Package digilib.auth

Class IpOpenIdAuthnOps

java.lang.Object

digilib.auth.IpAuthnOps

digilib.auth.IpOpenIdAuthnOps

All Implemented Interfaces:

AuthnOps

public class IpOpenIdAuthnOps
extends IpAuthnOps

Implements AuthnOps using IP adresses defined in an XML config file and an OpenId Connect ID token. The name of the configuration file is read from the digilib config parameter "auth-file". The tags "digilib-adresses" and "digilib-oauth" are read from the configuration file:

  
 
 <digilib-addresses>
   <address ip="130.92.68" role="eastwood-coll,ptolemaios-geo" />
   <address ip="130.92.151" role="wtwg" />
   <address ip="0:0:0:0:0:0:0:1" role="local" />
 </digilib-addresses>
 
 <digilib-oauth>
   <openid issuer="https://id.some.where" clientid="myclient" roles="someusers" keytype="jwk">
     {"kty":"RSA","e":"AQAB","kid":"rsa1","n":"qjQ5U3wXzamg9R...idGpIiVilMDVBs"}
   </openid>
 </digilib-oauth>
 
 

A computer with an ip address that matches "ip" is automatically granted all roles under "role". The ip address is matched from the left (in full quads). Roles under "role" must be separated by comma only (no spaces). If roles provided by IP are not sufficient it uses the "id_token" parameter containing a valid token signed with the configured key including the configured issuer (iss) and clientid (aud) to grant the configured roles.

Field Summary

Fields

Modifier and Type	Field	Description
protected static final org.slf4j.Logger	logger
protected OpenIdAuthnOps	openIdAuthnOps

Fields inherited from class digilib.auth.IpAuthnOps

authIP4s, authIP6s, configFile

Constructor Summary

Constructors

Constructor	Description
IpOpenIdAuthnOps()

Method Summary

Modifier and Type	Method	Description
List<String>	getUserRoles(DigilibRequest dlRequest)	Return the list of roles associated with the user represented by request.
void	init(DigilibConfiguration dlConfig)	Initialize authentication operations.

Methods inherited from class digilib.auth.IpAuthnOps

hasUserRoles, isUserInRole

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

logger

protected static final org.slf4j.Logger logger

openIdAuthnOps

protected OpenIdAuthnOps openIdAuthnOps

Constructor Details

IpOpenIdAuthnOps

public IpOpenIdAuthnOps()

Method Details

init

public void init(DigilibConfiguration dlConfig)
          throws AuthOpException

Description copied from class: IpAuthnOps

Initialize authentication operations. Reads tag "digilib-adresses" from configuration file and sets up authentication arrays.

Specified by:

init in interface AuthnOps

Overrides:

init in class IpAuthnOps

Parameters:

dlConfig - current DigilibConfiguration

Throws:

AuthOpException - Exception thrown on error.

getUserRoles

public List<String> getUserRoles(DigilibRequest dlRequest)
                          throws AuthOpException

Description copied from interface: AuthnOps

Return the list of roles associated with the user represented by request. Returns null if a list of roles is not available. Users of this API should check hasUserRoles().

Specified by:

getUserRoles in interface AuthnOps

Overrides:

getUserRoles in class IpAuthnOps

Parameters:

dlRequest - current DigilibRequest

Returns:

list of user's roles

Throws:

AuthOpException - Exception thrown on error.