# HG changeset patch
# User robcast
# Date 1459347994 -7200
# Node ID 77c5890bb69968e631bb544ace7a19190a581646
# Parent  116b294a276bd7e5d21dd8c4729a5ebdbc82f6a6
first draft of OpenId Connect authentication class.

diff -r 116b294a276b -r 77c5890bb699 servlet/src/main/java/digilib/auth/OpenIdAuthnOps.java
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/servlet/src/main/java/digilib/auth/OpenIdAuthnOps.java	Wed Mar 30 16:26:34 2016 +0200
@@ -0,0 +1,109 @@
+package digilib.auth;
+
+import java.io.File;
+
+/*
+ * #%L
+ * Authentication class implementation using IP addresses and Servlet user information
+ * 
+ * Digital Image Library servlet components
+ * 
+ * %%
+ * Copyright (C) 2016 MPIWG Berlin
+ * %%
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as 
+ * published by the Free Software Foundation, either version 3 of the 
+ * License, or (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Lesser Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Lesser Public 
+ * License along with this program.  If not, see
+ * <http://www.gnu.org/licenses/lgpl-3.0.html>.
+ * #L%
+ * Author: Robert Casties (robcast@berlios.de)
+ */
+
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.log4j.Logger;
+
+import digilib.conf.DigilibConfiguration;
+import digilib.conf.DigilibRequest;
+import digilib.conf.DigilibServletRequest;
+/*
+ * #%L
+ * Authentication class implementation using IP addresses
+ * 
+ * Digital Image Library servlet components
+ * 
+ * %%
+ * Copyright (C) 2016 MPIWG Berlin
+ * %%
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as 
+ * published by the Free Software Foundation, either version 3 of the 
+ * License, or (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Lesser Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Lesser Public 
+ * License along with this program.  If not, see
+ * <http://www.gnu.org/licenses/lgpl-3.0.html>.
+ * #L%
+ * Author: Robert Casties (robcast@users.sourceforge.net)
+ */
+
+
+/**
+ * Implements AuthnOps using an OpenId Connect ID token.
+ * 
+ * The name of the configuration file is read from the digilib config parameter "auth-file".
+ * <p/>
+ * The tag "digilib-oauth" is read from the configuration file:
+ * <pre>  
+ * {@code
+ * <digilib-oauth>
+ *   <openid issuer="https://id.some.where" clientid="myclient" roles="someusers" keytype="jwk">
+ *     {"kty":"RSA","e":"AQAB","kid":"rsa1","n":"qjQ5U3wXzamg9R...idGpIiVilMDVBs"}
+ *   </openid>
+ * </digilib-oauth>
+ * }
+ * </pre>
+ * 
+ */
+public class OpenIdAuthnOps implements AuthnOps {
+
+    /** general logger for this class */
+    protected Logger logger = Logger.getLogger(this.getClass());
+
+    protected File configFile;
+
+    /* (non-Javadoc)
+     * @see digilib.auth.AuthnOps#init(digilib.conf.DigilibConfiguration)
+     */
+    @Override
+    public void init(DigilibConfiguration dlConfig) throws AuthOpException {
+        configFile = dlConfig.getAsFile("auth-file");
+        logger.debug("openidauthnops.init (" + configFile + ")");
+        
+    }
+
+    /* (non-Javadoc)
+     * @see digilib.auth.IpAuthnOps#isUserInRole(digilib.conf.DigilibRequest, java.lang.String)
+     */
+    @Override
+    public boolean isUserInRole(DigilibRequest dlRequest, String role) throws AuthOpException {
+        return false;
+    }
+
+}
diff -r 116b294a276b -r 77c5890bb699 servlet/src/main/java/digilib/conf/DigilibServletRequest.java
--- a/servlet/src/main/java/digilib/conf/DigilibServletRequest.java	Wed Mar 30 16:25:18 2016 +0200
+++ b/servlet/src/main/java/digilib/conf/DigilibServletRequest.java	Wed Mar 30 16:26:34 2016 +0200
@@ -146,6 +146,8 @@
         newParameter("scale", new Float(1), null, 's');
         // color conversion operation
         newParameter("colop", "", null, 's');
+        // OpenID Connect ID token
+        newParameter("id_token", "", null, 's');
 
         /*
          * Parameters of type 'i' are not exchanged between client and server,