mirror of
https://github.com/DSpace/DSpace.git
synced 2025-10-18 15:33:09 +00:00
Merge pull request #1226 from KevinVdV/DS-2898-rest-all-authentication-methods
[DS-2898] Add support for all authentication methods in the rest api
This commit is contained in:
@@ -18,6 +18,7 @@
|
||||
<properties>
|
||||
<!-- This is the path to the root [dspace-src] directory. -->
|
||||
<root.basedir>${basedir}/..</root.basedir>
|
||||
<spring-security.version>3.2.9.RELEASE</spring-security.version>
|
||||
</properties>
|
||||
<build>
|
||||
<plugins>
|
||||
@@ -124,6 +125,27 @@
|
||||
</exclusion>
|
||||
</exclusions>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-core</artifactId>
|
||||
<version>${spring-security.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-web</artifactId>
|
||||
<version>${spring-security.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-config</artifactId>
|
||||
<version>${spring-security.version}</version>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>cglib</groupId>
|
||||
<artifactId>cglib</artifactId>
|
||||
<version>2.2.2</version>
|
||||
</dependency>
|
||||
|
||||
<!-- Use DSpace, for now, an older version to minimize spring generated dependency on Discovery -->
|
||||
<dependency>
|
||||
|
@@ -110,7 +110,7 @@ public class BitstreamResource extends Resource
|
||||
|
||||
try
|
||||
{
|
||||
context = createContext(getUser(headers));
|
||||
context = createContext();
|
||||
org.dspace.content.Bitstream dspaceBitstream = findBitstream(context, bitstreamId, org.dspace.core.Constants.READ);
|
||||
|
||||
writeStats(dspaceBitstream, UsageEvent.Action.VIEW, user_ip, user_agent, xforwardedfor, headers,
|
||||
@@ -163,7 +163,7 @@ public class BitstreamResource extends Resource
|
||||
|
||||
try
|
||||
{
|
||||
context = createContext(getUser(headers));
|
||||
context = createContext();
|
||||
org.dspace.content.Bitstream dspaceBitstream = findBitstream(context, bitstreamId, org.dspace.core.Constants.READ);
|
||||
policies = new Bitstream(dspaceBitstream, servletContext, "policies", context).getPolicies();
|
||||
|
||||
@@ -223,7 +223,7 @@ public class BitstreamResource extends Resource
|
||||
|
||||
try
|
||||
{
|
||||
context = createContext(getUser(headers));
|
||||
context = createContext();
|
||||
List<org.dspace.content.Bitstream> dspaceBitstreams = bitstreamService.findAll(context);
|
||||
|
||||
if (!((limit != null) && (limit >= 0) && (offset != null) && (offset >= 0)))
|
||||
@@ -305,7 +305,7 @@ public class BitstreamResource extends Resource
|
||||
|
||||
try
|
||||
{
|
||||
context = createContext(getUser(headers));
|
||||
context = createContext();
|
||||
org.dspace.content.Bitstream dspaceBitstream = findBitstream(context, bitstreamId, org.dspace.core.Constants.READ);
|
||||
|
||||
writeStats(dspaceBitstream, UsageEvent.Action.VIEW, user_ip, user_agent, xforwardedfor, headers,
|
||||
@@ -374,7 +374,7 @@ public class BitstreamResource extends Resource
|
||||
|
||||
try
|
||||
{
|
||||
context = createContext(getUser(headers));
|
||||
context = createContext();
|
||||
org.dspace.content.Bitstream dspaceBitstream = findBitstream(context, bitstreamId, org.dspace.core.Constants.WRITE);
|
||||
|
||||
writeStats(dspaceBitstream, UsageEvent.Action.UPDATE, user_ip, user_agent, xforwardedfor, headers,
|
||||
@@ -444,7 +444,7 @@ public class BitstreamResource extends Resource
|
||||
|
||||
try
|
||||
{
|
||||
context = createContext(getUser(headers));
|
||||
context = createContext();
|
||||
org.dspace.content.Bitstream dspaceBitstream = findBitstream(context, bitstreamId, org.dspace.core.Constants.WRITE);
|
||||
|
||||
writeStats(dspaceBitstream, UsageEvent.Action.UPDATE, user_ip, user_agent, xforwardedfor,
|
||||
@@ -549,7 +549,7 @@ public class BitstreamResource extends Resource
|
||||
|
||||
try
|
||||
{
|
||||
context = createContext(getUser(headers));
|
||||
context = createContext();
|
||||
org.dspace.content.Bitstream dspaceBitstream = findBitstream(context, bitstreamId, org.dspace.core.Constants.WRITE);
|
||||
|
||||
writeStats(dspaceBitstream, UsageEvent.Action.UPDATE, user_ip, user_agent, xforwardedfor,
|
||||
@@ -618,7 +618,7 @@ public class BitstreamResource extends Resource
|
||||
|
||||
try
|
||||
{
|
||||
context = createContext(getUser(headers));
|
||||
context = createContext();
|
||||
org.dspace.content.Bitstream dspaceBitstream = findBitstream(context, bitstreamId, org.dspace.core.Constants.DELETE);
|
||||
|
||||
writeStats(dspaceBitstream, UsageEvent.Action.DELETE, user_ip, user_agent, xforwardedfor,
|
||||
@@ -680,7 +680,7 @@ public class BitstreamResource extends Resource
|
||||
|
||||
try
|
||||
{
|
||||
context = createContext(getUser(headers));
|
||||
context = createContext();
|
||||
org.dspace.content.Bitstream dspaceBitstream = findBitstream(context, bitstreamId, org.dspace.core.Constants.WRITE);
|
||||
|
||||
writeStats(dspaceBitstream, UsageEvent.Action.UPDATE, user_ip, user_agent, xforwardedfor, headers,
|
||||
|
@@ -108,7 +108,7 @@ public class CollectionsResource extends Resource
|
||||
|
||||
try
|
||||
{
|
||||
context = createContext(getUser(headers));
|
||||
context = createContext();
|
||||
|
||||
org.dspace.content.Collection dspaceCollection = findCollection(context, collectionId, org.dspace.core.Constants.READ);
|
||||
writeStats(dspaceCollection, UsageEvent.Action.VIEW, user_ip, user_agent, xforwardedfor,
|
||||
@@ -177,7 +177,7 @@ public class CollectionsResource extends Resource
|
||||
|
||||
try
|
||||
{
|
||||
context = createContext(getUser(headers));
|
||||
context = createContext();
|
||||
|
||||
if (!((limit != null) && (limit >= 0) && (offset != null) && (offset >= 0)))
|
||||
{
|
||||
@@ -263,7 +263,7 @@ public class CollectionsResource extends Resource
|
||||
|
||||
try
|
||||
{
|
||||
context = createContext(getUser(headers));
|
||||
context = createContext();
|
||||
|
||||
org.dspace.content.Collection dspaceCollection = findCollection(context, collectionId, org.dspace.core.Constants.READ);
|
||||
writeStats(dspaceCollection, UsageEvent.Action.VIEW, user_ip, user_agent, xforwardedfor,
|
||||
@@ -344,7 +344,7 @@ public class CollectionsResource extends Resource
|
||||
|
||||
try
|
||||
{
|
||||
context = createContext(getUser(headers));
|
||||
context = createContext();
|
||||
org.dspace.content.Collection dspaceCollection = findCollection(context, collectionId,
|
||||
org.dspace.core.Constants.WRITE);
|
||||
|
||||
