Changeset 88:b406507a953d in AnnotationManagerN4J for src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorResourceImpl.java

Timestamp:

Feb 3, 2015, 6:01:27 PM (9 years ago)

Author:

casties

Branch:

default

Message:

upped version to 0.5.
can use display name and groups from auth token.

File:

• src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorResourceImpl.java (modified) (10 diffs)

src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorResourceImpl.java

@@ -1 @@
-/**
- * Base class for Annotator resource classes.
- */
 package de.mpiwg.itgroup.annotations.restlet;
 
@@ -27 +24 @@
 
 import java.io.UnsupportedEncodingException;
-import java.security.InvalidKeyException;
-import java.security.SignatureException;
 import java.text.SimpleDateFormat;
 import java.util.ArrayList;
@@ -57 +52 @@
 import org.restlet.util.Series;
 
+import com.google.gson.JsonArray;
+import com.google.gson.JsonElement;
+import com.google.gson.JsonObject;
+
 import de.mpiwg.itgroup.annotations.Actor;
 import de.mpiwg.itgroup.annotations.Annotation;
@@ -155 +154 @@
      */
     public boolean isAuthenticated(Representation entity) {
-        return (checkAuthToken(entity) != null);
+        return (getUserFromAuthToken(entity) != null);
     }
 
@@ -166 +165 @@
      * @return user-id
      */
-    public String checkAuthToken(Representation entity) {
+    public Person getUserFromAuthToken(Representation entity) {
         @SuppressWarnings("unchecked")
         Series<Header> requestHeaders = (Series<Header>) getRequest().getAttributes().get("org.restlet.http.headers");
@@ -172 +171 @@
         if (authToken == null) {
             if (!((BaseRestlet) getApplication()).isAuthorizationMode()) {
-                return "anonymous";
+                return Person.getAnonymous();
             }
             return null;
         }
-        // decode token first to get consumer key
-        JsonToken token = new JsonTokenParser(null, null).deserialize(authToken);
-        String userId = token.getParamAsPrimitive("userId").getAsString();
-        String consumerKey = token.getParamAsPrimitive("consumerKey").getAsString();
-        // get stored consumer secret for key
-        BaseRestlet restServer = (BaseRestlet) getApplication();
-        String consumerSecret = restServer.getConsumerSecret(consumerKey);
-        logger.fine("requested consumer key=" + consumerKey + " secret=" + consumerSecret);
-        if (consumerSecret == null) {
-            return null;
-        }
-        // logger.fine(String.format("token=%s tokenString=%s signatureAlgorithm=%s",token,token.getTokenString(),token.getSignatureAlgorithm()));
-        try {
+        Person user = null;
+                try {
+                        // decode token first to get consumer key
+            JsonToken token = new JsonTokenParser(null, null).deserialize(authToken);
+            String consumerKey = token.getParamAsPrimitive("consumerKey").getAsString();
+            // get stored consumer secret for key
+            BaseRestlet restServer = (BaseRestlet) getApplication();
+            String consumerSecret = restServer.getConsumerSecret(consumerKey);
+            logger.fine("requested consumer key=" + consumerKey + " secret=" + consumerSecret);
+                        if (consumerSecret == null) {
+                            logger.warning("Error: unknown consumer key: "+consumerKey);
+                                return null;
+                        }
+                        // logger.fine(String.format("token=%s tokenString=%s signatureAlgorithm=%s",token,token.getTokenString(),token.getSignatureAlgorithm()));
             List<Verifier> verifiers = new ArrayList<Verifier>();
             // we only do HS256 yet
@@ -194 +194 @@
             // verify token signature(should really be static...)
             new JsonTokenParser(new SystemClock(), null, (Checker[]) null).verify(token, verifiers);
-        } catch (SignatureException e) {
-            // TODO Auto-generated catch block
-            e.printStackTrace();
-        } catch (InvalidKeyException e) {
-            // TODO Auto-generated catch block
-            e.printStackTrace();
-        } catch (UnsupportedEncodingException e) {
-            // TODO Auto-generated catch block
-            e.printStackTrace();
+            // create Person
+            JsonObject payload = token.getPayloadAsJsonObject();
+            // userId is mandatory
+            String userId = payload.get("userId").getAsString();
+            user = new Person(userId);
+            // displayName is optional
+            if (payload.has("displayName")) {
+                user.name = payload.get("displayName").getAsString();
+            }
+            // memberOf groups is optional
+            if (payload.has("memberOf")) {
+                Set<String> groups = new HashSet<String>();
+                JsonArray jgroups = payload.get("memberOf").getAsJsonArray();
+                for (JsonElement jgroup : jgroups) {
+                    groups.add(jgroup.getAsString());
+                }
+                user.groups = groups;
+            }
+        } catch (Exception e) {
+            logger.warning("Error checking auth token: "+e.toString());
+            return null;
         }
         // must be ok then
-        logger.fine("auth OK! user=" + userId);
-        return userId;
+        logger.fine("auth OK! user=" + user);
+        return user;
     }
 
@@ -212 +224 @@
      * creates Annotator-JSON from an Annotation object.
      * 
-     * @param annot
+     * @param annot annotation object
      * @param forAnonymous
-     *            TODO
-     * @return
+     * @return Annotator-JSON
      */
     public JSONObject createAnnotatorJson(Annotation annot, boolean forAnonymous) {
@@ -577 +588 @@
          * check authentication
          */
-        String authUser = checkAuthToken(entity);
+        Person authUser = getUserFromAuthToken(entity);
         if (authUser == null) {
             /*
@@ -620 +631 @@
         }
         if (username == null) {
-            username = authUser;
+            username = authUser.getName();
         }
         // try to get full name