bool responseOnFailure = authorizationConfig.GetBoolean("ResponseOnFailure",true);
+
+ m_ResponseOnFailure = responseOnFailure;
}
public bool isAuthorizedForRegion(UserProfileData user, RegionInfo region)
{
- // call remote service
- return true;
+ // this should be a remote call to the authorization server specified in the AuthorizationServerURI
+ m_log.Info("[AUTHORIZATION CONNECTOR]: isAuthorizedForRegion is not yet implemented. Returning true, the user is authorized ");
+
+ string uri = m_ServerURI + "?uuid="+user.ID + "&firstname="+user.FirstName+"&lastname="+user.SurName+"®ion="+region.RegionName+"®ionid="+region.RegionID+"&email="+user.Email;
+
+ string result = string.Empty;
+
+ try
+ {
+ result = SynchronousRestObjectRequester.
+ MakeRequest("POST", uri, user);
+ }
+ catch (Exception e)
+ {
+ m_log.WarnFormat("[AUTHORIZATION CONNECTOR]: Unable to send authorize {0} {1} for region {2} error thrown during comms with remote server. Reason: {3}", user.FirstName,user.SurName,region.RegionName, e.Message);
+ return m_ResponseOnFailure;
+ }
+
+ m_log.DebugFormat("[AUTHORIZATION CONNECTOR] response from remote service was {0}",result);
+ if(result.Contains("success"))
+ return true;
+ else
+ return false;
}
}
--
cgit v1.1
From b5c8925fdf17db87df6118449f2f84adb1326225 Mon Sep 17 00:00:00 2001
From: Rob Smart
Date: Thu, 10 Sep 2009 20:15:50 +0100
Subject: added AuthorizationRequest and AuthorizationResponse objects for
passing Authorization messages over http. Added handling code for these in
the AuthorizationServerConnector and AuthorizationServicesConnector
---
OpenSim/Framework/AuthorizationRequest.cs | 92 +++++++++++++++++++++
OpenSim/Framework/AuthorizationResponse.cs | 58 +++++++++++++
.../Authorization/AuthorizationServerConnector.cs | 2 +-
.../Authorization/AuthorizationServerGetHandler.cs | 95 ----------------------
.../AuthorizationServerPostHandler.cs | 70 ++++++++++++++++
.../Authorization/AuthorizationServiceConnector.cs | 17 ++--
6 files changed, 230 insertions(+), 104 deletions(-)
create mode 100644 OpenSim/Framework/AuthorizationRequest.cs
create mode 100644 OpenSim/Framework/AuthorizationResponse.cs
delete mode 100644 OpenSim/Server/Handlers/Authorization/AuthorizationServerGetHandler.cs
create mode 100644 OpenSim/Server/Handlers/Authorization/AuthorizationServerPostHandler.cs
(limited to 'OpenSim')
diff --git a/OpenSim/Framework/AuthorizationRequest.cs b/OpenSim/Framework/AuthorizationRequest.cs
new file mode 100644
index 0000000..864d87d
--- /dev/null
+++ b/OpenSim/Framework/AuthorizationRequest.cs
@@ -0,0 +1,92 @@
+/*
+ * Copyright (c) Contributors, http://opensimulator.org/
+ * See CONTRIBUTORS.TXT for a full list of copyright holders.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * * Neither the name of the OpenSimulator Project nor the
+ * names of its contributors may be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+namespace OpenSim.Framework
+{
+ public class AuthorizationRequest
+ {
+ private string m_ID;
+ private string m_firstname;
+ private string m_surname;
+ private string m_email;
+ private string m_regionName;
+ private string m_regionID;
+
+ public AuthorizationRequest()
+ {
+ }
+
+ public AuthorizationRequest(string ID,string FirstName, string SurName, string Email, string RegionName, string RegionID)
+ {
+ m_ID = ID;
+ m_firstname = FirstName;
+ m_surname = SurName;
+ m_email = Email;
+ m_regionName = RegionName;
+ m_regionID = RegionID;
+ }
+
+ public string ID
+ {
+ get { return m_ID; }
+ set { m_ID = value; }
+ }
+
+ public string FirstName
+ {
+ get { return m_firstname; }
+ set { m_firstname = value; }
+ }
+
+ public string SurName
+ {
+ get { return m_surname; }
+ set { m_surname = value; }
+ }
+
+ public string Email
+ {
+ get { return m_email; }
+ set { m_email = value; }
+ }
+
+ public string RegionName
+ {
+ get { return m_regionName; }
+ set { m_regionName = value; }
+ }
+
+ public string RegionID
+ {
+ get { return m_regionID; }
+ set { m_regionID = value; }
+ }
+
+
+
+ }
+}
\ No newline at end of file
diff --git a/OpenSim/Framework/AuthorizationResponse.cs b/OpenSim/Framework/AuthorizationResponse.cs
new file mode 100644
index 0000000..5a03dfe
