Smartgears is now useless. Added a filter that intercepts requests and check the authorization token is available

git-svn-id: https://svn.d4science.research-infrastructures.eu/gcube/trunk/data-catalogue/grsf-publisher-ws@133337 82a268e6-3cf1-43bd-a215-b396298e98cf
2016-10-18 21:31:04 +00:00 · 2016-10-18 21:31:04 +00:00 · f37cdec985
parent d422a97bc3
commit f37cdec985
5 changed files with 105 additions and 7 deletions
--- a/pom.xml
+++ b/pom.xml
@ -116,12 +116,6 @@
 			<artifactId>jersey-bean-validation</artifactId>
 			<version>${version.jersey}</version>
 		</dependency>
-		<!-- SmartGears -->
-		<dependency>
-			<groupId>org.gcube.core</groupId>
-			<artifactId>common-smartgears</artifactId>
-			<scope>provided</scope>
-		</dependency>
 		<dependency>
 			<groupId>org.gcube.resources.discovery</groupId>
 			<artifactId>ic-client</artifactId>
--- a/src/main/java/org/gcube/data_catalogue/grsf_publish_ws/ex/ApplicationException.java
+++ b/src/main/java/org/gcube/data_catalogue/grsf_publish_ws/ex/ApplicationException.java
@ -5,6 +5,8 @@ import javax.ws.rs.core.Response;
 import javax.ws.rs.ext.ExceptionMapper;
 import javax.ws.rs.ext.Provider;

+import org.slf4j.LoggerFactory;
+
@Provider
 /**
 * Exception thrown when @Valid fail
@ -12,7 +14,10 @@ import javax.ws.rs.ext.Provider;
 */
 public class ApplicationException implements ExceptionMapper<Exception> {

+	private static final org.slf4j.Logger logger = LoggerFactory.getLogger(ApplicationException.class);
+	
    public Response toResponse(Exception e) {
+    	logger.warn("ApplicationException invoked");
        return Response
                .status(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode())
                .type(MediaType.APPLICATION_JSON)
--- a/src/main/java/org/gcube/data_catalogue/grsf_publish_ws/ex/ValidationException.java
+++ b/src/main/java/org/gcube/data_catalogue/grsf_publish_ws/ex/ValidationException.java
@ -7,12 +7,15 @@ import javax.ws.rs.core.Response;
 import javax.ws.rs.ext.ExceptionMapper;
 import javax.ws.rs.ext.Provider;

+import org.slf4j.LoggerFactory;
+
@Provider
 /**
 * Exception thrown on fail
 * @author Costantino Perciante at ISTI-CNR
 */
 public class ValidationException implements ExceptionMapper<javax.validation.ValidationException> {
+	private static final org.slf4j.Logger logger = LoggerFactory.getLogger(ValidationException.class);

