1 package org
.argeo
.cms
.integration
;
3 import java
.io
.IOException
;
4 import java
.time
.ZonedDateTime
;
8 import javax
.security
.auth
.Subject
;
9 import javax
.security
.auth
.callback
.Callback
;
10 import javax
.security
.auth
.callback
.UnsupportedCallbackException
;
11 import javax
.security
.auth
.login
.LoginContext
;
12 import javax
.security
.auth
.login
.LoginException
;
13 import javax
.servlet
.ServletException
;
14 import javax
.servlet
.http
.HttpServlet
;
15 import javax
.servlet
.http
.HttpServletRequest
;
16 import javax
.servlet
.http
.HttpServletResponse
;
18 import org
.argeo
.api
.acr
.ldap
.NamingUtils
;
19 import org
.argeo
.api
.cms
.CmsAuth
;
20 import org
.argeo
.api
.cms
.directory
.CmsUserManager
;
21 import org
.argeo
.cms
.auth
.RemoteAuthCallback
;
22 import org
.argeo
.cms
.auth
.RemoteAuthCallbackHandler
;
23 import org
.argeo
.cms
.servlet
.ServletHttpRequest
;
24 import org
.argeo
.cms
.servlet
.ServletHttpResponse
;
25 import org
.osgi
.service
.useradmin
.Authorization
;
27 import com
.fasterxml
.jackson
.core
.JsonGenerator
;
28 import com
.fasterxml
.jackson
.databind
.ObjectMapper
;
30 /** Provides access to tokens. */
31 public class CmsTokenServlet
extends HttpServlet
{
32 private static final long serialVersionUID
= 302918711430864140L;
34 public final static String PARAM_EXPIRY_DATE
= "expiryDate";
35 public final static String PARAM_TOKEN
= "token";
37 private final static int DEFAULT_HOURS
= 24;
39 private CmsUserManager userManager
;
40 private ObjectMapper objectMapper
= new ObjectMapper();
43 protected void doPost(HttpServletRequest req
, HttpServletResponse resp
) throws ServletException
, IOException
{
44 ServletHttpRequest request
= new ServletHttpRequest(req
);
45 ServletHttpResponse response
= new ServletHttpResponse(resp
);
46 LoginContext lc
= null;
48 lc
= new LoginContext(CmsAuth
.LOGIN_CONTEXT_USER
, new RemoteAuthCallbackHandler(request
, response
) {
49 public void handle(Callback
[] callbacks
) throws IOException
, UnsupportedCallbackException
{
50 for (Callback callback
: callbacks
) {
51 if (callback
instanceof RemoteAuthCallback
) {
52 ((RemoteAuthCallback
) callback
).setRequest(request
);
53 ((RemoteAuthCallback
) callback
).setResponse(response
);
59 } catch (LoginException e
) {
64 Subject subject
= lc
.getSubject();
65 Authorization authorization
= extractFrom(subject
.getPrivateCredentials(Authorization
.class));
66 String token
= UUID
.randomUUID().toString();
67 String expiryDateStr
= req
.getParameter(PARAM_EXPIRY_DATE
);
68 ZonedDateTime expiryDate
;
69 if (expiryDateStr
!= null) {
70 expiryDate
= NamingUtils
.ldapDateToZonedDateTime(expiryDateStr
);
72 expiryDate
= ZonedDateTime
.now().plusHours(DEFAULT_HOURS
);
73 expiryDateStr
= NamingUtils
.instantToLdapDate(expiryDate
);
75 userManager
.addAuthToken(authorization
.getName(), token
, expiryDate
);
77 TokenDescriptor tokenDescriptor
= new TokenDescriptor();
78 tokenDescriptor
.setUsername(authorization
.getName());
79 tokenDescriptor
.setToken(token
);
80 tokenDescriptor
.setExpiryDate(expiryDateStr
);
81 // tokenDescriptor.setRoles(Collections.unmodifiableSortedSet(new TreeSet<>(Arrays.asList(roles))));
83 resp
.setContentType("application/json");
84 JsonGenerator jg
= objectMapper
.getFactory().createGenerator(resp
.getWriter());
85 jg
.writeObject(tokenDescriptor
);
86 } catch (Exception e
) {
87 new CmsExceptionsChain(e
).writeAsJson(objectMapper
, resp
);
92 protected void doGet(HttpServletRequest req
, HttpServletResponse resp
) throws ServletException
, IOException
{
93 // temporarily wrap POST for ease of testing
98 protected void doDelete(HttpServletRequest req
, HttpServletResponse resp
) throws ServletException
, IOException
{
100 String token
= req
.getParameter(PARAM_TOKEN
);
101 userManager
.expireAuthToken(token
);
102 } catch (Exception e
) {
103 new CmsExceptionsChain(e
).writeAsJson(objectMapper
, resp
);
107 protected <T
> T
extractFrom(Set
<T
> creds
) {
108 if (creds
.size() > 0)
109 return creds
.iterator().next();
114 public void setUserManager(CmsUserManager userManager
) {
115 this.userManager
= userManager
;