Java tutorial
/******************************************************************************* * Copyright (c) 2015 The Board of Trustees of the Leland Stanford Junior University * BY CLICKING ON "ACCEPT," DOWNLOADING, OR OTHERWISE USING EPAD, YOU AGREE TO THE FOLLOWING TERMS AND CONDITIONS: * STANFORD ACADEMIC SOFTWARE SOURCE CODE LICENSE FOR * "ePAD Annotation Platform for Radiology Images" * * This Agreement covers contributions to and downloads from the ePAD project ("ePAD") maintained by The Board of Trustees * of the Leland Stanford Junior University ("Stanford"). * * * Part A applies to downloads of ePAD source code and/or data from ePAD. * * * Part B applies to contributions of software and/or data to ePAD (including making revisions of or additions to code * and/or data already in ePAD), which may include source or object code. * * Your download, copying, modifying, displaying, distributing or use of any ePAD software and/or data from ePAD * (collectively, the "Software") is subject to Part A. Your contribution of software and/or data to ePAD (including any * that occurred prior to the first publication of this Agreement) is a "Contribution" subject to Part B. Both Parts A and * B shall be governed by and construed in accordance with the laws of the State of California without regard to principles * of conflicts of law. Any legal action involving this Agreement or the Research Program will be adjudicated in the State * of California. This Agreement shall supersede and replace any license terms that you may have agreed to previously with * respect to ePAD. * * PART A. DOWNLOADING AGREEMENT - LICENSE FROM STANFORD WITH RIGHT TO SUBLICENSE ("SOFTWARE LICENSE"). * 1. As used in this Software License, "you" means the individual downloading and/or using, reproducing, modifying, * displaying and/or distributing Software and the institution or entity which employs or is otherwise affiliated with you. * Stanford hereby grants you, with right to sublicense, with respect to Stanford's rights in the Software, a * royalty-free, non-exclusive license to use, reproduce, make derivative works of, display and distribute the Software, * provided that: (a) you adhere to all of the terms and conditions of this Software License; (b) in connection with any * copy, distribution of, or sublicense of all or any portion of the Software, the terms and conditions in this Software * License shall appear in and shall apply to such copy and such sublicense, including without limitation all source and * executable forms and on any user documentation, prefaced with the following words: "All or portions of this licensed * product have been obtained under license from The Board of Trustees of the Leland Stanford Junior University. and are * subject to the following terms and conditions" AND any user interface to the Software or the "About" information display * in the Software will display the following: "Powered by ePAD http://epad.stanford.edu;" (c) you preserve and maintain * all applicable attributions, copyright notices and licenses included in or applicable to the Software; (d) modified * versions of the Software must be clearly identified and marked as such, and must not be misrepresented as being the * original Software; and (e) you consider making, but are under no obligation to make, the source code of any of your * modifications to the Software freely available to others on an open source basis. * * 2. The license granted in this Software License includes without limitation the right to (i) incorporate the Software * into your proprietary programs (subject to any restrictions applicable to such programs), (ii) add your own copyright * statement to your modifications of the Software, and (iii) provide additional or different license terms and conditions * in your sublicenses of modifications of the Software; provided that in each case your use, reproduction or distribution * of such modifications otherwise complies with the conditions stated in this Software License. * 3. This Software License does not grant any rights with respect to third party software, except those rights that * Stanford has been authorized by a third party to grant to you, and accordingly you are solely responsible for (i) * obtaining any permissions from third parties that you need to use, reproduce, make derivative works of, display and * distribute the Software, and (ii) informing your sublicensees, including without limitation your end-users, of their * obligations to secure any such required permissions. * 4. You agree that you will use the Software in compliance with all applicable laws, policies and regulations including, * but not limited to, those