| Michael Hanl | 1939065 | 2016-01-16 11:01:24 +0100 | [diff] [blame] | 1 | package de.ids_mannheim.korap.web.service.full; |
| Michael Hanl | fb839b9 | 2015-09-19 21:32:34 +0200 | [diff] [blame] | 2 | |
| 3 | import com.sun.jersey.spi.container.ContainerRequest; |
| 4 | import com.sun.jersey.spi.container.ResourceFilters; |
| Bodmo | 3d6bd35 | 2017-04-25 11:31:39 +0200 | [diff] [blame] | 5 | |
| Michael Hanl | 00b64e0 | 2016-05-24 20:24:27 +0200 | [diff] [blame] | 6 | import de.ids_mannheim.korap.config.Attributes; |
| Michael Hanl | daf8660 | 2016-05-12 14:31:52 +0200 | [diff] [blame] | 7 | import de.ids_mannheim.korap.config.BeansFactory; |
| Michael Hanl | fb839b9 | 2015-09-19 21:32:34 +0200 | [diff] [blame] | 8 | import de.ids_mannheim.korap.exceptions.KustvaktException; |
| 9 | import de.ids_mannheim.korap.exceptions.StatusCodes; |
| 10 | import de.ids_mannheim.korap.interfaces.AuthenticationManagerIface; |
| 11 | import de.ids_mannheim.korap.security.auth.BasicHttpAuth; |
| Michael Hanl | c2a9f62 | 2016-01-28 16:40:06 +0100 | [diff] [blame] | 12 | import de.ids_mannheim.korap.user.*; |
| Michael Hanl | fb839b9 | 2015-09-19 21:32:34 +0200 | [diff] [blame] | 13 | import de.ids_mannheim.korap.utils.JsonUtils; |
| 14 | import de.ids_mannheim.korap.utils.KustvaktLogger; |
| Michael Hanl | daf8660 | 2016-05-12 14:31:52 +0200 | [diff] [blame] | 15 | import de.ids_mannheim.korap.utils.ServiceInfo; |
| Michael Hanl | fb839b9 | 2015-09-19 21:32:34 +0200 | [diff] [blame] | 16 | import de.ids_mannheim.korap.web.KustvaktServer; |
| Michael Hanl | 99cb963 | 2016-06-29 16:24:40 +0200 | [diff] [blame] | 17 | import de.ids_mannheim.korap.web.filter.*; |
| Michael Hanl | 482f30d | 2015-09-25 12:39:46 +0200 | [diff] [blame] | 18 | import de.ids_mannheim.korap.web.utils.KustvaktResponseHandler; |
| Bodmo | 3d6bd35 | 2017-04-25 11:31:39 +0200 | [diff] [blame] | 19 | |
| Michael Hanl | fb839b9 | 2015-09-19 21:32:34 +0200 | [diff] [blame] | 20 | import org.slf4j.Logger; |
| 21 | |
| Bodmo | 3d6bd35 | 2017-04-25 11:31:39 +0200 | [diff] [blame] | 22 | import javax.servlet.http.HttpServletRequest; // FB |
| Michael Hanl | fb839b9 | 2015-09-19 21:32:34 +0200 | [diff] [blame] | 23 | import javax.ws.rs.*; |
| 24 | import javax.ws.rs.core.*; |
| Bodmo | 3d6bd35 | 2017-04-25 11:31:39 +0200 | [diff] [blame] | 25 | import javax.xml.ws.WebServiceContext; // FB |
| 26 | import javax.xml.ws.handler.MessageContext; // FB |
| 27 | import javax.annotation.Resource; // FB |
| 28 | |
| Bodmo | ca3dcfb | 2017-05-24 16:36:00 +0200 | [diff] [blame] | 29 | import java.util.Arrays; |
| Michael Hanl | fb839b9 | 2015-09-19 21:32:34 +0200 | [diff] [blame] | 30 | import java.util.HashMap; |
| 31 | import java.util.List; |
| 32 | import java.util.Locale; |
| 33 | import java.util.Map; |
