Generalized http authentication framework.
Change-Id: I99b9bdb8b93445ceaf51ecb8105a23f980408df2
diff --git a/full/src/main/java/de/ids_mannheim/korap/authentication/BasicHttpAuth.java b/full/src/main/java/de/ids_mannheim/korap/authentication/BasicAuthentication.java
similarity index 100%
rename from full/src/main/java/de/ids_mannheim/korap/authentication/BasicHttpAuth.java
rename to full/src/main/java/de/ids_mannheim/korap/authentication/BasicAuthentication.java
diff --git a/full/src/main/java/de/ids_mannheim/korap/authentication/KustvaktAuthenticationManager.java b/full/src/main/java/de/ids_mannheim/korap/authentication/KustvaktAuthenticationManager.java
index 3c90a2c..7ee3506 100644
--- a/full/src/main/java/de/ids_mannheim/korap/authentication/KustvaktAuthenticationManager.java
+++ b/full/src/main/java/de/ids_mannheim/korap/authentication/KustvaktAuthenticationManager.java
@@ -5,9 +5,9 @@
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.NoSuchAlgorithmException;
+import java.util.Arrays;
import java.util.Collection;
import java.util.Map;
-import java.util.Arrays;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MultivaluedMap;
@@ -20,6 +20,7 @@
import com.unboundid.ldap.sdk.LDAPException;
import de.ids_mannheim.korap.auditing.AuditRecord;
+import de.ids_mannheim.korap.authentication.framework.AuthorizationData;
import de.ids_mannheim.korap.config.Attributes;
import de.ids_mannheim.korap.config.AuthenticationType;
import de.ids_mannheim.korap.config.BeansFactory;
@@ -98,21 +99,15 @@
* @throws KustvaktException
*/
@Override
- public TokenContext getTokenStatus(String token, String host, String useragent) throws KustvaktException {
- if (token == null)
- throw new KustvaktException(StatusCodes.MISSING_ARGUMENT, "authorization header");
+ public TokenContext getTokenStatus(AuthenticationType type, String token,
+ String host, String useragent) throws KustvaktException {
- // EM: fix me
- String token_type = StringUtils.getTokenType(token);
- AuthenticationType type = AuthenticationType.valueOf(token_type);
-
- token = StringUtils.stripTokenType(token);
- jlog.info("getting session status of token type '{}'", token.split(" ")[0]);
AuthenticationIface provider = getProvider(type , null);
if (provider == null)
// throw exception for missing type parameter
- throw new KustvaktException(StatusCodes.ILLEGAL_ARGUMENT, "token type not defined or found", "token_type");
+ throw new KustvaktException(StatusCodes.ILLEGAL_ARGUMENT,
+ "token type not defined or found", "token_type");
TokenContext context = provider.getTokenContext(token);
if (context != null && TimeUtils.isExpired(context.getExpirationTime()))
diff --git a/full/src/main/java/de/ids_mannheim/korap/authentication/framework/AuthorizationData.java b/full/src/main/java/de/ids_mannheim/korap/authentication/framework/AuthorizationData.java
new file mode 100644
index 0000000..8f310a6
--- /dev/null
+++ b/full/src/main/java/de/ids_mannheim/korap/authentication/framework/AuthorizationData.java
@@ -0,0 +1,14 @@
+package de.ids_mannheim.korap.authentication.framework;
+
+import de.ids_mannheim.korap.config.AuthenticationType;
+import lombok.Getter;
+import lombok.Setter;
+
+@Getter
+@Setter
+public class AuthorizationData {
+
+ private String token;
+ private AuthenticationType authenticationType;
+
+}
diff --git a/full/src/main/java/de/ids_mannheim/korap/authentication/framework/HttpAuthorizationHandler.java b/full/src/main/java/de/ids_mannheim/korap/authentication/framework/HttpAuthorizationHandler.java
new file mode 100644
index 0000000..b5851e3
--- /dev/null
+++ b/full/src/main/java/de/ids_mannheim/korap/authentication/framework/HttpAuthorizationHandler.java
@@ -0,0 +1,59 @@
+package de.ids_mannheim.korap.authentication.framework;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import com.sun.jersey.api.client.ClientResponse.Status;
+
+import de.ids_mannheim.korap.config.AuthenticationType;
+import de.ids_mannheim.korap.exceptions.KustvaktException;
+import de.ids_mannheim.korap.exceptions.StatusCodes;
+import de.ids_mannheim.korap.utils.ParameterChecker;
+
+/** Implementation of HTTP authentication scheme (see RFC 7253 and 7617)
+ * for client asking for authorization and sending user data.
