Defined authentication method, scheme and token type separately.
Change-Id: I4455b8c6b68cb2956eb0e7d99a3e91ffbd5a6421
diff --git a/full/src/main/java/de/ids_mannheim/korap/authentication/APIAuthentication.java b/full/src/main/java/de/ids_mannheim/korap/authentication/APIAuthentication.java
index 7072d5b..8c41ab0 100644
--- a/full/src/main/java/de/ids_mannheim/korap/authentication/APIAuthentication.java
+++ b/full/src/main/java/de/ids_mannheim/korap/authentication/APIAuthentication.java
@@ -8,6 +8,7 @@
import de.ids_mannheim.korap.config.JWTSigner;
import de.ids_mannheim.korap.config.KustvaktConfiguration;
+import de.ids_mannheim.korap.config.TokenType;
import de.ids_mannheim.korap.exceptions.KustvaktException;
import de.ids_mannheim.korap.exceptions.StatusCodes;
import de.ids_mannheim.korap.interfaces.AuthenticationIface;
@@ -34,7 +35,6 @@
config.getIssuer(), config.getTokenTTL());
}
-
@Override
public TokenContext getTokenContext (String authToken)
throws KustvaktException {
@@ -42,7 +42,7 @@
//Element ein = invalided.get(authToken);
try {
context = signedToken.getTokenContext(authToken);
- context.setAuthenticationType(getIdentifier());
+ context.setTokenType(getTokenType());
}
catch (JOSEException | ParseException ex) {
throw new KustvaktException(StatusCodes.ILLEGAL_ARGUMENT);
@@ -65,7 +65,7 @@
catch (ParseException e) {
throw new KustvaktException(StatusCodes.ILLEGAL_ARGUMENT);
}
- c.setAuthenticationType(getIdentifier());
+ c.setTokenType(getTokenType());
c.setToken(jwt.serialize());
//id_tokens.put(new Element(c.getToken(), c));
return c;
@@ -86,4 +86,10 @@
throws KustvaktException {
return null;
}
+
+
+ @Override
+ public TokenType getTokenType () {
+ return TokenType.API;
+ }
}
diff --git a/full/src/main/java/de/ids_mannheim/korap/authentication/BasicAuthentication.java b/full/src/main/java/de/ids_mannheim/korap/authentication/BasicAuthentication.java
index 793b990..96b5800 100644
--- a/full/src/main/java/de/ids_mannheim/korap/authentication/BasicAuthentication.java
+++ b/full/src/main/java/de/ids_mannheim/korap/authentication/BasicAuthentication.java
@@ -7,7 +7,7 @@
import de.ids_mannheim.korap.authentication.http.HttpAuthorizationHandler;
import de.ids_mannheim.korap.authentication.http.TransferEncoding;
import de.ids_mannheim.korap.config.Attributes;
-import de.ids_mannheim.korap.config.AuthenticationType;
+import de.ids_mannheim.korap.config.TokenType;
import de.ids_mannheim.korap.config.KustvaktConfiguration;
import de.ids_mannheim.korap.config.Scopes;
import de.ids_mannheim.korap.dao.UserDao;
@@ -28,7 +28,8 @@
* is defined in {@link HttpAuthorizationHandler}.
*
* Basic authentication is intended to be used with a database. It is
- * currently only used for testing using a dummy DAO (@see {@link UserDao}).
+ * currently only used for testing using a dummy DAO (@see {@link UserDao})
+ * without passwords.
*
*
* @author margaretha
@@ -55,23 +56,13 @@
@Override
public TokenContext getTokenContext (String authToken)
throws KustvaktException {
- // Hanl: fixme: handle via constructor
- // EM: ?
String[] values = transferEncoding.decodeBase64(authToken);
if (values != null) {
TokenContext c = new TokenContext();
- User user = dao.getAccount(values[0]);
- if (user instanceof KorAPUser
- && ((KorAPUser) user).getPassword() != null) {
- boolean check = crypto.checkHash(values[1],
- ((KorAPUser) user).getPassword());
-
- if (!check) return null;
- }
c.setUsername(values[0]);
c.setExpirationTime(TimeUtils.plusSeconds(this.config.getTokenTTL())
.getMillis());
- c.setAuthenticationType(AuthenticationType.BASIC);
+ c.setTokenType(getTokenType());
// todo: for production mode, set true
c.setSecureRequired(false);
// EM: is this secure?