--- /dev/null
+++ b/OpenSim/Framework/AuthorizationResponse.cs
@@ -0,0 +1,58 @@
+/*
+ * Copyright (c) Contributors, http://opensimulator.org/
+ * See CONTRIBUTORS.TXT for a full list of copyright holders.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * * Neither the name of the OpenSimulator Project nor the
+ * names of its contributors may be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+namespace OpenSim.Framework
+{
+ public class AuthorizationResponse
+ {
+ private bool m_isAuthorized;
+ private string m_message;
+
+ public AuthorizationResponse()
+ {
+ }
+
+ public AuthorizationResponse(bool isAuthorized,string message)
+ {
+ m_isAuthorized = isAuthorized;
+ m_message = message;
+
+ }
+
+ public bool IsAuthorized
+ {
+ get { return m_isAuthorized; }
+ set { m_isAuthorized = value; }
+ }
+
+ public string Message
+ {
+ get { return m_message; }
+ set { m_message = value; }
+ }
+ }
+}
\ No newline at end of file
diff --git a/OpenSim/Server/Handlers/Authorization/AuthorizationServerConnector.cs b/OpenSim/Server/Handlers/Authorization/AuthorizationServerConnector.cs
index 725cf78..0d9f239 100644
--- a/OpenSim/Server/Handlers/Authorization/AuthorizationServerConnector.cs
+++ b/OpenSim/Server/Handlers/Authorization/AuthorizationServerConnector.cs
@@ -55,7 +55,7 @@ namespace OpenSim.Server.Handlers.Authorization
m_AuthorizationService =
ServerUtils.LoadPlugin(authorizationService, args);
- server.AddStreamHandler(new AuthorizationServerGetHandler(m_AuthorizationService));
+ server.AddStreamHandler(new AuthorizationServerPostHandler(m_AuthorizationService));
}
}
}
diff --git a/OpenSim/Server/Handlers/Authorization/AuthorizationServerGetHandler.cs b/OpenSim/Server/Handlers/Authorization/AuthorizationServerGetHandler.cs
deleted file mode 100644
index 9e4c00e..0000000
--- a/OpenSim/Server/Handlers/Authorization/AuthorizationServerGetHandler.cs
+++ /dev/null
@@ -1,95 +0,0 @@
-/*
- * Copyright (c) Contributors, http://opensimulator.org/
- * See CONTRIBUTORS.TXT for a full list of copyright holders.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- * * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * * Neither the name of the OpenSimulator Project nor the
- * names of its contributors may be used to endorse or promote products
- * derived from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
- * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-using Nini.Config;
-using log4net;
-using System;
-using System.IO;
-using System.Reflection;
-using System.Net;
-using System.Text;
-using System.Text.RegularExpressions;
-using System.Xml;
-using System.Xml.Serialization;
-using OpenSim.Server.Base;
-using OpenSim.Services.Interfaces;
-using OpenSim.Framework;
-using OpenSim.Framework.Servers.HttpServer;
-
-namespace OpenSim.Server.Handlers.Authorization
-{
- public class AuthorizationServerGetHandler : BaseStreamHandler
- {
- private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
-
-
- public AuthorizationServerGetHandler(IAuthorizationService service) :
- base("GET", "/authorization")
- {
- }
-
- public override byte[] Handle(string path, Stream request,
- OSHttpRequest httpRequest, OSHttpResponse httpResponse)
- {
- // always return success for now, this is just stub functionality
- return SuccessResult();
- }
-
- private byte[] SuccessResult()
- {
- XmlDocument doc = new XmlDocument();
-
- XmlNode xmlnode = doc.CreateNode(XmlNodeType.XmlDeclaration,
- "", "");
-
- doc.AppendChild(xmlnode);
-
- XmlElement rootElement = doc.CreateElement("", "Authorization",
- "");
-
- doc.AppendChild(rootElement);
-
- XmlElement result = doc.CreateElement("", "Result", "");
- result.AppendChild(doc.CreateTextNode("success"));
-
- rootElement.AppendChild(result);
-
- return DocToBytes(doc);
- }
-
- private byte[] DocToBytes(XmlDocument doc)
- {
- MemoryStream ms = new MemoryStream();
- XmlTextWriter xw = new XmlTextWriter(ms, null);
- xw.Formatting = Formatting.Indented;
- doc.WriteTo(xw);
- xw.Flush();
-
- return ms.GetBuffer();
- }
- }
-}
diff --git a/OpenSim/Server/Handlers/Authorization/AuthorizationServerPostHandler.cs b/OpenSim/Server/Handlers/Authorization/AuthorizationServerPostHandler.cs
