Disabled LDAP auth provider and token API in the auth filter (#587)

Change-Id: I4fc8356e1883cd8fd24d7f5d8928162177ad482e
diff --git a/core/src/main/java/de/ids_mannheim/korap/web/filter/AuthenticationFilter.java b/core/src/main/java/de/ids_mannheim/korap/web/filter/AuthenticationFilter.java
index 4b5e471..bb5d6c1 100644
--- a/core/src/main/java/de/ids_mannheim/korap/web/filter/AuthenticationFilter.java
+++ b/core/src/main/java/de/ids_mannheim/korap/web/filter/AuthenticationFilter.java
@@ -1,14 +1,16 @@
 package de.ids_mannheim.korap.web.filter;
 
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Component;
-import org.glassfish.jersey.server.ContainerRequest;
-
 import javax.annotation.Priority;
 import javax.ws.rs.Priorities;
 import javax.ws.rs.container.ContainerRequestContext;
 import javax.ws.rs.container.ContainerRequestFilter;
 
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+import org.glassfish.jersey.server.ContainerRequest;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
 import de.ids_mannheim.korap.authentication.AuthenticationManager;
 import de.ids_mannheim.korap.authentication.http.AuthorizationData;
 import de.ids_mannheim.korap.authentication.http.HttpAuthorizationHandler;
@@ -34,6 +36,8 @@
 public class AuthenticationFilter
         implements ContainerRequestFilter {
 
+    private static Logger jlog = LogManager.getLogger(AuthenticationFilter.class);
+    
     @Autowired
     private HttpAuthorizationHandler authorizationHandler;
 
@@ -81,9 +85,10 @@
                         break;
                     // EM: JWT token-based authentication scheme
                     case API:
-                        context = authenticationManager.getTokenContext(
-                                TokenType.API, authData.getToken(), host, ua);
-                        break;
+                        jlog.warn("Authentication filter using token API");
+                        throw new KustvaktException(
+                                StatusCodes.AUTHENTICATION_FAILED,
+                                "Authentication API is no longer supported.");
                     default:
                         throw new KustvaktException(
                                 StatusCodes.AUTHENTICATION_FAILED,
diff --git a/full/Changes b/full/Changes
index a6b0378..6999ef4 100644
--- a/full/Changes
+++ b/full/Changes
@@ -6,6 +6,7 @@
 - Implemented configurable resource filters for search and match 
   info APIs (#539)
 - Added getting username from LDAP (#568)
+- Disabled LDAP auth provider and token API in the auth filter (#587)
 
 # version 0.69.3
 
diff --git a/full/src/main/java/de/ids_mannheim/korap/authentication/LdapAuth3.java b/full/src/main/java/de/ids_mannheim/korap/authentication/LdapAuth3.java
index 8d3633f..a597f62 100644
--- a/full/src/main/java/de/ids_mannheim/korap/authentication/LdapAuth3.java
+++ b/full/src/main/java/de/ids_mannheim/korap/authentication/LdapAuth3.java
@@ -4,30 +4,41 @@
 
 package de.ids_mannheim.korap.authentication;
 
-import com.nimbusds.jose.JOSEException;
-import com.unboundid.ldap.sdk.*;
+import java.net.UnknownHostException;
+import java.security.GeneralSecurityException;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+
+import javax.net.ssl.SSLSocketFactory;
+
+import org.apache.commons.text.StringSubstitutor;
+
+import com.unboundid.ldap.sdk.BindResult;
+import com.unboundid.ldap.sdk.Filter;
+import com.unboundid.ldap.sdk.LDAPConnection;
+import com.unboundid.ldap.sdk.LDAPException;
+import com.unboundid.ldap.sdk.LDAPSearchException;
+import com.unboundid.ldap.sdk.ResultCode;
+import com.unboundid.ldap.sdk.SearchResult;
+import com.unboundid.ldap.sdk.SearchResultEntry;
+import com.unboundid.ldap.sdk.SearchScope;
 import com.unboundid.util.NotNull;
 import com.unboundid.util.ssl.SSLUtil;
 import com.unboundid.util.ssl.TrustAllTrustManager;
 import com.unboundid.util.ssl.TrustStoreTrustManager;
-import de.ids_mannheim.korap.config.FullConfiguration;
-import de.ids_mannheim.korap.constant.TokenType;
-import de.ids_mannheim.korap.server.EmbeddedLdapServer;
-import org.apache.commons.text.StringSubstitutor;
 
-import javax.net.ssl.SSLSocketFactory;
-import java.net.UnknownHostException;
-import java.security.GeneralSecurityException;
-import java.util.*;
+import de.ids_mannheim.korap.server.EmbeddedLdapServer;
 
 
 /**
  * LDAP Login
  *
  * @author bodmer, margaretha, kupietz
- * @see APIAuthentication
  */
-public class LdapAuth3 extends APIAuthentication {
+public class LdapAuth3 {
 
     public static final int LDAP_AUTH_ROK = 0;
     public static final int LDAP_AUTH_RCONNECT = 1; // cannot connect to LDAP Server
@@ -39,9 +50,6 @@
     public static final int LDAP_AUTH_RNAUTH = 7; // User Account or Pwd unknown, or not authorized
     final static Boolean DEBUGLOG = false;        // log debug output.
 
-    public LdapAuth3(FullConfiguration config) throws JOSEException {
-        super(config);
-    }
 
     public static String getErrMessage(int code) {
         switch (code) {
@@ -293,11 +301,6 @@
         SSLUtil.setEnabledSSLCipherSuites(ciphers);
     }
 
-    @Override
-    public TokenType getTokenType() {
-        return TokenType.API;
-    }
-
     public static class LdapAuth3Result {
         final int errorCode;
         final Object value;
diff --git a/full/src/main/resources/default-config.xml b/full/src/main/resources/default-config.xml
index 53c0536..b8ce628 100644
--- a/full/src/main/resources/default-config.xml
+++ b/full/src/main/resources/default-config.xml
@@ -268,14 +268,6 @@
 	</bean>
 
 	<!-- authentication providers to use -->
-	<!-- <bean id="api_auth" class="de.ids_mannheim.korap.authentication.APIAuthentication"> 
-		<constructor-arg type="de.ids_mannheim.korap.config.KustvaktConfiguration" 
-		ref="kustvakt_config" /> </bean> -->
-
-	<bean id="ldap_auth" class="de.ids_mannheim.korap.authentication.LdapAuth3">
-		<constructor-arg type="de.ids_mannheim.korap.config.KustvaktConfiguration"
-			ref="kustvakt_config" />
-	</bean>
 
 	<!-- <bean id="openid_auth"
 		class="de.ids_mannheim.korap.authentication.OpenIDconnectAuthentication">
@@ -285,22 +277,20 @@
 			type="de.ids_mannheim.korap.interfaces.db.PersistenceClient" ref="kustvakt_db" />
 	</bean> -->
 
-	<bean id="session_auth"
+	<!-- <bean id="session_auth"
 		class="de.ids_mannheim.korap.authentication.SessionAuthentication">
 		<constructor-arg type="de.ids_mannheim.korap.config.KustvaktConfiguration"
 			ref="kustvakt_config" />
 		<constructor-arg type="de.ids_mannheim.korap.interfaces.EncryptionIface"
 			ref="kustvakt_encryption" />
-	</bean>
+	</bean> -->
 
 	<bean id="oauth2_auth"
 		class="de.ids_mannheim.korap.authentication.OAuth2Authentication" />
 	
