Package digilib.auth
Class OpenIdAuthnOps
- java.lang.Object
-
- digilib.auth.OpenIdAuthnOps
-
- All Implemented Interfaces:
AuthnOps
public class OpenIdAuthnOps extends Object implements AuthnOps
Implements AuthnOps using an OpenId Connect ID token. The name of the configuration file is read from the digilib config parameter "auth-file". The tag "digilib-oauth" is read from the configuration file:<digilib-oauth> <openid issuer="https://id.some.where" clientid="myclient" roles="someusers" keytype="jwk"> {"kty":"RSA","e":"AQAB","kid":"rsa1","n":"qjQ5U3wXzamg9R...idGpIiVilMDVBs"} </openid> </digilib-oauth>
-
-
Field Summary
Fields Modifier and Type Field Description protected File
configFile
protected org.jose4j.jwt.consumer.JwtConsumer
firstPassJwtConsumer
JwtConsumer to parse the token without validation to extract the issuerprotected Map<String,org.jose4j.jwt.consumer.JwtConsumer>
idpJwtConsumers
Map of validating JwtConsumers by issuer (URL)protected Map<String,List<String>>
idpRoles
Map of (List of) roles by issuer (URL)protected static org.slf4j.Logger
logger
general logger for this classprotected String
tokenCookieName
Name of the cookie that contains the token
-
Constructor Summary
Constructors Constructor Description OpenIdAuthnOps()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description List<String>
getUserRoles(DigilibRequest request)
Return the list of roles associated with the user represented by request.boolean
hasUserRoles()
Return if the implementation supports getUserRoles().void
init(DigilibConfiguration dlConfig)
Configure this AuthnOps instance.boolean
isUserInRole(DigilibRequest request, String role)
Test if the user represented by request has the given role.
-
-
-
Field Detail
-
logger
protected static final org.slf4j.Logger logger
general logger for this class
-
configFile
protected File configFile
-
firstPassJwtConsumer
protected org.jose4j.jwt.consumer.JwtConsumer firstPassJwtConsumer
JwtConsumer to parse the token without validation to extract the issuer
-
idpJwtConsumers
protected Map<String,org.jose4j.jwt.consumer.JwtConsumer> idpJwtConsumers
Map of validating JwtConsumers by issuer (URL)
-
tokenCookieName
protected String tokenCookieName
Name of the cookie that contains the token
-
-
Method Detail
-
init
public void init(DigilibConfiguration dlConfig) throws AuthOpException
Description copied from interface:AuthnOps
Configure this AuthnOps instance.- Specified by:
init
in interfaceAuthnOps
- Parameters:
dlConfig
- current DigilibConfiguration- Throws:
AuthOpException
- Exception thrown on error.
-
hasUserRoles
public boolean hasUserRoles()
Description copied from interface:AuthnOps
Return if the implementation supports getUserRoles().- Specified by:
hasUserRoles
in interfaceAuthnOps
- Returns:
- true if the implementation supports getUserRoles().
-
getUserRoles
public List<String> getUserRoles(DigilibRequest request) throws AuthOpException
Description copied from interface:AuthnOps
Return the list of roles associated with the user represented by request. Returns null if a list of roles is not available. Users of this API should check hasUserRoles().- Specified by:
getUserRoles
in interfaceAuthnOps
- Parameters:
request
- current DigilibRequest- Returns:
- list of user's roles
- Throws:
AuthOpException
- Exception thrown on error.
-
isUserInRole
public boolean isUserInRole(DigilibRequest request, String role) throws AuthOpException
Description copied from interface:AuthnOps
Test if the user represented by request has the given role.- Specified by:
isUserInRole
in interfaceAuthnOps
- Parameters:
request
- Request with user information.role
- role to be tested.- Returns:
- true if the user has the role.
- Throws:
AuthOpException
- Exception thrown on error.
-
-