new file mode 100644
index 0000000..407a18a
--- /dev/null
+++ b/OpenSim/Server/Handlers/Authorization/AuthorizationServerPostHandler.cs
@@ -0,0 +1,70 @@
+/*
+ * Copyright (c) Contributors, http://opensimulator.org/
+ * See CONTRIBUTORS.TXT for a full list of copyright holders.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * * Neither the name of the OpenSimulator Project nor the
+ * names of its contributors may be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+using Nini.Config;
+using log4net;
+using System;
+using System.Reflection;
+using System.IO;
+using System.Net;
+using System.Text;
+using System.Text.RegularExpressions;
+using System.Xml;
+using System.Xml.Serialization;
+using OpenSim.Server.Base;
+using OpenSim.Services.Interfaces;
+using OpenSim.Framework;
+using OpenSim.Framework.Servers.HttpServer;
+
+namespace OpenSim.Server.Handlers.Authorization
+{
+ public class AuthorizationServerPostHandler : BaseStreamHandler
+ {
+ private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
+
+ private IAuthorizationService m_AuthorizationService;
+
+ public AuthorizationServerPostHandler(IAuthorizationService service) :
+ base("POST", "/authorization")
+ {
+ m_AuthorizationService = service;
+ }
+
+ public override byte[] Handle(string path, Stream request,
+ OSHttpRequest httpRequest, OSHttpResponse httpResponse)
+ {
+ XmlSerializer xs = new XmlSerializer(typeof (AuthorizationRequest));
+ AuthorizationRequest Authorization = (AuthorizationRequest) xs.Deserialize(request);
+
+ AuthorizationResponse result = new AuthorizationResponse(true,Authorization.FirstName + " " + Authorization.SurName + " has been authorized");
+
+ xs = new XmlSerializer(typeof(AuthorizationResponse));
+ return ServerUtils.SerializeResult(xs, result);
+
+ }
+ }
+}
diff --git a/OpenSim/Services/Connectors/Authorization/AuthorizationServiceConnector.cs b/OpenSim/Services/Connectors/Authorization/AuthorizationServiceConnector.cs
index 151d96a..d65afc6 100644
--- a/OpenSim/Services/Connectors/Authorization/AuthorizationServiceConnector.cs
+++ b/OpenSim/Services/Connectors/Authorization/AuthorizationServiceConnector.cs
@@ -90,26 +90,27 @@ namespace OpenSim.Services.Connectors
public bool isAuthorizedForRegion(UserProfileData user, RegionInfo region)
{
- // this should be a remote call to the authorization server specified in the AuthorizationServerURI
- m_log.Info("[AUTHORIZATION CONNECTOR]: isAuthorizedForRegion is not yet implemented. Returning true, the user is authorized ");
+ // do a remote call to the authorization server specified in the AuthorizationServerURI
+ m_log.InfoFormat("[AUTHORIZATION CONNECTOR]: isAuthorizedForRegion checking {0} {1} at remote server {2}",user.FirstName,user.SurName, m_ServerURI);
- string uri = m_ServerURI + "?uuid="+user.ID + "&firstname="+user.FirstName+"&lastname="+user.SurName+"®ion="+region.RegionName+"®ionid="+region.RegionID+"&email="+user.Email;
+ string uri = m_ServerURI;
- string result = string.Empty;
+ AuthorizationRequest req = new AuthorizationRequest(user.ID.ToString(),user.FirstName,user.SurName,user.Email,region.RegionName,region.RegionID.ToString());
+ AuthorizationResponse response;
try
{
- result = SynchronousRestObjectRequester.
- MakeRequest("POST", uri, user);
+ response = SynchronousRestObjectRequester.MakeRequest("POST", uri, req);
}
catch (Exception e)
{
m_log.WarnFormat("[AUTHORIZATION CONNECTOR]: Unable to send authorize {0} {1} for region {2} error thrown during comms with remote server. Reason: {3}", user.FirstName,user.SurName,region.RegionName, e.Message);
+ m_log.WarnFormat("Inner Exception is {0}",e.InnerException);
return m_ResponseOnFailure;
}
- m_log.DebugFormat("[AUTHORIZATION CONNECTOR] response from remote service was {0}",result);
- if(result.Contains("success"))
+ m_log.DebugFormat("[AUTHORIZATION CONNECTOR] response from remote service was {0}",response.Message);
+ if(response.IsAuthorized)
return true;
else
return false;
--
cgit v1.1
From ce332f235ccc5168cfc44834e16318497c67cdd7 Mon Sep 17 00:00:00 2001
From: Diva Canto
Date: Thu, 10 Sep 2009 19:56:08 -0700
Subject: Changed the interface of IAuthorizationService to get less data.