| Bodmo | ca3dcfb | 2017-05-24 16:36:00 +0200 | [diff] [blame] | 34 | import java.util.ArrayList; |
| Bodmo | 3d6bd35 | 2017-04-25 11:31:39 +0200 | [diff] [blame] | 35 | import java.util.Iterator; // 07.02.17/FB |
| Michael Hanl | fb839b9 | 2015-09-19 21:32:34 +0200 | [diff] [blame] | 36 | |
| 37 | //import com.sun.xml.internal.messaging.saaj.util.Base64; |
| 38 | |
| 39 | /** |
| 40 | * @author hanl |
| 41 | * @date 24/01/2014 |
| 42 | */ |
| margaretha | ecbe72d | 2017-07-26 17:13:32 +0200 | [diff] [blame^] | 43 | @Path("/auth") |
| Michael Hanl | fb839b9 | 2015-09-19 21:32:34 +0200 | [diff] [blame] | 44 | @ResourceFilters({ PiwikFilter.class }) |
| 45 | @Produces(MediaType.TEXT_HTML + ";charset=utf-8") |
| 46 | public class AuthService { |
| 47 | |
| Bodmo | c125bf1 | 2017-06-01 16:23:59 +0200 | [diff] [blame] | 48 | private static Boolean DEBUG_LOG = true; |
| Bodmo | 3d6bd35 | 2017-04-25 11:31:39 +0200 | [diff] [blame] | 49 | |
| Michael Hanl | fb839b9 | 2015-09-19 21:32:34 +0200 | [diff] [blame] | 50 | //todo: bootstrap function to transmit certain default configuration settings and examples (example user queries, |
| 51 | // default usersettings, etc.) |
| Michael Hanl | fdd9a01 | 2015-11-13 15:56:38 +0100 | [diff] [blame] | 52 | private static Logger jlog = KustvaktLogger.getLogger(AuthService.class); |
| Michael Hanl | fb839b9 | 2015-09-19 21:32:34 +0200 | [diff] [blame] | 53 | |
| 54 | private AuthenticationManagerIface controller; |
| Michael Hanl | 8abaf9e | 2016-05-23 16:46:35 +0200 | [diff] [blame] | 55 | |
| Michael Hanl | fb839b9 | 2015-09-19 21:32:34 +0200 | [diff] [blame] | 56 | // private SendMail mail; |
| 57 | |
| Michael Hanl | 8abaf9e | 2016-05-23 16:46:35 +0200 | [diff] [blame] | 58 | public AuthService () { |
| Michael Hanl | daf8660 | 2016-05-12 14:31:52 +0200 | [diff] [blame] | 59 | this.controller = BeansFactory.getKustvaktContext() |
| Michael Hanl | fb839b9 | 2015-09-19 21:32:34 +0200 | [diff] [blame] | 60 | .getAuthenticationManager(); |
| 61 | //todo: replace with real property values |
| 62 | // this.mail = new SendMail(ExtConfiguration.getMailProperties()); |
| 63 | } |
| 64 | |
| Bodmo | 3d6bd35 | 2017-04-25 11:31:39 +0200 | [diff] [blame] | 65 | |
| Michael Hanl | fb839b9 | 2015-09-19 21:32:34 +0200 | [diff] [blame] | 66 | /** |
| Michael Hanl | 8abaf9e | 2016-05-23 16:46:35 +0200 | [diff] [blame] | 67 | * represents json string with data. All GUI clients can access |
| 68 | * this method to get certain default values |
| Michael Hanl | fb839b9 | 2015-09-19 21:32:34 +0200 | [diff] [blame] | 69 | * --> security checks? |
| Michael Hanl | 8abaf9e | 2016-05-23 16:46:35 +0200 | [diff] [blame] | 70 | * |
| Michael Hanl | fb839b9 | 2015-09-19 21:32:34 +0200 | [diff] [blame] | 71 | * @return String |
| 72 | */ |
