Mercurial > hg > AnnotationManager
diff src/de/mpiwg/itgroup/annotationManager/restlet/RestServer.java @ 0:77530be3c747
intial
| author | dwinter |
|---|---|
| date | Tue, 22 Nov 2011 15:47:57 +0100 |
| parents | |
| children | f2f41d0dedf5 |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/de/mpiwg/itgroup/annotationManager/restlet/RestServer.java Tue Nov 22 15:47:57 2011 +0100 @@ -0,0 +1,222 @@ +package de.mpiwg.itgroup.annotationManager.restlet; + +import java.net.URI; +import java.net.URISyntaxException; +import java.util.Hashtable; + +import javax.naming.NamingEnumeration; +import javax.naming.NamingException; +import javax.naming.directory.Attribute; +import javax.naming.directory.DirContext; +import javax.naming.directory.InitialDirContext; +import javax.naming.directory.SearchControls; +import javax.naming.directory.SearchResult; +import javax.security.auth.Subject; +import javax.security.auth.callback.Callback; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.callback.NameCallback; +import javax.security.auth.callback.PasswordCallback; +import javax.security.auth.login.AppConfigurationEntry; +import javax.security.auth.login.Configuration; +import javax.security.auth.login.LoginContext; +import javax.security.auth.login.LoginException; + +import org.apache.log4j.BasicConfigurator; +import org.apache.log4j.Level; +import org.apache.log4j.Logger; +import org.restlet.Application; +import org.restlet.Context; +import org.restlet.Request; +import org.restlet.Response; +import org.restlet.Restlet; + +import org.restlet.data.ChallengeScheme; +import org.restlet.data.ClientInfo; +import org.restlet.ext.jaas.JaasVerifier; +import org.restlet.routing.Router; +import org.restlet.routing.Template; +import org.restlet.routing.TemplateRoute; +import org.restlet.security.ChallengeAuthenticator; +import org.restlet.security.MapVerifier; +import org.restlet.security.User; +import org.restlet.security.Verifier; + +import com.sun.org.apache.xalan.internal.xsltc.runtime.Attributes; +import com.sun.security.auth.login.ConfigFile; + + + + +public class RestServer extends Application { + + + private ChallengeAuthenticator authenticator; + private CallbackHandler callbackHandler; + + /** Erzeuge einen Authenticator + * @return + */ + private ChallengeAuthenticator createAuthenticator() { + Context context = getContext(); + boolean optional = true; + ChallengeScheme challengeScheme = ChallengeScheme.HTTP_BASIC; + String realm = "Annotation Service"; + + // MapVerifier isn't very secure; see docs for alternatives + //MapVerifier verifier = new MapVerifier(); + //verifier.getLocalSecrets().put("user", "password".toCharArray()); + + JaasVerifier verifier = new JaasVerifier("BasicJaasAuthenticationApplication"); + + + Configuration jaasConfig; + jaasConfig = createConfiguration(); + + + verifier.setConfiguration(jaasConfig); + verifier.setUserPrincipalClassName("com.sun.security.auth.UserPrincipal"); + + ChallengeAuthenticator auth = new ChallengeAuthenticator(context, optional, challengeScheme, realm, verifier) { + @Override + protected boolean authenticate(Request request, Response response) { + if (request.getChallengeResponse() == null) { + return false; + } else { + return super.authenticate(request, response); + } + } + }; + + return auth; + } + + protected Configuration createConfiguration() { + Configuration jaasConfig; + URI confUri; + try { + confUri = new URI("file:///etc/jaasAuth.conf"); //TODO shoould be configurable + } catch (URISyntaxException e) { + e.printStackTrace(); + confUri = null; + } + + jaasConfig= new ConfigFile(confUri); + return jaasConfig; + } + + public RestServer(Context parentContext){ + super(parentContext); + + Logger rl = Logger.getRootLogger(); + BasicConfigurator.configure(); + rl.setLevel(Level.DEBUG); + + + } + + public synchronized Restlet createInboundRoot(){ + this.authenticator = createAuthenticator(); + + + Router router = new Router(getContext()); + + router.attach("/annotations",AddAndSearchAnnotations.class); + router.attach("/search",AddAndSearchAnnotations.class); // annotator api askes for different uris for search and adding + router.attach("/dummy",Dummy.class); + + authenticator.setNext(router); + return authenticator; + + + + } + + public boolean authenticate(Request request, Response response) { + if (!request.getClientInfo().isAuthenticated()) { + authenticator.challenge(response, false); + return false; + } + + if(request.getClientInfo().getUser()==null) //FIXME sometimes ist authenticated true, but no user + { + authenticator.challenge(response, false); + return false; + } + return true; + } + + public boolean authenticate(String username, String password,Request request) { + LoginContext lc; + + try { + Configuration conf = createConfiguration(); + + lc = new LoginContext("BasicJaasAuthenticationApplication", null, new MyCallBackHandler(username,password),conf); + lc.login(); + } catch (LoginException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + return false; + } + + Subject subject = lc.getSubject(); + ClientInfo clientInfo = new ClientInfo(); + User user = new User(username); + clientInfo.setAuthenticated(true); + clientInfo.setUser(user); + + request.setClientInfo(clientInfo); + return true; + } + + public String getUserNameFromLdap(String creator) { + String retString=creator; // falls nichts gefunden wird einfach den creator zurueckgeben + Hashtable<String,String> env = new Hashtable<String,String>(); + String sp = "com.sun.jndi.ldap.LdapCtxFactory"; + env.put(javax.naming.Context.INITIAL_CONTEXT_FACTORY, sp); + + String ldapUrl = "ldap://mpiwgldap.mpiwg-berlin.mpg.de/dc=mpiwg-berlin,dc=mpg,dc=de";//TODO should go into config file + env.put(javax.naming.Context.PROVIDER_URL, ldapUrl); + + DirContext dctx; + try { + dctx = new InitialDirContext(env); + } catch (NamingException e1) { + // TODO Auto-generated catch block + e1.printStackTrace(); + return retString; + } + + String base = "ou=People"; + + SearchControls sc = new SearchControls(); + String[] attributeFilter = { "cn", "mail" }; + sc.setReturningAttributes(attributeFilter); + sc.setSearchScope(SearchControls.SUBTREE_SCOPE); + + String filter = "(uid="+creator+")"; + + try { + NamingEnumeration<SearchResult> results = dctx.search(base, filter, sc); + while (results.hasMore()) { + SearchResult sr = (SearchResult) results.next(); + javax.naming.directory.Attributes attrs = sr.getAttributes(); + + Attribute attr = attrs.get("cn"); + retString=(String) attr.get(); + } + } catch (NamingException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + + try { + dctx.close(); + } catch (NamingException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + return retString; + } + +}