@@ -107,7 +98,7 @@
@Override
- public AuthenticationType getIdentifier () {
- return AuthenticationType.BASIC;
+ public TokenType getTokenType () {
+ return TokenType.BASIC;
}
}
diff --git a/full/src/main/java/de/ids_mannheim/korap/authentication/KustvaktAuthenticationManager.java b/full/src/main/java/de/ids_mannheim/korap/authentication/KustvaktAuthenticationManager.java
index 9c86533..0b98f76 100644
--- a/full/src/main/java/de/ids_mannheim/korap/authentication/KustvaktAuthenticationManager.java
+++ b/full/src/main/java/de/ids_mannheim/korap/authentication/KustvaktAuthenticationManager.java
@@ -20,12 +20,11 @@
import com.unboundid.ldap.sdk.LDAPException;
import de.ids_mannheim.korap.auditing.AuditRecord;
-import de.ids_mannheim.korap.authentication.http.AuthorizationData;
import de.ids_mannheim.korap.config.Attributes;
-import de.ids_mannheim.korap.config.AuthenticationType;
+import de.ids_mannheim.korap.config.AuthenticationMethod;
import de.ids_mannheim.korap.config.BeansFactory;
-import de.ids_mannheim.korap.config.KustvaktConfiguration;
import de.ids_mannheim.korap.config.FullConfiguration;
+import de.ids_mannheim.korap.config.TokenType;
import de.ids_mannheim.korap.config.URIParam;
import de.ids_mannheim.korap.exceptions.EmptyResultException;
import de.ids_mannheim.korap.exceptions.KustvaktException;
@@ -51,7 +50,6 @@
import de.ids_mannheim.korap.user.UserDetails;
import de.ids_mannheim.korap.user.UserSettings;
import de.ids_mannheim.korap.user.Userdata;
-import de.ids_mannheim.korap.utils.StringUtils;
import de.ids_mannheim.korap.utils.TimeUtils;
/**
@@ -72,7 +70,7 @@
private Collection userdatadaos;
private LoginCounter counter;
private ValidatorIface validator;
-
+
public KustvaktAuthenticationManager(EntityHandlerIface userdb, AdminHandlerIface admindb, EncryptionIface crypto,
FullConfiguration config, AuditingIface auditer, Collection<UserDataDbIface> userdatadaos) {
this.entHandler = userdb;
@@ -100,7 +98,7 @@
* @throws KustvaktException
*/
@Override
- public TokenContext getTokenStatus(AuthenticationType type, String token,
+ public TokenContext getTokenStatus(TokenType type, String token,
String host, String useragent) throws KustvaktException {
AuthenticationIface provider = getProvider(type , null);
@@ -146,7 +144,7 @@
}
public TokenContext refresh(TokenContext context) throws KustvaktException {
- AuthenticationIface provider = getProvider(context.getAuthenticationType(), null);
+ AuthenticationIface provider = getProvider(context.getTokenType(), null);
if (provider == null) {
// todo:
}
@@ -170,10 +168,10 @@
* @throws KustvaktException
*/
@Override
- public User authenticate(AuthenticationType type, String username, String password, Map<String, Object> attributes)
+ public User authenticate(AuthenticationMethod method, String username, String password, Map<String, Object> attributes)
throws KustvaktException {
User user;
- switch (type) {
+ switch (method) {
case SHIBBOLETH:
// todo:
user = authenticateShib(attributes);
@@ -252,9 +250,10 @@
} // getAccess
@Override
- public TokenContext createTokenContext(User user, Map<String, Object> attr, AuthenticationType type)
+ public TokenContext createTokenContext(User user, Map<String, Object> attr, TokenType type)
throws KustvaktException {
- AuthenticationIface provider = getProvider(type, AuthenticationType.LDAP);
+ // use api token
+ AuthenticationIface provider = getProvider(type, TokenType.API);
// EM: not in the new DB
// if (attr.get(Attributes.SCOPES) != null)
@@ -535,11 +534,11 @@
public void logout(TokenContext context) throws KustvaktException {
try {
- AuthenticationIface provider = getProvider(context.getAuthenticationType(), null);
+ AuthenticationIface provider = getProvider(context.getTokenType(), null);
if (provider == null) {
throw new KustvaktException(StatusCodes.ILLEGAL_ARGUMENT, "Authentication "
- + "provider not supported!", context.getAuthenticationType().name());
+ + "provider not supported!", context.getTokenType().displayName());
}
provider.removeUserSession(context.getToken());
} catch (KustvaktException e) {
@@ -923,4 +922,5 @@
throw new WrappedException(e, StatusCodes.UPDATE_ACCOUNT_FAILED);
}
}
+
}
diff --git a/full/src/main/java/de/ids_mannheim/korap/authentication/LdapAuth3.java b/full/src/main/java/de/ids_mannheim/korap/authentication/LdapAuth3.java
index 1ce2772..44ed646 100644
--- a/full/src/main/java/de/ids_mannheim/korap/authentication/LdapAuth3.java
+++ b/full/src/main/java/de/ids_mannheim/korap/authentication/LdapAuth3.java
@@ -28,7 +28,7 @@
import com.unboundid.ldap.sdk.*;
-import de.ids_mannheim.korap.config.AuthenticationType;
+import de.ids_mannheim.korap.config.TokenType;
import de.ids_mannheim.korap.config.KustvaktConfiguration;
import java.io.*;
