Smartgears is now useless. Added a filter that intercepts requests and check the authorization token is available
git-svn-id: https://svn.d4science.research-infrastructures.eu/gcube/trunk/data-catalogue/grsf-publisher-ws@133337 82a268e6-3cf1-43bd-a215-b396298e98cf
This commit is contained in:
parent
d422a97bc3
commit
f37cdec985
6
pom.xml
6
pom.xml
|
@ -116,12 +116,6 @@
|
|||
<artifactId>jersey-bean-validation</artifactId>
|
||||
<version>${version.jersey}</version>
|
||||
</dependency>
|
||||
<!-- SmartGears -->
|
||||
<dependency>
|
||||
<groupId>org.gcube.core</groupId>
|
||||
<artifactId>common-smartgears</artifactId>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.gcube.resources.discovery</groupId>
|
||||
<artifactId>ic-client</artifactId>
|
||||
|
|
|
@ -5,6 +5,8 @@ import javax.ws.rs.core.Response;
|
|||
import javax.ws.rs.ext.ExceptionMapper;
|
||||
import javax.ws.rs.ext.Provider;
|
||||
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
@Provider
|
||||
/**
|
||||
* Exception thrown when @Valid fail
|
||||
|
@ -12,7 +14,10 @@ import javax.ws.rs.ext.Provider;
|
|||
*/
|
||||
public class ApplicationException implements ExceptionMapper<Exception> {
|
||||
|
||||
private static final org.slf4j.Logger logger = LoggerFactory.getLogger(ApplicationException.class);
|
||||
|
||||
public Response toResponse(Exception e) {
|
||||
logger.warn("ApplicationException invoked");
|
||||
return Response
|
||||
.status(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode())
|
||||
.type(MediaType.APPLICATION_JSON)
|
||||
|
|
|
@ -7,12 +7,15 @@ import javax.ws.rs.core.Response;
|
|||
import javax.ws.rs.ext.ExceptionMapper;
|
||||
import javax.ws.rs.ext.Provider;
|
||||
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
@Provider
|
||||
/**
|
||||
* Exception thrown on fail
|
||||
* @author Costantino Perciante at ISTI-CNR
|
||||
*/
|
||||
public class ValidationException implements ExceptionMapper<javax.validation.ValidationException> {
|
||||
private static final org.slf4j.Logger logger = LoggerFactory.getLogger(ValidationException.class);
|
||||
|
||||
@Override
|
||||
public Response toResponse(javax.validation.ValidationException e) {
|
||||
|
@ -20,6 +23,7 @@ public class ValidationException implements ExceptionMapper<javax.validation.Val
|
|||
for (ConstraintViolation<?> cv : ((ConstraintViolationException) e).getConstraintViolations()) {
|
||||
strBuilder.append(cv.getPropertyPath().toString() + " " + cv.getMessage());
|
||||
}
|
||||
logger.warn("ValidationException invoked, returning " + strBuilder.toString());
|
||||
return Response
|
||||
.status(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode())
|
||||
.type(MediaType.APPLICATION_JSON)
|
||||
|
|
|
@ -0,0 +1,95 @@
|
|||
package org.gcube.data_catalogue.grsf_publish_ws.filters;
|
||||
|
||||
import static org.gcube.common.authorization.client.Constants.authorizationService;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import javax.ws.rs.container.ContainerRequestContext;
|
||||
import javax.ws.rs.container.ContainerRequestFilter;
|
||||
import javax.ws.rs.core.MultivaluedMap;
|
||||
import javax.ws.rs.core.Response;
|
||||
import javax.ws.rs.ext.Provider;
|
||||
|
||||
import org.gcube.common.authorization.library.AuthorizationEntry;
|
||||
import org.gcube.common.authorization.library.provider.AuthorizationProvider;
|
||||
import org.gcube.common.authorization.library.utils.Caller;
|
||||
import org.gcube.common.scope.api.ScopeProvider;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
|
||||
/**
|
||||
* Requests filter: is invoked before any request reaches a service method
|
||||
* @author Costantino Perciante at ISTI-CNR
|
||||
*/
|