+ *
+ * @author margaretha
+ *
+ */
+@Component
+public class HttpAuthorizationHandler {
+
+ @Autowired
+ private TransferEncoding transferEncoding;
+
+ public String createAuthorizationHeader (AuthenticationType type,
+ String username, String password) throws KustvaktException {
+ ParameterChecker.checkStringValue(username, "username");
+ ParameterChecker.checkStringValue(password, "password");
+
+ String credentials = transferEncoding.encodeBase64(username, password);
+ return type.displayName() + " " + credentials;
+ }
+
+ public AuthorizationData parseAuthorizationHeader (
+ String authorizationHeader) throws KustvaktException {
+ ParameterChecker.checkStringValue(authorizationHeader,
+ "authorization header");
+
+ String[] values = authorizationHeader.split(" ");
+ if (values.length != 2) {
+ throw new KustvaktException(StatusCodes.CLIENT_AUTHORIZATION_FAILED,
+ "Cannot parse authorization header value "
+ + authorizationHeader
+ + ". Use this format: [authentication "
+ + "scheme] [Base64-encoded token]",
+ authorizationHeader);
+ }
+
+ AuthorizationData data = new AuthorizationData();
+ data.setAuthenticationType(
+ AuthenticationType.valueOf(values[0].toUpperCase()));
+ data.setToken(values[1]);
+ return data;
+ }
+
+ public void parseToken (AuthorizationData data) throws KustvaktException {
+ String[] credentials = transferEncoding.decodeBase64(data.getToken());
+ }
+}
diff --git a/full/src/main/java/de/ids_mannheim/korap/authentication/framework/TransferEncoding.java b/full/src/main/java/de/ids_mannheim/korap/authentication/framework/TransferEncoding.java
new file mode 100644
index 0000000..70246d0
--- /dev/null
+++ b/full/src/main/java/de/ids_mannheim/korap/authentication/framework/TransferEncoding.java
@@ -0,0 +1,53 @@
+package de.ids_mannheim.korap.authentication.framework;
+
+import org.apache.commons.codec.binary.Base64;
+import org.springframework.stereotype.Component;
+
+import de.ids_mannheim.korap.exceptions.KustvaktException;
+import de.ids_mannheim.korap.utils.ParameterChecker;
+
+/** TransferEncoding contains encoding and decoding methods for data transfer,
+ * e.g. transfering credentials using basic Http authentication.
+ *
+ * @author margaretha
+ *
+ */
+@Component
+public class TransferEncoding {
+
+ /** Encodes username and password using Base64.
+ *
+ * @param username username
+ * @param password password
+ * @return
+ */
+ public String encodeBase64 (String username, String password) {
+ String s = username + ":" + password;
+ return new String(Base64.encodeBase64(s.getBytes()));
+ }
+
+ /** Decodes the given string using Base64.
+ *
+ * @param encodedStr
+ * @return username and password as an array of strings.
