security token management

app/mobile-war/src/main/java/com/silverpeas/bridge/MobilFilter.java

@@ -11,6 +11,7 @@
 import javax.servlet.*;
 import javax.servlet.Filter;
 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletRequestWrapper;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 

app/mobile-war/src/main/java/com/silverpeas/mobile/client/apps/documents/pages/PublicationPage.java

@@ -127,8 +127,8 @@ protected void showContent(ClickEvent event) {
     int available = Window.getClientHeight() - SpMobil.mainPage.getHeaderHeight();
 
     // display content
-    String url = UrlUtils.getLocation();
-    url += "/PublicationContent";
+    String url = UrlUtils.getServicesLocation();
+    url += "PublicationContent";
     url += "?id=" + publication.getId();
     IframePage page = new IframePage(url);
     page.setSize("100%", available + "px");

app/mobile-war/src/main/java/com/silverpeas/mobile/client/apps/documents/pages/widgets/Attachment.java

@@ -98,8 +98,8 @@ private void render() {
 
     private void clickAction() {
         try {
-            String url = UrlUtils.getLocation();
-            url += "/Attachment";
+            String url = UrlUtils.getServicesLocation();
+            url += "Attachment";
             url = url + "?id=" + attachement.getId() + "&lang=" + attachement.getLang();
             link.setHref(url);
             link.setTarget("_self");

app/mobile-war/src/main/java/com/silverpeas/mobile/client/apps/media/pages/PhotoPage.java

@@ -172,8 +172,8 @@ void download(ClickEvent event) {
       if (!clicked) {
         clicked = true;
         try {
-          String url = UrlUtils.getLocation();
-          url += "spmobil/MediaAction";
+          String url = UrlUtils.getServicesLocation();
+          url += "MediaAction";
           url += "?action=view" + "&id=" + photo.getId() + "&instanceId=" + photo.getInstance();
           download.setHref(url);
           download.setTarget("_self");

app/mobile-war/src/main/java/com/silverpeas/mobile/client/apps/media/pages/SoundPage.java

@@ -85,8 +85,8 @@ public void onMediaPreviewLoaded(final MediaPreviewLoadedEvent event) {
       mediaPreview.setSrc(resources.sound().getSafeUri().asString());
       SoundDTO sound = (SoundDTO) event.getPreview();
       this.sound = sound;
-      String url = UrlUtils.getLocation();
-      url += "/SoundAction";
+      String url = UrlUtils.getServicesLocation();
+      url += "SoundAction";
       url = url + "?id=" + sound.getId();
       player.setSrc(url);
       player.setAutoplay(false);

app/mobile-war/src/main/java/com/silverpeas/mobile/client/apps/media/pages/VideoPage.java

@@ -84,8 +84,8 @@ public void execute() {
   public void onMediaPreviewLoaded(final MediaPreviewLoadedEvent event) {
     if (isVisible()) {
       this.video = (VideoDTO) event.getPreview();
-      String url = UrlUtils.getLocation();
-      url += "/VideoAction?id=" + video.getId();
+      String url = UrlUtils.getServicesLocation();
+      url += "VideoAction?id=" + video.getId();
       url += "&t=" + new Date().getTime();
       player.setSrc(url);
       player.setAutoplay(false);

app/mobile-war/src/main/java/com/silverpeas/mobile/client/apps/media/pages/widgets/AddMediaButton.java

@@ -72,8 +72,8 @@ public void init(String instanceId, String albumId) {
         this.componentId.setValue(instanceId);
         this.albumId.setValue(albumId);
 
-        String url = UrlUtils.getLocation();
-        url +=  "/MediaAction";
+        String url = UrlUtils.getServicesLocation();
+        url +=  "MediaAction";
         upload.setAction(url);
     }
 

app/mobile-war/src/main/java/com/silverpeas/mobile/client/common/ServicesLocator.java

@@ -1,6 +1,7 @@
 package com.silverpeas.mobile.client.common;
 
 import com.google.gwt.core.client.GWT;
+import com.google.gwt.user.client.Window;
 import com.google.gwt.user.client.rpc.ServiceDefTarget;
 import com.silverpeas.mobile.client.common.network.SpMobileRpcRequestBuilder;
 import com.silverpeas.mobile.shared.services.*;
@@ -24,51 +25,69 @@ public class ServicesLocator {
 
     public static ServiceNotificationsAsync getServiceNotifications() {
         ((ServiceDefTarget) serviceNotifications).setRpcRequestBuilder(builder);
+        changeServiceEntryPoint((ServiceDefTarget)serviceNotifications);
         return serviceNotifications;
     }
 
     public static ServiceCommentsAsync getServiceComments() {
         ((ServiceDefTarget) serviceComments).setRpcRequestBuilder(builder);
+        changeServiceEntryPoint((ServiceDefTarget)serviceComments);
         return serviceComments;
     }
 
