m.lettere
/
common-smartgears
forked from gCubeSystem/common-smartgears-legacy
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

git-svn-id: https://svn.d4science-ii.research-infrastructures.eu/gcube/branches/common/common-smartgears/2.1@141905 82a268e6-3cf1-43bd-a215-b396298e98cf

This commit is contained in:
Lucio Lelii 2017-01-30 14:05:08 +00:00
parent 0590be702e
commit 800d697b45
2 changed files with 17 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/main/java/org/gcube/smartgears/Constants.java
View File

@ -160,6 +160,12 @@ public class Constants {
*/
public static final String token_header="gcube-token";
/**
* The name of the oauth secret parameter
*/
public static final String oauth_secret="client_secret";
/**
* The event for token registration for app.
*/

13
src/main/java/org/gcube/smartgears/handlers/application/request/RequestValidator.java
View File

@ -3,6 +3,7 @@ package org.gcube.smartgears.handlers.application.request;
import static org.gcube.common.authorization.client.Constants.authorizationService;
import static org.gcube.smartgears.Constants.scope_header;
import static org.gcube.smartgears.Constants.token_header;
import static org.gcube.smartgears.Constants.oauth_secret;
import static org.gcube.smartgears.handlers.application.request.RequestError.application_failed_error;
import static org.gcube.smartgears.handlers.application.request.RequestError.application_unavailable_error;
import static org.gcube.smartgears.handlers.application.request.RequestError.internal_server_error;
@ -11,6 +12,7 @@ import static org.gcube.smartgears.handlers.application.request.RequestError.inv
import java.io.IOException;
import javax.xml.bind.DatatypeConverter;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlRootElement;
import org.gcube.common.authorization.client.exceptions.ObjectNotFound;
@ -36,6 +38,9 @@ import org.slf4j.LoggerFactory;
@XmlRootElement(name = Constants.request_validation)
public class RequestValidator extends RequestHandler {
@XmlAttribute(required=false, name="oauth")
boolean oauthCompatibility = false;
private static Logger log = LoggerFactory.getLogger(RequestValidator.class);
private ApplicationContext context;
@ -53,7 +58,7 @@ public class RequestValidator extends RequestHandler {
context = call.context();
validateAgainstLifecycle(call);
if (!validateToken(call)){
String scope = call.request().getParameter(scope_header)==null? call.request().getHeader(scope_header):call.request().getParameter(scope_header);
validateScope(scope);
@ -108,7 +113,11 @@ public class RequestValidator extends RequestHandler {
String token = call.request().getParameter(token_header)==null? call.request().getHeader(token_header):call.request().getParameter(token_header);
String scope = call.request().getParameter(scope_header)==null? call.request().getHeader(scope_header):call.request().getParameter(scope_header);
if(token==null && scope==null && oauthCompatibility)
token = call.request().getParameter(oauth_secret);
if (token == null && scope==null){
log.warn("rejecting call to {}, authorization required",context.name(),token);
if (call.context().container().configuration().authenticationEnpoint()==null){