diff --git a/.classpath b/.classpath
index a9245a1..228d02c 100644
--- a/.classpath
+++ b/.classpath
@@ -15,11 +15,13 @@
+
+
diff --git a/distro/changelog.xml b/distro/changelog.xml
index 21b4dbd..ef3a884 100644
--- a/distro/changelog.xml
+++ b/distro/changelog.xml
@@ -1,4 +1,7 @@
+
+ Support oauth2 protocol accepting token in the auhtorization header field
+
Added Proxy Address to Application Configuration
Added protocol to Container Configuration (http by default)
diff --git a/pom.xml b/pom.xml
index a86d480..29f56c6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -10,7 +10,7 @@
org.gcube.core
common-smartgears
- 2.1.7-SNAPSHOT
+ 2.1.8-SNAPSHOT
SmartGears
diff --git a/src/main/java/org/gcube/smartgears/Constants.java b/src/main/java/org/gcube/smartgears/Constants.java
index acb3790..fd4486b 100644
--- a/src/main/java/org/gcube/smartgears/Constants.java
+++ b/src/main/java/org/gcube/smartgears/Constants.java
@@ -168,12 +168,6 @@ public class Constants {
*/
public static final String token_header="gcube-token";
- /**
- * The name of the oauth secret parameter
- */
- public static final String oauth_secret="client_secret";
-
-
/**
* The event for token registration for app.
*/
diff --git a/src/main/java/org/gcube/smartgears/handlers/application/request/RequestContextRetriever.java b/src/main/java/org/gcube/smartgears/handlers/application/request/RequestContextRetriever.java
index b61d861..f2f0d54 100644
--- a/src/main/java/org/gcube/smartgears/handlers/application/request/RequestContextRetriever.java
+++ b/src/main/java/org/gcube/smartgears/handlers/application/request/RequestContextRetriever.java
@@ -1,7 +1,6 @@
package org.gcube.smartgears.handlers.application.request;
import static org.gcube.common.authorization.client.Constants.authorizationService;
-import static org.gcube.smartgears.Constants.oauth_secret;
import static org.gcube.smartgears.Constants.scope_header;
import static org.gcube.smartgears.Constants.token_header;
import static org.gcube.smartgears.handlers.application.request.RequestError.internal_server_error;
@@ -27,8 +26,11 @@ import org.slf4j.LoggerFactory;
public class RequestContextRetriever extends RequestHandler {
private static Logger log = LoggerFactory.getLogger(RequestContextRetriever.class);
-
-
+
+ private static final String BEARER_AUTH_PREFIX ="Bearer";
+ private static final String BASIC_AUTH_PREFIX ="Basic";
+
+
@Override
public String getName() {
return Constants.request_context_retriever;
@@ -38,25 +40,27 @@ public class RequestContextRetriever extends RequestHandler {
public void handleRequest(RequestEvent call) {
String token = call.request().getParameter(token_header)==null? call.request().getHeader(token_header):call.request().getParameter(token_header);
String scope = call.request().getParameter(scope_header)==null? call.request().getHeader(scope_header):call.request().getParameter(scope_header);
-
+
if (token==null && call.request().getHeader(Constants.authorization_header)!=null){
- String basicAuthorization = call.request().getHeader(Constants.authorization_header);
- String base64Credentials = basicAuthorization.substring("Basic".length()).trim();
- String credentials = new String(DatatypeConverter.parseBase64Binary(base64Credentials));
- // credentials = username:password
- final String[] values = credentials.split(":",2);
- token = values[1];
+
+ String authorization = call.request().getHeader(Constants.authorization_header);
+
+ if (authorization.contains(BASIC_AUTH_PREFIX)) {
+ String base64Credentials = authorization.substring(BASIC_AUTH_PREFIX.length()).trim();
+ String credentials = new String(DatatypeConverter.parseBase64Binary(base64Credentials));
+ // credentials = username:password
+ final String[] values = credentials.split(":",2);
+ token = values[1];
+ } else if (authorization.contains(BEARER_AUTH_PREFIX))
+ token = authorization.substring(BEARER_AUTH_PREFIX.length()).trim();
}
-
- if (token==null && scope==null && call.request().getParameter(oauth_secret)!=null)
- token = call.request().getParameter(oauth_secret);
-
+
//Gives priority to the token
if (token!=null)
this.retreiveAndSetInfo(token, call);
else if (scope!=null)
ScopeProvider.instance.set(scope);
-
+
}
@Override
@@ -66,7 +70,7 @@ public class RequestContextRetriever extends RequestHandler {
ScopeProvider.instance.reset();
log.debug("resetting all the Thread local for this call.");
}
-
+
private void retreiveAndSetInfo(String token, RequestEvent call){
log.info("retrieving context using token {} ", token);
AuthorizationEntry authEntry = null;
@@ -79,7 +83,7 @@ public class RequestContextRetriever extends RequestHandler {
log.error("error contacting authorization service",e);
internal_server_error.fire("error contacting authorization service");
}
-
+
AuthorizationProvider.instance.set(new Caller(authEntry.getClientInfo(), authEntry.getQualifier()));
SecurityTokenProvider.instance.set(token);
ScopeProvider.instance.set(authEntry.getContext());