From 0f4b82c37a2da299d975b8072a510e4236d24a92 Mon Sep 17 00:00:00 2001 From: michaelpede Date: Tue, 13 Apr 2021 14:59:19 -0700 Subject: [PATCH] Bearer Token auth as default. BASIC auth is commented out. --- .../GenericEntityCollectionProcessor.java | 2 +- .../data/LookupEntityCollectionProcessor.java | 21 ------- .../data/definition/LookupDefinition.java | 1 - .../reso/service/data/meta/ResourceInfo.java | 2 - .../service/security/BasicAuthProvider.java | 2 +- .../service/security/BearerAuthProvider.java | 60 +++++++++++++++++++ .../org/reso/service/servlet/RESOservlet.java | 4 +- 7 files changed, 65 insertions(+), 27 deletions(-) delete mode 100644 src/main/java/org/reso/service/data/LookupEntityCollectionProcessor.java create mode 100644 src/main/java/org/reso/service/security/BearerAuthProvider.java diff --git a/src/main/java/org/reso/service/data/GenericEntityCollectionProcessor.java b/src/main/java/org/reso/service/data/GenericEntityCollectionProcessor.java index ee6c7b4..c1756f3 100644 --- a/src/main/java/org/reso/service/data/GenericEntityCollectionProcessor.java +++ b/src/main/java/org/reso/service/data/GenericEntityCollectionProcessor.java @@ -37,7 +37,7 @@ public class GenericEntityCollectionProcessor implements EntityCollectionProcess private OData odata; private ServiceMetadata serviceMetadata; private Connection connect = null; - private static final Logger LOG = LoggerFactory.getLogger(LookupEntityCollectionProcessor.class); + private static final Logger LOG = LoggerFactory.getLogger(GenericEntityCollectionProcessor.class); private ResourceInfo resourceInfo = null; public GenericEntityCollectionProcessor(Connection connection, ResourceInfo resourceInfo) diff --git a/src/main/java/org/reso/service/data/LookupEntityCollectionProcessor.java b/src/main/java/org/reso/service/data/LookupEntityCollectionProcessor.java deleted file mode 100644 index a0bb3ea..0000000 --- a/src/main/java/org/reso/service/data/LookupEntityCollectionProcessor.java +++ /dev/null @@ -1,21 +0,0 @@ -package org.reso.service.data; - -import org.apache.olingo.commons.api.edm.EdmPrimitiveTypeKind; -import org.reso.service.data.meta.FieldInfo; -import org.reso.service.data.meta.ResourceInfo; - -import java.util.ArrayList; - -import java.sql.Connection; - -public class LookupEntityCollectionProcessor extends GenericEntityCollectionProcessor -{ - private static ArrayList fieldList = null; - - public LookupEntityCollectionProcessor(Connection connection, ResourceInfo resourceInfo) - { - super(connection); - this.setResourceInfo(resourceInfo); - } - -} diff --git a/src/main/java/org/reso/service/data/definition/LookupDefinition.java b/src/main/java/org/reso/service/data/definition/LookupDefinition.java index db53043..f3817d3 100644 --- a/src/main/java/org/reso/service/data/definition/LookupDefinition.java +++ b/src/main/java/org/reso/service/data/definition/LookupDefinition.java @@ -2,7 +2,6 @@ package org.reso.service.data.definition; import org.apache.olingo.commons.api.edm.EdmPrimitiveTypeKind; -import org.reso.service.data.LookupEntityCollectionProcessor; import org.reso.service.data.meta.FieldInfo; import org.reso.service.data.meta.ResourceInfo; diff --git a/src/main/java/org/reso/service/data/meta/ResourceInfo.java b/src/main/java/org/reso/service/data/meta/ResourceInfo.java index 5d603e7..52e5ade 100644 --- a/src/main/java/org/reso/service/data/meta/ResourceInfo.java +++ b/src/main/java/org/reso/service/data/meta/ResourceInfo.java @@ -1,9 +1,7 @@ package org.reso.service.data.meta; -import org.apache.olingo.commons.api.edm.EdmPrimitiveTypeKind; import