|
8
|
1 /**
|
|
|
2 * Base class for Annotator resource classes.
|
|
|
3 */
|
|
|
4 package de.mpiwg.itgroup.annotationManager.restlet;
|
|
|
5
|
|
|
6 import java.io.UnsupportedEncodingException;
|
|
|
7 import java.net.URLDecoder;
|
|
11
|
8 import java.net.URLEncoder;
|
|
21
|
9 import java.security.InvalidKeyException;
|
|
|
10 import java.security.SignatureException;
|
|
8
|
11 import java.util.ArrayList;
|
|
|
12 import java.util.List;
|
|
|
13 import java.util.regex.Matcher;
|
|
|
14 import java.util.regex.Pattern;
|
|
|
15
|
|
21
|
16 import net.oauth.jsontoken.Checker;
|
|
20
|
17 import net.oauth.jsontoken.JsonToken;
|
|
|
18 import net.oauth.jsontoken.JsonTokenParser;
|
|
21
|
19 import net.oauth.jsontoken.SystemClock;
|
|
|
20 import net.oauth.jsontoken.crypto.HmacSHA256Verifier;
|
|
|
21 import net.oauth.jsontoken.crypto.Verifier;
|
|
20
|
22
|
|
24
|
23 import org.apache.commons.codec.binary.Base64;
|
|
10
|
24 import org.apache.log4j.Logger;
|
|
8
|
25 import org.json.JSONArray;
|
|
|
26 import org.json.JSONException;
|
|
|
27 import org.json.JSONObject;
|
|
13
|
28 import org.restlet.data.ClientInfo;
|
|
8
|
29 import org.restlet.data.Form;
|
|
11
|
30 import org.restlet.data.Status;
|
|
8
|
31 import org.restlet.representation.Representation;
|
|
|
32 import org.restlet.resource.Options;
|
|
|
33 import org.restlet.resource.ServerResource;
|
|
11
|
34 import org.restlet.security.User;
|
|
8
|
35
|
|
|
36 import de.mpiwg.itgroup.annotationManager.Constants.NS;
|
|
17
|
37 import de.mpiwg.itgroup.annotationManager.RDFHandling.Annotation;
|
|
8
|
38
|
|
|
39 /**
|
|
|
40 * Base class for Annotator resource classes.
|
|
|
41 *
|
|
|
42 * @author dwinter, casties
|
|
|
43 *
|
|
|
44 */
|
|
|
45 public abstract class AnnotatorResourceImpl extends ServerResource {
|
|
|
46
|
|
10
|
47 protected Logger logger = Logger.getRootLogger();
|
|
|
48
|
|
8
|
49 protected String getAllowedMethodsForHeader() {
|
|
|
50 return "OPTIONS,GET,POST";
|
|
|
51 }
|
|
|
52
|
|
17
|
53 public String encodeJsonId(String id) {
|
|
|
54 try {
|
|
24
|
55 return Base64.encodeBase64URLSafeString(id.getBytes("UTF-8"));
|
|
17
|
56 } catch (UnsupportedEncodingException e) {
|
|
|
57 return null;
|
|
|
58 }
|
|
|
59 }
|
|
|
60
|
|
|
61 public String decodeJsonId(String id) {
|
|
|
62 try {
|
|
24
|
63 return new String(Base64.decodeBase64(id), "UTF-8");
|
|
17
|
64 } catch (UnsupportedEncodingException e) {
|
|
|
65 return null;
|
|
|
66 }
|
|
|
67 }
|
|
13
|
68
|
|
|
69 /**
|
|
8
|
70 * Handle options request to allow CORS for AJAX.
|
|
|
71 *
|
|
|
72 * @param entity
|
|
|
73 */
|
|
|
74 @Options
|
|
|
75 public void doOptions(Representation entity) {
|
|
13
|
76 logger.debug("AnnotatorResourceImpl doOptions!");
|
|
|
77 setCorsHeaders();
|
|
|
78 }
|
|
|
79
|
|
|
80 /**
|
|
|
81 * set headers to allow CORS for AJAX.
