Mercurial > hg > digilib
comparison servlet/src/main/java/digilib/auth/OpenIdAuthnOps.java @ 1507:8c7f1ef5a67f
added auth token in cookie. cookie name configurable as "auth-token-cookie".
author | robcast |
---|---|
date | Thu, 28 Apr 2016 19:40:47 +0200 |
parents | a693f487d860 |
children | e7e38e1f68df |
comparison
equal
deleted
inserted
replaced
1506:a693f487d860 | 1507:8c7f1ef5a67f |
---|---|
28 import java.io.File; | 28 import java.io.File; |
29 import java.util.Arrays; | 29 import java.util.Arrays; |
30 import java.util.HashMap; | 30 import java.util.HashMap; |
31 import java.util.List; | 31 import java.util.List; |
32 import java.util.Map; | 32 import java.util.Map; |
33 | |
34 import javax.servlet.http.Cookie; | |
35 import javax.servlet.http.HttpServletRequest; | |
33 | 36 |
34 import org.apache.log4j.Logger; | 37 import org.apache.log4j.Logger; |
35 import org.jose4j.jwk.JsonWebKey; | 38 import org.jose4j.jwk.JsonWebKey; |
36 import org.jose4j.jwt.JwtClaims; | 39 import org.jose4j.jwt.JwtClaims; |
37 import org.jose4j.jwt.MalformedClaimException; | 40 import org.jose4j.jwt.MalformedClaimException; |
41 import org.jose4j.jwt.consumer.JwtContext; | 44 import org.jose4j.jwt.consumer.JwtContext; |
42 import org.jose4j.lang.JoseException; | 45 import org.jose4j.lang.JoseException; |
43 | 46 |
44 import digilib.conf.DigilibConfiguration; | 47 import digilib.conf.DigilibConfiguration; |
45 import digilib.conf.DigilibRequest; | 48 import digilib.conf.DigilibRequest; |
49 import digilib.conf.DigilibServletRequest; | |
46 import digilib.util.XMLMapListLoader; | 50 import digilib.util.XMLMapListLoader; |
47 | 51 |
48 /** | 52 /** |
49 * Implements AuthnOps using an OpenId Connect ID token. | 53 * Implements AuthnOps using an OpenId Connect ID token. |
50 * | 54 * |
73 protected File configFile; | 77 protected File configFile; |
74 | 78 |
75 protected JwtConsumer firstPassJwtConsumer; | 79 protected JwtConsumer firstPassJwtConsumer; |
76 protected Map<String, JwtConsumer> idpJwtConsumers; | 80 protected Map<String, JwtConsumer> idpJwtConsumers; |
77 protected Map<String, List<String>> idpRoles; | 81 protected Map<String, List<String>> idpRoles; |
82 | |
83 protected String tokenCookieName; | |
78 | 84 |
79 | 85 |
80 /* (non-Javadoc) | 86 /* (non-Javadoc) |
81 * @see digilib.auth.AuthnOps#init(digilib.conf.DigilibConfiguration) | 87 * @see digilib.auth.AuthnOps#init(digilib.conf.DigilibConfiguration) |
82 */ | 88 */ |
162 } catch (JoseException e) { | 168 } catch (JoseException e) { |
163 logger.error("Invalid key data in openid tag! (issuer: "+issuer+")"); | 169 logger.error("Invalid key data in openid tag! (issuer: "+issuer+")"); |
164 continue; | 170 continue; |
165 } | 171 } |
166 } | 172 } |
173 | |
174 // set token cookie name | |
175 tokenCookieName = dlConfig.getAsString("auth-token-cookie"); | |
167 } | 176 } |
168 | 177 |
169 /* (non-Javadoc) | 178 /* (non-Javadoc) |
170 * @see digilib.auth.AuthnOps#hasUserRoles() | 179 * @see digilib.auth.AuthnOps#hasUserRoles() |
171 */ | 180 */ |
177 /* (non-Javadoc) | 186 /* (non-Javadoc) |
178 * @see digilib.auth.AuthnOps#getUserRoles(digilib.conf.DigilibRequest) | 187 * @see digilib.auth.AuthnOps#getUserRoles(digilib.conf.DigilibRequest) |
179 */ | 188 */ |
180 @Override | 189 @Override |
181 public List<String> getUserRoles(DigilibRequest request) throws AuthOpException { | 190 public List<String> getUserRoles(DigilibRequest request) throws AuthOpException { |
191 /* | |
192 * try token parameter first | |
193 */ | |
182 String id_token = request.getAsString("id_token"); | 194 String id_token = request.getAsString("id_token"); |
183 if (id_token == null || id_token.isEmpty()) { | 195 if (id_token == null || id_token.isEmpty()) { |
184 logger.error("Missing id token!"); | 196 /* |
185 return null; | 197 * try token cookie next |
198 */ | |
199 HttpServletRequest srvReq = ((DigilibServletRequest) request).getServletRequest(); | |
200 Cookie[] cookies = srvReq.getCookies(); | |
201 if (cookies != null) { | |
202 for (Cookie c : cookies) { | |
203 if (c.getName() == tokenCookieName) { | |
204 id_token = c.getValue(); | |
205 break; | |
206 } | |
207 } | |
208 } | |
209 if (id_token == null || id_token.isEmpty()) { | |
210 logger.error("Missing id token!"); | |
211 return null; | |
212 } | |
186 } | 213 } |
187 // the first JwtConsumer is just used to parse the JWT into a JwtContext object. | 214 // the first JwtConsumer is just used to parse the JWT into a JwtContext object. |
188 try { | 215 try { |
189 JwtContext jwtContext = firstPassJwtConsumer.process(id_token); | 216 JwtContext jwtContext = firstPassJwtConsumer.process(id_token); |
190 // extract issuer | 217 // extract issuer |