@@ -78,8 +78,8 @@
@Override
- public AuthenticationType getIdentifier () {
- return AuthenticationType.LDAP;
+ public TokenType getTokenType () {
+ return TokenType.API;
}
/**
diff --git a/full/src/main/java/de/ids_mannheim/korap/authentication/OpenIDconnectAuthentication.java b/full/src/main/java/de/ids_mannheim/korap/authentication/OpenIDconnectAuthentication.java
index 0257c68..368c390 100644
--- a/full/src/main/java/de/ids_mannheim/korap/authentication/OpenIDconnectAuthentication.java
+++ b/full/src/main/java/de/ids_mannheim/korap/authentication/OpenIDconnectAuthentication.java
@@ -9,7 +9,7 @@
import de.ids_mannheim.korap.interfaces.AuthenticationIface;
import de.ids_mannheim.korap.interfaces.db.PersistenceClient;
import de.ids_mannheim.korap.config.Attributes;
-import de.ids_mannheim.korap.config.AuthenticationType;
+import de.ids_mannheim.korap.config.TokenType;
import de.ids_mannheim.korap.user.TokenContext;
import de.ids_mannheim.korap.user.User;
import de.ids_mannheim.korap.utils.NamingUtils;
@@ -64,7 +64,7 @@
catch (ParseException e) {
throw new KustvaktException(StatusCodes.ILLEGAL_ARGUMENT);
}
- c.setAuthenticationType(AuthenticationType.OPENID);
+ c.setTokenType(getTokenType());
c.setToken(jwt.serialize());
CacheManager.getInstance().getCache("id_tokens")
.put(new Element(c.getToken(), c));
@@ -85,7 +85,7 @@
@Override
- public AuthenticationType getIdentifier () {
- return AuthenticationType.OPENID;
+ public TokenType getTokenType() {
+ return TokenType.ID_TOKEN;
}
}
diff --git a/full/src/main/java/de/ids_mannheim/korap/authentication/SessionAuthentication.java b/full/src/main/java/de/ids_mannheim/korap/authentication/SessionAuthentication.java
index c0eb9cd..b32879e 100644
--- a/full/src/main/java/de/ids_mannheim/korap/authentication/SessionAuthentication.java
+++ b/full/src/main/java/de/ids_mannheim/korap/authentication/SessionAuthentication.java
@@ -6,7 +6,7 @@
import de.ids_mannheim.korap.interfaces.AuthenticationIface;
import de.ids_mannheim.korap.interfaces.EncryptionIface;
import de.ids_mannheim.korap.config.Attributes;
-import de.ids_mannheim.korap.config.AuthenticationType;
+import de.ids_mannheim.korap.config.TokenType;
import de.ids_mannheim.korap.user.TokenContext;
import de.ids_mannheim.korap.user.User;
import de.ids_mannheim.korap.utils.TimeUtils;
@@ -67,7 +67,7 @@
now.getMillis());
TokenContext ctx = new TokenContext();
ctx.setUsername(user.getUsername());
- ctx.setAuthenticationType(AuthenticationType.SESSION);
+ ctx.setTokenType(TokenType.SESSION);
ctx.setToken(token);
ctx.setExpirationTime(ex.getMillis()+(1000));
ctx.setHostAddress(attr.get(Attributes.HOST).toString());
@@ -93,8 +93,8 @@
@Override
- public AuthenticationType getIdentifier () {
- return AuthenticationType.OPENID;
+ public TokenType getTokenType () {
+ return TokenType.SESSION;
}
}
diff --git a/full/src/main/java/de/ids_mannheim/korap/authentication/http/AuthorizationData.java b/full/src/main/java/de/ids_mannheim/korap/authentication/http/AuthorizationData.java
index 14077e6..32c9c7b 100644
--- a/full/src/main/java/de/ids_mannheim/korap/authentication/http/AuthorizationData.java
+++ b/full/src/main/java/de/ids_mannheim/korap/authentication/http/AuthorizationData.java
@@ -1,6 +1,6 @@
package de.ids_mannheim.korap.authentication.http;
-import de.ids_mannheim.korap.config.AuthenticationType;
+import de.ids_mannheim.korap.config.AuthenticationScheme;
import lombok.Getter;
import lombok.Setter;
@@ -9,8 +9,9 @@
public class AuthorizationData {
private String token;
- private AuthenticationType authenticationType;
+ private AuthenticationScheme authenticationScheme;
private String username;
private String password;
}
+
diff --git a/full/src/main/java/de/ids_mannheim/korap/authentication/http/HttpAuthorizationHandler.java b/full/src/main/java/de/ids_mannheim/korap/authentication/http/HttpAuthorizationHandler.java
index f25bd96..bea9bc1 100644
--- a/full/src/main/java/de/ids_mannheim/korap/authentication/http/HttpAuthorizationHandler.java
+++ b/full/src/main/java/de/ids_mannheim/korap/authentication/http/HttpAuthorizationHandler.java
@@ -3,13 +3,14 @@
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
-import de.ids_mannheim.korap.config.AuthenticationType;
+import de.ids_mannheim.korap.config.AuthenticationScheme;
import de.ids_mannheim.korap.exceptions.KustvaktException;
import de.ids_mannheim.korap.exceptions.StatusCodes;
import de.ids_mannheim.korap.utils.ParameterChecker;
-/** Implementation of HTTP authentication scheme (see RFC 7253 and 7617)
- * for client asking for authorization and sending user data.
+/** Implementation of Basic HTTP authentication scheme (see RFC 7253
+ * and 7617) for client asking for authorization and sending user
+ * data.