---
OpenSim/Framework/AuthorizationRequest.cs | 40 ++++------------------
OpenSim/Framework/AuthorizationResponse.cs | 2 +-
.../LocalAuthorizationServiceConnector.cs | 6 ++--
OpenSim/Region/Framework/Scenes/Scene.cs | 8 ++---
.../AuthorizationServerPostHandler.cs | 4 ++-
.../AuthorizationService/AuthorizationService.cs | 2 +-
.../Authorization/AuthorizationServiceConnector.cs | 16 ++++-----
.../Services/Interfaces/IAuthorizationService.cs | 2 +-
8 files changed, 25 insertions(+), 55 deletions(-)
(limited to 'OpenSim')
diff --git a/OpenSim/Framework/AuthorizationRequest.cs b/OpenSim/Framework/AuthorizationRequest.cs
index 864d87d..3280c65 100644
--- a/OpenSim/Framework/AuthorizationRequest.cs
+++ b/OpenSim/Framework/AuthorizationRequest.cs
@@ -29,7 +29,7 @@ namespace OpenSim.Framework
{
public class AuthorizationRequest
{
- private string m_ID;
+ private string m_userID;
private string m_firstname;
private string m_surname;
private string m_email;
@@ -40,46 +40,18 @@ namespace OpenSim.Framework
{
}
- public AuthorizationRequest(string ID,string FirstName, string SurName, string Email, string RegionName, string RegionID)
+ public AuthorizationRequest(string ID, string RegionID)
{
- m_ID = ID;
- m_firstname = FirstName;
- m_surname = SurName;
- m_email = Email;
- m_regionName = RegionName;
+ m_userID = ID;
m_regionID = RegionID;
}
public string ID
{
- get { return m_ID; }
- set { m_ID = value; }
+ get { return m_userID; }
+ set { m_userID = value; }
}
-
- public string FirstName
- {
- get { return m_firstname; }
- set { m_firstname = value; }
- }
-
- public string SurName
- {
- get { return m_surname; }
- set { m_surname = value; }
- }
-
- public string Email
- {
- get { return m_email; }
- set { m_email = value; }
- }
-
- public string RegionName
- {
- get { return m_regionName; }
- set { m_regionName = value; }
- }
-
+
public string RegionID
{
get { return m_regionID; }
diff --git a/OpenSim/Framework/AuthorizationResponse.cs b/OpenSim/Framework/AuthorizationResponse.cs
index 5a03dfe..c8d77de 100644
--- a/OpenSim/Framework/AuthorizationResponse.cs
+++ b/OpenSim/Framework/AuthorizationResponse.cs
@@ -36,7 +36,7 @@ namespace OpenSim.Framework
{
}
- public AuthorizationResponse(bool isAuthorized,string message)
+ public AuthorizationResponse(bool isAuthorized, string message)
{
m_isAuthorized = isAuthorized;
m_message = message;
diff --git a/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/LocalAuthorizationServiceConnector.cs b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/LocalAuthorizationServiceConnector.cs
index 7973496..c52c257 100644
--- a/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/LocalAuthorizationServiceConnector.cs
+++ b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/LocalAuthorizationServiceConnector.cs
@@ -67,7 +67,7 @@ namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization
IConfig moduleConfig = source.Configs["Modules"];
if (moduleConfig != null)
{
- string name = moduleConfig.GetString("AuthorizationServices", "");
+ string name = moduleConfig.GetString("AuthorizationServices", string.Empty);
if (name == Name)
{
IConfig authorizationConfig = source.Configs["AuthorizationService"];
@@ -132,9 +132,9 @@ namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization
}
- public bool isAuthorizedForRegion(UserProfileData user, RegionInfo region)
+ public bool IsAuthorizedForRegion(string userID, string regionID)
{
- return m_AuthorizationService.isAuthorizedForRegion( user, region);
+ return m_AuthorizationService.IsAuthorizedForRegion(userID, regionID);
}
}
diff --git a/OpenSim/Region/Framework/Scenes/Scene.cs b/OpenSim/Region/Framework/Scenes/Scene.cs
index 1346844..d95d9d3 100644
--- a/OpenSim/Region/Framework/Scenes/Scene.cs
+++ b/OpenSim/Region/Framework/Scenes/Scene.cs
@@ -3250,12 +3250,10 @@ namespace OpenSim.Region.Framework.Scenes
if (!m_strictAccessControl) return true;
if (Permissions.IsGod(agent.AgentID)) return true;
-
- UserProfileData userProfile = CommsManager.UserService.GetUserProfile(agent.AgentID);
-
- if(AuthorizationService!=null)
+
+ if (AuthorizationService != null)
{
- if(!AuthorizationService.isAuthorizedForRegion(userProfile,RegionInfo))
+ if(!AuthorizationService.IsAuthorizedForRegion(agent.AgentID.ToString(), RegionInfo.RegionID.ToString()))
{
m_log.WarnFormat("[CONNECTION BEGIN]: Denied access to: {0} ({1} {2}) at {3} because the user does not have access to the region",
agent.AgentID, agent.firstname, agent.lastname, RegionInfo.RegionName);
diff --git a/OpenSim/Server/Handlers/Authorization/AuthorizationServerPostHandler.cs b/OpenSim/Server/Handlers/Authorization/AuthorizationServerPostHandler.cs
index 407a18a..fb079d3 100644
