Strabon

changeset 643:b1caa46da857

Now authentication is also required when an update operation occurs.
I added the class Authenticate, which is used by StoreBean and UpdateBean and contains the
method that checks the credentials using the credentials.properties file.
Script endpoint is properly updated too.
author Stella Giannakopoulou <sgian@di.uoa.gr>
date Thu Oct 18 20:40:36 2012 +0300 (2012-10-18)
parents 3135a083daa2
children e053a82353ab
files endpoint/WebContent/query.jsp endpoint/src/main/java/eu/earthobservatory/org/StrabonEndpoint/Authenticate.java endpoint/src/main/java/eu/earthobservatory/org/StrabonEndpoint/StoreBean.java endpoint/src/main/java/eu/earthobservatory/org/StrabonEndpoint/UpdateBean.java scripts/endpoint
line diff
     1.1 --- a/endpoint/WebContent/query.jsp	Thu Oct 18 15:10:51 2012 +0300
     1.2 +++ b/endpoint/WebContent/query.jsp	Thu Oct 18 20:40:36 2012 +0300
     1.3 @@ -279,7 +279,11 @@
     1.4  <%}%>
     1.5  <tr>
     1.6  <td id="output">stSPARQL Query:</td>
     1.7 -<td id="output"><textarea name="query" title="pose your query/update here" rows="15" cols="100"><%=query%></textarea></td>
     1.8 +<td id="output">
     1.9 +	<div style="font-size:13px"> 
    1.10 +		You must be logged in to perform update queries.
    1.11 +	</div>
    1.12 +	<textarea name="query" title="pose your query/update here" rows="15" cols="100"><%=query%></textarea></td>
    1.13  </tr>
    1.14  <tr>
    1.15  	<td id="output"><center>Output Format:<br/>
     2.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     2.2 +++ b/endpoint/src/main/java/eu/earthobservatory/org/StrabonEndpoint/Authenticate.java	Thu Oct 18 20:40:36 2012 +0300
     2.3 @@ -0,0 +1,68 @@
     2.4 +/**
     2.5 + * This Source Code Form is subject to the terms of the Mozilla Public
     2.6 + * License, v. 2.0. If a copy of the MPL was not distributed with this
     2.7 + * file, You can obtain one at http://mozilla.org/MPL/2.0/.
     2.8 + * 
     2.9 + * Copyright (C) 2010, 2011, 2012, Pyravlos Team
    2.10 + * 
    2.11 + * http://www.strabon.di.uoa.gr/
    2.12 + */
    2.13 +package eu.earthobservatory.org.StrabonEndpoint;
    2.14 +
    2.15 +import java.io.FileInputStream;
    2.16 +import java.io.IOException;
    2.17 +import java.io.InputStream;
    2.18 +import java.util.Properties;
    2.19 +import java.util.regex.Pattern;
    2.20 +
    2.21 +import javax.servlet.ServletContext;
    2.22 +
    2.23 +import org.apache.commons.codec.binary.Base64;
    2.24 +
    2.25 +/**
    2.26 + * Keeps common variables shared by beans and .jsp pages.
