|
0
|
1 package de.mpiwg.itgroup.annotationManager.restlet;
|
|
|
2
|
|
|
3 import java.net.URI;
|
|
|
4 import java.net.URISyntaxException;
|
|
|
5 import java.util.Hashtable;
|
|
|
6
|
|
|
7 import javax.naming.NamingEnumeration;
|
|
|
8 import javax.naming.NamingException;
|
|
|
9 import javax.naming.directory.Attribute;
|
|
|
10 import javax.naming.directory.DirContext;
|
|
|
11 import javax.naming.directory.InitialDirContext;
|
|
|
12 import javax.naming.directory.SearchControls;
|
|
|
13 import javax.naming.directory.SearchResult;
|
|
|
14 import javax.security.auth.Subject;
|
|
|
15 import javax.security.auth.callback.CallbackHandler;
|
|
|
16 import javax.security.auth.login.Configuration;
|
|
|
17 import javax.security.auth.login.LoginContext;
|
|
|
18 import javax.security.auth.login.LoginException;
|
|
|
19
|
|
|
20 import org.apache.log4j.BasicConfigurator;
|
|
|
21 import org.apache.log4j.Level;
|
|
|
22 import org.apache.log4j.Logger;
|
|
|
23 import org.restlet.Application;
|
|
|
24 import org.restlet.Context;
|
|
|
25 import org.restlet.Request;
|
|
|
26 import org.restlet.Response;
|
|
|
27 import org.restlet.Restlet;
|
|
|
28 import org.restlet.data.ChallengeScheme;
|
|
|
29 import org.restlet.data.ClientInfo;
|
|
|
30 import org.restlet.ext.jaas.JaasVerifier;
|
|
|
31 import org.restlet.routing.Router;
|
|
|
32 import org.restlet.security.ChallengeAuthenticator;
|
|
|
33 import org.restlet.security.User;
|
|
|
34
|
|
|
35 import com.sun.security.auth.login.ConfigFile;
|
|
|
36
|
|
|
37
|
|
|
38
|
|
|
39
|
|
|
40 public class RestServer extends Application {
|
|
|
41
|
|
|
42
|
|
|
43 private ChallengeAuthenticator authenticator;
|
|
|
44 private CallbackHandler callbackHandler;
|
|
|
45
|
|
|
46 /** Erzeuge einen Authenticator
|
|
|
47 * @return
|
|
|
48 */
|
|
|
49 private ChallengeAuthenticator createAuthenticator() {
|
|
|
50 Context context = getContext();
|
|
|
51 boolean optional = true;
|
|
|
52 ChallengeScheme challengeScheme = ChallengeScheme.HTTP_BASIC;
|
|
|
53 String realm = "Annotation Service";
|
|
|
54
|
|
|
55 JaasVerifier verifier = new JaasVerifier("BasicJaasAuthenticationApplication");
|
|
5
|
56 //JaasVerifier verifier = new JaasVerifier("DummyAuthentication");
|
|
|
57
|
|
0
|
58 Configuration jaasConfig;
|
|
|
59 jaasConfig = createConfiguration();
|
|
|
60
|
|
|
61
|
|
|
62 verifier.setConfiguration(jaasConfig);
|
|
|
63 verifier.setUserPrincipalClassName("com.sun.security.auth.UserPrincipal");
|
|
|
64
|
|
|
65 ChallengeAuthenticator auth = new ChallengeAuthenticator(context, optional, challengeScheme, realm, verifier) {
|
|
|
66 @Override
|
|
|
67 protected boolean authenticate(Request request, Response response) {
|
|
|
68 if (request.getChallengeResponse() == null) {
|
|
|
69 return false;
|
|
|
70 } else {
|
|
|
71 return super.authenticate(request, response);
|
|
|
72 }
|
|
|
73 }
|
|
|
74 };
|
|
|
75
|
|
|
76 return auth;
|
|
|
77 }
|
|
|
78
|
|
2
|
79 /**
|
|
7
|
80 * Konfiguration f�r den Authentificator in Jaas. Pfad zum JAAS-Konfigurationsfile liegt im Context-Parameter
|
|
2
|
81 * "de.mpiwg.itgroup.annotationManager.jaas.configFilePath".
