Package org.dspace.app.rest.security

Interface RestAuthenticationService

  • All Known Implementing Classes:
    JWTTokenRestAuthenticationServiceImpl
    @Service
public interface RestAuthenticationService
    Interface for a service that can provide authentication for the REST API
    Author:
    Frederic Van Reet (frederic dot vanreet at atmire dot com), Tom Desair (tom dot desair at atmire dot com)

    • Method Summary

      All Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      void addAuthenticationDataForUser​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, DSpaceAuthentication authentication, boolean addCookie)
      This method should be called after a successful authentication occurs.
      org.dspace.eperson.EPerson getAuthenticatedEPerson​(javax.servlet.http.HttpServletRequest request, org.dspace.core.Context context)
      Checks the current request for a valid authentication token.
      org.dspace.authenticate.service.AuthenticationService getAuthenticationService()
      Get access to the current AuthenticationService
      AuthenticationToken getShortLivedAuthenticationToken​(org.dspace.core.Context context, javax.servlet.http.HttpServletRequest request)
      Retrieve a short lived authentication token, this can be used (among other things) for file downloads
      String getWwwAuthenticateHeaderValue​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
      Return the value that should be passed in the WWWW-Authenticate header for 4xx responses to the client
      boolean hasAuthenticationData​(javax.servlet.http.HttpServletRequest request)
      Checks the current request for a valid authentication token.
      void invalidateAuthenticationCookie​(javax.servlet.http.HttpServletResponse res)
      Invalidate just the authentication Cookie (optionally created by addAuthenticationDataForUser()), while keeping the authentication token valid.
      void invalidateAuthenticationData​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.dspace.core.Context context)
      Invalidate the current authentication token/data in the request.

    • Method Detail

      • addAuthenticationDataForUser

        void addAuthenticationDataForUser​(javax.servlet.http.HttpServletRequest request,
                                  javax.servlet.http.HttpServletResponse response,
                                  DSpaceAuthentication authentication,
                                  boolean addCookie)
                           throws IOException
        This method should be called after a successful authentication occurs. It gathers the authentication data for the currently logged in user, adds it into the auth token & saves that token to the response (optionally in a cookie).
        Parameters:
        request - current request
        response - current response
        authentication - Authentication data generated by the authentication plugin
        addCookie - boolean, whether to save the generated auth token to a Cookie or not. Default is false. However, some authentication methods may require this information be saved to a cookie (even temporarily) in order to complete the login process (e.g. Shibboleth requires this)
        Throws:
        IOException

      • getShortLivedAuthenticationToken

        AuthenticationToken getShortLivedAuthenticationToken​(org.dspace.core.Context context,
                                                     javax.servlet.http.HttpServletRequest request)
        Retrieve a short lived authentication token, this can be used (among other things) for file downloads
        Parameters:
        context - the DSpace context
        request - The current client request
        Returns:
        An AuthenticationToken that contains a string with the token

      • getAuthenticatedEPerson

        org.dspace.eperson.EPerson getAuthenticatedEPerson​(javax.servlet.http.HttpServletRequest request,
                                                   org.dspace.core.Context context)
        Checks the current request for a valid authentication token. If found, extracts that token and obtains the currently logged in EPerson.
        Parameters:
        request - current request
        context - current DSpace Context
        Returns:
        EPerson of the logged in user (if auth token found), or null if no auth token is found

      • hasAuthenticationData

        boolean hasAuthenticationData​(javax.servlet.http.HttpServletRequest request)
        Checks the current request for a valid authentication token. If found, returns true. If not found, returns false
        Parameters:
        request - current request
        Returns:
        true if this request includes a valid authentication token. False otherwise.

      • invalidateAuthenticationData

        void invalidateAuthenticationData​(javax.servlet.http.HttpServletRequest request,
                                  javax.servlet.http.HttpServletResponse response,
                                  org.dspace.core.Context context)
                           throws Exception
        Invalidate the current authentication token/data in the request. This is used during logout to ensure any existing authentication data/token is destroyed/invalidated and cannot be reused in later requests.

        In other words, this method invalidates the authentication data created by addAuthenticationDataForUser(). This also should include clearing any Cookie created by that method, usually by calling the separate invalidateAuthenticationCookie() method in this same class.

        Parameters:
        request - current request
        response - current response
        context - current DSpace Context.
        Throws:
        Exception

      • getAuthenticationService

        org.dspace.authenticate.service.AuthenticationService getAuthenticationService()
        Get access to the current AuthenticationService
        Returns:
        current AuthenticationService

      • getWwwAuthenticateHeaderValue

        String getWwwAuthenticateHeaderValue​(javax.servlet.http.HttpServletRequest request,
                                     javax.servlet.http.HttpServletResponse response)
        Return the value that should be passed in the WWWW-Authenticate header for 4xx responses to the client
        Parameters:
        request - The current client request
        response - The response being build for the client
        Returns:
        A string value that should be set in the WWWW-Authenticate header

      • invalidateAuthenticationCookie

        void invalidateAuthenticationCookie​(javax.servlet.http.HttpServletResponse res)
        Invalidate just the authentication Cookie (optionally created by addAuthenticationDataForUser()), while keeping the authentication token valid.

        This method may be used by authentication services which require a Cookie (i.e. addCookie=true in addAuthenticationDataForUser()). It's useful for those services to immediately *remove/discard* the Cookie after it has been used. This ensures the auth Cookie is temporary in nature, and is destroyed as soon as it is no longer needed.

        Parameters:
        res - current response (where Cookie should be destroyed)