--- a/OpenSim/Server/Handlers/Authorization/AuthorizationServerPostHandler.cs
+++ b/OpenSim/Server/Handlers/Authorization/AuthorizationServerPostHandler.cs
@@ -60,7 +60,9 @@ namespace OpenSim.Server.Handlers.Authorization
XmlSerializer xs = new XmlSerializer(typeof (AuthorizationRequest));
AuthorizationRequest Authorization = (AuthorizationRequest) xs.Deserialize(request);
- AuthorizationResponse result = new AuthorizationResponse(true,Authorization.FirstName + " " + Authorization.SurName + " has been authorized");
+ bool authorized = m_AuthorizationService.IsAuthorizedForRegion(Authorization.ID, Authorization.RegionID);
+
+ AuthorizationResponse result = new AuthorizationResponse(authorized, Authorization.ID + " has been authorized");
xs = new XmlSerializer(typeof(AuthorizationResponse));
return ServerUtils.SerializeResult(xs, result);
diff --git a/OpenSim/Services/AuthorizationService/AuthorizationService.cs b/OpenSim/Services/AuthorizationService/AuthorizationService.cs
index e779325..c795ba0 100644
--- a/OpenSim/Services/AuthorizationService/AuthorizationService.cs
+++ b/OpenSim/Services/AuthorizationService/AuthorizationService.cs
@@ -48,7 +48,7 @@ namespace OpenSim.Services.AuthorizationService
m_log.Info("[AUTHORIZATION CONNECTOR]: Local Authorization service enabled");
}
- public bool isAuthorizedForRegion(UserProfileData user, RegionInfo region)
+ public bool IsAuthorizedForRegion(string userID, string regionID)
{
return true;
}
diff --git a/OpenSim/Services/Connectors/Authorization/AuthorizationServiceConnector.cs b/OpenSim/Services/Connectors/Authorization/AuthorizationServiceConnector.cs
index d65afc6..d50a6ed 100644
--- a/OpenSim/Services/Connectors/Authorization/AuthorizationServiceConnector.cs
+++ b/OpenSim/Services/Connectors/Authorization/AuthorizationServiceConnector.cs
@@ -88,14 +88,14 @@ namespace OpenSim.Services.Connectors
m_ResponseOnFailure = responseOnFailure;
}
- public bool isAuthorizedForRegion(UserProfileData user, RegionInfo region)
+ public bool IsAuthorizedForRegion(string userID, string regionID)
{
// do a remote call to the authorization server specified in the AuthorizationServerURI
- m_log.InfoFormat("[AUTHORIZATION CONNECTOR]: isAuthorizedForRegion checking {0} {1} at remote server {2}",user.FirstName,user.SurName, m_ServerURI);
+ m_log.InfoFormat("[AUTHORIZATION CONNECTOR]: IsAuthorizedForRegion checking {0} at remote server {1}", userID, m_ServerURI);
string uri = m_ServerURI;
- AuthorizationRequest req = new AuthorizationRequest(user.ID.ToString(),user.FirstName,user.SurName,user.Email,region.RegionName,region.RegionID.ToString());
+ AuthorizationRequest req = new AuthorizationRequest(userID, regionID);
AuthorizationResponse response;
try
@@ -104,16 +104,14 @@ namespace OpenSim.Services.Connectors
}
catch (Exception e)
{
- m_log.WarnFormat("[AUTHORIZATION CONNECTOR]: Unable to send authorize {0} {1} for region {2} error thrown during comms with remote server. Reason: {3}", user.FirstName,user.SurName,region.RegionName, e.Message);
+ m_log.WarnFormat("[AUTHORIZATION CONNECTOR]: Unable to send authorize {0} for region {1} error thrown during comms with remote server. Reason: {2}", userID, regionID, e.Message);
m_log.WarnFormat("Inner Exception is {0}",e.InnerException);
return m_ResponseOnFailure;
}
- m_log.DebugFormat("[AUTHORIZATION CONNECTOR] response from remote service was {0}",response.Message);
- if(response.IsAuthorized)
- return true;
- else
- return false;
+ m_log.DebugFormat("[AUTHORIZATION CONNECTOR] response from remote service was {0}", response.Message);
+
+ return response.IsAuthorized;
}
}
diff --git a/OpenSim/Services/Interfaces/IAuthorizationService.cs b/OpenSim/Services/Interfaces/IAuthorizationService.cs
index e8b7298..6acd1f6 100644
--- a/OpenSim/Services/Interfaces/IAuthorizationService.cs
+++ b/OpenSim/Services/Interfaces/IAuthorizationService.cs
@@ -40,7 +40,7 @@ namespace OpenSim.Services.Interfaces
// This method returns a simple true false indicating
// whether or not a user has access to the region
//
- bool isAuthorizedForRegion(UserProfileData user, RegionInfo region);
+ bool IsAuthorizedForRegion(string userID, string regionID);
}
}
--
cgit v1.1
From eaec7cf39ce134b4da0622f67ee6037843f6eb29 Mon Sep 17 00:00:00 2001
From: Rob Smart
Date: Fri, 11 Sep 2009 12:28:48 +0100
Subject: Changed RemoteAuthorizationServiceConnector so that it implements the
IAuthorization interface method isAuthorizedForRegion looks up user and
region data and delegates the remote authorization check to the
AuthorizationServiceConnector
This keeps the IAuthorization as clean as possible and moves the dependency of using a UserProfileData object out to the connector from the scene.
