Author: kwright
Date: Mon Mar 30 23:45:52 2015
New Revision: 1670222
URL: http://svn.apache.org/r1670222
Log:
Add authentication to the REST API.
Modified:
manifoldcf/branches/CONNECTORS-1177/framework/api-servlet/src/main/java/org/apache/manifoldcf/apiservlet/APIServlet.java
Modified:
manifoldcf/branches/CONNECTORS-1177/framework/api-servlet/src/main/java/org/apache/manifoldcf/apiservlet/APIServlet.java
URL:
http://svn.apache.org/viewvc/manifoldcf/branches/CONNECTORS-1177/framework/api-servlet/src/main/java/org/apache/manifoldcf/apiservlet/APIServlet.java?rev=1670222&r1=1670221&r2=1670222&view=diff
==============================================================================
---
manifoldcf/branches/CONNECTORS-1177/framework/api-servlet/src/main/java/org/apache/manifoldcf/apiservlet/APIServlet.java
(original)
+++
manifoldcf/branches/CONNECTORS-1177/framework/api-servlet/src/main/java/org/apache/manifoldcf/apiservlet/APIServlet.java
Mon Mar 30 23:45:52 2015
@@ -24,6 +24,9 @@ import org.apache.manifoldcf.crawler.int
import org.apache.manifoldcf.crawler.system.ManifoldCF;
import org.apache.manifoldcf.crawler.system.Logging;
import org.apache.manifoldcf.core.util.URLDecoder;
+
+import org.apache.manifoldcf.ui.beans.AdminProfile;
+
import java.io.*;
import java.nio.charset.StandardCharsets;
import java.util.*;
@@ -74,6 +77,22 @@ public class APIServlet extends HttpServ
return;
}
+ // Verify session
+ Object x = request.getSession().getAttribute("adminprofile");
+ if (x == null || !(x instanceof AdminProfile))
+ {
+ // Not logged in
+ response.sendError(response.SC_UNAUTHORIZED);
+ return;
+ }
+ AdminProfile ap = (AdminProfile)x;
+ if (!ap.getLoggedOn())
+ {
+ // Login exists but failed
+ response.sendError(response.SC_FORBIDDEN);
+ return;
+ }
+
// Perform the get
executeRead(tc,response,pathInfo,queryString);
}
@@ -104,6 +123,22 @@ public class APIServlet extends HttpServ
return;
}
+ // Verify session
+ Object x = request.getSession().getAttribute("adminprofile");
+ if (x == null || !(x instanceof AdminProfile))
+ {
+ // Not logged in
+ response.sendError(response.SC_UNAUTHORIZED);
+ return;
+ }
+ AdminProfile ap = (AdminProfile)x;
+ if (!ap.getLoggedOn())
+ {
+ // Login exists but failed
+ response.sendError(response.SC_FORBIDDEN);
+ return;
+ }
+
// Get the content being 'put'
InputStream content = request.getInputStream();
try
@@ -144,6 +179,46 @@ public class APIServlet extends HttpServ
return;
}
+ // Check for login
+ if (pathInfo.equals("LOGIN"))
+ {
+ // Pick up user and password post parameters
+ String userID = request.getParameter("userID");
+ String password = request.getParameter("password");
+ if (userID == null)
+ userID = "";
+ if (password == null)
+ password = "";
+
+ AdminProfile ap = new AdminProfile();
+ request.getSession().setAttribute("adminprofile",ap);
+ ap.login(tc,userID,password);
+ if (!ap.getLoggedOn())
+ {
+ response.sendError(response.SC_UNAUTHORIZED);
+ return;
+ }
+ else
+ {
+ return;
+ }
+ }
+
+ // Verify session
+ Object x = request.getSession().getAttribute("adminprofile");
+ if (x == null || !(x instanceof AdminProfile))
+ {
+ response.sendError(response.SC_UNAUTHORIZED);
+ return;
+ }
+ AdminProfile ap = (AdminProfile)x;
+ if (!ap.getLoggedOn())
+ {
+ // Login exists but failed
+ response.sendError(response.SC_FORBIDDEN);
+ return;
+ }
+
// Get the content being posted
InputStream content = request.getInputStream();
try
@@ -184,6 +259,22 @@ public class APIServlet extends HttpServ
return;
}
+ // Verify session
+ Object x = request.getSession().getAttribute("adminprofile");
+ if (x == null || !(x instanceof AdminProfile))
+ {
+ // Not logged in
+ response.sendError(response.SC_UNAUTHORIZED);
+ return;
+ }
+ AdminProfile ap = (AdminProfile)x;
+ if (!ap.getLoggedOn())
+ {
+ // Login exists but failed
+ response.sendError(response.SC_FORBIDDEN);
+ return;
+ }
+
// Perform the deletion
executeDelete(tc,response,pathInfo);
