Package org.dspace.app.rest.security.jwt

Class JWTTokenRestAuthenticationServiceImpl

  • All Implemented Interfaces:
    RestAuthenticationService, org.springframework.beans.factory.InitializingBean
    @Component
public class JWTTokenRestAuthenticationServiceImpl
extends Object
implements RestAuthenticationService, org.springframework.beans.factory.InitializingBean
    Rest Authentication implementation for JSON Web Tokens
    Author:
    Frederic Van Reet (frederic dot vanreet at atmire dot com), Tom Desair (tom dot desair at atmire dot com), Giuseppe Digilio (giuseppe dot digilio at 4science dot it)

    • Constructor Detail

      • JWTTokenRestAuthenticationServiceImpl

        public JWTTokenRestAuthenticationServiceImpl()

    • Method Detail

      • afterPropertiesSet

        public void afterPropertiesSet()
                        throws Exception
        Specified by:
        afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean
        Throws:
        Exception

      • addAuthenticationDataForUser

        public void addAuthenticationDataForUser​(javax.servlet.http.HttpServletRequest request,
                                         javax.servlet.http.HttpServletResponse response,
                                         DSpaceAuthentication authentication,
                                         boolean addCookie)
                                  throws IOException
        Description copied from interface: RestAuthenticationService
        This method should be called after a successful authentication occurs. It gathers the authentication data for the currently logged in user, adds it into the auth token & saves that token to the response (optionally in a cookie).
        Specified by:
        addAuthenticationDataForUser in interface RestAuthenticationService
        Parameters:
        request - current request
        response - current response
        authentication - Authentication data generated by the authentication plugin
        addCookie - boolean, whether to save the generated auth token to a Cookie or not. Default is false. However, some authentication methods may require this information be saved to a cookie (even temporarily) in order to complete the login process (e.g. Shibboleth requires this)
        Throws:
        IOException

      • getShortLivedAuthenticationToken

        public AuthenticationToken getShortLivedAuthenticationToken​(org.dspace.core.Context context,
                                                            javax.servlet.http.HttpServletRequest request)
        Create a short-lived token for bitstream downloads among other things
        Specified by:
        getShortLivedAuthenticationToken in interface RestAuthenticationService
        Parameters:
        context - The context for which to create the token
        request - The request for which to create the token
        Returns:
        The token with a short lifespan

      • getAuthenticatedEPerson

        public org.dspace.eperson.EPerson getAuthenticatedEPerson​(javax.servlet.http.HttpServletRequest request,
                                                          org.dspace.core.Context context)
        Description copied from interface: RestAuthenticationService
        Checks the current request for a valid authentication token. If found, extracts that token and obtains the currently logged in EPerson.
        Specified by:
        getAuthenticatedEPerson in interface RestAuthenticationService
        Parameters:
        request - current request
        context - current DSpace Context
        Returns:
        EPerson of the logged in user (if auth token found), or null if no auth token is found

      • hasAuthenticationData

        public boolean hasAuthenticationData​(javax.servlet.http.HttpServletRequest request)
        Description copied from interface: RestAuthenticationService
        Checks the current request for a valid authentication token. If found, returns true. If not found, returns false
        Specified by:
        hasAuthenticationData in interface RestAuthenticationService
        Parameters:
        request - current request
        Returns:
        true if this request includes a valid authentication token. False otherwise.

      • invalidateAuthenticationData

        public void invalidateAuthenticationData​(javax.servlet.http.HttpServletRequest request,
                                         javax.servlet.http.HttpServletResponse response,
                                         org.dspace.core.Context context)
                                  throws Exception
        Description copied from interface: RestAuthenticationService
        Invalidate the current authentication token/data in the request. This is used during logout to ensure any existing authentication data/token is destroyed/invalidated and cannot be reused in later requests.

        In other words, this method invalidates the authentication data created by addAuthenticationDataForUser(). This also should include clearing any Cookie created by that method, usually by calling the separate invalidateAuthenticationCookie() method in this same class.

        Specified by:
        invalidateAuthenticationData in interface RestAuthenticationService
        Parameters:
        request - current request
        response - current response
        context - current DSpace Context.
        Throws:
        Exception

      • invalidateAuthenticationCookie

        public void invalidateAuthenticationCookie​(javax.servlet.http.HttpServletResponse response)
        Description copied from interface: RestAuthenticationService
        Invalidate just the authentication Cookie (optionally created by addAuthenticationDataForUser()), while keeping the authentication token valid.

        This method may be used by authentication services which require a Cookie (i.e. addCookie=true in addAuthenticationDataForUser()). It's useful for those services to immediately *remove/discard* the Cookie after it has been used. This ensures the auth Cookie is temporary in nature, and is destroyed as soon as it is no longer needed.

        Specified by:
        invalidateAuthenticationCookie in interface RestAuthenticationService
        Parameters:
        response - current response (where Cookie should be destroyed)

      • getWwwAuthenticateHeaderValue

        public String getWwwAuthenticateHeaderValue​(javax.servlet.http.HttpServletRequest request,
                                            javax.servlet.http.HttpServletResponse response)
        Description copied from interface: RestAuthenticationService
        Return the value that should be passed in the WWWW-Authenticate header for 4xx responses to the client
        Specified by:
        getWwwAuthenticateHeaderValue in interface RestAuthenticationService
        Parameters:
        request - The current client request
        response - The response being build for the client
        Returns:
        A string value that should be set in the WWWW-Authenticate header