| Michael Hanl | 25aac54 | 2016-02-01 18:16:44 +0100 | [diff] [blame] | 73 | @Deprecated |
| Michael Hanl | fb839b9 | 2015-09-19 21:32:34 +0200 | [diff] [blame] | 74 | @GET |
| 75 | @Path("bootstrap") |
| 76 | @Produces(MediaType.APPLICATION_JSON) |
| Michael Hanl | 8abaf9e | 2016-05-23 16:46:35 +0200 | [diff] [blame] | 77 | public Response bootstrap () { |
| Michael Hanl | fb839b9 | 2015-09-19 21:32:34 +0200 | [diff] [blame] | 78 | Map m = new HashMap(); |
| Michael Hanl | 8abaf9e | 2016-05-23 16:46:35 +0200 | [diff] [blame] | 79 | // m.put("settings", new UserSettings().toObjectMap()); |
| Michael Hanl | daf8660 | 2016-05-12 14:31:52 +0200 | [diff] [blame] | 80 | m.put("ql", BeansFactory.getKustvaktContext().getConfiguration() |
| Michael Hanl | fb839b9 | 2015-09-19 21:32:34 +0200 | [diff] [blame] | 81 | .getQueryLanguages()); |
| 82 | m.put("SortTypes", null); // types of sorting that are supported! |
| Michael Hanl | daf8660 | 2016-05-12 14:31:52 +0200 | [diff] [blame] | 83 | m.put("version", ServiceInfo.getInfo().getVersion()); |
| Michael Hanl | fb839b9 | 2015-09-19 21:32:34 +0200 | [diff] [blame] | 84 | return Response.ok(JsonUtils.toJSON(m)).build(); |
| 85 | } |
| 86 | |
| Michael Hanl | 8abaf9e | 2016-05-23 16:46:35 +0200 | [diff] [blame] | 87 | |
| Michael Hanl | 1939065 | 2016-01-16 11:01:24 +0100 | [diff] [blame] | 88 | // fixme: moved to user |
| Michael Hanl | fb839b9 | 2015-09-19 21:32:34 +0200 | [diff] [blame] | 89 | @GET |
| 90 | @Path("status") |
| Michael Hanl | 99cb963 | 2016-06-29 16:24:40 +0200 | [diff] [blame] | 91 | @ResourceFilters({ AuthFilter.class, DemoUserFilter.class, BlockingFilter.class }) |
| Michael Hanl | 8abaf9e | 2016-05-23 16:46:35 +0200 | [diff] [blame] | 92 | public Response getStatus (@Context SecurityContext context, |
| Michael Hanl | fb839b9 | 2015-09-19 21:32:34 +0200 | [diff] [blame] | 93 | @HeaderParam(ContainerRequest.USER_AGENT) String agent, |
| 94 | @HeaderParam(ContainerRequest.HOST) String host, |
| 95 | @Context Locale locale) { |
| 96 | TokenContext ctx = (TokenContext) context.getUserPrincipal(); |
| Michael Hanl | 2c3b0b1 | 2016-07-01 18:30:12 +0200 | [diff] [blame] | 97 | return Response.ok(ctx.toJson()).build(); |
| Michael Hanl | fb839b9 | 2015-09-19 21:32:34 +0200 | [diff] [blame] | 98 | } |
| 99 | |
| Michael Hanl | 8abaf9e | 2016-05-23 16:46:35 +0200 | [diff] [blame] | 100 | |
| Michael Hanl | fb839b9 | 2015-09-19 21:32:34 +0200 | [diff] [blame] | 101 | @GET |
| 102 | @Path("apiToken") |
| Michael Hanl | 9be4e42 | 2016-07-21 14:13:27 +0200 | [diff] [blame] | 103 | //@ResourceFilters({HeaderFilter.class}) |
| Bodmo | 3d6bd35 | 2017-04-25 11:31:39 +0200 | [diff] [blame] | 104 | public Response requestAPIToken ( |
| 105 | @Context HttpHeaders headers, |
| Michael Hanl | fb839b9 | 2015-09-19 21:32:34 +0200 | [diff] [blame] | 106 | @Context Locale locale, |
