Ignore:
Timestamp:
Mar 12, 2012, 12:16:52 PM (11 years ago)
Author:
work@…
Message:
  • adding support for programmatic logins using the 'hello' method in the restController over http basic authentication.
  • e.g. /rest/hello?consumer=myConsumerId
File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/grails-app/controllers/RestController.groovy

    r2095 r2180  
    2222import nl.metabolomicscentre.dsp.http.BasicAuthentication
    2323import dbnp.rest.common.CommunicationManager
    24 import org.springframework.security.core.context.SecurityContextHolder;
     24import org.springframework.security.core.context.SecurityContextHolder
     25import grails.plugins.springsecurity.Secured;
    2526
    2627class RestController {
     
    3435        def credentials
    3536        def requestUser
     37
     38        @Secured(['ROLE_CLIENT'])
     39        def hello = {
     40                // client was authorized over basic http authentication
     41                // (also see spring security section in Config.groovy)
     42                // for now just return the token to authenticate with
     43
     44                // got a consumer?
     45                if (!params.containsKey('consumer')) {
     46                        // no
     47                        response.status = 400;
     48
     49                        def result = ['error':"Consumer required"]
     50
     51                        if (params.containsKey('callback')) {
     52                                render "${params.callback}(${result as JSON})"
     53                        } else {
     54                                render result as JSON
     55                        }
     56                } else {
     57                        // yes
     58                        // create a random session token that will be used to allow to module to
     59                        // sync with gscf prior to presenting the measurement data
     60                        def sessionToken = UUID.randomUUID().toString()
     61
     62                        def result = ['token': sessionToken]
     63
     64                        // put the session token to work
     65                        authenticationService.logInRemotely( params.get('consumer'), sessionToken, authenticationService.getLoggedInUser())
     66
     67                        response.status = 200;
     68                        if (params.containsKey('callback')) {
     69                                render "${params.callback}(${result as JSON})"
     70                        } else {
     71                                render result as JSON
     72                        }
     73                }
     74        }
    3675
    3776        /**
     
    109148         *
    110149         * If one study is requested, a 404 error might occur if the study doesn't exist, and a 401 error if the user is not
    111          * authorized to access this study. If multiple studies are requrested, non-existing studies or studies for which the
     150         * authorized to access this study. If multiple studies are requested, non-existing studies or studies for which the
    112151         * user is not authorized are not returned in the list (so the list might be empty).
    113152         *
Note: See TracChangeset for help on using the changeset viewer.