*
* @author margaretha
*
@@ -19,17 +20,17 @@
@Autowired
private TransferEncoding transferEncoding;
-
- public String createAuthorizationHeader (AuthenticationType type,
- String username, String password) throws KustvaktException {
+
+ public String createBasicAuthorizationHeaderValue (String username,
+ String password) throws KustvaktException {
ParameterChecker.checkStringValue(username, "username");
ParameterChecker.checkStringValue(password, "password");
String credentials = transferEncoding.encodeBase64(username, password);
- return type.displayName() + " " + credentials;
+ return AuthenticationScheme.BASIC.displayName()+" " + credentials;
}
- public AuthorizationData parseAuthorizationHeader (
+ public AuthorizationData parseAuthorizationHeaderValue (
String authorizationHeader) throws KustvaktException {
ParameterChecker.checkStringValue(authorizationHeader,
"authorization header");
@@ -45,13 +46,13 @@
}
AuthorizationData data = new AuthorizationData();
- data.setAuthenticationType(
- AuthenticationType.valueOf(values[0].toUpperCase()));
+ data.setAuthenticationScheme(
+ AuthenticationScheme.valueOf(values[0].toUpperCase()));
data.setToken(values[1]);
return data;
}
- public AuthorizationData parseToken (AuthorizationData data)
+ public AuthorizationData parseBasicToken (AuthorizationData data)
throws KustvaktException {
String[] credentials = transferEncoding.decodeBase64(data.getToken());
data.setUsername(credentials[0]);
diff --git a/full/src/main/java/de/ids_mannheim/korap/authentication/http/HttpUnauthorizedHandler.java b/full/src/main/java/de/ids_mannheim/korap/authentication/http/HttpUnauthorizedHandler.java
index 026b623..8e296bc 100644
--- a/full/src/main/java/de/ids_mannheim/korap/authentication/http/HttpUnauthorizedHandler.java
+++ b/full/src/main/java/de/ids_mannheim/korap/authentication/http/HttpUnauthorizedHandler.java
@@ -1,12 +1,14 @@
package de.ids_mannheim.korap.authentication.http;
+import java.util.EnumSet;
+
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Response;
+import javax.ws.rs.core.Response.ResponseBuilder;
-import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
-import de.ids_mannheim.korap.config.FullConfiguration;
+import de.ids_mannheim.korap.config.AuthenticationScheme;
/** Implementation of HTTP authentication scheme (see RFC 7253 and 7617)
* for server creating responses with status 401 Unauthorized and
@@ -17,15 +19,16 @@
*/
@Component
public class HttpUnauthorizedHandler {
- @Autowired
- private FullConfiguration config;
public Response createUnauthenticatedResponse (String notification) {
- return Response.status(Response.Status.UNAUTHORIZED)
- .header(HttpHeaders.WWW_AUTHENTICATE,
- config.getAuthenticationScheme()
- + " realm=\"Kustvakt\"")
- .entity(notification)
- .build();
+ ResponseBuilder builder = Response.status(Response.Status.UNAUTHORIZED);
+
+ for (AuthenticationScheme s : EnumSet
+ .allOf(AuthenticationScheme.class)) {
+ builder = builder.header(HttpHeaders.WWW_AUTHENTICATE,
+ s.displayName() + " realm=\"Kustvakt\"");
+ }
+
+ return builder.entity(notification).build();
}
}
diff --git a/full/src/main/java/de/ids_mannheim/korap/config/FullConfiguration.java b/full/src/main/java/de/ids_mannheim/korap/config/FullConfiguration.java
index 19ab495..2474a5a 100644
--- a/full/src/main/java/de/ids_mannheim/korap/config/FullConfiguration.java
+++ b/full/src/main/java/de/ids_mannheim/korap/config/FullConfiguration.java
@@ -13,7 +13,7 @@
*
*/
@Getter
-public class FullConfiguration extends KustvaktConfiguration{
+public class FullConfiguration extends KustvaktConfiguration {
private String ldapConfig;
@@ -41,20 +41,7 @@
// EM: pattern for matching availability in Krill matches
setLicensePatterns(properties);
- authenticationScheme = properties.getProperty("authentication.scheme");
- if (authenticationScheme == null) {
- throw new NullPointerException(
- "authentication.scheme is missing in kustvakt.conf");
- }
- authenticationScheme = authenticationScheme.toLowerCase();
- if (authenticationScheme
- .equals(AuthenticationType.LDAP.displayName())) {
- ldapConfig = properties.getProperty("ldap.config");
- if (ldapConfig == null) {
- throw new NullPointerException(
- "ldap.config is missing in kustvakt.conf");
- }
- }
+ ldapConfig = properties.getProperty("ldap.config");
}
private void setLicensePatterns (Properties properties) {
diff --git a/full/src/main/java/de/ids_mannheim/korap/handlers/OAuthDb.java b/full/src/main/java/de/ids_mannheim/korap/handlers/OAuthDb.java
index 816297d..72d15cb 100644
--- a/full/src/main/java/de/ids_mannheim/korap/handlers/OAuthDb.java
+++ b/full/src/main/java/de/ids_mannheim/korap/handlers/OAuthDb.java
@@ -6,7 +6,7 @@
import de.ids_mannheim.korap.exceptions.DatabaseException;
import de.ids_mannheim.korap.interfaces.db.PersistenceClient;
import de.ids_mannheim.korap.config.Attributes;
-import de.ids_mannheim.korap.config.AuthenticationType;
+import de.ids_mannheim.korap.config.TokenType;
import de.ids_mannheim.korap.user.TokenContext;
import de.ids_mannheim.korap.user.User;
import de.ids_mannheim.korap.utils.BooleanUtils;
@@ -209,8 +209,8 @@
c.setUsername(rs.getString(Attributes.USERNAME));
c.setExpirationTime(exp);
c.setToken(token);
- c.setAuthenticationType(AuthenticationType.OAUTH2);
- //.setTokenType(Attributes.OAUTH2_AUTHORIZATION);
+ c.setTokenType(TokenType.BEARER);
+// c.setTokenType(Attributes.OAUTH2_AUTHORIZATION);
c.addContextParameter(Attributes.SCOPES,
rs.getString(Attributes.SCOPES));
return c;
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/FullResponseHandler.java b/full/src/main/java/de/ids_mannheim/korap/web/FullResponseHandler.java
index dbd9ef5..c2d8df5 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/FullResponseHandler.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/FullResponseHandler.java
@@ -27,7 +27,7 @@
@Override
public WebApplicationException throwit (KustvaktException e) {
Response r;
- // EM: for all status codes > 2000?
