Generalized http authentication framework.
Change-Id: I99b9bdb8b93445ceaf51ecb8105a23f980408df2
diff --git a/core/src/main/java/de/ids_mannheim/korap/config/AuthenticationType.java b/core/src/main/java/de/ids_mannheim/korap/config/AuthenticationType.java
index 3c19993..48e7375 100644
--- a/core/src/main/java/de/ids_mannheim/korap/config/AuthenticationType.java
+++ b/core/src/main/java/de/ids_mannheim/korap/config/AuthenticationType.java
@@ -1,5 +1,9 @@
package de.ids_mannheim.korap.config;
public enum AuthenticationType {
- LDAP, SHIBBOLETH, OAUTH2, OPENID, SESSION, DATABASE;
+ LDAP, SHIBBOLETH, OAUTH2, OPENID, SESSION, BASIC;
+
+ public String displayName () {
+ return name().toLowerCase();
+ }
}
\ No newline at end of file
diff --git a/core/src/main/java/de/ids_mannheim/korap/exceptions/StatusCodes.java b/core/src/main/java/de/ids_mannheim/korap/exceptions/StatusCodes.java
index 75bf020..111f6e3 100644
--- a/core/src/main/java/de/ids_mannheim/korap/exceptions/StatusCodes.java
+++ b/core/src/main/java/de/ids_mannheim/korap/exceptions/StatusCodes.java
@@ -120,9 +120,9 @@
public static final int LOGOUT_SUCCESSFUL = 2009;
public static final int LOGOUT_FAILED = 2010;
- public static final int CLIENT_REGISTRATION_FAILURE = 2011;
+ public static final int CLIENT_REGISTRATION_FAILED = 2011;
public static final int CLIENT_REMOVAL_FAILURE = 2012;
- public static final int CLIENT_AUTHORIZATION_FAILURE = 2013;
+ public static final int CLIENT_AUTHORIZATION_FAILED = 2013;
// 2020 - 2029 reserviert für LDAP-Fehlercodes - 21.04.17/FB
public static final int LDAP_BASE_ERRCODE = 2020;
diff --git a/core/src/main/java/de/ids_mannheim/korap/interfaces/AuthenticationManagerIface.java b/core/src/main/java/de/ids_mannheim/korap/interfaces/AuthenticationManagerIface.java
index e475ed5..80800c3 100644
--- a/core/src/main/java/de/ids_mannheim/korap/interfaces/AuthenticationManagerIface.java
+++ b/core/src/main/java/de/ids_mannheim/korap/interfaces/AuthenticationManagerIface.java
@@ -46,35 +46,35 @@
AuthenticationIface iface = this.providers.get(type);
// todo: configurable authentication schema
- if (iface == null)
- iface = this.providers.get(default_iface);
+ if (iface == null) iface = this.providers.get(default_iface);
return iface;
}
- public abstract TokenContext getTokenStatus (String token, String host,
- String useragent) throws KustvaktException;
+ public abstract TokenContext getTokenStatus (AuthenticationType type,
+ String token, String host, String useragent)
+ throws KustvaktException;
public abstract User getUser (String username) throws KustvaktException;
- public abstract boolean isRegistered(String id);
+ public abstract boolean isRegistered (String id);
public abstract User authenticate (AuthenticationType type, String username,
String password, Map<String, Object> attributes)
throws KustvaktException;
-
-// public abstract User authenticate (int type, String username,
-// String password, Map<String, Object> attributes)
-// throws KustvaktException;
+
+ // public abstract User authenticate (int type, String username,
+ // String password, Map<String, Object> attributes)
+ // throws KustvaktException;
public abstract TokenContext createTokenContext (User user,
Map<String, Object> attr, AuthenticationType type)
throws KustvaktException;
- public abstract void setAccessAndLocation(User user, HttpHeaders headers);
+ public abstract void setAccessAndLocation (User user, HttpHeaders headers);
public abstract void logout (TokenContext context) throws KustvaktException;
diff --git a/core/src/main/java/de/ids_mannheim/korap/web/utils/KustvaktResponseHandler.java b/core/src/main/java/de/ids_mannheim/korap/web/utils/KustvaktResponseHandler.java
index e5517b6..6c88743 100644
--- a/core/src/main/java/de/ids_mannheim/korap/web/utils/KustvaktResponseHandler.java
+++ b/core/src/main/java/de/ids_mannheim/korap/web/utils/KustvaktResponseHandler.java
@@ -79,16 +79,23 @@
//todo: if exception, make exception message and error code available if not masked!
- public WebApplicationException throwAuthenticationException (String username) {
+ public WebApplicationException throwAuthenticationException (String message) {
return new WebApplicationException(Response
.status(Response.Status.UNAUTHORIZED)
.header(HttpHeaders.WWW_AUTHENTICATE,
- "Basic realm=Kustvakt Authentication Service")
- .entity(buildNotification(StatusCodes.BAD_CREDENTIALS,
- "Unauthorized access", username)).build());
+ "Basic realm=Kustvakt")
+ .entity(buildNotification(StatusCodes.CLIENT_AUTHORIZATION_FAILED,
+ "Unauthorized access", message)).build());
}
-
+ public WebApplicationException throwAuthenticationException (KustvaktException e) {
+ return new WebApplicationException(Response
+ .status(Response.Status.UNAUTHORIZED)
+ .header(HttpHeaders.WWW_AUTHENTICATE,
+ "Basic realm=Kustvakt")
+ .entity(buildNotification(e.getStatusCode(),
+ e.getMessage(), e.getEntity())).build());
+ }
private Response.Status getStatus (int code) {
Response.Status status = Response.Status.BAD_REQUEST;
diff --git a/full/src/main/java/de/ids_mannheim/korap/authentication/BasicHttpAuth.java b/full/src/main/java/de/ids_mannheim/korap/authentication/BasicAuthentication.java
similarity index 100%
rename from full/src/main/java/de/ids_mannheim/korap/authentication/BasicHttpAuth.java
rename to full/src/main/java/de/ids_mannheim/korap/authentication/BasicAuthentication.java
diff --git a/full/src/main/java/de/ids_mannheim/korap/authentication/KustvaktAuthenticationManager.java b/full/src/main/java/de/ids_mannheim/korap/authentication/KustvaktAuthenticationManager.java
index 3c90a2c..7ee3506 100644
--- a/full/src/main/java/de/ids_mannheim/korap/authentication/KustvaktAuthenticationManager.java
+++ b/full/src/main/java/de/ids_mannheim/korap/authentication/KustvaktAuthenticationManager.java
@@ -5,9 +5,9 @@
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.NoSuchAlgorithmException;
+import java.util.Arrays;
import java.util.Collection;
import java.util.Map;
-import java.util.Arrays;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MultivaluedMap;
@@ -20,6 +20,7 @@
import com.unboundid.ldap.sdk.LDAPException;
import de.ids_mannheim.korap.auditing.AuditRecord;
+import de.ids_mannheim.korap.authentication.framework.AuthorizationData;
import de.ids_mannheim.korap.config.Attributes;
import de.ids_mannheim.korap.config.AuthenticationType;
import de.ids_mannheim.korap.config.BeansFactory;
@@ -98,21 +99,15 @@
* @throws KustvaktException
*/
@Override
- public TokenContext getTokenStatus(String token, String host, String useragent) throws KustvaktException {
- if (token == null)
- throw new KustvaktException(StatusCodes.MISSING_ARGUMENT, "authorization header");
+ public TokenContext getTokenStatus(AuthenticationType type, String token,
+ String host, String useragent) throws KustvaktException {
- // EM: fix me
- String token_type = StringUtils.getTokenType(token);
- AuthenticationType type = AuthenticationType.valueOf(token_type);
-
- token = StringUtils.stripTokenType(token);
- jlog.info("getting session status of token type '{}'", token.split(" ")[0]);
AuthenticationIface provider = getProvider(type , null);
if (provider == null)
// throw exception for missing type parameter
- throw new KustvaktException(StatusCodes.ILLEGAL_ARGUMENT, "token type not defined or found", "token_type");
+ throw new KustvaktException(StatusCodes.ILLEGAL_ARGUMENT,
+ "token type not defined or found", "token_type");
TokenContext context = provider.getTokenContext(token);
if (context != null && TimeUtils.isExpired(context.getExpirationTime()))
diff --git a/full/src/main/java/de/ids_mannheim/korap/authentication/framework/AuthorizationData.java b/full/src/main/java/de/ids_mannheim/korap/authentication/framework/AuthorizationData.java
new file mode 100644
index 0000000..8f310a6
--- /dev/null
+++ b/full/src/main/java/de/ids_mannheim/korap/authentication/framework/AuthorizationData.java
@@ -0,0 +1,14 @@
+package de.ids_mannheim.korap.authentication.framework;
+
+import de.ids_mannheim.korap.config.AuthenticationType;
+import lombok.Getter;
+import lombok.Setter;
+
+@Getter
+@Setter
+public class AuthorizationData {
+
+ private String token;
+ private AuthenticationType authenticationType;
+
+}
diff --git a/full/src/main/java/de/ids_mannheim/korap/authentication/framework/HttpAuthorizationHandler.java b/full/src/main/java/de/ids_mannheim/korap/authentication/framework/HttpAuthorizationHandler.java
new file mode 100644
index 0000000..b5851e3
--- /dev/null
+++ b/full/src/main/java/de/ids_mannheim/korap/authentication/framework/HttpAuthorizationHandler.java
@@ -0,0 +1,59 @@
+package de.ids_mannheim.korap.authentication.framework;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import com.sun.jersey.api.client.ClientResponse.Status;
+
+import de.ids_mannheim.korap.config.AuthenticationType;
+import de.ids_mannheim.korap.exceptions.KustvaktException;
+import de.ids_mannheim.korap.exceptions.StatusCodes;
+import de.ids_mannheim.korap.utils.ParameterChecker;
+
+/** Implementation of HTTP authentication scheme (see RFC 7253 and 7617)
+ * for client asking for authorization and sending user data.
