Gitiles
Code Review Sign In
korap.ids-mannheim.de / KorAP / Kustvakt / b156f88840bec902ab21b2c11ec6176555ed0427 / . / full / src / main / java / de / ids_mannheim / korap / web / controller / AuthenticationController.java
blob: 9eac9d40810d3a35fd6968cdd14326d5489e480d [file] [log] [blame]
margarethad3c0fc92017-10-25 15:03:32 +0200[diff] [blame]1package de.ids_mannheim.korap.web.controller;
Michael Hanlfb839b92015-09-19 21:32:34 +0200[diff] [blame]2
margaretha894a7d72017-11-08 19:24:20 +0100[diff] [blame]3import java.util.HashMap;
margaretha894a7d72017-11-08 19:24:20 +0100[diff] [blame]4import java.util.List;
5import java.util.Locale;
6import java.util.Map;
7
8import javax.ws.rs.Consumes;
9import javax.ws.rs.GET;
10import javax.ws.rs.HeaderParam;
11import javax.ws.rs.POST;
12import javax.ws.rs.Path;
13import javax.ws.rs.Produces;
14import javax.ws.rs.QueryParam;
15import javax.ws.rs.core.Context;
16import javax.ws.rs.core.HttpHeaders;
17import javax.ws.rs.core.MediaType;
margaretha894a7d72017-11-08 19:24:20 +0100[diff] [blame]18import javax.ws.rs.core.Response;
19import javax.ws.rs.core.SecurityContext;
20
margaretha49cb6882018-07-04 04:19:54 +0200[diff] [blame]21import org.apache.logging.log4j.LogManager;
22import org.apache.logging.log4j.Logger;
margarethabc3d3f72023-02-15 15:34:12 +0100[diff] [blame]23import org.glassfish.jersey.server.ContainerRequest;
margaretha894a7d72017-11-08 19:24:20 +0100[diff] [blame]24import org.springframework.beans.factory.annotation.Autowired;
25import org.springframework.stereotype.Controller;
26
margaretha34954472018-10-24 20:05:17 +0200[diff] [blame]27import de.ids_mannheim.korap.authentication.AuthenticationManager;
margaretha56e8e552017-12-05 16:31:21 +0100[diff] [blame]28import de.ids_mannheim.korap.authentication.http.AuthorizationData;
29import de.ids_mannheim.korap.authentication.http.HttpAuthorizationHandler;
Michael Hanl00b64e02016-05-24 20:24:27 +0200[diff] [blame]30import de.ids_mannheim.korap.config.Attributes;
Michael Hanldaf86602016-05-12 14:31:52 +0200[diff] [blame]31import de.ids_mannheim.korap.config.BeansFactory;
margaretha0e8f4e72018-04-05 14:11:52 +0200[diff] [blame]32import de.ids_mannheim.korap.constant.AuthenticationMethod;
33import de.ids_mannheim.korap.constant.AuthenticationScheme;
34import de.ids_mannheim.korap.constant.TokenType;
Michael Hanlfb839b92015-09-19 21:32:34 +0200[diff] [blame]35import de.ids_mannheim.korap.exceptions.KustvaktException;
36import de.ids_mannheim.korap.exceptions.StatusCodes;
margaretha0e8f4e72018-04-05 14:11:52 +0200[diff] [blame]37import de.ids_mannheim.korap.security.context.TokenContext;
margaretha894a7d72017-11-08 19:24:20 +0100[diff] [blame]38import de.ids_mannheim.korap.user.User;
Michael Hanlfb839b92015-09-19 21:32:34 +0200[diff] [blame]39import de.ids_mannheim.korap.utils.JsonUtils;
Michael Hanldaf86602016-05-12 14:31:52 +0200[diff] [blame]40import de.ids_mannheim.korap.utils.ServiceInfo;
margarethada3c7852018-06-14 20:35:11 +0200[diff] [blame]41import de.ids_mannheim.korap.web.KustvaktResponseHandler;
margaretha398f4722019-01-09 19:07:20 +0100[diff] [blame]42import de.ids_mannheim.korap.web.filter.APIVersionFilter;
margarethafde771a2017-11-14 15:02:10 +0100[diff] [blame]43import de.ids_mannheim.korap.web.filter.AuthenticationFilter;