@@ -431,7 +431,7 @@ public class CollectionsResource extends Resource
|
||||
|
||||
try
|
||||
{
|
||||
context = createContext(getUser(headers));
|
||||
context = createContext();
|
||||
org.dspace.content.Collection dspaceCollection = findCollection(context, collectionId,
|
||||
org.dspace.core.Constants.WRITE);
|
||||
|
||||
@@ -501,7 +501,7 @@ public class CollectionsResource extends Resource
|
||||
|
||||
try
|
||||
{
|
||||
context = createContext(getUser(headers));
|
||||
context = createContext();
|
||||
org.dspace.content.Collection dspaceCollection = findCollection(context, collectionId,
|
||||
org.dspace.core.Constants.DELETE);
|
||||
|
||||
@@ -571,7 +571,7 @@ public class CollectionsResource extends Resource
|
||||
|
||||
try
|
||||
{
|
||||
context = createContext(getUser(headers));
|
||||
context = createContext();
|
||||
|
||||
org.dspace.content.Collection dspaceCollection = collectionService.findByIdOrLegacyId(context, collectionId);
|
||||
org.dspace.content.Item item = itemService.findByIdOrLegacyId(context, itemId);
|
||||
@@ -667,7 +667,7 @@ public class CollectionsResource extends Resource
|
||||
|
||||
try
|
||||
{
|
||||
context = createContext(getUser(headers));
|
||||
context = createContext();
|
||||
|
||||
List<org.dspace.content.Collection> dspaceCollections = collectionService.findAll(context);
|
||||
//TODO, this would be more efficient with a findByName query
|
||||
|
@@ -14,7 +14,6 @@ import org.dspace.authorize.service.AuthorizeService;
|
||||
import org.dspace.content.factory.ContentServiceFactory;
|
||||
import org.dspace.content.service.CollectionService;
|
||||
import org.dspace.content.service.CommunityService;
|
||||
import org.dspace.eperson.EPerson;
|
||||
import org.dspace.rest.common.Collection;
|
||||
import org.dspace.rest.common.Community;
|
||||
import org.dspace.rest.exceptions.ContextException;
|
||||
@@ -82,7 +81,7 @@ public class CommunitiesResource extends Resource
|
||||
|
||||
try
|
||||
{
|
||||
context = createContext(getUser(headers));
|
||||
context = createContext();
|
||||
|
||||
org.dspace.content.Community dspaceCommunity = findCommunity(context, communityId, org.dspace.core.Constants.READ);
|
||||
writeStats(dspaceCommunity, UsageEvent.Action.VIEW, user_ip, user_agent, xforwardedfor, headers,
|
||||
@@ -148,7 +147,7 @@ public class CommunitiesResource extends Resource
|
||||
|
||||
try
|
||||
{
|
||||
context = createContext(getUser(headers));
|
||||
context = createContext();
|
||||
|
||||
List<org.dspace.content.Community> dspaceCommunities = communityService.findAll(context);
|
||||
communities = new ArrayList<Community>();
|
||||
@@ -230,7 +229,7 @@ public class CommunitiesResource extends Resource
|
||||
|
||||
try
|
||||
{
|
||||
context = createContext(getUser(headers));
|
||||
context = createContext();
|
||||
|
||||
List<org.dspace.content.Community> dspaceCommunities = communityService.findAllTop(context);
|
||||
communities = new ArrayList<Community>();
|
||||
@@ -312,7 +311,7 @@ public class CommunitiesResource extends Resource
|
||||
|
||||
try
|
||||
{
|
||||
context = createContext(getUser(headers));
|
||||
context = createContext();
|
||||
|
||||
org.dspace.content.Community dspaceCommunity = findCommunity(context, communityId, org.dspace.core.Constants.READ);
|
||||
writeStats(dspaceCommunity, UsageEvent.Action.VIEW, user_ip, user_agent, xforwardedfor, headers,
|
||||
@@ -398,7 +397,7 @@ public class CommunitiesResource extends Resource
|
||||
|
||||
try
|
||||
{
|
||||
context = createContext(getUser(headers));
|
||||
context = createContext();
|
||||
|
||||
org.dspace.content.Community dspaceCommunity = findCommunity(context, communityId, org.dspace.core.Constants.READ);
|
||||
writeStats(dspaceCommunity, UsageEvent.Action.VIEW, user_ip, user_agent, xforwardedfor, headers,
|
||||
@@ -473,8 +472,7 @@ public class CommunitiesResource extends Resource
|
||||
|
||||
try
|
||||
{
|
||||
EPerson eperson = getUser(headers);
|
||||
context = createContext(eperson);
|
||||
context = createContext();
|
||||
if (!authorizeService.isAdmin(context))
|
||||
{
|
||||
context.abort();
|
||||
@@ -557,7 +555,7 @@ public class CommunitiesResource extends Resource
|
||||
|
||||
try
|
||||
{
|
||||
context = createContext(getUser(headers));
|
||||
context = createContext();
|
||||
|
||||
org.dspace.content.Community dspaceCommunity = findCommunity(context, communityId, org.dspace.core.Constants.WRITE);
|
||||
writeStats(dspaceCommunity, UsageEvent.Action.UPDATE, user_ip, user_agent, xforwardedfor,
|
||||
@@ -638,7 +636,7 @@ public class CommunitiesResource extends Resource
|
||||
|
||||
try
|
||||
{
|
||||
context = createContext(getUser(headers));
|
||||
context = createContext();
|
||||
org.dspace.content.Community dspaceParentCommunity = findCommunity(context, communityId,
|
||||
org.dspace.core.Constants.WRITE);
|
||||
|
||||
@@ -717,7 +715,7 @@ public class CommunitiesResource extends Resource
|
||||
|
||||
try
|
||||
{
|
||||
context = createContext(getUser(headers));
|
||||
context = createContext();
|
||||
|
||||
org.dspace.content.Community dspaceCommunity = findCommunity(context, communityId, org.dspace.core.Constants.WRITE);
|
||||
writeStats(dspaceCommunity, UsageEvent.Action.UPDATE, user_ip, user_agent, xforwardedfor,
|
||||
@@ -780,7 +778,7 @@ public class CommunitiesResource extends Resource
|
||||
|
||||
try
|
||||
{
|
||||
context = createContext(getUser(headers));
|
||||
context = createContext();
|
||||
|
||||
org.dspace.content.Community community = findCommunity(context, communityId, org.dspace.core.Constants.DELETE);
|
||||
writeStats(community, UsageEvent.Action.DELETE, user_ip, user_agent, xforwardedfor, headers,
|
||||
@@ -851,7 +849,7 @@ public class CommunitiesResource extends Resource
|
||||
|
||||
try
|
||||
{
|
||||
context = createContext(getUser(headers));
|
||||
context = createContext();
|
||||
|
||||
org.dspace.content.Community community = findCommunity(context, communityId, org.dspace.core.Constants.WRITE);
|
||||
org.dspace.content.Collection collection = collectionService.findByIdOrLegacyId(context, collectionId);
|
||||
@@ -951,7 +949,7 @@ public class CommunitiesResource extends Resource
|
||||
|
||||
try
|
||||
{
|
||||
context = createContext(getUser(headers));
|
||||
context = createContext();
|
||||
|
||||
org.dspace.content.Community parentCommunity = findCommunity(context, parentCommunityId,
|
||||
