ssosearchservlet.java

关于Ultraseek的一些用法,刚初学,所以都是比较简单

      super.parseQueryParameters();
    }

    /**
     * Recover the access guard for a session, or create a new
     * one.
     * <p>
     * Between Search requests the access guard is stored in the 
     * <code>HttpSession</code> object.
     * The guard caches the results of prior security
     * checks on URLs to improve performance when those documents
     * appear in later searches (for instance, when the user
     * clicks BACK, or refines a search).
     * @return the access guard for the session
     * @param session the session to ensure is guarded.
     * @see #GUARD_ATTRIBUTE
     * @see #accessGuard
     */
    protected SSOSearchServletAccessGuard 
      getAccessGuard(HttpSession session)
    {
      Object attribute = session.getAttribute(GUARD_ATTRIBUTE);
      if (attribute==null || !(attribute instanceof SSOSearchServletAccessGuard)) {
        if (debug)
          log("Creating new guard for session " + session.getId());
        SSOSearchServletAccessGuard guard;
        if (debug)
          guard = new DebugAccessGuard(HEADER_NAMES);
        else
          guard = new SSOSearchServletAccessGuard(HEADER_NAMES);
        guard.setHTTPTimeout(accessGuard_timeout);
        guard.setCacheLifetime(accessGuard_cacheLifeTime);
        session.setAttribute(GUARD_ATTRIBUTE,guard);
        return guard;
      } else {
        SSOSearchServletAccessGuard guard = (SSOSearchServletAccessGuard) attribute;
        if (guard instanceof DebugAccessGuard)
          log("The guard for session " + session.getId() + " has " + 
              ((DebugAccessGuard)guard).getCacheSize() + " cached results.");
        return guard;
      }
    }


    /**
     * Does the request to this Servlet appear to have authentication
     * information?
     * <p>
     * Used to detect errors of forgetfullness during development.
     */
    protected boolean checkForAuthentication(HttpServletRequest req) {
      if (req==null) return false;
      Cookie[] cookies = req.getCookies();
      if (cookies==null) return false;
      for (int i = 0; i < cookies.length; i++)
        if ("SMSESSION".equalsIgnoreCase(cookies[i].getName()))
          return true;
      return false;
    }

    protected void showDebugServletSpecific() {
      out.println("<hr>");

      // A common problem during development is forgetting to use
      // a fully qualified host name so the cookie is set right
      if (!checkForAuthentication(this.req)) {
        out.print("<center><font size=\"+1\">");
        out.println("<p>You do not appear to have any authentication information!");
        out.println("<br>Are you in the right domain for the authentication cookie?");
        if (!isEmpty(singleSignOnLink)) {
          out.println("<br>Login: " );
          showHREF(singleSignOnLink, singleSignOnLink);
        };
        if (req.getServerName().indexOf(".")==-1)
          out.println("<br>Perhaps you need to use a fully qualified hostname.");
        out.println("<p>");
        out.print("</font></center>");
      }
        
      if (accessGuard != null 
          && (accessGuard instanceof DebugAccessGuard)) {
        DebugAccessGuard dag = (DebugAccessGuard) accessGuard;
        out.print("<font size=\"-1\"><pre>");
        out.print(dag.getDebugInfo());
        dag.clearDebugInfo();
        out.print("</pre></font>");
      }
    super.showDebugServletSpecific();
    }


    /**
     * {@inheritDoc}
     * <p>
     * The base SearchResultList returns term hit counts that include
     * both authorized and unauthorized results.  
     * For secure search, the per-term hit counts are not displayed to
     * prevent a searcher from infering the 
     * existance of an unauthorized document which matches a search term.
     * <blockquote>
     * (example query: <code>+merger +mycompany || +anothercompany</code>)
     * </blockquote>
     * If per-term hit counts were displayed the searcher 
     * could infer that <code>N</code> documents exist that
     * mention "merger" and "mycompany" and "anothercompany".
     * @see #showNavBarResultsCount
     */
    protected void showDocumentCounts()
      throws ServletException, IOException {
      DEBUG(out,"showDocumentCounts");
      DEBUG(out,"/showDocumentCounts");
    }


    /**
     * {@inheritDoc}
     * <p>
     * The existance of a SearchResult is not sufficient for Secure search.
     * We must ensure there is a <em>viewable</em> SearchResult by fetching
     * the first one.  This ensures the search result is validated
     * by all filters applied to the <code>Searchable</code>.
     * @return <code>true</code> if there is a viewable search result.
     *         <code>false</code> if there is no viewable search results, or
     *         if a timeout occurred while checking for viewable search results.
     */
    protected boolean haveSearchResults() {
      if (!super.haveSearchResults()) return false;
      return isSearchResultAvailable(0);
    }


    /**
     * {@inheritDoc}
     * <p>
     * Secure search does not display the count of matching documents.
     * Until the <em>entire</em> list of documents is
     * validated we do not know how many of the estimated results
     * this user is authorized to view.
     * @see #showDocumentCounts
     */
    protected void showNavBarResultsCount() {
      DEBUG(out,"showNavBarResultsCount");
      out.print("<td width=\"33%\" class=\"result-count\">");

      if (rf==RF_RELEVANCE_WITH_DATE)
        out.print(HTMLNonBreaking(Translate("scored using date")) + ", ");
      String english, english2;
      switch (rf) {
        case RF_RELEVANCE_WITH_DATE:
        case RF_RELEVANCE:
        default:
          english  = "top %d sorted by relevance"; // Translate()
          english2 = "sorted by relevance";        // Translate()
          break;
        case RF_DATE_SORT:
          english  = "top %d sorted by date";      // Translate()
          english2 = "sorted by date";             // Translate()
          break;
        case RF_TITLE_SORT:
          english  = "top %d sorted by title";     // Translate()
          english2 = "sorted by title";            // Translate()
          break;
      }
      english = english2;
      out.print(HTMLNonBreaking(Translate(english,"%d",""+availableHitCount)));
      out.println("</td>");
      DEBUG(out,"/showNavBarResultsCount");
    }

    /**
     * {@inheritDoc}
     * For Secure search, we guard search results before they are
     * title sorted or date sorted.
     * <p>
     * A typical "processing pipeline" would be:
     * <table>
     * <tr><td>UltraseekServer</td>
     *     <td>Generates original list of results (authorized and unauthorized)</td>
     * </tr><tr>
     *     <td>GuardingSearchable</td>
     *     <td>Applies <code>accessGuard</code> to each SearchResult,
     *         throws <code>SecurityException</code> on unauthorized results.</td>
     * </tr><tr>
     *     <td>SecureFilterSearchable</td>
     *     <td>Silently removes <code>SecurityException</code> from the
     *         <code>SearchResultList</code>.</td>
     * </tr><tr>
     *     <td>ScoreUsingDateSearchable</td>
     *     <td>Re-sorts the top 100 remaining results using "Recent Relevance"</td>
     * </tr><tr>
     *     <td>GroupingSearchable</td>
     *
     *    
     *
     * Apply the session specific guard to the search source.
     * Then let our parent apply any desired date sorting, title sorting,
     * or grouping-by-location.
     */
    protected Searchable addSearchableProcessing(Searchable searchable)
    {
      /* Guard all SearchResults with the guard for this session */
      GuardingSearchable guarded = new GuardingSearchable( searchable, 
                                                           accessGuard );
      guarded.setMaxThreads(accessGuard_maxThreads);

      /* Silently filter out results where the guard throws SecurityException */
      searchable = new SecureFilterSearchable( guarded );

      /* do any additional processing of results */
      return super.addSearchableProcessing(searchable);
    }

  }  // class SearchRequest

}