Merge pull request #1541 from NCEAS/develop

First Time Merge Develop to Main for 2.16.0

README.md

@@ -1,6 +1,6 @@
 # Metacat: Data Preservation and Discovery System
 
-Version: 2.15.1 Release
+Version: 2.16.0 Release
 
 Send feedback and bugs to: [email protected]
                            http://github.com/NCEAS/metacat
@@ -67,6 +67,14 @@ for the next release.
 
 ## Release Notes
 
+### Release Notes for 2.16.0
+New features and bugs fixed in this release:
+* Upgrade some library jar files to fix critical security threats
+* Refactor the DOI service to use the plug-in architecture
+* CN subjects cannot query private objects
+* Users with the write permission cannot update system metadata
+* Metacat should return a not-found error rather than the internal error when there is a typo in the old Metacat API url 
+
 ### Release Notes for 2.15.1
 New features and bugs fixed in this release:
 * Metacat hangs with excessive thread counts

build.properties

@@ -2,7 +2,7 @@
 
 #Version of this build.  This needs to be a dotted numeric version.  For
 #instance 1.9.1 is okay.  1.9.1_rc1 is not.
-metacat.version=2.15.1
+metacat.version=2.16.0
 
 #This is for packaging purposes.  leave it blank for final production release.
 metacat.releaseCandidate=

build.xml

@@ -32,7 +32,7 @@
 <project name="metacat" default="jar" basedir="."
          xmlns:artifact="antlib:org.apache.maven.artifact.ant">
 
-	<property name="metacatui-tag" value="2.16.0" />
+	<property name="metacatui-tag" value="2.18.0" />
     <property name="eml2-style-tag" value="RELEASE_EML_UTILS_1_1_2" />
 
 	<property environment="env" />

lib/metacat.properties

@@ -34,7 +34,7 @@ server.internalPort=80
 ############### Application Values ############
 
 ## one of the few places where we use ANT tokens
-application.metacatVersion=2.15.1
+application.metacatVersion=2.16.0
 application.metacatReleaseInfo=-1
 application.readOnlyMode=false
 
@@ -135,6 +135,7 @@ database.upgradeVersion.2.14.0=upgrade-db-to-2.14.0
 database.upgradeVersion.2.14.1=upgrade-db-to-2.14.1
 database.upgradeVersion.2.15.0=upgrade-db-to-2.15.0
 database.upgradeVersion.2.15.1=upgrade-db-to-2.15.1
+database.upgradeVersion.2.16.0=upgrade-db-to-2.16.0
 
 ## for running java-based utilities
 database.upgradeUtility.1.5.0=edu.ucsb.nceas.metacat.admin.upgrade.Upgrade1_5_0
@@ -763,6 +764,7 @@ dataone.quotas.portal.namespaces=https://purl.dataone.org/portals-1.0.0;https://
 dataone.session.appendLdapGroups.enabled=true
 
 ############# Global Identifiers Assignment Section ######################
+guid.doiservice.plugin.class=edu.ucsb.nceas.metacat.doi.ezid.EzidDOIService
 guid.assignGUIDs=false
 guid.ezid.enabled=false
 guid.ezid.username=apitest

metacat-common/pom.xml

@@ -4,7 +4,7 @@
 	<groupId>edu.ucsb.nceas.metacat.common</groupId>
 	<artifactId>metacat-common</artifactId>
 	<packaging>jar</packaging>
-	<version>2.15.1</version>
+	<version>2.16.0</version>
 	<name>metacat-common</name>
 	<url>http://maven.apache.org</url>
 	<properties>
@@ -219,17 +219,17 @@
         <dependency>
             <groupId>org.apache.logging.log4j</groupId>
             <artifactId>log4j-1.2-api</artifactId>
-            <version>2.14.0</version>
+            <version>2.16.0</version>
         </dependency>
         <dependency>
             <groupId>org.apache.logging.log4j</groupId>
             <artifactId>log4j-core</artifactId>
-            <version>2.14.0</version>
+            <version>2.16.0</version>
         </dependency>
         <dependency>
             <groupId>org.apache.logging.log4j</groupId>
             <artifactId>log4j-jcl</artifactId>
-            <version>2.14.0</version>
+            <version>2.16.0</version>
         </dependency>
         <dependency>
             <groupId>commons-logging</groupId>

metacat-index/pom.xml

@@ -4,19 +4,19 @@
 	<groupId>edu.ucsb.nceas.metacat.index</groupId>
 	<artifactId>metacat-index</artifactId>
 	<packaging>war</packaging>
-	<version>2.15.1</version>
+	<version>2.16.0</version>
 	<name>metacat-index</name>
 	<url>http://maven.apache.org</url>
 
 	<properties>
         <d1_cn_index_processor_version>2.3.14</d1_cn_index_processor_version>
-        <metacat_common_version>2.15.1</metacat_common_version>
+        <metacat_common_version>2.16.0</metacat_common_version>
     </properties>
 
