Strabon
changeset 760:3e360dce98ef
When the connection to the endpoint is done by localhost, then no authentication is needed for store or update operations.
author | Stella Giannakopoulou <sgian@di.uoa.gr> |
---|---|
date | Fri Nov 30 15:20:08 2012 +0200 (2012-11-30) |
parents | e52271f13b5a |
children | 9d2553759226 |
files | endpoint/src/main/java/eu/earthobservatory/org/StrabonEndpoint/Authenticate.java endpoint/src/main/java/eu/earthobservatory/org/StrabonEndpoint/StoreBean.java endpoint/src/main/java/eu/earthobservatory/org/StrabonEndpoint/UpdateBean.java |
line diff
1.1 --- a/endpoint/src/main/java/eu/earthobservatory/org/StrabonEndpoint/Authenticate.java Mon Nov 26 19:26:52 2012 +0200 1.2 +++ b/endpoint/src/main/java/eu/earthobservatory/org/StrabonEndpoint/Authenticate.java Fri Nov 30 15:20:08 2012 +0200 1.3 @@ -58,11 +58,10 @@ 1.4 // close the stream 1.5 input.close(); 1.6 1.7 - // check if the given credentials are allowed 1.8 - if(credentials[0].equals(properties.get("username")) && credentials[1].equals(properties.get("password"))) 1.9 - return true; 1.10 - else 1.11 - return false; 1.12 - 1.13 + // check if the given credentials are allowed 1.14 + if(!userpassDecoded.equals(":") && credentials[0].equals(properties.get("username")) && credentials[1].equals(properties.get("password"))) 1.15 + return true; 1.16 + else 1.17 + return false; 1.18 } 1.19 }
2.1 --- a/endpoint/src/main/java/eu/earthobservatory/org/StrabonEndpoint/StoreBean.java Mon Nov 26 19:26:52 2012 +0200 2.2 +++ b/endpoint/src/main/java/eu/earthobservatory/org/StrabonEndpoint/StoreBean.java Fri Nov 30 15:20:08 2012 +0200 2.3 @@ -90,11 +90,19 @@ 2.4 2.5 @Override 2.6 public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { 2.7 + 2.8 + boolean authorized; 2.9 2.10 - Authenticate authenticate = new Authenticate(); 2.11 - String authorization = request.getHeader("Authorization"); 2.12 - 2.13 - if (!authenticate.authenticateUser(authorization, context)) { 2.14 + if(!request.getLocalAddr().equals("127.0.0.1")) { 2.15 + Authenticate authenticate = new Authenticate(); 2.16 + String authorization = request.getHeader("Authorization"); 2.17 + 2.18 + authorized = authenticate.authenticateUser(authorization, context); 2.19 + } 2.20 + else 2.21 + authorized = true; 2.22 + 2.23 + if (!authorized) { 2.24 // not allowed, so report he's unauthorized 2.25 response.setHeader("WWW-Authenticate", "BASIC realm=\"Please login\""); 2.26 response.sendError(HttpServletResponse.SC_UNAUTHORIZED); 2.27 @@ -106,7 +114,7 @@ 2.28 } else { 2.29 processRequest(request, response); 2.30 } 2.31 - } 2.32 + } 2.33 } 2.34 2.35 /**
3.1 --- a/endpoint/src/main/java/eu/earthobservatory/org/StrabonEndpoint/UpdateBean.java Mon Nov 26 19:26:52 2012 +0200 3.2 +++ b/endpoint/src/main/java/eu/earthobservatory/org/StrabonEndpoint/UpdateBean.java Fri Nov 30 15:20:08 2012 +0200 3.3 @@ -54,25 +54,33 @@ 3.4 } 3.5 3.6 public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { 3.7 - request.setCharacterEncoding("UTF-8"); 3.8 3.9 - Authenticate authenticate = new Authenticate(); 3.10 + boolean authorized; 3.11 + 3.12 + request.setCharacterEncoding("UTF-8"); 3.13 ServletContext context = getServletContext(); 3.14 - String authorization = request.getHeader("Authorization"); 3.15 - 3.16 - if (!authenticate.authenticateUser(authorization, context)) { 3.17 + if(!request.getLocalAddr().equals("127.0.0.1")) { 3.18 + Authenticate authenticate = new Authenticate(); 3.19 + String authorization = request.getHeader("Authorization"); 3.20 + 3.21 + authorized = authenticate.authenticateUser(authorization, context); 3.22 + } 3.23 + else 3.24 + authorized = true; 3.25 + 3.26 + if (!authorized) { 3.27 // not allowed, so report he's unauthorized 3.28 response.setHeader("WWW-Authenticate", "BASIC realm=\"Please login\""); 3.29 response.sendError(HttpServletResponse.SC_UNAUTHORIZED); 3.30 } 3.31 - else { 3.32 - if (Common.VIEW_TYPE.equals(request.getParameter(Common.VIEW))) { 3.33 + else { 3.34 + if (Common.VIEW_TYPE.equals(request.getParameter(Common.VIEW))) { 3.35 // HTML visual interface 3.36 processVIEWRequest(request, response); 3.37 3.38 } else {// invoked as a service 3.39 processRequest(request, response); 3.40 - } 3.41 + } 3.42 } 3.43 } 3.44