Context Navigation

source: AnnotationManagerN4J/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorResourceImpl.java @ 73:4b8c909cabf3

Last change on this file since 73:4b8c909cabf3 was 73:4b8c909cabf3, checked in by casties, 10 years ago
small cleanup. trying restlet 2.2-snapshot now -- feeling lucky.
File size: 25.6 KB

Line
1	/**
2	* Base class for Annotator resource classes.
3	*/
4	package de.mpiwg.itgroup.annotations.restlet;
5
6	/*
7	* #%L
8	* AnnotationManager
9	* %%
10	* Copyright (C) 2012 - 2014 MPIWG Berlin
11	* %%
12	* This program is free software: you can redistribute it and/or modify
13	* it under the terms of the GNU Lesser General Public License as
14	* published by the Free Software Foundation, either version 3 of the
15	* License, or (at your option) any later version.
16	*
17	* This program is distributed in the hope that it will be useful,
18	* but WITHOUT ANY WARRANTY; without even the implied warranty of
19	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20	* GNU General Lesser Public License for more details.
21	*
22	* You should have received a copy of the GNU General Lesser Public
23	* License along with this program. If not, see
24	* <http://www.gnu.org/licenses/lgpl-3.0.html>.
25	* #L%
26	*/
27
28	import java.io.UnsupportedEncodingException;
29	import java.security.InvalidKeyException;
30	import java.security.SignatureException;
31	import java.text.SimpleDateFormat;
32	import java.util.ArrayList;
33	import java.util.Calendar;
34	import java.util.HashSet;
35	import java.util.List;
36	import java.util.Set;
37	import java.util.regex.Matcher;
38	import java.util.regex.Pattern;
39
40	import net.oauth.jsontoken.Checker;
41	import net.oauth.jsontoken.JsonToken;
42	import net.oauth.jsontoken.JsonTokenParser;
43	import net.oauth.jsontoken.SystemClock;
44	import net.oauth.jsontoken.crypto.HmacSHA256Verifier;
45	import net.oauth.jsontoken.crypto.Verifier;
46
47	import org.apache.commons.codec.binary.Base64;
48	import org.apache.log4j.Logger;
49	import org.json.JSONArray;
50	import org.json.JSONException;
51	import org.json.JSONObject;
52	import org.restlet.data.Status;
53	import org.restlet.engine.header.Header;
54	import org.restlet.representation.Representation;
55	import org.restlet.resource.Options;
56	import org.restlet.resource.ServerResource;
57	import org.restlet.util.Series;
58
59	import de.mpiwg.itgroup.annotations.Actor;
60	import de.mpiwg.itgroup.annotations.Annotation;
61	import de.mpiwg.itgroup.annotations.Annotation.FragmentTypes;
62	import de.mpiwg.itgroup.annotations.Group;
63	import de.mpiwg.itgroup.annotations.Person;
64	import de.mpiwg.itgroup.annotations.Resource;
65	import de.mpiwg.itgroup.annotations.Target;
66	import de.mpiwg.itgroup.annotations.neo4j.AnnotationStore;
67
68	/**
69	* Base class for Annotator resource classes.
70	*
71	* @author dwinter, casties
72	*
73	*/
74	public abstract class AnnotatorResourceImpl extends ServerResource {
75
76	protected static Logger logger = Logger.getLogger(AnnotatorResourceImpl.class);
77
78	private AnnotationStore store;
79
80	protected String getAllowedMethodsForHeader() {
81	return "OPTIONS,GET,POST";
82	}
83
84	protected AnnotationStore getAnnotationStore() {
85	if (store == null) {
86	store = ((BaseRestlet) getApplication()).getAnnotationStore();
87	}
88	return store;
89	}
90
91	public String encodeJsonId(String id) {
92	if (id == null)
93	return null;
94	try {
95	return Base64.encodeBase64URLSafeString(id.getBytes("UTF-8"));
96	} catch (UnsupportedEncodingException e) {
97	return null;
98	}
99	}
100
101	public String decodeJsonId(String id) {
102	if (id == null)
103	return null;
104	try {
105	return new String(Base64.decodeBase64(id), "UTF-8");
106	} catch (UnsupportedEncodingException e) {
107	return null;
108	}
109	}
110
111	/**
112	* Handle options request to allow CORS for AJAX.