| 107 | @HeaderParam(ContainerRequest.USER_AGENT) String agent, |
| 108 | @HeaderParam(ContainerRequest.HOST) String host, |
| 109 | @HeaderParam("referer-url") String referer, |
| Bodmo | 3d6bd35 | 2017-04-25 11:31:39 +0200 | [diff] [blame] | 110 | @QueryParam("scope") String scopes, |
| 111 | // @Context WebServiceContext wsContext, // FB |
| 112 | @Context SecurityContext secCtx) { |
| 113 | |
| Michael Hanl | fb839b9 | 2015-09-19 21:32:34 +0200 | [diff] [blame] | 114 | List<String> auth = headers |
| 115 | .getRequestHeader(ContainerRequest.AUTHORIZATION); |
| 116 | |
| Michael Hanl | fb839b9 | 2015-09-19 21:32:34 +0200 | [diff] [blame] | 117 | String[] values = BasicHttpAuth.decode(auth.get(0)); |
| 118 | |
| Bodmo | 3d6bd35 | 2017-04-25 11:31:39 +0200 | [diff] [blame] | 119 | if( DEBUG_LOG == true ) |
| 120 | { |
| 121 | System.out.printf("Debug: AuthService.requestAPIToken...:\n"); |
| 122 | System.out.printf("Debug: auth.size=%d\n", auth.size()); |
| 123 | System.out.printf("auth.get(0)='%s'\n", auth.get(0)); |
| 124 | System.out.printf("Debug: values.length=%d\n", values.length); |
| Bodmo | 11fb6f8 | 2017-06-01 11:39:15 +0200 | [diff] [blame] | 125 | /* hide password etc. - FB |
| 126 | if( auth.size() > 0 ) |
| Bodmo | 3d6bd35 | 2017-04-25 11:31:39 +0200 | [diff] [blame] | 127 | { |
| 128 | Iterator it = auth.iterator(); |
| 129 | while( it.hasNext() ) |
| 130 | System.out.printf(" header '%s'\n", it.next()); |
| 131 | } |
| 132 | if( values.length > 0 ) |
| 133 | { |
| 134 | for(int i=0; i< values.length; i++) |
| 135 | { |
| 136 | System.out.printf(" values[%d]='%s'\n", i, values[i]); |
| 137 | } |
| 138 | } |
| Bodmo | 11fb6f8 | 2017-06-01 11:39:15 +0200 | [diff] [blame] | 139 | */ |
| Bodmo | 3d6bd35 | 2017-04-25 11:31:39 +0200 | [diff] [blame] | 140 | MultivaluedMap<String,String> headerMap = headers.getRequestHeaders(); |
| 141 | if( headerMap != null && headerMap.size() > 0 ) |
| 142 | { |
| 143 | Iterator<String> it = headerMap.keySet().iterator(); |
| 144 | while( it.hasNext() ) |
| 145 | { |
| 146 | String key = (String)it.next(); |
| 147 | List<String> vals= headerMap.get(key); |
| 148 | System.out.printf("Debug: requestAPIToken: '%s' = '%s'\n", key, vals); |
| 149 | } |
| 150 | |
| 151 | } |
| 152 | System.out.printf("Debug: requestAPIToken: isSecure = %s.\n", secCtx.isSecure() ? "yes" : "no"); |
| 153 | } // DEBUG_LOG |
| Bodmo | ca3dcfb | 2017-05-24 16:36:00 +0200 | [diff] [blame] | 154 | |
| Michael Hanl | fb839b9 | 2015-09-19 21:32:34 +0200 | [diff] [blame] | 155 | // "Invalid syntax for username and password" |
| 156 | if (values == null) |
| Michael Hanl | 482f30d | 2015-09-25 12:39:46 +0200 | [diff] [blame] | 157 | throw KustvaktResponseHandler |