+ *
+ * @author margaretha
+ *
+ */
+@Component
+public class HttpAuthorizationHandler {
+
+ @Autowired
+ private TransferEncoding transferEncoding;
+
+ public String createAuthorizationHeader (AuthenticationType type,
+ String username, String password) throws KustvaktException {
+ ParameterChecker.checkStringValue(username, "username");
+ ParameterChecker.checkStringValue(password, "password");
+
+ String credentials = transferEncoding.encodeBase64(username, password);
+ return type.displayName() + " " + credentials;
+ }
+
+ public AuthorizationData parseAuthorizationHeader (
+ String authorizationHeader) throws KustvaktException {
+ ParameterChecker.checkStringValue(authorizationHeader,
+ "authorization header");
+
+ String[] values = authorizationHeader.split(" ");
+ if (values.length != 2) {
+ throw new KustvaktException(StatusCodes.CLIENT_AUTHORIZATION_FAILED,
+ "Cannot parse authorization header value "
+ + authorizationHeader
+ + ". Use this format: [authentication "
+ + "scheme] [Base64-encoded token]",
+ authorizationHeader);
+ }
+
+ AuthorizationData data = new AuthorizationData();
+ data.setAuthenticationType(
+ AuthenticationType.valueOf(values[0].toUpperCase()));
+ data.setToken(values[1]);
+ return data;
+ }
+
+ public void parseToken (AuthorizationData data) throws KustvaktException {
+ String[] credentials = transferEncoding.decodeBase64(data.getToken());
+ }
+}
diff --git a/full/src/main/java/de/ids_mannheim/korap/authentication/framework/TransferEncoding.java b/full/src/main/java/de/ids_mannheim/korap/authentication/framework/TransferEncoding.java
new file mode 100644
index 0000000..70246d0
--- /dev/null
+++ b/full/src/main/java/de/ids_mannheim/korap/authentication/framework/TransferEncoding.java
@@ -0,0 +1,53 @@
+package de.ids_mannheim.korap.authentication.framework;
+
+import org.apache.commons.codec.binary.Base64;
+import org.springframework.stereotype.Component;
+
+import de.ids_mannheim.korap.exceptions.KustvaktException;
+import de.ids_mannheim.korap.utils.ParameterChecker;
+
+/** TransferEncoding contains encoding and decoding methods for data transfer,
+ * e.g. transfering credentials using basic Http authentication.
+ *
+ * @author margaretha
+ *
+ */
+@Component
+public class TransferEncoding {
+
+ /** Encodes username and password using Base64.
+ *
+ * @param username username
+ * @param password password
+ * @return
+ */
+ public String encodeBase64 (String username, String password) {
+ String s = username + ":" + password;
+ return new String(Base64.encodeBase64(s.getBytes()));
+ }
+
+ /** Decodes the given string using Base64.
+ *
+ * @param encodedStr
+ * @return username and password as an array of strings.
+ * @throws KustvaktException
+ */
+ public String[] decodeBase64 (String encodedStr)
+ throws KustvaktException {
+
+ ParameterChecker.checkStringValue(encodedStr, "encoded string");
+ String decodedStr = new String(Base64.decodeBase64(encodedStr));
+
+ if (decodedStr.contains(":") && decodedStr.split(":").length == 2) {
+ String[] strArr = decodedStr.split(":");
+ if ((strArr[0] != null && !strArr[0].isEmpty())
+ && (strArr[1] != null && !strArr[1].isEmpty())) {
+ return decodedStr.split(":");
+ }
+
+ }
+
+ throw new IllegalArgumentException(
+ "Unknown Base64 encoding format: " + decodedStr);
+ }
+}
diff --git a/full/src/main/java/de/ids_mannheim/korap/dao/UserDao.java b/full/src/main/java/de/ids_mannheim/korap/dao/UserDao.java
new file mode 100644
index 0000000..51ab9c1
--- /dev/null
+++ b/full/src/main/java/de/ids_mannheim/korap/dao/UserDao.java
@@ -0,0 +1,23 @@
+package de.ids_mannheim.korap.dao;
+
+import org.springframework.stereotype.Repository;
+
+import de.ids_mannheim.korap.user.KorAPUser;
+import de.ids_mannheim.korap.user.User;
+
+/** Dummy DAO for testing using basic authentication.
+ *
+ * @author margaretha
+ *
+ */
+@Repository
+public class UserDao {
+
+ public User getAccount (String username) {
+ User user = new KorAPUser();
+ user.setUsername(username);
+ return user;
+ }
+
+
+}
diff --git a/full/src/main/java/de/ids_mannheim/korap/handlers/AdminDao.java b/full/src/main/java/de/ids_mannheim/korap/handlers/AdminDao.java
index 7237afd..ef020f0 100644
--- a/full/src/main/java/de/ids_mannheim/korap/handlers/AdminDao.java
+++ b/full/src/main/java/de/ids_mannheim/korap/handlers/AdminDao.java
@@ -72,6 +72,7 @@
return 0;
}
+ // EM: FIX ME
@Override
public boolean isAdmin(int userId) {
Map<String, String> namedParameters = Collections.singletonMap(
diff --git a/full/src/main/java/de/ids_mannheim/korap/handlers/OAuthDb.java b/full/src/main/java/de/ids_mannheim/korap/handlers/OAuthDb.java
index ec9d036..816297d 100644
--- a/full/src/main/java/de/ids_mannheim/korap/handlers/OAuthDb.java
+++ b/full/src/main/java/de/ids_mannheim/korap/handlers/OAuthDb.java
@@ -275,7 +275,7 @@
jlog.error("registering client '{}' failed", info.getClient_id());
throw new DatabaseException(new KustvaktException(user.getId(),
StatusCodes.ILLEGAL_ARGUMENT, "arguments given not valid",
- info.toJSON()), StatusCodes.CLIENT_REGISTRATION_FAILURE,
+ info.toJSON()), StatusCodes.CLIENT_REGISTRATION_FAILED,
info.toJSON());
}
}
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/controller/AuthenticationController.java b/full/src/main/java/de/ids_mannheim/korap/web/controller/AuthenticationController.java
index bed0d5d..bc4f0c9 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/controller/AuthenticationController.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/controller/AuthenticationController.java
@@ -27,7 +27,9 @@
import com.sun.jersey.spi.container.ContainerRequest;
import com.sun.jersey.spi.container.ResourceFilters;
-import de.ids_mannheim.korap.authentication.BasicHttpAuth;
+import de.ids_mannheim.korap.authentication.framework.AuthorizationData;
+import de.ids_mannheim.korap.authentication.framework.HttpAuthorizationHandler;
+import de.ids_mannheim.korap.authentication.framework.TransferEncoding;
import de.ids_mannheim.korap.config.Attributes;
import de.ids_mannheim.korap.config.AuthenticationType;
import de.ids_mannheim.korap.config.BeansFactory;
@@ -58,8 +60,14 @@
public class AuthenticationController {
@Autowired
- KustvaktResponseHandler kustvaktResponseHandler;
+ private KustvaktResponseHandler kustvaktResponseHandler;
+
+ @Autowired
+ private HttpAuthorizationHandler authorizationHandler;
+ @Autowired
+ private TransferEncoding transferEncoding;
+
private static Boolean DEBUG_LOG = true;
//todo: bootstrap function to transmit certain default configuration settings and examples (example user queries,
@@ -138,14 +146,22 @@
"Authorization header is missing.",
"Authorization header"));
}
-
- String[] values = BasicHttpAuth.decode(auth.get(0));
+
+ String[] values;
+ try {
+ AuthorizationData authorizationData = authorizationHandler.
+ parseAuthorizationHeader(auth.get(0));
+ values = transferEncoding.decodeBase64(authorizationData.getToken());
+
+ }
+ catch (KustvaktException e) {
+ throw kustvaktResponseHandler.throwit(e);
+ }
if (DEBUG_LOG == true) {
System.out.printf("Debug: AuthService.requestAPIToken...:\n");
System.out.printf("Debug: auth.size=%d\n", auth.size());
System.out.printf("auth.get(0)='%s'\n", auth.get(0));
- System.out.printf("Debug: values.length=%d\n", values.length);
/* hide password etc. - FB
if( auth.size() > 0 )
{
@@ -168,13 +184,13 @@
while (it.hasNext()) {
String key = (String) it.next();
List<String> vals = headerMap.get(key);
- System.out.printf("Debug: requestAPIToken: '%s' = '%s'\n",
- key, vals);
+// System.out.printf("Debug: requestAPIToken: '%s' = '%s'\n",
+// key, vals);
}
}
- System.out.printf("Debug: requestAPIToken: isSecure = %s.\n",
- secCtx.isSecure() ? "yes" : "no");
+// System.out.printf("Debug: requestAPIToken: isSecure = %s.\n",
+// secCtx.isSecure() ? "yes" : "no");
} // DEBUG_LOG
// "Invalid syntax for username and password"
@@ -253,15 +269,22 @@
List<String> auth =
headers.getRequestHeader(ContainerRequest.AUTHORIZATION);
- String[] values = BasicHttpAuth.decode(auth.get(0));
+ String[] values;
+ try {
+ AuthorizationData authorizationData = authorizationHandler.