+
if (e.getStatusCode() == StatusCodes.AUTHORIZATION_FAILED
|| e.getStatusCode() >= StatusCodes.AUTHENTICATION_FAILED) {
String notification = buildNotification(e.getStatusCode(),
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/controller/AdminController.java b/full/src/main/java/de/ids_mannheim/korap/web/controller/AdminController.java
index 532965a..fb641d5 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/controller/AdminController.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/controller/AdminController.java
@@ -46,6 +46,7 @@
* Last changes:
* removed DocumentDao (EM)
*/
+@Deprecated
@Controller
@Path(KustvaktServer.API_VERSION + "/admin")
@ResourceFilters({ AdminFilter.class, PiwikFilter.class })
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/controller/AnnotationController.java b/full/src/main/java/de/ids_mannheim/korap/web/controller/AnnotationController.java
index 803936b..939b13c 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/controller/AnnotationController.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/controller/AnnotationController.java
@@ -36,7 +36,7 @@
*/
@Controller
@Path("annotation/")
-@ResourceFilters({ AuthenticationFilter.class, DemoUserFilter.class, PiwikFilter.class })
+@ResourceFilters({DemoUserFilter.class, PiwikFilter.class })
@Produces(MediaType.APPLICATION_JSON + ";charset=utf-8")
public class AnnotationController {
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/controller/AuthenticationController.java b/full/src/main/java/de/ids_mannheim/korap/web/controller/AuthenticationController.java
index 49f93ac..d5d6a5b 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/controller/AuthenticationController.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/controller/AuthenticationController.java
@@ -6,6 +6,7 @@
import java.util.Locale;
import java.util.Map;
+import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.HeaderParam;
@@ -30,11 +31,14 @@
import de.ids_mannheim.korap.authentication.http.AuthorizationData;
import de.ids_mannheim.korap.authentication.http.HttpAuthorizationHandler;
import de.ids_mannheim.korap.config.Attributes;
-import de.ids_mannheim.korap.config.AuthenticationType;
+import de.ids_mannheim.korap.config.AuthenticationMethod;
+import de.ids_mannheim.korap.config.AuthenticationScheme;
+import de.ids_mannheim.korap.config.TokenType;
import de.ids_mannheim.korap.config.BeansFactory;
import de.ids_mannheim.korap.exceptions.KustvaktException;
import de.ids_mannheim.korap.exceptions.StatusCodes;
import de.ids_mannheim.korap.interfaces.AuthenticationManagerIface;
+import de.ids_mannheim.korap.user.KorAPUser;
import de.ids_mannheim.korap.user.TokenContext;
import de.ids_mannheim.korap.user.User;
import de.ids_mannheim.korap.utils.JsonUtils;
@@ -64,7 +68,7 @@
@Autowired
private HttpAuthorizationHandler authorizationHandler;
- private static Boolean DEBUG_LOG = true;
+ private static Boolean DEBUG_LOG = false;
//todo: bootstrap function to transmit certain default configuration settings and examples (example user queries,
// default usersettings, etc.)
@@ -120,6 +124,43 @@
throw kustvaktResponseHandler.throwit(e);
}
}
+
+ // EM: testing using spring security authentication manager
+ @GET
+ @Path("ldap/token")
+ public Response requestToken (@Context HttpHeaders headers,
+ @Context Locale locale,
+ @HeaderParam(ContainerRequest.USER_AGENT) String agent,
+ @HeaderParam(ContainerRequest.HOST) String host,
+ @HeaderParam("referer-url") String referer,
+ @QueryParam("scope") String scopes,
+ // @Context WebServiceContext wsContext, // FB
+ @Context SecurityContext securityContext) {
+
+ Map<String, Object> attr = new HashMap<>();
+ if (scopes != null && !scopes.isEmpty())
+ attr.put(Attributes.SCOPES, scopes);
+ attr.put(Attributes.HOST, host);
+ attr.put(Attributes.USER_AGENT, agent);
+
+ User user = new KorAPUser();
+ user.setUsername(securityContext.getUserPrincipal().getName());
+ controller.setAccessAndLocation(user, headers);
+ if (DEBUG_LOG == true) System.out.printf(
+ "Debug: /token/: location=%s, access='%s'.\n",
+ user.locationtoString(), user.accesstoString());
+ attr.put(Attributes.LOCATION, user.getLocation());
+ attr.put(Attributes.CORPUS_ACCESS, user.getCorpusAccess());
+
+ try {
+ TokenContext context = controller.createTokenContext(user, attr,
+ TokenType.API);
+ return Response.ok(context.toJson()).build();
+ }
+ catch (KustvaktException e) {
+ throw kustvaktResponseHandler.throwit(e);
+ }
+ }
@GET
@@ -146,8 +187,13 @@
AuthorizationData authorizationData;
try {
authorizationData = authorizationHandler.
- parseAuthorizationHeader(auth.get(0));
- authorizationData = authorizationHandler.parseToken(authorizationData);
+ parseAuthorizationHeaderValue(auth.get(0));
+ if (authorizationData.getAuthenticationScheme().equals(AuthenticationScheme.BASIC)){
+ authorizationData = authorizationHandler.parseBasicToken(authorizationData);
+ }
+ else {
+ // EM: throw exception that auth scheme is not supported?
