hazza/DSpace
1
0
Fork 0
mirror of https://github.com/DSpace/DSpace.git synced 2025-10-18 15:33:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1226 from KevinVdV/DS-2898-rest-all-authentication-methods

Browse Source 
[DS-2898] Add support for all authentication methods in the rest api
This commit is contained in:
Tim Donohue
2016-03-23 10:55:38 -05:00
parent d5232c96f0 49168d8461
commit b0eb3eb145
22 changed files with 457 additions and 392 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
dspace-rest/pom.xml
View File

@@ -18,6 +18,7 @@
<properties>
<!-- This is the path to the root [dspace-src] directory. -->
<root.basedir>${basedir}/..</root.basedir>
<spring-security.version>3.2.9.RELEASE</spring-security.version>
</properties>
<build>
<plugins>
@@ -124,6 +125,27 @@
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>${spring-security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${spring-security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${spring-security.version}</version>
</dependency>
<dependency>
<groupId>cglib</groupId>
<artifactId>cglib</artifactId>
<version>2.2.2</version>
</dependency>
<!-- Use DSpace, for now, an older version to minimize spring generated dependency on Discovery -->
<dependency>

18
dspace-rest/src/main/java/org/dspace/rest/BitstreamResource.java
View File

@@ -110,7 +110,7 @@ public class BitstreamResource extends Resource
try
{
context = createContext(getUser(headers));
context = createContext();
org.dspace.content.Bitstream dspaceBitstream = findBitstream(context, bitstreamId, org.dspace.core.Constants.READ);
writeStats(dspaceBitstream, UsageEvent.Action.VIEW, user_ip, user_agent, xforwardedfor, headers,
@@ -163,7 +163,7 @@ public class BitstreamResource extends Resource
try
{
context = createContext(getUser(headers));
context = createContext();
org.dspace.content.Bitstream dspaceBitstream = findBitstream(context, bitstreamId, org.dspace.core.Constants.READ);
policies = new Bitstream(dspaceBitstream, servletContext, "policies", context).getPolicies();
@@ -223,7 +223,7 @@ public class BitstreamResource extends Resource
try
{
context = createContext(getUser(headers));
context = createContext();
List<org.dspace.content.Bitstream> dspaceBitstreams = bitstreamService.findAll(context);
if (!((limit != null) && (limit >= 0) && (offset != null) && (offset >= 0)))
@@ -305,7 +305,7 @@ public class BitstreamResource extends Resource
try
{
context = createContext(getUser(headers));
context = createContext();
org.dspace.content.Bitstream dspaceBitstream = findBitstream(context, bitstreamId, org.dspace.core.Constants.READ);
writeStats(dspaceBitstream, UsageEvent.Action.VIEW, user_ip, user_agent, xforwardedfor, headers,
@@ -374,7 +374,7 @@ public class BitstreamResource extends Resource
try
{
context = createContext(getUser(headers));
context = createContext();
org.dspace.content.Bitstream dspaceBitstream = findBitstream(context, bitstreamId, org.dspace.core.Constants.WRITE);
writeStats(dspaceBitstream, UsageEvent.Action.UPDATE, user_ip, user_agent, xforwardedfor, headers,
@@ -444,7 +444,7 @@ public class BitstreamResource extends Resource
try
{
context = createContext(getUser(headers));
context = createContext();
org.dspace.content.Bitstream dspaceBitstream = findBitstream(context, bitstreamId, org.dspace.core.Constants.WRITE);
writeStats(dspaceBitstream, UsageEvent.Action.UPDATE, user_ip, user_agent, xforwardedfor,
@@ -549,7 +549,7 @@ public class BitstreamResource extends Resource
try
{
context = createContext(getUser(headers));
context = createContext();
org.dspace.content.Bitstream dspaceBitstream = findBitstream(context, bitstreamId, org.dspace.core.Constants.WRITE);
writeStats(dspaceBitstream, UsageEvent.Action.UPDATE, user_ip, user_agent, xforwardedfor,
@@ -618,7 +618,7 @@ public class BitstreamResource extends Resource
try
{
context = createContext(getUser(headers));
context = createContext();
org.dspace.content.Bitstream dspaceBitstream = findBitstream(context, bitstreamId, org.dspace.core.Constants.DELETE);
writeStats(dspaceBitstream, UsageEvent.Action.DELETE, user_ip, user_agent, xforwardedfor,
@@ -680,7 +680,7 @@ public class BitstreamResource extends Resource
try
{
context = createContext(getUser(headers));
context = createContext();
org.dspace.content.Bitstream dspaceBitstream = findBitstream(context, bitstreamId, org.dspace.core.Constants.WRITE);
writeStats(dspaceBitstream, UsageEvent.Action.UPDATE, user_ip, user_agent, xforwardedfor, headers,

