Package digilib.auth

Class IpOpenIdAuthnOps

java.lang.Object
digilib.auth.IpAuthnOps
digilib.auth.IpOpenIdAuthnOps
All Implemented Interfaces:
AuthnOps

public class IpOpenIdAuthnOps extends IpAuthnOps
Implements AuthnOps using IP adresses defined in an XML config file and an OpenId Connect ID token. The name of the configuration file is read from the digilib config parameter "auth-file". The tags "digilib-adresses" and "digilib-oauth" are read from the configuration file:
  
 
 <digilib-addresses>
   <address ip="130.92.68" role="eastwood-coll,ptolemaios-geo" />
   <address ip="130.92.151" role="wtwg" />
   <address ip="0:0:0:0:0:0:0:1" role="local" />
 </digilib-addresses>
 
 <digilib-oauth>
   <openid issuer="https://id.some.where" clientid="myclient" roles="someusers" keytype="jwk">
     {"kty":"RSA","e":"AQAB","kid":"rsa1","n":"qjQ5U3wXzamg9R...idGpIiVilMDVBs"}
   </openid>
 </digilib-oauth>
 
 
A computer with an ip address that matches "ip" is automatically granted all roles under "role". The ip address is matched from the left (in full quads). Roles under "role" must be separated by comma only (no spaces). If roles provided by IP are not sufficient it uses the "id_token" parameter containing a valid token signed with the configured key including the configured issuer (iss) and clientid (aud) to grant the configured roles.
  • Field Details

    • logger

      protected static final org.slf4j.Logger logger
    • openIdAuthnOps

      protected OpenIdAuthnOps openIdAuthnOps
  • Constructor Details

    • IpOpenIdAuthnOps

      public IpOpenIdAuthnOps()
  • Method Details

    • init

      public void init(DigilibConfiguration dlConfig) throws AuthOpException
      Description copied from class: IpAuthnOps
      Initialize authentication operations. Reads tag "digilib-adresses" from configuration file and sets up authentication arrays.
      Specified by:
      init in interface AuthnOps
      Overrides:
      init in class IpAuthnOps
      Parameters:
      dlConfig - current DigilibConfiguration
      Throws:
      AuthOpException - Exception thrown on error.
    • getUserRoles

      public List<String> getUserRoles(DigilibRequest dlRequest) throws AuthOpException
      Description copied from interface: AuthnOps
      Return the list of roles associated with the user represented by request. Returns null if a list of roles is not available. Users of this API should check hasUserRoles().
      Specified by:
      getUserRoles in interface AuthnOps
      Overrides:
      getUserRoles in class IpAuthnOps
      Parameters:
      dlRequest - current DigilibRequest
      Returns:
      list of user's roles
      Throws:
      AuthOpException - Exception thrown on error.