|
0
|
1 package de.mpiwg.itgroup.annotationManager.restlet;
|
|
|
2
|
|
|
3 import java.net.URI;
|
|
|
4 import java.net.URISyntaxException;
|
|
|
5 import java.util.Hashtable;
|
|
|
6
|
|
|
7 import javax.naming.NamingEnumeration;
|
|
|
8 import javax.naming.NamingException;
|
|
|
9 import javax.naming.directory.Attribute;
|
|
|
10 import javax.naming.directory.DirContext;
|
|
|
11 import javax.naming.directory.InitialDirContext;
|
|
|
12 import javax.naming.directory.SearchControls;
|
|
|
13 import javax.naming.directory.SearchResult;
|
|
|
14 import javax.security.auth.Subject;
|
|
|
15 import javax.security.auth.callback.Callback;
|
|
|
16 import javax.security.auth.callback.CallbackHandler;
|
|
|
17 import javax.security.auth.callback.NameCallback;
|
|
|
18 import javax.security.auth.callback.PasswordCallback;
|
|
|
19 import javax.security.auth.login.AppConfigurationEntry;
|
|
|
20 import javax.security.auth.login.Configuration;
|
|
|
21 import javax.security.auth.login.LoginContext;
|
|
|
22 import javax.security.auth.login.LoginException;
|
|
|
23
|
|
|
24 import org.apache.log4j.BasicConfigurator;
|
|
|
25 import org.apache.log4j.Level;
|
|
|
26 import org.apache.log4j.Logger;
|
|
|
27 import org.restlet.Application;
|
|
|
28 import org.restlet.Context;
|
|
|
29 import org.restlet.Request;
|
|
|
30 import org.restlet.Response;
|
|
|
31 import org.restlet.Restlet;
|
|
|
32
|
|
|
33 import org.restlet.data.ChallengeScheme;
|
|
|
34 import org.restlet.data.ClientInfo;
|
|
|
35 import org.restlet.ext.jaas.JaasVerifier;
|
|
|
36 import org.restlet.routing.Router;
|
|
|
37 import org.restlet.routing.Template;
|
|
|
38 import org.restlet.routing.TemplateRoute;
|
|
|
39 import org.restlet.security.ChallengeAuthenticator;
|
|
|
40 import org.restlet.security.MapVerifier;
|
|
|
41 import org.restlet.security.User;
|
|
|
42 import org.restlet.security.Verifier;
|
|
|
43
|
|
|
44 import com.sun.org.apache.xalan.internal.xsltc.runtime.Attributes;
|
|
|
45 import com.sun.security.auth.login.ConfigFile;
|
|
|
46
|
|
|
47
|
|
|
48
|
|
|
49
|
|
|
50 public class RestServer extends Application {
|
|
|
51
|
|
|
52
|
|
|
53 private ChallengeAuthenticator authenticator;
|
|
|
54 private CallbackHandler callbackHandler;
|
|
|
55
|
|
|
56 /** Erzeuge einen Authenticator
|
|
|
57 * @return
|
|
|
58 */
|
|
|
59 private ChallengeAuthenticator createAuthenticator() {
|
|
|
60 Context context = getContext();
|
|
|
61 boolean optional = true;
|
|
|
62 ChallengeScheme challengeScheme = ChallengeScheme.HTTP_BASIC;
|
|
|
63 String realm = "Annotation Service";
|
|
|
64
|
|
|
65 // MapVerifier isn't very secure; see docs for alternatives
|
|
|
66 //MapVerifier verifier = new MapVerifier();
|
|
|
67 //verifier.getLocalSecrets().put("user", "password".toCharArray());
|
|
|
68
|
|
|
69 JaasVerifier verifier = new JaasVerifier("BasicJaasAuthenticationApplication");
|
|
|
70
|
|
|
71
|
|
|
72 Configuration jaasConfig;
|
|
|
73 jaasConfig = createConfiguration();
|
|
|
74
|
|
|
75
|
|
|
76 verifier.setConfiguration(jaasConfig);
|
|
|
77 verifier.setUserPrincipalClassName("com.sun.security.auth.UserPrincipal");
|
|
|
78
|
|
|
79 ChallengeAuthenticator auth = new ChallengeAuthenticator(context, optional, challengeScheme, realm, verifier) {
|
|
|
80 @Override
|
|
|
81 protected boolean authenticate(Request request, Response response) {
|
|
|
82 if (request.getChallengeResponse() == null) {
|
|
|
83 return false;
|
|
|
84 } else {
|
|
|
85 return super.authenticate(request, response);
|
|
|
86 }
|
|
|
87 }
|
|
|
88 };
|
|
|
89
|
|
|
90 return auth;
|
|
|
91 }
|
|
|
92
|
|
|
93 protected Configuration createConfiguration() {
|
|
|
94 Configuration jaasConfig;
|
|
|
95 URI confUri;
|
|
|
96 try {
|
|
|
97 confUri = new URI("file:///etc/jaasAuth.conf"); //TODO shoould be configurable
|
|
|
98 } catch (URISyntaxException e) {
|
|
|
99 e.printStackTrace();
|
|
|
100 confUri = null;
|
|
|
101 }
|
|
|
102
|
|
|
103 jaasConfig= new ConfigFile(confUri);
|
|
|
104 return jaasConfig;
|
|
|
105 }
|
|
|
106
|
|
|
