Disabled LDAP auth provider and token API in the auth filter (#587)
Change-Id: I4fc8356e1883cd8fd24d7f5d8928162177ad482e
diff --git a/core/src/main/java/de/ids_mannheim/korap/web/filter/AuthenticationFilter.java b/core/src/main/java/de/ids_mannheim/korap/web/filter/AuthenticationFilter.java
index 4b5e471..bb5d6c1 100644
--- a/core/src/main/java/de/ids_mannheim/korap/web/filter/AuthenticationFilter.java
+++ b/core/src/main/java/de/ids_mannheim/korap/web/filter/AuthenticationFilter.java
@@ -1,14 +1,16 @@
package de.ids_mannheim.korap.web.filter;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Component;
-import org.glassfish.jersey.server.ContainerRequest;
-
import javax.annotation.Priority;
import javax.ws.rs.Priorities;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+import org.glassfish.jersey.server.ContainerRequest;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
import de.ids_mannheim.korap.authentication.AuthenticationManager;
import de.ids_mannheim.korap.authentication.http.AuthorizationData;
import de.ids_mannheim.korap.authentication.http.HttpAuthorizationHandler;
@@ -34,6 +36,8 @@
public class AuthenticationFilter
implements ContainerRequestFilter {
+ private static Logger jlog = LogManager.getLogger(AuthenticationFilter.class);
+
@Autowired
private HttpAuthorizationHandler authorizationHandler;
@@ -81,9 +85,10 @@
break;
// EM: JWT token-based authentication scheme
case API:
- context = authenticationManager.getTokenContext(
- TokenType.API, authData.getToken(), host, ua);
- break;
+ jlog.warn("Authentication filter using token API");
+ throw new KustvaktException(
+ StatusCodes.AUTHENTICATION_FAILED,
+ "Authentication API is no longer supported.");
default:
throw new KustvaktException(
StatusCodes.AUTHENTICATION_FAILED,
diff --git a/full/Changes b/full/Changes
index a6b0378..6999ef4 100644
--- a/full/Changes
+++ b/full/Changes
@@ -6,6 +6,7 @@
- Implemented configurable resource filters for search and match
info APIs (#539)
- Added getting username from LDAP (#568)
+- Disabled LDAP auth provider and token API in the auth filter (#587)
# version 0.69.3
diff --git a/full/src/main/java/de/ids_mannheim/korap/authentication/LdapAuth3.java b/full/src/main/java/de/ids_mannheim/korap/authentication/LdapAuth3.java
index 8d3633f..a597f62 100644
--- a/full/src/main/java/de/ids_mannheim/korap/authentication/LdapAuth3.java
+++ b/full/src/main/java/de/ids_mannheim/korap/authentication/LdapAuth3.java
@@ -4,30 +4,41 @@
package de.ids_mannheim.korap.authentication;
-import com.nimbusds.jose.JOSEException;
-import com.unboundid.ldap.sdk.*;
+import java.net.UnknownHostException;
+import java.security.GeneralSecurityException;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+
+import javax.net.ssl.SSLSocketFactory;
+
+import org.apache.commons.text.StringSubstitutor;
+
+import com.unboundid.ldap.sdk.BindResult;
+import com.unboundid.ldap.sdk.Filter;
+import com.unboundid.ldap.sdk.LDAPConnection;
+import com.unboundid.ldap.sdk.LDAPException;
+import com.unboundid.ldap.sdk.LDAPSearchException;
+import com.unboundid.ldap.sdk.ResultCode;
+import com.unboundid.ldap.sdk.SearchResult;
+import com.unboundid.ldap.sdk.SearchResultEntry;
+import com.unboundid.ldap.sdk.SearchScope;
import com.unboundid.util.NotNull;
import com.unboundid.util.ssl.SSLUtil;
import com.unboundid.util.ssl.TrustAllTrustManager;
import com.unboundid.util.ssl.TrustStoreTrustManager;
-import de.ids_mannheim.korap.config.FullConfiguration;
-import de.ids_mannheim.korap.constant.TokenType;
-import de.ids_mannheim.korap.server.EmbeddedLdapServer;
-import org.apache.commons.text.StringSubstitutor;
-import javax.net.ssl.SSLSocketFactory;
-import java.net.UnknownHostException;
-import java.security.GeneralSecurityException;
-import java.util.*;
+import de.ids_mannheim.korap.server.EmbeddedLdapServer;
/**
* LDAP Login
*
* @author bodmer, margaretha, kupietz
- * @see APIAuthentication
*/
-public class LdapAuth3 extends APIAuthentication {
+public class LdapAuth3 {
public static final int LDAP_AUTH_ROK = 0;
public static final int LDAP_AUTH_RCONNECT = 1; // cannot connect to LDAP Server
@@ -39,9 +50,6 @@
public static final int LDAP_AUTH_RNAUTH = 7; // User Account or Pwd unknown, or not authorized
final static Boolean DEBUGLOG = false; // log debug output.