16
dspace-rest/src/main/java/org/dspace/rest/CollectionsResource.java
View File

@@ -108,7 +108,7 @@ public class CollectionsResource extends Resource
try
{
context = createContext(getUser(headers));
context = createContext();
org.dspace.content.Collection dspaceCollection = findCollection(context, collectionId, org.dspace.core.Constants.READ);
writeStats(dspaceCollection, UsageEvent.Action.VIEW, user_ip, user_agent, xforwardedfor,
@@ -177,7 +177,7 @@ public class CollectionsResource extends Resource
try
{
context = createContext(getUser(headers));
context = createContext();
if (!((limit != null) && (limit >= 0) && (offset != null) && (offset >= 0)))
{
@@ -263,7 +263,7 @@ public class CollectionsResource extends Resource
try
{
context = createContext(getUser(headers));
context = createContext();
org.dspace.content.Collection dspaceCollection = findCollection(context, collectionId, org.dspace.core.Constants.READ);
writeStats(dspaceCollection, UsageEvent.Action.VIEW, user_ip, user_agent, xforwardedfor,
@@ -344,7 +344,7 @@ public class CollectionsResource extends Resource
try
{
context = createContext(getUser(headers));
context = createContext();
org.dspace.content.Collection dspaceCollection = findCollection(context, collectionId,
org.dspace.core.Constants.WRITE);
@@ -431,7 +431,7 @@ public class CollectionsResource extends Resource
try
{
context = createContext(getUser(headers));
context = createContext();
org.dspace.content.Collection dspaceCollection = findCollection(context, collectionId,
org.dspace.core.Constants.WRITE);
@@ -501,7 +501,7 @@ public class CollectionsResource extends Resource
try
{
context = createContext(getUser(headers));
context = createContext();
org.dspace.content.Collection dspaceCollection = findCollection(context, collectionId,
org.dspace.core.Constants.DELETE);
@@ -571,7 +571,7 @@ public class CollectionsResource extends Resource
try
{
context = createContext(getUser(headers));
context = createContext();
org.dspace.content.Collection dspaceCollection = collectionService.findByIdOrLegacyId(context, collectionId);
org.dspace.content.Item item = itemService.findByIdOrLegacyId(context, itemId);
@@ -667,7 +667,7 @@ public class CollectionsResource extends Resource
try
{
context = createContext(getUser(headers));
context = createContext();
List<org.dspace.content.Collection> dspaceCollections = collectionService.findAll(context);
//TODO, this would be more efficient with a findByName query

26
dspace-rest/src/main/java/org/dspace/rest/CommunitiesResource.java
View File

@@ -14,7 +14,6 @@ import org.dspace.authorize.service.AuthorizeService;
import org.dspace.content.factory.ContentServiceFactory;
import org.dspace.content.service.CollectionService;
import org.dspace.content.service.CommunityService;
import org.dspace.eperson.EPerson;
import org.dspace.rest.common.Collection;
import org.dspace.rest.common.Community;
import org.dspace.rest.exceptions.ContextException;
@@ -82,7 +81,7 @@ public class CommunitiesResource extends Resource
try
{
context = createContext(getUser(headers));
context = createContext();
org.dspace.content.Community dspaceCommunity = findCommunity(context, communityId, org.dspace.core.Constants.READ);
writeStats(dspaceCommunity, UsageEvent.Action.VIEW, user_ip, user_agent, xforwardedfor, headers,
@@ -148,7 +147,7 @@ public class CommunitiesResource extends Resource
try
{
context = createContext(getUser(headers));
context = createContext();
List<org.dspace.content.Community> dspaceCommunities = communityService.findAll(context);
communities = new ArrayList<Community>();
@@ -230,7 +229,7 @@ public class CommunitiesResource extends Resource
try
{
context = createContext(getUser(headers));
context = createContext();
List<org.dspace.content.Community> dspaceCommunities = communityService.findAllTop(context);
communities = new ArrayList<Community>();
@@ -312,7 +311,7 @@ public class CommunitiesResource extends Resource
try
{
context = createContext(getUser(headers));
context = createContext();
org.dspace.content.Community dspaceCommunity = findCommunity(context, communityId, org.dspace.core.Constants.READ);
writeStats(dspaceCommunity, UsageEvent.Action.VIEW, user_ip, user_agent, xforwardedfor, headers,
@@ -398,7 +397,7 @@ public class CommunitiesResource extends Resource
try
{
context = createContext(getUser(headers));
context = createContext();
org.dspace.content.Community dspaceCommunity = findCommunity(context, communityId, org.dspace.core.Constants.READ);
writeStats(dspaceCommunity, UsageEvent.Action.VIEW, user_ip, user_agent, xforwardedfor, headers,
@@ -473,8 +472,7 @@ public class CommunitiesResource extends Resource
try
{
EPerson eperson = getUser(headers);
context = createContext(eperson);
context = createContext();
if (!authorizeService.isAdmin(context))
{
context.abort();
@@ -557,7 +555,7 @@ public class CommunitiesResource extends Resource
try
{
context = createContext(getUser(headers));
context = createContext();
org.dspace.content.Community dspaceCommunity = findCommunity(context, communityId, org.dspace.core.Constants.WRITE);
writeStats(dspaceCommunity, UsageEvent.Action.UPDATE, user_ip, user_agent, xforwardedfor,
@@ -638,7 +636,7 @@ public class CommunitiesResource extends Resource
try
{
context = createContext(getUser(headers));
context = createContext();
org.dspace.content.Community dspaceParentCommunity = findCommunity(context, communityId,
org.dspace.core.Constants.WRITE);
@@ -717,7 +715,7 @@ public class CommunitiesResource extends Resource
try
{
context = createContext(getUser(headers));
context = createContext();
org.dspace.content.Community dspaceCommunity = findCommunity(context, communityId, org.dspace.core.Constants.WRITE);
writeStats(dspaceCommunity, UsageEvent.Action.UPDATE, user_ip, user_agent, xforwardedfor,
@@ -780,7 +778,7 @@ public class CommunitiesResource extends Resource
try
{
context = createContext(getUser(headers));
context = createContext();
org.dspace.content.Community community = findCommunity(context, communityId, org.dspace.core.Constants.DELETE);
writeStats(community, UsageEvent.Action.DELETE, user_ip, user_agent, xforwardedfor, headers,
@@ -851,7 +849,7 @@ public class CommunitiesResource extends Resource
try
{
context = createContext(getUser(headers));
context = createContext();
org.dspace.content.Community community = findCommunity(context, communityId, org.dspace.core.Constants.WRITE);
org.dspace.content.Collection collection = collectionService.findByIdOrLegacyId(context, collectionId);
@@ -951,7 +949,7 @@ public class CommunitiesResource extends Resource
try
{
context = createContext(getUser(headers));
context = createContext();
org.dspace.content.Community parentCommunity = findCommunity(context, parentCommunityId,
org.dspace.core.Constants.WRITE);

