Support for login as VIPSLogic on behalf of client

7e8d3ace · Tor-Einar Skog · 07cea891 · 7e8d3ace · 7e8d3ace
Commit 7e8d3ace authored 11 years ago by Tor-Einar Skog
--- a/src/main/java/no/bioforsk/vips/coremanager/VIPSCoreManagerApplication.java
+++ b/src/main/java/no/bioforsk/vips/coremanager/VIPSCoreManagerApplication.java
@@ -37,8 +37,8 @@ public class VIPSCoreManagerApplication extends Application
     * given list with all resources defined in the project.
     */
    private void addRestResourceClasses(Set<Class<?>> resources) {
+        resources.add(no.bioforsk.vips.core.service.ModelResource.class);
        resources.add(no.bioforsk.vips.coremanager.service.JsonParseExceptionMapper.class);
-        resources.add(no.bioforsk.vips.coremanager.service.ManagerResource.class);
        resources.add(no.bioforsk.vips.coremanager.service.ManagerResourceImpl.class);
    }
 }
\ No newline at end of file
--- a/src/main/java/no/bioforsk/vips/coremanager/service/ManagerResourceImpl.java
+++ b/src/main/java/no/bioforsk/vips/coremanager/service/ManagerResourceImpl.java
@@ -49,7 +49,8 @@ public class ManagerResourceImpl implements ManagerResource{
    private final String VIPSCORE_URL = "http://localhost:8080/VIPSCore";
    private final Integer VIPS_BATCH_SYSTEM_USER_ID = -10;
+    @Context
+    HttpServletRequest servletRequest;
    private InputStream getStaticFileAsInputStream(ServletContext servletContext, String filePath)
@@ -274,7 +275,7 @@ public class ManagerResourceImpl implements ManagerResource{
            VIPSCoreCredentials credentials = ControllerGetter.getUserController().getVIPSCoreCredentials(request.getLoginInfo());
            if(credentials == null)
            {
-                throw new WebApplicationException(Response.status(Response.Status.UNAUTHORIZED).entity("Ikke godtatt!").build());
+                throw new WebApplicationException(Response.status(Response.Status.UNAUTHORIZED).entity("Credentials not accepted").build());
            }
            // We get the user
@@ -283,9 +284,21 @@ public class ManagerResourceImpl implements ManagerResource{
            // to find which user the batch system operates on behalf of ("batchSystemClientId")
            if(user.getVipsCoreUserId().equals(VIPS_BATCH_SYSTEM_USER_ID))
            {
-                // TODO: Check IP of caller to be sure that this is not someone
+                String[] allowedIPS = System.getProperty("no.bioforsk.vips.core.VIPSBATCH_ALLOWED_IPS").split(",");
-                // who has hijacked the credentials for the batch system??
+                String remoteIP = servletRequest.getRemoteAddr();
-                user = ControllerGetter.getUserController().getVipsCoreUser(request.getBatchSystemClientId());
+                boolean isIPValid = false;
+                for(String allowedIP:allowedIPS)
+                {
+                    if(allowedIP.equals(remoteIP))
+                    {
+                        isIPValid = true;
+                    }
+                }
+                if(!isIPValid)
+                {
+                    throw new WebApplicationException(Response.status(Response.Status.UNAUTHORIZED).entity("Invalid IP address").build());
+                }
+                user = ControllerGetter.getUserController().getVipsCoreUser(request.getVipsCoreUserId());
            }
            ModelUsageLog log = new ModelUsageLog();