+ parseAuthorizationHeader(auth.get(0));
+ values = transferEncoding.decodeBase64(authorizationData.getToken());
+
+ }
+ catch (KustvaktException e) {
+ throw kustvaktResponseHandler.throwit(e);
+ }
// authentication = StringUtils.stripTokenType(authentication);
// String[] values = new String(
// DatatypeConverter.parseBase64Binary(authentication)).split(":");
// String[] values = Base64.base64Decode(authentication).split(":");
// "Invalid syntax for username and password"
- if (values == null)
- throw kustvaktResponseHandler.throwit(StatusCodes.BAD_CREDENTIALS);
// Implementation Hanl mit '|'. 16.02.17/FB
//if (values[0].equalsIgnoreCase("null")
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/filter/AdminFilter.java b/full/src/main/java/de/ids_mannheim/korap/web/filter/AdminFilter.java
index 16840f1..67ff04a 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/filter/AdminFilter.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/filter/AdminFilter.java
@@ -6,20 +6,22 @@
import javax.ws.rs.ext.Provider;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
import com.sun.jersey.spi.container.ContainerRequest;
import com.sun.jersey.spi.container.ContainerRequestFilter;
import com.sun.jersey.spi.container.ContainerResponseFilter;
import com.sun.jersey.spi.container.ResourceFilter;
-import de.ids_mannheim.korap.authentication.BasicHttpAuth;
+import de.ids_mannheim.korap.authentication.framework.AuthorizationData;
+import de.ids_mannheim.korap.authentication.framework.HttpAuthorizationHandler;
+import de.ids_mannheim.korap.authentication.framework.TransferEncoding;
import de.ids_mannheim.korap.config.Attributes;
import de.ids_mannheim.korap.config.AuthenticationType;
import de.ids_mannheim.korap.exceptions.KustvaktException;
import de.ids_mannheim.korap.interfaces.AuthenticationManagerIface;
import de.ids_mannheim.korap.user.TokenContext;
import de.ids_mannheim.korap.user.User;
-import de.ids_mannheim.korap.utils.StringUtils;
import de.ids_mannheim.korap.web.utils.KustvaktContext;
import de.ids_mannheim.korap.web.utils.KustvaktResponseHandler;
@@ -27,70 +29,76 @@
* @author hanl, margaretha
* @date 04/2017
*/
+@Component
@Provider
public class AdminFilter implements ContainerRequestFilter, ResourceFilter {
@Autowired
- private AuthenticationManagerIface authManager;
+ private AuthenticationManagerIface authManager;
+
+ @Autowired
+ private KustvaktResponseHandler kustvaktResponseHandler;
@Autowired
- KustvaktResponseHandler kustvaktResponseHandler;
+ private TransferEncoding transferEncoding;
+
+ @Autowired
+ private HttpAuthorizationHandler authorizationHandler;
+
+ @Override
+ public ContainerRequest filter (ContainerRequest cr) {
+ String authorization =
+ cr.getHeaderValue(ContainerRequest.AUTHORIZATION);
+
+ AuthorizationData data;
+ String[] userData;
+ try {
+ data = authorizationHandler.parseAuthorizationHeader(authorization);
+ userData = transferEncoding.decodeBase64(data.getToken());
+ }
+ catch (KustvaktException e) {
+ throw kustvaktResponseHandler.throwAuthenticationException(e);
+ }
+
+ String host = cr.getHeaderValue(ContainerRequest.HOST);
+ String agent = cr.getHeaderValue(ContainerRequest.USER_AGENT);
+ Map<String, Object> attributes = new HashMap<>();
+ attributes.put(Attributes.HOST, host);
+ attributes.put(Attributes.USER_AGENT, agent);
+ try {
+ // EM: fix me: AuthenticationType based on header value
+ User user = authManager.authenticate(data.getAuthenticationType(),
+ userData[0], userData[0], attributes);
+ if (!user.isAdmin()) {
+ throw kustvaktResponseHandler.throwAuthenticationException(
+ "Admin authentication failed.");
+ }
+ Map<String, Object> properties = cr.getProperties();
+ properties.put("user", user);
+ }
+ catch (KustvaktException e) {
+ throw kustvaktResponseHandler.throwAuthenticationException(e);
+ }
- @Override
- public ContainerRequest filter(ContainerRequest cr) {
- String authentication = cr.getHeaderValue(ContainerRequest.AUTHORIZATION);
- if (authentication == null) {
- throw kustvaktResponseHandler.throwAuthenticationException("The authorization header value is missing.");
- }
-
- // EM: fix me: authentication header format
- // decode password
- AuthenticationType authenticationType = AuthenticationType.valueOf(StringUtils.getTokenType(authentication));
- String authenticationCode = StringUtils.stripTokenType(authentication);
- String username = null, token = null;
- // String tokenType = 0;
-
- if (authenticationType.equals(AuthenticationType.DATABASE)) {
- String[] authContent = BasicHttpAuth.decode(authenticationCode);
- username = authContent[0];
- token = authContent[1];
- }
-
- String host = cr.getHeaderValue(ContainerRequest.HOST);
- String agent = cr.getHeaderValue(ContainerRequest.USER_AGENT);
- Map<String, Object> attributes = new HashMap<>();
- attributes.put(Attributes.HOST, host);
- attributes.put(Attributes.USER_AGENT, agent);
- try {
- // EM: fix me: AuthenticationType based on header value
- User user = authManager.authenticate(AuthenticationType.LDAP, username, token, attributes);
- if (!user.isAdmin()){
- throw kustvaktResponseHandler.throwAuthenticationException("Admin authentication failed.");
- }
- Map<String, Object> properties = cr.getProperties();
- properties.put("user", user);
- } catch (KustvaktException e) {
- throw kustvaktResponseHandler.throwAuthenticationException("User authentication failed.");
- }
+ TokenContext c = new TokenContext();
+ c.setUsername(userData[0]);
+ c.setAuthenticationType(data.getAuthenticationType());
+ // EM: is this secure? Is token context not sent outside Kustvakt?
+ c.setToken(data.getToken());
+ c.setHostAddress(host);
+ c.setUserAgent(agent);
+ cr.setSecurityContext(new KustvaktContext(c));
- TokenContext c = new TokenContext();
- c.setUsername(username);
- c.setAuthenticationType(authenticationType);
- c.setToken(token);
- c.setHostAddress(host);
- c.setUserAgent(agent);
- cr.setSecurityContext(new KustvaktContext(c));
+ return cr;
+ }
- return cr;
- }
+ @Override
+ public ContainerRequestFilter getRequestFilter () {
+ return this;
+ }
- @Override
- public ContainerRequestFilter getRequestFilter() {
- return this;
- }
-
- @Override
- public ContainerResponseFilter getResponseFilter() {
- return null;
- }
+ @Override
+ public ContainerResponseFilter getResponseFilter () {
+ return null;
+ }
}
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/filter/AuthenticationFilter.java b/full/src/main/java/de/ids_mannheim/korap/web/filter/AuthenticationFilter.java
index 5f92c1b..61f92e7 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/filter/AuthenticationFilter.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/filter/AuthenticationFilter.java
@@ -1,39 +1,45 @@
package de.ids_mannheim.korap.web.filter;
+import javax.ws.rs.ext.Provider;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
import com.sun.jersey.spi.container.ContainerRequest;
import com.sun.jersey.spi.container.ContainerRequestFilter;
import com.sun.jersey.spi.container.ContainerResponseFilter;
import com.sun.jersey.spi.container.ResourceFilter;
-import de.ids_mannheim.korap.config.BeansFactory;
+
+import de.ids_mannheim.korap.authentication.framework.AuthorizationData;
+import de.ids_mannheim.korap.authentication.framework.HttpAuthorizationHandler;
import de.ids_mannheim.korap.exceptions.KustvaktException;
import de.ids_mannheim.korap.interfaces.AuthenticationManagerIface;
import de.ids_mannheim.korap.user.TokenContext;
import de.ids_mannheim.korap.web.utils.KustvaktContext;
import de.ids_mannheim.korap.web.utils.KustvaktResponseHandler;
-import javax.ws.rs.ext.Provider;
-
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Component;
-
/**
* @author hanl
* @date 28/01/2014
*/
@Component
@Provider
-public class AuthenticationFilter implements ContainerRequestFilter, ResourceFilter {
+public class AuthenticationFilter
+ implements ContainerRequestFilter, ResourceFilter {
+
+ @Autowired
+ private HttpAuthorizationHandler authorizationHandler;
@Autowired
private AuthenticationManagerIface userController;
@Autowired
- KustvaktResponseHandler kustvaktResponseHandler;
+ private KustvaktResponseHandler kustvaktResponseHandler;
-// public AuthFilter () {
-// this.userController = BeansFactory.getKustvaktContext()
-// .getAuthenticationManager();
-// }
+ // public AuthFilter () {
+ // this.userController = BeansFactory.getKustvaktContext()
+ // .getAuthenticationManager();
+ // }
@Override
@@ -41,22 +47,27 @@
String host = request.getHeaderValue(ContainerRequest.HOST);
String ua = request.getHeaderValue(ContainerRequest.USER_AGENT);
- String authentication = request
- .getHeaderValue(ContainerRequest.AUTHORIZATION);
- if (authentication != null && !authentication.isEmpty()) {
+ String authorization =
+ request.getHeaderValue(ContainerRequest.AUTHORIZATION);
+
+
+ if (authorization != null && !authorization.isEmpty()) {
TokenContext context;
try {
- context = userController.getTokenStatus(authentication, host,
+ AuthorizationData data = authorizationHandler
+ .parseAuthorizationHeader(authorization);
+ context = userController.getTokenStatus(
+ data.getAuthenticationType(), data.getToken(), host,
ua);
}
catch (KustvaktException e) {
- throw kustvaktResponseHandler.throwAuthenticationException(authentication);
+ throw kustvaktResponseHandler
+ .throwAuthenticationException(authorization);
}
// fixme: give reason why access is not granted?