- public LdapAuth3(FullConfiguration config) throws JOSEException {
- super(config);
- }
public static String getErrMessage(int code) {
switch (code) {
@@ -293,11 +301,6 @@
SSLUtil.setEnabledSSLCipherSuites(ciphers);
}
- @Override
- public TokenType getTokenType() {
- return TokenType.API;
- }
-
public static class LdapAuth3Result {
final int errorCode;
final Object value;
diff --git a/full/src/main/resources/default-config.xml b/full/src/main/resources/default-config.xml
index 53c0536..b8ce628 100644
--- a/full/src/main/resources/default-config.xml
+++ b/full/src/main/resources/default-config.xml
@@ -268,14 +268,6 @@
</bean>
<!-- authentication providers to use -->
- <!-- <bean id="api_auth" class="de.ids_mannheim.korap.authentication.APIAuthentication">
- <constructor-arg type="de.ids_mannheim.korap.config.KustvaktConfiguration"
- ref="kustvakt_config" /> </bean> -->
-
- <bean id="ldap_auth" class="de.ids_mannheim.korap.authentication.LdapAuth3">
- <constructor-arg type="de.ids_mannheim.korap.config.KustvaktConfiguration"
- ref="kustvakt_config" />
- </bean>
<!-- <bean id="openid_auth"
class="de.ids_mannheim.korap.authentication.OpenIDconnectAuthentication">
@@ -285,22 +277,20 @@
type="de.ids_mannheim.korap.interfaces.db.PersistenceClient" ref="kustvakt_db" />
</bean> -->
- <bean id="session_auth"
+ <!-- <bean id="session_auth"
class="de.ids_mannheim.korap.authentication.SessionAuthentication">
<constructor-arg type="de.ids_mannheim.korap.config.KustvaktConfiguration"
ref="kustvakt_config" />
<constructor-arg type="de.ids_mannheim.korap.interfaces.EncryptionIface"
ref="kustvakt_encryption" />
- </bean>
+ </bean> -->
<bean id="oauth2_auth"
class="de.ids_mannheim.korap.authentication.OAuth2Authentication" />
<util:list id="kustvakt_authproviders"
value-type="de.ids_mannheim.korap.interfaces.AuthenticationIface">
- <ref bean="ldap_auth" />
- <ref bean="session_auth" />
- <!-- <ref bean="api_auth" /> -->
+ <!-- <ref bean="session_auth" /> -->
<!-- <ref bean="openid_auth" /> -->
<ref bean="oauth2_auth" />
</util:list>
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/VirtualCorpusControllerTest.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/VirtualCorpusControllerTest.java
index bc84dae..d470a6d 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/controller/VirtualCorpusControllerTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/VirtualCorpusControllerTest.java
@@ -438,7 +438,7 @@
.path("~"+testUser).path("new_vc")
.request()
.header(Attributes.AUTHORIZATION,
- AuthenticationScheme.API.displayName() + " "
+ AuthenticationScheme.BEARER.displayName() + " "
+ authToken)
.header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
.header(HttpHeaders.CONTENT_TYPE, ContentType.APPLICATION_JSON)
@@ -450,7 +450,7 @@
JsonNode node = JsonUtils.readTree(entity);
assertEquals(StatusCodes.INVALID_ACCESS_TOKEN,
node.at("/errors/0/0").asInt());
- assertEquals("Json Web Signature (JWS) object verification failed.",
+ assertEquals("Access token is invalid",
node.at("/errors/0/1").asText());
checkWWWAuthenticateHeader(response);
@@ -462,16 +462,13 @@
String json = "{\"type\": \"PRIVATE\","
+ "\"corpusQuery\": \"corpusSigle=GOE\"}";
- String authToken = "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0VXNlci"
- + "IsImlzcyI6Imh0dHBzOlwvXC9rb3JhcC5pZHMtbWFubmhlaW0uZG"
- + "UiLCJleHAiOjE1MzA2MTgyOTR9.JUMvTQZ4tvdRXFBpQKzoNxrq7"
- + "CuYAfytr_LWqY8woJs";
+ String authToken = "fia0123ikBWn931470H8s5gRqx7Moc4p";
Response response = target().path(API_VERSION).path("vc")
- .path("~"+testUser).path("new_vc")
+ .path("~marlin").path("new_vc")
.request()
.header(Attributes.AUTHORIZATION,
- AuthenticationScheme.API.displayName() + " "
+ AuthenticationScheme.BEARER.displayName() + " "
+ authToken)
.header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
.header(HttpHeaders.CONTENT_TYPE, ContentType.APPLICATION_JSON)
@@ -482,7 +479,7 @@
JsonNode node = JsonUtils.readTree(entity);
assertEquals(StatusCodes.EXPIRED, node.at("/errors/0/0").asInt());
- assertEquals("Authentication token is expired",
+ assertEquals("Access token is expired",
node.at("/errors/0/1").asText());
checkWWWAuthenticateHeader(response);
diff --git a/full/src/test/resources/test-config.xml b/full/src/test/resources/test-config.xml
index cffc34e..166c498 100644
--- a/full/src/test/resources/test-config.xml
+++ b/full/src/test/resources/test-config.xml
@@ -250,14 +250,6 @@
</bean>
<!-- authentication providers to use -->
- <!-- <bean id="api_auth" class="de.ids_mannheim.korap.authentication.APIAuthentication">
- <constructor-arg type="de.ids_mannheim.korap.config.KustvaktConfiguration"
- ref="kustvakt_config" /> </bean> -->
- <bean id="ldap_auth" class="de.ids_mannheim.korap.authentication.LdapAuth3">
- <constructor-arg type="de.ids_mannheim.korap.config.KustvaktConfiguration"
- ref="kustvakt_config" />
- </bean>
-
<!-- <bean id="openid_auth"
class="de.ids_mannheim.korap.authentication.OpenIDconnectAuthentication">
<constructor-arg type="de.ids_mannheim.korap.config.KustvaktConfiguration"
@@ -285,9 +277,7 @@
<util:list id="kustvakt_authproviders"
value-type="de.ids_mannheim.korap.interfaces.AuthenticationIface">
<ref bean="basic_auth" />
- <ref bean="ldap_auth" />
<ref bean="session_auth" />
- <!-- <ref bean="api_auth" /> -->
<!-- <ref bean="openid_auth" /> -->
<ref bean="oauth2_auth" />
</util:list>