Strabon

changeset 760:3e360dce98ef

find changesets by author, revision, files, or words in the commit message
When the connection to the endpoint is done by localhost, then no authentication is needed for store or update operations.
author Stella Giannakopoulou <sgian@di.uoa.gr>
date Fri Nov 30 15:20:08 2012 +0200 (2012-11-30)
parents e52271f13b5a
children 9d2553759226
files endpoint/src/main/java/eu/earthobservatory/org/StrabonEndpoint/Authenticate.java endpoint/src/main/java/eu/earthobservatory/org/StrabonEndpoint/StoreBean.java endpoint/src/main/java/eu/earthobservatory/org/StrabonEndpoint/UpdateBean.java
line diff
     1.1 --- a/endpoint/src/main/java/eu/earthobservatory/org/StrabonEndpoint/Authenticate.java	Mon Nov 26 19:26:52 2012 +0200
     1.2 +++ b/endpoint/src/main/java/eu/earthobservatory/org/StrabonEndpoint/Authenticate.java	Fri Nov 30 15:20:08 2012 +0200
     1.3 @@ -58,11 +58,10 @@
     1.4      	// close the stream
     1.5      	input.close();  
     1.6      	
     1.7 -    	// check if the given credentials are allowed 
     1.8 -    	if(credentials[0].equals(properties.get("username")) && credentials[1].equals(properties.get("password")))
     1.9 -    		return true;
    1.10 -    	else
    1.11 -    		return false;
    1.12 -    	    
    1.13 +    	// check if the given credentials are allowed    	
    1.14 +		if(!userpassDecoded.equals(":") && credentials[0].equals(properties.get("username")) && credentials[1].equals(properties.get("password")))
    1.15 +			return true;
    1.16 +		else
    1.17 +			return false;
    1.18      }
    1.19  }

     2.1 --- a/endpoint/src/main/java/eu/earthobservatory/org/StrabonEndpoint/StoreBean.java	Mon Nov 26 19:26:52 2012 +0200
     2.2 +++ b/endpoint/src/main/java/eu/earthobservatory/org/StrabonEndpoint/StoreBean.java	Fri Nov 30 15:20:08 2012 +0200
     2.3 @@ -90,11 +90,19 @@
     2.4  	
     2.5  	@Override
     2.6  	public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
     2.7 +						 
     2.8 +		boolean authorized;
     2.9  		
    2.10 -		Authenticate authenticate = new Authenticate();
    2.11 -		String authorization = request.getHeader("Authorization");
    2.12 -	   	 
    2.13 -	   	 if (!authenticate.authenticateUser(authorization, context)) {	   		 	
    2.14 +		if(!request.getLocalAddr().equals("127.0.0.1")) {
    2.15 +			Authenticate authenticate = new Authenticate();
    2.16 +			String authorization = request.getHeader("Authorization");
    2.17 +	   		
    2.18 +			authorized = authenticate.authenticateUser(authorization, context);
    2.19 +		}
    2.20 +		else
    2.21 +			authorized = true;
    2.22 +				
    2.23 +	   	 if (!authorized) {	   		 
    2.24  	   		 // not allowed, so report he's unauthorized
    2.25  	   		 response.setHeader("WWW-Authenticate", "BASIC realm=\"Please login\"");
    2.26  	   		 response.sendError(HttpServletResponse.SC_UNAUTHORIZED);	   		 
    2.27 @@ -106,7 +114,7 @@
    2.28  			} else {
    2.29  				processRequest(request, response);
    2.30  			}
    2.31 -	   	 }
    2.32 +	   	 }							
    2.33  	}
    2.34  	
    2.35  	/**

     3.1 --- a/endpoint/src/main/java/eu/earthobservatory/org/StrabonEndpoint/UpdateBean.java	Mon Nov 26 19:26:52 2012 +0200
     3.2 +++ b/endpoint/src/main/java/eu/earthobservatory/org/StrabonEndpoint/UpdateBean.java	Fri Nov 30 15:20:08 2012 +0200
     3.3 @@ -54,25 +54,33 @@
     3.4  	}
     3.5  	
     3.6  	public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
     3.7 -		request.setCharacterEncoding("UTF-8");
     3.8  		
     3.9 -		Authenticate authenticate = new Authenticate();
    3.10 +		boolean authorized;
    3.11 +		
    3.12 +		request.setCharacterEncoding("UTF-8");						
    3.13  		ServletContext context = getServletContext();
    3.14 -		String authorization = request.getHeader("Authorization");
    3.15 -	   	 
    3.16 -	   	 if (!authenticate.authenticateUser(authorization, context)) {	   		 	
    3.17 +		if(!request.getLocalAddr().equals("127.0.0.1")) {
    3.18 +			Authenticate authenticate = new Authenticate();
    3.19 +			String authorization = request.getHeader("Authorization");
    3.20 +	   		
    3.21 +			authorized = authenticate.authenticateUser(authorization, context);
    3.22 +		}
    3.23 +		else
    3.24 +			authorized = true;
    3.25 +				
    3.26 +	   	 if (!authorized) {	   		 
    3.27  	   		 // not allowed, so report he's unauthorized
    3.28  	   		 response.setHeader("WWW-Authenticate", "BASIC realm=\"Please login\"");
    3.29  	   		 response.sendError(HttpServletResponse.SC_UNAUTHORIZED);	   		 
    3.30  	   	 }
    3.31 -	   	 else {  	 			
    3.32 -			if (Common.VIEW_TYPE.equals(request.getParameter(Common.VIEW))) {
    3.33 +	   	 else {	 		
    3.34 +	   		if (Common.VIEW_TYPE.equals(request.getParameter(Common.VIEW))) {
    3.35  				// HTML visual interface
    3.36  				processVIEWRequest(request, response);
    3.37  				
    3.38  			} else {// invoked as a service
    3.39  				processRequest(request, response);
    3.40 -		    }
    3.41 +		    }		
    3.42  	   	 }	
    3.43  	}
    3.44