4
dspace-rest/src/main/java/org/dspace/rest/FilteredCollectionsResource.java
View File

@@ -84,7 +84,7 @@ public class FilteredCollectionsResource extends Resource {
try
{
context = createContext(getUser(headers));
context = createContext();
if (!configurationService.getBooleanProperty("rest.reporting-authenticate", true)) {
context.turnOffAuthorisationSystem();
}
@@ -170,7 +170,7 @@ public class FilteredCollectionsResource extends Resource {
org.dspace.core.Context context = null;
FilteredCollection retColl = new org.dspace.rest.common.FilteredCollection();
try {
context = createContext(getUser(headers));
context = createContext();
if (!configurationService.getBooleanProperty("rest.reporting-authenticate", true)) {
context.turnOffAuthorisationSystem();
}

2
dspace-rest/src/main/java/org/dspace/rest/FilteredItemsResource.java
View File

@@ -113,7 +113,7 @@ public class FilteredItemsResource extends Resource {
ItemFilterSet itemFilterSet = new ItemFilterSet(filters, true);
ItemFilter result = itemFilterSet.getAllFiltersFilter();
try {
context = createContext(getUser(headers));
context = createContext();
if (!configurationService.getBooleanProperty("rest.reporting-authenticate", true)) {
context.turnOffAuthorisationSystem();
}

2
dspace-rest/src/main/java/org/dspace/rest/HandleResource.java
View File

@@ -49,7 +49,7 @@ public class HandleResource extends Resource {
org.dspace.core.Context context = null;
try {
context = createContext(getUser(headers));
context = createContext();
org.dspace.content.DSpaceObject dso = handleService.resolveToObject(context, prefix + "/" + suffix);

2
dspace-rest/src/main/java/org/dspace/rest/HierarchyResource.java
View File

@@ -73,7 +73,7 @@ public class HierarchyResource extends Resource {
HierarchySite repo = new HierarchySite();
try {
context = createContext(getUser(headers));
context = createContext();
if (!configurationService.getBooleanProperty("rest.hierarchy-authenticate", true)) {
context.turnOffAuthorisationSystem();
}

24
dspace-rest/src/main/java/org/dspace/rest/ItemsResource.java
View File

@@ -99,7 +99,7 @@ public class ItemsResource extends Resource
try
{
context = createContext(getUser(headers));
context = createContext();
org.dspace.content.Item dspaceItem = findItem(context, itemId, org.dspace.core.Constants.READ);
writeStats(dspaceItem, UsageEvent.Action.VIEW, user_ip, user_agent, xforwardedfor, headers, request, context);
@@ -159,7 +159,7 @@ public class ItemsResource extends Resource
try
{
context = createContext(getUser(headers));
context = createContext();
Iterator<org.dspace.content.Item> dspaceItems = itemService.findAllUnfiltered(context);
items = new ArrayList<Item>();
@@ -235,7 +235,7 @@ public class ItemsResource extends Resource
try
{
context = createContext(getUser(headers));
context = createContext();
org.dspace.content.Item dspaceItem = findItem(context, itemId, org.dspace.core.Constants.READ);
writeStats(dspaceItem, UsageEvent.Action.VIEW, user_ip, user_agent, xforwardedfor, headers, request, context);
@@ -294,7 +294,7 @@ public class ItemsResource extends Resource
List<Bitstream> bitstreams = null;
try
{
context = createContext(getUser(headers));
context = createContext();
org.dspace.content.Item dspaceItem = findItem(context, itemId, org.dspace.core.Constants.READ);
writeStats(dspaceItem, UsageEvent.Action.VIEW, user_ip, user_agent, xforwardedfor, headers, request, context);
@@ -365,7 +365,7 @@ public class ItemsResource extends Resource
try
{
context = createContext(getUser(headers));
context = createContext();
org.dspace.content.Item dspaceItem = findItem(context, itemId, org.dspace.core.Constants.WRITE);
writeStats(dspaceItem, UsageEvent.Action.UPDATE, user_ip, user_agent, xforwardedfor, headers, request, context);
@@ -440,7 +440,7 @@ public class ItemsResource extends Resource
try
{
context = createContext(getUser(headers));
context = createContext();
org.dspace.content.Item dspaceItem = findItem(context, itemId, org.dspace.core.Constants.WRITE);
writeStats(dspaceItem, UsageEvent.Action.UPDATE, user_ip, user_agent, xforwardedfor, headers, request, context);
@@ -606,7 +606,7 @@ public class ItemsResource extends Resource
try
{
context = createContext(getUser(headers));
context = createContext();
org.dspace.content.Item dspaceItem = findItem(context, itemId, org.dspace.core.Constants.WRITE);
writeStats(dspaceItem, UsageEvent.Action.UPDATE, user_ip, user_agent, xforwardedfor, headers, request, context);
@@ -687,7 +687,7 @@ public class ItemsResource extends Resource
try
{
context = createContext(getUser(headers));
context = createContext();
org.dspace.content.Item dspaceItem = findItem(context, itemId, org.dspace.core.Constants.DELETE);
writeStats(dspaceItem, UsageEvent.Action.REMOVE, user_ip, user_agent, xforwardedfor, headers, request, context);
@@ -755,7 +755,7 @@ public class ItemsResource extends Resource
try
{
context = createContext(getUser(headers));
context = createContext();
org.dspace.content.Item dspaceItem = findItem(context, itemId, org.dspace.core.Constants.WRITE);
writeStats(dspaceItem, UsageEvent.Action.UPDATE, user_ip, user_agent, xforwardedfor, headers, request, context);
@@ -830,7 +830,7 @@ public class ItemsResource extends Resource
try
{
context = createContext(getUser(headers));
context = createContext();
org.dspace.content.Item item = findItem(context, itemId, org.dspace.core.Constants.WRITE);
org.dspace.content.Bitstream bitstream = bitstreamService.findByIdOrLegacyId(context, bitstreamId);
@@ -843,7 +843,7 @@ public class ItemsResource extends Resource
else if (!authorizeService.authorizeActionBoolean(context, bitstream, org.dspace.core.Constants.DELETE))
{
context.abort();
log.error("User(" + getUser(headers).getEmail() + ") is not allowed to delete bitstream(id=" + bitstreamId + ").");
log.error("User(" + context.getCurrentUser().getEmail() + ") is not allowed to delete bitstream(id=" + bitstreamId + ").");
return Response.status(Status.UNAUTHORIZED).build();
}
@@ -925,7 +925,7 @@ public class ItemsResource extends Resource
try
{
context = createContext(getUser(headers));
context = createContext();
Iterator<org.dspace.content.Item> itemIterator = itemService.findByMetadataField(context, metadataEntry.getSchema(), metadataEntry.getElement(), metadataEntry.getQualifier(), metadataEntry.getValue());

