Bearer Token auth as default.

BASIC auth is commented out.

src/main/java/org/reso/service/data/GenericEntityCollectionProcessor.java

@@ -37,7 +37,7 @@ public class GenericEntityCollectionProcessor implements EntityCollectionProcess
    private              OData                odata;
    private              ServiceMetadata      serviceMetadata;
    private              Connection           connect           = null;
-   private static final Logger               LOG               = LoggerFactory.getLogger(LookupEntityCollectionProcessor.class);
+   private static final Logger               LOG               = LoggerFactory.getLogger(GenericEntityCollectionProcessor.class);
    private              ResourceInfo         resourceInfo      = null;
 
    public GenericEntityCollectionProcessor(Connection connection, ResourceInfo resourceInfo)

src/main/java/org/reso/service/data/LookupEntityCollectionProcessor.java

@@ -1,21 +0,0 @@
-package org.reso.service.data;
-
-import org.apache.olingo.commons.api.edm.EdmPrimitiveTypeKind;
-import org.reso.service.data.meta.FieldInfo;
-import org.reso.service.data.meta.ResourceInfo;
-
-import java.util.ArrayList;
-
-import java.sql.Connection;
-
-public class LookupEntityCollectionProcessor extends GenericEntityCollectionProcessor
-{
-   private static ArrayList<FieldInfo> fieldList = null;
-
-   public LookupEntityCollectionProcessor(Connection connection, ResourceInfo resourceInfo)
-   {
-      super(connection);
-      this.setResourceInfo(resourceInfo);
-   }
-
-}

src/main/java/org/reso/service/data/definition/LookupDefinition.java

@@ -2,7 +2,6 @@ package org.reso.service.data.definition;
 
 
 import org.apache.olingo.commons.api.edm.EdmPrimitiveTypeKind;
-import org.reso.service.data.LookupEntityCollectionProcessor;
 import org.reso.service.data.meta.FieldInfo;
 import org.reso.service.data.meta.ResourceInfo;
 

src/main/java/org/reso/service/data/meta/ResourceInfo.java

@@ -1,9 +1,7 @@
 package org.reso.service.data.meta;
 
 
-import org.apache.olingo.commons.api.edm.EdmPrimitiveTypeKind;
 import org.apache.olingo.commons.api.edm.FullQualifiedName;
-import org.reso.service.data.LookupEntityCollectionProcessor;
 
 import java.util.ArrayList;
 

src/main/java/org/reso/service/security/BasicAuthProvider.java

@@ -64,6 +64,6 @@ public class BasicAuthProvider implements Provider
    @Override public void unauthorizedResponse(HttpServletResponse resp)
    {
       resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
-      resp.setHeader("WWW-Authenticate","Basic");
+      resp.setHeader("WWW-Authenticate",BasicAuthProvider.BASIC_STR);
    }
 }

src/main/java/org/reso/service/security/BearerAuthProvider.java

@@ -0,0 +1,60 @@
+package org.reso.service.security;
+
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.util.Base64;
+import java.util.Enumeration;
+
+public class BearerAuthProvider implements Provider
+{
+   public static final String AUTH_STR = "Authorization";
+   public static final String BEARER_STR = "Bearer";
+   public static final String AUTH_SPACE = " ";
+
+   public static final String AUTH_BEARER_TOKEN = "reso-test-token";
+
+   private static final Logger LOG = LoggerFactory.getLogger(BearerAuthProvider.class);
+
+   /**
+    * A simple BASIC Auth with static username and password.  Purely for testing purposes.
+    * @param req The HTTP Request object from the servlet.
+    * @return true if authorized, false otherwise.
+    */
+   @Override public boolean verify(HttpServletRequest req)
+   {
+      Enumeration<String> headers = req.getHeaders(BearerAuthProvider.AUTH_STR);
+
+      while (headers.hasMoreElements())
+      {
+         String authResp = headers.nextElement();
+
+         if (authResp!=null && authResp.length()>0)
+         {
+            String[] parts = authResp.split(BearerAuthProvider.AUTH_SPACE);
+            if (parts[0].equals(BearerAuthProvider.BEARER_STR) && parts.length==2)
+            {
+               String token = parts[1];
+
+               if (token.equals(BearerAuthProvider.AUTH_BEARER_TOKEN))
+               {
+                  return true;
+               }
+            }
+         }
+      }
+
+      return false;
+   }
+
+
+   @Override public void unauthorizedResponse(HttpServletResponse resp)
+   {
+      resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+      resp.setHeader("WWW-Authenticate",BearerAuthProvider.BEARER_STR);
+   }
+}
+

src/main/java/org/reso/service/servlet/RESOservlet.java

@@ -10,6 +10,7 @@ import org.reso.service.data.definition.LookupDefinition;
 import org.reso.service.data.meta.ResourceInfo;
 import org.reso.service.edmprovider.RESOedmProvider;
 import org.reso.service.security.BasicAuthProvider;
+import org.reso.service.security.BearerAuthProvider;
 import org.reso.service.security.Validator;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -43,7 +44,8 @@ public class RESOservlet extends HttpServlet
       }
 
       this.validator = new Validator();
-      this.validator.addProvider(new BasicAuthProvider());
+      //this.validator.addProvider(new BasicAuthProvider());
+      this.validator.addProvider(new BearerAuthProvider());
 
       String mysqlHost = env.get("SQL_HOST");
       String mysqlUser = env.get("SQL_USER");