From 4e4ac7494874993ba9d96652b11f3cd8445a5392 Mon Sep 17 00:00:00 2001 From: Edouard DUPIN Date: Tue, 24 May 2022 00:29:08 +0200 Subject: [PATCH] [DEV] set generic authorisation element --- .../org/kar/karideo/AuthenticationFilter.java | 20 +++++++++++++------ .../src/org/kar/karideo/api/DataResource.java | 6 +++--- 2 files changed, 17 insertions(+), 9 deletions(-) diff --git a/back/src/org/kar/karideo/AuthenticationFilter.java b/back/src/org/kar/karideo/AuthenticationFilter.java index d0f5817..de99cf4 100644 --- a/back/src/org/kar/karideo/AuthenticationFilter.java +++ b/back/src/org/kar/karideo/AuthenticationFilter.java @@ -70,13 +70,21 @@ public class AuthenticationFilter implements ContainerRequestFilter { // Get the Authorization header from the request String authorizationHeader = requestContext.getHeaderString(HttpHeaders.AUTHORIZATION); System.out.println("authorizationHeader: " + authorizationHeader); - if(authorizationHeader == null && method.isAnnotationPresent(PermitTokenInURI.class)) { - // TODO: ... + MultivaluedMap quaryparam = requestContext.getUriInfo().getQueryParameters(); + for (Entry> item: quaryparam.entrySet()) { + if (item.getKey().equals(HttpHeaders.AUTHORIZATION)) { + if (!item.getValue().isEmpty()) { + authorizationHeader = item.getValue().get(0); + } + break; + } + } } + System.out.println("authorizationHeader: " + authorizationHeader); - + /* System.out.println(" -------------------------------"); // this get the parameters inside the pre-parsed element in the request ex: @Path("thumbnail/{id}") generate a map with "id" MultivaluedMap pathparam = requestContext.getUriInfo().getPathParameters(); @@ -85,7 +93,7 @@ public class AuthenticationFilter implements ContainerRequestFilter { } System.out.println(" -------------------------------"); // need to add "@QueryParam("p") String token, " in the model - MultivaluedMap quaryparam = requestContext.getUriInfo().getQueryParameters(); + //MultivaluedMap quaryparam = requestContext.getUriInfo().getQueryParameters(); for (Entry> item: quaryparam.entrySet()) { System.out.println(" query: " + item.getKey() + " ==>" + item.getValue()); } @@ -100,7 +108,7 @@ public class AuthenticationFilter implements ContainerRequestFilter { System.out.println(" headers: " + item.getKey() + " ==>" + item.getValue()); } System.out.println(" -------------------------------"); - + */ // Validate the Authorization header data Model "Yota userId:token" if (!isTokenBasedAuthentication(authorizationHeader)) { System.out.println("REJECTED unauthorized: " + requestContext.getUriInfo().getPath()); @@ -110,7 +118,7 @@ public class AuthenticationFilter implements ContainerRequestFilter { // Extract the token from the Authorization header (Remove "Yota ") String token = authorizationHeader.substring(AUTHENTICATION_SCHEME.length()).trim(); - System.out.println("token: " + token); + //System.out.println("token: " + token); User user = null; diff --git a/back/src/org/kar/karideo/api/DataResource.java b/back/src/org/kar/karideo/api/DataResource.java index a07a41d..644782d 100644 --- a/back/src/org/kar/karideo/api/DataResource.java +++ b/back/src/org/kar/karideo/api/DataResource.java @@ -350,7 +350,7 @@ public class DataResource { @PermitTokenInURI @RolesAllowed("USER") @Produces(MediaType.APPLICATION_OCTET_STREAM) - public Response retriveDataId(@Context SecurityContext sc, @QueryParam("Yota") String token, @HeaderParam("Range") String range, @PathParam("id") Long id) throws Exception { + public Response retriveDataId(@Context SecurityContext sc, @QueryParam(HttpHeaders.AUTHORIZATION) String token, @HeaderParam("Range") String range, @PathParam("id") Long id) throws Exception { GenericContext gc = (GenericContext) sc.getUserPrincipal(); System.out.println("==================================================="); System.out.println("== DATA retriveDataId ? " + (gc==null?"null":gc.user)); @@ -370,7 +370,7 @@ public class DataResource { @RolesAllowed("USER") @PermitTokenInURI @Produces(MediaType.APPLICATION_OCTET_STREAM) - public Response retriveDataThumbnailId(@Context SecurityContext sc, @QueryParam("Yota") String token, @HeaderParam("Range") String range, @PathParam("id") Long id) throws Exception { + public Response retriveDataThumbnailId(@Context SecurityContext sc, @QueryParam(HttpHeaders.AUTHORIZATION) String token, @HeaderParam("Range") String range, @PathParam("id") Long id) throws Exception { GenericContext gc = (GenericContext) sc.getUserPrincipal(); System.out.println("==================================================="); System.out.println("== DATA retriveDataThumbnailId ? " + (gc==null?"null":gc.user)); @@ -418,7 +418,7 @@ public class DataResource { @PermitTokenInURI @RolesAllowed("USER") @Produces(MediaType.APPLICATION_OCTET_STREAM) - public Response retriveDataFull(@Context SecurityContext sc, @QueryParam("Yota") String token, @HeaderParam("Range") String range, @PathParam("id") Long id, @PathParam("name") String name) throws Exception { + public Response retriveDataFull(@Context SecurityContext sc, @QueryParam(HttpHeaders.AUTHORIZATION) String token, @HeaderParam("Range") String range, @PathParam("id") Long id, @PathParam("name") String name) throws Exception { GenericContext gc = (GenericContext) sc.getUserPrincipal(); System.out.println("==================================================="); System.out.println("== DATA retriveDataFull ? " + (gc==null?"null":gc.user));