|
|
|
82 */
|
|
|
83 protected void setCorsHeaders() {
|
|
10
|
84 Form responseHeaders = (Form) getResponse().getAttributes().get("org.restlet.http.headers");
|
|
8
|
85 if (responseHeaders == null) {
|
|
|
86 responseHeaders = new Form();
|
|
10
|
87 getResponse().getAttributes().put("org.restlet.http.headers", responseHeaders);
|
|
8
|
88 }
|
|
10
|
89 responseHeaders.add("Access-Control-Allow-Methods", getAllowedMethodsForHeader());
|
|
8
|
90 // echo back Origin and Request-Headers
|
|
10
|
91 Form requestHeaders = (Form) getRequest().getAttributes().get("org.restlet.http.headers");
|
|
8
|
92 String origin = requestHeaders.getFirstValue("Origin", true);
|
|
|
93 if (origin == null) {
|
|
|
94 responseHeaders.add("Access-Control-Allow-Origin", "*");
|
|
|
95 } else {
|
|
|
96 responseHeaders.add("Access-Control-Allow-Origin", origin);
|
|
|
97 }
|
|
10
|
98 String allowHeaders = requestHeaders.getFirstValue("Access-Control-Request-Headers", true);
|
|
8
|
99 if (allowHeaders != null) {
|
|
|
100 responseHeaders.add("Access-Control-Allow-Headers", allowHeaders);
|
|
|
101 }
|
|
|
102 responseHeaders.add("Access-Control-Allow-Credentials", "true");
|
|
|
103 responseHeaders.add("Access-Control-Max-Age", "60");
|
|
|
104 }
|
|
|
105
|
|
|
106 /**
|
|
10
|
107 * returns if authentication information from headers is valid.
|
|
|
108 *
|
|
|
109 * @param entity
|
|
|
110 * @return
|
|
|
111 */
|
|
|
112 public boolean isAuthenticated(Representation entity) {
|
|
13
|
113 return (checkAuthToken(entity) != null);
|
|
|
114 }
|
|
|
115
|
|
|
116 /**
|
|
|
117 * checks Annotator Auth plugin authentication information from headers. returns userId if successful.
|
|
|
118 *
|
|
|
119 * @param entity
|
|
|
120 * @return
|
|
|
121 */
|
|
|
122 public String checkAuthToken(Representation entity) {
|
|
10
|
123 Form requestHeaders = (Form) getRequest().getAttributes().get("org.restlet.http.headers");
|
|
20
|
124 String authToken = requestHeaders.getFirstValue("x-annotator-auth-token", true);
|
|
21
|
125 // decode token first to get consumer key
|
|
20
|
126 JsonToken token = new JsonTokenParser(null, null).deserialize(authToken);
|
|
21
|
127 String userId = token.getParamAsPrimitive("userId").getAsString();
|
|
20
|
128 String consumerKey = token.getParamAsPrimitive("consumerKey").getAsString();
|
|
|
129 // get stored consumer secret for key
|
|
|
130 RestServer restServer = (RestServer) getApplication();
|
|
|
131 String consumerSecret = restServer.getConsumerSecret(consumerKey);
|
|
|
132 logger.debug("requested consumer key=" + consumerKey + " secret=" + consumerSecret);
|
|
|
133 if (consumerSecret == null) {
|
|
|
134 return null;
|
|
|
135 }
|
|
21
|
136 //logger.debug(String.format("token=%s tokenString=%s signatureAlgorithm=%s",token,token.getTokenString(),token.getSignatureAlgorithm()));
|
|
|
137 try {
|
|
|
138 List<Verifier> verifiers = new ArrayList<Verifier>();
|
|
|
139 // we only do HS256 yet
|
|
|
140 verifiers.add(new HmacSHA256Verifier(consumerSecret.getBytes("UTF-8")));
|
|
|
141 // verify token signature(should really be static...)