- if (context != null
- && context.isValid()
- && ((context.isSecureRequired() && request.isSecure()) | !context
- .isSecureRequired()))
+ if (context != null && context.isValid()
+ && ((context.isSecureRequired() && request.isSecure())
+ | !context.isSecureRequired()))
request.setSecurityContext(new KustvaktContext(context));
else
throw kustvaktResponseHandler.throwAuthenticationException("");
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/filter/DemoFilter.java b/full/src/main/java/de/ids_mannheim/korap/web/filter/DemoFilter.java
index ee6a24f..a30d589 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/filter/DemoFilter.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/filter/DemoFilter.java
@@ -1,19 +1,21 @@
package de.ids_mannheim.korap.web.filter;
+import javax.ws.rs.core.SecurityContext;
+import javax.ws.rs.ext.Provider;
+
+import org.springframework.beans.factory.annotation.Autowired;
+
import com.sun.jersey.spi.container.ContainerRequest;
import com.sun.jersey.spi.container.ContainerRequestFilter;
import com.sun.jersey.spi.container.ContainerResponseFilter;
import com.sun.jersey.spi.container.ResourceFilter;
-import de.ids_mannheim.korap.authentication.BasicHttpAuth;
-import de.ids_mannheim.korap.config.Attributes;
+import de.ids_mannheim.korap.authentication.framework.HttpAuthorizationHandler;
import de.ids_mannheim.korap.config.AuthenticationType;
+import de.ids_mannheim.korap.exceptions.KustvaktException;
import de.ids_mannheim.korap.user.TokenContext;
import de.ids_mannheim.korap.web.utils.KustvaktContext;
-import javax.ws.rs.core.SecurityContext;
-import javax.ws.rs.ext.Provider;
-
/**
* @author hanl
* @date 08/02/2016
@@ -21,6 +23,9 @@
@Provider
public class DemoFilter implements ContainerRequestFilter, ResourceFilter {
+ @Autowired
+ HttpAuthorizationHandler handler;
+
@Override
public ContainerRequest filter (ContainerRequest request) {
String authentication = request
@@ -39,7 +44,13 @@
private SecurityContext createContext () {
TokenContext context = new TokenContext();
- String token = BasicHttpAuth.encode("demo", "demo2015");
+ String token = null;
+ try {
+ token = handler.createAuthorizationHeader(AuthenticationType.BASIC,"demo", "demo2015");
+ }
+ catch (KustvaktException e) {
+ e.printStackTrace();
+ }
context.setToken(token);
context.setAuthenticationType(AuthenticationType.LDAP);
context.setUsername("demo");
diff --git a/full/src/main/resources/default-config.xml b/full/src/main/resources/default-config.xml
index 5fb4896..c81bff5 100644
--- a/full/src/main/resources/default-config.xml
+++ b/full/src/main/resources/default-config.xml
@@ -213,7 +213,7 @@
type="de.ids_mannheim.korap.interfaces.db.PersistenceClient" ref="kustvakt_db" />
</bean>
- <bean id="basic_auth" class="de.ids_mannheim.korap.authentication.BasicHttpAuth" />
+ <bean id="basic_auth" class="de.ids_mannheim.korap.authentication.BasicAuthentication" />
<bean id="session_auth"
diff --git a/full/src/test/java/de/ids_mannheim/korap/config/StringUtilsTest.java b/full/src/test/java/de/ids_mannheim/korap/config/StringUtilsTest.java
index aa213d2..aea4968 100644
--- a/full/src/test/java/de/ids_mannheim/korap/config/StringUtilsTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/config/StringUtilsTest.java
@@ -1,21 +1,25 @@
package de.ids_mannheim.korap.config;
-import de.ids_mannheim.korap.authentication.BasicHttpAuth;
-import de.ids_mannheim.korap.utils.StringUtils;
-import org.apache.commons.codec.binary.Base64;
-import org.junit.Test;
-
-import java.util.Arrays;
-
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertNull;
+
+import org.apache.commons.codec.binary.Base64;
+import org.junit.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import de.ids_mannheim.korap.authentication.BasicAuthentication;
+import de.ids_mannheim.korap.authentication.framework.AuthorizationData;
+import de.ids_mannheim.korap.authentication.framework.HttpAuthorizationHandler;
+import de.ids_mannheim.korap.authentication.framework.TransferEncoding;
+import de.ids_mannheim.korap.exceptions.KustvaktException;
+import de.ids_mannheim.korap.utils.StringUtils;
/**
* Created by hanl on 29.05.16.
*/
public class StringUtilsTest {
+
@Test
public void testTextIToDoc () {
String textSigle = "WPD_AAA.02439";
@@ -26,17 +30,19 @@
@Test
- public void testBasicHttpSplit() {
- String s1 = "basic " + new String(Base64.encodeBase64("test:testPass".getBytes()));
- String s2 = new String(Base64.encodeBase64("test:testPass".getBytes()));
- String[] f1 = BasicHttpAuth.decode(s1);
- String[] f2 = BasicHttpAuth.decode(s2);
- assertNotNull(f1);
- assertNotNull(f2);
- assertEquals("test", f1[0]);
- assertEquals("testPass", f1[1]);
- assertEquals("test", f2[0]);
- assertEquals("testPass", f2[1]);
+ public void testBasicHttpSplit () throws KustvaktException {
+ TransferEncoding transferEncoding = new TransferEncoding();
+ String s2 = new String(Base64.encodeBase64("test:testPass".getBytes()));
+ String[] f2 = transferEncoding.decodeBase64(s2);
+ assertEquals("test", f2[0]);
+ assertEquals("testPass", f2[1]);
+
+
+ HttpAuthorizationHandler handler = new HttpAuthorizationHandler();
+ String s1 = "basic "
+ + new String(Base64.encodeBase64("test:testPass".getBytes()));
+ AuthorizationData f1 = handler.parseAuthorizationHeader(s1);
+ assertEquals(s2, f1.getToken());
}
}
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/service/full/AuthServiceTest.java b/full/src/test/java/de/ids_mannheim/korap/web/service/full/AuthServiceTest.java
index a314d7f..1acf4c2 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/service/full/AuthServiceTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/service/full/AuthServiceTest.java
@@ -9,12 +9,15 @@
import org.junit.BeforeClass;
import org.junit.Ignore;
import org.junit.Test;
+import org.springframework.beans.factory.annotation.Autowired;
import com.fasterxml.jackson.databind.JsonNode;
import com.sun.jersey.api.client.ClientResponse;
-import de.ids_mannheim.korap.authentication.BasicHttpAuth;
+import de.ids_mannheim.korap.authentication.framework.HttpAuthorizationHandler;
+import de.ids_mannheim.korap.authentication.framework.TransferEncoding;
import de.ids_mannheim.korap.config.Attributes;
+import de.ids_mannheim.korap.config.AuthenticationType;
import de.ids_mannheim.korap.config.TestHelper;
import de.ids_mannheim.korap.exceptions.KustvaktException;
import de.ids_mannheim.korap.exceptions.StatusCodes;
@@ -31,8 +34,12 @@
@Ignore
public class AuthServiceTest extends FastJerseyTest {
+ @Autowired
+ HttpAuthorizationHandler handler;
+
private static String[] credentials;
-
+
+
@BeforeClass
public static void configure () throws Exception {
credentials = new String[2];
@@ -54,7 +61,8 @@
@Test
public void testSessionToken() throws KustvaktException {
- String auth = BasicHttpAuth.encode(credentials[0], credentials[1]);
+ String auth = handler.createAuthorizationHeader(AuthenticationType.SESSION,
+ credentials[0], credentials[1]);
ClientResponse response = resource().path("auth")
.path("sessionToken").header(Attributes.AUTHORIZATION, auth)
.get(ClientResponse.class);
@@ -90,7 +98,8 @@
@Test
public void testSessionTokenExpire() throws KustvaktException {
- String auth = BasicHttpAuth.encode(credentials[0], credentials[1]);
+ String auth = handler.createAuthorizationHeader(AuthenticationType.SESSION,
+ credentials[0], credentials[1]);
ClientResponse response = resource().path("auth")
.path("sessionToken").header(Attributes.AUTHORIZATION, auth)
.get(ClientResponse.class);
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/service/full/FilterTest.java b/full/src/test/java/de/ids_mannheim/korap/web/service/full/FilterTest.java
index ed1eec6..765deb8 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/service/full/FilterTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/service/full/FilterTest.java
@@ -1,18 +1,22 @@
package de.ids_mannheim.korap.web.service.full;
-import com.sun.jersey.api.client.ClientResponse;
-import de.ids_mannheim.korap.config.TestHelper;
-import de.ids_mannheim.korap.exceptions.KustvaktException;
-import de.ids_mannheim.korap.authentication.BasicHttpAuth;
-import de.ids_mannheim.korap.config.Attributes;
-import de.ids_mannheim.korap.web.service.FastJerseyTest;
+import static org.junit.Assert.assertEquals;
+
import org.eclipse.jetty.server.Response;
-import org.junit.Assert;
-import org.junit.BeforeClass;
import org.junit.Ignore;
import org.junit.Test;
+import org.springframework.beans.factory.annotation.Autowired;
-import static org.junit.Assert.assertEquals;
+import com.sun.jersey.api.client.ClientHandlerException;
+import com.sun.jersey.api.client.ClientResponse;
+import com.sun.jersey.api.client.UniformInterfaceException;
+
+import de.ids_mannheim.korap.authentication.framework.HttpAuthorizationHandler;
+import de.ids_mannheim.korap.config.Attributes;
+import de.ids_mannheim.korap.config.AuthenticationType;
+import de.ids_mannheim.korap.config.TestHelper;
+import de.ids_mannheim.korap.exceptions.KustvaktException;
+import de.ids_mannheim.korap.web.service.FastJerseyTest;
/** EM: fix tests. new DB does not save users.
