@Override
  protected int beforeHandle(Request request, Response response) {
    Cookie cookie = request.getCookies().getFirst("Credentials");

    if (cookie != null) {
      // Extract the challenge response from the cookie
      String[] credentials = cookie.getValue().split("=");

      if (credentials.length == 2) {
        String identifier = credentials[0];
        String secret = credentials[1];
        request.setChallengeResponse(
            new ChallengeResponse(ChallengeScheme.HTTP_COOKIE, identifier, secret));
      }
    } else if (Method.POST.equals(request.getMethod())
        && request.getResourceRef().getQueryAsForm().getFirst("login") != null) {
      // Intercepting a login form
      Form credentials = new Form(request.getEntity());
      String identifier = credentials.getFirstValue("identifier");
      String secret = credentials.getFirstValue("secret");
      request.setChallengeResponse(
          new ChallengeResponse(ChallengeScheme.HTTP_COOKIE, identifier, secret));

      // Continue call processing to return the target representation if
      // authentication is successful or a new login page
      request.setMethod(Method.GET);
    }

    return super.beforeHandle(request, response);
  }
 public void testCookies() throws IOException {
   final Request request = createGetRequest("cookies/cookieName");
   request.getCookies().add(new Cookie("cookieName", "cookie-value"));
   final Response response = accessServer(request);
   assertEquals(Status.SUCCESS_OK, response.getStatus());
   assertEquals("cookieName=cookie-value", response.getEntity().getText());
 }
  @Override
  protected void afterHandle(Request request, Response response) {
    super.afterHandle(request, response);
    Cookie cookie = request.getCookies().getFirst("Credentials");

    if (request.getClientInfo().isAuthenticated() && (cookie == null)) {
      String identifier = request.getChallengeResponse().getIdentifier();
      String secret = new String(request.getChallengeResponse().getSecret());
      CookieSetting cookieSetting = new CookieSetting("Credentials", identifier + "=" + secret);
      cookieSetting.setAccessRestricted(true);
      cookieSetting.setPath("/");
      cookieSetting.setComment("Unsecured cookie based authentication");
      cookieSetting.setMaxAge(30);
      response.getCookieSettings().add(cookieSetting);
    }
  }
 private String extractTokenFromRequest(Request request) {
   String token = null;
   if (request != null) {
     log.debug(request);
     if (request.getResourceRef() != null && request.getResourceRef().getQueryAsForm() != null) {
       token = request.getResourceRef().getQueryAsForm().getFirstValue("token");
       log.trace("Found token from query string: " + token);
     } else {
       log.info("ResourceRef is null");
     }
     for (Cookie cookie : request.getCookies()) {
       log.trace(cookie.getName() + " - " + cookie.getValue());
       if (RestAuthenticationService.ES_DMS_TICKET.equals(cookie.getName())) {
         token = cookie.getValue();
         log.trace("Found token from cookie: " + token);
         break;
       }
     }
   }
   return token;
 }
Esempio n. 5
0
  /**
   * ShareResource
   *
   * @param context
   * @param request
   * @param response
   * @throws UnsupportedEncodingException
   */
  @Override
  public void doInit() {
    Request request = this.getRequest();

    Map<String, Object> attributes = request.getAttributes();
    urlStr = request.getResourceRef().toString();

    // Every user must pass in their cookies
    cookie = request.getCookies().getFirstValue("infinitecookie", true);

    // Method.POST
    if (request.getMethod() == Method.POST) {
      if (RESTTools.decodeRESTParam("id", attributes) != null)
        id = RESTTools.decodeRESTParam("id", attributes);
      if (RESTTools.decodeRESTParam("type", attributes) != null)
        type = RESTTools.decodeRESTParam("type", attributes);
      if (RESTTools.decodeRESTParam("title", attributes) != null)
        title = RESTTools.decodeRESTParam("title", attributes);
      if (RESTTools.decodeRESTParam("description", attributes) != null)
        description = RESTTools.decodeRESTParam("description", attributes);
    }

    // Method.GET
    if (request.getMethod() == Method.GET) {
      // Method.GET
      Map<String, String> queryOptions = this.getQuery().getValuesMap();