 	<repositories>
 		<repository>
 			<id>dataone.org</id>
-			<url>http://maven.dataone.org</url>
+			<url>https://maven.dataone.org</url>
 			<releases>
 				<enabled>true</enabled>
 			</releases>
@@ -77,7 +77,11 @@
                 <exclusion>
                      <groupId>org.slf4j</groupId>
                       <artifactId>slf4j-api</artifactId>
-                  </exclusion>
+                 </exclusion>
+                 <exclusion>
+                     <groupId>log4j</groupId>
+                      <artifactId>log4j</artifactId>
+                 </exclusion>
         </exclusions>
         </dependency>
         <dependency>

pom.xml

@@ -4,15 +4,15 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.ecoinformatics</groupId>
     <artifactId>metacat</artifactId>
-    <version>2.15.1</version>
+    <version>2.16.0</version>
     <name>metacat</name>
     <packaging>war</packaging>
     <url>http://maven.apache.org</url>
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <d1_libclient_version>2.3.1</d1_libclient_version>
         <d1_portal_version>2.3.2</d1_portal_version>
-        <metacat_common_version>2.15.1</metacat_common_version>
+        <metacat_common_version>2.16.0</metacat_common_version>
     </properties>
     <repositories>
         <repository>

src/edu/ucsb/nceas/metacat/MetaCatServlet.java

@@ -749,17 +749,28 @@ private void handleGetOrPost(HttpServletRequest request,
 
 					// attempt to redirect to metacatui (#view/{pid}) if not getting the raw XML
 					// see: https://projects.ecoinformatics.org/ecoinfo/issues/6546
-					if (!skin.equals("xml")) {
+					if (skin != null && !skin.equals("xml")) {
 						String uiContext = PropertyService.getProperty("ui.context");
 						String docidNoRev = DocumentUtil.getSmartDocId(docidToRead);
-						int rev = DocumentUtil.getRevisionFromAccessionNumber(docidToRead);
-						String pid = null;
-						try {
-							pid = IdentifierManager.getInstance().getGUID(docidNoRev, rev);
-							response.sendRedirect(SystemUtil.getServerURL() + "/" + uiContext + "/#view/" + pid );
-							return;
-						} catch (McdbDocNotFoundException nfe) {
-							logMetacat.warn("Could not locate PID for docid: " + docidToRead, nfe);
+						if (docidNoRev != null) {
+						    int rev = DocumentUtil.getRevisionFromAccessionNumber(docidToRead);
+	                        String pid = null;
+	                        try {
+	                            pid = IdentifierManager.getInstance().getGUID(docidNoRev, rev);
+	                            response.sendRedirect(SystemUtil.getServerURL() + "/" + uiContext + "/#view/" + pid );
+	                            return;
+	                        } catch (McdbDocNotFoundException nfe) {
+	                            logMetacat.warn("Could not locate PID for docid: " + docidToRead, nfe);
+	                        }
+						} else {
+						    PrintWriter out = response.getWriter();
+                            response.setContentType("text/xml");
+                            out.println("<?xml version=\"1.0\"?>");
+                            out.println("<error>");
+                            out.println("The docid " + docidToRead + " doesn't match the format and doesn't exist.");
+                            out.println("</error>");
+                            out.close();
+                            return;
 						}
 					}
 

src/edu/ucsb/nceas/metacat/admin/upgrade/UpdateDOI.java

@@ -37,9 +37,9 @@
 import edu.ucsb.nceas.metacat.DocumentImpl;
 import edu.ucsb.nceas.metacat.IdentifierManager;
 import edu.ucsb.nceas.metacat.admin.AdminException;
-import edu.ucsb.nceas.metacat.dataone.DOIService;
 import edu.ucsb.nceas.metacat.dataone.MNodeService;
 import edu.ucsb.nceas.metacat.dataone.hazelcast.HazelcastService;
+import edu.ucsb.nceas.metacat.doi.DOIServiceFactory;
 import edu.ucsb.nceas.metacat.util.DocumentUtil;
 
 
@@ -97,7 +97,7 @@ private void updateDOIRegistration(List<String> identifiers) {
 
 				//Update the registration
 				if(sysMeta != null) {
-				    DOIService.getInstance().registerDOI(sysMeta);
+				    DOIServiceFactory.getDOIService().registerDOI(sysMeta);
 				}
 			} catch (Exception e) {
 				// what to do? nothing

src/edu/ucsb/nceas/metacat/dataone/D1AuthHelper.java

@@ -78,6 +78,7 @@ public class D1AuthHelper {
     private String notAuthorizedCode;
     private String serviceFailureCode;
     private Identifier requestIdentifier;
+    private static NodeList cnList = null;
 