margaretha894a7d72017-11-08 19:24:20 +0100[diff] [blame]44import de.ids_mannheim.korap.web.filter.BlockingFilter;
45import de.ids_mannheim.korap.web.filter.DemoUserFilter;
46import de.ids_mannheim.korap.web.filter.PiwikFilter;
margarethabc3d3f72023-02-15 15:34:12 +0100[diff] [blame]47import de.ids_mannheim.korap.web.utils.ResourceFilters;
Bodmo3d6bd352017-04-25 11:31:39 +0200[diff] [blame]48
margaretha139d0f72017-11-14 18:56:22 +0100[diff] [blame]49// import com.sun.xml.internal.messaging.saaj.util.Base64;
Michael Hanlfb839b92015-09-19 21:32:34 +0200[diff] [blame]50
51/**
52 * @author hanl
53 * @date 24/01/2014
margarethaee0cbfe2018-08-28 17:47:14 +0200[diff] [blame]54 *
55 * @author margaretha
margaretha47a72a82019-07-03 16:00:54 +0200[diff] [blame]56 * @last-update 01/07/2019
margarethaee0cbfe2018-08-28 17:47:14 +0200[diff] [blame]57 *
58 * - added user authentication time in token context
59 * - added api version filter
margaretha47a72a82019-07-03 16:00:54 +0200[diff] [blame]60 * - changed the response media-type
Michael Hanlfb839b92015-09-19 21:32:34 +0200[diff] [blame]61 */
margaretha894a7d72017-11-08 19:24:20 +0100[diff] [blame]62@Controller
margarethaee0cbfe2018-08-28 17:47:14 +0200[diff] [blame]63@Path("/{version}/auth")
64@ResourceFilters({APIVersionFilter.class, PiwikFilter.class })
margaretha47a72a82019-07-03 16:00:54 +0200[diff] [blame]65@Produces(MediaType.APPLICATION_JSON + ";charset=utf-8")
margarethad3c0fc92017-10-25 15:03:32 +0200[diff] [blame]66public class AuthenticationController {
Michael Hanlfb839b92015-09-19 21:32:34 +0200[diff] [blame]67
margaretha894a7d72017-11-08 19:24:20 +0100[diff] [blame]68 @Autowired
margarethada3c7852018-06-14 20:35:11 +0200[diff] [blame]69 private KustvaktResponseHandler kustvaktResponseHandler;
margaretha4b5c1412017-11-15 20:55:04 +0100[diff] [blame]70
71 @Autowired
72 private HttpAuthorizationHandler authorizationHandler;
margaretha139d0f72017-11-14 18:56:22 +0100[diff] [blame]73
margarethabc3d3f72023-02-15 15:34:12 +0100[diff] [blame]74 private static Boolean DEBUG_LOG = true;
margarethaf18298b2017-09-14 22:14:32 +0200[diff] [blame]75
Michael Hanlfb839b92015-09-19 21:32:34 +0200[diff] [blame]76 //todo: bootstrap function to transmit certain default configuration settings and examples (example user queries,
77 // default usersettings, etc.)
margaretha139d0f72017-11-14 18:56:22 +0100[diff] [blame]78 private static Logger jlog =
margaretha49cb6882018-07-04 04:19:54 +0200[diff] [blame]79 LogManager.getLogger(AuthenticationController.class);
Michael Hanlfb839b92015-09-19 21:32:34 +0200[diff] [blame]80
margaretha894a7d72017-11-08 19:24:20 +0100[diff] [blame]81 @Autowired
margaretha34954472018-10-24 20:05:17 +0200[diff] [blame]82 private AuthenticationManager controller;
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]83
Michael Hanlfb839b92015-09-19 21:32:34 +0200[diff] [blame]84 // private SendMail mail;
85
Michael Hanlfb839b92015-09-19 21:32:34 +0200[diff] [blame]86 /**
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]87 * represents json string with data. All GUI clients can access
88 * this method to get certain default values
Michael Hanlfb839b92015-09-19 21:32:34 +0200[diff] [blame]89 * --> security checks?