18
dspace-rest/src/main/java/org/dspace/rest/MetadataRegistryResource.java
View File

@@ -97,7 +97,7 @@ public class MetadataRegistryResource extends Resource
try
{
context = createContext(getUser(headers));
context = createContext();
List<org.dspace.content.MetadataSchema> schemas = metadataSchemaService.findAll(context);
metadataSchemas = new ArrayList<MetadataSchema>();
@@ -158,7 +158,7 @@ public class MetadataRegistryResource extends Resource
try
{
context = createContext(getUser(headers));
context = createContext();
org.dspace.content.MetadataSchema schema = metadataSchemaService.find(context, schemaPrefix);
metadataSchema = new MetadataSchema(schema, expand, context);
@@ -258,7 +258,7 @@ public class MetadataRegistryResource extends Resource
try
{
context = createContext(getUser(headers));
context = createContext();
org.dspace.content.MetadataSchema schema = metadataSchemaService.find(context, schemaPrefix);
@@ -327,7 +327,7 @@ public class MetadataRegistryResource extends Resource
try
{
context = createContext(getUser(headers));
context = createContext();
org.dspace.content.MetadataField field = metadataFieldService.find(context, fieldId);
if (field == null) {
@@ -391,7 +391,7 @@ public class MetadataRegistryResource extends Resource
try
{
context = createContext(getUser(headers));
context = createContext();
if (!authorizeService.isAdmin(context))
{
@@ -479,7 +479,7 @@ public class MetadataRegistryResource extends Resource
try
{
context = createContext(getUser(headers));
context = createContext();
if (!authorizeService.isAdmin(context))
{
@@ -570,7 +570,7 @@ public class MetadataRegistryResource extends Resource
try
{
context = createContext(getUser(headers));
context = createContext();
org.dspace.content.MetadataField dspaceField = metadataFieldService.find(context, fieldId);
if (field == null) {
@@ -645,7 +645,7 @@ public class MetadataRegistryResource extends Resource
try
{
context = createContext(getUser(headers));
context = createContext();
org.dspace.content.MetadataField dspaceField = metadataFieldService.find(context, fieldId);
if (dspaceField == null) {
@@ -711,7 +711,7 @@ public class MetadataRegistryResource extends Resource
try
{
context = createContext(getUser(headers));
context = createContext();
org.dspace.content.MetadataSchema dspaceSchema = metadataSchemaService.find(context, schemaId);
if (dspaceSchema == null) {

57
dspace-rest/src/main/java/org/dspace/rest/Resource.java
View File

@@ -7,22 +7,35 @@
*/
package org.dspace.rest;
import java.net.CookieHandler;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Cookie;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Response;
import org.apache.commons.lang3.StringUtils;
import org.apache.log4j.Logger;
import org.dspace.content.DSpaceObject;
import org.dspace.core.Context;
import org.dspace.eperson.EPerson;
import org.dspace.eperson.factory.EPersonServiceFactory;
import org.dspace.rest.exceptions.ContextException;
import org.dspace.services.factory.DSpaceServicesFactory;
import org.dspace.usage.UsageEvent;
import org.dspace.utils.DSpace;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
/**
* Superclass of all resource classes in REST API. It has methods for creating
@@ -64,14 +77,18 @@ public class Resource
* log in. Can be caused by AuthorizeException if there was a
* problem authorizing the found user.
*/
protected static org.dspace.core.Context createContext(EPerson person) throws ContextException
{
protected static org.dspace.core.Context createContext() throws ContextException, SQLException {
org.dspace.core.Context context = new org.dspace.core.Context();
//context.getDBConnection().setAutoCommit(false); // Disable autocommit.
if (person != null)
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if(authentication != null)
{
context.setCurrentUser(person);
Collection<SimpleGrantedAuthority> specialGroups = (Collection<SimpleGrantedAuthority>) authentication.getAuthorities();
for (SimpleGrantedAuthority grantedAuthority : specialGroups) {
context.setSpecialGroup(EPersonServiceFactory.getInstance().getGroupService().findByName(context, grantedAuthority.getAuthority()).getID());
}
context.setCurrentUser(EPersonServiceFactory.getInstance().getEPersonService().findByEmail(context, authentication.getName()));
}
return context;
@@ -218,36 +235,4 @@ public class Resource
return actionStr;
}
/**
* Return EPerson based on stored token in headers under
* "rest-dspace-token".
*
* @param headers
* Only must have "rest-api-token" for successfull return of
* user.
* @return Return EPerson logged under token in headers. If token was wrong
* or header rest-dspace-token was missing, returns null.
*/
protected static EPerson getUser(HttpHeaders headers)
{
List<String> list = headers.getRequestHeader(TokenHolder.TOKEN_HEADER);
String token = null;
if ((list != null) && (list.size() > 0))
{
token = list.get(0);
return TokenHolder.getEPerson(token);
}
return null;
}
protected static String getToken(HttpHeaders headers) {
List<String> list = headers.getRequestHeader(TokenHolder.TOKEN_HEADER);
String token = null;
if ((list != null) && (list.size() > 0))
{
token = list.get(0);
return token;
}
return null;
}
}

100
dspace-rest/src/main/java/org/dspace/rest/RestIndex.java
View File

@@ -7,9 +7,10 @@
*/
package org.dspace.rest;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.sql.SQLException;
import java.util.List;
import java.util.Iterator;
import javax.servlet.ServletContext;
import javax.ws.rs.Consumes;
@@ -17,18 +18,21 @@ import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.*;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import org.apache.commons.lang3.StringUtils;
import org.apache.log4j.Logger;
import org.dspace.authenticate.AuthenticationMethod;
import org.dspace.authenticate.ShibAuthentication;
import org.dspace.authenticate.factory.AuthenticateServiceFactory;
import org.dspace.authenticate.service.AuthenticationService;
import org.dspace.eperson.EPerson;
import org.dspace.eperson.factory.EPersonServiceFactory;
import org.dspace.eperson.service.EPersonService;
import org.dspace.rest.common.Status;
import org.dspace.rest.common.User;
import org.dspace.rest.exceptions.ContextException;
import org.dspace.utils.DSpace;
/**
* Root of RESTful api. It provides login and logout. Also have method for
@@ -159,27 +163,64 @@ public class RestIndex {
/**
* Method to login a user into REST API.
*
* @param user
* User which will be logged in to REST API.
* @return Returns response code OK and a token. Otherwise returns response
* code FORBIDDEN(403).
*/
@POST
@Path("/login")
@Consumes({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
public Response login(User user)
public Response login()
{
String token = TokenHolder.login(user);
if (token == null)
{
log.info("REST Login Attempt failed for user: " + user.getEmail());
return Response.status(Response.Status.FORBIDDEN).build();
} else {
log.info("REST Login Success for user: " + user.getEmail());
return Response.ok(token, "text/plain").build();
}
//If you can get here, you are authenticated, the actual login is handled by spring security
return Response.ok().build();
}
@GET
@Path("/shibboleth-login")
@Consumes({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
public Response shibbolethLogin()
{
//If you can get here, you are authenticated, the actual login is handled by spring security
return Response.ok().build();
}
@GET
@Path("/login-shibboleth")
@Consumes({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
public Response shibbolethLoginEndPoint()
{
org.dspace.core.Context context = null;
try {
context = Resource.createContext();
AuthenticationService authenticationService = AuthenticateServiceFactory.getInstance().getAuthenticationService();
Iterator<AuthenticationMethod> authenticationMethodIterator = authenticationService.authenticationMethodIterator();
while(authenticationMethodIterator.hasNext())
{
AuthenticationMethod authenticationMethod = authenticationMethodIterator.next();
if(authenticationMethod instanceof ShibAuthentication)
{
//TODO: Perhaps look for a better way of handling this ?
org.dspace.services.model.Request currentRequest = new DSpace().getRequestService().getCurrentRequest();
String loginPageURL = authenticationMethod.loginPageURL(context, currentRequest.getHttpServletRequest(), currentRequest.getHttpServletResponse());
if(StringUtils.isNotBlank(loginPageURL))
{
currentRequest.getHttpServletResponse().sendRedirect(loginPageURL);
}
}
}
context.abort();
} catch (ContextException | SQLException | IOException e) {
Resource.processException("Shibboleth endpoint error: " + e.getMessage(), context);
} finally {
if(context != null && context.isValid())
{
context.abort();
}
}
return Response.ok().build();
}
/**
* Method to logout a user from DSpace REST API. Removes the token and user from
* TokenHolder.
@@ -195,24 +236,7 @@ public class RestIndex {
@Consumes({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
public Response logout(@Context HttpHeaders headers)
{
List<String> list = headers.getRequestHeader(TokenHolder.TOKEN_HEADER);
String token = null;
boolean logout = false;
EPerson ePerson = null;
if (list != null)
{
token = list.get(0);
ePerson = TokenHolder.getEPerson(token);
logout = TokenHolder.logout(token);
}
if ((token == null) || (!logout))
{
return Response.status(Response.Status.BAD_REQUEST).build();
}
if(ePerson != null) {
log.info("REST Logout: " + ePerson.getEmail());
}
//If you can get here, you are logged out, this actual logout is handled by spring security
return Response.ok().build();
}
@@ -233,14 +257,14 @@ public class RestIndex {
org.dspace.core.Context context = null;
try {
context = Resource.createContext(Resource.getUser(headers));
context = Resource.createContext();
EPerson ePerson = context.getCurrentUser();
if(ePerson != null) {
//DB EPerson needed since token won't have full info, need context
EPerson dbEPerson = epersonService.findByEmail(context, ePerson.getEmail());
String token = Resource.getToken(headers);
Status status = new Status(dbEPerson.getEmail(), dbEPerson.getFullName(), token);
Status status = new Status(dbEPerson.getEmail(), dbEPerson.getFullName());
return status;
}

