From 800d697b454299f99f547091bd31b0d2ee76dfce Mon Sep 17 00:00:00 2001 From: Lucio Lelii Date: Mon, 30 Jan 2017 14:05:08 +0000 Subject: [PATCH] git-svn-id: https://svn.d4science-ii.research-infrastructures.eu/gcube/branches/common/common-smartgears/2.1@141905 82a268e6-3cf1-43bd-a215-b396298e98cf --- src/main/java/org/gcube/smartgears/Constants.java | 6 ++++++ .../application/request/RequestValidator.java | 13 +++++++++++-- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/src/main/java/org/gcube/smartgears/Constants.java b/src/main/java/org/gcube/smartgears/Constants.java index 684d3de..fa61b32 100644 --- a/src/main/java/org/gcube/smartgears/Constants.java +++ b/src/main/java/org/gcube/smartgears/Constants.java @@ -160,6 +160,12 @@ public class Constants { */ public static final String token_header="gcube-token"; + /** + * The name of the oauth secret parameter + */ + public static final String oauth_secret="client_secret"; + + /** * The event for token registration for app. */ diff --git a/src/main/java/org/gcube/smartgears/handlers/application/request/RequestValidator.java b/src/main/java/org/gcube/smartgears/handlers/application/request/RequestValidator.java index 4876cbb..3965044 100644 --- a/src/main/java/org/gcube/smartgears/handlers/application/request/RequestValidator.java +++ b/src/main/java/org/gcube/smartgears/handlers/application/request/RequestValidator.java @@ -3,6 +3,7 @@ package org.gcube.smartgears.handlers.application.request; import static org.gcube.common.authorization.client.Constants.authorizationService; import static org.gcube.smartgears.Constants.scope_header; import static org.gcube.smartgears.Constants.token_header; +import static org.gcube.smartgears.Constants.oauth_secret; import static org.gcube.smartgears.handlers.application.request.RequestError.application_failed_error; import static org.gcube.smartgears.handlers.application.request.RequestError.application_unavailable_error; import static org.gcube.smartgears.handlers.application.request.RequestError.internal_server_error; @@ -11,6 +12,7 @@ import static org.gcube.smartgears.handlers.application.request.RequestError.inv import java.io.IOException; import javax.xml.bind.DatatypeConverter; +import javax.xml.bind.annotation.XmlAttribute; import javax.xml.bind.annotation.XmlRootElement; import org.gcube.common.authorization.client.exceptions.ObjectNotFound; @@ -36,6 +38,9 @@ import org.slf4j.LoggerFactory; @XmlRootElement(name = Constants.request_validation) public class RequestValidator extends RequestHandler { + @XmlAttribute(required=false, name="oauth") + boolean oauthCompatibility = false; + private static Logger log = LoggerFactory.getLogger(RequestValidator.class); private ApplicationContext context; @@ -53,7 +58,7 @@ public class RequestValidator extends RequestHandler { context = call.context(); validateAgainstLifecycle(call); - + if (!validateToken(call)){ String scope = call.request().getParameter(scope_header)==null? call.request().getHeader(scope_header):call.request().getParameter(scope_header); validateScope(scope); @@ -108,7 +113,11 @@ public class RequestValidator extends RequestHandler { String token = call.request().getParameter(token_header)==null? call.request().getHeader(token_header):call.request().getParameter(token_header); String scope = call.request().getParameter(scope_header)==null? call.request().getHeader(scope_header):call.request().getParameter(scope_header); - + + if(token==null && scope==null && oauthCompatibility) + token = call.request().getParameter(oauth_secret); + + if (token == null && scope==null){ log.warn("rejecting call to {}, authorization required",context.name(),token); if (call.context().container().configuration().authenticationEnpoint()==null){