Strabon
changeset 643:b1caa46da857
Now authentication is also required when an update operation occurs.
I added the class Authenticate, which is used by StoreBean and UpdateBean and contains the
method that checks the credentials using the credentials.properties file.
Script endpoint is properly updated too.
I added the class Authenticate, which is used by StoreBean and UpdateBean and contains the
method that checks the credentials using the credentials.properties file.
Script endpoint is properly updated too.
| author | Stella Giannakopoulou <sgian@di.uoa.gr> |
|---|---|
| date | Thu Oct 18 20:40:36 2012 +0300 (2012-10-18) |
| parents | 3135a083daa2 |
| children | e053a82353ab |
| files | endpoint/WebContent/query.jsp endpoint/src/main/java/eu/earthobservatory/org/StrabonEndpoint/Authenticate.java endpoint/src/main/java/eu/earthobservatory/org/StrabonEndpoint/StoreBean.java endpoint/src/main/java/eu/earthobservatory/org/StrabonEndpoint/UpdateBean.java scripts/endpoint |
line diff
1.1 --- a/endpoint/WebContent/query.jsp Thu Oct 18 15:10:51 2012 +0300 1.2 +++ b/endpoint/WebContent/query.jsp Thu Oct 18 20:40:36 2012 +0300 1.3 @@ -279,7 +279,11 @@ 1.4 <%}%> 1.5 <tr> 1.6 <td id="output">stSPARQL Query:</td> 1.7 -<td id="output"><textarea name="query" title="pose your query/update here" rows="15" cols="100"><%=query%></textarea></td> 1.8 +<td id="output"> 1.9 + <div style="font-size:13px"> 1.10 + You must be logged in to perform update queries. 1.11 + </div> 1.12 + <textarea name="query" title="pose your query/update here" rows="15" cols="100"><%=query%></textarea></td> 1.13 </tr> 1.14 <tr> 1.15 <td id="output"><center>Output Format:<br/>
2.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 2.2 +++ b/endpoint/src/main/java/eu/earthobservatory/org/StrabonEndpoint/Authenticate.java Thu Oct 18 20:40:36 2012 +0300 2.3 @@ -0,0 +1,68 @@ 2.4 +/** 2.5 + * This Source Code Form is subject to the terms of the Mozilla Public 2.6 + * License, v. 2.0. If a copy of the MPL was not distributed with this 2.7 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. 2.8 + * 2.9 + * Copyright (C) 2010, 2011, 2012, Pyravlos Team 2.10 + * 2.11 + * http://www.strabon.di.uoa.gr/ 2.12 + */ 2.13 +package eu.earthobservatory.org.StrabonEndpoint; 2.14 + 2.15 +import java.io.FileInputStream; 2.16 +import java.io.IOException; 2.17 +import java.io.InputStream; 2.18 +import java.util.Properties; 2.19 +import java.util.regex.Pattern; 2.20 + 2.21 +import javax.servlet.ServletContext; 2.22 + 2.23 +import org.apache.commons.codec.binary.Base64; 2.24 + 2.25 +/** 2.26 + * Keeps common variables shared by beans and .jsp pages. 2.27 + * 2.28 + * @author Stella Giannakopoulou <sgian@di.uoa.gr> 2.29 + */ 2.30 +public class Authenticate { 2.31 + 2.32 + /** 2.33 + * The filename of the credentials.properties file 2.34 + */ 2.35 + private static final String CREDENTIALS_PROPERTIES_FILE = "/WEB-INF/credentials.properties"; 2.36 + 2.37 + /** 2.38 + * Authenticate user 2.39 + * @throws IOException 2.40 + * */ 2.41 + public boolean authenticateUser(String authorization, ServletContext context) throws IOException { 2.42 + Properties properties = new Properties(); 2.43 + if (authorization == null) return false; // no authorization 2.44 + 2.45 + if (!authorization.toUpperCase().startsWith("BASIC ")) 2.46 + return false; // only BASIC authentication 2.47 + 2.48 + // get encoded user and password, comes after "BASIC " 2.49 + String userpassEncoded = authorization.substring(6); 2.50 + // decode 2.51 + String userpassDecoded = new String(Base64.decodeBase64(userpassEncoded)); 2.52 + 2.53 + Pattern pattern = Pattern.compile(":"); 2.54 + String[] credentials = pattern.split(userpassDecoded); 2.55 + // get credentials.properties as input stream 2.56 + InputStream input = new FileInputStream(context.getRealPath(CREDENTIALS_PROPERTIES_FILE)); 2.57 + 2.58 + // load the properties 2.59 + properties.load(input); 2.60 + 2.61 + // close the stream 2.62 + input.close(); 2.63 + 2.64 + // check if the given credentials are allowed 2.65 + if(credentials[0].equals(properties.get("username")) && credentials[1].equals(properties.get("password"))) 2.66 + return true; 2.67 + else 2.68 + return false; 2.69 + 2.70 + } 2.71 +}
3.1 --- a/endpoint/src/main/java/eu/earthobservatory/org/StrabonEndpoint/StoreBean.java Thu Oct 18 15:10:51 2012 +0300 3.2 +++ b/endpoint/src/main/java/eu/earthobservatory/org/StrabonEndpoint/StoreBean.java Thu Oct 18 20:40:36 2012 +0300 3.3 @@ -9,15 +9,10 @@ 3.4 */ 3.5 package eu.earthobservatory.org.StrabonEndpoint; 3.6 3.7 -import java.io.FileInputStream; 3.8 import java.io.IOException; 3.9 -import java.io.InputStream; 3.10 import java.io.UnsupportedEncodingException; 3.11 import java.net.MalformedURLException; 3.12 import java.net.URLDecoder; 3.13 -import java.util.Hashtable; 3.14 -import java.util.Properties; 3.15 -import java.util.regex.Pattern; 3.16 3.17 import javax.servlet.RequestDispatcher; 3.18 import javax.servlet.ServletConfig; 3.19 @@ -26,7 +21,6 @@ 3.20 import javax.servlet.http.HttpServlet; 3.21 import javax.servlet.http.HttpServletRequest; 3.22 import javax.servlet.http.HttpServletResponse; 3.23 -import org.apache.commons.codec.binary.Base64; 3.24 3.25 import org.openrdf.rio.RDFFormat; 3.26 import org.openrdf.rio.RDFParseException; 3.27 @@ -59,11 +53,6 @@ 3.28 private static final String STORE_ERROR = "An error occurred while storing input data!"; 3.29 private static final String PARAM_ERROR = "RDF format or input data are not set or are invalid!"; 3.30 private static final String STORE_OK = "Data stored successfully!"; 3.31 - 3.32 - /** 3.33 - * The filename of the credentials.properties file 3.34 - */ 3.35 - private static final String CREDENTIALS_PROPERTIES_FILE = "/WEB-INF/credentials.properties"; 3.36 3.37 /** 3.38 * Strabon wrapper 3.39 @@ -102,15 +91,15 @@ 3.40 @Override 3.41 public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { 3.42 3.43 + Authenticate authenticate = new Authenticate(); 3.44 String authorization = request.getHeader("Authorization"); 3.45 3.46 - if (!authenticateUser(authorization)) { 3.47 + if (!authenticate.authenticateUser(authorization, context)) { 3.48 // not allowed, so report he's unauthorized 3.49 response.setHeader("WWW-Authenticate", "BASIC realm=\"Please login\""); 3.50 - response.sendError(response.SC_UNAUTHORIZED); 3.51 + response.sendError(HttpServletResponse.SC_UNAUTHORIZED); 3.52 } 3.53 - else 3.54 - { 3.55 + else { 3.56 // check whether the request was from store.jsp 3.57 if (Common.VIEW_TYPE.equals(request.getParameter(Common.VIEW))) { 