Revision 57671
Added by Konstantina Galouni over 4 years ago
AuthorizationHandler.java | ||
---|---|---|
19 | 19 |
helper.setUserInfoUrl(userInfoUrl); |
20 | 20 |
this.allowedPostRequests = allowedPostRequests; |
21 | 21 |
} |
22 |
@Override |
|
23 |
public boolean preHandle( |
|
24 |
HttpServletRequest request, |
|
25 |
HttpServletResponse response, |
|
26 |
Object handler) throws Exception { |
|
27 |
// log.debug("request method " + request.getRemoteHost()); |
|
28 |
log.debug("properties: " + helper.getOriginServer() + " "+ helper.getUserInfoUrl()); |
|
29 |
log.debug(allowedPostRequests); |
|
30 |
log.debug(allowedPostRequests.contains(request.getServletPath())); |
|
31 |
log.debug(request.getServletPath()); |
|
32 |
if((request.getMethod().equals("POST") || request.getMethod().equals("DELETE")) && |
|
33 |
!allowedPostRequests.contains(request.getServletPath())) { |
|
34 |
//TODO check domain & check user info |
|
35 |
if(!this.helper.checkCookies(request) || !helper.isAuthorized(helper.getToken(request))){ |
|
22 |
// Comment this method ONLY FOR TEST |
|
23 |
// @Override |
|
24 |
// public boolean preHandle( |
|
25 |
// HttpServletRequest request, |
|
26 |
// HttpServletResponse response, |
|
27 |
// Object handler) throws Exception { |
|
28 |
//// log.debug("request method " + request.getRemoteHost()); |
|
29 |
// log.debug("properties: " + helper.getOriginServer() + " "+ helper.getUserInfoUrl()); |
|
30 |
// log.debug(allowedPostRequests); |
|
31 |
// log.debug(allowedPostRequests.contains(request.getServletPath())); |
|
32 |
// log.debug(request.getServletPath()); |
|
33 |
// if((request.getMethod().equals("POST") || request.getMethod().equals("DELETE")) && |
|
34 |
// !allowedPostRequests.contains(request.getServletPath())) { |
|
35 |
// //TODO check domain & check user info |
|
36 |
// if(!this.helper.checkCookies(request) || !helper.isAuthorized(helper.getToken(request))){ |
|
37 |
// |
|
38 |
// response.setHeader("Access-Control-Allow-Credentials","true"); |
|
39 |
// response.setHeader("Access-Control-Allow-Origin","*"); |
|
40 |
// response.setHeader("Vary","Origin"); |
|
41 |
// |
|
42 |
// response.setStatus(403); |
|
43 |
// response.sendError(403, "Forbidden: You don't have permission to access. Maybe you are not registered."); |
|
44 |
// return false; |
|
45 |
// } |
|
46 |
// |
|
47 |
// } |
|
48 |
// return true; |
|
49 |
// } |
|
36 | 50 |
|
37 |
response.setHeader("Access-Control-Allow-Credentials","true"); |
|
38 |
response.setHeader("Access-Control-Allow-Origin","*"); |
|
39 |
response.setHeader("Vary","Origin"); |
|
40 | 51 |
|
41 |
response.setStatus(403); |
|
42 |
response.sendError(403, "Forbidden: You don't have permission to access. Maybe you are not registered."); |
|
43 |
return false; |
|
44 |
} |
|
45 |
|
|
46 |
} |
|
47 |
return true; |
|
48 |
} |
|
49 |
|
|
50 |
|
|
51 | 52 |
// @Override |
52 | 53 |
// public void postHandle( |
53 | 54 |
// HttpServletRequest request, |
Also available in: Unified diff
1. Schema changes: Move each entity on its own collection - each entity keeps ids for its sub-entities.
2. New controllers for each entity: TopicController.java, CategoryController.java, SubCategoryController.java, IndicatorController.java.
3. New DAOs for each entity: TopicDAO.java, MongoDBTopicDAO.java, CategoryDAO.java, MongoDBCategoryDAO.java, SubCategoryDAO.java, MongoDBSubCategoryDAO.java.
4. New custom Exceptions: EntityNotFoundException.java, PathNotValidException.java.
5. ExceptionsHandler.java: Handle new EntityNotFoundException (id not in db) and PathNotValidException (id exists in db but not in path given).