| Michael Hanl | 99cb963 | 2016-06-29 16:24:40 +0200 | [diff] [blame] | 158 | .throwit(StatusCodes.ACCESS_DENIED); |
| Michael Hanl | fb839b9 | 2015-09-19 21:32:34 +0200 | [diff] [blame] | 159 | |
| Michael Hanl | 8abaf9e | 2016-05-23 16:46:35 +0200 | [diff] [blame] | 160 | if (values[0].equalsIgnoreCase("null") |
| 161 | | values[1].equalsIgnoreCase("null")) |
| Michael Hanl | fb839b9 | 2015-09-19 21:32:34 +0200 | [diff] [blame] | 162 | // is actual an invalid request |
| Michael Hanl | f1e85e7 | 2016-01-21 16:55:45 +0100 | [diff] [blame] | 163 | throw KustvaktResponseHandler.throwit(StatusCodes.REQUEST_INVALID); |
| Michael Hanl | fb839b9 | 2015-09-19 21:32:34 +0200 | [diff] [blame] | 164 | |
| Michael Hanl | 5fac8ab | 2016-01-29 16:33:04 +0100 | [diff] [blame] | 165 | Map<String, Object> attr = new HashMap<>(); |
| Michael Hanl | 482f30d | 2015-09-25 12:39:46 +0200 | [diff] [blame] | 166 | if (scopes != null && !scopes.isEmpty()) |
| 167 | attr.put(Attributes.SCOPES, scopes); |
| Michael Hanl | fb839b9 | 2015-09-19 21:32:34 +0200 | [diff] [blame] | 168 | attr.put(Attributes.HOST, host); |
| 169 | attr.put(Attributes.USER_AGENT, agent); |
| Bodmo | ca3dcfb | 2017-05-24 16:36:00 +0200 | [diff] [blame] | 170 | |
| Michael Hanl | fb839b9 | 2015-09-19 21:32:34 +0200 | [diff] [blame] | 171 | TokenContext context; |
| 172 | try { |
| Bodmo | 3d6bd35 | 2017-04-25 11:31:39 +0200 | [diff] [blame] | 173 | // User user = controller.authenticate(0, values[0], values[1], attr); Implementation by Hanl |
| 174 | User user = controller.authenticate(2, values[0], values[1], attr); // Implementation with IdM/LDAP |
| 175 | // Userdata data = this.controller.getUserData(user, UserDetails.class); // Implem. by Hanl |
| Michael Hanl | 5fac8ab | 2016-01-29 16:33:04 +0100 | [diff] [blame] | 176 | // todo: is this necessary? |
| Michael Hanl | 8abaf9e | 2016-05-23 16:46:35 +0200 | [diff] [blame] | 177 | // attr.putAll(data.fields()); |
| Bodmo | ca3dcfb | 2017-05-24 16:36:00 +0200 | [diff] [blame] | 178 | controller.setAccessAndLocation(user, headers); |
| Bodmo | c125bf1 | 2017-06-01 16:23:59 +0200 | [diff] [blame] | 179 | if( DEBUG_LOG == true ) |
| 180 | System.out.printf("Debug: /apiToken/: location=%s, access='%s'.\n", user.locationtoString(), user.accesstoString()); |
| Bodmo | ca3dcfb | 2017-05-24 16:36:00 +0200 | [diff] [blame] | 181 | attr.put(Attributes.LOCATION, user.getLocation()); |
| 182 | attr.put(Attributes.CORPUS_ACCESS, user.getCorpusAccess()); |
| Bodmo | 3d6bd35 | 2017-04-25 11:31:39 +0200 | [diff] [blame] | 183 | context = controller.createTokenContext(user, attr, Attributes.API_AUTHENTICATION); |
| Michael Hanl | 8abaf9e | 2016-05-23 16:46:35 +0200 | [diff] [blame] | 184 | } |
| 185 | catch (KustvaktException e) { |
| Michael Hanl | 482f30d | 2015-09-25 12:39:46 +0200 | [diff] [blame] | 186 | throw KustvaktResponseHandler.throwit(e); |
