git-svn-id: https://svn.d4science-ii.research-infrastructures.eu/gcube/branches/common/common-smartgears/2.1@179054 82a268e6-3cf1-43bd-a215-b396298e98cf

2019-04-16 15:12:48 +00:00 · 2019-04-16 15:12:48 +00:00 · 0c90d7a508
parent f637903677
commit 0c90d7a508
2 changed files with 21 additions and 23 deletions
--- a/src/main/java/org/gcube/smartgears/Constants.java
+++ b/src/main/java/org/gcube/smartgears/Constants.java
@ -168,12 +168,6 @@ public class Constants {
 	 */
 	public static final String token_header="gcube-token";
 	
-	/**
-	 * The name of the oauth secret parameter
-	 */
-	public static final String oauth_secret="client_secret";
-	
-	
 	/**
 	 * The event for token registration for app.
 	 */
--- a/src/main/java/org/gcube/smartgears/handlers/application/request/RequestContextRetriever.java
+++ b/src/main/java/org/gcube/smartgears/handlers/application/request/RequestContextRetriever.java
@ -1,7 +1,6 @@
 package org.gcube.smartgears.handlers.application.request;

 import static org.gcube.common.authorization.client.Constants.authorizationService;
-import static org.gcube.smartgears.Constants.oauth_secret;
 import static org.gcube.smartgears.Constants.scope_header;
 import static org.gcube.smartgears.Constants.token_header;
 import static org.gcube.smartgears.handlers.application.request.RequestError.internal_server_error;
@ -28,6 +27,9 @@ public class RequestContextRetriever extends RequestHandler {

 	private static Logger log = LoggerFactory.getLogger(RequestContextRetriever.class);

+	private static final String BEARER_AUTH_PREFIX ="Bearer"; 
+	private static final String BASIC_AUTH_PREFIX ="Basic"; 
+

 	@Override
 	public String getName() {
@ -40,16 +42,18 @@ public class RequestContextRetriever extends RequestHandler {
 		String scope = call.request().getParameter(scope_header)==null?	call.request().getHeader(scope_header):call.request().getParameter(scope_header);

 		if (token==null && call.request().getHeader(Constants.authorization_header)!=null){
-			String basicAuthorization  = call.request().getHeader(Constants.authorization_header);
-			String base64Credentials = basicAuthorization.substring("Basic".length()).trim();
-			String credentials = new String(DatatypeConverter.parseBase64Binary(base64Credentials));
-			// credentials = username:password
-			final String[] values = credentials.split(":",2);
-			token = values[1];
-		}

-		if (token==null && scope==null && call.request().getParameter(oauth_secret)!=null)
-			token = call.request().getParameter(oauth_secret);
+			String authorization  = call.request().getHeader(Constants.authorization_header);
+
+			if (authorization.contains(BASIC_AUTH_PREFIX)) {
+				String base64Credentials = authorization.substring(BASIC_AUTH_PREFIX.length()).trim();
+				String credentials = new String(DatatypeConverter.parseBase64Binary(base64Credentials));
+				// credentials = username:password
+				final String[] values = credentials.split(":",2);
+				token = values[1];
+			} else if (authorization.contains(BEARER_AUTH_PREFIX)) 
+				token = authorization.substring(BEARER_AUTH_PREFIX.length()).trim();
+		}

 		//Gives priority to the token
 		if (token!=null)