Package org.dspace.app.rest

Class AuthenticationRestController

java.lang.Object
org.dspace.app.rest.AuthenticationRestController
All Implemented Interfaces:
InitializingBean
@RequestMapping("/api/authn") @RestController public class AuthenticationRestController extends Object implements InitializingBean
Rest controller that handles authentication on the REST API together with the Spring Security filters configured in WebSecurityConfiguration
Author:
Frederic Van Reet (frederic dot vanreet at atmire dot com), Tom Desair (tom dot desair at atmire dot com)

  • Constructor Details

    • AuthenticationRestController

      public AuthenticationRestController()

  • Method Details

    • afterPropertiesSet

      public void afterPropertiesSet()
      Specified by:
      afterPropertiesSet in interface InitializingBean

    • authn

      @RequestMapping(method=GET) public AuthnResource authn()

    • status

      @RequestMapping(value="/status", method=GET) public AuthenticationStatusResource status(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) throws SQLException
      Check the current user's authentication status (i.e. whether they are authenticated or not)

      If the user is NOT currently authenticated, a list of all currently enabled DSpace authentication endpoints is returned in the WWW-Authenticate header.

      Parameters:
      request - current request
      response - response
      Returns:
      AuthenticationStatusResource
      Throws:
      SQLException

    • retrieveSpecialGroups

      @RequestMapping(value="/status/specialGroups", method=GET) public org.springframework.hateoas.EntityModel retrieveSpecialGroups(org.springframework.data.domain.Pageable page, org.springframework.data.web.PagedResourcesAssembler assembler, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) throws SQLException
      Check the current user's authentication status (i.e. whether they are authenticated or not) and, if authenticated, retrieves the current context's special groups.
      Parameters:
      page -
      assembler -
      request -
      response -
      Returns:
      Throws:
      SQLException

    • login

      @RequestMapping(value="/login", method=POST) public ResponseEntity login(jakarta.servlet.http.HttpServletRequest request, @RequestParam(name="user",required=false) String user, @RequestParam(name="password",required=false) String password)
      Check whether the login has succeeded or not. The actual login is performed by one of the enabled login filters (e.g. StatelessLoginFilter). See WebSecurityConfiguration for enabled login filters.
      Parameters:
      request - current request
      user - user
      password - password
      Returns:
      ResponseEntity with information about whether login was successful or failed

    • shortLivedToken

      @PreAuthorize("hasAuthority(\'AUTHENTICATED\')") @RequestMapping(value="/shortlivedtokens", method=POST) public AuthenticationTokenResource shortLivedToken(jakarta.servlet.http.HttpServletRequest request)
      This method will generate a short lived token to be used for bitstream downloads among other things. curl -v -X POST https://{dspace-server.url}/api/authn/shortlivedtokens -H "Authorization: Bearer eyJhbG...COdbo" Example: 
       
 curl -v -X POST https://{dspace-server.url}/api/authn/shortlivedtokens -H "Authorization: Bearer eyJhbG...COdbo"
      Parameters:
      request - The StandardMultipartHttpServletRequest
      Returns:
      The created short lived token

    • login

      @RequestMapping(value="/login", method={GET,PUT,PATCH,DELETE}) public ResponseEntity login()
      Disables GET/PUT/PATCH on the /login endpoint. You must use POST (see above method)
      Returns:
      ResponseEntity

    • logout

      @RequestMapping(value="/logout", method={HEAD,POST}) public ResponseEntity logout()
      Returns a successful "204 No Content" response for a logout request. Actual logout is performed by our CustomLogoutHandler

      For logout we *require* POST requests. HEAD is also supported for endpoint visibility in HAL Browser, etc.

      Returns:
      ResponseEntity (204 No Content)

    • logoutMethodNotAllowed

      @RequestMapping(value="/logout", method={GET,PUT,PATCH,DELETE}) public ResponseEntity logoutMethodNotAllowed()
      Disables GET/PUT/PATCH on the /logout endpoint. You must use POST (see above method)
      Returns:
      ResponseEntity

    • getLoginResponse

      protected ResponseEntity getLoginResponse(jakarta.servlet.http.HttpServletRequest request, String failedMessage)
      Check the request to see if the login succeeded or failed. If the request includes a valid EPerson, then it was successful. If the request does not include a valid EPerson, then return the failedMessage.

      NOTE: This method assumes that a login filter (e.g. StatelessLoginFilter) has already attempted the authentication and, if successful, added EPerson data to the current request.

      Parameters:
      request - current request
      failedMessage - message to send if no EPerson found
      Returns:
      ResponseEntity