Mercurial > hg > digilib

comparison servlet/src/main/java/digilib/auth/OpenIdAuthnOps.java @ 1507:8c7f1ef5a67f

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
added auth token in cookie. cookie name configurable as "auth-token-cookie".
author robcast
date Thu, 28 Apr 2016 19:40:47 +0200
parents a693f487d860
children e7e38e1f68df
comparison
equal deleted inserted replaced
1506:a693f487d860 1507:8c7f1ef5a67f
28 import java.io.File; 28 import java.io.File;
29 import java.util.Arrays; 29 import java.util.Arrays;
30 import java.util.HashMap; 30 import java.util.HashMap;
31 import java.util.List; 31 import java.util.List;
32 import java.util.Map; 32 import java.util.Map;
33
34 import javax.servlet.http.Cookie;
35 import javax.servlet.http.HttpServletRequest;
33 36
34 import org.apache.log4j.Logger; 37 import org.apache.log4j.Logger;
35 import org.jose4j.jwk.JsonWebKey; 38 import org.jose4j.jwk.JsonWebKey;
36 import org.jose4j.jwt.JwtClaims; 39 import org.jose4j.jwt.JwtClaims;
37 import org.jose4j.jwt.MalformedClaimException; 40 import org.jose4j.jwt.MalformedClaimException;
41 import org.jose4j.jwt.consumer.JwtContext; 44 import org.jose4j.jwt.consumer.JwtContext;
42 import org.jose4j.lang.JoseException; 45 import org.jose4j.lang.JoseException;
43 46
44 import digilib.conf.DigilibConfiguration; 47 import digilib.conf.DigilibConfiguration;
45 import digilib.conf.DigilibRequest; 48 import digilib.conf.DigilibRequest;
49 import digilib.conf.DigilibServletRequest;
46 import digilib.util.XMLMapListLoader; 50 import digilib.util.XMLMapListLoader;
47 51
48 /** 52 /**
49 * Implements AuthnOps using an OpenId Connect ID token. 53 * Implements AuthnOps using an OpenId Connect ID token.
50 * 54 *
73 protected File configFile; 77 protected File configFile;
74 78
75 protected JwtConsumer firstPassJwtConsumer; 79 protected JwtConsumer firstPassJwtConsumer;
76 protected Map<String, JwtConsumer> idpJwtConsumers; 80 protected Map<String, JwtConsumer> idpJwtConsumers;
77 protected Map<String, List<String>> idpRoles; 81 protected Map<String, List<String>> idpRoles;
82
83 protected String tokenCookieName;
78 84
79 85
80 /* (non-Javadoc) 86 /* (non-Javadoc)
81 * @see digilib.auth.AuthnOps#init(digilib.conf.DigilibConfiguration) 87 * @see digilib.auth.AuthnOps#init(digilib.conf.DigilibConfiguration)
82 */ 88 */
162 } catch (JoseException e) { 168 } catch (JoseException e) {
163 logger.error("Invalid key data in openid tag! (issuer: "+issuer+")"); 169 logger.error("Invalid key data in openid tag! (issuer: "+issuer+")");
164 continue; 170 continue;
165 } 171 }
166 } 172 }
173
174 // set token cookie name
175 tokenCookieName = dlConfig.getAsString("auth-token-cookie");
167 } 176 }
168 177
169 /* (non-Javadoc) 178 /* (non-Javadoc)
170 * @see digilib.auth.AuthnOps#hasUserRoles() 179 * @see digilib.auth.AuthnOps#hasUserRoles()
171 */ 180 */
177 /* (non-Javadoc) 186 /* (non-Javadoc)
178 * @see digilib.auth.AuthnOps#getUserRoles(digilib.conf.DigilibRequest) 187 * @see digilib.auth.AuthnOps#getUserRoles(digilib.conf.DigilibRequest)
179 */ 188 */
180 @Override 189 @Override
181 public List<String> getUserRoles(DigilibRequest request) throws AuthOpException { 190 public List<String> getUserRoles(DigilibRequest request) throws AuthOpException {
191 /*
192 * try token parameter first
193 */
182 String id_token = request.getAsString("id_token"); 194 String id_token = request.getAsString("id_token");
183 if (id_token == null || id_token.isEmpty()) { 195 if (id_token == null || id_token.isEmpty()) {
184 logger.error("Missing id token!"); 196 /*
185 return null; 197 * try token cookie next
198 */
199 HttpServletRequest srvReq = ((DigilibServletRequest) request).getServletRequest();
200 Cookie[] cookies = srvReq.getCookies();
201 if (cookies != null) {
202 for (Cookie c : cookies) {
203 if (c.getName() == tokenCookieName) {
204 id_token = c.getValue();
205 break;
206 }
207 }
208 }
209 if (id_token == null || id_token.isEmpty()) {
210 logger.error("Missing id token!");
211 return null;
212 }
186 } 213 }
187 // the first JwtConsumer is just used to parse the JWT into a JwtContext object. 214 // the first JwtConsumer is just used to parse the JWT into a JwtContext object.
188 try { 215 try {
189 JwtContext jwtContext = firstPassJwtConsumer.process(id_token); 216 JwtContext jwtContext = firstPassJwtConsumer.process(id_token);
190 // extract issuer 217 // extract issuer