kangaroo-and-rabbit/karideo
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[DEV] try securing...

Browse Source
This commit is contained in:
Edouard DUPIN 2022-05-22 12:40:46 +02:00
parent dba3562c14
commit 1f199e3496
3 changed files with 22 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
back/src/org/kar/karideo/AuthenticationFilter.java
View File

@ -8,9 +8,12 @@ import javax.ws.rs.Priorities;
import javax.ws.rs.container.ContainerRequestContext; import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter; import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response; import javax.ws.rs.core.Response;
import javax.ws.rs.ext.Provider; import javax.ws.rs.ext.Provider;
import java.io.IOException; import java.io.IOException;
import java.util.List;
import java.util.Map.Entry;
// https://stackoverflow.com/questions/26777083/best-practice-for-rest-token-based-authentication-with-jax-rs-and-jersey // https://stackoverflow.com/questions/26777083/best-practice-for-rest-token-based-authentication-with-jax-rs-and-jersey
// https://stackoverflow.com/questions/26777083/best-practice-for-rest-token-based-authentication-with-jax-rs-and-jersey/45814178#45814178 // https://stackoverflow.com/questions/26777083/best-practice-for-rest-token-based-authentication-with-jax-rs-and-jersey/45814178#45814178
// https://stackoverflow.com/questions/32817210/how-to-access-jersey-resource-secured-by-rolesallowed // https://stackoverflow.com/questions/32817210/how-to-access-jersey-resource-secured-by-rolesallowed
@ -32,8 +35,12 @@ public class AuthenticationFilter implements ContainerRequestFilter {
System.out.println("-----------------------------------------------------"); System.out.println("-----------------------------------------------------");
// Get the Authorization header from the request // Get the Authorization header from the request
String authorizationHeader = requestContext.getHeaderString(HttpHeaders.AUTHORIZATION); String authorizationHeader = requestContext.getHeaderString(HttpHeaders.AUTHORIZATION);
System.out.println("authorizationHeader: " + authorizationHeader); System.out.println("authorizationHeader: " + authorizationHeader);
MultivaluedMap<String, String> pathparam = requestContext.getUriInfo().getPathParameters();
for (Entry<String, List<String>> item: pathparam.entrySet()) {
System.out.println(" map element: " + item.getKey() + " ==>" + item.getValue());
}
// Validate the Authorization header // Validate the Authorization header
if (!isTokenBasedAuthentication(authorizationHeader)) { if (!isTokenBasedAuthentication(authorizationHeader)) {
abortWithUnauthorized(requestContext); abortWithUnauthorized(requestContext);

4
back/src/org/kar/karideo/api/DataResource.java
View File

@ -367,10 +367,10 @@ public class DataResource {
} }
return buildStream(ConfigVariable.getMediaDataFolder() + File.separator + id + File.separator + "data", range, value.mimeType); return buildStream(ConfigVariable.getMediaDataFolder() + File.separator + id + File.separator + "data", range, value.mimeType);
} }
//@Secured //@Secu1ed
@GET @GET
@Path("thumbnail/{id}") @Path("thumbnail/{id}")
//@RolesAllowed("USER") @RolesAllowed("USER")
@Produces(MediaType.APPLICATION_OCTET_STREAM) @Produces(MediaType.APPLICATION_OCTET_STREAM)
public Response retriveDataThumbnailId(@Context SecurityContext sc, @HeaderParam("Range") String range, @PathParam("id") Long id) throws Exception { public Response retriveDataThumbnailId(@Context SecurityContext sc, @HeaderParam("Range") String range, @PathParam("id") Long id) throws Exception {
GenericContext gc = (GenericContext) sc.getUserPrincipal(); GenericContext gc = (GenericContext) sc.getUserPrincipal();

16
front/src/app/component/data-image/data-image.ts
View File

@ -4,6 +4,7 @@
* @license PROPRIETARY (see license file) * @license PROPRIETARY (see license file)
*/ */
import { Injectable, Component, OnInit, Input, ElementRef, ViewChild } from '@angular/core'; import { Injectable, Component, OnInit, Input, ElementRef, ViewChild } from '@angular/core';
import { ModelResponseHttp } from '../../service/http-wrapper';
import { DataService } from '../../service/data'; import { DataService } from '../../service/data';
@Component({ @Component({
@ -28,19 +29,26 @@ export class ElementDataImageComponent implements OnInit {
} }
ngOnInit() { ngOnInit() {
/*
let canvas = this.imageCanvas.nativeElement; let canvas = this.imageCanvas.nativeElement;
let ctx = canvas.getContext("2d"); let ctx = canvas.getContext("2d");
*/
console.log(`Request thumnail for ---> ${this.id}`); console.log(`Request thumnail for ---> ${this.id}`);
this.dataService.getImageThumbnail(this.id) this.dataService.getImageThumbnail(this.id)
.then((result) => { .then((result:ModelResponseHttp) => {
console.log(`plop ---> ${result.status}`); console.log(`plop ---> ${result.status}`);
const response = result.data as Response;
response.blob().then((value:Blob) => {
let img = new Image();
img.onload = function() {
//ctx.drawImage(img, 0, 0)
}
let imageUrl = URL.createObjectURL(value);
img.src = imageUrl;
})
}).catch(()=>{ }).catch(()=>{
console.log("plop ---> "); console.log("plop ---> ");
}); });
//let img = new Image();
//img.src = "../../assets/aCRF-PRV111_CLN-001 v1.4-images/aCRF-PRV111_CLN-001 v1.4-blank_0.jpg"; //img.src = "../../assets/aCRF-PRV111_CLN-001 v1.4-images/aCRF-PRV111_CLN-001 v1.4-blank_0.jpg";
//ctx.drawImage(img, 10, 10, 250, 250); //ctx.drawImage(img, 10, 10, 250, 250);
} }