107 public RestServer(Context parentContext){
|
|
|
108 super(parentContext);
|
|
|
109
|
|
|
110 Logger rl = Logger.getRootLogger();
|
|
|
111 BasicConfigurator.configure();
|
|
|
112 rl.setLevel(Level.DEBUG);
|
|
|
113
|
|
|
114
|
|
|
115 }
|
|
|
116
|
|
|
117 public synchronized Restlet createInboundRoot(){
|
|
|
118 this.authenticator = createAuthenticator();
|
|
|
119
|
|
|
120
|
|
|
121 Router router = new Router(getContext());
|
|
|
122
|
|
|
123 router.attach("/annotations",AddAndSearchAnnotations.class);
|
|
|
124 router.attach("/search",AddAndSearchAnnotations.class); // annotator api askes for different uris for search and adding
|
|
|
125 router.attach("/dummy",Dummy.class);
|
|
|
126
|
|
|
127 authenticator.setNext(router);
|
|
|
128 return authenticator;
|
|
|
129
|
|
|
130
|
|
|
131
|
|
|
132 }
|
|
|
133
|
|
|
134 public boolean authenticate(Request request, Response response) {
|
|
|
135 if (!request.getClientInfo().isAuthenticated()) {
|
|
|
136 authenticator.challenge(response, false);
|
|
|
137 return false;
|
|
|
138 }
|
|
|
139
|
|
|
140 if(request.getClientInfo().getUser()==null) //FIXME sometimes ist authenticated true, but no user
|
|
|
141 {
|
|
|
142 authenticator.challenge(response, false);
|
|
|
143 return false;
|
|
|
144 }
|
|
|
145 return true;
|
|
|
146 }
|
|
|
147
|
|
|
148 public boolean authenticate(String username, String password,Request request) {
|
|
|
149 LoginContext lc;
|
|
|
150
|
|
|
151 try {
|
|
|
152 Configuration conf = createConfiguration();
|
|
|
153
|
|
|
154 lc = new LoginContext("BasicJaasAuthenticationApplication", null, new MyCallBackHandler(username,password),conf);
|
|
|
155 lc.login();
|
|
|
156 } catch (LoginException e) {
|
|
|
157 // TODO Auto-generated catch block
|
|
|
158 e.printStackTrace();
|
|
|
159 return false;
|
|
|
160 }
|
|
|
161
|
|
|
162 Subject subject = lc.getSubject();
|
|
|
163 ClientInfo clientInfo = new ClientInfo();
|
|
|
164 User user = new User(username);
|
|
|
165 clientInfo.setAuthenticated(true);
|
|
|
166 clientInfo.setUser(user);
|
|
|
167
|
|
|
168 request.setClientInfo(clientInfo);
|
|
|
169 return true;
|
|
|
170 }
|
|
|
171
|
|
|
172 public String getUserNameFromLdap(String creator) {
|
|
|
173 String retString=creator; // falls nichts gefunden wird einfach den creator zurueckgeben
|
|
|
174 Hashtable<String,String> env = new Hashtable<String,String>();
|
|
|
175 String sp = "com.sun.jndi.ldap.LdapCtxFactory";
|
|
|
176 env.put(javax.naming.Context.INITIAL_CONTEXT_FACTORY, sp);
|
|
|
177
|
|
|
178 String ldapUrl = "ldap://mpiwgldap.mpiwg-berlin.mpg.de/dc=mpiwg-berlin,dc=mpg,dc=de";//TODO should go into config file
|
|
|
179 env.put(javax.naming.Context.PROVIDER_URL, ldapUrl);
|
|
|
180
|
|
|
181 DirContext dctx;
|
|
|
182 try {
|
|
|
183 dctx = new InitialDirContext(env);
|
|
|
184 } catch (NamingException e1) {
|
|
|
185 // TODO Auto-generated catch block
|
|
|
186 e1.printStackTrace();
|
|
|
187 return retString;
|
|
|
188 }
|
|
|
189
|
|
|
190 String base = "ou=People";
|
|
|
191
|
|
|
192 SearchControls sc = new SearchControls();
|
|
|
193 String[] attributeFilter = { "cn", "mail" };
|
|
|
194 sc.setReturningAttributes(attributeFilter);
|
|
|
195 sc.setSearchScope(SearchControls.SUBTREE_SCOPE);
|
|
|
196
|
|
|
197 String filter = "(uid="+creator+")";
|
|
|
198
|
|
|
199 try {
|
|
|
200 NamingEnumeration<SearchResult> results = dctx.search(base, filter, sc);
|
|
|
201 while (results.hasMore()) {
|
|
|
202 SearchResult sr = (SearchResult) results.next();
|
|
|
203 javax.naming.directory.Attributes attrs = sr.getAttributes();
|
|
|
204
|
|
|
205 Attribute attr = attrs.get("cn");
|
|
|
206 retString=(String) attr.get();
|
|
|
207 }
|
|
|
208 } catch (NamingException e) {
|
|
|
209 // TODO Auto-generated catch block
|
|
|
210 e.printStackTrace();
|
|
|
211 }
|
|
|
212
|
|
|
213 try {
|
|
|
214 dctx.close();
|
|
|
215 } catch (NamingException e) {
|
|
|
216 // TODO Auto-generated catch block
|
|
|
217 e.printStackTrace();
|
|
|
218 }
|
|
|
219 return retString;
|
|
|
220 }
|
|
|
221
|
|
|
222 }
|