---
OpenSim/Framework/AuthorizationRequest.cs | 36 +++++++++++++++-
.../RemoteAuthorizationServiceConnector.cs | 49 ++++++++++++++++++++--
.../Authorization/AuthorizationServiceConnector.cs | 7 ++--
3 files changed, 83 insertions(+), 9 deletions(-)
(limited to 'OpenSim')
diff --git a/OpenSim/Framework/AuthorizationRequest.cs b/OpenSim/Framework/AuthorizationRequest.cs
index 3280c65..ef99d3a 100644
--- a/OpenSim/Framework/AuthorizationRequest.cs
+++ b/OpenSim/Framework/AuthorizationRequest.cs
@@ -46,12 +46,46 @@ namespace OpenSim.Framework
m_regionID = RegionID;
}
+ public AuthorizationRequest(string ID,string FirstName, string SurName, string Email, string RegionName, string RegionID)
+ {
+ m_userID = ID;
+ m_firstname = FirstName;
+ m_surname = SurName;
+ m_email = Email;
+ m_regionName = RegionName;
+ m_regionID = RegionID;
+ }
+
public string ID
{
get { return m_userID; }
set { m_userID = value; }
}
-
+
+ public string FirstName
+ {
+ get { return m_firstname; }
+ set { m_firstname = value; }
+ }
+
+ public string SurName
+ {
+ get { return m_surname; }
+ set { m_surname = value; }
+ }
+
+ public string Email
+ {
+ get { return m_email; }
+ set { m_email = value; }
+ }
+
+ public string RegionName
+ {
+ get { return m_regionName; }
+ set { m_regionName = value; }
+ }
+
public string RegionID
{
get { return m_regionID; }
diff --git a/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/RemoteAuthorizationServiceConnector.cs b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/RemoteAuthorizationServiceConnector.cs
index b0d8baa..88e6ee2 100644
--- a/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/RemoteAuthorizationServiceConnector.cs
+++ b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/RemoteAuthorizationServiceConnector.cs
@@ -35,6 +35,7 @@ using OpenSim.Services.Connectors;
using OpenSim.Region.Framework.Interfaces;
using OpenSim.Region.Framework.Scenes;
using OpenSim.Services.Interfaces;
+using OpenMetaverse;
namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization
{
@@ -46,6 +47,7 @@ namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization
MethodBase.GetCurrentMethod().DeclaringType);
private bool m_Enabled = false;
+ private List m_scenes = new List();
public Type ReplaceableInterface
{
@@ -68,7 +70,7 @@ namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization
IConfig authorizationConfig = source.Configs["AuthorizationService"];
if (authorizationConfig == null)
{
- m_log.Error("[AUTHORIZATION CONNECTOR]: AuthorizationService missing from OpenSim.ini");
+ m_log.Error("[REMOTE AUTHORIZATION CONNECTOR]: AuthorizationService missing from OpenSim.ini");
return;
}
@@ -76,7 +78,7 @@ namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization
base.Initialise(source);
- m_log.Info("[AUTHORIZATION CONNECTOR]: Remote authorization enabled");
+ m_log.Info("[REMOTE AUTHORIZATION CONNECTOR]: Remote authorization enabled");
}
}
}
@@ -94,7 +96,12 @@ namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization
if (!m_Enabled)
return;
- scene.RegisterModuleInterface(this);
+ if (!m_scenes.Contains(scene))
+ {
+ m_scenes.Add(scene);
+ scene.RegisterModuleInterface(this);
+ }
+
}
public void RemoveRegion(Scene scene)
@@ -106,8 +113,42 @@ namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization
if (!m_Enabled)
return;
- m_log.InfoFormat("[AUTHORIZATION CONNECTOR]: Enabled remote authorization for region {0}", scene.RegionInfo.RegionName);
+ m_log.InfoFormat("[REMOTE AUTHORIZATION CONNECTOR]: Enabled remote authorization for region {0}", scene.RegionInfo.RegionName);
}
+
+ public bool IsAuthorizedForRegion(string userID, string regionID)
+ {
+ m_log.InfoFormat("[REMOTE AUTHORIZATION CONNECTOR]: IsAuthorizedForRegion checking {0} for region {1}", userID, regionID);
+
+ bool isAuthorized = true;
+
+ // get the scene this call is being made for
+ Scene scene = null;
+ lock (m_scenes)
+ {
+ foreach (Scene nextScene in m_scenes)
+ {
+ if (nextScene.RegionInfo.RegionID.ToString() == regionID)
+ {
+ scene = nextScene;
+ }
+ }
+ }
+
+ if(scene!=null)
+ {
+ UserProfileData profile = scene.CommsManager.UserService.GetUserProfile(new UUID(userID));
+ isAuthorized = IsAuthorizedForRegion(userID, profile.FirstName, profile.SurName,profile.Email,scene.RegionInfo.RegionName,regionID);
+ }
+ else
+ {
+ m_log.ErrorFormat("[REMOTE AUTHORIZATION CONNECTOR] IsAuthorizedForRegion, can't find scene to match region id of {0} ",regionID);
+ }
+
+
+ return isAuthorized;
+
+ }
}
}
diff --git a/OpenSim/Services/Connectors/Authorization/AuthorizationServiceConnector.cs b/OpenSim/Services/Connectors/Authorization/AuthorizationServiceConnector.cs
index d50a6ed..bc4daad 100644
--- a/OpenSim/Services/Connectors/Authorization/AuthorizationServiceConnector.cs
+++ b/OpenSim/Services/Connectors/Authorization/AuthorizationServiceConnector.cs
@@ -39,7 +39,7 @@ using OpenMetaverse;
namespace OpenSim.Services.Connectors
{
- public class AuthorizationServicesConnector : IAuthorizationService
+ public class AuthorizationServicesConnector
{
private static readonly ILog m_log =
LogManager.GetLogger(
@@ -88,14 +88,14 @@ namespace OpenSim.Services.Connectors
m_ResponseOnFailure = responseOnFailure;
}
- public bool IsAuthorizedForRegion(string userID, string regionID)
+ public bool IsAuthorizedForRegion(string userID,string firstname, string surname, string email, string regionName, string regionID)
{
// do a remote call to the authorization server specified in the AuthorizationServerURI
m_log.InfoFormat("[AUTHORIZATION CONNECTOR]: IsAuthorizedForRegion checking {0} at remote server {1}", userID, m_ServerURI);
string uri = m_ServerURI;
- AuthorizationRequest req = new AuthorizationRequest(userID, regionID);
+ AuthorizationRequest req = new AuthorizationRequest(userID, firstname, surname, email, regionName, regionID);
AuthorizationResponse response;
try
@@ -105,7 +105,6 @@ namespace OpenSim.Services.Connectors
catch (Exception e)
{
m_log.WarnFormat("[AUTHORIZATION CONNECTOR]: Unable to send authorize {0} for region {1} error thrown during comms with remote server. Reason: {2}", userID, regionID, e.Message);
- m_log.WarnFormat("Inner Exception is {0}",e.InnerException);
return m_ResponseOnFailure;
}
--
cgit v1.1
From ca0810a1036f54f61cd92ab9356de538f4783e2c Mon Sep 17 00:00:00 2001
From: Diva Canto
Date: Fri, 11 Sep 2009 06:59:10 -0700
Subject: Minor indentation cleanup.