||||
@Provider
|
||||
public class RequestsAuthFilter implements ContainerRequestFilter{
|
||||
|
||||
private static final org.slf4j.Logger logger = LoggerFactory.getLogger(RequestsAuthFilter.class);
|
||||
private static final String AUTH_TOKEN = "gcube-token";
|
||||
@Override
|
||||
public void filter(ContainerRequestContext requestContext)
|
||||
throws IOException {
|
||||
|
||||
logger.info("Intercepted request, checking if it contains authorization token");
|
||||
|
||||
// check if the request contains gcube-token
|
||||
String tokenInHeader = null, tokenAsQueryParameter = null;
|
||||
MultivaluedMap<String, String> headers = requestContext.getHeaders();
|
||||
if( headers != null && headers.containsKey(AUTH_TOKEN))
|
||||
tokenInHeader = headers.get(AUTH_TOKEN).get(0);
|
||||
|
||||
MultivaluedMap<String, String> queryParameters = requestContext.getUriInfo().getQueryParameters();
|
||||
if(queryParameters != null && queryParameters.containsKey(AUTH_TOKEN))
|
||||
tokenAsQueryParameter = queryParameters.get(AUTH_TOKEN).get(0);
|
||||
|
||||
if(tokenInHeader != null){
|
||||
logger.info("Token in " + tokenInHeader.substring(0, 5) + "********************");
|
||||
AuthorizationEntry ae = validateToken(tokenInHeader);
|
||||
if(ae != null){
|
||||
logger.debug("Setting scope " + ae.getContext());
|
||||
AuthorizationProvider.instance.set(new Caller(ae.getClientInfo(), ae.getQualifier()));
|
||||
ScopeProvider.instance.set(ae.getContext());
|
||||
logger.info("Authorization entry set in thread local");
|
||||
return;
|
||||
}else
|
||||
requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).entity("Invalid or missing gcube-token").build());
|
||||
}else if(tokenAsQueryParameter != null){
|
||||
logger.info("Token is " + tokenAsQueryParameter.substring(0, 5) + "********************");
|
||||
AuthorizationEntry ae = validateToken(tokenAsQueryParameter);
|
||||
if(ae != null){
|
||||
logger.debug("Setting scope " + ae.getContext());
|
||||
AuthorizationProvider.instance.set(new Caller(ae.getClientInfo(), ae.getQualifier()));
|
||||
ScopeProvider.instance.set(ae.getContext());
|
||||
logger.info("Authorization entry set in thread local");
|
||||
return;
|
||||
}else
|
||||
requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).entity("Invalid or missing gcube-token").build());
|
||||
|
||||
}
|
||||
else
|
||||
requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).entity("Invalid or missing gcube-token").build());
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Validate token.
|
||||
* @param token
|
||||
* @return null if validation fails
|
||||
*/
|
||||
private static AuthorizationEntry validateToken(String token){
|
||||
AuthorizationEntry res = null;
|
||||
try {
|
||||
|
||||
logger.debug("Validating token " + token);
|
||||
res = authorizationService().get(token);
|
||||
logger.debug("Token seems valid for scope " + res.getContext() + " and user " + res.getClientInfo().getId());
|
||||
|
||||
} catch (Exception e) {
|
||||
logger.error("The token is not valid. This request will be rejected!!! (" + token + ")", e);
|
||||
}
|
||||
|
||||
return res;
|
||||
}
|
||||
|
||||
|
||||
}
|
|
@ -10,7 +10,7 @@
|
|||
<servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class>
|
||||
<init-param>
|
||||
<param-name>jersey.config.server.provider.packages</param-name>
|
||||
<param-value>org.gcube.data_catalogue.grsf_publish_ws.services</param-value>
|
||||
<param-value>org.gcube.data_catalogue.grsf_publish_ws</param-value>
|
||||
</init-param>
|
||||
<init-param>
|
||||
<param-name>jersey.config.beanValidation.enableOutputValidationErrorEntity.server</param-name>
|
||||
|
|
Loading…
Reference in New Issue