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]90 *
Michael Hanlfb839b92015-09-19 21:32:34 +0200[diff] [blame]91 * @return String
92 */
Michael Hanl25aac542016-02-01 18:16:44 +0100[diff] [blame]93 @Deprecated
Michael Hanlfb839b92015-09-19 21:32:34 +0200[diff] [blame]94 @GET
95 @Path("bootstrap")
96 @Produces(MediaType.APPLICATION_JSON)
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]97 public Response bootstrap () {
Michael Hanlfb839b92015-09-19 21:32:34 +0200[diff] [blame]98 Map m = new HashMap();
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]99 // m.put("settings", new UserSettings().toObjectMap());
Michael Hanldaf86602016-05-12 14:31:52 +0200[diff] [blame]100 m.put("ql", BeansFactory.getKustvaktContext().getConfiguration()
Michael Hanlfb839b92015-09-19 21:32:34 +0200[diff] [blame]101 .getQueryLanguages());
102 m.put("SortTypes", null); // types of sorting that are supported!
Michael Hanldaf86602016-05-12 14:31:52 +0200[diff] [blame]103 m.put("version", ServiceInfo.getInfo().getVersion());
margarethad4796662017-11-09 16:11:40 +0100[diff] [blame]104 try {
105 return Response.ok(JsonUtils.toJSON(m)).build();
106 }
107 catch (KustvaktException e) {
margarethada3c7852018-06-14 20:35:11 +0200[diff] [blame]108 throw kustvaktResponseHandler.throwit(e);
margarethad4796662017-11-09 16:11:40 +0100[diff] [blame]109 }
Michael Hanlfb839b92015-09-19 21:32:34 +0200[diff] [blame]110 }
111
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]112
Michael Hanl19390652016-01-16 11:01:24 +0100[diff] [blame]113 // fixme: moved to user
Michael Hanlfb839b92015-09-19 21:32:34 +0200[diff] [blame]114 @GET
115 @Path("status")
margarethafde771a2017-11-14 15:02:10 +0100[diff] [blame]116 @ResourceFilters({ AuthenticationFilter.class, DemoUserFilter.class,
margarethaf18298b2017-09-14 22:14:32 +0200[diff] [blame]117 BlockingFilter.class })
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]118 public Response getStatus (@Context SecurityContext context,
Michael Hanlfb839b92015-09-19 21:32:34 +0200[diff] [blame]119 @HeaderParam(ContainerRequest.USER_AGENT) String agent,
120 @HeaderParam(ContainerRequest.HOST) String host,
121 @Context Locale locale) {
122 TokenContext ctx = (TokenContext) context.getUserPrincipal();
margarethad4796662017-11-09 16:11:40 +0100[diff] [blame]123 try {
124 return Response.ok(ctx.toJson()).build();
125 }
126 catch (KustvaktException e) {
margarethada3c7852018-06-14 20:35:11 +0200[diff] [blame]127 throw kustvaktResponseHandler.throwit(e);
margarethad4796662017-11-09 16:11:40 +0100[diff] [blame]128 }
Michael Hanlfb839b92015-09-19 21:32:34 +0200[diff] [blame]129 }
margaretha2afb97d2017-12-07 19:18:44 +0100[diff] [blame]130
131 // EM: testing using spring security authentication manager
margarethaa2ce63d2018-06-28 10:11:43 +0200[diff] [blame]132// @Deprecated
133// @GET
134// @Path("ldap/token")
135// public Response requestToken (@Context HttpHeaders headers,
136// @Context Locale locale,
137// @HeaderParam(ContainerRequest.USER_AGENT) String agent,
138// @HeaderParam(ContainerRequest.HOST) String host,
139// @HeaderParam("referer-url") String referer,
140// @QueryParam("scope") String scopes,
141// // @Context WebServiceContext wsContext, // FB
142// @Context SecurityContext securityContext) {
143//
144// Map<String, Object> attr = new HashMap<>();
145// if (scopes != null && !scopes.isEmpty())
146// attr.put(Attributes.SCOPES, scopes);
147// attr.put(Attributes.HOST, host);
148// attr.put(Attributes.USER_AGENT, agent);
149//
150// User user = new KorAPUser();