org.dspace.core.Constants.WRITE);
|
||||
|
@@ -84,7 +84,7 @@ public class FilteredCollectionsResource extends Resource {
|
||||
|
||||
try
|
||||
{
|
||||
context = createContext(getUser(headers));
|
||||
context = createContext();
|
||||
if (!configurationService.getBooleanProperty("rest.reporting-authenticate", true)) {
|
||||
context.turnOffAuthorisationSystem();
|
||||
}
|
||||
@@ -170,7 +170,7 @@ public class FilteredCollectionsResource extends Resource {
|
||||
org.dspace.core.Context context = null;
|
||||
FilteredCollection retColl = new org.dspace.rest.common.FilteredCollection();
|
||||
try {
|
||||
context = createContext(getUser(headers));
|
||||
context = createContext();
|
||||
if (!configurationService.getBooleanProperty("rest.reporting-authenticate", true)) {
|
||||
context.turnOffAuthorisationSystem();
|
||||
}
|
||||
|
@@ -113,7 +113,7 @@ public class FilteredItemsResource extends Resource {
|
||||
ItemFilterSet itemFilterSet = new ItemFilterSet(filters, true);
|
||||
ItemFilter result = itemFilterSet.getAllFiltersFilter();
|
||||
try {
|
||||
context = createContext(getUser(headers));
|
||||
context = createContext();
|
||||
if (!configurationService.getBooleanProperty("rest.reporting-authenticate", true)) {
|
||||
context.turnOffAuthorisationSystem();
|
||||
}
|
||||
|
@@ -49,7 +49,7 @@ public class HandleResource extends Resource {
|
||||
org.dspace.core.Context context = null;
|
||||
|
||||
try {
|
||||
context = createContext(getUser(headers));
|
||||
context = createContext();
|
||||
|
||||
org.dspace.content.DSpaceObject dso = handleService.resolveToObject(context, prefix + "/" + suffix);
|
||||
|
||||
|
@@ -73,7 +73,7 @@ public class HierarchyResource extends Resource {
|
||||
HierarchySite repo = new HierarchySite();
|
||||
|
||||
try {
|
||||
context = createContext(getUser(headers));
|
||||
context = createContext();
|
||||
if (!configurationService.getBooleanProperty("rest.hierarchy-authenticate", true)) {
|
||||
context.turnOffAuthorisationSystem();
|
||||
}
|
||||
|
@@ -99,7 +99,7 @@ public class ItemsResource extends Resource
|
||||
|
||||
try
|
||||
{
|
||||
context = createContext(getUser(headers));
|
||||
context = createContext();
|
||||
org.dspace.content.Item dspaceItem = findItem(context, itemId, org.dspace.core.Constants.READ);
|
||||
|
||||
writeStats(dspaceItem, UsageEvent.Action.VIEW, user_ip, user_agent, xforwardedfor, headers, request, context);
|
||||
@@ -159,7 +159,7 @@ public class ItemsResource extends Resource
|
||||
|
||||
try
|
||||
{
|
||||
context = createContext(getUser(headers));
|
||||
context = createContext();
|
||||
|
||||
Iterator<org.dspace.content.Item> dspaceItems = itemService.findAllUnfiltered(context);
|
||||
items = new ArrayList<Item>();
|
||||
@@ -235,7 +235,7 @@ public class ItemsResource extends Resource
|
||||
|
||||
try
|
||||
{
|
||||
context = createContext(getUser(headers));
|
||||
context = createContext();
|
||||
org.dspace.content.Item dspaceItem = findItem(context, itemId, org.dspace.core.Constants.READ);
|
||||
|
||||
writeStats(dspaceItem, UsageEvent.Action.VIEW, user_ip, user_agent, xforwardedfor, headers, request, context);
|
||||
@@ -294,7 +294,7 @@ public class ItemsResource extends Resource
|
||||
List<Bitstream> bitstreams = null;
|
||||
try
|
||||
{
|
||||
context = createContext(getUser(headers));
|
||||
context = createContext();
|
||||
org.dspace.content.Item dspaceItem = findItem(context, itemId, org.dspace.core.Constants.READ);
|
||||
|
||||
writeStats(dspaceItem, UsageEvent.Action.VIEW, user_ip, user_agent, xforwardedfor, headers, request, context);
|
||||
@@ -365,7 +365,7 @@ public class ItemsResource extends Resource
|
||||
|
||||
try
|
||||
{
|
||||
context = createContext(getUser(headers));
|
||||
context = createContext();
|
||||
org.dspace.content.Item dspaceItem = findItem(context, itemId, org.dspace.core.Constants.WRITE);
|
||||
|
||||
writeStats(dspaceItem, UsageEvent.Action.UPDATE, user_ip, user_agent, xforwardedfor, headers, request, context);
|
||||
@@ -440,7 +440,7 @@ public class ItemsResource extends Resource
|
||||
|
||||
try
|
||||
{
|
||||
context = createContext(getUser(headers));
|
||||
context = createContext();
|
||||
org.dspace.content.Item dspaceItem = findItem(context, itemId, org.dspace.core.Constants.WRITE);
|
||||
|
||||
writeStats(dspaceItem, UsageEvent.Action.UPDATE, user_ip, user_agent, xforwardedfor, headers, request, context);
|
||||
@@ -606,7 +606,7 @@ public class ItemsResource extends Resource
|
||||
|
||||
try
|
||||
{
|
||||
context = createContext(getUser(headers));
|
||||
context = createContext();
|
||||
org.dspace.content.Item dspaceItem = findItem(context, itemId, org.dspace.core.Constants.WRITE);
|
||||
|
||||
writeStats(dspaceItem, UsageEvent.Action.UPDATE, user_ip, user_agent, xforwardedfor, headers, request, context);
|
||||
@@ -687,7 +687,7 @@ public class ItemsResource extends Resource
|
||||
|
||||
try
|
||||
{
|
||||
context = createContext(getUser(headers));
|
||||
context = createContext();
|
||||
org.dspace.content.Item dspaceItem = findItem(context, itemId, org.dspace.core.Constants.DELETE);
|
||||
|
||||
writeStats(dspaceItem, UsageEvent.Action.REMOVE, user_ip, user_agent, xforwardedfor, headers, request, context);
|
||||
@@ -755,7 +755,7 @@ public class ItemsResource extends Resource
|
||||
|
||||
try
|
||||
{
|
||||
context = createContext(getUser(headers));
|
||||
context = createContext();
|
||||
org.dspace.content.Item dspaceItem = findItem(context, itemId, org.dspace.core.Constants.WRITE);
|
||||
|
||||
writeStats(dspaceItem, UsageEvent.Action.UPDATE, user_ip, user_agent, xforwardedfor, headers, request, context);
|
||||
@@ -830,7 +830,7 @@ public class ItemsResource extends Resource
|
||||
|
||||
try
|
||||
{
|
||||
context = createContext(getUser(headers));
|
||||
context = createContext();
|
||||
org.dspace.content.Item item = findItem(context, itemId, org.dspace.core.Constants.WRITE);
|
||||
|
||||
org.dspace.content.Bitstream bitstream = bitstreamService.findByIdOrLegacyId(context, bitstreamId);
|
||||
@@ -843,7 +843,7 @@ public class ItemsResource extends Resource
|
||||
else if (!authorizeService.authorizeActionBoolean(context, bitstream, org.dspace.core.Constants.DELETE))
|
||||
{
|
||||
context.abort();
|
||||
log.error("User(" + getUser(headers).getEmail() + ") is not allowed to delete bitstream(id=" + bitstreamId + ").");
|
||||