+ }
}
catch (KustvaktException e) {
@@ -205,7 +251,7 @@
TokenContext context;
try {
// User user = controller.authenticate(0, values[0], values[1], attr); Implementation by Hanl
- User user = controller.authenticate(AuthenticationType.LDAP,
+ User user = controller.authenticate(AuthenticationMethod.LDAP,
authorizationData.getUsername(), authorizationData.getPassword(), attr); // Implementation with IdM/LDAP
// Userdata data = this.controller.getUserData(user, UserDetails.class); // Implem. by Hanl
// todo: is this necessary?
@@ -217,8 +263,9 @@
attr.put(Attributes.LOCATION, user.getLocation());
attr.put(Attributes.CORPUS_ACCESS, user.getCorpusAccess());
context = controller.createTokenContext(user, attr,
- AuthenticationType.LDAP);
- //Attributes.API_AUTHENTICATION);
+ TokenType.API);
+// context = controller.createTokenContext(user, attr,
+// Attributes.API_AUTHENTICATION);
}
catch (KustvaktException e) {
throw kustvaktResponseHandler.throwit(e);
@@ -266,8 +313,8 @@
AuthorizationData authorizationData;
try {
authorizationData = authorizationHandler.
- parseAuthorizationHeader(auth.get(0));
- authorizationData = authorizationHandler.parseToken(authorizationData);
+ parseAuthorizationHeaderValue(auth.get(0));
+ authorizationData = authorizationHandler.parseBasicToken(authorizationData);
}
catch (KustvaktException e) {
@@ -290,10 +337,13 @@
TokenContext context;
String contextJson;
try {
- User user = controller.authenticate(AuthenticationType.SESSION,
+ //EM: authentication scheme default
+ User user = controller.authenticate(AuthenticationMethod.DATABASE,
authorizationData.getUsername(), authorizationData.getPassword(), attr);
context = controller.createTokenContext(user, attr,
- AuthenticationType.SESSION);
+ TokenType.SESSION);
+// context = controller.createTokenContext(user, attr,
+// Attributes.SESSION_AUTHENTICATION);
contextJson = context.toJson();
jlog.debug(contextJson);
}
@@ -327,7 +377,7 @@
try {
// todo: distinguish type KorAP/Shibusers
- User user = controller.authenticate(AuthenticationType.SHIBBOLETH,
+ User user = controller.authenticate(AuthenticationMethod.SHIBBOLETH,
null, null, attr);
context = controller.createTokenContext(user, attr, null);
}
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuthController.java b/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuthController.java
index 6616a12..a1cd54d 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuthController.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuthController.java
@@ -1,23 +1,26 @@
package de.ids_mannheim.korap.web.controller;
-import com.sun.jersey.spi.container.ContainerRequest;
-import com.sun.jersey.spi.container.ResourceFilters;
-import de.ids_mannheim.korap.config.*;
-import de.ids_mannheim.korap.exceptions.KustvaktException;
-import de.ids_mannheim.korap.exceptions.StatusCodes;
-import de.ids_mannheim.korap.handlers.OAuth2Handler;
-import de.ids_mannheim.korap.interfaces.AuthenticationManagerIface;
-import de.ids_mannheim.korap.interfaces.EncryptionIface;
-import de.ids_mannheim.korap.server.KustvaktServer;
-import de.ids_mannheim.korap.user.*;
-import de.ids_mannheim.korap.utils.JsonUtils;
-import de.ids_mannheim.korap.utils.StringUtils;
-import de.ids_mannheim.korap.web.CoreResponseHandler;
-import de.ids_mannheim.korap.web.filter.AuthenticationFilter;
-import de.ids_mannheim.korap.web.filter.BlockingFilter;
-import de.ids_mannheim.korap.web.filter.DemoUserFilter;
-import de.ids_mannheim.korap.web.filter.PiwikFilter;
-import de.ids_mannheim.korap.web.utils.FormRequestWrapper;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Set;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.Consumes;
+import javax.ws.rs.GET;
+import javax.ws.rs.HeaderParam;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.QueryParam;
+import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MultivaluedMap;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.SecurityContext;
import org.apache.oltu.oauth2.as.issuer.MD5Generator;
import org.apache.oltu.oauth2.as.issuer.OAuthIssuer;
@@ -32,20 +35,39 @@
import org.apache.oltu.oauth2.common.message.OAuthResponse;
import org.apache.oltu.oauth2.common.message.types.GrantType;
import org.apache.oltu.oauth2.common.message.types.ResponseType;
-import org.apache.oltu.oauth2.common.message.types.TokenType;
import org.apache.oltu.oauth2.common.utils.OAuthUtils;
import org.springframework.beans.factory.annotation.Autowired;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.ws.rs.*;
-import javax.ws.rs.core.*;
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Set;
+import com.sun.jersey.spi.container.ContainerRequest;
+import com.sun.jersey.spi.container.ResourceFilters;
+
+import de.ids_mannheim.korap.config.Attributes;
+import de.ids_mannheim.korap.config.AuthCodeInfo;
+import de.ids_mannheim.korap.config.AuthenticationMethod;
+import de.ids_mannheim.korap.config.AuthenticationScheme;
+import de.ids_mannheim.korap.config.BeansFactory;
+import de.ids_mannheim.korap.config.ClientInfo;
+import de.ids_mannheim.korap.config.KustvaktConfiguration;
+import de.ids_mannheim.korap.config.Scopes;
+import de.ids_mannheim.korap.config.TokenType;
+import de.ids_mannheim.korap.exceptions.KustvaktException;
+import de.ids_mannheim.korap.exceptions.StatusCodes;
+import de.ids_mannheim.korap.handlers.OAuth2Handler;
+import de.ids_mannheim.korap.interfaces.AuthenticationManagerIface;