    2.27 + *
    2.28 + * @author Stella Giannakopoulou <sgian@di.uoa.gr>
    2.29 + */
    2.30 +public class Authenticate {
    2.31 +	
    2.32 +	/**
    2.33 +	 * The filename of the credentials.properties file
    2.34 +	 */
    2.35 +	private static final String CREDENTIALS_PROPERTIES_FILE = "/WEB-INF/credentials.properties";		
    2.36 +	
    2.37 +    /**
    2.38 +     * Authenticate user
    2.39 +     * @throws IOException 
    2.40 +     * */
    2.41 +    public boolean authenticateUser(String authorization, ServletContext context) throws IOException {    	    	
    2.42 +    	Properties properties = new Properties();        	
    2.43 +    	if (authorization == null) return false;  // no authorization
    2.44 +
    2.45 +    	if (!authorization.toUpperCase().startsWith("BASIC "))
    2.46 +    		return false;  // only BASIC authentication
    2.47 +
    2.48 +    	// get encoded user and password, comes after "BASIC "
    2.49 +    	String userpassEncoded = authorization.substring(6);            
    2.50 +    	// decode 
    2.51 +    	String userpassDecoded = new String(Base64.decodeBase64(userpassEncoded));
    2.52 +
    2.53 +    	Pattern pattern = Pattern.compile(":");  
    2.54 +    	String[] credentials = pattern.split(userpassDecoded);    	    	
    2.55 +    	// get credentials.properties as input stream
    2.56 +    	InputStream input = new FileInputStream(context.getRealPath(CREDENTIALS_PROPERTIES_FILE));
    2.57 +  
    2.58 +    	// load the properties
    2.59 +    	properties.load(input);
    2.60 +    	
    2.61 +    	// close the stream
    2.62 +    	input.close();  
    2.63 +    	
    2.64 +    	// check if the given credentials are allowed 
    2.65 +    	if(credentials[0].equals(properties.get("username")) && credentials[1].equals(properties.get("password")))
    2.66 +    		return true;
    2.67 +    	else
    2.68 +    		return false;
    2.69 +    	    
    2.70 +    }
    2.71 +}
     3.1 --- a/endpoint/src/main/java/eu/earthobservatory/org/StrabonEndpoint/StoreBean.java	Thu Oct 18 15:10:51 2012 +0300
     3.2 +++ b/endpoint/src/main/java/eu/earthobservatory/org/StrabonEndpoint/StoreBean.java	Thu Oct 18 20:40:36 2012 +0300
     3.3 @@ -9,15 +9,10 @@
     3.4   */
     3.5  package eu.earthobservatory.org.StrabonEndpoint;
     3.6  
     3.7 -import java.io.FileInputStream;
     3.8  import java.io.IOException;
     3.9 -import java.io.InputStream;
    3.10  import java.io.UnsupportedEncodingException;
    3.11  import java.net.MalformedURLException;
    3.12  import java.net.URLDecoder;
    3.13 -import java.util.Hashtable;
    3.14 -import java.util.Properties;
    3.15 -import java.util.regex.Pattern;
    3.16  
    3.17  import javax.servlet.RequestDispatcher;
    3.18  import javax.servlet.ServletConfig;
    3.19 @@ -26,7 +21,6 @@
    3.20  import javax.servlet.http.HttpServlet;
    3.21  import javax.servlet.http.HttpServletRequest;
    3.22  import javax.servlet.http.HttpServletResponse;
    3.23 -import org.apache.commons.codec.binary.Base64;
    3.24  
    3.25  import org.openrdf.rio.RDFFormat;
    3.26  import org.openrdf.rio.RDFParseException;
    3.27 @@ -59,11 +53,6 @@
    3.28  	private static final String STORE_ERROR 	= "An error occurred while storing input data!";
    3.29  	private static final String PARAM_ERROR 	= "RDF format or input data are not set or are invalid!";
    3.30  	private static final String STORE_OK		= "Data stored successfully!";
    3.31 -
    3.32 -	/**
    3.33 -	 * The filename of the credentials.properties file
    3.34 -	 */
    3.35 -	private static final String CREDENTIALS_PROPERTIES_FILE = "/WEB-INF/credentials.properties";
    3.36  	
    3.37  	/**
    3.38  	 * Strabon wrapper
    3.39 @@ -102,15 +91,15 @@
    3.40  	@Override
    3.41  	public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    3.42  		
    3.43 +		Authenticate authenticate = new Authenticate();
    3.44  		String authorization = request.getHeader("Authorization");
    3.45  	   	 
    3.46 -	   	 if (!authenticateUser(authorization)) {	   		 	
    3.47 +	   	 if (!authenticate.authenticateUser(authorization, context)) {	   		 	
    3.48  	   		 // not allowed, so report he's unauthorized
    3.49  	   		 response.setHeader("WWW-Authenticate", "BASIC realm=\"Please login\"");