log.error("User(" + context.getCurrentUser().getEmail() + ") is not allowed to delete bitstream(id=" + bitstreamId + ").");
|
||||
return Response.status(Status.UNAUTHORIZED).build();
|
||||
}
|
||||
|
||||
@@ -925,7 +925,7 @@ public class ItemsResource extends Resource
|
||||
|
||||
try
|
||||
{
|
||||
context = createContext(getUser(headers));
|
||||
context = createContext();
|
||||
|
||||
Iterator<org.dspace.content.Item> itemIterator = itemService.findByMetadataField(context, metadataEntry.getSchema(), metadataEntry.getElement(), metadataEntry.getQualifier(), metadataEntry.getValue());
|
||||
|
||||
|
@@ -97,7 +97,7 @@ public class MetadataRegistryResource extends Resource
|
||||
|
||||
try
|
||||
{
|
||||
context = createContext(getUser(headers));
|
||||
context = createContext();
|
||||
|
||||
List<org.dspace.content.MetadataSchema> schemas = metadataSchemaService.findAll(context);
|
||||
metadataSchemas = new ArrayList<MetadataSchema>();
|
||||
@@ -158,7 +158,7 @@ public class MetadataRegistryResource extends Resource
|
||||
|
||||
try
|
||||
{
|
||||
context = createContext(getUser(headers));
|
||||
context = createContext();
|
||||
|
||||
org.dspace.content.MetadataSchema schema = metadataSchemaService.find(context, schemaPrefix);
|
||||
metadataSchema = new MetadataSchema(schema, expand, context);
|
||||
@@ -258,7 +258,7 @@ public class MetadataRegistryResource extends Resource
|
||||
|
||||
try
|
||||
{
|
||||
context = createContext(getUser(headers));
|
||||
context = createContext();
|
||||
|
||||
org.dspace.content.MetadataSchema schema = metadataSchemaService.find(context, schemaPrefix);
|
||||
|
||||
@@ -327,7 +327,7 @@ public class MetadataRegistryResource extends Resource
|
||||
|
||||
try
|
||||
{
|
||||
context = createContext(getUser(headers));
|
||||
context = createContext();
|
||||
|
||||
org.dspace.content.MetadataField field = metadataFieldService.find(context, fieldId);
|
||||
if (field == null) {
|
||||
@@ -391,7 +391,7 @@ public class MetadataRegistryResource extends Resource
|
||||
|
||||
try
|
||||
{
|
||||
context = createContext(getUser(headers));
|
||||
context = createContext();
|
||||
|
||||
if (!authorizeService.isAdmin(context))
|
||||
{
|
||||
@@ -479,7 +479,7 @@ public class MetadataRegistryResource extends Resource
|
||||
|
||||
try
|
||||
{
|
||||
context = createContext(getUser(headers));
|
||||
context = createContext();
|
||||
|
||||
if (!authorizeService.isAdmin(context))
|
||||
{
|
||||
@@ -570,7 +570,7 @@ public class MetadataRegistryResource extends Resource
|
||||
|
||||
try
|
||||
{
|
||||
context = createContext(getUser(headers));
|
||||
context = createContext();
|
||||
|
||||
org.dspace.content.MetadataField dspaceField = metadataFieldService.find(context, fieldId);
|
||||
if (field == null) {
|
||||
@@ -645,7 +645,7 @@ public class MetadataRegistryResource extends Resource
|
||||
|
||||
try
|
||||
{
|
||||
context = createContext(getUser(headers));
|
||||
context = createContext();
|
||||
|
||||
org.dspace.content.MetadataField dspaceField = metadataFieldService.find(context, fieldId);
|
||||
if (dspaceField == null) {
|
||||
@@ -711,7 +711,7 @@ public class MetadataRegistryResource extends Resource
|
||||
|
||||
try
|
||||
{
|
||||
context = createContext(getUser(headers));
|
||||
context = createContext();
|
||||
|
||||
org.dspace.content.MetadataSchema dspaceSchema = metadataSchemaService.find(context, schemaId);
|
||||
if (dspaceSchema == null) {
|
||||
|
@@ -7,22 +7,35 @@
|
||||
*/
|
||||
package org.dspace.rest;
|
||||
|
||||
import java.net.CookieHandler;
|
||||
import java.sql.SQLException;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collection;
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
|
||||
import javax.servlet.ServletContext;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.ws.rs.WebApplicationException;
|
||||
import javax.ws.rs.core.Cookie;
|
||||
import javax.ws.rs.core.HttpHeaders;
|
||||
import javax.ws.rs.core.Response;
|
||||
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.apache.log4j.Logger;
|
||||
import org.dspace.content.DSpaceObject;
|
||||
import org.dspace.core.Context;
|
||||
import org.dspace.eperson.EPerson;
|
||||
import org.dspace.eperson.factory.EPersonServiceFactory;
|
||||
import org.dspace.rest.exceptions.ContextException;
|
||||
import org.dspace.services.factory.DSpaceServicesFactory;
|
||||
import org.dspace.usage.UsageEvent;
|
||||
import org.dspace.utils.DSpace;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
import org.springframework.security.core.context.SecurityContext;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
|
||||
/**
|
||||
* Superclass of all resource classes in REST API. It has methods for creating
|
||||
@@ -64,14 +77,18 @@ public class Resource
|
||||
* log in. Can be caused by AuthorizeException if there was a
|
||||
* problem authorizing the found user.
|
||||
*/
|
||||
protected static org.dspace.core.Context createContext(EPerson person) throws ContextException
|
||||
{
|
||||
protected static org.dspace.core.Context createContext() throws ContextException, SQLException {
|
||||
org.dspace.core.Context context = new org.dspace.core.Context();
|
||||
//context.getDBConnection().setAutoCommit(false); // Disable autocommit.
|
||||
|
||||
if (person != null)
|
||||
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
|
||||
if(authentication != null)
|
||||
{
|
||||
context.setCurrentUser(person);
|
||||
Collection<SimpleGrantedAuthority> specialGroups = (Collection<SimpleGrantedAuthority>) authentication.getAuthorities();
|
||||
for (SimpleGrantedAuthority grantedAuthority : specialGroups) {
|
||||
context.setSpecialGroup(EPersonServiceFactory.getInstance().getGroupService().findByName(context, grantedAuthority.getAuthority()).getID());
|
||||
}
|
||||
context.setCurrentUser(EPersonServiceFactory.getInstance().getEPersonService().findByEmail(context, authentication.getName()));
|
||||
}
|
||||
|
||||
return context;
|
||||
@@ -218,36 +235,4 @@ public class Resource
|
||||
return actionStr;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return EPerson based on stored token in headers under
|
||||
* "rest-dspace-token".
|
||||
*
|
||||
* @param headers
|
||||
* Only must have "rest-api-token" for successfull return of
|
||||
* user.
|
||||
* @return Return EPerson logged under token in headers. If token was wrong
|
||||
* or header rest-dspace-token was missing, returns null.
