Retrieve credentials: token and host

git-svn-id: http://svn.research-infrastructures.eu/public/d4science/gcube/trunk/data-access/gcube-geoserver-connector@149018 82a268e6-3cf1-43bd-a215-b396298e98cf

src/main/java/org/gcube/data/access/connector/AuthenticationUtils.java

@@ -3,8 +3,12 @@ package org.gcube.data.access.connector;
 public class AuthenticationUtils {
 	
 	protected final static String AUTHORIZATION = "Authorization";
+	protected final static String BASIC = "Basic";
+	protected final static String WHITESPACE = " ";
 	
 	protected final static String USERNAME = "username";
 	protected final static String PASSWORD = "password";
+	
+	protected final static String GCUBE_TOKEN = "gcube-token";
 
 }

src/main/java/org/gcube/data/access/connector/GeoServerConnectorRequestHandler.java

@@ -3,12 +3,15 @@ package org.gcube.data.access.connector;
 import javax.servlet.http.HttpServletRequest;
 import javax.xml.bind.annotation.XmlRootElement;
 
+import org.apache.commons.codec.binary.Base64;
 import org.gcube.data.access.connector.rest.GCubeRestClient;
 import org.gcube.data.access.connector.rest.entity.AccessibleCredentialsEntity;
 import org.gcube.smartgears.handlers.application.RequestEvent;
 import org.gcube.smartgears.handlers.application.RequestHandler;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.util.StringUtils;;
+
 
 @XmlRootElement (name= GeoServerConnectorRequestHandler.REQUEST_HANDLER_NAME)
 public class GeoServerConnectorRequestHandler extends RequestHandler {
@@ -16,7 +19,7 @@ public class GeoServerConnectorRequestHandler extends RequestHandler {
 	protected static final String REQUEST_HANDLER_NAME = "authentication-filter";
 													
 	private Logger logger;
-
+	
 	public GeoServerConnectorRequestHandler() {
 		this.logger = LoggerFactory.getLogger(this.getClass());
 	}
@@ -28,28 +31,29 @@ public class GeoServerConnectorRequestHandler extends RequestHandler {
 
 	@Override
 	public void handleRequest(RequestEvent e) {
-
+		
 		this.logger.debug("Handling request");
 		System.out.println("Handling request");
 		HttpServletRequest httpServletRequest = e.request();
 		
-		//TODO get these info from IS		
+		//get host from ApplicationContext
+		String host = e.context().container().configuration().hostname();		
+		//get token from request
+		String token = getToken(httpServletRequest);		
+		//get endpoint
+		String endpoint = getEndpoint();
+		
+		//correct URL
+		//https://sdi-d-d4s.d4science.org/sdi-service/gcube/service/GeoServer/credentials/geoserver1-d-d4s.d4science.org?gcube-token=feda0617-cd9d-4841-b6f0-e047da5d32ed-98187548
+		
 		System.out.println("Call to REST client");
 		this.logger.info("Call to REST client");
-		String endpoint = "https://sdi-d-d4s.d4science.org/sdi-service/gcube/service/GeoServer/credentials/";
-		String host = "geoserver1-d-d4s.d4science.org";
-//		String host = "http://geoserver1-d-d4s.d4science.org";
-//		String host = httpServletRequest.getServerName();
-		String token = "feda0617-cd9d-4841-b6f0-e047da5d32ed-98187548";
-		//https://geoserver1-d-d4s.d4science.org/geoserver
-		//https://sdi-d-d4s.d4science.org/sdi-service/gcube/service/GeoServer/credentials/geoserver1-d-d4s.d4science.org?gcube-token=feda0617-cd9d-4841-b6f0-e047da5d32ed-98187548
-		System.out.println( "Remote Host: " + httpServletRequest.getRemoteHost());
-		System.out.println("Server Name: " +httpServletRequest.getServerName());
-		System.out.println("Local Name: " +httpServletRequest.getLocalName());
 		
