org.argeo.cms.ee/src/org/argeo/cms/integration/CmsTokenServlet.java

   1 package org.argeo.cms.integration;
   2
   3 import java.io.IOException;
   4 import java.time.ZonedDateTime;
   5 import java.util.Set;
   6 import java.util.UUID;
   7
   8 import javax.security.auth.Subject;
   9 import javax.security.auth.callback.Callback;
  10 import javax.security.auth.callback.UnsupportedCallbackException;
  11 import javax.security.auth.login.LoginContext;
  12 import javax.security.auth.login.LoginException;
  13 import javax.servlet.ServletException;
  14 import javax.servlet.http.HttpServlet;
  15 import javax.servlet.http.HttpServletRequest;
  16 import javax.servlet.http.HttpServletResponse;
  17
  18 import org.argeo.api.acr.ldap.NamingUtils;
  19 import org.argeo.api.cms.CmsAuth;
  20 import org.argeo.api.cms.directory.CmsUserManager;
  21 import org.argeo.cms.auth.RemoteAuthCallback;
  22 import org.argeo.cms.auth.RemoteAuthCallbackHandler;
  23 import org.argeo.cms.servlet.ServletHttpRequest;
  24 import org.argeo.cms.servlet.ServletHttpResponse;
  25 import org.osgi.service.useradmin.Authorization;
  26
  27 import com.fasterxml.jackson.core.JsonGenerator;
  28 import com.fasterxml.jackson.databind.ObjectMapper;
  29
  30 /** Provides access to tokens. */
  31 public class CmsTokenServlet extends HttpServlet {
  32         private static final long serialVersionUID = 302918711430864140L;
  33
  34         public final static String PARAM_EXPIRY_DATE = "expiryDate";
  35         public final static String PARAM_TOKEN = "token";
  36
  37         private final static int DEFAULT_HOURS = 24;
  38
  39         private CmsUserManager userManager;
  40         private ObjectMapper objectMapper = new ObjectMapper();
  41
  42         @Override
  43         protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
  44                 ServletHttpRequest request = new ServletHttpRequest(req);
  45                 ServletHttpResponse response = new ServletHttpResponse(resp);
  46                 LoginContext lc = null;
  47                 try {
  48                         lc = new LoginContext(CmsAuth.LOGIN_CONTEXT_USER, new RemoteAuthCallbackHandler(request, response) {
  49                                 public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
  50                                         for (Callback callback : callbacks) {
  51                                                 if (callback instanceof RemoteAuthCallback) {
  52                                                         ((RemoteAuthCallback) callback).setRequest(request);
  53                                                         ((RemoteAuthCallback) callback).setResponse(response);
  54                                                 }
  55                                         }
  56                                 }
  57                         });
  58                         lc.login();
  59                 } catch (LoginException e) {
  60                         // ignore
  61                 }
  62
  63                 try {
  64                         Subject subject = lc.getSubject();
  65                         Authorization authorization = extractFrom(subject.getPrivateCredentials(Authorization.class));
  66                         String token = UUID.randomUUID().toString();
  67                         String expiryDateStr = req.getParameter(PARAM_EXPIRY_DATE);
  68                         ZonedDateTime expiryDate;
  69                         if (expiryDateStr != null) {
  70                                 expiryDate = NamingUtils.ldapDateToZonedDateTime(expiryDateStr);
  71                         } else {
  72                                 expiryDate = ZonedDateTime.now().plusHours(DEFAULT_HOURS);
  73                                 expiryDateStr = NamingUtils.instantToLdapDate(expiryDate);
  74                         }
  75                         userManager.addAuthToken(authorization.getName(), token, expiryDate);
  76
  77                         TokenDescriptor tokenDescriptor = new TokenDescriptor();
  78                         tokenDescriptor.setUsername(authorization.getName());
  79                         tokenDescriptor.setToken(token);
  80                         tokenDescriptor.setExpiryDate(expiryDateStr);
  81 //                      tokenDescriptor.setRoles(Collections.unmodifiableSortedSet(new TreeSet<>(Arrays.asList(roles))));
  82
  83                         resp.setContentType("application/json");
  84                         JsonGenerator jg = objectMapper.getFactory().createGenerator(resp.getWriter());
  85                         jg.writeObject(tokenDescriptor);
  86                 } catch (Exception e) {
  87                         new CmsExceptionsChain(e).writeAsJson(objectMapper, resp);
  88                 }
  89         }
  90
  91         @Override
  92         protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
  93                 // temporarily wrap POST for ease of testing
  94                 doPost(req, resp);
  95         }
  96
  97         @Override
  98         protected void doDelete(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
  99                 try {
 100                         String token = req.getParameter(PARAM_TOKEN);
 101                         userManager.expireAuthToken(token);
 102                 } catch (Exception e) {
 103                         new CmsExceptionsChain(e).writeAsJson(objectMapper, resp);
 104                 }
 105         }
 106
 107         protected <T> T extractFrom(Set<T> creds) {
 108                 if (creds.size() > 0)
 109                         return creds.iterator().next();
 110                 else
 111                         return null;
 112         }
 113
 114         public void setUserManager(CmsUserManager userManager) {
 115                 this.userManager = userManager;
 116         }
 117 }