     public static ServiceSearchAsync getServiceSearch() {
         ((ServiceDefTarget) serviceSearch).setRpcRequestBuilder(builder);
+        changeServiceEntryPoint((ServiceDefTarget)serviceSearch);
         return serviceSearch;
     }
 
     public static ServiceMediaAsync getServiceMedia() {
         ((ServiceDefTarget) serviceMedia).setRpcRequestBuilder(builder);
+        changeServiceEntryPoint((ServiceDefTarget)serviceMedia);
         return serviceMedia;
     }
 
     public static ServiceDocumentsAsync getServiceDocuments() {
         ((ServiceDefTarget) serviceDocuments).setRpcRequestBuilder(builder);
+        changeServiceEntryPoint((ServiceDefTarget)serviceDocuments);
         return serviceDocuments;
     }
 
     public static ServiceRSEAsync getServiceRSE() {
         ((ServiceDefTarget) serviceRSE).setRpcRequestBuilder(builder);
+        changeServiceEntryPoint((ServiceDefTarget)serviceRSE);
         return serviceRSE;
     }
 
     public static ServiceNavigationAsync getServiceNavigation() {
         ((ServiceDefTarget) serviceNavigation).setRpcRequestBuilder(builder);
+        changeServiceEntryPoint((ServiceDefTarget)serviceNavigation);
         return serviceNavigation;
     }
 
     public static ServiceTasksAsync getServiceTasks() {
         ((ServiceDefTarget) serviceTasks).setRpcRequestBuilder(builder);
+        changeServiceEntryPoint((ServiceDefTarget)serviceTasks);
         return serviceTasks;
     }
 
     public static ServiceConnectionAsync getServiceConnection() {
         ((ServiceDefTarget) serviceConnection).setRpcRequestBuilder(builder);
+        changeServiceEntryPoint((ServiceDefTarget)serviceConnection);
         return serviceConnection;
     }
 
     public static ServiceContactAsync getServiceContact() {
         ((ServiceDefTarget) serviceContact).setRpcRequestBuilder(builder);
+        changeServiceEntryPoint((ServiceDefTarget)serviceContact);
         return serviceContact;
     }
+
+    private static void changeServiceEntryPoint(ServiceDefTarget service) {
+        String serviceEntryPoint = service.getServiceEntryPoint();
+        if (!serviceEntryPoint.contains("services")) {
+            serviceEntryPoint = serviceEntryPoint.replace("spmobile", "services/spmobile");
+        }
+        service.setServiceEntryPoint(serviceEntryPoint);
+    }
 }

app/mobile-war/src/main/java/com/silverpeas/mobile/client/common/navigation/UrlUtils.java

@@ -7,9 +7,9 @@
  */
 public class UrlUtils {
 
-  public static String getLocation() {
+  public static String getServicesLocation() {
     String url = Window.Location.getProtocol() + "//" + Window.Location.getHost();
-    url += "/silverpeas/spmobile/";
+    url += "/silverpeas/services/spmobile/";
     return url;
   }
 }

app/mobile-war/src/main/java/com/silverpeas/mobile/client/common/network/SpMobileRpcRequestBuilder.java

@@ -24,6 +24,7 @@ public SpMobileRpcRequestBuilder(int timeout) {
   protected RequestBuilder doCreate(String serviceEntryPoint) {
     RequestBuilder builder = super.doCreate(serviceEntryPoint);
     builder.setTimeoutMillis(this.timeout);
+    builder.setHeader("X-Silverpeas-Session", configuration.getUserToken());
 
     return builder;
   }

app/mobile-war/src/main/java/com/silverpeas/mobile/client/rebind/ConfigurationProvider.java

@@ -3,4 +3,5 @@
 public interface ConfigurationProvider {
 	public String getDESKey();
 	public String getTimeOutRequest();
+	public String getUserToken();
 }

app/mobile-war/src/main/java/com/silverpeas/mobile/rebind/PropertiesGenerator.java

@@ -69,6 +69,14 @@ public String generate(TreeLogger logger, GeneratorContext context, String typeN
             out.outdent();
             out.println("}");
             out.outdent();
+
+            out.println("public String getUserToken() {");
+            out.indent();
+            out.println("return \"" + Configurator.getConfigValue("user.token") + "\";");
+            out.outdent();
+            out.println("}");
+            out.outdent();
+
             out.commit(logger);
         } catch (Throwable t) {
             t.printStackTrace();

app/mobile-war/src/main/java/com/silverpeas/mobile/server/servlets/PublicationContentServlet.java