* @author hanl
@@ -21,13 +25,19 @@
@Ignore
public class FilterTest extends FastJerseyTest {
+ @Autowired
+ HttpAuthorizationHandler handler;
+
+
@Test
- public void testTestUserAuth () {
+ public void testTestUserAuth () throws UniformInterfaceException, ClientHandlerException,
+ KustvaktException {
+
ClientResponse resp = resource()
.path("user/info")
.header(Attributes.AUTHORIZATION,
- BasicHttpAuth.encode(
+ handler.createAuthorizationHeader(AuthenticationType.BASIC,
(String) TestHelper.getUserCredentials().get(Attributes.USERNAME),
(String) TestHelper.getUserCredentials().get(Attributes.PASSWORD)))
.get(ClientResponse.class);
@@ -45,12 +55,14 @@
@Test
- public void testUnauthorizedAuth () {
+ public void testUnauthorizedAuth () throws UniformInterfaceException,
+ ClientHandlerException, KustvaktException {
+
ClientResponse resp = resource()
-
.path("user/info")
.header(Attributes.AUTHORIZATION,
- BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+ handler.createAuthorizationHeader(AuthenticationType.BASIC,
+ "kustvakt", "kustvakt2015"))
.get(ClientResponse.class);
String entity = resp.getEntity(String.class);
System.out.println(entity);
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/service/full/KustvaktServerTest.java b/full/src/test/java/de/ids_mannheim/korap/web/service/full/KustvaktServerTest.java
index a265cfa..31248d8 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/service/full/KustvaktServerTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/service/full/KustvaktServerTest.java
@@ -27,14 +27,17 @@
import org.junit.Assert;
import org.junit.Ignore;
import org.junit.Test;
+import org.springframework.beans.factory.annotation.Autowired;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.sun.jersey.api.client.ClientResponse;
import com.sun.jersey.core.util.MultivaluedMapImpl;
-import de.ids_mannheim.korap.authentication.BasicHttpAuth;
+import de.ids_mannheim.korap.authentication.framework.HttpAuthorizationHandler;
+import de.ids_mannheim.korap.authentication.framework.TransferEncoding;
import de.ids_mannheim.korap.config.Attributes;
+import de.ids_mannheim.korap.config.AuthenticationType;
import de.ids_mannheim.korap.config.BeanConfigTest;
import de.ids_mannheim.korap.exceptions.KustvaktException;
import de.ids_mannheim.korap.handlers.ResourceDao;
@@ -60,6 +63,8 @@
@Deprecated
public class KustvaktServerTest extends BeanConfigTest {
private static ObjectMapper mapper = new ObjectMapper();
+ @Autowired
+ private HttpAuthorizationHandler handler;
@Test
@@ -170,7 +175,7 @@
@Test
- public void testCreatePolicy () throws IOException, URISyntaxException {
+ public void testCreatePolicy () throws IOException, URISyntaxException, KustvaktException {
HttpClient httpClient = HttpClients.createDefault();
@@ -189,7 +194,7 @@
HttpPost httppost = new HttpPost(uri);
httppost.addHeader(Attributes.AUTHORIZATION,
- BasicHttpAuth.encode("kustvakt", "kustvakt2015"));
+ handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"));
HttpResponse response = httpClient.execute(httppost);
assertEquals(ClientResponse.Status.OK.getStatusCode(),
response.getStatusLine().getStatusCode());
@@ -199,7 +204,7 @@
@Test
public void testCreatePolicyForFoundry ()
- throws IOException, URISyntaxException {
+ throws IOException, URISyntaxException, KustvaktException {
HttpClient httpClient = HttpClients.createDefault();
@@ -219,7 +224,7 @@
HttpPost httppost = new HttpPost(uri);
httppost.addHeader(Attributes.AUTHORIZATION,
- BasicHttpAuth.encode("kustvakt", "kustvakt2015"));
+ handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"));
HttpResponse response = httpClient.execute(httppost);
assertEquals(ClientResponse.Status.OK.getStatusCode(),
response.getStatusLine().getStatusCode());
@@ -229,7 +234,7 @@
@Test
public void testCreatePolicyWithMultiplePermissions ()
- throws IOException, URISyntaxException {
+ throws IOException, URISyntaxException, KustvaktException {
HttpClient httpClient = HttpClients.createDefault();
@@ -250,7 +255,7 @@
HttpPost httppost = new HttpPost(uri);
httppost.addHeader(Attributes.AUTHORIZATION,
- BasicHttpAuth.encode("kustvakt", "kustvakt2015"));
+ handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"));
HttpResponse response = httpClient.execute(httppost);
assertEquals(ClientResponse.Status.OK.getStatusCode(),
response.getStatusLine().getStatusCode());
@@ -260,7 +265,7 @@
@Test
public void testWrongAuthorization ()
- throws IOException, URISyntaxException {
+ throws IOException, URISyntaxException, KustvaktException {
HttpResponse response = testResourceStore("wezrowerowj");
assertEquals(ClientResponse.Status.UNAUTHORIZED.getStatusCode(),
response.getStatusLine().getStatusCode());
@@ -297,7 +302,7 @@
public HttpResponse testResourceStore (String password)
- throws IOException, URISyntaxException {
+ throws IOException, URISyntaxException, KustvaktException {
HttpClient httpclient = HttpClients.createDefault();
URIBuilder builder = new URIBuilder();
@@ -309,14 +314,14 @@
URI uri = builder.build();
HttpPost httppost = new HttpPost(uri);
httppost.addHeader(Attributes.AUTHORIZATION,
- BasicHttpAuth.encode("kustvakt", password));
+ handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", password));
return httpclient.execute(httppost);
}
@Test
public void testResourceUpdate ()
- throws IOException, URISyntaxException {
+ throws IOException, URISyntaxException, KustvaktException {
HttpClient httpclient = HttpClients.createDefault();
URIBuilder builder = new URIBuilder();
@@ -328,7 +333,7 @@
URI uri = builder.build();
HttpPost httppost = new HttpPost(uri);
httppost.addHeader(Attributes.AUTHORIZATION,
- BasicHttpAuth.encode("kustvakt", "kustvakt2015"));
+ handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"));
HttpResponse response = httpclient.execute(httppost);
assertEquals(ClientResponse.Status.OK.getStatusCode(),
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/service/full/MatchInfoServiceTest.java b/full/src/test/java/de/ids_mannheim/korap/web/service/full/MatchInfoServiceTest.java
index 66f38fb..28318cf 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/service/full/MatchInfoServiceTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/service/full/MatchInfoServiceTest.java
@@ -6,18 +6,23 @@
import org.eclipse.jetty.http.HttpHeaders;
import org.junit.Test;
+import org.springframework.beans.factory.annotation.Autowired;
import com.fasterxml.jackson.databind.JsonNode;
import com.sun.jersey.api.client.ClientResponse;
-import de.ids_mannheim.korap.authentication.BasicHttpAuth;
+import de.ids_mannheim.korap.authentication.framework.HttpAuthorizationHandler;
import de.ids_mannheim.korap.config.Attributes;
+import de.ids_mannheim.korap.config.AuthenticationType;
import de.ids_mannheim.korap.exceptions.KustvaktException;
import de.ids_mannheim.korap.utils.JsonUtils;
import de.ids_mannheim.korap.web.service.FastJerseyTest;
public class MatchInfoServiceTest extends FastJerseyTest {
+ @Autowired
+ HttpAuthorizationHandler handler;
+
@Test
public void testGetMatchInfoPublicCorpus () throws KustvaktException {
@@ -72,7 +77,8 @@
.path("p36875-36876").path("matchInfo")
.queryParam("foundry", "*")
.header(Attributes.AUTHORIZATION,
- BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+ handler.createAuthorizationHeader(
+ AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
.header(HttpHeaders.X_FORWARDED_FOR, "172.27.0.32")
.get(ClientResponse.class);
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/service/full/OAuth2EndpointTest.java b/full/src/test/java/de/ids_mannheim/korap/web/service/full/OAuth2EndpointTest.java
index d4c8aa1..18bae77 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/service/full/OAuth2EndpointTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/service/full/OAuth2EndpointTest.java
@@ -6,14 +6,17 @@
import org.junit.Ignore;
import org.junit.Test;
+import org.springframework.beans.factory.annotation.Autowired;
import com.fasterxml.jackson.databind.JsonNode;
import com.sun.jersey.api.client.ClientHandlerException;
import com.sun.jersey.api.client.ClientResponse;
import com.sun.jersey.api.client.UniformInterfaceException;
-import de.ids_mannheim.korap.authentication.BasicHttpAuth;
+import de.ids_mannheim.korap.authentication.framework.HttpAuthorizationHandler;
+import de.ids_mannheim.korap.authentication.framework.TransferEncoding;
import de.ids_mannheim.korap.config.Attributes;
+import de.ids_mannheim.korap.config.AuthenticationType;
import de.ids_mannheim.korap.config.TestHelper;
import de.ids_mannheim.korap.exceptions.KustvaktException;
import de.ids_mannheim.korap.utils.JsonUtils;
@@ -26,7 +29,9 @@
@Ignore
// todo: in combination with other tests, causes failures!
