removing application token used as default

This commit is contained in:
Francesco Mangiacrapa 2022-04-05 14:23:37 +02:00
parent 7a1c5ef622
commit 6f57ebec3d
2 changed files with 6 additions and 15 deletions

View File

@ -10,6 +10,8 @@
pattern="org.gcube.datatransfer.resolver.services.UriResolverIndex" />
<exclude
pattern="org.gcube.datatransfer.resolver.services.UriResolverInfo" />
<!-- <exclude pattern="org.gcube.datatransfer.resolver.services.GoatResolver"
/> -->
<exclude
pattern="org.gcube.datatransfer.resolver.services.tobackward.BackCatalogueResolver" />
<exclude
@ -24,11 +26,13 @@
<javascript-client disabled="true" />
<docs docsDir="${project.build.directory}" docsSubdir="docs" />
<!-- REPLACE THE ${project.artifactId} WITH YOUR APPLICATION NAME. E.g.
/gcat, /uri-resolver /> if the ${project.artifactId} is not equal to YOUR APPLICATION NAME -->
/gcat, /uri-resolver /> if the ${project.artifactId} is not equal to YOUR
APPLICATION NAME -->
<!-- <swagger basePath="${project.artifactId}" /> -->
<docs
freemarkerTemplate="${project.basedir}/src/main/resources/META-INF/enunciate/d4science_docs.fmt">
<additional-css file="css/d4science_enunciate_custom.css" />
<additional-css
file="css/d4science_enunciate_custom.css" />
</docs>
</modules>

View File

@ -14,10 +14,8 @@ import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import org.gcube.common.authorization.library.provider.AuthorizationProvider;
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
import org.gcube.common.authorization.library.provider.UserInfo;
import org.gcube.common.scope.api.ScopeProvider;
import org.gcube.datatransfer.resolver.requesthandler.RequestHandler;
import org.gcube.datatransfer.resolver.services.error.ExceptionManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@ -35,19 +33,8 @@ public class GoatResolver {
try {
String oldToken = SecurityTokenProvider.instance.get();
String scope = ScopeProvider.instance.get();
LOG.info("ScopeProvider has scope: " + scope);
String appToken = req.getServletContext().getInitParameter(RequestHandler.ROOT_APP_TOKEN);
if (oldToken.compareTo(appToken) == 0) {
LOG.error("Token not passed, SecurityTokenProvider contains the root app token: "
+ appToken.substring(0, 10) + "...");
throw ExceptionManager.unauthorizedException(req,
"You are not authorized. You must pass a valid D4Science token", this.getClass(), "");
}
String username = AuthorizationProvider.instance.get().getClient().getId();
UserInfo userInfo = new UserInfo(username, new ArrayList<>());
String userToken = authorizationService().generateUserToken(userInfo, scope);