---
.../Authorization/RemoteAuthorizationServiceConnector.cs | 5 +++--
.../Connectors/Authorization/AuthorizationServiceConnector.cs | 2 +-
2 files changed, 4 insertions(+), 3 deletions(-)
(limited to 'OpenSim')
diff --git a/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/RemoteAuthorizationServiceConnector.cs b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/RemoteAuthorizationServiceConnector.cs
index 88e6ee2..ac8b566 100644
--- a/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/RemoteAuthorizationServiceConnector.cs
+++ b/OpenSim/Region/CoreModules/ServiceConnectorsOut/Authorization/RemoteAuthorizationServiceConnector.cs
@@ -136,10 +136,11 @@ namespace OpenSim.Region.CoreModules.ServiceConnectorsOut.Authorization
}
}
- if(scene!=null)
+ if(scene != null)
{
UserProfileData profile = scene.CommsManager.UserService.GetUserProfile(new UUID(userID));
- isAuthorized = IsAuthorizedForRegion(userID, profile.FirstName, profile.SurName,profile.Email,scene.RegionInfo.RegionName,regionID);
+ isAuthorized = IsAuthorizedForRegion(userID, profile.FirstName, profile.SurName,
+ profile.Email, scene.RegionInfo.RegionName, regionID);
}
else
{
diff --git a/OpenSim/Services/Connectors/Authorization/AuthorizationServiceConnector.cs b/OpenSim/Services/Connectors/Authorization/AuthorizationServiceConnector.cs
index bc4daad..98309f1 100644
--- a/OpenSim/Services/Connectors/Authorization/AuthorizationServiceConnector.cs
+++ b/OpenSim/Services/Connectors/Authorization/AuthorizationServiceConnector.cs
@@ -88,7 +88,7 @@ namespace OpenSim.Services.Connectors
m_ResponseOnFailure = responseOnFailure;
}
- public bool IsAuthorizedForRegion(string userID,string firstname, string surname, string email, string regionName, string regionID)
+ public bool IsAuthorizedForRegion(string userID, string firstname, string surname, string email, string regionName, string regionID)
{
// do a remote call to the authorization server specified in the AuthorizationServerURI
m_log.InfoFormat("[AUTHORIZATION CONNECTOR]: IsAuthorizedForRegion checking {0} at remote server {1}", userID, m_ServerURI);
--
cgit v1.1
From 44f1092b8301a6cddd5066939029aa5bad256a57 Mon Sep 17 00:00:00 2001
From: Rob Smart
Date: Fri, 11 Sep 2009 16:31:05 +0100
Subject: moved AuthorizationRequest and AuthorizationResponse to
IAuthorizationService to keep service dependencies together.
