📄 requestauthenticator.java
字号:
/** * Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */package org.apache.lucene.gdata.servlet.handler;import javax.servlet.http.Cookie;import javax.servlet.http.HttpServletRequest;import org.apache.commons.logging.Log;import org.apache.commons.logging.LogFactory;import org.apache.lucene.gdata.data.GDataAccount;import org.apache.lucene.gdata.data.GDataAccount.AccountRole;import org.apache.lucene.gdata.server.GDataRequest;import org.apache.lucene.gdata.server.ServiceException;import org.apache.lucene.gdata.server.ServiceFactory;import org.apache.lucene.gdata.server.administration.AdminService;import org.apache.lucene.gdata.server.authentication.AuthenticationController;import org.apache.lucene.gdata.server.authentication.AuthenticatorException;import org.apache.lucene.gdata.server.authentication.GDataHttpAuthenticator;import org.apache.lucene.gdata.server.registry.ComponentType;import org.apache.lucene.gdata.server.registry.GDataServerRegistry;/** * The RequestAuthenticator provides access to the registered * {@link org.apache.lucene.gdata.server.authentication.AuthenticationController} * as a super class for all request handler requiereing authentication for * access. This class implements the * {@link org.apache.lucene.gdata.server.authentication.GDataHttpAuthenticator} * to get the auth token from the given request and call the needed Components * to authenticat the client. * <p> * For request handler handling common requests like entry insert or update the * authentication will be based on the account name verified as the owner of the * feed to alter. If the accountname in the token does not match the name of the * account which belongs to the feed the given role will be used for * autentication. Authentication using the * {@link RequestAuthenticator#authenticateAccount(HttpServletRequest, AccountRole)} * method, the account name will be ignored, authentication will be based on the * given <tt>AccountRole</tt> * </p> * * @author Simon Willnauer * */public class RequestAuthenticator implements GDataHttpAuthenticator { private static final Log LOG = LogFactory .getLog(RequestAuthenticator.class); /** * @see org.apache.lucene.gdata.server.authentication.GDataHttpAuthenticator#authenticateAccount(org.apache.lucene.gdata.server.GDataRequest, * org.apache.lucene.gdata.data.GDataAccount.AccountRole) */ public boolean authenticateAccount(GDataRequest request, AccountRole role) { String clientIp = request.getRemoteAddress(); if (LOG.isDebugEnabled()) LOG .debug("Authenticating Account for GDataRequest -- modifying entries -- Role: " + role + "; ClientIp: " + clientIp); AuthenticationController controller = GDataServerRegistry.getRegistry() .lookup(AuthenticationController.class, ComponentType.AUTHENTICATIONCONTROLLER); ServiceFactory factory = GDataServerRegistry.getRegistry().lookup( ServiceFactory.class, ComponentType.SERVICEFACTORY); AdminService adminService = factory.getAdminService(); GDataAccount account; try { account = adminService.getFeedOwningAccount(request.getFeedId()); String token = getTokenFromRequest(request.getHttpServletRequest()); if (LOG.isDebugEnabled()) LOG.debug("Got Token: " + token + "; for requesting account: " + account); if (account != null && token != null) return controller.authenticateToken(token, clientIp, AccountRole.ENTRYAMINISTRATOR, account.getName()); } catch (ServiceException e) { LOG.error("can get GDataAccount for feedID -- " + request.getFeedId(), e); throw new AuthenticatorException(" Service exception occured", e); }finally{ if(adminService!=null) adminService.close(); } return false; } /** * @see org.apache.lucene.gdata.server.authentication.GDataHttpAuthenticator#authenticateAccount(javax.servlet.http.HttpServletRequest, * org.apache.lucene.gdata.data.GDataAccount.AccountRole) */ public boolean authenticateAccount(HttpServletRequest request, AccountRole role) { String clientIp = request.getRemoteAddr(); if (LOG.isDebugEnabled()) LOG .debug("Authenticating Account for GDataRequest -- modifying entries -- Role: " + role + "; ClientIp: " + clientIp); AuthenticationController controller = GDataServerRegistry.getRegistry() .lookup(AuthenticationController.class, ComponentType.AUTHENTICATIONCONTROLLER); String token = getTokenFromRequest(request); if (LOG.isDebugEnabled()) LOG.debug("Got Token: " + token + ";"); if (token == null) return false; return controller.authenticateToken(token, clientIp, role, null); } protected String getTokenFromRequest(HttpServletRequest request) { String token = request .getHeader(AuthenticationController.AUTHORIZATION_HEADER); if (token == null || !token.startsWith("GoogleLogin")) { Cookie[] cookies = request.getCookies(); if (cookies == null) { return null; } for (int i = 0; i < cookies.length; i++) { if (cookies[i].getName().equals( AuthenticationController.TOKEN_KEY)) { token = cookies[i].getValue(); break; } } } if (token != null) token = token.substring(token.indexOf("=") + 1); return token; }}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -