Package digilib.auth
Class IpOpenIdAuthnOps
java.lang.Object
digilib.auth.IpAuthnOps
digilib.auth.IpOpenIdAuthnOps
- All Implemented Interfaces:
AuthnOps
Implements AuthnOps using IP adresses defined in an XML config file and an OpenId Connect ID token.
The name of the configuration file is read from the digilib config parameter "auth-file".
The tags "digilib-adresses" and "digilib-oauth" are read from the configuration file:
<digilib-addresses>
<address ip="130.92.68" role="eastwood-coll,ptolemaios-geo" />
<address ip="130.92.151" role="wtwg" />
<address ip="0:0:0:0:0:0:0:1" role="local" />
</digilib-addresses>
<digilib-oauth>
<openid issuer="https://id.some.where" clientid="myclient" roles="someusers" keytype="jwk">
{"kty":"RSA","e":"AQAB","kid":"rsa1","n":"qjQ5U3wXzamg9R...idGpIiVilMDVBs"}
</openid>
</digilib-oauth>
A computer with an ip address that matches "ip" is automatically granted all roles under "role".
The ip address is matched from the left (in full quads). Roles under "role" must be separated by comma only (no spaces).
If roles provided by IP are not sufficient it uses the "id_token" parameter containing a valid token signed with the configured key
including the configured issuer (iss) and clientid (aud) to grant the configured roles.-
Field Summary
FieldsModifier and TypeFieldDescriptionprotected static final org.slf4j.Logger
protected OpenIdAuthnOps
Fields inherited from class digilib.auth.IpAuthnOps
authIP4s, authIP6s, configFile
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptiongetUserRoles
(DigilibRequest dlRequest) Return the list of roles associated with the user represented by request.void
init
(DigilibConfiguration dlConfig) Initialize authentication operations.Methods inherited from class digilib.auth.IpAuthnOps
hasUserRoles, isUserInRole
-
Field Details
-
logger
protected static final org.slf4j.Logger logger -
openIdAuthnOps
-
-
Constructor Details
-
IpOpenIdAuthnOps
public IpOpenIdAuthnOps()
-
-
Method Details
-
init
Description copied from class:IpAuthnOps
Initialize authentication operations. Reads tag "digilib-adresses" from configuration file and sets up authentication arrays.- Specified by:
init
in interfaceAuthnOps
- Overrides:
init
in classIpAuthnOps
- Parameters:
dlConfig
- current DigilibConfiguration- Throws:
AuthOpException
- Exception thrown on error.
-
getUserRoles
Description copied from interface:AuthnOps
Return the list of roles associated with the user represented by request. Returns null if a list of roles is not available. Users of this API should check hasUserRoles().- Specified by:
getUserRoles
in interfaceAuthnOps
- Overrides:
getUserRoles
in classIpAuthnOps
- Parameters:
dlRequest
- current DigilibRequest- Returns:
- list of user's roles
- Throws:
AuthOpException
- Exception thrown on error.
-