# HG changeset patch # User robcast # Date 1461865247 -7200 # Node ID 8c7f1ef5a67fd15c164b5629f5e040d3da23a95f # Parent a693f487d86083a62775264fd1857898ceaa154e added auth token in cookie. cookie name configurable as "auth-token-cookie". diff -r a693f487d860 -r 8c7f1ef5a67f servlet/src/main/java/digilib/auth/OpenIdAuthnOps.java --- a/servlet/src/main/java/digilib/auth/OpenIdAuthnOps.java Thu Apr 28 19:07:49 2016 +0200 +++ b/servlet/src/main/java/digilib/auth/OpenIdAuthnOps.java Thu Apr 28 19:40:47 2016 +0200 @@ -31,6 +31,9 @@ import java.util.List; import java.util.Map; +import javax.servlet.http.Cookie; +import javax.servlet.http.HttpServletRequest; + import org.apache.log4j.Logger; import org.jose4j.jwk.JsonWebKey; import org.jose4j.jwt.JwtClaims; @@ -43,6 +46,7 @@ import digilib.conf.DigilibConfiguration; import digilib.conf.DigilibRequest; +import digilib.conf.DigilibServletRequest; import digilib.util.XMLMapListLoader; /** @@ -75,6 +79,8 @@ protected JwtConsumer firstPassJwtConsumer; protected Map idpJwtConsumers; protected Map> idpRoles; + + protected String tokenCookieName; /* (non-Javadoc) @@ -164,6 +170,9 @@ continue; } } + + // set token cookie name + tokenCookieName = dlConfig.getAsString("auth-token-cookie"); } /* (non-Javadoc) @@ -179,10 +188,28 @@ */ @Override public List getUserRoles(DigilibRequest request) throws AuthOpException { + /* + * try token parameter first + */ String id_token = request.getAsString("id_token"); if (id_token == null || id_token.isEmpty()) { - logger.error("Missing id token!"); - return null; + /* + * try token cookie next + */ + HttpServletRequest srvReq = ((DigilibServletRequest) request).getServletRequest(); + Cookie[] cookies = srvReq.getCookies(); + if (cookies != null) { + for (Cookie c : cookies) { + if (c.getName() == tokenCookieName) { + id_token = c.getValue(); + break; + } + } + } + if (id_token == null || id_token.isEmpty()) { + logger.error("Missing id token!"); + return null; + } } // the first JwtConsumer is just used to parse the JWT into a JwtContext object. try { diff -r a693f487d860 -r 8c7f1ef5a67f servlet/src/main/java/digilib/conf/DigilibServletConfiguration.java --- a/servlet/src/main/java/digilib/conf/DigilibServletConfiguration.java Thu Apr 28 19:07:49 2016 +0200 +++ b/servlet/src/main/java/digilib/conf/DigilibServletConfiguration.java Thu Apr 28 19:40:47 2016 +0200 @@ -169,7 +169,8 @@ newParameter("authzops-class", "digilib.auth.PathAuthzOps", null, 'f'); // DocuDirectory implementation newParameter("docudirectory-class", "digilib.io.BaseDirDocuDirectory", null, 'f'); - + // name of cookie with authentication token + newParameter("auth-token-cookie", "id_token", null, 'f'); } /**