org.apache.olingo.commons.api.edm.FullQualifiedName; -import org.reso.service.data.LookupEntityCollectionProcessor; import java.util.ArrayList; diff --git a/src/main/java/org/reso/service/security/BasicAuthProvider.java b/src/main/java/org/reso/service/security/BasicAuthProvider.java index 8dc69f2..7877755 100644 --- a/src/main/java/org/reso/service/security/BasicAuthProvider.java +++ b/src/main/java/org/reso/service/security/BasicAuthProvider.java @@ -64,6 +64,6 @@ public class BasicAuthProvider implements Provider @Override public void unauthorizedResponse(HttpServletResponse resp) { resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED); - resp.setHeader("WWW-Authenticate","Basic"); + resp.setHeader("WWW-Authenticate",BasicAuthProvider.BASIC_STR); } } diff --git a/src/main/java/org/reso/service/security/BearerAuthProvider.java b/src/main/java/org/reso/service/security/BearerAuthProvider.java new file mode 100644 index 0000000..45f392e --- /dev/null +++ b/src/main/java/org/reso/service/security/BearerAuthProvider.java @@ -0,0 +1,60 @@ +package org.reso.service.security; + + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.util.Base64; +import java.util.Enumeration; + +public class BearerAuthProvider implements Provider +{ + public static final String AUTH_STR = "Authorization"; + public static final String BEARER_STR = "Bearer"; + public static final String AUTH_SPACE = " "; + + public static final String AUTH_BEARER_TOKEN = "reso-test-token"; + + private static final Logger LOG = LoggerFactory.getLogger(BearerAuthProvider.class); + + /** + * A simple BASIC Auth with static username and password. Purely for testing purposes. + * @param req The HTTP Request object from the servlet. + * @return true if authorized, false otherwise. + */ + @Override public boolean verify(HttpServletRequest req) + { + Enumeration headers = req.getHeaders(BearerAuthProvider.AUTH_STR); + + while (headers.hasMoreElements()) + { + String authResp = headers.nextElement(); + + if (authResp!=null && authResp.length()>0) + { + String[] parts = authResp.split(BearerAuthProvider.AUTH_SPACE); + if (parts[0].equals(BearerAuthProvider.BEARER_STR) && parts.length==2) + { + String token = parts[1]; + + if (token.equals(BearerAuthProvider.AUTH_BEARER_TOKEN)) + { + return true; + } + } + } + } + + return false; + } + + + @Override public void unauthorizedResponse(HttpServletResponse resp) + { + resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED); + resp.setHeader("WWW-Authenticate",BearerAuthProvider.BEARER_STR); + } +} + diff --git a/src/main/java/org/reso/service/servlet/RESOservlet.java b/src/main/java/org/reso/service/servlet/RESOservlet.java index 7c5f0f1..3ee227c 100644 --- a/src/main/java/org/reso/service/servlet/RESOservlet.java +++ b/src/main/java/org/reso/service/servlet/RESOservlet.java @@ -10,6 +10,7 @@ import org.reso.service.data.definition.LookupDefinition; import org.reso.service.data.meta.ResourceInfo; import org.reso.service.edmprovider.RESOedmProvider; import org.reso.service.security.BasicAuthProvider; +import org.reso.service.security.BearerAuthProvider; import org.reso.service.security.Validator; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -43,7 +44,8 @@ public class RESOservlet extends HttpServlet } this.validator = new Validator(); - this.validator.addProvider(new BasicAuthProvider()); + //this.validator.addProvider(new BasicAuthProvider()); + this.validator.addProvider(new BearerAuthProvider()); String mysqlHost = env.get("SQL_HOST"); String mysqlUser = env.get("SQL_USER");