| Michael Hanl | fb839b9 | 2015-09-19 21:32:34 +0200 | [diff] [blame] | 187 | } |
| 188 | |
| Michael Hanl | 2c3b0b1 | 2016-07-01 18:30:12 +0200 | [diff] [blame] | 189 | return Response.ok(context.toJson()).build(); |
| Michael Hanl | fb839b9 | 2015-09-19 21:32:34 +0200 | [diff] [blame] | 190 | } |
| 191 | |
| Michael Hanl | 8abaf9e | 2016-05-23 16:46:35 +0200 | [diff] [blame] | 192 | |
| Michael Hanl | fb839b9 | 2015-09-19 21:32:34 +0200 | [diff] [blame] | 193 | // todo: |
| 194 | @Deprecated |
| 195 | @GET |
| 196 | @Path("refresh") |
| Michael Hanl | 8abaf9e | 2016-05-23 16:46:35 +0200 | [diff] [blame] | 197 | public Response refresh (@Context SecurityContext context, |
| Michael Hanl | fb839b9 | 2015-09-19 21:32:34 +0200 | [diff] [blame] | 198 | @Context Locale locale) { |
| 199 | TokenContext ctx = (TokenContext) context.getUserPrincipal(); |
| 200 | TokenContext newContext; |
| 201 | |
| 202 | // try { |
| 203 | // newContext = controller.refresh(ctx); |
| 204 | // }catch (KorAPException e) { |
| 205 | // KorAPLogger.ERROR_LOGGER.error("Exception encountered!", e); |
| Michael Hanl | 482f30d | 2015-09-25 12:39:46 +0200 | [diff] [blame] | 206 | // throw KustvaktResponseHandler.throwit(e); |
| Michael Hanl | fb839b9 | 2015-09-19 21:32:34 +0200 | [diff] [blame] | 207 | // } |
| 208 | // return Response.ok().entity(newContext.getToken()).build(); |
| 209 | return null; |
| 210 | } |
| 211 | |
| Michael Hanl | 8abaf9e | 2016-05-23 16:46:35 +0200 | [diff] [blame] | 212 | |
| Michael Hanl | fb839b9 | 2015-09-19 21:32:34 +0200 | [diff] [blame] | 213 | @GET |
| 214 | @Path("sessionToken") |
| Michael Hanl | 9be4e42 | 2016-07-21 14:13:27 +0200 | [diff] [blame] | 215 | //@ResourceFilters({HeaderFilter.class}) |
| Michael Hanl | 8abaf9e | 2016-05-23 16:46:35 +0200 | [diff] [blame] | 216 | public Response requestSession (@Context HttpHeaders headers, |
| Michael Hanl | fb839b9 | 2015-09-19 21:32:34 +0200 | [diff] [blame] | 217 | @Context Locale locale, |
| 218 | @HeaderParam(ContainerRequest.USER_AGENT) String agent, |
| 219 | @HeaderParam(ContainerRequest.HOST) String host) { |
| 220 | List<String> auth = headers |
| 221 | .getRequestHeader(ContainerRequest.AUTHORIZATION); |
| 222 | |
| Michael Hanl | fb839b9 | 2015-09-19 21:32:34 +0200 | [diff] [blame] | 223 | String[] values = BasicHttpAuth.decode(auth.get(0)); |
| 224 | // authentication = StringUtils.stripTokenType(authentication); |
| 225 | // String[] values = new String( |
| 226 | // DatatypeConverter.parseBase64Binary(authentication)).split(":"); |
| 227 | // String[] values = Base64.base64Decode(authentication).split(":"); |
| 228 | |
| 229 | // "Invalid syntax for username and password" |
| 230 | if (values == null) |
