Strabon

changeset 642:3135a083daa2

find changesets by author, revision, files, or words in the commit message
Added user authentication to StoreBean. The credentials are:

username: endpoint
password: 3ndpo1nt

I have also updated the endpoint script in order to authenticate when storing triples.
author Stella Giannakopoulou <sgian@di.uoa.gr>
date Thu Oct 18 15:10:51 2012 +0300 (2012-10-18)
parents 333e06b3e474
children b1caa46da857
files endpoint/WebContent/WEB-INF/credentials.properties endpoint/WebContent/store.jsp endpoint/pom.xml endpoint/src/main/java/eu/earthobservatory/org/StrabonEndpoint/StoreBean.java scripts/endpoint
line diff
     1.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     1.2 +++ b/endpoint/WebContent/WEB-INF/credentials.properties	Thu Oct 18 15:10:51 2012 +0300
     1.3 @@ -0,0 +1,2 @@
     1.4 +username=endpoint
     1.5 +password=3ndpo1nt
     1.6 \ No newline at end of file

     2.1 --- a/endpoint/WebContent/store.jsp	Wed Oct 17 20:02:55 2012 +0300
     2.2 +++ b/endpoint/WebContent/store.jsp	Thu Oct 18 15:10:51 2012 +0300
     2.3 @@ -60,7 +60,11 @@
     2.4  	<tr>
     2.5  	<!--  direct input form -->
     2.6  		<td id="output">Direct Input:</td>
     2.7 -		<td id="output"><textarea name="data" rows="15" cols="100"></textarea></td>
     2.8 +		<td id="output">
     2.9 +			<div style="font-size:13px"> 
    2.10 +				You must be logged in to store.
    2.11 +			</div>	
    2.12 +			<textarea name="data" rows="15" cols="100"></textarea></td>
    2.13  		<td rowspan=4 id="output">
    2.14  			<CENTER>RDF Format:<br/>
    2.15  				<SELECT name="format" title="select one of the following RDF graph format types">

     3.1 --- a/endpoint/pom.xml	Wed Oct 17 20:02:55 2012 +0300
     3.2 +++ b/endpoint/pom.xml	Thu Oct 18 15:10:51 2012 +0300
     3.3 @@ -168,6 +168,7 @@
     3.4  							<includes>
     3.5  								<include>beans.xml</include>
     3.6  								<include>connection.properties</include>
     3.7 +								<include>credentials.properties</include>
     3.8  							</includes>
     3.9  						</resource>
    3.10  