151// user.setUsername(securityContext.getUserPrincipal().getName());
152// controller.setAccessAndLocation(user, headers);
153// if (DEBUG_LOG == true) System.out.printf(
154// "Debug: /token/: location=%s, access='%s'.\n",
155// user.locationtoString(), user.accesstoString());
156// attr.put(Attributes.LOCATION, user.getLocation());
157// attr.put(Attributes.CORPUS_ACCESS, user.getCorpusAccess());
158//
159// try {
160// TokenContext context = controller.createTokenContext(user, attr,
161// TokenType.API);
162// return Response.ok(context.toJson()).build();
163// }
164// catch (KustvaktException e) {
165// throw kustvaktResponseHandler.throwit(e);
166// }
167// }
Michael Hanlfb839b92015-09-19 21:32:34 +0200[diff] [blame]168
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]169
margarethabc3d3f72023-02-15 15:34:12 +0100[diff] [blame]170 @Deprecated
Michael Hanlfb839b92015-09-19 21:32:34 +0200[diff] [blame]171 @GET
172 @Path("apiToken")
Michael Hanl9be4e422016-07-21 14:13:27 +0200[diff] [blame]173 //@ResourceFilters({HeaderFilter.class})
margarethaf18298b2017-09-14 22:14:32 +0200[diff] [blame]174 public Response requestAPIToken (@Context HttpHeaders headers,
Michael Hanlfb839b92015-09-19 21:32:34 +0200[diff] [blame]175 @Context Locale locale,
176 @HeaderParam(ContainerRequest.USER_AGENT) String agent,
177 @HeaderParam(ContainerRequest.HOST) String host,
178 @HeaderParam("referer-url") String referer,
Bodmo3d6bd352017-04-25 11:31:39 +0200[diff] [blame]179 @QueryParam("scope") String scopes,
margarethaf18298b2017-09-14 22:14:32 +0200[diff] [blame]180 // @Context WebServiceContext wsContext, // FB
Bodmo3d6bd352017-04-25 11:31:39 +0200[diff] [blame]181 @Context SecurityContext secCtx) {
margaretha4b5c1412017-11-15 20:55:04 +0100[diff] [blame]182
margarethaf18298b2017-09-14 22:14:32 +0200[diff] [blame]183 if (DEBUG_LOG == true) {
margarethabc3d3f72023-02-15 15:34:12 +0100[diff] [blame]184 String warning = "Access to API token (JWT) web service";
margarethaa2ce63d2018-06-28 10:11:43 +0200[diff] [blame]185
margarethabc3d3f72023-02-15 15:34:12 +0100[diff] [blame]186 List<String> auth =
187 headers.getRequestHeader(ContainerRequest.AUTHORIZATION);
188 if (auth != null && !auth.isEmpty()) {
189 try {
190 AuthorizationData authorizationData = authorizationHandler
191 .parseAuthorizationHeaderValue(auth.get(0));
192 if (authorizationData.getAuthenticationScheme()
193 .equals(AuthenticationScheme.BASIC)) {
194 authorizationData = authorizationHandler
195 .parseBasicToken(authorizationData);
196 jlog.warn(warning + " with username:"+authorizationData.getUsername());
197 }
198 }
199 catch (KustvaktException e) {}
200 }
201 else {
202 jlog.warn(warning);
203 }
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]204 }
margarethabc3d3f72023-02-15 15:34:12 +0100[diff] [blame]205 throw kustvaktResponseHandler.throwit(new KustvaktException(
206 StatusCodes.DEPRECATED,
207 "API token is no longer supported. Please use OAuth2 procedure instead."));
Michael Hanlfb839b92015-09-19 21:32:34 +0200[diff] [blame]208 }
209
margarethabc3d3f72023-02-15 15:34:12 +0100[diff] [blame]210// List<String> auth =
211// headers.getRequestHeader(ContainerRequest.AUTHORIZATION);
212// if (auth == null || auth.isEmpty()) {
213// throw kustvaktResponseHandler
214// .throwit(new KustvaktException(StatusCodes.MISSING_PARAMETER,
215// "Authorization header is missing.",
216// "Authorization header"));
217// }
218//
219// AuthorizationData authorizationData;
220// try {
221// authorizationData = authorizationHandler.