3.58 processVIEWRequest(request, response); 3.59 @@ -208,41 +197,4 @@ 3.60 logger.error("[StrabonEndpoint.StoreBean] " + e.getMessage()); 3.61 } 3.62 } 3.63 - 3.64 - /** 3.65 - * Authenticate user 3.66 - * @throws IOException 3.67 - * */ 3.68 - protected boolean authenticateUser(String authorization) throws IOException { 3.69 - 3.70 - Properties properties = new Properties(); 3.71 - if (authorization == null) return false; // no authorization 3.72 - 3.73 - if (!authorization.toUpperCase().startsWith("BASIC ")) 3.74 - return false; // only BASIC authentication 3.75 - 3.76 - // get encoded user and password, comes after "BASIC " 3.77 - String userpassEncoded = authorization.substring(6); 3.78 - // decode 3.79 - String userpassDecoded = new String(Base64.decodeBase64(userpassEncoded)); 3.80 - 3.81 - Pattern pattern = Pattern.compile(":"); 3.82 - String[] credentials = pattern.split(userpassDecoded); 3.83 - 3.84 - // get connection.properties as input stream 3.85 - InputStream input = new FileInputStream(context.getRealPath(CREDENTIALS_PROPERTIES_FILE)); 3.86 - 3.87 - // load the properties 3.88 - properties.load(input); 3.89 - 3.90 - // close the stream 3.91 - input.close(); 3.92 - 3.93 - // check if the given credentials are allowed 3.94 - if(credentials[0].equals(properties.get("username")) && credentials[1].equals(properties.get("password"))) 3.95 - return true; 3.96 - else 3.97 - return false; 3.98 - 3.99 - } 3.100 }
4.1 --- a/endpoint/src/main/java/eu/earthobservatory/org/StrabonEndpoint/UpdateBean.java Thu Oct 18 15:10:51 2012 +0300 4.2 +++ b/endpoint/src/main/java/eu/earthobservatory/org/StrabonEndpoint/UpdateBean.java Thu Oct 18 20:40:36 2012 +0300 4.3 @@ -56,13 +56,24 @@ 4.4 public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { 4.5 request.setCharacterEncoding("UTF-8"); 4.6 4.7 - if (Common.VIEW_TYPE.equals(request.getParameter(Common.VIEW))) { 4.8 - // HTML visual interface 4.9 - processVIEWRequest(request, response); 4.10 - 4.11 - } else {// invoked as a service 4.12 - processRequest(request, response); 4.13 - } 4.14 + Authenticate authenticate = new Authenticate(); 4.15 + ServletContext context = getServletContext(); 4.16 + String authorization = request.getHeader("Authorization"); 4.17 + 4.18 + if (!authenticate.authenticateUser(authorization, context)) { 4.19 + // not allowed, so report he's unauthorized 4.20 + response.setHeader("WWW-Authenticate", "BASIC realm=\"Please login\""); 4.21 + response.sendError(HttpServletResponse.SC_UNAUTHORIZED); 4.22 + } 4.23 + else { 4.24 + if (Common.VIEW_TYPE.equals(request.getParameter(Common.VIEW))) { 4.25 + // HTML visual interface 4.26 + processVIEWRequest(request, response); 4.27 + 4.28 + } else {// invoked as a service 4.29 + processRequest(request, response); 4.30 + } 4.31 + } 4.32 } 4.33 4.34 private void processRequest(HttpServletRequest request, HttpServletResponse response) throws IOException {
5.1 --- a/scripts/endpoint Thu Oct 18 15:10:51 2012 +0300 5.2 +++ b/scripts/endpoint Thu Oct 18 20:40:36 2012 +0300 5.3 @@ -260,7 +260,7 @@ 5.4 ;; 5.5 esac 5.6 5.7 - EXEC="curl ${CURL_OPTS} --data-urlencode query='${PREFIXES}${QUERY}' ${URL}" 5.8 + EXEC="curl -u endpoint:3ndpo1nt ${CURL_OPTS} --data-urlencode query='${PREFIXES}${QUERY}' ${URL}" 5.9 ;; 5.10 store) 5.11 shift