# HG changeset patch
# User robcast
# Date 1461865247 -7200
# Node ID 8c7f1ef5a67fd15c164b5629f5e040d3da23a95f
# Parent  a693f487d86083a62775264fd1857898ceaa154e
added auth token in cookie. cookie name configurable as "auth-token-cookie".

diff -r a693f487d860 -r 8c7f1ef5a67f servlet/src/main/java/digilib/auth/OpenIdAuthnOps.java
--- a/servlet/src/main/java/digilib/auth/OpenIdAuthnOps.java	Thu Apr 28 19:07:49 2016 +0200
+++ b/servlet/src/main/java/digilib/auth/OpenIdAuthnOps.java	Thu Apr 28 19:40:47 2016 +0200
@@ -31,6 +31,9 @@
 import java.util.List;
 import java.util.Map;
 
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+
 import org.apache.log4j.Logger;
 import org.jose4j.jwk.JsonWebKey;
 import org.jose4j.jwt.JwtClaims;
@@ -43,6 +46,7 @@
 
 import digilib.conf.DigilibConfiguration;
 import digilib.conf.DigilibRequest;
+import digilib.conf.DigilibServletRequest;
 import digilib.util.XMLMapListLoader;
 
 /**
@@ -75,6 +79,8 @@
     protected JwtConsumer firstPassJwtConsumer;
     protected Map<String, JwtConsumer> idpJwtConsumers;
     protected Map<String, List<String>> idpRoles;
+
+    protected String tokenCookieName;
     
 
     /* (non-Javadoc)
@@ -164,6 +170,9 @@
                 continue;
             }
         }
+        
+        // set token cookie name
+        tokenCookieName = dlConfig.getAsString("auth-token-cookie");
     }
 
     /* (non-Javadoc)
@@ -179,10 +188,28 @@
      */
     @Override
     public List<String> getUserRoles(DigilibRequest request) throws AuthOpException {
+        /*
+         * try token parameter first
+         */
         String id_token = request.getAsString("id_token");
         if (id_token == null || id_token.isEmpty()) {
-            logger.error("Missing id token!");
-            return null;
+            /*
+             * try token cookie next
+             */
+            HttpServletRequest srvReq = ((DigilibServletRequest) request).getServletRequest();            
+            Cookie[] cookies = srvReq.getCookies();
+            if (cookies != null) {
+                for (Cookie c : cookies) {
+                    if (c.getName() == tokenCookieName) {
+                        id_token = c.getValue();
+                        break;
+                    }
+                }
+            }
+            if (id_token == null || id_token.isEmpty()) {
+                logger.error("Missing id token!");
+                return null;
+            }
         }
         // the first JwtConsumer is just used to parse the JWT into a JwtContext object.
         try {
diff -r a693f487d860 -r 8c7f1ef5a67f servlet/src/main/java/digilib/conf/DigilibServletConfiguration.java
--- a/servlet/src/main/java/digilib/conf/DigilibServletConfiguration.java	Thu Apr 28 19:07:49 2016 +0200
+++ b/servlet/src/main/java/digilib/conf/DigilibServletConfiguration.java	Thu Apr 28 19:40:47 2016 +0200
@@ -169,7 +169,8 @@
         newParameter("authzops-class", "digilib.auth.PathAuthzOps", null, 'f');
         // DocuDirectory implementation
         newParameter("docudirectory-class", "digilib.io.BaseDirDocuDirectory", null, 'f');
-
+        // name of cookie with authentication token
+        newParameter("auth-token-cookie", "id_token", null, 'f');
     }
 
     /**