Package org.dspace.app.rest

Class AuthenticationRestController

  • All Implemented Interfaces:
    org.springframework.beans.factory.InitializingBean
    @RequestMapping("/api/authn")
@RestController
public class AuthenticationRestController
extends Object
implements org.springframework.beans.factory.InitializingBean
    Rest controller that handles authentication on the REST API together with the Spring Security filters configured in WebSecurityConfiguration
    Author:
    Frederic Van Reet (frederic dot vanreet at atmire dot com), Tom Desair (tom dot desair at atmire dot com)

    • Constructor Detail

      • AuthenticationRestController

        public AuthenticationRestController()

    • Method Detail

      • afterPropertiesSet

        public void afterPropertiesSet()
        Specified by:
        afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean

      • authn

        @RequestMapping(method=GET)
public AuthnResource authn()

      • status

        @RequestMapping(value="/status",
                method=GET)
public AuthenticationStatusResource status​(javax.servlet.http.HttpServletRequest request,
                                           javax.servlet.http.HttpServletResponse response)
                                    throws SQLException
        Check the current user's authentication status (i.e. whether they are authenticated or not)

        If the user is NOT currently authenticated, a list of all currently enabled DSpace authentication endpoints is returned in the WWW-Authenticate header.

        Parameters:
        request - current request
        response - response
        Returns:
        AuthenticationStatusResource
        Throws:
        SQLException

      • login

        @RequestMapping(value="/login",
                method=POST)
public org.springframework.http.ResponseEntity login​(javax.servlet.http.HttpServletRequest request,
                                                     @RequestParam(name="user",required=false)
                                                     String user,
                                                     @RequestParam(name="password",required=false)
                                                     String password)
        Check whether the login has succeeded or not. The actual login is performed by one of the enabled login filters (e.g. StatelessLoginFilter). See WebSecurityConfiguration for enabled login filters.
        Parameters:
        request - current request
        user - user
        password - password
        Returns:
        ResponseEntity with information about whether login was successful or failed

      • shortLivedToken

        @PreAuthorize("hasAuthority(\'AUTHENTICATED\')")
@RequestMapping(value="/shortlivedtokens",
                method=POST)
public AuthenticationTokenResource shortLivedToken​(javax.servlet.http.HttpServletRequest request)
        This method will generate a short lived token to be used for bitstream downloads among other things. curl -v -X POST https://{dspace-server.url}/api/authn/shortlivedtokens -H "Authorization: Bearer eyJhbG...COdbo" Example: 
         
 curl -v -X POST https://{dspace-server.url}/api/authn/shortlivedtokens -H "Authorization: Bearer eyJhbG...COdbo"
        Parameters:
        request - The StandardMultipartHttpServletRequest
        Returns:
        The created short lived token

      • shortLivedTokenViaGet

        @PreAuthorize("hasAuthority(\'AUTHENTICATED\')")
@RequestMapping(value="/shortlivedtokens",
                method=GET)
public AuthenticationTokenResource shortLivedTokenViaGet​(javax.servlet.http.HttpServletRequest request)
                                                  throws AuthorizeException
        This method will generate a short lived token to be used for bitstream downloads among other things. For security reasons, this endpoint only responds to a explicitly defined list of ips. curl -v -X GET https://{dspace-server.url}/api/authn/shortlivedtokens -H "Authorization: Bearer eyJhbG...COdbo" Example: 
         
 curl -v -X GET https://{dspace-server.url}/api/authn/shortlivedtokens -H "Authorization: Bearer eyJhbG...COdbo"
        Parameters:
        request - The StandardMultipartHttpServletRequest
        Returns:
        The created short lived token
        Throws:
        AuthorizeException

      • login

        @RequestMapping(value="/login",
                method={GET,PUT,PATCH,DELETE})
public org.springframework.http.ResponseEntity login()
        Disables GET/PUT/PATCH on the /login endpoint. You must use POST (see above method)
        Returns:
        ResponseEntity

      • logout

        @RequestMapping(value="/logout",
                method={HEAD,POST})
public org.springframework.http.ResponseEntity logout()
        Returns a successful "204 No Content" response for a logout request. Actual logout is performed by our CustomLogoutHandler

        For logout we *require* POST requests. HEAD is also supported for endpoint visibility in HAL Browser, etc.

        Returns:
        ResponseEntity (204 No Content)

      • logoutMethodNotAllowed

        @RequestMapping(value="/logout",
                method={GET,PUT,PATCH,DELETE})
public org.springframework.http.ResponseEntity logoutMethodNotAllowed()
        Disables GET/PUT/PATCH on the /logout endpoint. You must use POST (see above method)
        Returns:
        ResponseEntity

      • getLoginResponse

        protected org.springframework.http.ResponseEntity getLoginResponse​(javax.servlet.http.HttpServletRequest request,
                                                                   String failedMessage)
        Check the request to see if the login succeeded or failed. If the request includes a valid EPerson, then it was successful. If the request does not include a valid EPerson, then return the failedMessage.

        NOTE: This method assumes that a login filter (e.g. StatelessLoginFilter) has already attempted the authentication and, if successful, added EPerson data to the current request.

        Parameters:
        request - current request
        failedMessage - message to send if no EPerson found
        Returns:
        ResponseEntity