162
dspace-rest/src/main/java/org/dspace/rest/TokenHolder.java
View File

@@ -1,162 +0,0 @@
/**
* The contents of this file are subject to the license and copyright
* detailed in the LICENSE and NOTICE files at the root of the source
* tree and available online at
*
* http://www.dspace.org/license/
*/
package org.dspace.rest;
import java.sql.SQLException;
import java.util.UUID;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Response;
import com.google.common.collect.BiMap;
import com.google.common.collect.HashBiMap;
import org.apache.log4j.Logger;
import org.dspace.authenticate.AuthenticationMethod;
import org.dspace.authenticate.factory.AuthenticateServiceFactory;
import org.dspace.authenticate.service.AuthenticationService;
import org.dspace.core.Context;
import org.dspace.eperson.EPerson;
import org.dspace.eperson.factory.EPersonServiceFactory;
import org.dspace.eperson.service.EPersonService;
import org.dspace.rest.common.User;
/**
* This class provide token generation, token holding and logging user into rest
* api. For login use method login with class org.dspace.rest.common.User. If
* you want to be deleted from holder, use method for logout.
*
* @author Rostislav Novak (Computing and Information Centre, CTU in Prague)
*/
public class TokenHolder
{
private static final Logger log = Logger.getLogger(TokenHolder.class);
public static String TOKEN_HEADER = "rest-dspace-token";
/**
* Collection holding the auth-token, and the corresponding EPerson's UUID
*/
private static BiMap<String, UUID> tokenPersons = HashBiMap.create();
/**
* Login user into rest api. It check user credentials if they are okay.
*
* @param user
* User which will be logged into rest api.
* @return Returns generated token, which must be used in request header
* under rest-api-token. If password is bad or user does not exist,
* it returns NULL.
* @throws WebApplicationException
* It is thrown by SQLException if user could not be read from
* database. And by Authorization exception if context has not
* permission to read eperson.
*/
public static String login(User user) throws WebApplicationException
{
AuthenticationService authenticationService = AuthenticateServiceFactory.getInstance().getAuthenticationService();
EPersonService epersonService = EPersonServiceFactory.getInstance().getEPersonService();
org.dspace.core.Context context = null;
String token = null;
try
{
context = new org.dspace.core.Context();
int status = authenticationService.authenticate(context, user.getEmail(), user.getPassword(), null, null);
if (status == AuthenticationMethod.SUCCESS)
{
EPerson ePerson = epersonService.findByEmail(context, user.getEmail());
synchronized (TokenHolder.class) {
if (tokenPersons.inverse().containsKey(ePerson.getID())) {
token = tokenPersons.inverse().get(ePerson.getID());
} else {
token = generateToken();
tokenPersons.put(token, ePerson.getID());
}
}
}
log.trace("User(" + user.getEmail() + ") has been logged in.");
context.complete();
}
catch (SQLException e)
{
context.abort();
log.error("Could not read user from database. Message:" + e);
throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
}
finally
{
if ((context != null) && (context.isValid()))
{
context.abort();
log.error("Something get wrong. Aborting context in finally statement.");
throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
}
}
return token;
}
/**
* Return EPerson for log into context.
*
* @param token
* Token under which is stored eperson.
* @return Return instance of EPerson if is token right, otherwise it
* returns NULL.
*/
public static synchronized EPerson getEPerson(String token)
{
try {
EPersonService epersonService = EPersonServiceFactory.getInstance().getEPersonService();
UUID epersonID = tokenPersons.get(token);
Context context = new Context();
return epersonService.find(context, epersonID);
} catch (SQLException e) {
log.error(e);
return null;
}
}
/**
* Logout user from rest api. It delete token and EPerson from TokenHolder.
*
* @param token
* Token under which is stored eperson.
* @return Return true if was all okay, otherwise return false.
*/
public static synchronized boolean logout(String token)
{
if ((token == null) || (! tokenPersons.containsKey(token)))
{
return false;
}
UUID personID = tokenPersons.remove(token);
if (personID == null)
{
return false;
}
return true;
}
/**
* It generates unique token.
*
* @return String filled with unique token.
*/
private static String generateToken()
{
return UUID.randomUUID().toString();
}
}

109
dspace-rest/src/main/java/org/dspace/rest/authentication/DSpaceAuthenticationProvider.java Normal file
View File