public class OAuth2EndpointTest extends FastJerseyTest {
-
+ @Autowired
+ HttpAuthorizationHandler handler;
+
@Override
public void initMethod () throws KustvaktException {
// helper().setupAccount();
@@ -35,7 +40,8 @@
@Test
public void testAuthorizeClient () throws ClientHandlerException, UniformInterfaceException, KustvaktException {
- String auth = BasicHttpAuth.encode(helper().getUser().getUsername(),
+ String auth = handler.createAuthorizationHeader(
+ AuthenticationType.OAUTH2, helper().getUser().getUsername(),
(String) TestHelper.getUserCredentials().get(Attributes.PASSWORD));
ClientResponse response = resource().path(getAPIVersion()).path("oauth2")
.path("register")
@@ -72,7 +78,8 @@
@Ignore
public void authenticate () throws KustvaktException {
Map<String, Object> cred = TestHelper.getUserCredentials();
- String enc = BasicHttpAuth.encode((String) cred.get(Attributes.USERNAME), (String) cred.get(Attributes.PASSWORD));
+ String enc = handler.createAuthorizationHeader(AuthenticationType.OAUTH2,
+ (String) cred.get(Attributes.USERNAME), (String) cred.get(Attributes.PASSWORD));
ClientResponse response = resource().path(getAPIVersion()).path("oauth2")
.path("register")
.queryParam("redirect_url", "korap.ids-mannheim.de/redirect")
@@ -94,7 +101,7 @@
.queryParam("response_type", "code")
.queryParam("redirect_uri", "korap.ids-mannheim.de/redirect")
// .header(Attributes.AUTHORIZATION, enc)
- .header("Content-Type", "application/x-www-form-urlencoded")
+ .header("Content-Type", "application/x-www-form-urlencodeBase64d")
.post(ClientResponse.class);
e = response.getEntity(String.class);
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/service/full/PolicyServiceTest.java b/full/src/test/java/de/ids_mannheim/korap/web/service/full/PolicyServiceTest.java
index 7bc7910..58affbf 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/service/full/PolicyServiceTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/service/full/PolicyServiceTest.java
@@ -6,14 +6,15 @@
import java.util.List;
import java.util.UUID;
-import org.junit.BeforeClass;
import org.junit.Ignore;
import org.junit.Test;
+import org.springframework.beans.factory.annotation.Autowired;
import com.sun.jersey.api.client.ClientResponse;
-import de.ids_mannheim.korap.authentication.BasicHttpAuth;
+import de.ids_mannheim.korap.authentication.framework.HttpAuthorizationHandler;
import de.ids_mannheim.korap.config.Attributes;
+import de.ids_mannheim.korap.config.AuthenticationType;
import de.ids_mannheim.korap.exceptions.KustvaktException;
import de.ids_mannheim.korap.interfaces.db.PolicyHandlerIface;
import de.ids_mannheim.korap.interfaces.db.ResourceOperationIface;
@@ -35,6 +36,9 @@
@Ignore
public class PolicyServiceTest extends FastJerseyTest {
+ @Autowired
+ HttpAuthorizationHandler handler;
+
private User user = UserFactory.getDemoUser();
@@ -51,7 +55,7 @@
.queryParam("perm", Permission.READ.name())
.queryParam("expire", "")
.header(Attributes.AUTHORIZATION,
- BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+ handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
.post(ClientResponse.class);
assertEquals(ClientResponse.Status.OK.getStatusCode(),
@@ -95,7 +99,7 @@
.queryParam("loc", "255.255.255.0")
.queryParam("expire", "30D")
.header(Attributes.AUTHORIZATION,
- BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+ handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
.post(ClientResponse.class);
assertEquals(ClientResponse.Status.OK.getStatusCode(),
@@ -133,7 +137,7 @@
.queryParam("perm", Permission.DELETE.name())
.queryParam("expire", "30D")
.header(Attributes.AUTHORIZATION,
- BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+ handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
.post(ClientResponse.class);
assertEquals(ClientResponse.Status.OK.getStatusCode(),
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/service/full/QuerySerializationServiceTest.java b/full/src/test/java/de/ids_mannheim/korap/web/service/full/QuerySerializationServiceTest.java
index e12c483..77bad19 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/service/full/QuerySerializationServiceTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/service/full/QuerySerializationServiceTest.java
@@ -12,15 +12,16 @@
import java.util.Iterator;
-import org.junit.BeforeClass;
import org.junit.Ignore;
import org.junit.Test;
+import org.springframework.beans.factory.annotation.Autowired;
import com.fasterxml.jackson.databind.JsonNode;
import com.sun.jersey.api.client.ClientResponse;
-import de.ids_mannheim.korap.authentication.BasicHttpAuth;
+import de.ids_mannheim.korap.authentication.framework.HttpAuthorizationHandler;
import de.ids_mannheim.korap.config.Attributes;
+import de.ids_mannheim.korap.config.AuthenticationType;
import de.ids_mannheim.korap.exceptions.KustvaktException;
import de.ids_mannheim.korap.utils.JsonUtils;
import de.ids_mannheim.korap.web.service.FastJerseyTest;
@@ -30,6 +31,9 @@
@Ignore
public class QuerySerializationServiceTest extends FastJerseyTest {
+ @Autowired
+ HttpAuthorizationHandler handler;
+
@Override
public void initMethod () throws KustvaktException {
// helper().runBootInterfaces();
@@ -95,7 +99,7 @@
.path("corpus/BRZ10/query").queryParam("q", "[orth=der]")
.queryParam("ql", "poliqarp")
.header(Attributes.AUTHORIZATION,
- BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+ handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
.method("GET", ClientResponse.class);
assertEquals(ClientResponse.Status.OK.getStatusCode(),
response.getStatus());
@@ -119,7 +123,7 @@
.queryParam("name", "Weimarer Werke")
.queryParam("description", "Goethe-Werke in Weimar (seit 1775)")
.header(Attributes.AUTHORIZATION,
- BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+ handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
.post(ClientResponse.class);
assertEquals(ClientResponse.Status.OK.getStatusCode(),
@@ -136,7 +140,7 @@
.path("collection")
.header(Attributes.AUTHORIZATION,
- BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+ handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
.get(ClientResponse.class);
assertEquals(ClientResponse.Status.OK.getStatusCode(),
response.getStatus());
@@ -161,7 +165,7 @@
.queryParam("q", "[orth=der]").queryParam("ql", "poliqarp")
.queryParam("context", "base/s:s")
.header(Attributes.AUTHORIZATION,
- BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+ handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
.method("GET", ClientResponse.class);
assertEquals(ClientResponse.Status.OK.getStatusCode(),
response.getStatus());
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/service/full/ResourceInfoServiceTest.java b/full/src/test/java/de/ids_mannheim/korap/web/service/full/ResourceInfoServiceTest.java
index 0209107..b357adb 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/service/full/ResourceInfoServiceTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/service/full/ResourceInfoServiceTest.java
@@ -5,15 +5,16 @@
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
-import org.junit.BeforeClass;
import org.junit.Ignore;
import org.junit.Test;
+import org.springframework.beans.factory.annotation.Autowired;
import com.fasterxml.jackson.databind.JsonNode;
import com.sun.jersey.api.client.ClientResponse;
-import de.ids_mannheim.korap.authentication.BasicHttpAuth;
+import de.ids_mannheim.korap.authentication.framework.HttpAuthorizationHandler;
import de.ids_mannheim.korap.config.Attributes;
+import de.ids_mannheim.korap.config.AuthenticationType;
import de.ids_mannheim.korap.exceptions.KustvaktException;
import de.ids_mannheim.korap.utils.JsonUtils;
import de.ids_mannheim.korap.web.service.FastJerseyTest;
@@ -25,6 +26,9 @@
@Ignore
public class ResourceInfoServiceTest extends FastJerseyTest {
+ @Autowired
+ HttpAuthorizationHandler handler;
+
@Override
public void initMethod () throws KustvaktException {
// helper().runBootInterfaces();
@@ -48,7 +52,7 @@
ClientResponse response = resource().path(getAPIVersion())
.path("collection")
.header(Attributes.AUTHORIZATION,
- BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+ handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
.get(ClientResponse.class);
assertEquals(ClientResponse.Status.OK.getStatusCode(),
response.getStatus());
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/service/full/ResourceServiceTest.java b/full/src/test/java/de/ids_mannheim/korap/web/service/full/ResourceServiceTest.java
index 8759b33..238e7ba 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/service/full/ResourceServiceTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/service/full/ResourceServiceTest.java
@@ -9,16 +9,17 @@
import org.apache.http.HttpStatus;
import org.junit.Assert;
-import org.junit.BeforeClass;
import org.junit.Ignore;
import org.junit.Test;
+import org.springframework.beans.factory.annotation.Autowired;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.JsonNode;
import com.sun.jersey.api.client.ClientResponse;
-import de.ids_mannheim.korap.authentication.BasicHttpAuth;
+import de.ids_mannheim.korap.authentication.framework.HttpAuthorizationHandler;
import de.ids_mannheim.korap.config.Attributes;
+import de.ids_mannheim.korap.config.AuthenticationType;
import de.ids_mannheim.korap.exceptions.KustvaktException;
import de.ids_mannheim.korap.handlers.ResourceDao;
import de.ids_mannheim.korap.resources.KustvaktResource;
@@ -35,7 +36,9 @@
@Deprecated
public class ResourceServiceTest extends FastJerseyTest {
-
+ @Autowired
+ HttpAuthorizationHandler handler;
+
// create a simple test collection for user kustvakt, otherwise test fails
@Test
@Ignore
@@ -43,7 +46,7 @@
ClientResponse response = resource().path(getAPIVersion())
.path("collection")
.header(Attributes.AUTHORIZATION,
- BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+ handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
.get(ClientResponse.class);
assertEquals(ClientResponse.Status.OK.getStatusCode(),
response.getStatus());
@@ -56,7 +59,7 @@
response = resource().path(getAPIVersion()).path("collection").path(id)
.path("stats")
.header(Attributes.AUTHORIZATION,
- BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+ handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
.get(ClientResponse.class);
assertEquals(ClientResponse.Status.OK.getStatusCode(),
@@ -76,7 +79,7 @@
.path("virtualcollection").path("GOE-VC") // persistent id
.queryParam("name", "Goethe collection")
.header(Attributes.AUTHORIZATION,
- BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+ handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
.post(ClientResponse.class);
assertEquals(ClientResponse.Status.OK.getStatusCode(),
@@ -101,7 +104,7 @@
.path("corpus").path("GOE") // persistent id
.queryParam("name", "Goethe corpus")
