IpOpenIdAuthnOps (digilib 2.12.4 API)

java.lang.Object
- digilib.auth.IpAuthnOps
- - digilib.auth.IpOpenIdAuthnOps

All Implemented Interfaces:

AuthnOps
```
public class IpOpenIdAuthnOps
extends IpAuthnOps
```
Implements AuthnOps using IP adresses defined in an XML config file and an OpenId Connect ID token. The name of the configuration file is read from the digilib config parameter "auth-file". The tags "digilib-adresses" and "digilib-oauth" are read from the configuration file:
```
  
 
 <digilib-addresses>
   <address ip="130.92.68" role="eastwood-coll,ptolemaios-geo" />
   <address ip="130.92.151" role="wtwg" />
   <address ip="0:0:0:0:0:0:0:1" role="local" />
 </digilib-addresses>
 
 <digilib-oauth>
   <openid issuer="https://id.some.where" clientid="myclient" roles="someusers" keytype="jwk">
     {"kty":"RSA","e":"AQAB","kid":"rsa1","n":"qjQ5U3wXzamg9R...idGpIiVilMDVBs"}
   </openid>
 </digilib-oauth>
 
 
```
A computer with an ip address that matches "ip" is automatically granted all roles under "role". The ip address is matched from the left (in full quads). Roles under "role" must be separated by comma only (no spaces). If roles provided by IP are not sufficient it uses the "id_token" parameter containing a valid token signed with the configured key including the configured issuer (iss) and clientid (aud) to grant the configured roles.

Field Summary

Fields
Modifier and Type Field Description

protected static org.slf4j.Logger logger

protected OpenIdAuthnOps openIdAuthnOps
- Fields inherited from class digilib.auth.IpAuthnOps
  authIP4s, authIP6s, configFile

Constructor Summary

Constructors
Constructor Description

IpOpenIdAuthnOps()

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`List<String>`	`getUserRoles(DigilibRequest dlRequest)`	Return the list of roles associated with the user represented by request.
`void`	`init(DigilibConfiguration dlConfig)`	Initialize authentication operations.

Methods inherited from class digilib.auth.IpAuthnOps
hasUserRoles, isUserInRole

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - logger
```
protected static final org.slf4j.Logger logger
```
  - openIdAuthnOps
```
protected OpenIdAuthnOps openIdAuthnOps
```
- Constructor Detail
  - IpOpenIdAuthnOps
```
public IpOpenIdAuthnOps()
```
- Method Detail
  - init
```
public void init(DigilibConfiguration dlConfig)
          throws AuthOpException
```
    Description copied from class: IpAuthnOps
    
    Initialize authentication operations. Reads tag "digilib-adresses" from configuration file and sets up authentication arrays.
    
    Specified by:
    
    init in interface AuthnOps
    
    Overrides:
    
    init in class IpAuthnOps
    
    Parameters:
    
    dlConfig - current DigilibConfiguration
    
    Throws:
    
    AuthOpException - Exception thrown on error.
  - getUserRoles
```
public List<String> getUserRoles(DigilibRequest dlRequest)
                          throws AuthOpException
```
    Description copied from interface: AuthnOps
    
    Return the list of roles associated with the user represented by request. Returns null if a list of roles is not available. Users of this API should check hasUserRoles().
    
    Specified by:
    
    getUserRoles in interface AuthnOps
    
    Overrides:
    
    getUserRoles in class IpAuthnOps
    
    Parameters:
    
    dlRequest - current DigilibRequest
    
    Returns:
    
    list of user's roles
    
    Throws:
    
    AuthOpException - Exception thrown on error.