222// parseAuthorizationHeaderValue(auth.get(0));
223// if (authorizationData.getAuthenticationScheme().equals(AuthenticationScheme.BASIC)){
224// authorizationData = authorizationHandler.parseBasicToken(authorizationData);
225// }
226// else {
227// // EM: throw exception that auth scheme is not supported?
228// }
229//
230// }
231// catch (KustvaktException e) {
232// throw kustvaktResponseHandler.throwit(e);
233// }
234//
235// if (DEBUG_LOG == true) {
236// System.out.printf("Debug: AuthService.requestAPIToken...:\n");
237// System.out.printf("Debug: auth.size=%d\n", auth.size());
238// System.out.printf("auth.get(0)='%s'\n", auth.get(0));
239// /* hide password etc. - FB
240// if( auth.size() > 0 )
241// {
242// Iterator it = auth.iterator();
243// while( it.hasNext() )
244// System.out.printf(" header '%s'\n", it.next());
245// }
246// if( values.length > 0 )
247// {
248// for(int i=0; i< values.length; i++)
249// {
250// System.out.printf(" values[%d]='%s'\n", i, values[i]);
251// }
252// }
253// */
254// MultivaluedMap<String, String> headerMap =
255// headers.getRequestHeaders();
256// if (headerMap != null && headerMap.size() > 0) {
257// Iterator<String> it = headerMap.keySet().iterator();
258// while (it.hasNext()) {
259// String key = (String) it.next();
260// List<String> vals = headerMap.get(key);
261//// System.out.printf("Debug: requestAPIToken: '%s' = '%s'\n",
262//// key, vals);
263// }
264//
265// }
266//// System.out.printf("Debug: requestAPIToken: isSecure = %s.\n",
267//// secCtx.isSecure() ? "yes" : "no");
268// } // DEBUG_LOG
269//
270// if (authorizationData.getUsername() == null ||
271// authorizationData.getUsername().isEmpty() ||
272// authorizationData.getPassword()== null ||
273// authorizationData.getPassword().isEmpty())
274// // is actual an invalid request
275// throw kustvaktResponseHandler.throwit(StatusCodes.REQUEST_INVALID);
276//
277// Map<String, Object> attr = new HashMap<>();
278// if (scopes != null && !scopes.isEmpty())
279// attr.put(Attributes.SCOPE, scopes);
280// attr.put(Attributes.HOST, host);
281// attr.put(Attributes.USER_AGENT, agent);
282//
283// TokenContext context;
284// try {
285// // User user = controller.authenticate(0, values[0], values[1], attr); Implementation by Hanl
286// User user = controller.authenticate(AuthenticationMethod.LDAP,
287// authorizationData.getUsername(), authorizationData.getPassword(), attr); // Implementation with IdM/LDAP
288// // Userdata data = this.controller.getUserData(user, UserDetails.class); // Implem. by Hanl
289// // todo: is this necessary?
290// // attr.putAll(data.fields());
291//
292// // EM: add authentication time
293// Date authenticationTime = TimeUtils.getNow().toDate();
294// attr.put(Attributes.AUTHENTICATION_TIME, authenticationTime);
295// // -- EM
296//
297// controller.setAccessAndLocation(user, headers);
298// if (DEBUG_LOG == true) System.out.printf(
299// "Debug: /apiToken/: location=%s, access='%s'.\n",
300// user.locationtoString(), user.accesstoString());
301// attr.put(Attributes.LOCATION, user.getLocation());
302// attr.put(Attributes.CORPUS_ACCESS, user.getCorpusAccess());
303// context = controller.createTokenContext(user, attr,
304// TokenType.API);
305//// context = controller.createTokenContext(user, attr,
306//// Attributes.API_AUTHENTICATION);
307// }
308// catch (KustvaktException e) {
309// throw kustvaktResponseHandler.throwit(e);
310// }
311//
312// try {
313// return Response.ok(context.toJson()).build();
314// }
315// catch (KustvaktException e) {
316// throw kustvaktResponseHandler.throwit(e);
