Package digilib.auth

Class OpenIdAuthnOps

java.lang.Object
digilib.auth.OpenIdAuthnOps
All Implemented Interfaces:
AuthnOps
public class OpenIdAuthnOps extends Object implements AuthnOps
Implements AuthnOps using an OpenId Connect ID token. The name of the configuration file is read from the digilib config parameter "auth-file". The tag "digilib-oauth" is read from the configuration file: 
  
 
 <digilib-oauth>
   <openid issuer="https://id.some.where" clientid="myclient" roles="someusers" keytype="jwk">
     {"kty":"RSA","e":"AQAB","kid":"rsa1","n":"qjQ5U3wXzamg9R...idGpIiVilMDVBs"}
   </openid>
 </digilib-oauth>
A request with an "id_token" parameter containing a valid token signed with the configured key including the configured issuer (iss) and clientid (aud) is granted the configured roles.

  • Field Details

    • logger

      protected static final org.slf4j.Logger logger
      general logger for this class

    • configFile

      protected File configFile

    • firstPassJwtConsumer

      protected org.jose4j.jwt.consumer.JwtConsumer firstPassJwtConsumer
      JwtConsumer to parse the token without validation to extract the issuer

    • idpJwtConsumers

      protected Map<String,org.jose4j.jwt.consumer.JwtConsumer> idpJwtConsumers
      Map of validating JwtConsumers by issuer (URL)

    • idpRoles

      protected Map<String,List<String>> idpRoles
      Map of (List of) roles by issuer (URL)

    • tokenCookieName

      protected String tokenCookieName
      Name of the cookie that contains the token

  • Constructor Details

    • OpenIdAuthnOps

      public OpenIdAuthnOps()

  • Method Details

    • init

      public void init(DigilibConfiguration dlConfig) throws AuthOpException
      Description copied from interface: AuthnOps
      Configure this AuthnOps instance.
      Specified by:
      init in interface AuthnOps
      Parameters:
      dlConfig - current DigilibConfiguration
      Throws:
      AuthOpException - Exception thrown on error.

    • hasUserRoles

      public boolean hasUserRoles()
      Description copied from interface: AuthnOps
      Return if the implementation supports getUserRoles().
      Specified by:
      hasUserRoles in interface AuthnOps
      Returns:
      true if the implementation supports getUserRoles().

    • getUserRoles

      public List<String> getUserRoles(DigilibRequest request) throws AuthOpException
      Description copied from interface: AuthnOps
      Return the list of roles associated with the user represented by request. Returns null if a list of roles is not available. Users of this API should check hasUserRoles().
      Specified by:
      getUserRoles in interface AuthnOps
      Parameters:
      request - current DigilibRequest
      Returns:
      list of user's roles
      Throws:
      AuthOpException - Exception thrown on error.

    • isUserInRole

      public boolean isUserInRole(DigilibRequest request, String role) throws AuthOpException
      Description copied from interface: AuthnOps
      Test if the user represented by request has the given role.
      Specified by:
      isUserInRole in interface AuthnOps
      Parameters:
      request - Request with user information.
      role - role to be tested.
      Returns:
      true if the user has the role.
      Throws:
      AuthOpException - Exception thrown on error.