+import de.ids_mannheim.korap.interfaces.EncryptionIface;
+import de.ids_mannheim.korap.server.KustvaktServer;
+import de.ids_mannheim.korap.user.TokenContext;
+import de.ids_mannheim.korap.user.User;
+import de.ids_mannheim.korap.user.UserDetails;
+import de.ids_mannheim.korap.user.Userdata;
+import de.ids_mannheim.korap.utils.JsonUtils;
+import de.ids_mannheim.korap.utils.StringUtils;
+import de.ids_mannheim.korap.web.CoreResponseHandler;
+import de.ids_mannheim.korap.web.filter.AuthenticationFilter;
+import de.ids_mannheim.korap.web.filter.BlockingFilter;
+import de.ids_mannheim.korap.web.filter.DemoUserFilter;
+import de.ids_mannheim.korap.web.filter.PiwikFilter;
+import de.ids_mannheim.korap.web.utils.FormRequestWrapper;
/**
* @author hanl
@@ -319,10 +341,10 @@
// skips authorization code type and returns id_token and access token directly
if (oauthRequest.getScopes().contains("openid")) {
try {
+ // EM: MH uses APIAuthentication to create api token
TokenContext new_context = this.controller
.createTokenContext(user, attr, null);
- //builder.setParam(new_context.getTokenType(),
- builder.setParam(new_context.getAuthenticationType().name(),
+ builder.setParam(new_context.getTokenType().displayName(),
new_context.getToken());
}
catch (KustvaktException e) {
@@ -503,7 +525,7 @@
.addToken(oauthRequest.getCode(), accessToken,
refreshToken, config.getTokenTTL());
- builder.setTokenType(TokenType.BEARER.toString());
+ builder.setTokenType(TokenType.BEARER.displayName());
builder.setExpiresIn(String.valueOf(config
.getLongTokenTTL()));
builder.setAccessToken(accessToken);
@@ -535,7 +557,8 @@
openid_valid = true;
try {
- user = controller.authenticate(AuthenticationType.OAUTH2,
+ // EM: MH uses database
+ user = controller.authenticate(AuthenticationMethod.DATABASE,
oauthRequest.getUsername(),
oauthRequest.getPassword(), attr);
}
@@ -555,7 +578,7 @@
" "), config.getLongTokenTTL());
builder.setRefreshToken(refresh);
}
- builder.setTokenType(TokenType.BEARER.toString());
+ builder.setTokenType(TokenType.BEARER.displayName());
builder.setExpiresIn(String.valueOf(config
.getLongTokenTTL()));
builder.setAccessToken(accessToken);
@@ -571,7 +594,8 @@
Scopes.Scope.openid.toString())) {
try {
if (user == null)
- user = controller.authenticate(AuthenticationType.OAUTH2,
+ // EM: MH uses database
+ user = controller.authenticate(AuthenticationMethod.DATABASE,
oauthRequest.getUsername(),
oauthRequest.getPassword(), attr);
Userdata data = controller.getUserData(user,
@@ -580,11 +604,10 @@
attr.put(Attributes.CLIENT_SECRET,
oauthRequest.getClientSecret());
- TokenContext c = controller.createTokenContext(user, attr,
- AuthenticationType.OPENID);
+ TokenContext c = controller.createTokenContext(user, attr,TokenType.ID_TOKEN);
//Attributes.OPENID_AUTHENTICATION);
- //EM: why openid, not oauth2?
- builder.setParam(c.getAuthenticationType().name(), c.getToken());
+
+ builder.setParam(c.getTokenType().displayName(), c.getToken());
}
catch (KustvaktException e) {
throw kustvaktResponseHandler.throwit(e);
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/filter/AdminFilter.java b/full/src/main/java/de/ids_mannheim/korap/web/filter/AdminFilter.java
index 582cf1a..b1cc781 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/filter/AdminFilter.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/filter/AdminFilter.java
@@ -18,6 +18,7 @@
import de.ids_mannheim.korap.authentication.http.HttpAuthorizationHandler;
import de.ids_mannheim.korap.authentication.http.TransferEncoding;
import de.ids_mannheim.korap.config.Attributes;
+import de.ids_mannheim.korap.config.AuthenticationMethod;
import de.ids_mannheim.korap.exceptions.KustvaktException;
import de.ids_mannheim.korap.exceptions.StatusCodes;
import de.ids_mannheim.korap.interfaces.AuthenticationManagerIface;
@@ -30,7 +31,10 @@
/**
* @author hanl, margaretha
* @date 04/2017
+ *
+ * @see AuthenticationFilter
*/
+@Deprecated
@Component
@Provider
public class AdminFilter implements ContainerRequestFilter, ResourceFilter {
@@ -42,9 +46,6 @@
private FullResponseHandler kustvaktResponseHandler;
@Autowired
- private TransferEncoding transferEncoding;
-
- @Autowired
private HttpAuthorizationHandler authorizationHandler;
@Override
@@ -54,8 +55,8 @@
AuthorizationData data;
try {
- data = authorizationHandler.parseAuthorizationHeader(authorization);
- data = authorizationHandler.parseToken(data);
+ data = authorizationHandler.parseAuthorizationHeaderValue(authorization);
+ data = authorizationHandler.parseBasicToken(data);
}
catch (KustvaktException e) {
throw kustvaktResponseHandler.throwit(e);
@@ -68,7 +69,7 @@
attributes.put(Attributes.USER_AGENT, agent);
try {
// EM: fix me: AuthenticationType based on header value
- User user = authManager.authenticate(data.getAuthenticationType(),
+ User user = authManager.authenticate(AuthenticationMethod.LDAP,
data.getUsername(), data.getPassword(), attributes);
if (!user.isAdmin()) {
throw new KustvaktException(StatusCodes.AUTHENTICATION_FAILED,
@@ -83,7 +84,9 @@
TokenContext c = new TokenContext();
c.setUsername(data.getUsername());
- c.setAuthenticationType(data.getAuthenticationType());
+ // EM: needs token type custom param in the authorization header
+// c.setTokenType();
+ // MH: c.setTokenType(StringUtils.getTokenType(authentication));
// EM: is this secure? Is token context not sent outside Kustvakt?