@@ -51,10 +51,10 @@ protected void processRequest(HttpServletRequest request, HttpServletResponse re
     response.getOutputStream().print("<html>");
     response.getOutputStream().print("<head>");
     response.getOutputStream().print("<meta http-equiv='content-type' content='text/html;charset=UTF-8' />");
-    response.getOutputStream().print("<link rel='stylesheet' href='/silverpeas/spmobile/spmobil/spmobile.css'/>");
-    response.getOutputStream().print("<link rel='stylesheet' href='/silverpeas/spmobile/spmobil/zoom.css'/>");
-    response.getOutputStream().print("<script type='text/javascript' src='/silverpeas/spmobile/spmobil/interact.min.js'></script>");
-    response.getOutputStream().print("<script type='text/javascript' src='/silverpeas/spmobile/spmobil/zoom.js'/></script>");
+    response.getOutputStream().print("<link rel='stylesheet' href='/silverpeas/spmobile/spmobile.css'/>");
+    response.getOutputStream().print("<link rel='stylesheet' href='/silverpeas/spmobile/zoom.css'/>");
+    response.getOutputStream().print("<script type='text/javascript' src='/silverpeas/spmobile/interact.min.js'></script>");
+    response.getOutputStream().print("<script type='text/javascript' src='/silverpeas/spmobile/zoom.js'/></script>");
     response.getOutputStream().print("</head>");
     response.getOutputStream().print("<body style='background-color:grey;padding-top:1em;'>");
 
@@ -87,7 +87,7 @@ protected void processRequest(HttpServletRequest request, HttpServletResponse re
           attachmentId = attachmentId.substring(0, attachmentId.indexOf("/"));
           SimpleDocument attachment = AttachmentServiceProvider.getAttachmentService().searchDocumentById(new SimpleDocumentPK(attachmentId), getUserInSession(request).getUserPreferences().getLanguage());
           String type = attachment.getContentType();
-          String url = getServletContext().getContextPath() + "/spmobil/Attachment";
+          String url = getServletContext().getContextPath() + "/services/spmobile/Attachment";
           url = url + "?id=" + attachmentId + "&instanceId=" + pub.getInstanceId() + "&lang=" + getUserInSession(request).getUserPreferences().getLanguage()  + "&userId=" + getUserInSession(request).getId();
           if (type.equals("audio/mpeg") || type.equals("audio/ogg") || type.equals("audio/wav")) {
             embed.parent().append("<audio controls><source src='"+url+"' type='" + type + "'></audio>");
@@ -160,7 +160,7 @@ private void displayFormView(Writer out, PublicationDetail pub, UserDetail user,
         String url = link.attr("href");
         String attachmentId = url.substring(url.indexOf("attachmentId/") + "attachmentId/".length());
         attachmentId = attachmentId.substring(0, attachmentId.indexOf("/"));
-        url = getServletContext().getContextPath() + "/spmobil/Attachment";
+        url = getServletContext().getContextPath() + "/services/spmobile/Attachment";
         url = url + "?id=" + attachmentId + "&instanceId=" + pub.getInstanceId() + "&lang=" + user.getUserPreferences().getLanguage()  + "&userId=" + user.getId();
         link.attr("href", url);
         link.attr("target", "_self");

app/mobile-war/src/main/resources/website.properties

@@ -1,6 +1,9 @@
 des.key=LagTegshyeecnoc^
 timeout.request=10000
 
+#if empty you must disable token security
+user.token=a1ef077be897409484ef5b1d956ba4cd
+
 log.module.name=root
 
 protocol=http

app/mobile-war/src/main/webapp/WEB-INF/web.xml

@@ -29,7 +29,7 @@
   </servlet>
   <servlet-mapping>
     <servlet-name>serviceNewsImpl</servlet-name>
-    <url-pattern>/spmobile/News</url-pattern>
+    <url-pattern>/services/spmobile/News</url-pattern>
   </servlet-mapping>
 
   <servlet>
@@ -38,7 +38,7 @@
   </servlet>
   <servlet-mapping>
     <servlet-name>serviceTasksImpl</servlet-name>
-    <url-pattern>/spmobile/Tasks</url-pattern>
+    <url-pattern>/services/spmobile/Tasks</url-pattern>
   </servlet-mapping>
 
   <servlet>
@@ -47,7 +47,7 @@
   </servlet>
   <servlet-mapping>
     <servlet-name>serviceSearchImpl</servlet-name>
-    <url-pattern>/spmobile/Search</url-pattern>
+    <url-pattern>/services/spmobile/Search</url-pattern>
   </servlet-mapping>
 
   <servlet>
@@ -56,7 +56,7 @@
   </servlet>
   <servlet-mapping>
     <servlet-name>serviceRSEImpl</servlet-name>
-    <url-pattern>/spmobile/RSE</url-pattern>
+    <url-pattern>/services/spmobile/RSE</url-pattern>
   </servlet-mapping>
 
