Package org.dspace.app.rest.security.jwt

Class JWTTokenRestAuthenticationServiceImpl

  • All Implemented Interfaces:
    RestAuthenticationService, org.springframework.beans.factory.InitializingBean
    @Component
public class JWTTokenRestAuthenticationServiceImpl
extends Object
implements RestAuthenticationService, org.springframework.beans.factory.InitializingBean
    Rest Authentication implementation for JSON Web Tokens
    Author:
    Frederic Van Reet (frederic dot vanreet at atmire dot com), Tom Desair (tom dot desair at atmire dot com), Giuseppe Digilio (giuseppe dot digilio at 4science dot it)

    • Constructor Detail

      • JWTTokenRestAuthenticationServiceImpl

        public JWTTokenRestAuthenticationServiceImpl()

    • Method Detail

      • afterPropertiesSet

        public void afterPropertiesSet()
                        throws Exception
        Specified by:
        afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean
        Throws:
        Exception

      • addAuthenticationDataForUser

        public void addAuthenticationDataForUser​(javax.servlet.http.HttpServletRequest request,
                                         javax.servlet.http.HttpServletResponse response,
                                         DSpaceAuthentication authentication,
                                         boolean addCookie)
                                  throws IOException
        Description copied from interface: RestAuthenticationService
        This method should be called after a successful authentication occurs. It gathers the authentication data for the currently logged in user, adds it into the auth token & saves that token to the response (optionally in a cookie).
        Specified by:
        addAuthenticationDataForUser in interface RestAuthenticationService
        Parameters:
        request - current request
        response - current response
        authentication - Authentication data generated by the authentication plugin
        addCookie - boolean, whether to save the generated auth token to a Cookie or not. Default is false. However, some authentication methods may require this information be saved to a cookie (even temporarily) in order to complete the login process (e.g. Shibboleth requires this)
        Throws:
        IOException

      • getShortLivedAuthenticationToken

        public AuthenticationToken getShortLivedAuthenticationToken​(Context context,
                                                            javax.servlet.http.HttpServletRequest request)
        Create a short-lived token for bitstream downloads among other things
        Specified by:
        getShortLivedAuthenticationToken in interface RestAuthenticationService
        Parameters:
        context - The context for which to create the token
        request - The request for which to create the token
        Returns:
        The token with a short lifespan

      • getAuthenticatedEPerson

        public EPerson getAuthenticatedEPerson​(javax.servlet.http.HttpServletRequest request,
                                       javax.servlet.http.HttpServletResponse response,
                                       Context context)
        Description copied from interface: RestAuthenticationService
        Checks the current request for a valid authentication token. If found, extracts that token and obtains the currently logged in EPerson.
        Specified by:
        getAuthenticatedEPerson in interface RestAuthenticationService
        Parameters:
        request - current request
        context - current DSpace Context
        Returns:
        EPerson of the logged in user (if auth token found), or null if no auth token is found

      • hasAuthenticationData

        public boolean hasAuthenticationData​(javax.servlet.http.HttpServletRequest request)
        Description copied from interface: RestAuthenticationService
        Checks the current request for a valid authentication token. If found, returns true. If not found, returns false
        Specified by:
        hasAuthenticationData in interface RestAuthenticationService
        Parameters:
        request - current request
        Returns:
        true if this request includes a valid authentication token. False otherwise.

      • invalidateAuthenticationData

        public void invalidateAuthenticationData​(javax.servlet.http.HttpServletRequest request,
                                         javax.servlet.http.HttpServletResponse response,
                                         Context context)
                                  throws Exception
        Description copied from interface: RestAuthenticationService
        Invalidate the current authentication token/data in the request. This is used during logout to ensure any existing authentication data/token is destroyed/invalidated and cannot be reused in later requests.

        In other words, this method invalidates the authentication data created by addAuthenticationDataForUser().

        Specified by:
        invalidateAuthenticationData in interface RestAuthenticationService
        Parameters:
        request - current request
        response - current response
        context - current DSpace Context.
        Throws:
        Exception

      • invalidateAuthenticationCookie

        public void invalidateAuthenticationCookie​(javax.servlet.http.HttpServletRequest request,
                                           javax.servlet.http.HttpServletResponse response)
        Invalidate our temporary authentication cookie by overwriting it in the response.
        Specified by:
        invalidateAuthenticationCookie in interface RestAuthenticationService
        Parameters:
        request -
        response -

      • getWwwAuthenticateHeaderValue

        public String getWwwAuthenticateHeaderValue​(javax.servlet.http.HttpServletRequest request,
                                            javax.servlet.http.HttpServletResponse response)
        Return a comma-separated list of all currently enabled authentication options (based on DSpace configuration). This list is sent to the client in the WWW-Authenticate header in order to inform it of all the enabled authentication plugins *and* (optionally) to provide it with the "location" of the login page, if the authentication plugin requires an external login page (e.g. Shibboleth).

        Example output looks like: shibboleth realm="DSpace REST API" location=[shibboleth-url], password realm="DSpace REST API"

        Specified by:
        getWwwAuthenticateHeaderValue in interface RestAuthenticationService
        Parameters:
        request - The current client request
        response - The response being build for the client
        Returns:
        comma separated list of authentication options