Package org.dspace.app.rest.security
Interface RestAuthenticationService
- All Known Implementing Classes:
JWTTokenRestAuthenticationServiceImpl
Interface for a service that can provide authentication for the REST API
- Author:
- Frederic Van Reet (frederic dot vanreet at atmire dot com), Tom Desair (tom dot desair at atmire dot com)
-
Method Summary
Modifier and TypeMethodDescriptionvoidaddAuthenticationDataForUser(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, DSpaceAuthentication authentication, boolean addCookie) This method should be called after a successful authentication occurs.getAuthenticatedEPerson(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, Context context) Checks the current request for a valid authentication token.Get access to the current AuthenticationServicegetShortLivedAuthenticationToken(Context context, jakarta.servlet.http.HttpServletRequest request) Retrieve a short lived authentication token, this can be used (among other things) for file downloadsgetWwwAuthenticateHeaderValue(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) Return the value that should be passed in the WWWW-Authenticate header for 4xx responses to the clientbooleanhasAuthenticationData(jakarta.servlet.http.HttpServletRequest request) Checks the current request for a valid authentication token.voidinvalidateAuthenticationCookie(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse res) Invalidate just the authentication Cookie (optionally created by addAuthenticationDataForUser()), while keeping the authentication token valid.voidinvalidateAuthenticationData(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, Context context) Invalidate the current authentication token/data in the request.
-
Method Details
-
addAuthenticationDataForUser
void addAuthenticationDataForUser(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, DSpaceAuthentication authentication, boolean addCookie) throws IOException This method should be called after a successful authentication occurs. It gathers the authentication data for the currently logged in user, adds it into the auth token & saves that token to the response (optionally in a cookie).- Parameters:
request- current requestresponse- current responseauthentication- Authentication data generated by the authentication pluginaddCookie- boolean, whether to save the generated auth token to a Cookie or not. Default is false. However, some authentication methods may require this information be saved to a cookie (even temporarily) in order to complete the login process (e.g. Shibboleth requires this)- Throws:
IOException
-
getShortLivedAuthenticationToken
AuthenticationToken getShortLivedAuthenticationToken(Context context, jakarta.servlet.http.HttpServletRequest request) Retrieve a short lived authentication token, this can be used (among other things) for file downloads- Parameters:
context- the DSpace contextrequest- The current client request- Returns:
- An AuthenticationToken that contains a string with the token
-
getAuthenticatedEPerson
EPerson getAuthenticatedEPerson(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, Context context) Checks the current request for a valid authentication token. If found, extracts that token and obtains the currently logged in EPerson.- Parameters:
request- current requestresponse- current responsecontext- current DSpace Context- Returns:
- EPerson of the logged in user (if auth token found), or null if no auth token is found
-
hasAuthenticationData
boolean hasAuthenticationData(jakarta.servlet.http.HttpServletRequest request) Checks the current request for a valid authentication token. If found, returns true. If not found, returns false- Parameters:
request- current request- Returns:
- true if this request includes a valid authentication token. False otherwise.
-
invalidateAuthenticationData
void invalidateAuthenticationData(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, Context context) throws Exception Invalidate the current authentication token/data in the request. This is used during logout to ensure any existing authentication data/token is destroyed/invalidated and cannot be reused in later requests.In other words, this method invalidates the authentication data created by addAuthenticationDataForUser().
- Parameters:
request- current requestresponse- current responsecontext- current DSpace Context.- Throws:
Exception
-
getAuthenticationService
AuthenticationService getAuthenticationService()Get access to the current AuthenticationService- Returns:
- current AuthenticationService
-
getWwwAuthenticateHeaderValue
String getWwwAuthenticateHeaderValue(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) Return the value that should be passed in the WWWW-Authenticate header for 4xx responses to the client- Parameters:
request- The current client requestresponse- The response being build for the client- Returns:
- A string value that should be set in the WWWW-Authenticate header
-
invalidateAuthenticationCookie
void invalidateAuthenticationCookie(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse res) Invalidate just the authentication Cookie (optionally created by addAuthenticationDataForUser()), while keeping the authentication token valid.This method may be used by authentication services which require a Cookie (i.e. addCookie=true in addAuthenticationDataForUser()). It's useful for those services to immediately *remove/discard* the Cookie after it has been used. This ensures the auth Cookie is temporary in nature, and is destroyed as soon as it is no longer needed.
- Parameters:
request- current requestres- current response (where Cookie should be destroyed)
-