   <servlet>
@@ -65,7 +65,7 @@
   </servlet>
   <servlet-mapping>
     <servlet-name>serviceNavigationImpl</servlet-name>
-    <url-pattern>/spmobile/Navigation</url-pattern>
+    <url-pattern>/services/spmobile/Navigation</url-pattern>
   </servlet-mapping>
 
   <servlet>
@@ -74,7 +74,7 @@
   </servlet>
   <servlet-mapping>
     <servlet-name>serviceMediaImpl</servlet-name>
-    <url-pattern>/spmobile/Media</url-pattern>
+    <url-pattern>/services/spmobile/Media</url-pattern>
   </servlet-mapping>
 
   <servlet>
@@ -83,7 +83,7 @@
   </servlet>
   <servlet-mapping>
     <servlet-name>serviceDocumentsImpl</servlet-name>
-    <url-pattern>/spmobile/Documents</url-pattern>
+    <url-pattern>/services/spmobile/Documents</url-pattern>
   </servlet-mapping>
 
   <servlet>
@@ -92,7 +92,7 @@
   </servlet>
   <servlet-mapping>
     <servlet-name>serviceCommentsImpl</servlet-name>
-    <url-pattern>/spmobile/Comments</url-pattern>
+    <url-pattern>/services/spmobile/Comments</url-pattern>
   </servlet-mapping>
 
   <servlet>
@@ -101,7 +101,7 @@
   </servlet>
   <servlet-mapping>
     <servlet-name>serviceConnectionImpl</servlet-name>
-    <url-pattern>/spmobile/Connection</url-pattern>
+    <url-pattern>/services/spmobile/Connection</url-pattern>
   </servlet-mapping>
 
   <servlet>
@@ -110,7 +110,7 @@
   </servlet>
   <servlet-mapping>
     <servlet-name>serviceContactImpl</servlet-name>
-    <url-pattern>/spmobile/Contact</url-pattern>
+    <url-pattern>/services/spmobile/Contact</url-pattern>
   </servlet-mapping>
 
   <servlet>
@@ -119,7 +119,7 @@
   </servlet>
   <servlet-mapping>
     <servlet-name>serviceDashboardImpl</servlet-name>
-    <url-pattern>/spmobile/Dashboard</url-pattern>
+    <url-pattern>/services/spmobile/Dashboard</url-pattern>
   </servlet-mapping>
 
   <servlet>
@@ -128,7 +128,7 @@
   </servlet>
   <servlet-mapping>
     <servlet-name>serviceAlmanachImpl</servlet-name>
-    <url-pattern>/spmobile/Almanach</url-pattern>
+    <url-pattern>/services/spmobile/Almanach</url-pattern>
   </servlet-mapping>
 
   <servlet>
@@ -137,7 +137,7 @@
   </servlet>
   <servlet-mapping>
     <servlet-name>serviceNotificationsImpl</servlet-name>
-    <url-pattern>/spmobile/Notifications</url-pattern>
+    <url-pattern>/services/spmobile/Notifications</url-pattern>
   </servlet-mapping>
 
   <servlet>
@@ -147,7 +147,7 @@
 
   <servlet-mapping>
     <servlet-name>AttachmentServlet</servlet-name>
-    <url-pattern>/spmobile/Attachment</url-pattern>
+    <url-pattern>/services/spmobile/Attachment</url-pattern>
   </servlet-mapping>
 
   <servlet>
@@ -157,7 +157,7 @@
 
   <servlet-mapping>
     <servlet-name>PublicationContentServlet</servlet-name>
-    <url-pattern>/spmobile/PublicationContent</url-pattern>
+    <url-pattern>/services/spmobile/PublicationContent</url-pattern>
   </servlet-mapping>
 
   <servlet>
@@ -167,7 +167,7 @@
 
   <servlet-mapping>
     <servlet-name>MediaServlet</servlet-name>
-    <url-pattern>/spmobile/MediaAction</url-pattern>
+    <url-pattern>/services/spmobile/MediaAction</url-pattern>
   </servlet-mapping>
 
   <servlet>
@@ -177,7 +177,7 @@
 
   <servlet-mapping>
     <servlet-name>SoundServlet</servlet-name>
-    <url-pattern>/spmobile/SoundAction</url-pattern>
+    <url-pattern>/services/spmobile/SoundAction</url-pattern>
   </servlet-mapping>
 
   <servlet>
@@ -187,7 +187,7 @@
 
   <servlet-mapping>
     <servlet-name>VideoServlet</servlet-name>
-    <url-pattern>/spmobile/VideoAction</url-pattern>
+    <url-pattern>/services/spmobile/VideoAction</url-pattern>
   </servlet-mapping>