Gitiles
Code Review Sign In
korap.ids-mannheim.de / KorAP / Kustvakt / 9be4e42e1b50de174b30aa180bd7fb166f71723a / . / src / main / java / de / ids_mannheim / korap / security / auth / OpenIDconnectAuthentication.java
blob: dad0ec111ae32d2c5601a6ae2f1c8aef9622c8ea [file] [log] [blame]
Michael Hanl87106d12015-09-14 18:13:51 +0200[diff] [blame]1package de.ids_mannheim.korap.security.auth;
2
3import com.nimbusds.jwt.SignedJWT;
4import de.ids_mannheim.korap.config.JWTSigner;
5import de.ids_mannheim.korap.config.KustvaktConfiguration;
6import de.ids_mannheim.korap.exceptions.KustvaktException;
7import de.ids_mannheim.korap.exceptions.StatusCodes;
8import de.ids_mannheim.korap.handlers.OAuthDb;
9import de.ids_mannheim.korap.interfaces.AuthenticationIface;
Michael Hanlf21773f2015-10-16 23:02:31 +0200[diff] [blame]10import de.ids_mannheim.korap.interfaces.db.PersistenceClient;
Michael Hanl00b64e02016-05-24 20:24:27 +0200[diff] [blame]11import de.ids_mannheim.korap.config.Attributes;
Michael Hanl87106d12015-09-14 18:13:51 +0200[diff] [blame]12import de.ids_mannheim.korap.user.TokenContext;
13import de.ids_mannheim.korap.user.User;
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]14import de.ids_mannheim.korap.utils.NamingUtils;
Michael Hanlcb2d3f92016-06-02 17:34:06 +0200[diff] [blame]15import de.ids_mannheim.korap.utils.StringUtils;
Michael Hanl87106d12015-09-14 18:13:51 +0200[diff] [blame]16import net.sf.ehcache.CacheManager;
17import net.sf.ehcache.Element;
18import org.springframework.cache.annotation.CacheEvict;
19import org.springframework.cache.annotation.Cacheable;
20
21import java.text.ParseException;
22import java.util.Map;
23
24/**
25 * @author hanl
26 * @date 12/11/2014
27 */
28public class OpenIDconnectAuthentication implements AuthenticationIface {
29
30 private OAuthDb database;
31 private KustvaktConfiguration config;
32
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]33
34 public OpenIDconnectAuthentication (KustvaktConfiguration config,
35 PersistenceClient client) {
Michael Hanl87106d12015-09-14 18:13:51 +0200[diff] [blame]36 this.database = new OAuthDb(client);
37 this.config = config;
38 }
39
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]40
Michael Hanl87106d12015-09-14 18:13:51 +0200[diff] [blame]41 @Override
Michael Hanlc0ed00f2016-06-23 14:33:10 +0200[diff] [blame]42 public TokenContext getTokenContext(String authToken)
Michael Hanl87106d12015-09-14 18:13:51 +0200[diff] [blame]43 throws KustvaktException {
Michael Hanl87106d12015-09-14 18:13:51 +0200[diff] [blame]44 return this.database.getContext(authToken);
45 }
46
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]47
Michael Hanl87106d12015-09-14 18:13:51 +0200[diff] [blame]48 @Override
Michael Hanlc0ed00f2016-06-23 14:33:10 +0200[diff] [blame]49 public TokenContext createTokenContext(User user, Map<String, Object> attr)
Michael Hanl87106d12015-09-14 18:13:51 +0200[diff] [blame]50 throws KustvaktException {
Michael Hanl5fac8ab2016-01-29 16:33:04 +0100[diff] [blame]51 String cl_secret = (String) attr.get(Attributes.CLIENT_SECRET);
Michael Hanle25dea22015-09-24 19:37:56 +0200[diff] [blame]52 if (cl_secret == null)
53 throw new KustvaktException(StatusCodes.REQUEST_INVALID);
Michael Hanl19390652016-01-16 11:01:24 +0100[diff] [blame]54 attr.remove(cl_secret);
Michael Hanle25dea22015-09-24 19:37:56 +0200[diff] [blame]55 JWTSigner signer = new JWTSigner(cl_secret.getBytes(),
Michael Hanl87106d12015-09-14 18:13:51 +0200[diff] [blame]56 config.getIssuer(), config.getTokenTTL());
Michael Hanle25dea22015-09-24 19:37:56 +0200[diff] [blame]57 TokenContext c = new TokenContext();
58 c.setUsername(user.getUsername());
Michael Hanl87106d12015-09-14 18:13:51 +0200[diff] [blame]59 SignedJWT jwt = signer.createJWT(user, attr);
60 try {
61 c.setExpirationTime(jwt.getJWTClaimsSet().getExpirationTimeClaim());
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]62 }
63 catch (ParseException e) {
Michael Hanl87106d12015-09-14 18:13:51 +0200[diff] [blame]64 throw new KustvaktException(StatusCodes.ILLEGAL_ARGUMENT);
65 }
66 c.setTokenType(Attributes.OPENID_AUTHENTICATION);
67 c.setToken(jwt.serialize());
68 CacheManager.getInstance().getCache("id_tokens")
69 .put(new Element(c.getToken(), c));
70 return c;
71 }
72
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]73
Michael Hanl87106d12015-09-14 18:13:51 +0200[diff] [blame]74 @Override
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]75 public void removeUserSession (String token) throws KustvaktException {
Michael Hanl87106d12015-09-14 18:13:51 +0200[diff] [blame]76 // emit token from cache only
77 }
78
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]79
Michael Hanl87106d12015-09-14 18:13:51 +0200[diff] [blame]80 @Override
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]81 public TokenContext refresh (TokenContext context) throws KustvaktException {
Michael Hanl87106d12015-09-14 18:13:51 +0200[diff] [blame]82 throw new UnsupportedOperationException("method not supported");
83 }
84
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]85
Michael Hanl87106d12015-09-14 18:13:51 +0200[diff] [blame]86 @Override
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]87 public String getIdentifier () {
Michael Hanl87106d12015-09-14 18:13:51 +0200[diff] [blame]88 return Attributes.OPENID_AUTHENTICATION;
89 }
90}