|
|
|
142 new JsonTokenParser(new SystemClock(), null, (Checker[]) null).verify(token, verifiers);
|
|
|
143 } catch (SignatureException e) {
|
|
|
144 // TODO Auto-generated catch block
|
|
|
145 e.printStackTrace();
|
|
|
146 } catch (InvalidKeyException e) {
|
|
|
147 // TODO Auto-generated catch block
|
|
|
148 e.printStackTrace();
|
|
20
|
149 } catch (UnsupportedEncodingException e) {
|
|
|
150 // TODO Auto-generated catch block
|
|
|
151 e.printStackTrace();
|
|
10
|
152 }
|
|
|
153 // must be ok then
|
|
15
|
154 logger.debug("auth OK! user="+userId);
|
|
13
|
155 return userId;
|
|
10
|
156 }
|
|
|
157
|
|
|
158 /**
|
|
11
|
159 * creates Annotator-JSON from an Annotation object.
|
|
8
|
160 *
|
|
|
161 * @param annot
|
|
|
162 * @return
|
|
|
163 */
|
|
17
|
164 public JSONObject createAnnotatorJson(Annotation annot) {
|
|
13
|
165 boolean makeUserObject = true;
|
|
8
|
166 JSONObject jo = new JSONObject();
|
|
|
167 try {
|
|
|
168 jo.put("text", annot.text);
|
|
|
169 jo.put("uri", annot.url);
|
|
|
170
|
|
13
|
171 if (makeUserObject) {
|
|
|
172 // create user object
|
|
|
173 JSONObject userObject = new JSONObject();
|
|
|
174 // save creator as uri
|
|
|
175 userObject.put("uri", annot.creator);
|
|
|
176 // make short user id
|
|
|
177 String userID = annot.creator;
|
|
26
|
178 if (userID.startsWith(NS.MPIWG_PERSONS_URL)) {
|
|
|
179 userID = userID.replace(NS.MPIWG_PERSONS_URL, ""); // entferne NAMESPACE
|
|
13
|
180 }
|
|
|
181 // save as id
|
|
|
182 userObject.put("id", userID);
|
|
|
183 // get full name
|
|
|
184 RestServer restServer = (RestServer) getApplication();
|
|
|
185 String userName = restServer.getUserNameFromLdap(userID);
|
|
|
186 userObject.put("name", userName);
|
|
|
187 // save user object
|
|
|
188 jo.put("user", userObject);
|
|
|
189 } else {
|
|
|
190 // save user as string
|
|
|
191 jo.put("user", annot.creator);
|
|
8
|
192 }
|
|
|
193
|
|
13
|
194 List<String> xpointers = new ArrayList<String>();
|
|
8
|
195 if (annot.xpointers == null || annot.xpointers.size() == 0)
|
|
13
|
196 xpointers.add(annot.xpointer);
|
|
8
|
197 else {
|
|
|
198 for (String xpointerString : annot.xpointers) {
|
|
13
|
199 xpointers.add(xpointerString);
|
|
8
|
200 }
|
|
|
201 }
|
|
13
|
202 jo.put("ranges", transformToRanges(xpointers));
|
|
17
|
203 // encode Annotation URL (=id) in base64
|
|
|
204 String annotUrl = annot.getAnnotationUri();
|
|
|
205 String annotId = encodeJsonId(annotUrl);
|
|
|
206 jo.put("id", annotId);
|
|
8
|
207 return jo;
|
|
|
208 } catch (JSONException e) {
|
|
|
209 // TODO Auto-generated catch block
|
|
|
210 e.printStackTrace();
|
|
|
211 }
|
|
17
|
212 return null;
|
|
8
|
213 }
|
|
|
214
|
|
|
215 private JSONArray transformToRanges(List<String> xpointers) {
|
|
|
216
|
|
|
217 JSONArray ja = new JSONArray();
|
|
|
218
|
|
|
219 Pattern rg = Pattern
|
|
|
220 .compile("#xpointer\\(start-point\\(string-range\\(\"([^\"]*)\",([^,]*),1\\)\\)/range-to\\(end-point\\(string-range\\(\"([^\"]*)\",([^,]*),1\\)\\)\\)\\)");
|
|
10
|