+ * @throws KustvaktException
+ */
+ public String[] decodeBase64 (String encodedStr)
+ throws KustvaktException {
+
+ ParameterChecker.checkStringValue(encodedStr, "encoded string");
+ String decodedStr = new String(Base64.decodeBase64(encodedStr));
+
+ if (decodedStr.contains(":") && decodedStr.split(":").length == 2) {
+ String[] strArr = decodedStr.split(":");
+ if ((strArr[0] != null && !strArr[0].isEmpty())
+ && (strArr[1] != null && !strArr[1].isEmpty())) {
+ return decodedStr.split(":");
+ }
+
+ }
+
+ throw new IllegalArgumentException(
+ "Unknown Base64 encoding format: " + decodedStr);
+ }
+}
diff --git a/full/src/main/java/de/ids_mannheim/korap/dao/UserDao.java b/full/src/main/java/de/ids_mannheim/korap/dao/UserDao.java
new file mode 100644
index 0000000..51ab9c1
--- /dev/null
+++ b/full/src/main/java/de/ids_mannheim/korap/dao/UserDao.java
@@ -0,0 +1,23 @@
+package de.ids_mannheim.korap.dao;
+
+import org.springframework.stereotype.Repository;
+
+import de.ids_mannheim.korap.user.KorAPUser;
+import de.ids_mannheim.korap.user.User;
+
+/** Dummy DAO for testing using basic authentication.
+ *
+ * @author margaretha
+ *
+ */
+@Repository
+public class UserDao {
+
+ public User getAccount (String username) {
+ User user = new KorAPUser();
+ user.setUsername(username);
+ return user;
+ }
+
+
+}
diff --git a/full/src/main/java/de/ids_mannheim/korap/handlers/AdminDao.java b/full/src/main/java/de/ids_mannheim/korap/handlers/AdminDao.java
index 7237afd..ef020f0 100644
--- a/full/src/main/java/de/ids_mannheim/korap/handlers/AdminDao.java
+++ b/full/src/main/java/de/ids_mannheim/korap/handlers/AdminDao.java
@@ -72,6 +72,7 @@
return 0;
}
+ // EM: FIX ME
@Override
public boolean isAdmin(int userId) {
Map<String, String> namedParameters = Collections.singletonMap(
diff --git a/full/src/main/java/de/ids_mannheim/korap/handlers/OAuthDb.java b/full/src/main/java/de/ids_mannheim/korap/handlers/OAuthDb.java
index ec9d036..816297d 100644
--- a/full/src/main/java/de/ids_mannheim/korap/handlers/OAuthDb.java
+++ b/full/src/main/java/de/ids_mannheim/korap/handlers/OAuthDb.java
@@ -275,7 +275,7 @@
jlog.error("registering client '{}' failed", info.getClient_id());
throw new DatabaseException(new KustvaktException(user.getId(),
StatusCodes.ILLEGAL_ARGUMENT, "arguments given not valid",
- info.toJSON()), StatusCodes.CLIENT_REGISTRATION_FAILURE,
+ info.toJSON()), StatusCodes.CLIENT_REGISTRATION_FAILED,
info.toJSON());
}
}
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/controller/AuthenticationController.java b/full/src/main/java/de/ids_mannheim/korap/web/controller/AuthenticationController.java
index bed0d5d..bc4f0c9 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/controller/AuthenticationController.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/controller/AuthenticationController.java
@@ -27,7 +27,9 @@
import com.sun.jersey.spi.container.ContainerRequest;
import com.sun.jersey.spi.container.ResourceFilters;
-import de.ids_mannheim.korap.authentication.BasicHttpAuth;
+import de.ids_mannheim.korap.authentication.framework.AuthorizationData;
+import de.ids_mannheim.korap.authentication.framework.HttpAuthorizationHandler;
+import de.ids_mannheim.korap.authentication.framework.TransferEncoding;
import de.ids_mannheim.korap.config.Attributes;
import de.ids_mannheim.korap.config.AuthenticationType;
import de.ids_mannheim.korap.config.BeansFactory;
@@ -58,8 +60,14 @@
public class AuthenticationController {
@Autowired
- KustvaktResponseHandler kustvaktResponseHandler;
+ private KustvaktResponseHandler kustvaktResponseHandler;
+
+ @Autowired
+ private HttpAuthorizationHandler authorizationHandler;
+ @Autowired
+ private TransferEncoding transferEncoding;
+
private static Boolean DEBUG_LOG = true;
//todo: bootstrap function to transmit certain default configuration settings and examples (example user queries,
@@ -138,14 +146,22 @@
"Authorization header is missing.",
"Authorization header"));
}
-
- String[] values = BasicHttpAuth.decode(auth.get(0));
+
+ String[] values;
+ try {
+ AuthorizationData authorizationData = authorizationHandler.