317// }
318// }
319
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]320
Michael Hanlfb839b92015-09-19 21:32:34 +0200[diff] [blame]321 // todo:
322 @Deprecated
323 @GET
324 @Path("refresh")
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]325 public Response refresh (@Context SecurityContext context,
Michael Hanlfb839b92015-09-19 21:32:34 +0200[diff] [blame]326 @Context Locale locale) {
327 TokenContext ctx = (TokenContext) context.getUserPrincipal();
328 TokenContext newContext;
329
330 // try {
331 // newContext = controller.refresh(ctx);
332 // }catch (KorAPException e) {
333 // KorAPLogger.ERROR_LOGGER.error("Exception encountered!", e);
Michael Hanl482f30d2015-09-25 12:39:46 +0200[diff] [blame]334 // throw KustvaktResponseHandler.throwit(e);
Michael Hanlfb839b92015-09-19 21:32:34 +0200[diff] [blame]335 // }
336 // return Response.ok().entity(newContext.getToken()).build();
337 return null;
338 }
339
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]340
Michael Hanlfb839b92015-09-19 21:32:34 +0200[diff] [blame]341 @GET
342 @Path("sessionToken")
Michael Hanl9be4e422016-07-21 14:13:27 +0200[diff] [blame]343 //@ResourceFilters({HeaderFilter.class})
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]344 public Response requestSession (@Context HttpHeaders headers,
Michael Hanlfb839b92015-09-19 21:32:34 +0200[diff] [blame]345 @Context Locale locale,
346 @HeaderParam(ContainerRequest.USER_AGENT) String agent,
347 @HeaderParam(ContainerRequest.HOST) String host) {
margarethaf18298b2017-09-14 22:14:32 +0200[diff] [blame]348 List<String> auth =
349 headers.getRequestHeader(ContainerRequest.AUTHORIZATION);
Michael Hanlfb839b92015-09-19 21:32:34 +0200[diff] [blame]350
margarethacd206792017-11-17 14:48:09 +0100[diff] [blame]351 AuthorizationData authorizationData;
margaretha4b5c1412017-11-15 20:55:04 +0100[diff] [blame]352 try {
margarethacd206792017-11-17 14:48:09 +0100[diff] [blame]353 authorizationData = authorizationHandler.
margaretha2afb97d2017-12-07 19:18:44 +0100[diff] [blame]354 parseAuthorizationHeaderValue(auth.get(0));
355 authorizationData = authorizationHandler.parseBasicToken(authorizationData);
margaretha4b5c1412017-11-15 20:55:04 +0100[diff] [blame]356
357 }
358 catch (KustvaktException e) {
margarethada3c7852018-06-14 20:35:11 +0200[diff] [blame]359 throw kustvaktResponseHandler.throwit(e);
margaretha4b5c1412017-11-15 20:55:04 +0100[diff] [blame]360 }
Michael Hanlfb839b92015-09-19 21:32:34 +0200[diff] [blame]361
Bodmo3d6bd352017-04-25 11:31:39 +0200[diff] [blame]362 // Implementation Hanl mit '|'. 16.02.17/FB
363 //if (values[0].equalsIgnoreCase("null")
364 // | values[1].equalsIgnoreCase("null"))
margarethacd206792017-11-17 14:48:09 +0100[diff] [blame]365 if (authorizationData.getUsername() == null ||
366 authorizationData.getUsername().isEmpty() ||
367 authorizationData.getPassword()== null ||
368 authorizationData.getPassword().isEmpty())
369 // is actual an invalid request
margarethada3c7852018-06-14 20:35:11 +0200[diff] [blame]370 throw kustvaktResponseHandler.throwit(StatusCodes.REQUEST_INVALID);
Michael Hanlfb839b92015-09-19 21:32:34 +0200[diff] [blame]371
Michael Hanl5fac8ab2016-01-29 16:33:04 +0100[diff] [blame]372 Map<String, Object> attr = new HashMap<>();
Michael Hanlfb839b92015-09-19 21:32:34 +0200[diff] [blame]373 attr.put(Attributes.HOST, host);
374 attr.put(Attributes.USER_AGENT, agent);
375 TokenContext context;
margarethaf18298b2017-09-14 22:14:32 +0200[diff] [blame]376 String contextJson;
Michael Hanlfb839b92015-09-19 21:32:34 +0200[diff] [blame]377 try {