113	*
114	* @param entity
115	*/
116	@Options
117	public void doOptions(Representation entity) {
118	logger.debug("AnnotatorResourceImpl doOptions!");
119	setCorsHeaders();
120	}
121
122	/**
123	* set headers to allow CORS for AJAX.
124	*/
125	protected void setCorsHeaders() {
126	@SuppressWarnings("unchecked")
127	Series<Header> responseHeaders = (Series<Header>) getResponse().getAttributes().get("org.restlet.http.headers");
128	if (responseHeaders == null) {
129	responseHeaders = new Series<Header>(Header.class);
130	getResponse().getAttributes().put("org.restlet.http.headers", responseHeaders);
131	}
132	responseHeaders.add("Access-Control-Allow-Methods", getAllowedMethodsForHeader());
133	// echo back Origin and Request-Headers
134	@SuppressWarnings("unchecked")
135	Series<Header> requestHeaders = (Series<Header>) getRequest().getAttributes().get("org.restlet.http.headers");
136	String origin = requestHeaders.getFirstValue("Origin", true);
137	if (origin == null) {
138	responseHeaders.add("Access-Control-Allow-Origin", "*");
139	} else {
140	responseHeaders.add("Access-Control-Allow-Origin", origin);
141	}
142	String allowHeaders = requestHeaders.getFirstValue("Access-Control-Request-Headers", true);
143	if (allowHeaders != null) {
144	responseHeaders.add("Access-Control-Allow-Headers", allowHeaders);
145	}
146	responseHeaders.add("Access-Control-Allow-Credentials", "true");
147	responseHeaders.add("Access-Control-Max-Age", "60");
148	}
149
150	/**
151	* returns if authentication information from headers is valid.
152	*
153	* @param entity
154	* @return
155	*/
156	public boolean isAuthenticated(Representation entity) {
157	return (checkAuthToken(entity) != null);
158	}
159
160	/**
161	* Checks Annotator Auth plugin authentication information from headers.
162	* Returns userId if successful. Returns "anonymous" in non-authorization
163	* mode.
164	*
165	* @param entity
166	* @return
167	*/
168	public String checkAuthToken(Representation entity) {
169	@SuppressWarnings("unchecked")
170	Series<Header> requestHeaders = (Series<Header>) getRequest().getAttributes().get("org.restlet.http.headers");
171	String authToken = requestHeaders.getFirstValue("x-annotator-auth-token", true);
172	if (authToken == null) {
173	if (!((BaseRestlet) getApplication()).isAuthorizationMode()) {
174	return "anonymous";
175	}
176	return null;
177	}
178	// decode token first to get consumer key
179	JsonToken token = new JsonTokenParser(null, null).deserialize(authToken);
180	String userId = token.getParamAsPrimitive("userId").getAsString();
181	String consumerKey = token.getParamAsPrimitive("consumerKey").getAsString();
182	// get stored consumer secret for key
183	BaseRestlet restServer = (BaseRestlet) getApplication();
184	String consumerSecret = restServer.getConsumerSecret(consumerKey);
185	logger.debug("requested consumer key=" + consumerKey + " secret=" + consumerSecret);
186	if (consumerSecret == null) {
187	return null;
188	}
189	// logger.debug(String.format("token=%s tokenString=%s signatureAlgorithm=%s",token,token.getTokenString(),token.getSignatureAlgorithm()));
190	try {
191	List<Verifier> verifiers = new ArrayList<Verifier>();
192	// we only do HS256 yet
193	verifiers.add(new HmacSHA256Verifier(consumerSecret.getBytes("UTF-8")));
194	// verify token signature(should really be static...)
195	new JsonTokenParser(new SystemClock(), null, (Checker[]) null).verify(token, verifiers);
196	} catch (SignatureException e) {
197	// TODO Auto-generated catch block
198	e.printStackTrace();
199	} catch (InvalidKeyException e) {
200	// TODO Auto-generated catch block
201	e.printStackTrace();
202	} catch (UnsupportedEncodingException e) {
203	// TODO Auto-generated catch block
204	e.printStackTrace();
205	}
206	// must be ok then
207	logger.debug("auth OK! user=" + userId);
208	return userId;
209	}
210
211	/**
212	* creates Annotator-JSON from an Annotation object.