+ parseAuthorizationHeader(auth.get(0));
+ values = transferEncoding.decodeBase64(authorizationData.getToken());
+
+ }
+ catch (KustvaktException e) {
+ throw kustvaktResponseHandler.throwit(e);
+ }
if (DEBUG_LOG == true) {
System.out.printf("Debug: AuthService.requestAPIToken...:\n");
System.out.printf("Debug: auth.size=%d\n", auth.size());
System.out.printf("auth.get(0)='%s'\n", auth.get(0));
- System.out.printf("Debug: values.length=%d\n", values.length);
/* hide password etc. - FB
if( auth.size() > 0 )
{
@@ -168,13 +184,13 @@
while (it.hasNext()) {
String key = (String) it.next();
List<String> vals = headerMap.get(key);
- System.out.printf("Debug: requestAPIToken: '%s' = '%s'\n",
- key, vals);
+// System.out.printf("Debug: requestAPIToken: '%s' = '%s'\n",
+// key, vals);
}
}
- System.out.printf("Debug: requestAPIToken: isSecure = %s.\n",
- secCtx.isSecure() ? "yes" : "no");
+// System.out.printf("Debug: requestAPIToken: isSecure = %s.\n",
+// secCtx.isSecure() ? "yes" : "no");
} // DEBUG_LOG
// "Invalid syntax for username and password"
@@ -253,15 +269,22 @@
List<String> auth =
headers.getRequestHeader(ContainerRequest.AUTHORIZATION);
- String[] values = BasicHttpAuth.decode(auth.get(0));
+ String[] values;
+ try {
+ AuthorizationData authorizationData = authorizationHandler.
+ parseAuthorizationHeader(auth.get(0));
+ values = transferEncoding.decodeBase64(authorizationData.getToken());
+
+ }
+ catch (KustvaktException e) {
+ throw kustvaktResponseHandler.throwit(e);
+ }
// authentication = StringUtils.stripTokenType(authentication);
// String[] values = new String(
// DatatypeConverter.parseBase64Binary(authentication)).split(":");
// String[] values = Base64.base64Decode(authentication).split(":");
// "Invalid syntax for username and password"
- if (values == null)
- throw kustvaktResponseHandler.throwit(StatusCodes.BAD_CREDENTIALS);
// Implementation Hanl mit '|'. 16.02.17/FB
//if (values[0].equalsIgnoreCase("null")
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/filter/AdminFilter.java b/full/src/main/java/de/ids_mannheim/korap/web/filter/AdminFilter.java
index 16840f1..67ff04a 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/filter/AdminFilter.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/filter/AdminFilter.java
@@ -6,20 +6,22 @@
import javax.ws.rs.ext.Provider;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
import com.sun.jersey.spi.container.ContainerRequest;
import com.sun.jersey.spi.container.ContainerRequestFilter;
import com.sun.jersey.spi.container.ContainerResponseFilter;
import com.sun.jersey.spi.container.ResourceFilter;
-import de.ids_mannheim.korap.authentication.BasicHttpAuth;
+import de.ids_mannheim.korap.authentication.framework.AuthorizationData;
+import de.ids_mannheim.korap.authentication.framework.HttpAuthorizationHandler;
+import de.ids_mannheim.korap.authentication.framework.TransferEncoding;
import de.ids_mannheim.korap.config.Attributes;
import de.ids_mannheim.korap.config.AuthenticationType;
import de.ids_mannheim.korap.exceptions.KustvaktException;
import de.ids_mannheim.korap.interfaces.AuthenticationManagerIface;
import de.ids_mannheim.korap.user.TokenContext;
import de.ids_mannheim.korap.user.User;
-import de.ids_mannheim.korap.utils.StringUtils;
import de.ids_mannheim.korap.web.utils.KustvaktContext;
import de.ids_mannheim.korap.web.utils.KustvaktResponseHandler;
@@ -27,70 +29,76 @@
* @author hanl, margaretha
