Mercurial > hg > digilib

changeset 1497:77c5890bb699

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
first draft of OpenId Connect authentication class.
author robcast
date Wed, 30 Mar 2016 16:26:34 +0200
parents 116b294a276b
children c1b27845aea3
files servlet/src/main/java/digilib/auth/OpenIdAuthnOps.java servlet/src/main/java/digilib/conf/DigilibServletRequest.java
diffstat 2 files changed, 111 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/servlet/src/main/java/digilib/auth/OpenIdAuthnOps.java	Wed Mar 30 16:26:34 2016 +0200
@@ -0,0 +1,109 @@
+package digilib.auth;
+
+import java.io.File;
+
+/*
+ * #%L
+ * Authentication class implementation using IP addresses and Servlet user information
+ * 
+ * Digital Image Library servlet components
+ * 
+ * %%
+ * Copyright (C) 2016 MPIWG Berlin
+ * %%
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as 
+ * published by the Free Software Foundation, either version 3 of the 
+ * License, or (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Lesser Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Lesser Public 
+ * License along with this program.  If not, see
+ * <http://www.gnu.org/licenses/lgpl-3.0.html>.
+ * #L%
+ * Author: Robert Casties (robcast@berlios.de)
+ */
+
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.log4j.Logger;
+
+import digilib.conf.DigilibConfiguration;
+import digilib.conf.DigilibRequest;
+import digilib.conf.DigilibServletRequest;
+/*
+ * #%L
+ * Authentication class implementation using IP addresses
+ * 
+ * Digital Image Library servlet components
+ * 
+ * %%
+ * Copyright (C) 2016 MPIWG Berlin
+ * %%
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as 
+ * published by the Free Software Foundation, either version 3 of the 
+ * License, or (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Lesser Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Lesser Public 
+ * License along with this program.  If not, see
+ * <http://www.gnu.org/licenses/lgpl-3.0.html>.
+ * #L%
+ * Author: Robert Casties (robcast@users.sourceforge.net)
+ */
+
+
+/**
+ * Implements AuthnOps using an OpenId Connect ID token.
+ * 
+ * The name of the configuration file is read from the digilib config parameter "auth-file".
+ * <p/>
+ * The tag "digilib-oauth" is read from the configuration file:
+ * <pre>  
+ * {@code
+ * <digilib-oauth>
+ *   <openid issuer="https://id.some.where" clientid="myclient" roles="someusers" keytype="jwk">
+ *     {"kty":"RSA","e":"AQAB","kid":"rsa1","n":"qjQ5U3wXzamg9R...idGpIiVilMDVBs"}
+ *   </openid>
+ * </digilib-oauth>
+ * }
+ * </pre>
+ * 
+ */
+public class OpenIdAuthnOps implements AuthnOps {
+
+    /** general logger for this class */
+    protected Logger logger = Logger.getLogger(this.getClass());
+
+    protected File configFile;
+
+    /* (non-Javadoc)
+     * @see digilib.auth.AuthnOps#init(digilib.conf.DigilibConfiguration)
+     */
+    @Override
+    public void init(DigilibConfiguration dlConfig) throws AuthOpException {
+        configFile = dlConfig.getAsFile("auth-file");
+        logger.debug("openidauthnops.init (" + configFile + ")");
+        
+    }
+
+    /* (non-Javadoc)
+     * @see digilib.auth.IpAuthnOps#isUserInRole(digilib.conf.DigilibRequest, java.lang.String)
+     */
+    @Override
+    public boolean isUserInRole(DigilibRequest dlRequest, String role) throws AuthOpException {
+        return false;
+    }
+
+}
--- a/servlet/src/main/java/digilib/conf/DigilibServletRequest.java	Wed Mar 30 16:25:18 2016 +0200
+++ b/servlet/src/main/java/digilib/conf/DigilibServletRequest.java	Wed Mar 30 16:26:34 2016 +0200
@@ -146,6 +146,8 @@
         newParameter("scale", new Float(1), null, 's');
         // color conversion operation
         newParameter("colop", "", null, 's');
+        // OpenID Connect ID token
+        newParameter("id_token", "", null, 's');
 
         /*
          * Parameters of type 'i' are not exchanged between client and server,