213	*
214	* @param annot
215	* @param forAnonymous
216	* TODO
217	* @return
218	*/
219	public JSONObject createAnnotatorJson(Annotation annot, boolean forAnonymous) {
220	// return user as a JSON object (otherwise just as string)
221	boolean makeUserObject = true;
222	JSONObject jo = new JSONObject();
223	try {
224	jo.put("text", annot.getBodyText());
225	jo.put("uri", annot.getTargetBaseUri());
226	if (annot.getResourceUri() != null) {
227	jo.put("resource", annot.getResourceUri());
228	}
229
230	/*
231	* user
232	*/
233	Actor creator = annot.getCreator();
234	if (creator != null) {
235	if (makeUserObject) {
236	// create user object
237	JSONObject userObject = new JSONObject();
238	// save creator as uri
239	userObject.put("uri", creator.getUri());
240	// make short user id
241	String userId = creator.getIdString();
242	// set as id
243	userObject.put("id", userId);
244	// get full name
245	String userName = creator.getName();
246	if (userName == null) {
247	BaseRestlet restServer = (BaseRestlet) getApplication();
248	userName = restServer.getFullNameFromLdap(userId);
249	}
250	userObject.put("name", userName);
251	// save user object
252	jo.put("user", userObject);
253	} else {
254	// save user as string
255	jo.put("user", annot.getCreatorUri());
256	}
257	}
258
259	/*
260	* ranges
261	*/
262	if (annot.getTargetFragment() != null) {
263	// we only look at the first xpointer
264	List<String> fragments = new ArrayList<String>();
265	fragments.add(annot.getTargetFragment());
266	FragmentTypes xt = annot.getFragmentType();
267	if (xt == FragmentTypes.XPOINTER) {
268	jo.put("ranges", transformToRanges(fragments));
269	} else if (xt == FragmentTypes.AREA) {
270	jo.put("shapes", transformToShapes(fragments));
271	}
272	}
273
274	/*
275	* permissions
276	*/
277	JSONObject perms = new JSONObject();
278	jo.put("permissions", perms);
279	// admin
280	JSONArray adminPerms = new JSONArray();
281	perms.put("admin", adminPerms);
282	Actor adminPerm = annot.getAdminPermission();
283	if (adminPerm != null) {
284	adminPerms.put(adminPerm.getIdString());
285	} else if (forAnonymous) {
286	// set something because its not allowed for anonymous
287	adminPerms.put("not-you");
288	}
289	// delete
290	JSONArray deletePerms = new JSONArray();
291	perms.put("delete", deletePerms);
292	Actor deletePerm = annot.getDeletePermission();
293	if (deletePerm != null) {
294	deletePerms.put(deletePerm.getIdString());
295	} else if (forAnonymous) {
296	// set something because its not allowed for anonymous
297	deletePerms.put("not-you");
298	}
299	// update
300	JSONArray updatePerms = new JSONArray();
301	perms.put("update", updatePerms);
302	Actor updatePerm = annot.getUpdatePermission();
303	if (updatePerm != null) {
304	updatePerms.put(updatePerm.getIdString());
305	} else if (forAnonymous) {
306	// set something because its not allowed for anonymous
307	updatePerms.put("not-you");
308	}
309	// read
310	JSONArray readPerms = new JSONArray();
311	perms.put("read", readPerms);
312	Actor readPerm = annot.getReadPermission();
313	if (readPerm != null) {
314	readPerms.put(readPerm.getIdString());
315	}
316
317	/*
318	* tags
319	*/
320	Set<String> tagset = annot.getTags();
321	if (tagset != null) {
322	JSONArray tags = new JSONArray();
323	jo.put("tags", tags);
324	for (String tag : tagset) {
325	tags.put(tag);
326	}
327	}
328
329	/*
330	* id
331	*/
332	// encode Annotation URL (=id) in base64
333	String annotUrl = annot.getUri();
334	String annotId = encodeJsonId(annotUrl);
335	jo.put("id", annotId);
336	return jo;
337	} catch (JSONException e) {
338	logger.error("Unable to create AnnotatorJSON!", e);
339	}
340	return null;
341	}
342
343	private JSONArray transformToRanges(List<String> xpointers) {
344	JSONArray ja = new JSONArray();
345	Pattern rg = Pattern
