You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@wookie.apache.org by sc...@apache.org on 2014/02/09 20:27:35 UTC
svn commit: r1566364 - /wookie/trunk/wookie-server/src/main/java/org/apache/wookie/controller/Controller.java

Author: scottbw
Date: Sun Feb  9 19:27:35 2014
New Revision: 1566364

URL: http://svn.apache.org/r1566364
Log:
Added an auth token checking utility method to the Controller superclass, making it available to all controllers

Modified:
    wookie/trunk/wookie-server/src/main/java/org/apache/wookie/controller/Controller.java

Modified: wookie/trunk/wookie-server/src/main/java/org/apache/wookie/controller/Controller.java
URL: http://svn.apache.org/viewvc/wookie/trunk/wookie-server/src/main/java/org/apache/wookie/controller/Controller.java?rev=1566364&r1=1566363&r2=1566364&view=diff
==============================================================================
--- wookie/trunk/wookie-server/src/main/java/org/apache/wookie/controller/Controller.java (original)
+++ wookie/trunk/wookie-server/src/main/java/org/apache/wookie/controller/Controller.java Sun Feb  9 19:27:35 2014
@@ -15,8 +15,10 @@ package org.apache.wookie.controller;
 
 import java.io.IOException;
 import java.io.PrintWriter;
+import java.io.UnsupportedEncodingException;
 import java.net.MalformedURLException;
 import java.net.URL;
+import java.net.URLDecoder;
 
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServlet;
@@ -25,12 +27,18 @@ import javax.servlet.http.HttpServletRes
 
 import org.apache.commons.configuration.Configuration;
 import org.apache.log4j.Logger;
+import org.apache.wookie.auth.AuthToken;
+import org.apache.wookie.auth.AuthTokenUtils;
+import org.apache.wookie.auth.InvalidAuthTokenException;
 import org.apache.wookie.exceptions.InvalidParametersException;
 import org.apache.wookie.exceptions.ResourceDuplicationException;
 import org.apache.wookie.exceptions.ResourceNotFoundException;
 import org.apache.wookie.exceptions.ServiceUnavailableException;
 import org.apache.wookie.exceptions.SystemUnavailableException;
 import org.apache.wookie.exceptions.UnauthorizedAccessException;
+import org.apache.wookie.server.security.ApiKeys;
+import org.apache.wookie.services.WidgetMetadataService;
+import org.apache.wookie.w3c.util.LocalizationUtils;
 
 /**
  * Base class of RESTful controllers with common utility methods
@@ -385,5 +393,96 @@ public abstract class Controller extends
     //
     return new URL(scheme, serverName, serverPort, path);
 	}
+	
+	/**
+	 * Get an AuthToken from the request
+	 * @param request
+	 * @return
+	 */
+	protected static AuthToken getAuthTokenFromRequest(HttpServletRequest request){
+		
+		AuthToken authToken = null;
+
+		
+		//
+		// First, lets use idkey if present
+		//
+		String idkey = request.getParameter("idkey");
+		
+		if (idkey != null && !idkey.trim().equals("")){
+		try {
+			authToken = AuthTokenUtils.decryptAuthToken(idkey);
+			return authToken;
+		} catch (InvalidAuthTokenException e) {
+			return null;
+		}
+		}
+		
+		//
+		// Next, try the resource component of the URL, e.g. widgetinstances/xyz
+		//
+		idkey = getResourceId(request);
+		if (idkey != null && !idkey.trim().equals("")){
+			try {
+				authToken = AuthTokenUtils.decryptAuthToken(idkey);
+				return authToken;
+			} catch (InvalidAuthTokenException e) {
+				//
+				// Continue; the resource id wasn't used to identify the token, 
+				// but that doesn't mean the request is not valid
+				//
+			}
+		}
+		
+		//
+		// Finally, use components from the parameters
+		//
+		try {
+			String apiKey = URLDecoder.decode(request.getParameter("api_key"), "UTF-8"); //$NON-NLS-1$
+			String userId = URLDecoder.decode(request.getParameter("userid"), "UTF-8"); //$NON-NLS-1$
+			String contextId = request.getParameter("shareddatakey");	 //$NON-NLS-1$;
+			String widgetId = request.getParameter("widgetid");
+			String lang = request.getParameter("lang");
+			
+            //
+			// The API Key MUST be valid
+			//
+            if (!ApiKeys.getInstance().validate(apiKey)) return null;
+            
+            //
+            // The following properties MUST be provided
+            //
+            if (userId == null || userId.trim().equals("")) return null;
+            if (contextId == null || contextId.trim().equals("")) return null;	
+            if (widgetId == null || widgetId.trim().equals("")) return null;
+            
+            //
+            // The widget MUST be installed
+            //
+            if (WidgetMetadataService.Factory.getInstance().getWidget(widgetId) == null){
+            	return null;
+            }
+            
+			//
+			// If there is no valid language tag, we can use the default
+			//
+            if (!LocalizationUtils.isValidLanguageTag(lang)){
+            	lang = WidgetMetadataService.Factory.getInstance().getWidget(widgetId).getDefaultLocale() ;
+            }
+            
+            
+            authToken = new AuthToken();
+            authToken.setApiKey(ApiKeys.getInstance().getApiKey(apiKey));
+            authToken.setContextId(contextId);
+            authToken.setLang(lang);
+            authToken.setViewerId(userId);
+            authToken.setWidgetId(widgetId);
+    		return authToken;			
+		} catch (UnsupportedEncodingException e) {
+			return null;
+		}
+
+
+	}
 
 }