|
||||
*/
|
||||
protected static EPerson getUser(HttpHeaders headers)
|
||||
{
|
||||
List<String> list = headers.getRequestHeader(TokenHolder.TOKEN_HEADER);
|
||||
String token = null;
|
||||
if ((list != null) && (list.size() > 0))
|
||||
{
|
||||
token = list.get(0);
|
||||
return TokenHolder.getEPerson(token);
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
protected static String getToken(HttpHeaders headers) {
|
||||
List<String> list = headers.getRequestHeader(TokenHolder.TOKEN_HEADER);
|
||||
String token = null;
|
||||
if ((list != null) && (list.size() > 0))
|
||||
{
|
||||
token = list.get(0);
|
||||
return token;
|
||||
}
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
@@ -7,9 +7,10 @@
|
||||
*/
|
||||
package org.dspace.rest;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.io.UnsupportedEncodingException;
|
||||
import java.sql.SQLException;
|
||||
import java.util.List;
|
||||
import java.util.Iterator;
|
||||
|
||||
import javax.servlet.ServletContext;
|
||||
import javax.ws.rs.Consumes;
|
||||
@@ -17,18 +18,21 @@ import javax.ws.rs.GET;
|
||||
import javax.ws.rs.POST;
|
||||
import javax.ws.rs.Path;
|
||||
import javax.ws.rs.Produces;
|
||||
import javax.ws.rs.core.*;
|
||||
import javax.ws.rs.core.Context;
|
||||
import javax.ws.rs.core.HttpHeaders;
|
||||
import javax.ws.rs.core.MediaType;
|
||||
import javax.ws.rs.core.Response;
|
||||
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.apache.log4j.Logger;
|
||||
import org.dspace.authenticate.AuthenticationMethod;
|
||||
import org.dspace.authenticate.ShibAuthentication;
|
||||
import org.dspace.authenticate.factory.AuthenticateServiceFactory;
|
||||
import org.dspace.authenticate.service.AuthenticationService;
|
||||
import org.dspace.eperson.EPerson;
|
||||
import org.dspace.eperson.factory.EPersonServiceFactory;
|
||||
import org.dspace.eperson.service.EPersonService;
|
||||
import org.dspace.rest.common.Status;
|
||||
import org.dspace.rest.common.User;
|
||||
import org.dspace.rest.exceptions.ContextException;
|
||||
import org.dspace.utils.DSpace;
|
||||
|
||||
/**
|
||||
* Root of RESTful api. It provides login and logout. Also have method for
|
||||
@@ -159,27 +163,64 @@ public class RestIndex {
|
||||
/**
|
||||
* Method to login a user into REST API.
|
||||
*
|
||||
* @param user
|
||||
* User which will be logged in to REST API.
|
||||
* @return Returns response code OK and a token. Otherwise returns response
|
||||
* code FORBIDDEN(403).
|
||||
*/
|
||||
@POST
|
||||
@Path("/login")
|
||||
@Consumes({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
|
||||
public Response login(User user)
|
||||
public Response login()
|
||||
{
|
||||
String token = TokenHolder.login(user);
|
||||
if (token == null)
|
||||
{
|
||||
log.info("REST Login Attempt failed for user: " + user.getEmail());
|
||||
return Response.status(Response.Status.FORBIDDEN).build();
|
||||
} else {
|
||||
log.info("REST Login Success for user: " + user.getEmail());
|
||||
return Response.ok(token, "text/plain").build();
|
||||
}
|
||||
//If you can get here, you are authenticated, the actual login is handled by spring security
|
||||
return Response.ok().build();
|
||||
}
|
||||
|
||||
@GET
|
||||
@Path("/shibboleth-login")
|
||||
@Consumes({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
|
||||
public Response shibbolethLogin()
|
||||
{
|
||||
//If you can get here, you are authenticated, the actual login is handled by spring security
|
||||
return Response.ok().build();
|
||||
}
|
||||
|
||||
@GET
|
||||
@Path("/login-shibboleth")
|
||||
@Consumes({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
|
||||
public Response shibbolethLoginEndPoint()
|
||||
{
|
||||
org.dspace.core.Context context = null;
|
||||
try {
|
||||
context = Resource.createContext();
|
||||
AuthenticationService authenticationService = AuthenticateServiceFactory.getInstance().getAuthenticationService();
|
||||
Iterator<AuthenticationMethod> authenticationMethodIterator = authenticationService.authenticationMethodIterator();
|
||||
while(authenticationMethodIterator.hasNext())
|
||||
{
|
||||
AuthenticationMethod authenticationMethod = authenticationMethodIterator.next();
|
||||
if(authenticationMethod instanceof ShibAuthentication)
|
||||
{
|
||||
//TODO: Perhaps look for a better way of handling this ?
|
||||
org.dspace.services.model.Request currentRequest = new DSpace().getRequestService().getCurrentRequest();
|
||||
String loginPageURL = authenticationMethod.loginPageURL(context, currentRequest.getHttpServletRequest(), currentRequest.getHttpServletResponse());
|
||||
if(StringUtils.isNotBlank(loginPageURL))
|
||||
{
|
||||
currentRequest.getHttpServletResponse().sendRedirect(loginPageURL);
|
||||
}
|
||||
}
|
||||
}
|
||||
context.abort();
|
||||
} catch (ContextException | SQLException | IOException e) {
|
||||
Resource.processException("Shibboleth endpoint error: " + e.getMessage(), context);
|
||||
} finally {
|
||||
if(context != null && context.isValid())
|
||||
{
|
||||
context.abort();
|
||||
}
|
||||
|
||||
}
|
||||
return Response.ok().build();
|
||||
}
|
||||
|
||||
/**
|
||||
* Method to logout a user from DSpace REST API. Removes the token and user from
|
||||
* TokenHolder.
|
||||
@@ -195,24 +236,7 @@ public class RestIndex {
|
||||
@Consumes({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
|
||||
public Response logout(@Context HttpHeaders headers)
|
||||
{
|
||||
List<String> list = headers.getRequestHeader(TokenHolder.TOKEN_HEADER);
|
||||
String token = null;
|
||||
boolean logout = false;
|
||||
EPerson ePerson = null;
|
||||
if (list != null)
|
||||
{
|
||||
token = list.get(0);
|
||||
ePerson = TokenHolder.getEPerson(token);
|
||||
logout = TokenHolder.logout(token);
|
||||
}
|
||||
if ((token == null) || (!logout))
|
||||
{
|
||||
return Response.status(Response.Status.BAD_REQUEST).build();
|
||||
}
|
||||
|
||||
if(ePerson != null) {
|
||||
log.info("REST Logout: " + ePerson.getEmail());
|
||||
}
|
||||
//If you can get here, you are logged out, this actual logout is handled by spring security
|
||||
return Response.ok().build();
|
||||
}
|
||||
|
||||
@@ -233,14 +257,14 @@ public class RestIndex {
|
||||
org.dspace.core.Context context = null;
|
||||
|
||||
try {
|
||||
context = Resource.createContext(Resource.getUser(headers));
|
||||
context = Resource.createContext();
|
||||
EPerson ePerson = context.getCurrentUser();
|
||||
|
||||
if(ePerson != null) {
|
||||
//DB EPerson needed since token won't have full info, need context
|
||||
EPerson dbEPerson = epersonService.findByEmail(context, ePerson.getEmail());
|
||||
String token = Resource.getToken(headers);
|
||||
Status status = new Status(dbEPerson.getEmail(), dbEPerson.getFullName(), token);
|
||||
|
||||
Status status = new Status(dbEPerson.getEmail(), dbEPerson.getFullName());
|
||||
return status;
|
||||
}
|
||||
|
||||
|
@@ -1,162 +0,0 @@
|
||||
/**
|
||||
* The contents of this file are subject to the license and copyright
|
||||
* detailed in the LICENSE and NOTICE files at the root of the source
|
||||
* tree and available online at
|
||||
*
|
||||
* http://www.dspace.org/license/
|
||||
*/
|
||||
package org.dspace.rest;
|
||||
|
||||
import java.sql.SQLException;
|
||||
import java.util.UUID;
|
||||
|
||||
import javax.ws.rs.WebApplicationException;
|
||||
import javax.ws.rs.core.Response;
|
||||
|
||||
import com.google.common.collect.BiMap;
|
||||
import com.google.common.collect.HashBiMap;
|
||||
import org.apache.log4j.Logger;
|
||||
import org.dspace.authenticate.AuthenticationMethod;
|
||||
import org.dspace.authenticate.factory.AuthenticateServiceFactory;
|
||||
import org.dspace.authenticate.service.AuthenticationService;
|
||||
import org.dspace.core.Context;
|
||||
import org.dspace.eperson.EPerson;
|
||||
import org.dspace.eperson.factory.EPersonServiceFactory;
|
||||
import org.dspace.eperson.service.EPersonService;
|
||||
import org.dspace.rest.common.User;
|
||||
|
||||
/**
|
||||
* This class provide token generation, token holding and logging user into rest
|
||||
* api. For login use method login with class org.dspace.rest.common.User. If
|
||||
* you want to be deleted from holder, use method for logout.