 	@Override
 	public Response toResponse(javax.validation.ValidationException e) {
@ -20,6 +23,7 @@ public class ValidationException implements ExceptionMapper<javax.validation.Val
 		for (ConstraintViolation<?> cv : ((ConstraintViolationException) e).getConstraintViolations()) {
 			strBuilder.append(cv.getPropertyPath().toString() + " " + cv.getMessage());
 		}
+		logger.warn("ValidationException invoked, returning " + strBuilder.toString());
 		return Response
 				.status(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode())
 				.type(MediaType.APPLICATION_JSON)
--- a/src/main/java/org/gcube/data_catalogue/grsf_publish_ws/filters/RequestsAuthFilter.java
+++ b/src/main/java/org/gcube/data_catalogue/grsf_publish_ws/filters/RequestsAuthFilter.java
@ -0,0 +1,95 @@
+package org.gcube.data_catalogue.grsf_publish_ws.filters;
+
+import static org.gcube.common.authorization.client.Constants.authorizationService;
+
+import java.io.IOException;
+
+import javax.ws.rs.container.ContainerRequestContext;
+import javax.ws.rs.container.ContainerRequestFilter;
+import javax.ws.rs.core.MultivaluedMap;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.ext.Provider;
+
+import org.gcube.common.authorization.library.AuthorizationEntry;
+import org.gcube.common.authorization.library.provider.AuthorizationProvider;
+import org.gcube.common.authorization.library.utils.Caller;
+import org.gcube.common.scope.api.ScopeProvider;
+import org.slf4j.LoggerFactory;
+
+
+/**
+ * Requests filter: is invoked before any request reaches a service method
+ * @author Costantino Perciante at ISTI-CNR
+ */
+@Provider
+public class RequestsAuthFilter implements ContainerRequestFilter{
+
+	private static final org.slf4j.Logger logger = LoggerFactory.getLogger(RequestsAuthFilter.class);
+	private static final String AUTH_TOKEN = "gcube-token";
+	@Override
+	public void filter(ContainerRequestContext requestContext)
+			throws IOException {
+
+		logger.info("Intercepted request, checking if it contains authorization token");
+
+		// check if the request contains gcube-token
+		String tokenInHeader = null, tokenAsQueryParameter = null;
+		MultivaluedMap<String, String> headers = requestContext.getHeaders();
+		if( headers != null && headers.containsKey(AUTH_TOKEN))
+			tokenInHeader = headers.get(AUTH_TOKEN).get(0);
+
+		MultivaluedMap<String, String> queryParameters = requestContext.getUriInfo().getQueryParameters();
+		if(queryParameters != null && queryParameters.containsKey(AUTH_TOKEN))
+			tokenAsQueryParameter = queryParameters.get(AUTH_TOKEN).get(0);
+
+		if(tokenInHeader != null){
+			logger.info("Token in " + tokenInHeader.substring(0, 5) + "********************");
+			AuthorizationEntry ae = validateToken(tokenInHeader);
+			if(ae != null){
+				logger.debug("Setting scope " + ae.getContext());
+				AuthorizationProvider.instance.set(new Caller(ae.getClientInfo(), ae.getQualifier()));
+				ScopeProvider.instance.set(ae.getContext());
+				logger.info("Authorization entry set in thread local");
+				return;
+			}else
+				requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).entity("Invalid or missing gcube-token").build());
+		}else if(tokenAsQueryParameter != null){
+			logger.info("Token is " + tokenAsQueryParameter.substring(0, 5) + "********************");
+			AuthorizationEntry ae = validateToken(tokenAsQueryParameter);
+			if(ae != null){
+				logger.debug("Setting scope " + ae.getContext());
+				AuthorizationProvider.instance.set(new Caller(ae.getClientInfo(), ae.getQualifier()));
+				ScopeProvider.instance.set(ae.getContext());
+				logger.info("Authorization entry set in thread local");
+				return;
+			}else
+				requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).entity("Invalid or missing gcube-token").build());
+
+		}
+		else
+			requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).entity("Invalid or missing gcube-token").build());
+
+	}
+
+	/**
+	 * Validate token.
+	 * @param token
+	 * @return null if validation fails
+	 */
+	private static AuthorizationEntry validateToken(String token){
+		AuthorizationEntry res = null;
+		try {
+
+			logger.debug("Validating token " + token);
+			res = authorizationService().get(token);
+			logger.debug("Token seems valid for scope " + res.getContext() + " and user " + res.getClientInfo().getId());
+
+		} catch (Exception e) {
+			logger.error("The token is not valid. This request will be rejected!!! (" + token + ")", e);
+		}
+
+		return res;
+	}
+
+
+}
--- a/src/main/webapp/WEB-INF/web.xml
+++ b/src/main/webapp/WEB-INF/web.xml
@ -10,7 +10,7 @@
 		<servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class>
 		<init-param>
 			<param-name>jersey.config.server.provider.packages</param-name>
-			<param-value>org.gcube.data_catalogue.grsf_publish_ws.services</param-value>
+			<param-value>org.gcube.data_catalogue.grsf_publish_ws</param-value>
 		</init-param>
 		<init-param>
 			<param-name>jersey.config.beanValidation.enableOutputValidationErrorEntity.server</param-name>