c.setToken(data.getToken());
c.setHostAddress(host);
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/filter/AuthenticationFilter.java b/full/src/main/java/de/ids_mannheim/korap/web/filter/AuthenticationFilter.java
index c3599d4..a6df6a8 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/filter/AuthenticationFilter.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/filter/AuthenticationFilter.java
@@ -12,6 +12,7 @@
import de.ids_mannheim.korap.authentication.http.AuthorizationData;
import de.ids_mannheim.korap.authentication.http.HttpAuthorizationHandler;
+import de.ids_mannheim.korap.config.TokenType;
import de.ids_mannheim.korap.exceptions.KustvaktException;
import de.ids_mannheim.korap.exceptions.StatusCodes;
import de.ids_mannheim.korap.interfaces.AuthenticationManagerIface;
@@ -22,7 +23,7 @@
/**
* @author hanl, margaretha
* @date 28/01/2014
- * @last update 5/12/2017
+ * @last update 7/12/2017
*/
@Component
@Provider
@@ -46,23 +47,33 @@
String authorization =
request.getHeaderValue(ContainerRequest.AUTHORIZATION);
-
if (authorization != null && !authorization.isEmpty()) {
- TokenContext context;
+ TokenContext context = null;
AuthorizationData authData;
try {
authData = authorizationHandler
- .parseAuthorizationHeader(authorization);
- context = userController.getTokenStatus(
- authData.getAuthenticationType(), authData.getToken(),
- host, ua);
+ .parseAuthorizationHeaderValue(authorization);
+ switch (authData.getAuthenticationScheme()) {
+ case BASIC:
+ context = userController.getTokenStatus(TokenType.BASIC,
+ authData.getToken(), host, ua);
+ break;
+ case SESSION:
+ context = userController.getTokenStatus(TokenType.SESSION,
+ authData.getToken(), host, ua);
+ break;
+ // EM: bearer or api
+ default:
+ context = userController.getTokenStatus(TokenType.API,
+ authData.getToken(), host, ua);
+ break;
+ }
checkContext(context, request);
+ request.setSecurityContext(new KustvaktContext(context));
}
catch (KustvaktException e) {
throw kustvaktResponseHandler.throwit(e);
}
-
- request.setSecurityContext(new KustvaktContext(context));
}
return request;
}
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/filter/DemoFilter.java b/full/src/main/java/de/ids_mannheim/korap/web/filter/DemoFilter.java
index 40928d7..d3f2cd9 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/filter/DemoFilter.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/filter/DemoFilter.java
@@ -11,7 +11,7 @@
import com.sun.jersey.spi.container.ResourceFilter;
import de.ids_mannheim.korap.authentication.http.HttpAuthorizationHandler;
-import de.ids_mannheim.korap.config.AuthenticationType;
+import de.ids_mannheim.korap.config.TokenType;
import de.ids_mannheim.korap.exceptions.KustvaktException;
import de.ids_mannheim.korap.user.TokenContext;
import de.ids_mannheim.korap.web.utils.KustvaktContext;
@@ -46,13 +46,13 @@
TokenContext context = new TokenContext();
String token = null;
try {
- token = handler.createAuthorizationHeader(AuthenticationType.BASIC,"demo", "demo2015");
+ token = handler.createBasicAuthorizationHeaderValue("demo", "demo2015");
}
catch (KustvaktException e) {
e.printStackTrace();
}
context.setToken(token);
- context.setAuthenticationType(AuthenticationType.LDAP);
+ context.setTokenType(TokenType.BASIC);
context.setUsername("demo");
return new KustvaktContext(context);
}
diff --git a/full/src/main/resources/kustvakt.conf b/full/src/main/resources/kustvakt.conf
index ea9af81..338c726 100644
--- a/full/src/main/resources/kustvakt.conf
+++ b/full/src/main/resources/kustvakt.conf
@@ -22,10 +22,6 @@
availability.regex.public = ACA.*
availability.regex.all = QAO.*
-## authentication
-authentication.scheme = ldap
-
-
kustvakt.management.registration=enable
## options referring to the security module!