Java tutorial
/** * Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.apache.lucene.gdata.servlet.handler; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.lucene.gdata.data.GDataAccount; import org.apache.lucene.gdata.data.GDataAccount.AccountRole; import org.apache.lucene.gdata.server.GDataRequest; import org.apache.lucene.gdata.server.ServiceException; import org.apache.lucene.gdata.server.ServiceFactory; import org.apache.lucene.gdata.server.administration.AdminService; import org.apache.lucene.gdata.server.authentication.AuthenticationController; import org.apache.lucene.gdata.server.authentication.AuthenticatorException; import org.apache.lucene.gdata.server.authentication.GDataHttpAuthenticator; import org.apache.lucene.gdata.server.registry.ComponentType; import org.apache.lucene.gdata.server.registry.GDataServerRegistry; /** * The RequestAuthenticator provides access to the registered * {@link org.apache.lucene.gdata.server.authentication.AuthenticationController} * as a super class for all request handler requiereing authentication for * access. This class implements the * {@link org.apache.lucene.gdata.server.authentication.GDataHttpAuthenticator} * to get the auth token from the given request and call the needed Components * to authenticat the client. * <p> * For request handler handling common requests like entry insert or update the * authentication will be based on the account name verified as the owner of the * feed to alter. If the accountname in the token does not match the name of the * account which belongs to the feed the given role will be used for * autentication. Authentication using the * {@link RequestAuthenticator#authenticateAccount(HttpServletRequest, AccountRole)} * method, the account name will be ignored, authentication will be based on the * given <tt>AccountRole</tt> * </p> * * @author Simon Willnauer * */ public class RequestAuthenticator implements GDataHttpAuthenticator { private static final Log LOG = LogFactory.getLog(RequestAuthenticator.class); /** * @see org.apache.lucene.gdata.server.authentication.GDataHttpAuthenticator#authenticateAccount(org.apache.lucene.gdata.server.GDataRequest, * org.apache.lucene.gdata.data.GDataAccount.AccountRole) */ public boolean authenticateAccount(GDataRequest request, AccountRole role) { String clientIp = request.getRemoteAddress(); if (LOG.isDebugEnabled()) LOG.debug("Authenticating Account for GDataRequest -- modifying entries -- Role: " + role + "; ClientIp: " + clientIp); AuthenticationController controller = GDataServerRegistry.getRegistry() .lookup(AuthenticationController.class, ComponentType.AUTHENTICATIONCONTROLLER); ServiceFactory factory = GDataServerRegistry.getRegistry().lookup(ServiceFactory.class, ComponentType.SERVICEFACTORY); AdminService adminService = factory.getAdminService(); GDataAccount account; try { account = adminService.getFeedOwningAccount(request.getFeedId()); String token = getTokenFromRequest(request.getHttpServletRequest()); if (LOG.isDebugEnabled()) LOG.debug("Got Token: " + token + "; for requesting account: " + account); if (account != null && token != null) return controller.authenticateToken(token, clientIp, AccountRole.ENTRYAMINISTRATOR, account.getName()); } catch (ServiceException e) { LOG.error("can get GDataAccount for feedID -- " + request.getFeedId(), e); throw new AuthenticatorException(" Service exception occured", e); } finally { if (adminService != null) adminService.close(); } return false; } /** * @see org.apache.lucene.gdata.server.authentication.GDataHttpAuthenticator#authenticateAccount(javax.servlet.http.HttpServletRequest, * org.apache.lucene.gdata.data.GDataAccount.AccountRole) */ public boolean authenticateAccount(HttpServletRequest request, AccountRole role) { String clientIp = request.getRemoteAddr(); if (LOG.isDebugEnabled()) LOG.debug("Authenticating Account for GDataRequest -- modifying entries -- Role: " + role + "; ClientIp: " + clientIp); AuthenticationController controller = GDataServerRegistry.getRegistry() .lookup(AuthenticationController.class, ComponentType.AUTHENTICATIONCONTROLLER); String token = getTokenFromRequest(request); if (LOG.isDebugEnabled()) LOG.debug("Got Token: " + token + ";"); if (token == null) return false; return controller.authenticateToken(token, clientIp, role, null); } protected String getTokenFromRequest(HttpServletRequest request) { String token = request.getHeader(AuthenticationController.AUTHORIZATION_HEADER); if (token == null || !token.startsWith("GoogleLogin")) { Cookie[] cookies = request.getCookies(); if (cookies == null) { return null; } for (int i = 0; i < cookies.length; i++) { if (cookies[i].getName().equals(AuthenticationController.TOKEN_KEY)) { token = cookies[i].getValue(); break; } } } if (token != null) token = token.substring(token.indexOf("=") + 1); return token; } }