|
|
|
82 * @return
|
|
|
83 */
|
|
0
|
84 protected Configuration createConfiguration() {
|
|
|
85 Configuration jaasConfig;
|
|
|
86 URI confUri;
|
|
2
|
87
|
|
|
88 Context context = getContext();
|
|
|
89 String configFilePath = context.getParameters().getFirstValue("de.mpiwg.itgroup.annotationManager.jaas.configFilePath");
|
|
|
90
|
|
|
91
|
|
0
|
92 try {
|
|
2
|
93 confUri = new URI(configFilePath);
|
|
0
|
94 } catch (URISyntaxException e) {
|
|
|
95 e.printStackTrace();
|
|
|
96 confUri = null;
|
|
|
97 }
|
|
|
98
|
|
|
99 jaasConfig= new ConfigFile(confUri);
|
|
|
100 return jaasConfig;
|
|
|
101 }
|
|
|
102
|
|
|
103 public RestServer(Context parentContext){
|
|
|
104 super(parentContext);
|
|
|
105
|
|
|
106 Logger rl = Logger.getRootLogger();
|
|
|
107 BasicConfigurator.configure();
|
|
|
108 rl.setLevel(Level.DEBUG);
|
|
|
109
|
|
|
110
|
|
|
111 }
|
|
|
112
|
|
|
113 public synchronized Restlet createInboundRoot(){
|
|
|
114 this.authenticator = createAuthenticator();
|
|
|
115
|
|
|
116
|
|
3
|
117 //String target = "{rh}/{rf}/XX";
|
|
|
118 //Redirector redirector = new Redirector(getContext().createChildContext(), target,
|
|
|
119 // Redirector.MODE_CLIENT_SEE_OTHER);
|
|
|
120
|
|
0
|
121 Router router = new Router(getContext());
|
|
|
122
|
|
3
|
123
|
|
7
|
124 router.attach("/annotations",AddAndReadAnnotations.class);
|
|
8
|
125 router.attach("/search",AnnotatorSearch.class); // annotator api askes for different uris for search and adding
|
|
|
126 //router.attach("/search",SearchAnnotations.class); // annotator api askes for different uris for search and adding
|
|
0
|
127 router.attach("/dummy",Dummy.class);
|
|
|
128
|
|
3
|
129 //router.attach("",redirector);
|
|
5
|
130 router.attach("/annotator",ExtendedAnnotationInput.class);
|
|
3
|
131 router.attach("/",AnnotatorInfo.class);
|
|
0
|
132 authenticator.setNext(router);
|
|
|
133 return authenticator;
|
|
|
134
|
|
|
135
|
|
|
136
|
|
|
137 }
|
|
|
138
|
|
2
|
139 /**
|
|
|
140 * Authentifiziere den Benutzer aus dem Request (BasicAuthenfication)
|
|
|
141 * @param request
|
|
|
142 * @param response
|
|
|
143 * @return
|
|
|
144 */
|
|
|
145 public boolean authenticate(Request request, Response response) {
|
|
0
|
146 if (!request.getClientInfo().isAuthenticated()) {
|
|
|
147 authenticator.challenge(response, false);
|
|
|
148 return false;
|
|
|
149 }
|
|
|
150
|
|
|
151 if(request.getClientInfo().getUser()==null) //FIXME sometimes ist authenticated true, but no user
|
|
|
152 {
|
|
|
153 authenticator.challenge(response, false);
|
|
|
154 return false;
|
|
|
155 }
|
|
2
|
156
|
|
|
157
|
|
0
|
158 return true;
|
|
|
159 }
|
|
|
160
|
|
2
|
161 /**
|
|
|
162 * Authentifiziere den Benutzer
|
|
|
163 *
|
|
|
164 * @param username
|
|
|
165 * @param password
|
|
|
166 * @param request
|
|
|
167 * @return
|
|
|
168 */
|
|
0
|
169 public boolean authenticate(String username, String password,Request request) {