346	.compile("xpointer\\(start-point\\(string-range\\(\"([^\"])\",([^,]),1\\)\\)/range-to\\(end-point\\(string-range\\(\"([^\"])\",([^,]),1\\)\\)\\)\\)");
347	Pattern rg1 = Pattern.compile("xpointer\\(start-point\\(string-range\\(\"([^\"])\",([^,]),1\\)\\)\\)");
348	try {
349	for (String xpointer : xpointers) {
350	// String decoded = URLDecoder.decode(xpointer, "utf-8");
351	String decoded = xpointer;
352	Matcher m = rg.matcher(decoded);
353	if (m.find()) {
354	JSONObject jo = new JSONObject();
355	jo.put("start", m.group(1));
356	jo.put("startOffset", m.group(2));
357	jo.put("end", m.group(3));
358	jo.put("endOffset", m.group(4));
359	ja.put(jo);
360	}
361	m = rg1.matcher(xpointer);
362	if (m.find()) {
363	JSONObject jo = new JSONObject();
364	jo.put("start", m.group(1));
365	jo.put("startOffset", m.group(2));
366	ja.put(jo);
367	}
368	}
369	} catch (JSONException e) {
370	logger.error("Unable to transform to ranges!", e);
371	}
372	return ja;
373	}
374
375	private JSONArray transformToShapes(List<String> xpointers) {
376	JSONArray ja = new JSONArray();
377	Pattern rg = Pattern.compile("xywh=(\\w*):([\\d\\.]+),([\\d\\.]+),([\\d\\.]+),([\\d\\.]+)");
378	try {
379	for (String xpointer : xpointers) {
380	String decoded = xpointer;
381	Matcher m = rg.matcher(decoded);
382	if (m.find()) {
383	String units = m.group(1);
384	float x = getFloat(m.group(2));
385	float y = getFloat(m.group(3));
386	float width = getFloat(m.group(4));
387	float height = getFloat(m.group(5));
388	JSONObject shape = new JSONObject();
389	JSONObject geom = new JSONObject();
390	geom.put("units", units);
391	geom.put("x", x);
392	geom.put("y", y);
393	if (width == 0 \|\| height == 0) {
394	shape.put("type", "point");
395	shape.put("geometry", geom);
396	} else {
397	shape.put("type", "rectangle");
398	geom.put("width", width);
399	geom.put("height", height);
400	shape.put("geometry", geom);
401	}
402	ja.put(shape);
403	}
404	}
405	} catch (JSONException e) {
406	logger.error("Unable to transform to shapes!", e);
407	}
408	return ja;
409	}
410
411	protected String parseShape(JSONObject shape) throws JSONException {
412	String fragment = null;
413	String type = shape.getString("type");
414	JSONObject geom = shape.getJSONObject("geometry");
415	if (type.equalsIgnoreCase("point")) {
416	String x = geom.getString("x");
417	String y = geom.getString("y");
418	fragment = String.format("xywh=fraction:%s,%s,0,0", x, y);
419	} else if (type.equalsIgnoreCase("rectangle")) {
420	String x = geom.getString("x");
421	String y = geom.getString("y");
422	String width = geom.getString("width");
423	String height = geom.getString("height");
424	fragment = String.format("xywh=fraction:%s,%s,%s,%s", x, y, width, height);
425	} else {
426	logger.error("Unable to parse this shape: " + shape);
427	}
428	return fragment;
429	}
430
431	protected String parseArea(JSONObject area) throws JSONException {
432	String x = area.getString("x");
433	String y = area.getString("y");
434	String width = "0";
435	String height = "0";
436	if (area.has("width")) {
437	width = area.getString("width");
438	height = area.getString("height");
439	}
440	String fragment = String.format("xywh=fraction:%s,%s,%s,%s", x, y, width, height);
441	return fragment;
442	}
443
444	protected String parseRange(JSONObject range) throws JSONException {
445	String start = range.getString("start");
446	String end = range.getString("end");
447	String startOffset = range.getString("startOffset");
448	String endOffset = range.getString("endOffset");
449	String fragment = String.format(
450	"xpointer(start-point(string-range(\"%s\",%s,1))/range-to(end-point(string-range(\"%s\",%s,1))))", start,
451	startOffset, end, endOffset);
452	return fragment;
453	}
454
455	/**
456	* Creates an Annotation object with data from JSON.