@@ -0,0 +1,109 @@
/**
* The contents of this file are subject to the license and copyright
* detailed in the LICENSE and NOTICE files at the root of the source
* tree and available online at
*
* http://www.dspace.org/license/
*/
package org.dspace.rest.authentication;
import org.apache.log4j.Logger;
import org.dspace.authenticate.AuthenticationMethod;
import org.dspace.authenticate.factory.AuthenticateServiceFactory;
import org.dspace.authenticate.service.AuthenticationService;
import org.dspace.core.Context;
import org.dspace.core.LogManager;
import org.dspace.eperson.Group;
import org.dspace.utils.DSpace;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import javax.servlet.http.HttpServletRequest;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.List;
/**
* The core authentication & authorization provider, this provider is called when logging in & will process
*
* @author Roeland Dillen (roeland at atmire dot com)
* @author kevinvandevelde at atmire.com
*
* @deprecated This provider handles both the authorization as well as the authentication,
* due to the way that the DSpace authentication is implemented there is currently no other way to do this.
*/
@Deprecated
public class DSpaceAuthenticationProvider implements AuthenticationProvider {
private static Logger log = Logger.getLogger(DSpaceAuthenticationProvider.class);
protected AuthenticationService authenticationService = AuthenticateServiceFactory.getInstance().getAuthenticationService();
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
Context context = null;
try {
context = new Context();
String name = authentication.getName();
String password = authentication.getCredentials().toString();
HttpServletRequest httpServletRequest = new DSpace().getRequestService().getCurrentRequest().getHttpServletRequest();
List<SimpleGrantedAuthority> grantedAuthorities = new ArrayList<>();
int implicitStatus = authenticationService.authenticateImplicit(context, null, null, null, httpServletRequest);
if (implicitStatus == AuthenticationMethod.SUCCESS) {
log.info(LogManager.getHeader(context, "login", "type=implicit"));
addSpecialGroupsToGrantedAuthorityList(context, httpServletRequest, grantedAuthorities);
return new UsernamePasswordAuthenticationToken(name, password, grantedAuthorities);
} else {
int authenticateResult = authenticationService.authenticate(context, name, password, null, httpServletRequest);
if (AuthenticationMethod.SUCCESS == authenticateResult) {
addSpecialGroupsToGrantedAuthorityList(context, httpServletRequest, grantedAuthorities);
log.info(LogManager
.getHeader(context, "login", "type=explicit"));
return new UsernamePasswordAuthenticationToken(name, password, grantedAuthorities);
} else {
log.info(LogManager.getHeader(context, "failed_login", "email="
+ name + ", result="
+ authenticateResult));
throw new BadCredentialsException("Login failed");
}
}
} catch (BadCredentialsException e)
{
throw e;
} catch (Exception e) {
log.error("Error while authenticating in the rest api", e);
} finally {
if (context != null && context.isValid()) {
try {
context.complete();
} catch (SQLException e) {
log.error(e.getMessage() + " occurred while trying to close", e);
}
}
}
return null;
}
protected void addSpecialGroupsToGrantedAuthorityList(Context context, HttpServletRequest httpServletRequest, List<SimpleGrantedAuthority> grantedAuthorities) throws SQLException {
List<Group> groups = authenticationService.getSpecialGroups(context, httpServletRequest);
for (Group group : groups) {
grantedAuthorities.add(new SimpleGrantedAuthority(group.getName()));
}
}
@Override
public boolean supports(Class<?> authentication) {
return (UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication));
}
}

41
dspace-rest/src/main/java/org/dspace/rest/authentication/NoRedirectAuthenticationLoginSuccessHandler.java Normal file
View File

@@ -0,0 +1,41 @@
/**
* The contents of this file are subject to the license and copyright
* detailed in the LICENSE and NOTICE files at the root of the source
* tree and available online at
*
* http://www.dspace.org/license/
*/
package org.dspace.rest.authentication;
import org.springframework.security.web.RedirectStrategy;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
import javax.annotation.PostConstruct;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* @author kevinvandevelde at atmire.com
*
* Spring redirects to the home page after a successfull login. This success handles ensures that this is NOT the case.
*/
public class NoRedirectAuthenticationLoginSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
@PostConstruct
public void afterPropertiesSet() {
setRedirectStrategy(new NoRedirectStrategy());
}
protected class NoRedirectStrategy implements RedirectStrategy {
@Override
public void sendRedirect(HttpServletRequest request,
HttpServletResponse response, String url) throws IOException {
// no redirect
}
}
}

39
dspace-rest/src/main/java/org/dspace/rest/authentication/NoRedirectAuthenticationLogoutSuccessHandler.java Normal file
View File

@@ -0,0 +1,39 @@
/**
* The contents of this file are subject to the license and copyright
* detailed in the LICENSE and NOTICE files at the root of the source
* tree and available online at
*
* http://www.dspace.org/license/
*/
package org.dspace.rest.authentication;
import org.springframework.security.web.RedirectStrategy;
import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler;
import javax.annotation.PostConstruct;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* @author kevinvandevelde at atmire.com
*
* Spring redirects to the home page after a successfull logout. This success handles ensures that this is NOT the case.
*/
public class NoRedirectAuthenticationLogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler {
@PostConstruct
public void afterPropertiesSet() {
setRedirectStrategy(new NoRedirectStrategy());
}
protected class NoRedirectStrategy implements RedirectStrategy {
@Override
public void sendRedirect(HttpServletRequest request,
HttpServletResponse response, String url) throws IOException {
// no redirect
}
}
}

32
dspace-rest/src/main/java/org/dspace/rest/common/Status.java
View File

@@ -29,17 +29,7 @@ public class Status
private String sourceVersion;
private String apiVersion;
public String getToken() {
return token;
}
public void setToken(String token) {
this.token = token;
}
private String token;
public void setCommonProps() {
public Status() {
setOkay(true);
setSourceVersion(Util.getSourceVersion());
@@ -49,27 +39,21 @@ public class Status
setAuthenticated(false);
}
public Status() {
setCommonProps();
}
public Status(String email, String fullname, String token) {
setCommonProps();
public Status(String email, String fullname) {
setOkay(true);
setAuthenticated(true);
setEmail(email);
setFullname(fullname);
setToken(token);
}
public Status(EPerson eperson, String token) {
setCommonProps();
if (eperson != null) {
public Status(EPerson eperson) {
setOkay(true);
if(eperson != null) {
setAuthenticated(true);
setEmail(eperson.getEmail());
setFullname(eperson.getFullName());
setToken(token);
} else {
setAuthenticated(false);
}
}

56
dspace-rest/src/main/java/org/dspace/rest/common/User.java
View File

@@ -1,56 +0,0 @@
/**
* The contents of this file are subject to the license and copyright
* detailed in the LICENSE and NOTICE files at the root of the source
* tree and available online at
*
* http://www.dspace.org/license/
*/
package org.dspace.rest.common;
import javax.xml.bind.annotation.XmlRootElement;
/**
* Class for handle login information for POST request.
*
* @author Rostislav Novak (Computing and Information Centre, CTU in Prague)
*
*/
@XmlRootElement(name = "user")
public class User
{
private String email;
private String password;
public User()
{
}
public User(String email, String password)
{
this.email = email;
this.password = password;
}
public String getEmail()
{
return email;
}
public void setEmail(String email)
{
this.email = email;
}
public String getPassword()
{
return password;
}
public void setPassword(String password)
{
this.password = password;
}
}