221 Pattern rg1 = Pattern.compile("#xpointer\\(start-point\\(string-range\\(\"([^\"]*)\",([^,]*),1\\)\\)\\)");
|
|
8
|
222
|
|
|
223 try {
|
|
|
224 for (String xpointer : xpointers) {
|
|
|
225 String decoded = URLDecoder.decode(xpointer, "utf-8");
|
|
|
226 Matcher m = rg.matcher(decoded);
|
|
|
227
|
|
|
228 if (m.find()) {
|
|
|
229 {
|
|
|
230 JSONObject jo = new JSONObject();
|
|
|
231 jo.put("start", m.group(1));
|
|
|
232 jo.put("startOffset", m.group(2));
|
|
|
233 jo.put("end", m.group(3));
|
|
|
234 jo.put("endOffset", m.group(4));
|
|
|
235 ja.put(jo);
|
|
|
236 }
|
|
|
237 }
|
|
|
238 m = rg1.matcher(xpointer);
|
|
|
239 if (m.find()) {
|
|
|
240 JSONObject jo = new JSONObject();
|
|
|
241 jo.put("start", m.group(1));
|
|
|
242 jo.put("startOffset", m.group(2));
|
|
|
243
|
|
|
244 ja.put(jo);
|
|
|
245 }
|
|
|
246 }
|
|
|
247 } catch (JSONException e) {
|
|
|
248 // TODO Auto-generated catch block
|
|
|
249 e.printStackTrace();
|
|
|
250 } catch (UnsupportedEncodingException e) {
|
|
|
251 // TODO Auto-generated catch block
|
|
|
252 e.printStackTrace();
|
|
|
253 }
|
|
|
254
|
|
|
255 return ja;
|
|
|
256 }
|
|
|
257
|
|
11
|
258 /**
|
|
13
|
259 * creates an Annotation object with data from JSON.
|
|
|
260 *
|
|
|
261 * uses the specification from the annotator project: {@link https://github.com/okfn/annotator/wiki/Annotation-format}
|
|
11
|
262 *
|
|
13
|
263 * The username will be transformed to an URI if not given already as URI, if not it will set to the MPIWG namespace defined in
|
|
|
264 * de.mpiwg.itgroup.annotationManager.Constants.NS
|
|
11
|
265 *
|
|
|
266 * @param jo
|
|
|
267 * @return
|
|
|
268 * @throws JSONException
|
|
|
269 */
|
|
17
|
270 public Annotation createAnnotation(JSONObject jo, Representation entity) throws JSONException {
|
|
|
271 return updateAnnotation(new Annotation(), jo, entity);
|
|
|
272 }
|
|
|
273
|
|
|
274 public Annotation updateAnnotation(Annotation annot, JSONObject jo, Representation entity) throws JSONException {
|
|
|
275 // annotated uri
|
|
|
276 String url = annot.url;
|
|
|
277 if (jo.has("uri")) {
|
|
|
278 url = jo.getString("uri");
|
|
|
279 }
|
|
|
280 // annotation text
|
|
|
281 String text = annot.text;
|
|
|
282 if (jo.has("text")) {
|
|
|
283 text = jo.getString("text");
|
|
|
284 }
|
|
13
|
285 // check authentication
|
|
|
286 String authUser = checkAuthToken(entity);
|
|
|
287 if (authUser == null) {
|
|
|
288 // try http auth
|
|
|
289 User httpUser = getHttpAuthUser(entity);
|
|
|
290 if (httpUser == null) {
|
|
11
|
291 setStatus(Status.CLIENT_ERROR_FORBIDDEN);
|
|
|
292 return null;
|
|
|
293 }
|
|
13
|
294 authUser = httpUser.getIdentifier();
|
|
11
|
295 }
|
|
13
|
296 // username not required, if no username given authuser will be used
|
|
|
297 String username = null;
|
|
17
|
298 String userUri = annot.creator;
|
|
13
|
299 if (jo.has("user")) {
|
|
|
300 if (jo.get("user") instanceof String) {
|
|
|
301 // user is just a String
|
|
|
302 username = jo.getString("user");
|
|
|
303 // TODO: what if username and authUser are different?