     4.1 --- a/endpoint/src/main/java/eu/earthobservatory/org/StrabonEndpoint/StoreBean.java	Wed Oct 17 20:02:55 2012 +0300
     4.2 +++ b/endpoint/src/main/java/eu/earthobservatory/org/StrabonEndpoint/StoreBean.java	Thu Oct 18 15:10:51 2012 +0300
     4.3 @@ -9,10 +9,15 @@
     4.4   */
     4.5  package eu.earthobservatory.org.StrabonEndpoint;
     4.6  
     4.7 +import java.io.FileInputStream;
     4.8  import java.io.IOException;
     4.9 +import java.io.InputStream;
    4.10  import java.io.UnsupportedEncodingException;
    4.11  import java.net.MalformedURLException;
    4.12  import java.net.URLDecoder;
    4.13 +import java.util.Hashtable;
    4.14 +import java.util.Properties;
    4.15 +import java.util.regex.Pattern;
    4.16  
    4.17  import javax.servlet.RequestDispatcher;
    4.18  import javax.servlet.ServletConfig;
    4.19 @@ -21,6 +26,7 @@
    4.20  import javax.servlet.http.HttpServlet;
    4.21  import javax.servlet.http.HttpServletRequest;
    4.22  import javax.servlet.http.HttpServletResponse;
    4.23 +import org.apache.commons.codec.binary.Base64;
    4.24  
    4.25  import org.openrdf.rio.RDFFormat;
    4.26  import org.openrdf.rio.RDFParseException;
    4.27 @@ -29,6 +35,7 @@
    4.28  import org.springframework.web.context.WebApplicationContext;
    4.29  import org.springframework.web.context.support.WebApplicationContextUtils;
    4.30  
    4.31 +
    4.32  /**
    4.33   * 
    4.34   * @author Charalampos Nikolaou <charnik@di.uoa.gr>
    4.35 @@ -54,23 +61,34 @@
    4.36  	private static final String STORE_OK		= "Data stored successfully!";
    4.37  
    4.38  	/**
    4.39 +	 * The filename of the credentials.properties file
    4.40 +	 */
    4.41 +	private static final String CREDENTIALS_PROPERTIES_FILE = "/WEB-INF/credentials.properties";
    4.42 +	
    4.43 +	/**
    4.44  	 * Strabon wrapper
    4.45  	 */
    4.46  	private StrabonBeanWrapper strabon;
    4.47  	
    4.48 +	/**
    4.49 +	 * The context of the servlet
    4.50 +	 */
    4.51 +	private ServletContext context;
    4.52 +			
    4.53  	@Override
    4.54  	public void init(ServletConfig servletConfig) throws ServletException {
    4.55  		super.init(servletConfig);
    4.56  		
    4.57  		// get strabon wrapper
    4.58 -		ServletContext context = getServletContext();
    4.59 +		context = getServletContext();
    4.60  		WebApplicationContext applicationContext = WebApplicationContextUtils.getWebApplicationContext(context);
    4.61 -		strabon = (StrabonBeanWrapper) applicationContext.getBean("strabonBean");
    4.62 +		strabon = (StrabonBeanWrapper) applicationContext.getBean("strabonBean");				
    4.63  	}
    4.64  	
    4.65  	@Override
    4.66  	public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    4.67 -		doPost(request, response);
    4.68 +   	         	
    4.69 +		doPost(request, response);	
    4.70  	}
    4.71  	
    4.72  	private String getData(HttpServletRequest request) throws UnsupportedEncodingException {
    4.73 @@ -84,13 +102,22 @@
    4.74  	@Override
    4.75  	public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    4.76  		
    4.77 -		// check whether the request was from store.jsp
    4.78 -		if (Common.VIEW_TYPE.equals(request.getParameter(Common.VIEW))) {
    4.79 -			processVIEWRequest(request, response);
    4.80 -			
    4.81 -		} else {
    4.82 -			processRequest(request, response);
    4.83 -		}
    4.84 +		String authorization = request.getHeader("Authorization");
    4.85 +	   	 
    4.86 +	   	 if (!authenticateUser(authorization)) {	   		 	
    4.87 +	   		 // not allowed, so report he's unauthorized
    4.88 +	   		 response.setHeader("WWW-Authenticate", "BASIC realm=\"Please login\"");
    4.89 +	   		 response.sendError(response.SC_UNAUTHORIZED);	   		 
    4.90 +	   	 }
    4.91 +	   	 else
    4.92 +	   	 {	 		
    4.93 +			// check whether the request was from store.jsp
    4.94 +			if (Common.VIEW_TYPE.equals(request.getParameter(Common.VIEW))) {
    4.95 +				processVIEWRequest(request, response);				
    4.96 +			} else {
    4.97 +				processRequest(request, response);
    4.98 +			}
    4.99 +	   	 }
   4.100  	}
   4.101  	
   4.102  	/**
   4.103 @@ -101,8 +128,9 @@
   4.104       * @throws ServletException
   4.105       * @throws IOException
   4.106       */
   4.107 -    private void processVIEWRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
   4.108 -		// check whether we read from INPUT or URL
   4.109 +    private void processVIEWRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {    	
   4.110 +    	 	
   4.111 +    	// check whether we read from INPUT or URL
   4.112  		boolean input = (request.getParameter(Common.SUBMIT_URL) != null) ? false:true;
   4.113  		
   4.114      	// get the dispatcher for forwarding the rendering of the response
   4.115 @@ -132,6 +160,7 @@
   4.116      	}
   4.117      	
   4.118  		dispatcher.forward(request, response);
   4.119 +    	 
   4.120      }
   4.121      
   4.122      /**
   4.123 @@ -179,4 +208,41 @@
   4.124  			logger.error("[StrabonEndpoint.StoreBean] " + e.getMessage());
   4.125  		}
   4.126      }
   4.127 +    
   4.128 +    /**
   4.129 +     * Authenticate user
   4.130 +     * @throws IOException 
   4.131 +     * */
   4.132 +    protected boolean authenticateUser(String authorization) throws IOException {
   4.133 +    	
   4.134 +    	Properties properties = new Properties();    	
   4.135 +    	if (authorization == null) return false;  // no authorization
   4.136 +
   4.137 +    	if (!authorization.toUpperCase().startsWith("BASIC "))
   4.138 +    		return false;  // only BASIC authentication
   4.139 +
   4.140 +    	// get encoded user and password, comes after "BASIC "
   4.141 +    	String userpassEncoded = authorization.substring(6);            
   4.142 +    	// decode 
   4.143 +    	String userpassDecoded = new String(Base64.decodeBase64(userpassEncoded));
   4.144 +
   4.145 +    	Pattern pattern = Pattern.compile(":");  
   4.146 +    	String[] credentials = pattern.split(userpassDecoded);    	
   4.147 +    	
   4.148 +    	// get connection.properties as input stream
   4.149 +    	InputStream input = new FileInputStream(context.getRealPath(CREDENTIALS_PROPERTIES_FILE));
   4.150 +  
   4.151 +    	// load the properties
   4.152 +    	properties.load(input);
   4.153 +    	
   4.154 +    	// close the stream
   4.155 +    	input.close();  
   4.156 +    	
   4.157 +    	// check if the given credentials are allowed 
   4.158 +    	if(credentials[0].equals(properties.get("username")) && credentials[1].equals(properties.get("password")))
   4.159 +    		return true;
   4.160 +    	else
   4.161 +    		return false;
   4.162 +    	    
   4.163 +    }
   4.164  }