73
dspace-rest/src/main/webapp/WEB-INF/security-applicationContext.xml Normal file
View File

@@ -0,0 +1,73 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
The contents of this file are subject to the license and copyright
detailed in the LICENSE and NOTICE files at the root of the source
tree and available online at
http://www.dspace.org/license/
-->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
<context:annotation-config/>
<!--
Every url in the rest will pass through these filters, login & shibboleth-login will trigger an authentication attempt.
-->
<bean id="springSecurityFilterChain" class="org.springframework.security.web.FilterChainProxy">
<security:filter-chain-map path-type="ant">
<security:filter-chain pattern="/login" filters="sif,passwordLoginAuthenticationFilter"/>
<security:filter-chain pattern="/shibboleth-login" filters="sif,passwordLoginAuthenticationFilter"/>
<security:filter-chain pattern="/logout" filters="sif,logoutFilter" />
<security:filter-chain pattern="/**" filters="sif"/>
</security:filter-chain-map>
</bean>
<!-- Creates the spring security context object based on what was there previously -->
<bean id="sif" class="org.springframework.security.web.context.SecurityContextPersistenceFilter" />
<!--Authentication filter for login -->
<bean id="passwordLoginAuthenticationFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
<!--Custom DSpace authentication manager, will handle the actual login-->
<property name="authenticationManager" ref="dspaceAuthenticationManager"/>
<!-- Ensures that after login no redirect is made to the home page, the rest will return a 200 status code -->
<property name="authenticationSuccessHandler" ref="org.dspace.rest.authentication.NoRedirectAuthenticationLoginSuccessHandler"/>
<property name="usernameParameter" value="email"/>
<property name="passwordParameter" value="password"/>
<property name="postOnly" value="false"/>
<!--Match on any request-->
<property name="requiresAuthenticationRequestMatcher" ref="org.springframework.security.web.util.matcher.AnyRequestMatcher"/>
</bean>
<security:authentication-manager alias="dspaceAuthenticationManager">
<security:authentication-provider ref='dspaceAuthenticationProvider'/>
</security:authentication-manager>
<!-- Custom DSpace authentication provider, this bean is responsible to login the user, it is triggered by calling the "passwordLoginAuthenticationFilter" -->
<bean class="org.dspace.rest.authentication.DSpaceAuthenticationProvider" id="dspaceAuthenticationProvider" lazy-init="true" />
<!--Filter for logout, destroys the spring security context-->
<bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
<constructor-arg index="0" ref="org.dspace.rest.authentication.NoRedirectAuthenticationLogoutSuccessHandler" />
<constructor-arg index="1">
<list>
<bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
</list>
</constructor-arg>
<!--Match on any request-->
<property name="logoutRequestMatcher" ref="org.springframework.security.web.util.matcher.AnyRequestMatcher"/>
</bean>
<!--Utility beans-->
<bean id="org.springframework.security.web.util.matcher.AnyRequestMatcher" class="org.springframework.security.web.util.matcher.AnyRequestMatcher"/>
<bean id="org.dspace.rest.authentication.NoRedirectAuthenticationLoginSuccessHandler" class="org.dspace.rest.authentication.NoRedirectAuthenticationLoginSuccessHandler"/>
<bean id="org.dspace.rest.authentication.NoRedirectAuthenticationLogoutSuccessHandler" class="org.dspace.rest.authentication.NoRedirectAuthenticationLogoutSuccessHandler"/>
</beans>

29
dspace-rest/src/main/webapp/WEB-INF/web.xml
View File

@@ -14,6 +14,28 @@
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="WebApp_ID" version="2.5">
<filter>
<filter-name>dspace.request</filter-name>
<filter-class>org.dspace.utils.servlet.DSpaceWebappServletFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>dspace.request</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>DSpace REST API</servlet-name>
<servlet-class>
@@ -59,12 +81,9 @@
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext.xml
/WEB-INF/applicationContext.xml,
/WEB-INF/security-applicationContext.xml
</param-value>
<!--
Add this context if using Spring Security
/WEB-INF/applicationContext-security.xml
-->
</context-param>
<listener>

3
dspace-rest/src/test/java/org/dspace/rest/common/TestJAXBSchema.java
View File

@@ -53,8 +53,7 @@ public class TestJAXBSchema {
Item.class,
MetadataEntry.class,
ResourcePolicy.class,
Status.class,
User.class
Status.class
);
context.generateSchema(resolver);

10
dspace-rest/src/test/resources/org/dspace/rest/common/expected_xsd0.xsd
View File

@@ -17,8 +17,6 @@
<xs:element name="status" type="status"/>
<xs:element name="user" type="user"/>
<xs:complexType name="bitstream">
<xs:complexContent>
<xs:extension base="dSpaceObject">
@@ -142,14 +140,6 @@
<xs:element name="fullname" type="xs:string" minOccurs="0"/>
<xs:element name="okay" type="xs:boolean"/>
<xs:element name="sourceVersion" type="xs:string" minOccurs="0"/>
<xs:element name="token" type="xs:string" minOccurs="0"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="user">
<xs:sequence>
<xs:element name="email" type="xs:string" minOccurs="0"/>
<xs:element name="password" type="xs:string" minOccurs="0"/>
</xs:sequence>
</xs:complexType>