|
||||
*
|
||||
* @author Rostislav Novak (Computing and Information Centre, CTU in Prague)
|
||||
*/
|
||||
public class TokenHolder
|
||||
{
|
||||
|
||||
|
||||
private static final Logger log = Logger.getLogger(TokenHolder.class);
|
||||
|
||||
public static String TOKEN_HEADER = "rest-dspace-token";
|
||||
|
||||
/**
|
||||
* Collection holding the auth-token, and the corresponding EPerson's UUID
|
||||
*/
|
||||
private static BiMap<String, UUID> tokenPersons = HashBiMap.create();
|
||||
|
||||
/**
|
||||
* Login user into rest api. It check user credentials if they are okay.
|
||||
*
|
||||
* @param user
|
||||
* User which will be logged into rest api.
|
||||
* @return Returns generated token, which must be used in request header
|
||||
* under rest-api-token. If password is bad or user does not exist,
|
||||
* it returns NULL.
|
||||
* @throws WebApplicationException
|
||||
* It is thrown by SQLException if user could not be read from
|
||||
* database. And by Authorization exception if context has not
|
||||
* permission to read eperson.
|
||||
*/
|
||||
public static String login(User user) throws WebApplicationException
|
||||
{
|
||||
AuthenticationService authenticationService = AuthenticateServiceFactory.getInstance().getAuthenticationService();
|
||||
EPersonService epersonService = EPersonServiceFactory.getInstance().getEPersonService();
|
||||
|
||||
org.dspace.core.Context context = null;
|
||||
String token = null;
|
||||
|
||||
try
|
||||
{
|
||||
context = new org.dspace.core.Context();
|
||||
|
||||
int status = authenticationService.authenticate(context, user.getEmail(), user.getPassword(), null, null);
|
||||
if (status == AuthenticationMethod.SUCCESS)
|
||||
{
|
||||
EPerson ePerson = epersonService.findByEmail(context, user.getEmail());
|
||||
synchronized (TokenHolder.class) {
|
||||
if (tokenPersons.inverse().containsKey(ePerson.getID())) {
|
||||
token = tokenPersons.inverse().get(ePerson.getID());
|
||||
} else {
|
||||
token = generateToken();
|
||||
tokenPersons.put(token, ePerson.getID());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
log.trace("User(" + user.getEmail() + ") has been logged in.");
|
||||
context.complete();
|
||||
}
|
||||
catch (SQLException e)
|
||||
{
|
||||
context.abort();
|
||||
log.error("Could not read user from database. Message:" + e);
|
||||
throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
|
||||
}
|
||||
finally
|
||||
{
|
||||
if ((context != null) && (context.isValid()))
|
||||
{
|
||||
context.abort();
|
||||
log.error("Something get wrong. Aborting context in finally statement.");
|
||||
throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
|
||||
}
|
||||
}
|
||||
|
||||
return token;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return EPerson for log into context.
|
||||
*
|
||||
* @param token
|
||||
* Token under which is stored eperson.
|
||||
* @return Return instance of EPerson if is token right, otherwise it
|
||||
* returns NULL.
|
||||
*/
|
||||
public static synchronized EPerson getEPerson(String token)
|
||||
{
|
||||
try {
|
||||
EPersonService epersonService = EPersonServiceFactory.getInstance().getEPersonService();
|
||||
UUID epersonID = tokenPersons.get(token);
|
||||
Context context = new Context();
|
||||
return epersonService.find(context, epersonID);
|
||||
} catch (SQLException e) {
|
||||
log.error(e);
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Logout user from rest api. It delete token and EPerson from TokenHolder.
|
||||
*
|
||||
* @param token
|
||||
* Token under which is stored eperson.
|
||||
* @return Return true if was all okay, otherwise return false.
|
||||
*/
|
||||
public static synchronized boolean logout(String token)
|
||||
{
|
||||
if ((token == null) || (! tokenPersons.containsKey(token)))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
UUID personID = tokenPersons.remove(token);
|
||||
if (personID == null)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* It generates unique token.
|
||||
*
|
||||
* @return String filled with unique token.
|
||||
*/
|
||||
private static String generateToken()
|
||||
{
|
||||
return UUID.randomUUID().toString();
|
||||
}
|
||||
|
||||
}
|
@@ -0,0 +1,109 @@
|
||||
/**
|
||||
* The contents of this file are subject to the license and copyright
|
||||
* detailed in the LICENSE and NOTICE files at the root of the source
|
||||
* tree and available online at
|
||||
*
|
||||
* http://www.dspace.org/license/
|
||||
*/
|
||||
package org.dspace.rest.authentication;
|
||||
|
||||
import org.apache.log4j.Logger;
|
||||
import org.dspace.authenticate.AuthenticationMethod;
|
||||
import org.dspace.authenticate.factory.AuthenticateServiceFactory;
|
||||
import org.dspace.authenticate.service.AuthenticationService;
|
||||
import org.dspace.core.Context;
|
||||
import org.dspace.core.LogManager;
|
||||
import org.dspace.eperson.Group;
|
||||
import org.dspace.utils.DSpace;
|
||||
import org.springframework.security.authentication.AuthenticationProvider;
|
||||
import org.springframework.security.authentication.BadCredentialsException;
|
||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import java.sql.SQLException;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* The core authentication & authorization provider, this provider is called when logging in & will process
|
||||
*
|
||||
* @author Roeland Dillen (roeland at atmire dot com)
|
||||
* @author kevinvandevelde at atmire.com
|
||||
*
|
||||
* @deprecated This provider handles both the authorization as well as the authentication,
|
||||
* due to the way that the DSpace authentication is implemented there is currently no other way to do this.