---
OpenSim/Framework/AuthorizationRequest.cs | 98 ----------------------
OpenSim/Framework/AuthorizationResponse.cs | 58 -------------
.../Services/Interfaces/IAuthorizationService.cs | 98 ++++++++++++++++++++++
3 files changed, 98 insertions(+), 156 deletions(-)
delete mode 100644 OpenSim/Framework/AuthorizationRequest.cs
delete mode 100644 OpenSim/Framework/AuthorizationResponse.cs
(limited to 'OpenSim')
diff --git a/OpenSim/Framework/AuthorizationRequest.cs b/OpenSim/Framework/AuthorizationRequest.cs
deleted file mode 100644
index ef99d3a..0000000
--- a/OpenSim/Framework/AuthorizationRequest.cs
+++ /dev/null
@@ -1,98 +0,0 @@
-/*
- * Copyright (c) Contributors, http://opensimulator.org/
- * See CONTRIBUTORS.TXT for a full list of copyright holders.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- * * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * * Neither the name of the OpenSimulator Project nor the
- * names of its contributors may be used to endorse or promote products
- * derived from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
- * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-namespace OpenSim.Framework
-{
- public class AuthorizationRequest
- {
- private string m_userID;
- private string m_firstname;
- private string m_surname;
- private string m_email;
- private string m_regionName;
- private string m_regionID;
-
- public AuthorizationRequest()
- {
- }
-
- public AuthorizationRequest(string ID, string RegionID)
- {
- m_userID = ID;
- m_regionID = RegionID;
- }
-
- public AuthorizationRequest(string ID,string FirstName, string SurName, string Email, string RegionName, string RegionID)
- {
- m_userID = ID;
- m_firstname = FirstName;
- m_surname = SurName;
- m_email = Email;
- m_regionName = RegionName;
- m_regionID = RegionID;
- }
-
- public string ID
- {
- get { return m_userID; }
- set { m_userID = value; }
- }
-
- public string FirstName
- {
- get { return m_firstname; }
- set { m_firstname = value; }
- }
-
- public string SurName
- {
- get { return m_surname; }
- set { m_surname = value; }
- }
-
- public string Email
- {
- get { return m_email; }
- set { m_email = value; }
- }
-
- public string RegionName
- {
- get { return m_regionName; }
- set { m_regionName = value; }
- }
-
- public string RegionID
- {
- get { return m_regionID; }
- set { m_regionID = value; }
- }
-
-
-
- }
-}
\ No newline at end of file
diff --git a/OpenSim/Framework/AuthorizationResponse.cs b/OpenSim/Framework/AuthorizationResponse.cs
deleted file mode 100644
index c8d77de..0000000
--- a/OpenSim/Framework/AuthorizationResponse.cs
+++ /dev/null
@@ -1,58 +0,0 @@
-/*
- * Copyright (c) Contributors, http://opensimulator.org/
- * See CONTRIBUTORS.TXT for a full list of copyright holders.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- * * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * * Neither the name of the OpenSimulator Project nor the
- * names of its contributors may be used to endorse or promote products
- * derived from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
- * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-namespace OpenSim.Framework
-{
- public class AuthorizationResponse
- {
- private bool m_isAuthorized;
- private string m_message;
-
- public AuthorizationResponse()
- {
- }
-
- public AuthorizationResponse(bool isAuthorized, string message)
- {
- m_isAuthorized = isAuthorized;
- m_message = message;
-
- }
-
- public bool IsAuthorized
- {
- get { return m_isAuthorized; }
- set { m_isAuthorized = value; }
- }
-
- public string Message
- {
- get { return m_message; }
- set { m_message = value; }
- }
- }
-}
\ No newline at end of file
diff --git a/OpenSim/Services/Interfaces/IAuthorizationService.cs b/OpenSim/Services/Interfaces/IAuthorizationService.cs
index 6acd1f6..91afa9a 100644
--- a/OpenSim/Services/Interfaces/IAuthorizationService.cs
+++ b/OpenSim/Services/Interfaces/IAuthorizationService.cs
@@ -43,4 +43,102 @@ namespace OpenSim.Services.Interfaces
bool IsAuthorizedForRegion(string userID, string regionID);
}
+
+ public class AuthorizationRequest
+ {
+ private string m_userID;
+ private string m_firstname;
+ private string m_surname;
+ private string m_email;
+ private string m_regionName;
+ private string m_regionID;
+
+ public AuthorizationRequest()
+ {
+ }
+
+ public AuthorizationRequest(string ID, string RegionID)
+ {
+ m_userID = ID;
+ m_regionID = RegionID;
+ }
+
+ public AuthorizationRequest(string ID,string FirstName, string SurName, string Email, string RegionName, string RegionID)
+ {
+ m_userID = ID;
+ m_firstname = FirstName;
+ m_surname = SurName;
+ m_email = Email;
+ m_regionName = RegionName;
+ m_regionID = RegionID;
+ }
+
+ public string ID
+ {
+ get { return m_userID; }
+ set { m_userID = value; }
+ }
+
+ public string FirstName
+ {
+ get { return m_firstname; }
+ set { m_firstname = value; }
+ }
+
+ public string SurName
+ {
+ get { return m_surname; }
+ set { m_surname = value; }
+ }
+
+ public string Email
+ {
+ get { return m_email; }
+ set { m_email = value; }
+ }
+
+ public string RegionName
+ {
+ get { return m_regionName; }
+ set { m_regionName = value; }
+ }
+
+ public string RegionID
+ {
+ get { return m_regionID; }
+ set { m_regionID = value; }
+ }
+
+
+
+ }
+
+ public class AuthorizationResponse
+ {
+ private bool m_isAuthorized;
+ private string m_message;
+
+ public AuthorizationResponse()
+ {
+ }
+
+ public AuthorizationResponse(bool isAuthorized, string message)
+ {
+ m_isAuthorized = isAuthorized;
+ m_message = message;
+
+ }
+
+ public bool IsAuthorized
+ {
+ get { return m_isAuthorized; }
+ set { m_isAuthorized = value; }
+ }
+
+ public string Message
+ {
+ get { return m_message; }
+ set { m_message = value; }
+ }
+ }
}
--
cgit v1.1