* @date 04/2017
*/
+@Component
@Provider
public class AdminFilter implements ContainerRequestFilter, ResourceFilter {
@Autowired
- private AuthenticationManagerIface authManager;
+ private AuthenticationManagerIface authManager;
+
+ @Autowired
+ private KustvaktResponseHandler kustvaktResponseHandler;
@Autowired
- KustvaktResponseHandler kustvaktResponseHandler;
+ private TransferEncoding transferEncoding;
+
+ @Autowired
+ private HttpAuthorizationHandler authorizationHandler;
+
+ @Override
+ public ContainerRequest filter (ContainerRequest cr) {
+ String authorization =
+ cr.getHeaderValue(ContainerRequest.AUTHORIZATION);
+
+ AuthorizationData data;
+ String[] userData;
+ try {
+ data = authorizationHandler.parseAuthorizationHeader(authorization);
+ userData = transferEncoding.decodeBase64(data.getToken());
+ }
+ catch (KustvaktException e) {
+ throw kustvaktResponseHandler.throwAuthenticationException(e);
+ }
+
+ String host = cr.getHeaderValue(ContainerRequest.HOST);
+ String agent = cr.getHeaderValue(ContainerRequest.USER_AGENT);
+ Map<String, Object> attributes = new HashMap<>();
+ attributes.put(Attributes.HOST, host);
+ attributes.put(Attributes.USER_AGENT, agent);
+ try {
+ // EM: fix me: AuthenticationType based on header value
+ User user = authManager.authenticate(data.getAuthenticationType(),
+ userData[0], userData[0], attributes);
+ if (!user.isAdmin()) {
+ throw kustvaktResponseHandler.throwAuthenticationException(
+ "Admin authentication failed.");
+ }
+ Map<String, Object> properties = cr.getProperties();
+ properties.put("user", user);
+ }
+ catch (KustvaktException e) {
+ throw kustvaktResponseHandler.throwAuthenticationException(e);
+ }
- @Override
- public ContainerRequest filter(ContainerRequest cr) {
- String authentication = cr.getHeaderValue(ContainerRequest.AUTHORIZATION);
- if (authentication == null) {
- throw kustvaktResponseHandler.throwAuthenticationException("The authorization header value is missing.");
- }
-
- // EM: fix me: authentication header format
- // decode password
- AuthenticationType authenticationType = AuthenticationType.valueOf(StringUtils.getTokenType(authentication));
- String authenticationCode = StringUtils.stripTokenType(authentication);
- String username = null, token = null;
- // String tokenType = 0;
-
- if (authenticationType.equals(AuthenticationType.DATABASE)) {
- String[] authContent = BasicHttpAuth.decode(authenticationCode);
- username = authContent[0];
- token = authContent[1];
- }
-
- String host = cr.getHeaderValue(ContainerRequest.HOST);
- String agent = cr.getHeaderValue(ContainerRequest.USER_AGENT);
- Map<String, Object> attributes = new HashMap<>();
- attributes.put(Attributes.HOST, host);
- attributes.put(Attributes.USER_AGENT, agent);
- try {
- // EM: fix me: AuthenticationType based on header value
- User user = authManager.authenticate(AuthenticationType.LDAP, username, token, attributes);
- if (!user.isAdmin()){
- throw kustvaktResponseHandler.throwAuthenticationException("Admin authentication failed.");
- }
- Map<String, Object> properties = cr.getProperties();
- properties.put("user", user);
- } catch (KustvaktException e) {
- throw kustvaktResponseHandler.throwAuthenticationException("User authentication failed.");
- }
+ TokenContext c = new TokenContext();
+ c.setUsername(userData[0]);
+ c.setAuthenticationType(data.getAuthenticationType());
+ // EM: is this secure? Is token context not sent outside Kustvakt?