|
||||
*/
|
||||
@Deprecated
|
||||
public class DSpaceAuthenticationProvider implements AuthenticationProvider {
|
||||
|
||||
private static Logger log = Logger.getLogger(DSpaceAuthenticationProvider.class);
|
||||
|
||||
protected AuthenticationService authenticationService = AuthenticateServiceFactory.getInstance().getAuthenticationService();
|
||||
|
||||
@Override
|
||||
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
|
||||
Context context = null;
|
||||
|
||||
try {
|
||||
context = new Context();
|
||||
String name = authentication.getName();
|
||||
String password = authentication.getCredentials().toString();
|
||||
HttpServletRequest httpServletRequest = new DSpace().getRequestService().getCurrentRequest().getHttpServletRequest();
|
||||
List<SimpleGrantedAuthority> grantedAuthorities = new ArrayList<>();
|
||||
|
||||
|
||||
int implicitStatus = authenticationService.authenticateImplicit(context, null, null, null, httpServletRequest);
|
||||
|
||||
if (implicitStatus == AuthenticationMethod.SUCCESS) {
|
||||
log.info(LogManager.getHeader(context, "login", "type=implicit"));
|
||||
addSpecialGroupsToGrantedAuthorityList(context, httpServletRequest, grantedAuthorities);
|
||||
return new UsernamePasswordAuthenticationToken(name, password, grantedAuthorities);
|
||||
} else {
|
||||
int authenticateResult = authenticationService.authenticate(context, name, password, null, httpServletRequest);
|
||||
if (AuthenticationMethod.SUCCESS == authenticateResult) {
|
||||
addSpecialGroupsToGrantedAuthorityList(context, httpServletRequest, grantedAuthorities);
|
||||
|
||||
log.info(LogManager
|
||||
.getHeader(context, "login", "type=explicit"));
|
||||
|
||||
return new UsernamePasswordAuthenticationToken(name, password, grantedAuthorities);
|
||||
} else {
|
||||
log.info(LogManager.getHeader(context, "failed_login", "email="
|
||||
+ name + ", result="
|
||||
+ authenticateResult));
|
||||
throw new BadCredentialsException("Login failed");
|
||||
}
|
||||
}
|
||||
} catch (BadCredentialsException e)
|
||||
{
|
||||
throw e;
|
||||
} catch (Exception e) {
|
||||
log.error("Error while authenticating in the rest api", e);
|
||||
} finally {
|
||||
if (context != null && context.isValid()) {
|
||||
try {
|
||||
context.complete();
|
||||
} catch (SQLException e) {
|
||||
log.error(e.getMessage() + " occurred while trying to close", e);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
protected void addSpecialGroupsToGrantedAuthorityList(Context context, HttpServletRequest httpServletRequest, List<SimpleGrantedAuthority> grantedAuthorities) throws SQLException {
|
||||
List<Group> groups = authenticationService.getSpecialGroups(context, httpServletRequest);
|
||||
for (Group group : groups) {
|
||||
grantedAuthorities.add(new SimpleGrantedAuthority(group.getName()));
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean supports(Class<?> authentication) {
|
||||
return (UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication));
|
||||
}
|
||||
}
|
@@ -0,0 +1,41 @@
|
||||
/**
|
||||
* The contents of this file are subject to the license and copyright
|
||||
* detailed in the LICENSE and NOTICE files at the root of the source
|
||||
* tree and available online at
|
||||
*
|
||||
* http://www.dspace.org/license/
|
||||
*/
|
||||
package org.dspace.rest.authentication;
|
||||
|
||||
import org.springframework.security.web.RedirectStrategy;
|
||||
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
|
||||
|
||||
import javax.annotation.PostConstruct;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import java.io.IOException;
|
||||
|
||||
/**
|
||||
* @author kevinvandevelde at atmire.com
|
||||
*
|
||||
* Spring redirects to the home page after a successfull login. This success handles ensures that this is NOT the case.
|
||||
*/
|
||||
public class NoRedirectAuthenticationLoginSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
|
||||
|
||||
@PostConstruct
|
||||
public void afterPropertiesSet() {
|
||||
setRedirectStrategy(new NoRedirectStrategy());
|
||||
}
|
||||
|
||||
protected class NoRedirectStrategy implements RedirectStrategy {
|
||||
|
||||
@Override
|
||||
public void sendRedirect(HttpServletRequest request,
|
||||
HttpServletResponse response, String url) throws IOException {
|
||||
// no redirect
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
@@ -0,0 +1,39 @@
|
||||
/**
|
||||
* The contents of this file are subject to the license and copyright
|
||||
* detailed in the LICENSE and NOTICE files at the root of the source
|
||||
* tree and available online at
|
||||
*
|
||||
* http://www.dspace.org/license/
|
||||
*/
|
||||
package org.dspace.rest.authentication;
|
||||
|
||||
import org.springframework.security.web.RedirectStrategy;
|
||||
import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler;
|
||||
|
||||
import javax.annotation.PostConstruct;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import java.io.IOException;
|
||||
|
||||
/**
|
||||
* @author kevinvandevelde at atmire.com
|
||||
*
|
||||
* Spring redirects to the home page after a successfull logout. This success handles ensures that this is NOT the case.
|
||||
*/
|
||||
public class NoRedirectAuthenticationLogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler {
|
||||
@PostConstruct
|
||||
public void afterPropertiesSet() {
|
||||
setRedirectStrategy(new NoRedirectStrategy());
|
||||
}
|
||||
|
||||
protected class NoRedirectStrategy implements RedirectStrategy {
|
||||
|
||||
@Override
|
||||
public void sendRedirect(HttpServletRequest request,
|
||||
HttpServletResponse response, String url) throws IOException {
|
||||
// no redirect
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
}
|
@@ -29,17 +29,7 @@ public class Status
|
||||
private String sourceVersion;
|
||||
private String apiVersion;
|
||||
|
||||
public String getToken() {
|
||||
return token;
|
||||
}
|
||||
|
||||
public void setToken(String token) {
|
||||
this.token = token;
|
||||
}
|
||||
|
||||
private String token;
|
||||
|
||||
public void setCommonProps() {
|
||||
public Status() {
|
||||
setOkay(true);
|
||||
|
||||
setSourceVersion(Util.getSourceVersion());
|
||||
@@ -49,27 +39,21 @@ public class Status
|
||||
setAuthenticated(false);
|
||||
}
|
||||
|
||||
public Status() {
|
||||
setCommonProps();
|
||||
}
|
||||
|
||||
public Status(String email, String fullname, String token) {
|
||||
setCommonProps();
|
||||
|
||||
public Status(String email, String fullname) {
|
||||
setOkay(true);
|
||||
setAuthenticated(true);
|
||||
setEmail(email);
|
||||
setFullname(fullname);
|
||||
setToken(token);
|
||||
}
|
||||
|
||||
public Status(EPerson eperson, String token) {
|
||||
setCommonProps();
|
||||
|
||||
if (eperson != null) {
|
||||
public Status(EPerson eperson) {
|
||||
setOkay(true);
|
||||
if(eperson != null) {
|
||||
setAuthenticated(true);
|
||||
setEmail(eperson.getEmail());
|
||||
setFullname(eperson.getFullName());
|
||||
setToken(token);
|
||||
} else {
|
||||
setAuthenticated(false);
|
||||
}
|
||||
}
|
||||
|
||||
|
@@ -1,56 +0,0 @@
|
||||
/**
|
||||
* The contents of this file are subject to the license and copyright
|
||||
* detailed in the LICENSE and NOTICE files at the root of the source
|
||||
* tree and available online at
|
||||
*
|
||||
* http://www.dspace.org/license/
|
||||
*/
|
||||
package org.dspace.rest.common;
|
||||
|
||||
import javax.xml.bind.annotation.XmlRootElement;
|
||||
|
||||
/**
|
||||
* Class for handle login information for POST request.
