From 1f199e34967d9e3b0771a1759b645684f93e93c0 Mon Sep 17 00:00:00 2001
From: Edouard DUPIN <yui.heero@gmail.com>
Date: Sun, 22 May 2022 12:40:46 +0200
Subject: [PATCH] [DEV] try securing...

---
 .../org/kar/karideo/AuthenticationFilter.java    |  9 ++++++++-
 back/src/org/kar/karideo/api/DataResource.java   |  4 ++--
 front/src/app/component/data-image/data-image.ts | 16 ++++++++++++----
 3 files changed, 22 insertions(+), 7 deletions(-)

diff --git a/back/src/org/kar/karideo/AuthenticationFilter.java b/back/src/org/kar/karideo/AuthenticationFilter.java
index 32003ce..e9d7862 100644
--- a/back/src/org/kar/karideo/AuthenticationFilter.java
+++ b/back/src/org/kar/karideo/AuthenticationFilter.java
@@ -8,9 +8,12 @@ import javax.ws.rs.Priorities;
 import javax.ws.rs.container.ContainerRequestContext;
 import javax.ws.rs.container.ContainerRequestFilter;
 import javax.ws.rs.core.HttpHeaders;
+import javax.ws.rs.core.MultivaluedMap;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.ext.Provider;
 import java.io.IOException;
+import java.util.List;
+import java.util.Map.Entry;
 // https://stackoverflow.com/questions/26777083/best-practice-for-rest-token-based-authentication-with-jax-rs-and-jersey
 // https://stackoverflow.com/questions/26777083/best-practice-for-rest-token-based-authentication-with-jax-rs-and-jersey/45814178#45814178
 // https://stackoverflow.com/questions/32817210/how-to-access-jersey-resource-secured-by-rolesallowed
@@ -32,8 +35,12 @@ public class AuthenticationFilter implements ContainerRequestFilter {
         System.out.println("-----------------------------------------------------");
         // Get the Authorization header from the request
         String authorizationHeader = requestContext.getHeaderString(HttpHeaders.AUTHORIZATION);
-
         System.out.println("authorizationHeader: " + authorizationHeader);
+        
+        MultivaluedMap<String, String> pathparam = requestContext.getUriInfo().getPathParameters(); 
+        for (Entry<String, List<String>> item: pathparam.entrySet()) {
+            System.out.println("  map element: " + item.getKey() + " ==>" + item.getValue());
+        }
         // Validate the Authorization header
         if (!isTokenBasedAuthentication(authorizationHeader)) {
             abortWithUnauthorized(requestContext);
diff --git a/back/src/org/kar/karideo/api/DataResource.java b/back/src/org/kar/karideo/api/DataResource.java
index 20d020c..8dd8263 100644
--- a/back/src/org/kar/karideo/api/DataResource.java
+++ b/back/src/org/kar/karideo/api/DataResource.java
@@ -367,10 +367,10 @@ public class DataResource {
         }
         return buildStream(ConfigVariable.getMediaDataFolder() + File.separator + id + File.separator + "data", range, value.mimeType);
     }
-    //@Secured
+    //@Secu1ed
     @GET
     @Path("thumbnail/{id}")
-    //@RolesAllowed("USER")
+    @RolesAllowed("USER")
     @Produces(MediaType.APPLICATION_OCTET_STREAM)
     public Response retriveDataThumbnailId(@Context SecurityContext sc, @HeaderParam("Range") String range, @PathParam("id") Long id) throws Exception {
         GenericContext gc = (GenericContext) sc.getUserPrincipal();
diff --git a/front/src/app/component/data-image/data-image.ts b/front/src/app/component/data-image/data-image.ts
index 2ebe9f3..ba724b6 100644
--- a/front/src/app/component/data-image/data-image.ts
+++ b/front/src/app/component/data-image/data-image.ts
@@ -4,6 +4,7 @@
  * @license PROPRIETARY (see license file)
  */
 import { Injectable, Component, OnInit, Input, ElementRef, ViewChild } from '@angular/core';
+import { ModelResponseHttp } from '../../service/http-wrapper';
 import { DataService } from '../../service/data';
 
 @Component({
@@ -28,19 +29,26 @@ export class ElementDataImageComponent implements OnInit {
 
 	}
 	ngOnInit() {
-		/*
 		let canvas = this.imageCanvas.nativeElement;
 		let ctx = canvas.getContext("2d");
-		*/
 		console.log(`Request thumnail for ---> ${this.id}`);
 		this.dataService.getImageThumbnail(this.id)
-			.then((result) => {
+			.then((result:ModelResponseHttp) => {
 				console.log(`plop ---> ${result.status}`);
+				const response = result.data as Response;
+				response.blob().then((value:Blob) => {
+					let img = new Image();
+					img.onload = function() {
+						//ctx.drawImage(img, 0, 0)
+					}
+					let imageUrl = URL.createObjectURL(value);
+					img.src = imageUrl;
+				})
+
 			}).catch(()=>{
 				console.log("plop ---> ");
 			});
 		
-		//let img = new Image();
 		//img.src = "../../assets/aCRF-PRV111_CLN-001 v1.4-images/aCRF-PRV111_CLN-001 v1.4-blank_0.jpg";
 		//ctx.drawImage(img, 10, 10, 250, 250);
 	}