+ c.setToken(data.getToken());
+ c.setHostAddress(host);
+ c.setUserAgent(agent);
+ cr.setSecurityContext(new KustvaktContext(c));
- TokenContext c = new TokenContext();
- c.setUsername(username);
- c.setAuthenticationType(authenticationType);
- c.setToken(token);
- c.setHostAddress(host);
- c.setUserAgent(agent);
- cr.setSecurityContext(new KustvaktContext(c));
+ return cr;
+ }
- return cr;
- }
+ @Override
+ public ContainerRequestFilter getRequestFilter () {
+ return this;
+ }
- @Override
- public ContainerRequestFilter getRequestFilter() {
- return this;
- }
-
- @Override
- public ContainerResponseFilter getResponseFilter() {
- return null;
- }
+ @Override
+ public ContainerResponseFilter getResponseFilter () {
+ return null;
+ }
}
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/filter/AuthenticationFilter.java b/full/src/main/java/de/ids_mannheim/korap/web/filter/AuthenticationFilter.java
index 5f92c1b..61f92e7 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/filter/AuthenticationFilter.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/filter/AuthenticationFilter.java
@@ -1,39 +1,45 @@
package de.ids_mannheim.korap.web.filter;
+import javax.ws.rs.ext.Provider;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
import com.sun.jersey.spi.container.ContainerRequest;
import com.sun.jersey.spi.container.ContainerRequestFilter;
import com.sun.jersey.spi.container.ContainerResponseFilter;
import com.sun.jersey.spi.container.ResourceFilter;
-import de.ids_mannheim.korap.config.BeansFactory;
+
+import de.ids_mannheim.korap.authentication.framework.AuthorizationData;
+import de.ids_mannheim.korap.authentication.framework.HttpAuthorizationHandler;
import de.ids_mannheim.korap.exceptions.KustvaktException;
import de.ids_mannheim.korap.interfaces.AuthenticationManagerIface;
import de.ids_mannheim.korap.user.TokenContext;
import de.ids_mannheim.korap.web.utils.KustvaktContext;
import de.ids_mannheim.korap.web.utils.KustvaktResponseHandler;
-import javax.ws.rs.ext.Provider;
-
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Component;
-
/**
* @author hanl
* @date 28/01/2014
*/
@Component
@Provider
-public class AuthenticationFilter implements ContainerRequestFilter, ResourceFilter {
+public class AuthenticationFilter
+ implements ContainerRequestFilter, ResourceFilter {
+
+ @Autowired
+ private HttpAuthorizationHandler authorizationHandler;
@Autowired
private AuthenticationManagerIface userController;
@Autowired
- KustvaktResponseHandler kustvaktResponseHandler;
+ private KustvaktResponseHandler kustvaktResponseHandler;
-// public AuthFilter () {
-// this.userController = BeansFactory.getKustvaktContext()
-// .getAuthenticationManager();
-// }
+ // public AuthFilter () {
+ // this.userController = BeansFactory.getKustvaktContext()
+ // .getAuthenticationManager();
+ // }
@Override
@@ -41,22 +47,27 @@
String host = request.getHeaderValue(ContainerRequest.HOST);
String ua = request.getHeaderValue(ContainerRequest.USER_AGENT);
- String authentication = request
- .getHeaderValue(ContainerRequest.AUTHORIZATION);
- if (authentication != null && !authentication.isEmpty()) {
+ String authorization =
+ request.getHeaderValue(ContainerRequest.AUTHORIZATION);
+
+
+ if (authorization != null && !authorization.isEmpty()) {
TokenContext context;
try {
- context = userController.getTokenStatus(authentication, host,
+ AuthorizationData data = authorizationHandler
+ .parseAuthorizationHeader(authorization);
+ context = userController.getTokenStatus(
+ data.getAuthenticationType(), data.getToken(), host,
ua);
}
catch (KustvaktException e) {
- throw kustvaktResponseHandler.throwAuthenticationException(authentication);
+ throw kustvaktResponseHandler
+ .throwAuthenticationException(authorization);
}
// fixme: give reason why access is not granted?