|
||||
*
|
||||
* @author Rostislav Novak (Computing and Information Centre, CTU in Prague)
|
||||
*
|
||||
*/
|
||||
@XmlRootElement(name = "user")
|
||||
public class User
|
||||
{
|
||||
|
||||
private String email;
|
||||
|
||||
private String password;
|
||||
|
||||
public User()
|
||||
{
|
||||
}
|
||||
|
||||
public User(String email, String password)
|
||||
{
|
||||
this.email = email;
|
||||
this.password = password;
|
||||
}
|
||||
|
||||
public String getEmail()
|
||||
{
|
||||
return email;
|
||||
}
|
||||
|
||||
public void setEmail(String email)
|
||||
{
|
||||
this.email = email;
|
||||
}
|
||||
|
||||
public String getPassword()
|
||||
{
|
||||
return password;
|
||||
}
|
||||
|
||||
public void setPassword(String password)
|
||||
{
|
||||
this.password = password;
|
||||
}
|
||||
|
||||
}
|
@@ -0,0 +1,73 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
|
||||
The contents of this file are subject to the license and copyright
|
||||
detailed in the LICENSE and NOTICE files at the root of the source
|
||||
tree and available online at
|
||||
|
||||
http://www.dspace.org/license/
|
||||
|
||||
-->
|
||||
<beans xmlns="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:security="http://www.springframework.org/schema/security"
|
||||
xmlns:context="http://www.springframework.org/schema/context"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
|
||||
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
|
||||
|
||||
<context:annotation-config/>
|
||||
|
||||
<!--
|
||||
Every url in the rest will pass through these filters, login & shibboleth-login will trigger an authentication attempt.
|
||||
-->
|
||||
<bean id="springSecurityFilterChain" class="org.springframework.security.web.FilterChainProxy">
|
||||
<security:filter-chain-map path-type="ant">
|
||||
<security:filter-chain pattern="/login" filters="sif,passwordLoginAuthenticationFilter"/>
|
||||
<security:filter-chain pattern="/shibboleth-login" filters="sif,passwordLoginAuthenticationFilter"/>
|
||||
<security:filter-chain pattern="/logout" filters="sif,logoutFilter" />
|
||||
<security:filter-chain pattern="/**" filters="sif"/>
|
||||
</security:filter-chain-map>
|
||||
</bean>
|
||||
|
||||
<!-- Creates the spring security context object based on what was there previously -->
|
||||
<bean id="sif" class="org.springframework.security.web.context.SecurityContextPersistenceFilter" />
|
||||
|
||||
<!--Authentication filter for login -->
|
||||
<bean id="passwordLoginAuthenticationFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
|
||||
<!--Custom DSpace authentication manager, will handle the actual login-->
|
||||
<property name="authenticationManager" ref="dspaceAuthenticationManager"/>
|
||||
<!-- Ensures that after login no redirect is made to the home page, the rest will return a 200 status code -->
|
||||
<property name="authenticationSuccessHandler" ref="org.dspace.rest.authentication.NoRedirectAuthenticationLoginSuccessHandler"/>
|
||||
<property name="usernameParameter" value="email"/>
|
||||
<property name="passwordParameter" value="password"/>
|
||||
<property name="postOnly" value="false"/>
|
||||
<!--Match on any request-->
|
||||
<property name="requiresAuthenticationRequestMatcher" ref="org.springframework.security.web.util.matcher.AnyRequestMatcher"/>
|
||||
</bean>
|
||||
|
||||
<security:authentication-manager alias="dspaceAuthenticationManager">
|
||||
<security:authentication-provider ref='dspaceAuthenticationProvider'/>
|
||||
</security:authentication-manager>
|
||||
|
||||
<!-- Custom DSpace authentication provider, this bean is responsible to login the user, it is triggered by calling the "passwordLoginAuthenticationFilter" -->
|
||||
<bean class="org.dspace.rest.authentication.DSpaceAuthenticationProvider" id="dspaceAuthenticationProvider" lazy-init="true" />
|
||||
|
||||
|
||||
<!--Filter for logout, destroys the spring security context-->
|
||||
<bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
|
||||
<constructor-arg index="0" ref="org.dspace.rest.authentication.NoRedirectAuthenticationLogoutSuccessHandler" />
|
||||
<constructor-arg index="1">
|
||||
<list>
|
||||
<bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
|
||||
</list>
|
||||
</constructor-arg>
|
||||
<!--Match on any request-->
|
||||
<property name="logoutRequestMatcher" ref="org.springframework.security.web.util.matcher.AnyRequestMatcher"/>
|
||||
</bean>
|
||||
|
||||
<!--Utility beans-->
|
||||
<bean id="org.springframework.security.web.util.matcher.AnyRequestMatcher" class="org.springframework.security.web.util.matcher.AnyRequestMatcher"/>
|
||||
|
||||
<bean id="org.dspace.rest.authentication.NoRedirectAuthenticationLoginSuccessHandler" class="org.dspace.rest.authentication.NoRedirectAuthenticationLoginSuccessHandler"/>
|
||||
<bean id="org.dspace.rest.authentication.NoRedirectAuthenticationLogoutSuccessHandler" class="org.dspace.rest.authentication.NoRedirectAuthenticationLogoutSuccessHandler"/>
|
||||
</beans>
|
@@ -14,6 +14,28 @@
|
||||
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
|
||||
id="WebApp_ID" version="2.5">
|
||||
|
||||
<filter>
|
||||
<filter-name>dspace.request</filter-name>
|
||||
<filter-class>org.dspace.utils.servlet.DSpaceWebappServletFilter</filter-class>
|
||||
</filter>
|
||||
|
||||
<filter-mapping>
|
||||
<filter-name>dspace.request</filter-name>
|
||||
<url-pattern>/*</url-pattern>
|
||||
</filter-mapping>
|
||||
|
||||
|
||||
<filter>
|
||||
<filter-name>springSecurityFilterChain</filter-name>
|
||||
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
|
||||
</filter>
|
||||
|
||||
<filter-mapping>
|
||||
<filter-name>springSecurityFilterChain</filter-name>
|
||||
<url-pattern>/*</url-pattern>
|
||||
</filter-mapping>
|
||||
|
||||
|
||||
<servlet>
|
||||
<servlet-name>DSpace REST API</servlet-name>
|
||||
<servlet-class>
|
||||
@@ -59,12 +81,9 @@
|
||||
<context-param>
|
||||
<param-name>contextConfigLocation</param-name>
|
||||
<param-value>
|
||||
/WEB-INF/applicationContext.xml
|
||||
/WEB-INF/applicationContext.xml,
|
||||
/WEB-INF/security-applicationContext.xml
|
||||
</param-value>
|
||||
<!--
|
||||
Add this context if using Spring Security
|
||||
/WEB-INF/applicationContext-security.xml
|
||||
-->
|
||||
</context-param>
|
||||
|
||||
<listener>
|
||||
|
@@ -53,8 +53,7 @@ public class TestJAXBSchema {
|
||||
Item.class,
|
||||
MetadataEntry.class,
|
||||
ResourcePolicy.class,
|
||||
Status.class,
|
||||
User.class
|
||||
Status.class
|
||||
);
|
||||
context.generateSchema(resolver);
|
||||
|
||||
|
@@ -17,8 +17,6 @@
|
||||
|
||||
<xs:element name="status" type="status"/>
|
||||
|
||||
<xs:element name="user" type="user"/>
|
||||
|
||||
<xs:complexType name="bitstream">
|
||||
<xs:complexContent>
|
||||
<xs:extension base="dSpaceObject">
|
||||
@@ -142,14 +140,6 @@
|
||||
<xs:element name="fullname" type="xs:string" minOccurs="0"/>
|
||||
<xs:element name="okay" type="xs:boolean"/>
|
||||
<xs:element name="sourceVersion" type="xs:string" minOccurs="0"/>
|
||||
<xs:element name="token" type="xs:string" minOccurs="0"/>
|
||||
</xs:sequence>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="user">
|
||||
<xs:sequence>
|
||||
<xs:element name="email" type="xs:string" minOccurs="0"/>
|
||||
<xs:element name="password" type="xs:string" minOccurs="0"/>
|
||||
</xs:sequence>
|
||||
</xs:complexType>
|
||||
|
||||
|
Reference in New Issue
Block a user