| Michael Hanl | 482f30d | 2015-09-25 12:39:46 +0200 | [diff] [blame] | 231 | throw KustvaktResponseHandler |
| Michael Hanl | 99cb963 | 2016-06-29 16:24:40 +0200 | [diff] [blame] | 232 | .throwit(StatusCodes.BAD_CREDENTIALS); |
| Michael Hanl | fb839b9 | 2015-09-19 21:32:34 +0200 | [diff] [blame] | 233 | |
| Bodmo | 3d6bd35 | 2017-04-25 11:31:39 +0200 | [diff] [blame] | 234 | // Implementation Hanl mit '|'. 16.02.17/FB |
| 235 | //if (values[0].equalsIgnoreCase("null") |
| 236 | // | values[1].equalsIgnoreCase("null")) |
| Michael Hanl | 8abaf9e | 2016-05-23 16:46:35 +0200 | [diff] [blame] | 237 | if (values[0].equalsIgnoreCase("null") |
| Bodmo | 3d6bd35 | 2017-04-25 11:31:39 +0200 | [diff] [blame] | 238 | || values[1].equalsIgnoreCase("null")) |
| Michael Hanl | f1e85e7 | 2016-01-21 16:55:45 +0100 | [diff] [blame] | 239 | throw KustvaktResponseHandler.throwit(StatusCodes.REQUEST_INVALID); |
| Michael Hanl | fb839b9 | 2015-09-19 21:32:34 +0200 | [diff] [blame] | 240 | |
| Michael Hanl | 5fac8ab | 2016-01-29 16:33:04 +0100 | [diff] [blame] | 241 | Map<String, Object> attr = new HashMap<>(); |
| Michael Hanl | fb839b9 | 2015-09-19 21:32:34 +0200 | [diff] [blame] | 242 | attr.put(Attributes.HOST, host); |
| 243 | attr.put(Attributes.USER_AGENT, agent); |
| 244 | TokenContext context; |
| 245 | try { |
| 246 | User user = controller.authenticate(0, values[0], values[1], attr); |
| 247 | context = controller.createTokenContext(user, attr, |
| 248 | Attributes.SESSION_AUTHENTICATION); |
| Michael Hanl | 8abaf9e | 2016-05-23 16:46:35 +0200 | [diff] [blame] | 249 | } |
| 250 | catch (KustvaktException e) { |
| Michael Hanl | 482f30d | 2015-09-25 12:39:46 +0200 | [diff] [blame] | 251 | throw KustvaktResponseHandler.throwit(e); |
| Michael Hanl | fb839b9 | 2015-09-19 21:32:34 +0200 | [diff] [blame] | 252 | } |
| Michael Hanl | 2c3b0b1 | 2016-07-01 18:30:12 +0200 | [diff] [blame] | 253 | return Response.ok().entity(context.toJson()).build(); |
| Michael Hanl | fb839b9 | 2015-09-19 21:32:34 +0200 | [diff] [blame] | 254 | } |
| 255 | |
| Michael Hanl | 8abaf9e | 2016-05-23 16:46:35 +0200 | [diff] [blame] | 256 | |
| Michael Hanl | fb839b9 | 2015-09-19 21:32:34 +0200 | [diff] [blame] | 257 | // fixme: security issues: setup shibboleth compatible authentication system |
| 258 | // todo: will be purged with token authentication --> shib is client side |
| 259 | @POST |
| Michael Hanl | 6bfe400 | 2016-07-02 11:43:09 +0200 | [diff] [blame] | 260 | @Consumes(MediaType.APPLICATION_JSON) |
| Michael Hanl | fb839b9 | 2015-09-19 21:32:34 +0200 | [diff] [blame] | 261 | @Produces("application/json") |
| 262 | @Path("shibboleth") |
| Michael Hanl | 8abaf9e | 2016-05-23 16:46:35 +0200 | [diff] [blame] | 263 | public Response loginshib (@Context HttpHeaders headers, |
| Michael Hanl | fb839b9 | 2015-09-19 21:32:34 +0200 | [diff] [blame] | 264 | @Context Locale locale, |