- if (context != null
- && context.isValid()
- && ((context.isSecureRequired() && request.isSecure()) | !context
- .isSecureRequired()))
+ if (context != null && context.isValid()
+ && ((context.isSecureRequired() && request.isSecure())
+ | !context.isSecureRequired()))
request.setSecurityContext(new KustvaktContext(context));
else
throw kustvaktResponseHandler.throwAuthenticationException("");
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/filter/DemoFilter.java b/full/src/main/java/de/ids_mannheim/korap/web/filter/DemoFilter.java
index ee6a24f..a30d589 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/filter/DemoFilter.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/filter/DemoFilter.java
@@ -1,19 +1,21 @@
package de.ids_mannheim.korap.web.filter;
+import javax.ws.rs.core.SecurityContext;
+import javax.ws.rs.ext.Provider;
+
+import org.springframework.beans.factory.annotation.Autowired;
+
import com.sun.jersey.spi.container.ContainerRequest;
import com.sun.jersey.spi.container.ContainerRequestFilter;
import com.sun.jersey.spi.container.ContainerResponseFilter;
import com.sun.jersey.spi.container.ResourceFilter;
-import de.ids_mannheim.korap.authentication.BasicHttpAuth;
-import de.ids_mannheim.korap.config.Attributes;
+import de.ids_mannheim.korap.authentication.framework.HttpAuthorizationHandler;
import de.ids_mannheim.korap.config.AuthenticationType;
+import de.ids_mannheim.korap.exceptions.KustvaktException;
import de.ids_mannheim.korap.user.TokenContext;
import de.ids_mannheim.korap.web.utils.KustvaktContext;
-import javax.ws.rs.core.SecurityContext;
-import javax.ws.rs.ext.Provider;
-
/**
* @author hanl
* @date 08/02/2016
@@ -21,6 +23,9 @@
@Provider
public class DemoFilter implements ContainerRequestFilter, ResourceFilter {
+ @Autowired
+ HttpAuthorizationHandler handler;
+
@Override
public ContainerRequest filter (ContainerRequest request) {
String authentication = request
@@ -39,7 +44,13 @@
private SecurityContext createContext () {
TokenContext context = new TokenContext();
- String token = BasicHttpAuth.encode("demo", "demo2015");
+ String token = null;
+ try {
+ token = handler.createAuthorizationHeader(AuthenticationType.BASIC,"demo", "demo2015");
+ }
+ catch (KustvaktException e) {
+ e.printStackTrace();
+ }
context.setToken(token);
context.setAuthenticationType(AuthenticationType.LDAP);
context.setUsername("demo");
diff --git a/full/src/main/resources/default-config.xml b/full/src/main/resources/default-config.xml
index 5fb4896..c81bff5 100644
--- a/full/src/main/resources/default-config.xml
+++ b/full/src/main/resources/default-config.xml
@@ -213,7 +213,7 @@
type="de.ids_mannheim.korap.interfaces.db.PersistenceClient" ref="kustvakt_db" />
</bean>
- <bean id="basic_auth" class="de.ids_mannheim.korap.authentication.BasicHttpAuth" />
+ <bean id="basic_auth" class="de.ids_mannheim.korap.authentication.BasicAuthentication" />
<bean id="session_auth"