margaretha2afb97d2017-12-07 19:18:44 +0100[diff] [blame]378 //EM: authentication scheme default
379 User user = controller.authenticate(AuthenticationMethod.DATABASE,
margarethacd206792017-11-17 14:48:09 +0100[diff] [blame]380 authorizationData.getUsername(), authorizationData.getPassword(), attr);
Michael Hanlfb839b92015-09-19 21:32:34 +0200[diff] [blame]381 context = controller.createTokenContext(user, attr,
margaretha2afb97d2017-12-07 19:18:44 +0100[diff] [blame]382 TokenType.SESSION);
383// context = controller.createTokenContext(user, attr,
384// Attributes.SESSION_AUTHENTICATION);
margarethaf18298b2017-09-14 22:14:32 +0200[diff] [blame]385 contextJson = context.toJson();
386 jlog.debug(contextJson);
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]387 }
388 catch (KustvaktException e) {
margarethada3c7852018-06-14 20:35:11 +0200[diff] [blame]389 throw kustvaktResponseHandler.throwit(e);
Michael Hanlfb839b92015-09-19 21:32:34 +0200[diff] [blame]390 }
margarethaf18298b2017-09-14 22:14:32 +0200[diff] [blame]391 return Response.ok().entity(contextJson).build();
Michael Hanlfb839b92015-09-19 21:32:34 +0200[diff] [blame]392 }
393
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]394
Michael Hanlfb839b92015-09-19 21:32:34 +0200[diff] [blame]395 // fixme: security issues: setup shibboleth compatible authentication system
396 // todo: will be purged with token authentication --> shib is client side
397 @POST
Michael Hanl6bfe4002016-07-02 11:43:09 +0200[diff] [blame]398 @Consumes(MediaType.APPLICATION_JSON)
Michael Hanlfb839b92015-09-19 21:32:34 +0200[diff] [blame]399 @Produces("application/json")
400 @Path("shibboleth")
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]401 public Response loginshib (@Context HttpHeaders headers,
Michael Hanlfb839b92015-09-19 21:32:34 +0200[diff] [blame]402 @Context Locale locale,
403 @HeaderParam(ContainerRequest.USER_AGENT) String agent,
404 @HeaderParam(ContainerRequest.HOST) String host,
405 @QueryParam("client_id") String client_id) {
406
407 // the shibfilter decrypted the values
408 // define default provider for returned access token strategy?!
409
Michael Hanl5fac8ab2016-01-29 16:33:04 +0100[diff] [blame]410 Map<String, Object> attr = new HashMap<>();
Michael Hanlfb839b92015-09-19 21:32:34 +0200[diff] [blame]411 attr.put(Attributes.HOST, host);
412 attr.put(Attributes.USER_AGENT, agent);
413
414 TokenContext context;
415
416 try {
417 // todo: distinguish type KorAP/Shibusers
margaretha2afb97d2017-12-07 19:18:44 +0100[diff] [blame]418 User user = controller.authenticate(AuthenticationMethod.SHIBBOLETH,
margaretha139d0f72017-11-14 18:56:22 +0100[diff] [blame]419 null, null, attr);
Michael Hanlfb839b92015-09-19 21:32:34 +0200[diff] [blame]420 context = controller.createTokenContext(user, attr, null);
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]421 }
422 catch (KustvaktException e) {
margarethada3c7852018-06-14 20:35:11 +0200[diff] [blame]423 throw kustvaktResponseHandler.throwit(e);
Michael Hanlfb839b92015-09-19 21:32:34 +0200[diff] [blame]424 }
margarethad4796662017-11-09 16:11:40 +0100[diff] [blame]425 try {
426 return Response.ok().entity(context.toJson()).build();
427 }
428 catch (KustvaktException e) {
margarethada3c7852018-06-14 20:35:11 +0200[diff] [blame]429 throw kustvaktResponseHandler.throwit(e);
margarethad4796662017-11-09 16:11:40 +0100[diff] [blame]430 }
Michael Hanlfb839b92015-09-19 21:32:34 +0200[diff] [blame]431 }
Michael Hanl19390652016-01-16 11:01:24 +0100[diff] [blame]432
Michael Hanlfb839b92015-09-19 21:32:34 +0200[diff] [blame]433}