| 265 | @HeaderParam(ContainerRequest.USER_AGENT) String agent, |
| 266 | @HeaderParam(ContainerRequest.HOST) String host, |
| 267 | @QueryParam("client_id") String client_id) { |
| 268 | |
| 269 | // the shibfilter decrypted the values |
| 270 | // define default provider for returned access token strategy?! |
| 271 | |
| Michael Hanl | 5fac8ab | 2016-01-29 16:33:04 +0100 | [diff] [blame] | 272 | Map<String, Object> attr = new HashMap<>(); |
| Michael Hanl | fb839b9 | 2015-09-19 21:32:34 +0200 | [diff] [blame] | 273 | attr.put(Attributes.HOST, host); |
| 274 | attr.put(Attributes.USER_AGENT, agent); |
| 275 | |
| 276 | TokenContext context; |
| 277 | |
| 278 | try { |
| 279 | // todo: distinguish type KorAP/Shibusers |
| 280 | User user = controller.authenticate(1, null, null, attr); |
| 281 | context = controller.createTokenContext(user, attr, null); |
| Michael Hanl | 8abaf9e | 2016-05-23 16:46:35 +0200 | [diff] [blame] | 282 | } |
| 283 | catch (KustvaktException e) { |
| Michael Hanl | 482f30d | 2015-09-25 12:39:46 +0200 | [diff] [blame] | 284 | throw KustvaktResponseHandler.throwit(e); |
| Michael Hanl | fb839b9 | 2015-09-19 21:32:34 +0200 | [diff] [blame] | 285 | } |
| Michael Hanl | 2c3b0b1 | 2016-07-01 18:30:12 +0200 | [diff] [blame] | 286 | return Response.ok().entity(context.toJson()).build(); |
| Michael Hanl | fb839b9 | 2015-09-19 21:32:34 +0200 | [diff] [blame] | 287 | } |
| Michael Hanl | 1939065 | 2016-01-16 11:01:24 +0100 | [diff] [blame] | 288 | |
| Michael Hanl | 8abaf9e | 2016-05-23 16:46:35 +0200 | [diff] [blame] | 289 | |
| Michael Hanl | 1939065 | 2016-01-16 11:01:24 +0100 | [diff] [blame] | 290 | //fixme: moved from userservice |
| 291 | @GET |
| 292 | @Path("logout") |
| Michael Hanl | 99cb963 | 2016-06-29 16:24:40 +0200 | [diff] [blame] | 293 | @ResourceFilters({ AuthFilter.class, DemoUserFilter.class, PiwikFilter.class }) |
| Michael Hanl | 8abaf9e | 2016-05-23 16:46:35 +0200 | [diff] [blame] | 294 | public Response logout (@Context SecurityContext ctx, @Context Locale locale) { |
| Michael Hanl | 1939065 | 2016-01-16 11:01:24 +0100 | [diff] [blame] | 295 | TokenContext context = (TokenContext) ctx.getUserPrincipal(); |
| 296 | try { |
| 297 | controller.logout(context); |
| Michael Hanl | 8abaf9e | 2016-05-23 16:46:35 +0200 | [diff] [blame] | 298 | } |
| 299 | catch (KustvaktException e) { |
| Michael Hanl | 00ef546 | 2016-06-06 17:39:59 +0200 | [diff] [blame] | 300 | jlog.error("Logout Exception: {}", e.string()); |
| Michael Hanl | 1939065 | 2016-01-16 11:01:24 +0100 | [diff] [blame] | 301 | throw KustvaktResponseHandler.throwit(e); |
| 302 | } |
| 303 | return Response.ok().build(); |
| 304 | } |
| 305 | |
| Michael Hanl | fb839b9 | 2015-09-19 21:32:34 +0200 | [diff] [blame] | 306 | } |