|
|
|
170 LoginContext lc;
|
|
|
171
|
|
|
172 try {
|
|
|
173 Configuration conf = createConfiguration();
|
|
|
174
|
|
|
175 lc = new LoginContext("BasicJaasAuthenticationApplication", null, new MyCallBackHandler(username,password),conf);
|
|
5
|
176 //lc = new LoginContext("DummyAuthentication", null, new MyCallBackHandler(username,password),conf);
|
|
0
|
177 lc.login();
|
|
|
178 } catch (LoginException e) {
|
|
|
179 // TODO Auto-generated catch block
|
|
|
180 e.printStackTrace();
|
|
|
181 return false;
|
|
|
182 }
|
|
|
183
|
|
|
184 Subject subject = lc.getSubject();
|
|
|
185 ClientInfo clientInfo = new ClientInfo();
|
|
|
186 User user = new User(username);
|
|
|
187 clientInfo.setAuthenticated(true);
|
|
|
188 clientInfo.setUser(user);
|
|
|
189
|
|
|
190 request.setClientInfo(clientInfo);
|
|
|
191 return true;
|
|
|
192 }
|
|
|
193
|
|
2
|
194 /**
|
|
|
195 * Hole den vollen Benutzernamen aus dem LDAP
|
|
|
196 * @param creator
|
|
|
197 * @return
|
|
|
198 */
|
|
0
|
199 public String getUserNameFromLdap(String creator) {
|
|
|
200 String retString=creator; // falls nichts gefunden wird einfach den creator zurueckgeben
|
|
|
201 Hashtable<String,String> env = new Hashtable<String,String>();
|
|
|
202 String sp = "com.sun.jndi.ldap.LdapCtxFactory";
|
|
|
203 env.put(javax.naming.Context.INITIAL_CONTEXT_FACTORY, sp);
|
|
|
204
|
|
1
|
205 String ldapUrl = "ldap://ldapreplik.mpiwg-berlin.mpg.de/dc=mpiwg-berlin,dc=mpg,dc=de";//TODO should go into config file
|
|
0
|
206 env.put(javax.naming.Context.PROVIDER_URL, ldapUrl);
|
|
|
207
|
|
|
208 DirContext dctx;
|
|
|
209 try {
|
|
|
210 dctx = new InitialDirContext(env);
|
|
|
211 } catch (NamingException e1) {
|
|
|
212 // TODO Auto-generated catch block
|
|
|
213 e1.printStackTrace();
|
|
|
214 return retString;
|
|
|
215 }
|
|
|
216
|
|
|
217 String base = "ou=People";
|
|
|
218
|
|
|
219 SearchControls sc = new SearchControls();
|
|
|
220 String[] attributeFilter = { "cn", "mail" };
|
|
|
221 sc.setReturningAttributes(attributeFilter);
|
|
|
222 sc.setSearchScope(SearchControls.SUBTREE_SCOPE);
|
|
|
223
|
|
|
224 String filter = "(uid="+creator+")";
|
|
|
225
|
|
|
226 try {
|
|
|
227 NamingEnumeration<SearchResult> results = dctx.search(base, filter, sc);
|
|
|
228 while (results.hasMore()) {
|
|
|
229 SearchResult sr = (SearchResult) results.next();
|
|
|
230 javax.naming.directory.Attributes attrs = sr.getAttributes();
|
|
|
231
|
|
|
232 Attribute attr = attrs.get("cn");
|
|
|
233 retString=(String) attr.get();
|
|
|
234 }
|
|
|
235 } catch (NamingException e) {
|
|
|
236 // TODO Auto-generated catch block
|
|
|
237 e.printStackTrace();
|
|
|
238 }
|
|
|
239
|
|
|
240 try {
|
|
|
241 dctx.close();
|
|
|
242 } catch (NamingException e) {
|
|
|
243 // TODO Auto-generated catch block
|
|
|
244 e.printStackTrace();
|
|
|
245 }
|
|
|
246 return retString;
|
|
|
247 }
|
|
|
248
|
|
|
249 }
|