|
|
|
304 } else {
|
|
|
305 // user is an object
|
|
|
306 JSONObject user = jo.getJSONObject("user");
|
|
|
307 if (user.has("id")) {
|
|
|
308 username = user.getString("id");
|
|
|
309 }
|
|
|
310 if (user.has("uri")) {
|
|
|
311 userUri = user.getString("uri");
|
|
|
312 }
|
|
|
313 }
|
|
|
314 }
|
|
|
315 if (username == null) {
|
|
|
316 username = authUser;
|
|
|
317 }
|
|
17
|
318 // username should be a URI, if not it will set to the MPIWG namespace defined in
|
|
|
319 // de.mpiwg.itgroup.annotationManager.Constants.NS
|
|
|
320 if (userUri == null) {
|
|
|
321 if (username.startsWith("http")) {
|
|
|
322 userUri = username;
|
|
|
323 } else {
|
|
26
|
324 userUri = NS.MPIWG_PERSONS_URL + username;
|
|
17
|
325 }
|
|
|
326 }
|
|
|
327 // TODO: should we overwrite the creator?
|
|
13
|
328
|
|
|
329 // create xpointer
|
|
17
|
330 String xpointer = annot.xpointer;
|
|
11
|
331 if (jo.has("ranges")) {
|
|
|
332 JSONObject ranges = jo.getJSONArray("ranges").getJSONObject(0);
|
|
|
333 String start = ranges.getString("start");
|
|
|
334 String end = ranges.getString("end");
|
|
|
335 String startOffset = ranges.getString("startOffset");
|
|
|
336 String endOffset = ranges.getString("endOffset");
|
|
13
|
337
|
|
11
|
338 try {
|
|
|
339 xpointer = url
|
|
|
340 + "#"
|
|
|
341 + URLEncoder.encode(String.format(
|
|
|
342 "xpointer(start-point(string-range(\"%s\",%s,1))/range-to(end-point(string-range(\"%s\",%s,1))))",
|
|
|
343 start, startOffset, end, endOffset), "utf-8");
|
|
|
344 } catch (UnsupportedEncodingException e) {
|
|
|
345 e.printStackTrace();
|
|
|
346 setStatus(Status.SERVER_ERROR_INTERNAL);
|
|
|
347 return null;
|
|
|
348 }
|
|
|
349 }
|
|
17
|
350 return new Annotation(xpointer, userUri, annot.time, text, annot.type);
|
|
13
|
351 }
|
|
|
352
|
|
|
353 /**
|
|
|
354 * returns the logged in User.
|
|
|
355 *
|
|
|
356 * @param entity
|
|
|
357 * @return
|
|
|
358 */
|
|
|
359 protected User getHttpAuthUser(Representation entity) {
|
|
|
360 RestServer restServer = (RestServer) getApplication();
|
|
|
361 if (!restServer.authenticate(getRequest(), getResponse())) {
|
|
|
362 // Not authenticated
|
|
|
363 return null;
|
|
|
364 }
|
|
|
365
|
|
|
366 ClientInfo ci = getRequest().getClientInfo();
|
|
|
367 logger.debug(ci);
|
|
|
368 return getRequest().getClientInfo().getUser();
|
|
|
369
|
|
11
|
370 }
|
|
|
371
|
|
8
|
372 }
|