.header(Attributes.AUTHORIZATION,
- BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+ handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
.post(ClientResponse.class);
assertEquals(ClientResponse.Status.OK.getStatusCode(),
@@ -124,7 +127,7 @@
.path("foundry").path("malt") // persistent id
.queryParam("name", "malt parser")
.header(Attributes.AUTHORIZATION,
- BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+ handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
.post(ClientResponse.class);
assertEquals(ClientResponse.Status.OK.getStatusCode(),
@@ -146,7 +149,7 @@
ClientResponse response = resource().path(getAPIVersion()).path("layer")
.path("mate/d").queryParam("name", "Mate dependency")
.header(Attributes.AUTHORIZATION,
- BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+ handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
.post(ClientResponse.class);
assertEquals(ClientResponse.Status.OK.getStatusCode(),
@@ -169,7 +172,7 @@
.path("corpus").path("GOEC") // persistent id
.queryParam("name", "Goethe corpus")
.header(Attributes.AUTHORIZATION,
- BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+ handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
.post(ClientResponse.class);
assertEquals(ClientResponse.Status.BAD_REQUEST.getStatusCode(),
@@ -205,7 +208,7 @@
.queryParam("name", "Brown")
.queryParam("description", "Brown corpus")
.header(Attributes.AUTHORIZATION,
- BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+ handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
.post(ClientResponse.class);
assertEquals(ClientResponse.Status.OK.getStatusCode(),
@@ -239,7 +242,7 @@
.queryParam("name", "Brown")
.queryParam("description", "Brown corpus")
.header(Attributes.AUTHORIZATION,
- BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+ handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
.post(ClientResponse.class);
assertEquals(ClientResponse.Status.BAD_REQUEST.getStatusCode(),
@@ -264,7 +267,7 @@
.queryParam("query", "author ~ Asdert")
.queryParam("description", "Wikipedia subcorpus from Asdert")
.header(Attributes.AUTHORIZATION,
- BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+ handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
.post(ClientResponse.class);
assertEquals(ClientResponse.Status.OK.getStatusCode(),
@@ -300,7 +303,7 @@
.queryParam("name", "Goethe")
.queryParam("description", "Goethe corpus")
.header(Attributes.AUTHORIZATION,
- BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+ handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
.post(ClientResponse.class);
assertEquals(ClientResponse.Status.OK.getStatusCode(),
@@ -330,7 +333,7 @@
response = resource().path(getAPIVersion()).path("virtualcollection")
.path(id).queryParam("name", "Goethe")
.header(Attributes.AUTHORIZATION,
- BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+ handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
.post(ClientResponse.class);
assertEquals(HttpStatus.SC_BAD_REQUEST, response.getStatus());
@@ -343,7 +346,7 @@
response = resource().path(getAPIVersion()).path("virtualcollection")
.path(id).queryParam("name", "Goethe collection")
.header(Attributes.AUTHORIZATION,
- BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+ handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
.post(ClientResponse.class);
assertEquals(ClientResponse.Status.OK.getStatusCode(),
@@ -358,7 +361,7 @@
response = resource().path(getAPIVersion()).path("virtualcollection")
.path(id)
.header(Attributes.AUTHORIZATION,
- BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+ handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
.delete(ClientResponse.class);
assertEquals(ClientResponse.Status.OK.getStatusCode(),
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/service/full/SearchServiceTest.java b/full/src/test/java/de/ids_mannheim/korap/web/service/full/SearchServiceTest.java
index 380a316..ba2fb3c 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/service/full/SearchServiceTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/service/full/SearchServiceTest.java
@@ -11,15 +11,16 @@
import javax.ws.rs.core.MediaType;
import org.eclipse.jetty.http.HttpHeaders;
-import org.junit.BeforeClass;
import org.junit.Ignore;
import org.junit.Test;
+import org.springframework.beans.factory.annotation.Autowired;
import com.fasterxml.jackson.databind.JsonNode;
import com.sun.jersey.api.client.ClientResponse;
-import de.ids_mannheim.korap.authentication.BasicHttpAuth;
+import de.ids_mannheim.korap.authentication.framework.HttpAuthorizationHandler;
import de.ids_mannheim.korap.config.Attributes;
+import de.ids_mannheim.korap.config.AuthenticationType;
import de.ids_mannheim.korap.config.ContextHolder;
import de.ids_mannheim.korap.exceptions.KustvaktException;
import de.ids_mannheim.korap.interfaces.db.EntityHandlerIface;
@@ -37,6 +38,9 @@
*/
public class SearchServiceTest extends FastJerseyTest {
+ @Autowired
+ HttpAuthorizationHandler handler;
+
@Override
public void initMethod () throws KustvaktException {
// helper().runBootInterfaces();
@@ -139,7 +143,7 @@
.path("search").queryParam("q", "[orth=die]")
.queryParam("ql", "poliqarp")
.header(Attributes.AUTHORIZATION,
- BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+ handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
.header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
.get(ClientResponse.class);
assertEquals(ClientResponse.Status.OK.getStatusCode(),
@@ -165,7 +169,7 @@
.path("search").queryParam("q", "[orth=die]")
.queryParam("ql", "poliqarp")
.header(Attributes.AUTHORIZATION,
- BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+ handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
.header(HttpHeaders.X_FORWARDED_FOR, "172.27.0.32")
.get(ClientResponse.class);
assertEquals(ClientResponse.Status.OK.getStatusCode(),
@@ -197,7 +201,7 @@
.queryParam("ql", "poliqarp")
.queryParam("cq", "textClass=politik & corpusSigle=BRZ10")
.header(Attributes.AUTHORIZATION,
- BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+ handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
.get(ClientResponse.class);
assertEquals(ClientResponse.Status.OK.getStatusCode(),
response.getStatus());
@@ -226,7 +230,7 @@
.path("search").queryParam("q", "[orth=die]")
.queryParam("ql", "poliqarp")
.header(Attributes.AUTHORIZATION,
- BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+ handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
.get(ClientResponse.class);
assertEquals(ClientResponse.Status.OK.getStatusCode(),
response.getStatus());
@@ -360,7 +364,7 @@
.path("corpus").path("GOE").path("search")
.queryParam("q", "[orth=das]").queryParam("ql", "poliqarp")
.header(Attributes.AUTHORIZATION,
- BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+ handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
.get(ClientResponse.class);
assertEquals(ClientResponse.Status.OK.getStatusCode(),
response.getStatus());
@@ -402,7 +406,7 @@
.path("corpus").path(id).path("search")
.queryParam("q", "[orth=das]").queryParam("ql", "poliqarp")
.header(Attributes.AUTHORIZATION,
- BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+ handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
.get(ClientResponse.class);
assertEquals(ClientResponse.Status.OK.getStatusCode(),
response.getStatus());
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/service/full/SearchWithAvailabilityTest.java b/full/src/test/java/de/ids_mannheim/korap/web/service/full/SearchWithAvailabilityTest.java
index 8837d18..7328064 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/service/full/SearchWithAvailabilityTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/service/full/SearchWithAvailabilityTest.java
@@ -5,18 +5,24 @@
import org.eclipse.jetty.http.HttpHeaders;
import org.junit.Test;
+import org.springframework.beans.factory.annotation.Autowired;
import com.fasterxml.jackson.databind.JsonNode;
+import com.sun.jersey.api.client.ClientHandlerException;
import com.sun.jersey.api.client.ClientResponse;
+import com.sun.jersey.api.client.UniformInterfaceException;
-import de.ids_mannheim.korap.authentication.BasicHttpAuth;
+import de.ids_mannheim.korap.authentication.framework.HttpAuthorizationHandler;
import de.ids_mannheim.korap.config.Attributes;
+import de.ids_mannheim.korap.config.AuthenticationType;
import de.ids_mannheim.korap.exceptions.KustvaktException;
import de.ids_mannheim.korap.utils.JsonUtils;
import de.ids_mannheim.korap.web.service.FastJerseyTest;
public class SearchWithAvailabilityTest extends FastJerseyTest {
-
+ @Autowired
+ HttpAuthorizationHandler handler;
+
@Override
public void initMethod () throws KustvaktException {
// helper().runBootInterfaces();
@@ -149,11 +155,11 @@
private ClientResponse builtClientResponseWithIP (String collectionQuery,
- String ip) {
+ String ip) throws UniformInterfaceException, ClientHandlerException, KustvaktException {
return resource().path("search").queryParam("q", "[orth=das]")
.queryParam("ql", "poliqarp").queryParam("cq", collectionQuery)
.header(Attributes.AUTHORIZATION,
- BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+ handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
.header(HttpHeaders.X_FORWARDED_FOR, ip)
.get(ClientResponse.class);
}
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/service/full/UserServiceTest.java b/full/src/test/java/de/ids_mannheim/korap/web/service/full/UserServiceTest.java
index 733f60d..2c1d3fe 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/service/full/UserServiceTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/service/full/UserServiceTest.java
@@ -18,14 +18,16 @@
import org.junit.BeforeClass;
import org.junit.Ignore;
import org.junit.Test;
+import org.springframework.beans.factory.annotation.Autowired;
import com.fasterxml.jackson.databind.JsonNode;
import com.nimbusds.jwt.SignedJWT;
import com.sun.jersey.api.client.ClientResponse;
import com.sun.jersey.core.util.MultivaluedMapImpl;
-import de.ids_mannheim.korap.authentication.BasicHttpAuth;
+import de.ids_mannheim.korap.authentication.framework.HttpAuthorizationHandler;
import de.ids_mannheim.korap.config.Attributes;
+import de.ids_mannheim.korap.config.AuthenticationType;
import de.ids_mannheim.korap.config.BeansFactory;
import de.ids_mannheim.korap.config.JWTSigner;
import de.ids_mannheim.korap.config.TestHelper;
@@ -45,6 +47,9 @@
@Ignore
public class UserServiceTest extends FastJerseyTest {
+ @Autowired
+ HttpAuthorizationHandler handler;
+
private static String[] credentials;
@Override
@@ -79,7 +84,7 @@
// map.putSingle("address", "Mannheim");
- String enc = BasicHttpAuth.encode("testuser", "testPassword1234");
+ String enc = handler.createAuthorizationHeader(AuthenticationType.BASIC,"testuser", "testPassword1234");