-		GCubeRestClient client = new GCubeRestClient();
-		AccessibleCredentialsEntity accessibleCredentials = client.getAccessibleCredentials(endpoint, host, token);
+		GCubeRestClient restClient = new GCubeRestClient();
+		AccessibleCredentialsEntity accessibleCredentials = restClient.getAccessibleCredentials(endpoint, host, token);
 		System.out.println("accessibleCredentials: " + accessibleCredentials.getUsername() + " " + accessibleCredentials.getPassword());
+		
+		//TODO bypass username/password - I'm waiting they update the geoserver credentials
 		httpServletRequest.setAttribute(AuthenticationUtils.USERNAME, "admin");
 		httpServletRequest.setAttribute(AuthenticationUtils.PASSWORD, "geoserver");
 //		httpServletRequest.setAttribute(AuthenticationUtils.USERNAME, accessibleCredentials.getUsername());
@@ -60,4 +64,43 @@ public class GeoServerConnectorRequestHandler extends RequestHandler {
 	public String toString() {
 		return getName();
 	}
+	
+	
+	private String getToken(HttpServletRequest httpServletRequest) {
+		
+		//case 1 - get token from gcube-token query-string
+		String gCubeToken = httpServletRequest.getParameter(AuthenticationUtils.GCUBE_TOKEN);		
+		if (StringUtils.hasText(gCubeToken)){
+			System.out.println("Get token from query-string");
+			return gCubeToken;
+		}
+		
+		//case 2 - get token from gcube-token header		
+		gCubeToken =  httpServletRequest.getHeader(AuthenticationUtils.GCUBE_TOKEN);
+		if (StringUtils.hasText(gCubeToken)){
+			System.out.println("Get token from gcube-token header");
+			return gCubeToken;
+		}			
+		
+		//case 3 - get token from Authorization header
+		String authorization = httpServletRequest.getHeader(AuthenticationUtils.AUTHORIZATION);
+		if (StringUtils.hasText(authorization) && StringUtils.startsWithIgnoreCase(authorization, AuthenticationUtils.BASIC)) {
+			System.out.println("Get token from authorization header");
+			// header = Authorization: Basic base64credentials
+	        String base64Credentials = StringUtils.delete(authorization, AuthenticationUtils.BASIC);
+	        String credentials = new String(Base64.decodeBase64(StringUtils.trimWhitespace(base64Credentials)));
+	        
+	        // credentials = username:token
+	        final String[] values = credentials.split(":",2);	        
+	        return values[1];
+		}
+		System.out.println("Token not found in gcube-token query string, in gcube-token header and in basic authorization header");
+		return null;
+	}
+	
+	private String getEndpoint() {
+		return "https://sdi-d-d4s.d4science.org/sdi-service/gcube/service/GeoServer/credentials/";
+	}
+	
+	
 }

src/main/java/org/gcube/data/access/connector/GeoServerFilter.java

@@ -13,7 +13,7 @@ import javax.servlet.http.HttpServletResponse;
 import org.apache.commons.codec.binary.Base64;
 
 public class GeoServerFilter implements Filter {
-	
+
 	@Override
 	public void init(FilterConfig filterConfig) throws ServletException {
 		System.out.println("init");
@@ -27,14 +27,16 @@ public class GeoServerFilter implements Filter {
 		ServletRequestWrapper request = new ServletRequestWrapper((HttpServletRequest) servletRequest);
 		HttpServletResponse response = (HttpServletResponse) servletResponse;
 
-		//get credentials
+		// get credentials
 		String username = (String) request.getAttribute(AuthenticationUtils.USERNAME);
 		String password = (String) request.getAttribute(AuthenticationUtils.PASSWORD);
 
-		//set AUTHORIZATION header
-		String token = username + ":" + password;		
-		request.addHeader(AuthenticationUtils.AUTHORIZATION, "Basic " + Base64.encodeBase64String(token.getBytes()));
-
+		// set AUTHORIZATION header
+		String token = username + ":" + password;
+		String basic_authentication = AuthenticationUtils.BASIC + AuthenticationUtils.WHITESPACE
+				+ Base64.encodeBase64String(token.getBytes());
+		
+		request.addHeader(AuthenticationUtils.AUTHORIZATION, basic_authentication);
 		System.out.println("Get authorization header value: " + request.getHeader(AuthenticationUtils.AUTHORIZATION));
 
 		filterChain.doFilter(request, response);