Example 1 with TokenVerification
use of org.jbei.ice.lib.access.TokenVerification in project ice by JBEI.
the class RestResource method getUserId.
/**
* Extract the User ID from a query parameter value or header values in the resource request.
*/
protected String getUserId(String sessionId) {
if (StringUtils.isEmpty(sessionId) && !StringUtils.isEmpty(querySessionId))
sessionId = querySessionId;
String userId = UserSessions.getUserIdBySession(sessionId);
if (!StringUtils.isEmpty(userId))
return userId;
// check api key
if (!StringUtils.isEmpty(apiToken)) {
String clientId = !StringUtils.isEmpty(apiClientId) ? apiClientId : request.getRemoteHost();
try {
TokenVerification tokenVerification = new TokenVerification();
userId = tokenVerification.verifyAPIKey(apiToken, clientId, apiUser);
} catch (PermissionException pe) {
throw new WebApplicationException(Response.Status.UNAUTHORIZED);
}
// being a bit generous in terms of allowing other auth methods to be attempted even though apiToken is set
if (userId != null)
return userId;
}
// check hmac signature
final Object hmac = request.getAttribute(AuthenticationInterceptor.HMAC_SIGNATURE);
final Object valid = request.getAttribute(AuthenticationInterceptor.EXPECTED_SIGNATURE);
if (hmac != null && hmac instanceof HmacSignature) {
final HmacSignature generated = (HmacSignature) hmac;
if (generated.generateSignature().equals(valid)) {
// TODO validation of meaningful userId
// e.g. "admin" account on EDD won't mean anything to ICE
userId = generated.getUserId();
}
}
return userId;
}
Also used :
PermissionException(org.jbei.ice.lib.access.PermissionException)
WebApplicationException(javax.ws.rs.WebApplicationException)
HmacSignature(org.jbei.auth.hmac.HmacSignature)
TokenVerification(org.jbei.ice.lib.access.TokenVerification)
Example 2 with TokenVerification
use of org.jbei.ice.lib.access.TokenVerification in project ice by JBEI.
the class RestResource method getWebPartner.
protected RegistryPartner getWebPartner() {
String clientId = !StringUtils.isEmpty(apiClientId) ? apiClientId : request.getRemoteHost();
TokenVerification tokenVerification = new TokenVerification();
return tokenVerification.verifyPartnerToken(clientId, worPartnerToken);
}
Also used :
TokenVerification(org.jbei.ice.lib.access.TokenVerification)
Example 3 with TokenVerification
use of org.jbei.ice.lib.access.TokenVerification in project ice by JBEI.
the class WebPartnersTest method createRemoteContact.
private RemoteContact createRemoteContact() {
return new RemoteContact() {
public RegistryPartner refreshPartnerKey(RegistryPartner partner, String url, String worToken) {
TokenVerification tokenVerification = new TokenVerification();
Assert.assertNotNull(tokenVerification.verifyPartnerToken(partner.getUrl(), worToken));
return otherPartner.updateRemoteAPIKey(partner.getUrl(), partner);
}
public RegistryPartner contactPotentialPartner(RegistryPartner partner, String url) {
AccessTokens.setToken(partner.getUrl(), partner.getApiKey());
return otherPartner.processRemoteWebPartnerAdd(partner);
}
public boolean apiKeyValidates(String myURL, RegistryPartner registryPartner) {
RegistryPartner partner = otherPartner.get(registryPartner.getApiKey(), registryPartner.getUrl());
return partner != null;
}
};
}
Also used :
RegistryPartner(org.jbei.ice.lib.dto.web.RegistryPartner)
TokenVerification(org.jbei.ice.lib.access.TokenVerification)
Aggregations
TokenVerification (org.jbei.ice.lib.access.TokenVerification)3
WebApplicationException (javax.ws.rs.WebApplicationException)1
HmacSignature (org.jbei.auth.hmac.HmacSignature)1
PermissionException (org.jbei.ice.lib.access.PermissionException)1
RegistryPartner (org.jbei.ice.lib.dto.web.RegistryPartner)1