457	*
458	* uses the specification from the annotator project: {@link https
459	* ://github.com/okfn/annotator/wiki/Annotation-format}
460	*
461	* The username will be transformed to an URI if not given already as URI,
462	* if not it will set to the MPIWG namespace defined in
463	* de.mpiwg.itgroup.annotationManager.Constants.NS
464	*
465	* @param jo
466	* @return
467	* @throws JSONException
468	* @throws UnsupportedEncodingException
469	*/
470	public Annotation createAnnotation(JSONObject jo, Representation entity) throws JSONException, UnsupportedEncodingException {
471	return updateAnnotation(new Annotation(), jo, entity);
472	}
473
474	/**
475	* Updates an Annotation object with data from JSON.
476	*
477	* uses the specification from the annotator project: {@link https
478	* ://github.com/okfn/annotator/wiki/Annotation-format}
479	*
480	* The username will be transformed to an URI if not given already as URI,
481	* if not it will set to the MPIWG namespace defined in
482	* de.mpiwg.itgroup.annotationManager.Constants.NS
483	*
484	* @param annot
485	* @param jo
486	* @return
487	* @throws JSONException
488	* @throws UnsupportedEncodingException
489	*/
490	public Annotation updateAnnotation(Annotation annot, JSONObject jo, Representation entity) throws JSONException,
491	UnsupportedEncodingException {
492	/*
493	* target uri
494	*/
495	if (jo.has("uri")) {
496	annot.setTarget(new Target(jo.getString("uri")));
497	}
498	/*
499	* resource uri
500	*/
501	if (jo.has("resource")) {
502	annot.setResource(new Resource(jo.getString("resource")));
503	}
504	/*
505	* annotation text
506	*/
507	if (jo.has("text")) {
508	annot.setBodyText(jo.getString("text"));
509	}
510	/*
511	* check authentication
512	*/
513	String authUser = checkAuthToken(entity);
514	if (authUser == null) {
515	/*
516	* // try http auth User httpUser = getHttpAuthUser(entity); if
517	* (httpUser == null) {
518	*/
519	setStatus(Status.CLIENT_ERROR_FORBIDDEN);
520	return null;
521	/*
522	* } authUser = httpUser.getIdentifier();
523	*/
524	}
525	/*
526	* get or create creator object
527	*/
528	Actor creator = annot.getCreator();
529	if (creator == null) {
530	creator = new Person();
531	annot.setCreator(creator);
532	}
533	// username not required, if no username given authuser will be used
534	String username = null;
535	String userUri = creator.getUri();
536	if (jo.has("user")) {
537	if (jo.get("user") instanceof String) {
538	// user is just a String
539	username = jo.getString("user");
540	creator.setId(username);
541	// TODO: what if username and authUser are different?
542	} else {
543	// user is an object
544	JSONObject user = jo.getJSONObject("user");
545	if (user.has("id")) {
546	String id = user.getString("id");
547	creator.setId(id);
548	username = id;
549	}
550	if (user.has("uri")) {
551	userUri = user.getString("uri");
552	}
553	}
554	}
555	if (username == null) {
556	username = authUser;
557	}
558	// try to get full name
559	if (creator.getName() == null && username != null) {
560	BaseRestlet restServer = (BaseRestlet) getApplication();
561	String fullName = restServer.getFullNameFromLdap(username);
562	creator.setName(fullName);
563	}
564	// userUri should be a URI, if not it will set to the MPIWG namespace
565	if (userUri == null) {
566	if (username.startsWith("http")) {
567	userUri = username;
568	} else {
569	userUri = BaseRestlet.PERSONS_URI_PREFIX + username;
570	}
571	}
572	// TODO: should we overwrite the creator?
