From 7e8d3ace1229c6910f1efe28e56e74494cfd88dd Mon Sep 17 00:00:00 2001 From: Tor-Einar Skog <tor-einar.skog@bioforsk.no> Date: Fri, 3 Jan 2014 16:00:28 +0100 Subject: [PATCH] Support for login as VIPSLogic on behalf of client --- .../VIPSCoreManagerApplication.java | 2 +- .../service/ManagerResourceImpl.java | 23 +++++++++++++++---- 2 files changed, 19 insertions(+), 6 deletions(-) diff --git a/src/main/java/no/bioforsk/vips/coremanager/VIPSCoreManagerApplication.java b/src/main/java/no/bioforsk/vips/coremanager/VIPSCoreManagerApplication.java index 5defcfb..265a7cf 100644 --- a/src/main/java/no/bioforsk/vips/coremanager/VIPSCoreManagerApplication.java +++ b/src/main/java/no/bioforsk/vips/coremanager/VIPSCoreManagerApplication.java @@ -37,8 +37,8 @@ public class VIPSCoreManagerApplication extends Application * given list with all resources defined in the project. */ private void addRestResourceClasses(Set<Class<?>> resources) { + resources.add(no.bioforsk.vips.core.service.ModelResource.class); resources.add(no.bioforsk.vips.coremanager.service.JsonParseExceptionMapper.class); - resources.add(no.bioforsk.vips.coremanager.service.ManagerResource.class); resources.add(no.bioforsk.vips.coremanager.service.ManagerResourceImpl.class); } } \ No newline at end of file diff --git a/src/main/java/no/bioforsk/vips/coremanager/service/ManagerResourceImpl.java b/src/main/java/no/bioforsk/vips/coremanager/service/ManagerResourceImpl.java index cbe742c..62fd04d 100644 --- a/src/main/java/no/bioforsk/vips/coremanager/service/ManagerResourceImpl.java +++ b/src/main/java/no/bioforsk/vips/coremanager/service/ManagerResourceImpl.java @@ -49,7 +49,8 @@ public class ManagerResourceImpl implements ManagerResource{ private final String VIPSCORE_URL = "http://localhost:8080/VIPSCore"; private final Integer VIPS_BATCH_SYSTEM_USER_ID = -10; - + @Context + HttpServletRequest servletRequest; private InputStream getStaticFileAsInputStream(ServletContext servletContext, String filePath) @@ -274,7 +275,7 @@ public class ManagerResourceImpl implements ManagerResource{ VIPSCoreCredentials credentials = ControllerGetter.getUserController().getVIPSCoreCredentials(request.getLoginInfo()); if(credentials == null) { - throw new WebApplicationException(Response.status(Response.Status.UNAUTHORIZED).entity("Ikke godtatt!").build()); + throw new WebApplicationException(Response.status(Response.Status.UNAUTHORIZED).entity("Credentials not accepted").build()); } // We get the user @@ -283,9 +284,21 @@ public class ManagerResourceImpl implements ManagerResource{ // to find which user the batch system operates on behalf of ("batchSystemClientId") if(user.getVipsCoreUserId().equals(VIPS_BATCH_SYSTEM_USER_ID)) { - // TODO: Check IP of caller to be sure that this is not someone - // who has hijacked the credentials for the batch system?? - user = ControllerGetter.getUserController().getVipsCoreUser(request.getBatchSystemClientId()); + String[] allowedIPS = System.getProperty("no.bioforsk.vips.core.VIPSBATCH_ALLOWED_IPS").split(","); + String remoteIP = servletRequest.getRemoteAddr(); + boolean isIPValid = false; + for(String allowedIP:allowedIPS) + { + if(allowedIP.equals(remoteIP)) + { + isIPValid = true; + } + } + if(!isIPValid) + { + throw new WebApplicationException(Response.status(Response.Status.UNAUTHORIZED).entity("Invalid IP address").build()); + } + user = ControllerGetter.getUserController().getVipsCoreUser(request.getVipsCoreUserId()); } ModelUsageLog log = new ModelUsageLog(); -- GitLab