    3.50 -	   		 response.sendError(response.SC_UNAUTHORIZED);	   		 
    3.51 +	   		 response.sendError(HttpServletResponse.SC_UNAUTHORIZED);	   		 
    3.52  	   	 }
    3.53 -	   	 else
    3.54 -	   	 {	 		
    3.55 +	   	 else {	 		
    3.56  			// check whether the request was from store.jsp
    3.57  			if (Common.VIEW_TYPE.equals(request.getParameter(Common.VIEW))) {
    3.58  				processVIEWRequest(request, response);				
    3.59 @@ -208,41 +197,4 @@
    3.60  			logger.error("[StrabonEndpoint.StoreBean] " + e.getMessage());
    3.61  		}
    3.62      }
    3.63 -    
    3.64 -    /**
    3.65 -     * Authenticate user
    3.66 -     * @throws IOException 
    3.67 -     * */
    3.68 -    protected boolean authenticateUser(String authorization) throws IOException {
    3.69 -    	
    3.70 -    	Properties properties = new Properties();    	
    3.71 -    	if (authorization == null) return false;  // no authorization
    3.72 -
    3.73 -    	if (!authorization.toUpperCase().startsWith("BASIC "))
    3.74 -    		return false;  // only BASIC authentication
    3.75 -
    3.76 -    	// get encoded user and password, comes after "BASIC "
    3.77 -    	String userpassEncoded = authorization.substring(6);            
    3.78 -    	// decode 
    3.79 -    	String userpassDecoded = new String(Base64.decodeBase64(userpassEncoded));
    3.80 -
    3.81 -    	Pattern pattern = Pattern.compile(":");  
    3.82 -    	String[] credentials = pattern.split(userpassDecoded);    	
    3.83 -    	
    3.84 -    	// get connection.properties as input stream
    3.85 -    	InputStream input = new FileInputStream(context.getRealPath(CREDENTIALS_PROPERTIES_FILE));
    3.86 -  
    3.87 -    	// load the properties
    3.88 -    	properties.load(input);
    3.89 -    	
    3.90 -    	// close the stream
    3.91 -    	input.close();  
    3.92 -    	
    3.93 -    	// check if the given credentials are allowed 
    3.94 -    	if(credentials[0].equals(properties.get("username")) && credentials[1].equals(properties.get("password")))
    3.95 -    		return true;
    3.96 -    	else
    3.97 -    		return false;
    3.98 -    	    
    3.99 -    }
   3.100  }
     4.1 --- a/endpoint/src/main/java/eu/earthobservatory/org/StrabonEndpoint/UpdateBean.java	Thu Oct 18 15:10:51 2012 +0300
     4.2 +++ b/endpoint/src/main/java/eu/earthobservatory/org/StrabonEndpoint/UpdateBean.java	Thu Oct 18 20:40:36 2012 +0300
     4.3 @@ -56,13 +56,24 @@
     4.4  	public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
     4.5  		request.setCharacterEncoding("UTF-8");
     4.6  		
     4.7 -		if (Common.VIEW_TYPE.equals(request.getParameter(Common.VIEW))) {
     4.8 -			// HTML visual interface
     4.9 -			processVIEWRequest(request, response);
    4.10 -			
    4.11 -		} else {// invoked as a service
    4.12 -			processRequest(request, response);
    4.13 -	    }
    4.14 +		Authenticate authenticate = new Authenticate();
    4.15 +		ServletContext context = getServletContext();
    4.16 +		String authorization = request.getHeader("Authorization");
    4.17 +	   	 
    4.18 +	   	 if (!authenticate.authenticateUser(authorization, context)) {	   		 	
    4.19 +	   		 // not allowed, so report he's unauthorized
    4.20 +	   		 response.setHeader("WWW-Authenticate", "BASIC realm=\"Please login\"");
    4.21 +	   		 response.sendError(HttpServletResponse.SC_UNAUTHORIZED);	   		 
    4.22 +	   	 }
    4.23 +	   	 else {  	 			
    4.24 +			if (Common.VIEW_TYPE.equals(request.getParameter(Common.VIEW))) {
    4.25 +				// HTML visual interface
    4.26 +				processVIEWRequest(request, response);
    4.27 +				
    4.28 +			} else {// invoked as a service
    4.29 +				processRequest(request, response);
    4.30 +		    }
    4.31 +	   	 }	
    4.32  	}
    4.33  
    4.34  	private void processRequest(HttpServletRequest request, HttpServletResponse response) throws IOException {
     5.1 --- a/scripts/endpoint	Thu Oct 18 15:10:51 2012 +0300
     5.2 +++ b/scripts/endpoint	Thu Oct 18 20:40:36 2012 +0300
     5.3 @@ -260,7 +260,7 @@
     5.4  				;;
     5.5  		esac
     5.6  
     5.7 -		EXEC="curl ${CURL_OPTS} --data-urlencode query='${PREFIXES}${QUERY}' ${URL}"
     5.8 +		EXEC="curl -u endpoint:3ndpo1nt ${CURL_OPTS} --data-urlencode query='${PREFIXES}${QUERY}' ${URL}"
     5.9  		;;
    5.10  	store)
    5.11  		shift