 	<util:list id="kustvakt_authproviders"
 		value-type="de.ids_mannheim.korap.interfaces.AuthenticationIface">
-		<ref bean="ldap_auth" />
-		<ref bean="session_auth" />
-		<!-- <ref bean="api_auth" /> -->
+		<!-- <ref bean="session_auth" /> -->
 		<!-- <ref bean="openid_auth" /> -->
 		<ref bean="oauth2_auth" />
 	</util:list>
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/VirtualCorpusControllerTest.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/VirtualCorpusControllerTest.java
index bc84dae..d470a6d 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/controller/VirtualCorpusControllerTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/VirtualCorpusControllerTest.java
@@ -438,7 +438,7 @@
                 .path("~"+testUser).path("new_vc")
                 .request()
                 .header(Attributes.AUTHORIZATION,
-                        AuthenticationScheme.API.displayName() + " "
+                        AuthenticationScheme.BEARER.displayName() + " "
                                 + authToken)
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .header(HttpHeaders.CONTENT_TYPE, ContentType.APPLICATION_JSON)
@@ -450,7 +450,7 @@
         JsonNode node = JsonUtils.readTree(entity);
         assertEquals(StatusCodes.INVALID_ACCESS_TOKEN,
                 node.at("/errors/0/0").asInt());
-        assertEquals("Json Web Signature (JWS) object verification failed.",
+        assertEquals("Access token is invalid",
                 node.at("/errors/0/1").asText());
 
         checkWWWAuthenticateHeader(response);
@@ -462,16 +462,13 @@
         String json = "{\"type\": \"PRIVATE\","
                 + "\"corpusQuery\": \"corpusSigle=GOE\"}";
 
-        String authToken = "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0VXNlci"
-                + "IsImlzcyI6Imh0dHBzOlwvXC9rb3JhcC5pZHMtbWFubmhlaW0uZG"
-                + "UiLCJleHAiOjE1MzA2MTgyOTR9.JUMvTQZ4tvdRXFBpQKzoNxrq7"
-                + "CuYAfytr_LWqY8woJs";
+        String authToken = "fia0123ikBWn931470H8s5gRqx7Moc4p";
 
         Response response = target().path(API_VERSION).path("vc")
-                .path("~"+testUser).path("new_vc")
+                .path("~marlin").path("new_vc")
                 .request()
                 .header(Attributes.AUTHORIZATION,
-                        AuthenticationScheme.API.displayName() + " "
+                        AuthenticationScheme.BEARER.displayName() + " "
                                 + authToken)
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .header(HttpHeaders.CONTENT_TYPE, ContentType.APPLICATION_JSON)
@@ -482,7 +479,7 @@
 
         JsonNode node = JsonUtils.readTree(entity);
         assertEquals(StatusCodes.EXPIRED, node.at("/errors/0/0").asInt());
-        assertEquals("Authentication token is expired",
+        assertEquals("Access token is expired",
                 node.at("/errors/0/1").asText());
 
         checkWWWAuthenticateHeader(response);
diff --git a/full/src/test/resources/test-config.xml b/full/src/test/resources/test-config.xml
index cffc34e..166c498 100644
--- a/full/src/test/resources/test-config.xml
+++ b/full/src/test/resources/test-config.xml
@@ -250,14 +250,6 @@
 	</bean>
 
 	<!-- authentication providers to use -->
-	<!-- <bean id="api_auth" class="de.ids_mannheim.korap.authentication.APIAuthentication"> 
-		<constructor-arg type="de.ids_mannheim.korap.config.KustvaktConfiguration" 
-		ref="kustvakt_config" /> </bean> -->
-	<bean id="ldap_auth" class="de.ids_mannheim.korap.authentication.LdapAuth3">
-		<constructor-arg type="de.ids_mannheim.korap.config.KustvaktConfiguration"
-			ref="kustvakt_config" />
-	</bean>
-
 	<!-- <bean id="openid_auth"
 		class="de.ids_mannheim.korap.authentication.OpenIDconnectAuthentication">
 		<constructor-arg type="de.ids_mannheim.korap.config.KustvaktConfiguration"
@@ -285,9 +277,7 @@
 	<util:list id="kustvakt_authproviders"
 		value-type="de.ids_mannheim.korap.interfaces.AuthenticationIface">
 		<ref bean="basic_auth" />
-		<ref bean="ldap_auth" />
 		<ref bean="session_auth" />
-		<!-- <ref bean="api_auth" /> -->
 		<!-- <ref bean="openid_auth" /> -->
 		<ref bean="oauth2_auth" />
 	</util:list>