Package digilib.auth

Class IpOpenIdAuthnOps

  • All Implemented Interfaces:
    AuthnOps

    public class IpOpenIdAuthnOps
    extends IpAuthnOps
    Implements AuthnOps using IP adresses defined in an XML config file and an OpenId Connect ID token. The name of the configuration file is read from the digilib config parameter "auth-file". The tags "digilib-adresses" and "digilib-oauth" are read from the configuration file:
      
     
     <digilib-addresses>
       <address ip="130.92.68" role="eastwood-coll,ptolemaios-geo" />
       <address ip="130.92.151" role="wtwg" />
       <address ip="0:0:0:0:0:0:0:1" role="local" />
     </digilib-addresses>
     
     <digilib-oauth>
       <openid issuer="https://id.some.where" clientid="myclient" roles="someusers" keytype="jwk">
         {"kty":"RSA","e":"AQAB","kid":"rsa1","n":"qjQ5U3wXzamg9R...idGpIiVilMDVBs"}
       </openid>
     </digilib-oauth>
     
     
    A computer with an ip address that matches "ip" is automatically granted all roles under "role". The ip address is matched from the left (in full quads). Roles under "role" must be separated by comma only (no spaces). If roles provided by IP are not sufficient it uses the "id_token" parameter containing a valid token signed with the configured key including the configured issuer (iss) and clientid (aud) to grant the configured roles.
    • Field Detail

      • logger

        protected static final org.slf4j.Logger logger
    • Constructor Detail

      • IpOpenIdAuthnOps

        public IpOpenIdAuthnOps()
    • Method Detail

      • init

        public void init​(DigilibConfiguration dlConfig)
                  throws AuthOpException
        Description copied from class: IpAuthnOps
        Initialize authentication operations. Reads tag "digilib-adresses" from configuration file and sets up authentication arrays.
        Specified by:
        init in interface AuthnOps
        Overrides:
        init in class IpAuthnOps
        Parameters:
        dlConfig - current DigilibConfiguration
        Throws:
        AuthOpException - Exception thrown on error.
      • getUserRoles

        public List<String> getUserRoles​(DigilibRequest dlRequest)
                                  throws AuthOpException
        Description copied from interface: AuthnOps
        Return the list of roles associated with the user represented by request. Returns null if a list of roles is not available. Users of this API should check hasUserRoles().
        Specified by:
        getUserRoles in interface AuthnOps
        Overrides:
        getUserRoles in class IpAuthnOps
        Parameters:
        dlRequest - current DigilibRequest
        Returns:
        list of user's roles
        Throws:
        AuthOpException - Exception thrown on error.