Gitiles
Code Review Sign In
korap.ids-mannheim.de / KorAP / Kustvakt / a452c5e849e3e08642018b19dddc41fa7c293f78 / . / full / src / main / java / de / ids_mannheim / korap / authentication / OpenIDconnectAuthentication.java
blob: 1cc615067400c6596596a556df220043baeffd84 [file] [log] [blame]
margaretha139d0f72017-11-14 18:56:22 +0100[diff] [blame]1package de.ids_mannheim.korap.authentication;
Michael Hanl87106d12015-09-14 18:13:51 +0200[diff] [blame]2
3import com.nimbusds.jwt.SignedJWT;
4import de.ids_mannheim.korap.config.JWTSigner;
5import de.ids_mannheim.korap.config.KustvaktConfiguration;
margaretha0e8f4e72018-04-05 14:11:52 +0200[diff] [blame]6import de.ids_mannheim.korap.constant.TokenType;
Michael Hanl87106d12015-09-14 18:13:51 +0200[diff] [blame]7import de.ids_mannheim.korap.exceptions.KustvaktException;
8import de.ids_mannheim.korap.exceptions.StatusCodes;
9import de.ids_mannheim.korap.handlers.OAuthDb;
10import de.ids_mannheim.korap.interfaces.AuthenticationIface;
Michael Hanlf21773f2015-10-16 23:02:31 +0200[diff] [blame]11import de.ids_mannheim.korap.interfaces.db.PersistenceClient;
margaretha0e8f4e72018-04-05 14:11:52 +0200[diff] [blame]12import de.ids_mannheim.korap.security.context.TokenContext;
Michael Hanl00b64e02016-05-24 20:24:27 +0200[diff] [blame]13import de.ids_mannheim.korap.config.Attributes;
Michael Hanl87106d12015-09-14 18:13:51 +0200[diff] [blame]14import de.ids_mannheim.korap.user.User;
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]15import de.ids_mannheim.korap.utils.NamingUtils;
Michael Hanlcb2d3f92016-06-02 17:34:06 +0200[diff] [blame]16import de.ids_mannheim.korap.utils.StringUtils;
Michael Hanl87106d12015-09-14 18:13:51 +0200[diff] [blame]17import net.sf.ehcache.CacheManager;
18import net.sf.ehcache.Element;
19import org.springframework.cache.annotation.CacheEvict;
20import org.springframework.cache.annotation.Cacheable;
21
22import java.text.ParseException;
23import java.util.Map;
24
25/**
26 * @author hanl
27 * @date 12/11/2014
28 */
29public class OpenIDconnectAuthentication implements AuthenticationIface {
30
31 private OAuthDb database;
32 private KustvaktConfiguration config;
33
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]34
35 public OpenIDconnectAuthentication (KustvaktConfiguration config,
36 PersistenceClient client) {
Michael Hanl87106d12015-09-14 18:13:51 +0200[diff] [blame]37 this.database = new OAuthDb(client);
38 this.config = config;
39 }
40
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]41
Michael Hanl87106d12015-09-14 18:13:51 +0200[diff] [blame]42 @Override
Michael Hanlc0ed00f2016-06-23 14:33:10 +0200[diff] [blame]43 public TokenContext getTokenContext(String authToken)
Michael Hanl87106d12015-09-14 18:13:51 +0200[diff] [blame]44 throws KustvaktException {
Michael Hanl87106d12015-09-14 18:13:51 +0200[diff] [blame]45 return this.database.getContext(authToken);
46 }
47
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]48
Michael Hanl87106d12015-09-14 18:13:51 +0200[diff] [blame]49 @Override
Michael Hanlc0ed00f2016-06-23 14:33:10 +0200[diff] [blame]50 public TokenContext createTokenContext(User user, Map<String, Object> attr)
Michael Hanl87106d12015-09-14 18:13:51 +0200[diff] [blame]51 throws KustvaktException {
Michael Hanl5fac8ab2016-01-29 16:33:04 +0100[diff] [blame]52 String cl_secret = (String) attr.get(Attributes.CLIENT_SECRET);
Michael Hanle25dea22015-09-24 19:37:56 +0200[diff] [blame]53 if (cl_secret == null)
54 throw new KustvaktException(StatusCodes.REQUEST_INVALID);
Michael Hanl19390652016-01-16 11:01:24 +0100[diff] [blame]55 attr.remove(cl_secret);
Michael Hanle25dea22015-09-24 19:37:56 +0200[diff] [blame]56 JWTSigner signer = new JWTSigner(cl_secret.getBytes(),
Michael Hanl87106d12015-09-14 18:13:51 +0200[diff] [blame]57 config.getIssuer(), config.getTokenTTL());
Michael Hanle25dea22015-09-24 19:37:56 +0200[diff] [blame]58 TokenContext c = new TokenContext();
59 c.setUsername(user.getUsername());
Michael Hanl87106d12015-09-14 18:13:51 +0200[diff] [blame]60 SignedJWT jwt = signer.createJWT(user, attr);
61 try {
62 c.setExpirationTime(jwt.getJWTClaimsSet().getExpirationTimeClaim());
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]63 }
64 catch (ParseException e) {
Michael Hanl87106d12015-09-14 18:13:51 +0200[diff] [blame]65 throw new KustvaktException(StatusCodes.ILLEGAL_ARGUMENT);
66 }
margaretha2afb97d2017-12-07 19:18:44 +0100[diff] [blame]67 c.setTokenType(getTokenType());
Michael Hanl87106d12015-09-14 18:13:51 +0200[diff] [blame]68 c.setToken(jwt.serialize());
69 CacheManager.getInstance().getCache("id_tokens")
70 .put(new Element(c.getToken(), c));
71 return c;
72 }
73
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]74
Michael Hanl87106d12015-09-14 18:13:51 +0200[diff] [blame]75 @Override
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]76 public void removeUserSession (String token) throws KustvaktException {
Michael Hanl87106d12015-09-14 18:13:51 +0200[diff] [blame]77 // emit token from cache only
78 }
79
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]80
Michael Hanl87106d12015-09-14 18:13:51 +0200[diff] [blame]81 @Override
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]82 public TokenContext refresh (TokenContext context) throws KustvaktException {
Michael Hanl87106d12015-09-14 18:13:51 +0200[diff] [blame]83 throw new UnsupportedOperationException("method not supported");
84 }
85
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]86
Michael Hanl87106d12015-09-14 18:13:51 +0200[diff] [blame]87 @Override
margaretha2afb97d2017-12-07 19:18:44 +0100[diff] [blame]88 public TokenType getTokenType() {
89 return TokenType.ID_TOKEN;
Michael Hanl87106d12015-09-14 18:13:51 +0200[diff] [blame]90 }
91}