[DEV] set generic authorisation element

2022-05-24 00:29:08 +02:00 · 2022-05-24 00:29:08 +02:00 · 4e4ac74948
commit 4e4ac74948
parent 1cebe69872
2 changed files with 17 additions and 9 deletions
--- a/back/src/org/kar/karideo/AuthenticationFilter.java
+++ b/back/src/org/kar/karideo/AuthenticationFilter.java
@ -70,13 +70,21 @@ public class AuthenticationFilter implements ContainerRequestFilter {
        // Get the Authorization header from the request
        String authorizationHeader = requestContext.getHeaderString(HttpHeaders.AUTHORIZATION);
        System.out.println("authorizationHeader: " + authorizationHeader);
-
        if(authorizationHeader == null && method.isAnnotationPresent(PermitTokenInURI.class)) {
-        	// TODO: ...
+        	MultivaluedMap<String, String> quaryparam = requestContext.getUriInfo().getQueryParameters();
+            for (Entry<String, List<String>> item: quaryparam.entrySet()) {
+            	if (item.getKey().equals(HttpHeaders.AUTHORIZATION)) {
+            		if (!item.getValue().isEmpty()) {
+            			authorizationHeader = item.getValue().get(0);
+            		}
+            		break;
+            	}
+            }
        }
+        System.out.println("authorizationHeader: " + authorizationHeader);
        
        
-
+        /*
        System.out.println("   -------------------------------");
        // this get the parameters inside the pre-parsed element in the request ex: @Path("thumbnail/{id}") generate a map with "id"
        MultivaluedMap<String, String> pathparam = requestContext.getUriInfo().getPathParameters(); 
@ -85,7 +93,7 @@ public class AuthenticationFilter implements ContainerRequestFilter {
        }
        System.out.println("   -------------------------------");
        // need to add "@QueryParam("p") String token, " in the model
-        MultivaluedMap<String, String> quaryparam = requestContext.getUriInfo().getQueryParameters();
+        //MultivaluedMap<String, String> quaryparam = requestContext.getUriInfo().getQueryParameters();
        for (Entry<String, List<String>> item: quaryparam.entrySet()) {
            System.out.println("  query: " + item.getKey() + " ==>" + item.getValue());
        }
@ -100,7 +108,7 @@ public class AuthenticationFilter implements ContainerRequestFilter {
            System.out.println("  headers: " + item.getKey() + " ==>" + item.getValue());
        }
        System.out.println("   -------------------------------");
-
+		*/
        // Validate the Authorization header data Model "Yota userId:token"
        if (!isTokenBasedAuthentication(authorizationHeader)) {
        	System.out.println("REJECTED unauthorized: " + requestContext.getUriInfo().getPath());
@ -110,7 +118,7 @@ public class AuthenticationFilter implements ContainerRequestFilter {

        // Extract the token from the Authorization header (Remove "Yota ")
        String token = authorizationHeader.substring(AUTHENTICATION_SCHEME.length()).trim();
-        System.out.println("token: " + token);
+        //System.out.println("token: " + token);
        
        
        User user = null;
--- a/back/src/org/kar/karideo/api/DataResource.java
+++ b/back/src/org/kar/karideo/api/DataResource.java
@ -350,7 +350,7 @@ public class DataResource {
    @PermitTokenInURI
    @RolesAllowed("USER")
    @Produces(MediaType.APPLICATION_OCTET_STREAM)
-    public Response retriveDataId(@Context SecurityContext sc, @QueryParam("Yota") String token, @HeaderParam("Range") String range, @PathParam("id") Long id) throws Exception {
+    public Response retriveDataId(@Context SecurityContext sc, @QueryParam(HttpHeaders.AUTHORIZATION) String token, @HeaderParam("Range") String range, @PathParam("id") Long id) throws Exception {
    	GenericContext gc = (GenericContext) sc.getUserPrincipal();
        System.out.println("===================================================");
        System.out.println("== DATA retriveDataId ? " + (gc==null?"null":gc.user));
@ -370,7 +370,7 @@ public class DataResource {
    @RolesAllowed("USER")
    @PermitTokenInURI
    @Produces(MediaType.APPLICATION_OCTET_STREAM)
-    public Response retriveDataThumbnailId(@Context SecurityContext sc, @QueryParam("Yota") String token, @HeaderParam("Range") String range, @PathParam("id") Long id) throws Exception {
+    public Response retriveDataThumbnailId(@Context SecurityContext sc, @QueryParam(HttpHeaders.AUTHORIZATION) String token, @HeaderParam("Range") String range, @PathParam("id") Long id) throws Exception {
        GenericContext gc = (GenericContext) sc.getUserPrincipal();
        System.out.println("===================================================");
        System.out.println("== DATA retriveDataThumbnailId ? " + (gc==null?"null":gc.user));
@ -418,7 +418,7 @@ public class DataResource {
    @PermitTokenInURI
    @RolesAllowed("USER")
    @Produces(MediaType.APPLICATION_OCTET_STREAM)
-    public Response retriveDataFull(@Context SecurityContext sc, @QueryParam("Yota") String token, @HeaderParam("Range") String range, @PathParam("id") Long id, @PathParam("name") String name) throws Exception {
+    public Response retriveDataFull(@Context SecurityContext sc, @QueryParam(HttpHeaders.AUTHORIZATION) String token, @HeaderParam("Range") String range, @PathParam("id") Long id, @PathParam("name") String name) throws Exception {
        GenericContext gc = (GenericContext) sc.getUserPrincipal();
        System.out.println("===================================================");
        System.out.println("== DATA retriveDataFull ? " + (gc==null?"null":gc.user));