applicable to Personal Health Information ("PHI") and subject to the Institutional Review * Board requirements of the your institution, if applicable. Licensee acknowledges and agrees that the Software is not * FDA-approved, is intended only for research, and may not be used for clinical treatment purposes. Any commercialization * of the Software is at the sole risk of you and the party or parties engaged in such commercialization. You further agree * to use, reproduce, make derivative works of, display and distribute the Software in compliance with all applicable * governmental laws, regulations and orders, including without limitation those relating to export and import control. * 5. You or your institution, as applicable, will indemnify, hold harmless, and defend Stanford against any third party * claim of any kind made against Stanford arising out of or related to the exercise of any rights granted under this * Agreement, the provision of Software, or the breach of this Agreement. Stanford provides the Software AS IS and WITH ALL * FAULTS. Stanford makes no representations and extends no warranties of any kind, either express or implied. Among * other things, Stanford disclaims any express or implied warranty in the Software: * (a) of merchantability, of fitness for a particular purpose, * (b) of non-infringement or * (c) arising out of any course of dealing. * * Title and copyright to the Program and any associated documentation shall at all times remain with Stanford, and * Licensee agrees to preserve same. Stanford reserves the right to license the Program at any time for a fee. * 6. None of the names, logos or trademarks of Stanford or any of Stanford's affiliates or any of the Contributors, or any * funding agency, may be used to endorse or promote products produced in whole or in part by operation of the Software or * derived from or based on the Software without specific prior written permission from the applicable party. * 7. Any use, reproduction or distribution of the Software which is not in accordance with this Software License shall * automatically revoke all rights granted to you under this Software License and render Paragraphs 1 and 2 of this * Software License null and void. * 8. This Software License does not grant any rights in or to any intellectual property owned by Stanford or any * Contributor except those rights expressly granted hereunder. * * PART B. CONTRIBUTION AGREEMENT - LICENSE TO STANFORD WITH RIGHT TO SUBLICENSE ("CONTRIBUTION AGREEMENT"). * 1. As used in this Contribution Agreement, "you" means an individual providing a Contribution to ePAD and the * institution or entity which employs or is otherwise affiliated with you. * 2. This Contribution Agreement applies to all Contributions made to ePAD at any time. By making a Contribution you * represent that: (i) you are legally authorized and entitled by ownership or license to make such Contribution and to * grant all licenses granted in this Contribution Agreement with respect to such Contribution; (ii) if your Contribution * includes any patient data, all such data is de-identified in accordance with U.S. confidentiality and security laws and * requirements, including but not limited to the Health Insurance Portability and Accountability Act (HIPAA) and its * regulations, and your disclosure of such data for the purposes contemplated by this Agreement is properly authorized and * in compliance with all applicable laws and regulations; and (iii) you have preserved in the Contribution all applicable * attributions, copyright notices and licenses for any third party software or data included in the Contribution. * 3. Except for the licenses you grant in this Agreement, you reserve all right, title and interest in your Contribution. * 4. You hereby grant to Stanford, with the right to sublicense, a perpetual, worldwide, non-exclusive, no charge, * royalty-free, irrevocable license to use, reproduce, make derivative works of, display and distribute the Contribution. * If your Contribution is protected by patent, you hereby grant to Stanford, with the right to sublicense, a perpetual, * worldwide, non-exclusive, no-charge, royalty-free, irrevocable license under your interest in patent rights embodied in * the Contribution, to make, have made, use, sell and otherwise transfer your Contribution, alone or in combination with * ePAD or otherwise. * 5. You acknowledge and agree that Stanford ham may incorporate your Contribution into ePAD and may make your * Contribution as incorporated available to members of the public on an open source basis under terms substantially in * accordance with the Software License set forth in Part A of this