@Service public class GbifAuthServiceImpl extends Object implements GbifAuthService
The header starts with the authentication scheme (GBIF), followed by the plain applicationKey
(the public key) and a unique signature for the very request which is generated using a fixed set
of request attributes which are then encrypted by a standard HMAC-SHA1 algorithm.
A POST request with a GBIF header would look like this:
POST /dataset HTTP/1.1 Host: api.gbif.org Date: Mon, 26 Mar 2007 19:37:58 +0000 x-gbif-user: trobertson Content-MD5: LiFThEP4Pj2TODQXa/oFPg== Authorization: GBIF gbif.portal:frJIUN8DYpKDtOLCwo//yllqDzg=
When signing an HTTP request in addition to the Authorization header some additional custom
headers are added which are used to sign and digest the message.
x-gbif-user is added to
transport a proxied user in which the application is acting.
Content-MD5 is added if a body
entity exists. See Content-MD5 header specs: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.15
Constructor and Description |
---|
GbifAuthServiceImpl(SigningService signingService,
Md5EncodeService md5EncodeService,
AppKeyProvider appKeyProvider) |
Modifier and Type | Method and Description |
---|---|
boolean |
isValidRequest(GbifHttpServletRequestWrapper request) |
GbifHttpServletRequestWrapper |
signRequest(String username,
GbifHttpServletRequestWrapper request)
Signs a request by adding a Content-MD5 and Authorization header.
|
public GbifAuthServiceImpl(SigningService signingService, Md5EncodeService md5EncodeService, @Autowired(required=false) AppKeyProvider appKeyProvider)
public boolean isValidRequest(GbifHttpServletRequestWrapper request)
isValidRequest
in interface GbifAuthService
public GbifHttpServletRequestWrapper signRequest(String username, GbifHttpServletRequestWrapper request)
Other formats than JSON are not supported currently !!!
signRequest
in interface GbifAuthService
Copyright © 2024 Global Biodiversity Information Facility (GBIF). All rights reserved.