response = resource().path("user").path("info")
.header("Content-Type", MediaType.APPLICATION_JSON).header(Attributes.AUTHORIZATION, enc)
.get(ClientResponse.class);
@@ -89,7 +94,7 @@
// test if user locked and what error message you get back
@Test
- public void testregisterWithoutConfirm() {
+ public void testregisterWithoutConfirm() throws KustvaktException {
MultivaluedMap map = new MultivaluedMapImpl();
map.putSingle("username", "testuser2");
map.putSingle("email", "hanl@ids-mannheim.de");
@@ -104,7 +109,7 @@
// run login/ status --> exception or information about locked account
// should appear
- String enc = BasicHttpAuth.encode("testuser2", "testPassword1234");
+ String enc = handler.createAuthorizationHeader(AuthenticationType.BASIC,"testuser2", "testPassword1234");
response = resource().path("user").path("info").header(Attributes.AUTHORIZATION, enc)
.get(ClientResponse.class);
assertEquals(ClientResponse.Status.OK.getStatusCode(), response.getStatus());
@@ -137,15 +142,15 @@
response = resource().uri(URI.create(conf_uri)).get(ClientResponse.class);
assertEquals(ClientResponse.Status.OK.getStatusCode(), response.getStatus());
- String enc = BasicHttpAuth.encode("testuser", "testPassword1234");
+ String enc = handler.createAuthorizationHeader(AuthenticationType.BASIC,"testuser", "testPassword1234");
response = resource().path("user").path("info").header(Attributes.AUTHORIZATION, enc)
.get(ClientResponse.class);
assertEquals(ClientResponse.Status.OK.getStatusCode(), response.getStatus());
}
@Test
- public void loginHTTP() {
- String enc = BasicHttpAuth.encode(credentials[0], credentials[1]);
+ public void loginHTTP() throws KustvaktException {
+ String enc = handler.createAuthorizationHeader(AuthenticationType.BASIC,credentials[0], credentials[1]);
ClientResponse response = resource().path("user").path("info")
.header(Attributes.AUTHORIZATION, enc).get(ClientResponse.class);
assertEquals(ClientResponse.Status.OK.getStatusCode(), response.getStatus());
@@ -155,7 +160,7 @@
@Test
@Ignore
public void loginJWT() throws KustvaktException{
- String en = BasicHttpAuth.encode(credentials[0], credentials[1]);
+ String en = handler.createAuthorizationHeader(AuthenticationType.BASIC,credentials[0], credentials[1]);
/* lauffähige Version von Hanl: */
ClientResponse response = resource().path("auth").path("apiToken")
.header(Attributes.AUTHORIZATION, en).get(ClientResponse.class);
@@ -185,7 +190,7 @@
assertTrue(BeansFactory.getKustvaktContext().getConfiguration().getTokenTTL() < 10);
- String en = BasicHttpAuth.encode(credentials[0], credentials[1]);
+ String en = handler.createAuthorizationHeader(AuthenticationType.BASIC,credentials[0], credentials[1]);
ClientResponse response = resource().path("auth").path("apiToken")
.header(Attributes.AUTHORIZATION, en).get(ClientResponse.class);
@@ -212,16 +217,16 @@
}
@Test
- public void testGetUserDetails() {
- String enc = BasicHttpAuth.encode(credentials[0], credentials[1]);
+ public void testGetUserDetails() throws KustvaktException {
+ String enc = handler.createAuthorizationHeader(AuthenticationType.BASIC,credentials[0], credentials[1]);
ClientResponse response = resource().path("user").path("details")
.header(Attributes.AUTHORIZATION, enc).get(ClientResponse.class);
assertEquals(ClientResponse.Status.OK.getStatusCode(), response.getStatus());
}
@Test
- public void testGetUserDetailsEmbeddedPointer() {
- String enc = BasicHttpAuth.encode(credentials[0], credentials[1]);
+ public void testGetUserDetailsEmbeddedPointer() throws KustvaktException {
+ String enc = handler.createAuthorizationHeader(AuthenticationType.BASIC,credentials[0], credentials[1]);
Map m = new LinkedMap();
m.put("test", "[100, \"error message\", true, \"another message\"]");
@@ -239,7 +244,7 @@
@Test
public void testUpdateUserDetailsMerge() throws KustvaktException{
- String enc = BasicHttpAuth.encode(credentials[0], credentials[1]);
+ String enc = handler.createAuthorizationHeader(AuthenticationType.BASIC,credentials[0], credentials[1]);
Map m = new LinkedMap();
m.put("test", "test value 1");
@@ -260,8 +265,8 @@
}
@Test
- public void testGetUserDetailsPointer() {
- String enc = BasicHttpAuth.encode(credentials[0], credentials[1]);
+ public void testGetUserDetailsPointer() throws KustvaktException {
+ String enc = handler.createAuthorizationHeader(AuthenticationType.BASIC,credentials[0], credentials[1]);
ClientResponse response = resource().path("user").path("details")
.queryParam("pointer", "email").header(Attributes.AUTHORIZATION, enc).get(ClientResponse.class);
assertEquals(ClientResponse.Status.OK.getStatusCode(), response.getStatus());
@@ -273,7 +278,7 @@
public void testGetUserDetailsNonExistent() throws KustvaktException {
helper().setupSimpleAccount("userservicetest", "servicepass");
- String enc = BasicHttpAuth.encode("userservicetest", "servicepass");
+ String enc = handler.createAuthorizationHeader(AuthenticationType.BASIC,"userservicetest", "servicepass");
ClientResponse response = resource().path("user").path("details")
.header(Attributes.AUTHORIZATION, enc).get(ClientResponse.class);
assertEquals(ClientResponse.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
@@ -286,8 +291,8 @@
}
@Test
- public void testGetUserSettings() {
- String enc = BasicHttpAuth.encode(credentials[0], credentials[1]);
+ public void testGetUserSettings() throws KustvaktException {
+ String enc = handler.createAuthorizationHeader(AuthenticationType.BASIC,credentials[0], credentials[1]);
ClientResponse response = resource().path("user").path("settings")
.header(Attributes.AUTHORIZATION, enc).get(ClientResponse.class);
assertEquals(ClientResponse.Status.OK.getStatusCode(), response.getStatus());
@@ -295,7 +300,7 @@
@Test
public void testUpdateUserDetailsJson() throws KustvaktException{
- String enc = BasicHttpAuth.encode(credentials[0], credentials[1]);
+ String enc = handler.createAuthorizationHeader(AuthenticationType.BASIC,credentials[0], credentials[1]);
Map m = new LinkedMap();
m.put("firstName", "newName");
m.put("lastName", "newLastName");
@@ -330,13 +335,13 @@
@Test
@Ignore
public void testUpdateUserSettingsForm() throws IOException, KustvaktException{
- String enc = BasicHttpAuth.encode(credentials[0], credentials[1]);
+ String enc = handler.createAuthorizationHeader(AuthenticationType.BASIC,credentials[0], credentials[1]);
MultivaluedMap m = new MultivaluedMapImpl();
m.putSingle("queryLanguage", "poliqarp_test");
m.putSingle("pageLength", "200");
ClientResponse response = resource().path("user").path("settings")
- .header(Attributes.AUTHORIZATION, enc).header("Content-Type", "application/x-www-form-urlencoded")
+ .header(Attributes.AUTHORIZATION, enc).header("Content-Type", "application/x-www-form-urlencodeBase64d")
.get(ClientResponse.class);
assertEquals(ClientResponse.Status.OK.getStatusCode(), response.getStatus());
@@ -350,11 +355,11 @@
assertEquals(ClientResponse.Status.OK.getStatusCode(), response.getStatus());
response = resource().path("user").path("settings").header(Attributes.AUTHORIZATION, enc)
- .header("Content-Type", "application/x-www-form-urlencoded").post(ClientResponse.class, m);
+ .header("Content-Type", "application/x-www-form-urlencodeBase64d").post(ClientResponse.class, m);
assertEquals(ClientResponse.Status.OK.getStatusCode(), response.getStatus());
response = resource().path("user").path("settings").header(Attributes.AUTHORIZATION, enc)
- .header("Content-Type", "application/x-www-form-urlencoded").get(ClientResponse.class);
+ .header("Content-Type", "application/x-www-form-urlencodeBase64d").get(ClientResponse.class);
assertEquals(ClientResponse.Status.OK.getStatusCode(), response.getStatus());
map = JsonUtils.readTree(response.getEntity(String.class));
@@ -368,7 +373,7 @@
@Test
public void testUpdateUserSettingsJson() throws IOException, KustvaktException {
- String enc = BasicHttpAuth.encode(credentials[0], credentials[1]);
+ String enc = handler.createAuthorizationHeader(AuthenticationType.BASIC,credentials[0], credentials[1]);
Map m = new HashMap<>();
m.put("queryLanguage", "poliqarp_test");
m.put("pageLength", "200");
@@ -410,7 +415,7 @@
final String CREDENTIALS_INVALID = "{\"username\":\"testuser2\","
+ "\"email\":\"hanl@ids-mannheim.de\",\"password\":\"testpassword\"}";
// Response response = given()
- // .contentType("application/x-www-form-urlencoded").when()
+ // .contentType("application/x-www-form-urlencodeBase64d").when()
// .body(CREDENTIALS_INVALID).post("/register");
// String body = response.getBody().asString();
// Assert.assertEquals("response is in error", true,
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/service/full/VirtualCorpusServiceTest.java b/full/src/test/java/de/ids_mannheim/korap/web/service/full/VirtualCorpusServiceTest.java
index e115d7c..1a26e1c 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/service/full/VirtualCorpusServiceTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/service/full/VirtualCorpusServiceTest.java
@@ -6,19 +6,24 @@
import org.eclipse.jetty.http.HttpHeaders;
import org.junit.Ignore;
import org.junit.Test;
+import org.springframework.beans.factory.annotation.Autowired;
import com.fasterxml.jackson.databind.JsonNode;
import com.sun.jersey.api.client.ClientResponse;
-import de.ids_mannheim.korap.authentication.BasicHttpAuth;
+import de.ids_mannheim.korap.authentication.framework.HttpAuthorizationHandler;
import de.ids_mannheim.korap.config.Attributes;
+import de.ids_mannheim.korap.config.AuthenticationType;
import de.ids_mannheim.korap.config.SpringJerseyTest;
import de.ids_mannheim.korap.exceptions.KustvaktException;
import de.ids_mannheim.korap.exceptions.StatusCodes;
import de.ids_mannheim.korap.utils.JsonUtils;
public class VirtualCorpusServiceTest extends SpringJerseyTest{
-
+
+ @Autowired
+ HttpAuthorizationHandler handler;
+
@Test
@Ignore
public void testStoreVC () throws KustvaktException {
@@ -28,7 +33,7 @@
ClientResponse response = resource().path("vc").path("store")
.header(Attributes.AUTHORIZATION,
- BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+ handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
.header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
.entity(json)
.post(ClientResponse.class);
diff --git a/full/src/test/resources/test-config.xml b/full/src/test/resources/test-config.xml
index 7b85090..1ca00b0 100644
--- a/full/src/test/resources/test-config.xml
+++ b/full/src/test/resources/test-config.xml
@@ -209,7 +209,7 @@
type="de.ids_mannheim.korap.interfaces.db.PersistenceClient" ref="kustvakt_db" />
</bean>
- <bean id="basic_auth" class="de.ids_mannheim.korap.authentication.BasicHttpAuth" />
+ <bean id="basic_auth" class="de.ids_mannheim.korap.authentication.BasicAuthentication" />
<bean id="session_auth"