Agreement. You further acknowledge and agree that * Stanford shall have no liability arising in connection with claims resulting from your breach of any of the terms of * this Agreement. * 6. YOU WARRANT THAT TO THE BEST OF YOUR KNOWLEDGE YOUR CONTRIBUTION DOES NOT CONTAIN ANY CODE OBTAINED BY YOU UNDER AN * OPEN SOURCE LICENSE THAT REQUIRES OR PRESCRIBES DISTRBUTION OF DERIVATIVE WORKS UNDER SUCH OPEN SOURCE LICENSE. (By way * of non-limiting example, you will not contribute any code obtained by you under the GNU General Public License or other * so-called "reciprocal" license.) *******************************************************************************/ package edu.stanford.epad.epadws.xnat; import java.io.IOException; import java.io.InputStreamReader; import java.nio.charset.Charset; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.codec.binary.Base64; import org.apache.commons.httpclient.HttpClient; import org.apache.commons.httpclient.methods.DeleteMethod; import org.apache.commons.httpclient.methods.GetMethod; import org.apache.commons.httpclient.methods.PostMethod; import org.apache.commons.io.IOUtils; import edu.stanford.epad.common.util.EPADConfig; import edu.stanford.epad.common.util.EPADLogger; /** * XNAT session management methods * * * @author martin */ public class XNATSessionOperations { private static final EPADLogger log = EPADLogger.getInstance(); private static String adminSessionID = null; private static final String XNAT_SESSION_BASE = "/xnat/data/JSESSION"; private static final String LOGIN_EXCEPTION_MESSAGE = "Internal login error"; private static final String XNAT_UNAUTHORIZED_MESSAGE = "XNAT login not successful"; private static final String XNAT_LOGIN_ERROR_MESSAGE = "Unexpected XNAT login response"; public static final class XNATSessionResponse { public final int statusCode; public final String response; public XNATSessionResponse(int responseCode, String response) { this.statusCode = responseCode; this.response = response; } } /** * @param HttpServlerRequest * @return XNATSessionResponse * @throws IllegalArgumentException */ public static XNATSessionResponse invokeXNATSessionIDService(HttpServletRequest httpRequest) { String username = extractUserNameFromAuthorizationHeader(httpRequest); String password = extractPasswordFromAuthorizationHeader(httpRequest); XNATSessionResponse response = getXNATSessionID(username, password); log.info("Session ID " + response.response + " generated for user " + username); // TODO temp return response; } public static String getXNATAdminSessionID() { if (adminSessionID != null && hasValidXNATSessionID(adminSessionID)) return adminSessionID; String xnatUploadProjectUser = EPADConfig.xnatUploadProjectUser; String xnatUploadProjectPassword = EPADConfig.xnatUploadProjectPassword; log.info("Getting XNAT Admin Session"); XNATSessionResponse xnatSessionResponse = XNATSessionOperations.getXNATSessionID(xnatUploadProjectUser, xnatUploadProjectPassword); if (xnatSessionResponse.statusCode != HttpServletResponse.SC_OK) { log.warning("Error invoking XNAT session service for study upload; statusCode = " + xnatSessionResponse.statusCode); return null; } else { adminSessionID = xnatSessionResponse.response; return xnatSessionResponse.response; } } public static int invalidateXNATSessionID(HttpServletRequest httpRequest) { String xnatSessionURL = buildXNATSessionURL(); HttpClient client = new HttpClient(); DeleteMethod method = new DeleteMethod(xnatSessionURL); String jsessionID = getJSessionIDFromRequest(httpRequest); int xnatStatusCode; method.setRequestHeader("Cookie", "JSESSIONID=" + jsessionID); try { xnatStatusCode = client.executeMethod(method); } catch (IOException e) { log.warning("Error calling XNAT session service to invalidate session ID", e); xnatStatusCode = HttpServletResponse.SC_INTERNAL_SERVER_ERROR; } finally { method.releaseConnection(); } if (xnatStatusCode != HttpServletResponse.SC_OK) log.warning("XNAT delete session call returned status code " + xnatStatusCode); return xnatStatusCode; } public static boolean hasValidXNATSessionID(HttpServletRequest httpRequest) { String jsessionID = XNATSessionOperations.getJSessionIDFromRequest(httpRequest); if (jsessionID == null) // The getJSessionIDFromRequest method logs warning in this case. return false; else return hasValidXNATSessionID(jsessionID); } public static boolean hasValidXNATSessionID(String jsessionID) { String xnatSessionURL = XNATUtil.buildXNATSessionURL(); HttpClient client = new HttpClient(); GetMethod method = new GetMethod(xnatSessionURL); int xnatStatusCode; method.setRequestHeader("Cookie", "JSESSIONID=" + jsessionID); try { xnatStatusCode = client.executeMethod(method); } catch (IOException e) { log.warning("Error calling XNAT", e); xnatStatusCode = HttpServletResponse.SC_INTERNAL_SERVER_ERROR; } finally { method.releaseConnection(); } return (xnatStatusCode == HttpServletResponse.SC_OK); } public static String getJSessionIDFromRequest(HttpServletRequest servletRequest) { String jSessionID = null; Cookie[] cookies = servletRequest.getCookies(); if (cookies != null) { for (Cookie cookie : cookies) { if ("JSESSIONID".equalsIgnoreCase(cookie.getName())) { jSessionID = cookie.getValue(); break; } } } if (jSessionID == null) log.warning("No JSESESSIONID cookie present in request " + servletRequest.getRequestURL()); return jSessionID; } public static String extractUserNameFromAuthorizationHeader(HttpServletRequest httpRequest) { String credentials = extractCredentialsFromAuthorizationHeader(httpRequest); String[] values = credentials.split(":", 2); if (values.length != 0 && values[0] != null) return values[0]; else return ""; } private static XNATSessionResponse getXNATSessionID(String username, String password) { String xnatSessionURL = buildXNATSessionURL(); HttpClient client = new HttpClient(); PostMethod method = new PostMethod(xnatSessionURL); String authString = buildAuthorizationString(username, password); XNATSessionResponse xnatSessionResponse; int xnatStatusCode; try { log.info("Invoking XNAT session service for user " + username + " at " + xnatSessionURL); method.setRequestHeader("Authorization", "Basic " + authString); xnatStatusCode = client.executeMethod(method); log.info("Successfully invoked XNAT session service for user " + username + "; status code = " + xnatStatusCode); } catch (IOException e) { log.warning("Error calling XNAT session service for user " + username, e); xnatStatusCode = HttpServletResponse.SC_INTERNAL_SERVER_ERROR; } try { if (xnatStatusCode == HttpServletResponse.SC_OK) { try { StringBuilder sb = new StringBuilder(); InputStreamReader isr = null; try { isr = new InputStreamReader(method.getResponseBodyAsStream()); int read = 0; char[] chars = new char[128]; while ((read = isr.read(chars)) > 0) { sb.append(chars, 0, read); } } finally { IOUtils.closeQuietly(isr); } String jsessionID = sb.toString(); xnatSessionResponse = new XNATSessionResponse(HttpServletResponse.SC_OK, jsessionID); log.debug("Session ID " + jsessionID + " generated for user " + username); // TODO temp } catch (IOException e) { log.warning(LOGIN_EXCEPTION_MESSAGE, e); xnatSessionResponse = new XNATSessionResponse(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, LOGIN_EXCEPTION_MESSAGE + ": " + e.getMessage()); } } else if (xnatStatusCode == HttpServletResponse.SC_UNAUTHORIZED) { log.warning(XNAT_UNAUTHORIZED_MESSAGE); xnatSessionResponse = new XNATSessionResponse(xnatStatusCode, XNAT_UNAUTHORIZED_MESSAGE); } else { log.warning(XNAT_LOGIN_ERROR_MESSAGE + "; XNAT status code = " + xnatStatusCode); xnatSessionResponse = new XNATSessionResponse(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, XNAT_LOGIN_ERROR_MESSAGE + "; XNAT status code = " + xnatStatusCode); } } finally { method.releaseConnection(); } return xnatSessionResponse; } private static String extractPasswordFromAuthorizationHeader(HttpServletRequest request) { String credentials = extractCredentialsFromAuthorizationHeader(request); String[] values = credentials.split(":", 2); if (values.length > 1 && values[1] != null) return values[1]; else return ""; } private static String extractCredentialsFromAuthorizationHeader(HttpServletRequest request) { String authorizationHeader = request.getHeader("Authorization"); String credentials = ""; if (authorizationHeader != null && authorizationHeader.startsWith("Basic")) { String base64Credentials = authorizationHeader.substring("Basic".length()).trim(); credentials = new String(Base64.decodeBase64(base64Credentials), Charset.forName("UTF-8")); } return credentials; } private static String buildXNATSessionURL() { String xnatHost = EPADConfig.xnatServer; int xnatPort = EPADConfig.xnatPort; return buildXNATBaseURL(xnatHost, xnatPort, XNAT_SESSION_BASE); } private static String buildXNATBaseURL(String host, int port, String base) { return buildXNATBaseURL(host, port, base, ""); } private static String buildXNATBaseURL(String host, int port, String base, String ext) { StringBuilder sb = new StringBuilder(); sb.append("http://").append(host); sb.append(":").append(port); sb.append(base); sb.append(ext); return sb.toString(); } private static String buildAuthorizationString(String username, String password) { String authString = username + ":" + password; byte[] authEncBytes = Base64.encodeBase64(authString.getBytes()); String authStringEnc = new String(authEncBytes); return authStringEnc; } }