kangaroo-and-rabbit/karideo
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[DEV] securize data access

Browse Source
This commit is contained in:
Edouard DUPIN 2022-06-07 00:34:19 +02:00
parent b1f27d52de
commit 8a0c88c20d
1 changed files with 15 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
back/src/org/kar/karideo/api/DataResource.java
View File

@ -355,9 +355,9 @@ public class DataResource {
@Produces(MediaType.APPLICATION_OCTET_STREAM)
public Response retriveDataId(@Context SecurityContext sc, @QueryParam(HttpHeaders.AUTHORIZATION) String token, @HeaderParam("Range") String range, @PathParam("id") Long id) throws Exception {
GenericContext gc = (GenericContext) sc.getUserPrincipal();
System.out.println("===================================================");
System.out.println("== DATA retriveDataId ? " + (gc==null?"null":gc.user));
System.out.println("===================================================");
//System.out.println("===================================================");
System.out.println("== DATA retriveDataId ? id=" + id + " user=" + (gc==null?"null":gc.user));
//System.out.println("===================================================");
DataSmall value = getSmall(id);
if (value == null) {
Response.status(404).
@ -414,7 +414,8 @@ public class DataResource {
// create the output stream:
ByteArrayOutputStream baos = new ByteArrayOutputStream();
try {
ImageIO.write(outputImage, "JPG", baos);
// TODO: check how to remove buffer file !!! here, it is not needed at all...
ImageIO.write( outputImage, "JPG", baos);
} catch (IOException e) {
e.printStackTrace();
return Response.status(500).
@ -423,10 +424,15 @@ public class DataResource {
build();
}
byte[] imageData = baos.toByteArray();
Response.ok(new ByteArrayInputStream(imageData)).build();
//Response.ok(new ByteArrayInputStream(imageData)).build();
Response.ResponseBuilder out = Response.ok(imageData)
.header(HttpHeaders.CONTENT_LENGTH, imageData.length);
out.type("image/jpeg");
// TODO: move this in a decorator !!!
CacheControl cc = new CacheControl();
cc.setMaxAge(3600);
cc.setNoCache(false);
out.cacheControl(cc);
return out.build();
}
return buildStream(filePathName, range, value.mimeType);
@ -435,14 +441,13 @@ public class DataResource {
@GET
@Path("{id}/{name}")
@PermitTokenInURI
//@RolesAllowed("USER")
@PermitAll
@RolesAllowed("USER")
@Produces(MediaType.APPLICATION_OCTET_STREAM)
public Response retriveDataFull(@Context SecurityContext sc, @QueryParam(HttpHeaders.AUTHORIZATION) String token, @HeaderParam("Range") String range, @PathParam("id") Long id, @PathParam("name") String name) throws Exception {
GenericContext gc = (GenericContext) sc.getUserPrincipal();
System.out.println("===================================================");
System.out.println("== DATA retriveDataFull ? " + (gc==null?"null":gc.user));
System.out.println("===================================================");
//System.out.println("===================================================");
System.out.println("== DATA retriveDataFull ? id=" + id + " user=" + (gc==null?"null":gc.user));
//System.out.println("===================================================");
DataSmall value = getSmall(id);
if (value == null) {
Response.status(404).