     /**
      * Each instance should correspond to a single request.
@@ -516,18 +517,22 @@ protected boolean checkExpandedPermissions(Session session, SystemMetadata sysme
      * @throws NotImplemented
      */
     protected NodeList getCNNodeList() throws ServiceFailure {
-
-        // are we allowed to do this? only CNs are allowed
-        try {
-            CNode cn = D1Client.getCN();
-
-            logMetacat.debug("getCNNodeList - got CN instance");
-            return cn.listNodes(); 
-
-        } catch (NotImplemented e) {
-            logMetacat.error("Unexpected Error getting NodeList from getCNNodeList().  Got 'NotImplemented' from the service call!",e);
-            throw new ServiceFailure("","Could not get NodeList from the CN. got 'NotImplemented' from the service call!");
+        if (cnList != null && cnList.getNodeList() != null && cnList.getNodeList().size() >0) {
+            logMetacat.debug("D1AuthHelper.getCNNodeList - got the cn list from the cache.");
+            return cnList;
+        } else {
+            // are we allowed to do this? only CNs are allowed
+            try {
+                CNode cn = D1Client.getCN();
+                logMetacat.debug("D1AuthHelper.getCNNodeList - got CN instance and get the cn list from the network.");
+                cnList = cn.listNodes();
+                return cnList; 
+            } catch (NotImplemented e) {
+                logMetacat.error("Unexpected Error getting NodeList from getCNNodeList().  Got 'NotImplemented' from the service call!",e);
+                throw new ServiceFailure("","Could not get NodeList from the CN. got 'NotImplemented' from the service call!");
+            }
         }
+
     }
 
     /**

src/edu/ucsb/nceas/metacat/dataone/D1NodeService.java

@@ -2585,6 +2585,52 @@ public void setUserAgent(String userAgent) {
       this.userAgent = userAgent;
   }
 
+  /**
+   * Check if the access control was modified between two system metadata objects. It compares two parts:
+   * RightsHolder and AccessPolicy
+   * @param originalSysmeta  the original system metadata object
+   * @param newSysmeta  the new system metadata object
+   * @return true if the access control was modified; false otherwise.
+   */
+  public static boolean isAccessControlDirty(SystemMetadata originalSysmeta, SystemMetadata newSysmeta) {
+      boolean dirty = true;
+      if (originalSysmeta == null && newSysmeta == null) {
+          dirty = false;
+          logMetacat.debug("D1NodeService.isAccessControlDirty - is access control dirty?(both system metadata objects are null) - " + dirty);
+      } else if (originalSysmeta != null && newSysmeta != null) {
+          //first to check if the rights holder was changed.
+          Subject originalRightsHolder = originalSysmeta.getRightsHolder();
+          Subject newRigthsHolder = newSysmeta.getRightsHolder();
+          if (originalRightsHolder == null && newRigthsHolder == null) {
+              dirty = false;
+              logMetacat.debug("D1NodeService.isAccessControlDirty - is the right holder dirty?(both right holder objects are null) - " + dirty);
+          } else if (originalRightsHolder != null && newRigthsHolder != null) {
+              if (originalRightsHolder.compareTo(newRigthsHolder) == 0) {
+                  dirty = false;
+              } else {
+                  dirty = true;
+              }
+              logMetacat.debug("D1NodeService.isAccessControlDirty - is the right holder dirty?(both right holder objects are not null) - " + dirty
+                                + " since the original right holder is " + originalRightsHolder.getValue() + 
+                                " and the new rights holder is  " + newRigthsHolder.getValue());
+          } else {
+              dirty = true;
+              logMetacat.debug("D1NodeService.isAccessControlDirty - is the rights holder dirty?(one rights holder object is null; another is not) - " + dirty);
+          }
+          if (!dirty) {
+              //rights holder is not changed, we need to compare the access policy
+              boolean isAccessPolicyEqual = equals(originalSysmeta.getAccessPolicy(), newSysmeta.getAccessPolicy());
+              logMetacat.debug("D1NodeService.isAccessControlDirty - do the access policies equal?(we need to compare access policy since the rights hloders are same) - " + isAccessPolicyEqual);
+              dirty = !isAccessPolicyEqual;
+          }
+          logMetacat.debug("D1NodeService.isAccessControlDirty - is access control dirty?(both system metadata objects are not null) - " + dirty);
+      } else {
+          dirty = true;
+          logMetacat.debug("D1NodeService.isAccessControlDirty - is access control dirty?(one system metadata object is null; another is not) - " + dirty);
+      }
+      return dirty;
+  }
+
   /**
    * Compare two AccessPolicy objects
    * @param ap1
@@ -2652,6 +2698,7 @@ public static boolean equals(AccessPolicy ap1, AccessPolicy ap2) {
               }
           }
       }
+      logMetacat.debug("D1NodeService.equals - does the two access policy object equal? - " + equal);
       return equal;
   }