      // Query String Values
      if (queryOptions.get("id") != null) id = queryOptions.get("id");
      if (queryOptions.get("skip") != null) skip = queryOptions.get("skip");
      if (queryOptions.get("limit") != null) limit = queryOptions.get("limit");
      if (queryOptions.get("searchby") != null) searchby = queryOptions.get("searchby");
      if (queryOptions.get("json") != null) json = queryOptions.get("json");
      if (queryOptions.get("type") != null) type = queryOptions.get("type");
      if ((queryOptions.get("ignoreAdmin") != null)
          && (queryOptions.get("ignoreAdmin").equalsIgnoreCase("true"))) {
        ignoreAdmin = true;
      }
      if ((queryOptions.get("nocontent") != null)
          && (queryOptions.get("nocontent").equalsIgnoreCase("true"))) {
        returnContent = false;
      }
      if ((queryOptions.get("nometa") != null)
          && (queryOptions.get("nometa").equalsIgnoreCase("true"))) {
        jsonOnly = true;
      }

      // Get Share by ID
      if (urlStr.contains("/share/get/")) {
        shareId = RESTTools.decodeRESTParam("id", attributes);
        action = "getShare";
      }

      // Search Shares by Owner, Community, Type
      else if (urlStr.contains("/share/search")) {
        action = "searchShares";
      }

      // Save a JSON share object to the DB
      // /social/share/save/json/{id}/{type}/{title}/{description}/?json={...}
      else if (urlStr.contains("/share/save/json/")
          || urlStr.contains("/share/add/json/")
          || urlStr.contains("/share/update/json/")) {
        if (RESTTools.decodeRESTParam("id", attributes) != null)
          id = RESTTools.decodeRESTParam("id", attributes);
        type = RESTTools.decodeRESTParam("type", attributes);
        title = RESTTools.decodeRESTParam("title", attributes);
        description = RESTTools.decodeRESTParam("description", attributes);
        // Use URLDecoder on the json string
        try {
          json = URLDecoder.decode(json, "UTF-8");
          action = "saveJson";
        } catch (UnsupportedEncodingException e) {
          // TODO can't throw exceptions
          // set to failed so it doesn't run
          // throw e;
          action = "failed";
        }

      } else if (urlStr.contains("/share/add/binary/")) {
        action = "addBinaryGET";
      } else if (urlStr.contains("/share/update/binary/")) {
        action = "updateBinaryGET";
      }

      // Add a Ref (Pointer to a record within a collection)
      else if (urlStr.contains("/share/add/ref/")) {
        type = RESTTools.decodeRESTParam("type", attributes);
        documentId = RESTTools.decodeRESTParam("documentid", attributes);
        title = RESTTools.decodeRESTParam("title", attributes);
        description = RESTTools.decodeRESTParam("description", attributes);
        action = "addRef";
      }

      // Add a Ref (Pointer to a record within a collection)
      else if (urlStr.contains("/share/update/ref/")) {
        id = RESTTools.decodeRESTParam("id", attributes);
        type = RESTTools.decodeRESTParam("type", attributes);
        documentId = RESTTools.decodeRESTParam("documentid", attributes);
        title = RESTTools.decodeRESTParam("title", attributes);
        description = RESTTools.decodeRESTParam("description", attributes);
        action = "updateRef";
      }

      // Share - Remove a community from a share
      else if (urlStr.contains("/share/remove/community/")) {
        shareId = RESTTools.decodeRESTParam("shareid", attributes);
        communityId = RESTTools.decodeRESTParam("communityid", attributes);
        action = "removeCommunity";
      }

      // Remove share
      else if (urlStr.contains("/share/remove/")) {
        shareId = RESTTools.decodeRESTParam("shareid", attributes);
        action = "removeShare";
      }

      // Endorse share
      else if (urlStr.contains("/share/endorse/")) {
        shareId = RESTTools.decodeRESTParam("shareid", attributes);
        communityId = RESTTools.decodeRESTParam("communityid", attributes);
        isEndorsed = Boolean.parseBoolean(RESTTools.decodeRESTParam("isendorsed", attributes));
        action = "endorseShare";
      }

      // Share - Add a community so that members can view the share
      else if (urlStr.contains("/share/add/community/")) {
        shareId = RESTTools.decodeRESTParam("shareid", attributes);
        communityId = RESTTools.decodeRESTParam("communityid", attributes);
        comment = RESTTools.decodeRESTParam("comment", attributes);
        action = "addCommunity";
      }
    }
  }