     5.1 --- a/scripts/endpoint	Wed Oct 17 20:02:55 2012 +0300
     5.2 +++ b/scripts/endpoint	Thu Oct 18 15:10:51 2012 +0300
     5.3 @@ -303,12 +303,12 @@
     5.4  		case "${3}" in
     5.5  			-t)
     5.6  				TRIPLES="${4}"
     5.7 -				EXEC="curl -w '\nHTTP_CODE=%{http_code}\n' -H 'Content-Type:application/x-www-form-urlencoded' -H 'Accept:${MIME_TYPE}' --data-urlencode data='${TRIPLES}' ${URL}"
     5.8 +				EXEC="curl -u endpoint:3ndpo1nt -w '\nHTTP_CODE=%{http_code}\n' -H 'Content-Type:application/x-www-form-urlencoded' -H 'Accept:${MIME_TYPE}' --data-urlencode data='${TRIPLES}' ${URL}"
     5.9  				;;
    5.10  			-u)
    5.11  
    5.12  				URL_TRIPLES="${4}"
    5.13 -				EXEC="curl -w '\nHTTP_CODE=%{http_code}\n' -H 'Content-Type:application/x-www-form-urlencoded' -H 'Accept:${MIME_TYPE}' --data-urlencode url='${URL_TRIPLES}' -d fromurl='' ${URL}"
    5.14 +				EXEC="curl -u endpoint:3ndpo1nt -w '\nHTTP_CODE=%{http_code}\n' -H 'Content-Type:application/x-www-form-urlencoded' -H 'Accept:${MIME_TYPE}' --data-urlencode url='${URL_TRIPLES}' -d fromurl='' ${URL}"
    5.15  				;;
    5.16  			 *)
    5.17  				help_store