573	if (creator.getUri() == null) {
574	creator.setUri(userUri);
575	}
576	/*
577	* creation date
578	*/
579	if (annot.getCreated() == null) {
580	// set creation date
581	SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
582	String ct = format.format(Calendar.getInstance().getTime());
583	annot.setCreated(ct);
584	}
585
586	/*
587	* create fragment from the first range/area
588	*/
589	try {
590	if (jo.has("ranges")) {
591	JSONArray ranges = jo.getJSONArray("ranges");
592	if (ranges.length() > 0) {
593	JSONObject range = ranges.getJSONObject(0);
594	annot.setFragmentType(FragmentTypes.XPOINTER);
595	String fragment = parseRange(range);
596	annot.setTargetFragment(fragment);
597	}
598	}
599	} catch (JSONException e) {
600	// nothing to do
601	}
602	try {
603	if (jo.has("shapes")) {
604	JSONArray shapes = jo.getJSONArray("shapes");
605	if (shapes.length() > 0) {
606	JSONObject shape = shapes.getJSONObject(0);
607	annot.setFragmentType(FragmentTypes.AREA);
608	String fragment = parseShape(shape);
609	annot.setTargetFragment(fragment);
610	}
611	}
612	} catch (JSONException e) {
613	// nothing to do
614	}
615	// deprecated areas type
616	try {
617	if (jo.has("areas")) {
618	JSONArray areas = jo.getJSONArray("areas");
619	if (areas.length() > 0) {
620	JSONObject area = areas.getJSONObject(0);
621	annot.setFragmentType(FragmentTypes.AREA);
622	String fragment = parseArea(area);
623	annot.setTargetFragment(fragment);
624	}
625	}
626	} catch (JSONException e) {
627	// nothing to do
628	}
629	// no fragment is an error
630	if (annot.getFragmentType() == null \|\| annot.getTargetFragment() == null) {
631	throw new JSONException("Annotation has no valid target fragment!");
632	}
633
634	/*
635	* permissions
636	*/
637	if (jo.has("permissions")) {
638	JSONObject permissions = jo.getJSONObject("permissions");
639	if (permissions.has("admin")) {
640	JSONArray perms = permissions.getJSONArray("admin");
641	Actor actor = getActorFromPermissions(perms);
642	annot.setAdminPermission(actor);
643	}
644	if (permissions.has("delete")) {
645	JSONArray perms = permissions.getJSONArray("delete");
646	Actor actor = getActorFromPermissions(perms);
647	annot.setDeletePermission(actor);
648	}
649	if (permissions.has("update")) {
650	JSONArray perms = permissions.getJSONArray("update");
651	Actor actor = getActorFromPermissions(perms);
652	annot.setUpdatePermission(actor);
653	}
654	if (permissions.has("read")) {
655	JSONArray perms = permissions.getJSONArray("read");
656	Actor actor = getActorFromPermissions(perms);
657	annot.setReadPermission(actor);
658	}
659	}
660
661	/*
662	* tags
663	*/
664	if (jo.has("tags")) {
665	HashSet<String> tagset = new HashSet<String>();
666	JSONArray tags = jo.getJSONArray("tags");
667	for (int i = 0; i < tags.length(); ++i) {
668	tagset.add(tags.getString(i));
669	}
670	annot.setTags(tagset);
671	}
672
673	return annot;
674	}
675
676	@SuppressWarnings("unused")
677	// i in for loop
678	protected Actor getActorFromPermissions(JSONArray perms) throws JSONException {
679	Actor actor = null;
680	for (int i = 0; i < perms.length(); ++i) {
681	String perm = perms.getString(i);
682	if (perm.toLowerCase().startsWith("group:")) {
683	String groupId = perm.substring(6);
684	actor = new Group(groupId);
685	} else {
686	actor = new Person(perm);
687	}
688	// we just take the first one
689	break;
690	}
691	return actor;
692	}
693
694	public static float getFloat(String s) {
695	try {
696	return Float.parseFloat(s);
697	} catch (NumberFormatException e) {
698	}
699	return 0f;
700	}
701
702	public static int getInt(String s) {
703	try {
704	return Integer.parseInt(s);
705	} catch (NumberFormatException e) {
706	}
707	return 0;
708	}
709	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: