Strabon

changeset 760:3e360dce98ef

When the connection to the endpoint is done by localhost, then no authentication is needed for store or update operations.
author Stella Giannakopoulou <sgian@di.uoa.gr>
date Fri Nov 30 15:20:08 2012 +0200 (2012-11-30)
parents e52271f13b5a
children 9d2553759226
files endpoint/src/main/java/eu/earthobservatory/org/StrabonEndpoint/Authenticate.java endpoint/src/main/java/eu/earthobservatory/org/StrabonEndpoint/StoreBean.java endpoint/src/main/java/eu/earthobservatory/org/StrabonEndpoint/UpdateBean.java
line diff
     1.1 --- a/endpoint/src/main/java/eu/earthobservatory/org/StrabonEndpoint/Authenticate.java	Mon Nov 26 19:26:52 2012 +0200
     1.2 +++ b/endpoint/src/main/java/eu/earthobservatory/org/StrabonEndpoint/Authenticate.java	Fri Nov 30 15:20:08 2012 +0200
     1.3 @@ -58,11 +58,10 @@
     1.4      	// close the stream
     1.5      	input.close();  
     1.6      	
     1.7 -    	// check if the given credentials are allowed 
     1.8 -    	if(credentials[0].equals(properties.get("username")) && credentials[1].equals(properties.get("password")))
     1.9 -    		return true;
    1.10 -    	else
    1.11 -    		return false;
    1.12 -    	    
    1.13 +    	// check if the given credentials are allowed    	
    1.14 +		if(!userpassDecoded.equals(":") && credentials[0].equals(properties.get("username")) && credentials[1].equals(properties.get("password")))
    1.15 +			return true;
    1.16 +		else
    1.17 +			return false;
    1.18      }
    1.19  }
     2.1 --- a/endpoint/src/main/java/eu/earthobservatory/org/StrabonEndpoint/StoreBean.java	Mon Nov 26 19:26:52 2012 +0200
     2.2 +++ b/endpoint/src/main/java/eu/earthobservatory/org/StrabonEndpoint/StoreBean.java	Fri Nov 30 15:20:08 2012 +0200
     2.3 @@ -90,11 +90,19 @@
     2.4  	
     2.5  	@Override
     2.6  	public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
     2.7 +						 
     2.8 +		boolean authorized;
     2.9  		
    2.10 -		Authenticate authenticate = new Authenticate();
    2.11 -		String authorization = request.getHeader("Authorization");
    2.12 -	   	 
    2.13 -	   	 if (!authenticate.authenticateUser(authorization, context)) {	   		 	
    2.14 +		if(!request.getLocalAddr().equals("127.0.0.1")) {
    2.15 +			Authenticate authenticate = new Authenticate();
    2.16 +			String authorization = request.getHeader("Authorization");
    2.17 +	   		
    2.18 +			authorized = authenticate.authenticateUser(authorization, context);
    2.19 +		}
    2.20 +		else
    2.21 +			authorized = true;
    2.22 +				
    2.23 +	   	 if (!authorized) {	   		 
    2.24  	   		 // not allowed, so report he's unauthorized
    2.25  	   		 response.setHeader("WWW-Authenticate", "BASIC realm=\"Please login\"");
    2.26  	   		 response.sendError(HttpServletResponse.SC_UNAUTHORIZED);	   		 
    2.27 @@ -106,7 +114,7 @@
    2.28  			} else {
    2.29  				processRequest(request, response);
    2.30  			}
    2.31 -	   	 }
    2.32 +	   	 }							
    2.33  	}
    2.34  	
    2.35  	/**
     3.1 --- a/endpoint/src/main/java/eu/earthobservatory/org/StrabonEndpoint/UpdateBean.java	Mon Nov 26 19:26:52 2012 +0200
     3.2 +++ b/endpoint/src/main/java/eu/earthobservatory/org/StrabonEndpoint/UpdateBean.java	Fri Nov 30 15:20:08 2012 +0200
     3.3 @@ -54,25 +54,33 @@
     3.4  	}
     3.5  	
     3.6  	public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
     3.7 -		request.setCharacterEncoding("UTF-8");
     3.8  		
     3.9 -		Authenticate authenticate = new Authenticate();
    3.10 +		boolean authorized;
    3.11 +		
    3.12 +		request.setCharacterEncoding("UTF-8");						
    3.13  		ServletContext context = getServletContext();
    3.14 -		String authorization = request.getHeader("Authorization");
    3.15 -	   	 
    3.16 -	   	 if (!authenticate.authenticateUser(authorization, context)) {	   		 	
    3.17 +		if(!request.getLocalAddr().equals("127.0.0.1")) {
    3.18 +			Authenticate authenticate = new Authenticate();
    3.19 +			String authorization = request.getHeader("Authorization");
    3.20 +	   		
    3.21 +			authorized = authenticate.authenticateUser(authorization, context);
    3.22 +		}
    3.23 +		else
    3.24 +			authorized = true;
    3.25 +				
    3.26 +	   	 if (!authorized) {	   		 
    3.27  	   		 // not allowed, so report he's unauthorized
    3.28  	   		 response.setHeader("WWW-Authenticate", "BASIC realm=\"Please login\"");
    3.29  	   		 response.sendError(HttpServletResponse.SC_UNAUTHORIZED);	   		 
    3.30  	   	 }
    3.31 -	   	 else {  	 			
    3.32 -			if (Common.VIEW_TYPE.equals(request.getParameter(Common.VIEW))) {
    3.33 +	   	 else {	 		
    3.34 +	   		if (Common.VIEW_TYPE.equals(request.getParameter(Common.VIEW))) {
    3.35  				// HTML visual interface
    3.36  				processVIEWRequest(request, response);
    3.37  				
    3.38  			} else {// invoked as a service
    3.39  				processRequest(request, response);
    3.40 -		    }
    3.41 +		    }		
    3.42  	   	 }	
    3.43  	}
    3.44