Package org.dspace.app.rest

Class AuthenticationRestController

java.lang.Object
org.dspace.app.rest.AuthenticationRestController
All Implemented Interfaces:
org.springframework.beans.factory.InitializingBean
@RequestMapping("/api/authn") @RestController public class AuthenticationRestController extends Object implements org.springframework.beans.factory.InitializingBean
Rest controller that handles authentication on the REST API together with the Spring Security filters configured in WebSecurityConfiguration
Author:
Frederic Van Reet (frederic dot vanreet at atmire dot com), Tom Desair (tom dot desair at atmire dot com)

  • Constructor Summary

    Constructors
    Constructor
    Description
    AuthenticationRestController()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    void
    afterPropertiesSet()
     
    AuthnResource
    authn()
     
    protected org.springframework.http.ResponseEntity
    getLoginResponse(javax.servlet.http.HttpServletRequest request, String failedMessage)
    Check the request to see if the login succeeded or failed.
    org.springframework.http.ResponseEntity
    login()
    Disables GET/PUT/PATCH on the /login endpoint.
    org.springframework.http.ResponseEntity
    login(javax.servlet.http.HttpServletRequest request, String user, String password)
    Check whether the login has succeeded or not.
    org.springframework.http.ResponseEntity
    logout()
    Returns a successful "204 No Content" response for a logout request.
    org.springframework.http.ResponseEntity
    logoutMethodNotAllowed()
    Disables GET/PUT/PATCH on the /logout endpoint.
    org.springframework.hateoas.EntityModel
    retrieveSpecialGroups(org.springframework.data.domain.Pageable page, org.springframework.data.web.PagedResourcesAssembler assembler, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
    Check the current user's authentication status (i.e. whether they are authenticated or not) and, if authenticated, retrieves the current context's special groups.
    AuthenticationTokenResource
    shortLivedToken(javax.servlet.http.HttpServletRequest request)
    This method will generate a short lived token to be used for bitstream downloads among other things.
    AuthenticationStatusResource
    status(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
    Check the current user's authentication status (i.e. whether they are authenticated or not)

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • AuthenticationRestController

      public AuthenticationRestController()

  • Method Details

    • afterPropertiesSet

      public void afterPropertiesSet()
      Specified by:
      afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean

    • authn

      @RequestMapping(method=GET) public AuthnResource authn()

    • status

      @RequestMapping(value="/status", method=GET) public AuthenticationStatusResource status(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws SQLException
      Check the current user's authentication status (i.e. whether they are authenticated or not)

      If the user is NOT currently authenticated, a list of all currently enabled DSpace authentication endpoints is returned in the WWW-Authenticate header.

      Parameters:
      request - current request
      response - response
      Returns:
      AuthenticationStatusResource
      Throws:
      SQLException

    • retrieveSpecialGroups

      @RequestMapping(value="/status/specialGroups", method=GET) public org.springframework.hateoas.EntityModel retrieveSpecialGroups(org.springframework.data.domain.Pageable page, org.springframework.data.web.PagedResourcesAssembler assembler, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws SQLException
      Check the current user's authentication status (i.e. whether they are authenticated or not) and, if authenticated, retrieves the current context's special groups.
      Parameters:
      page -
      assembler -
      request -
      response -
      Returns:
      Throws:
      SQLException

    • login

      @RequestMapping(value="/login", method=POST) public org.springframework.http.ResponseEntity login(javax.servlet.http.HttpServletRequest request, @RequestParam(name="user",required=false) String user, @RequestParam(name="password",required=false) String password)
      Check whether the login has succeeded or not. The actual login is performed by one of the enabled login filters (e.g. StatelessLoginFilter). See WebSecurityConfiguration for enabled login filters.
      Parameters:
      request - current request
      user - user
      password - password
      Returns:
      ResponseEntity with information about whether login was successful or failed

    • shortLivedToken

      @PreAuthorize("hasAuthority(\'AUTHENTICATED\')") @RequestMapping(value="/shortlivedtokens", method=POST) public AuthenticationTokenResource shortLivedToken(javax.servlet.http.HttpServletRequest request)
      This method will generate a short lived token to be used for bitstream downloads among other things. curl -v -X POST https://{dspace-server.url}/api/authn/shortlivedtokens -H "Authorization: Bearer eyJhbG...COdbo" Example: 
       
 curl -v -X POST https://{dspace-server.url}/api/authn/shortlivedtokens -H "Authorization: Bearer eyJhbG...COdbo"
      Parameters:
      request - The StandardMultipartHttpServletRequest
      Returns:
      The created short lived token

    • login

      @RequestMapping(value="/login", method={GET,PUT,PATCH,DELETE}) public org.springframework.http.ResponseEntity login()
      Disables GET/PUT/PATCH on the /login endpoint. You must use POST (see above method)
      Returns:
      ResponseEntity

    • logout

      @RequestMapping(value="/logout", method={HEAD,POST}) public org.springframework.http.ResponseEntity logout()
      Returns a successful "204 No Content" response for a logout request. Actual logout is performed by our CustomLogoutHandler

      For logout we *require* POST requests. HEAD is also supported for endpoint visibility in HAL Browser, etc.

      Returns:
      ResponseEntity (204 No Content)

    • logoutMethodNotAllowed

      @RequestMapping(value="/logout", method={GET,PUT,PATCH,DELETE}) public org.springframework.http.ResponseEntity logoutMethodNotAllowed()
      Disables GET/PUT/PATCH on the /logout endpoint. You must use POST (see above method)
      Returns:
      ResponseEntity

    • getLoginResponse

      protected org.springframework.http.ResponseEntity getLoginResponse(javax.servlet.http.HttpServletRequest request, String failedMessage)
      Check the request to see if the login succeeded or failed. If the request includes a valid EPerson, then it was successful. If the request does not include a valid EPerson, then return the failedMessage.

      NOTE: This method assumes that a login filter (e.g. StatelessLoginFilter) has already attempted the authentication and, if successful, added EPerson data to the current request.

      Parameters:
      request - current request
      failedMessage - message to send if no EPerson found
      Returns:
      ResponseEntity