Package org.dspace.app.rest.security.jwt

Class JWTTokenRestAuthenticationServiceImpl

java.lang.Object

org.dspace.app.rest.security.jwt.JWTTokenRestAuthenticationServiceImpl

All Implemented Interfaces:

RestAuthenticationService, InitializingBean

@Component
public class JWTTokenRestAuthenticationServiceImpl
extends Object
implements RestAuthenticationService, InitializingBean

Rest Authentication implementation for JSON Web Tokens

Author:

Frederic Van Reet (frederic dot vanreet at atmire dot com), Tom Desair (tom dot desair at atmire dot com), Giuseppe Digilio (giuseppe dot digilio at 4science dot it)

Constructor Summary

Constructors

Constructor	Description
JWTTokenRestAuthenticationServiceImpl()

Method Summary

Modifier and Type	Method	Description
void	addAuthenticationDataForUser(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, DSpaceAuthentication authentication, boolean addCookie)	This method should be called after a successful authentication occurs.
void	afterPropertiesSet()
EPerson	getAuthenticatedEPerson(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, Context context)	Checks the current request for a valid authentication token.
AuthenticationService	getAuthenticationService()	Get access to the current AuthenticationService
AuthenticationToken	getShortLivedAuthenticationToken(Context context, jakarta.servlet.http.HttpServletRequest request)	Create a short-lived token for bitstream downloads among other things
String	getWwwAuthenticateHeaderValue(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)	Return a comma-separated list of all currently enabled authentication options (based on DSpace configuration).
boolean	hasAuthenticationData(jakarta.servlet.http.HttpServletRequest request)	Checks the current request for a valid authentication token.
void	invalidateAuthenticationCookie(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)	Invalidate our temporary authentication cookie by overwriting it in the response.
void	invalidateAuthenticationData(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, Context context)	Invalidate the current authentication token/data in the request.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

JWTTokenRestAuthenticationServiceImpl

public JWTTokenRestAuthenticationServiceImpl()

Method Details

afterPropertiesSet

public void afterPropertiesSet()
                        throws Exception

Specified by:

afterPropertiesSet in interface InitializingBean

Throws:

Exception

addAuthenticationDataForUser

public void addAuthenticationDataForUser(jakarta.servlet.http.HttpServletRequest request,
 jakarta.servlet.http.HttpServletResponse response,
 DSpaceAuthentication authentication,
 boolean addCookie)
                                  throws IOException

Description copied from interface: RestAuthenticationService

This method should be called after a successful authentication occurs. It gathers the authentication data for the currently logged in user, adds it into the auth token & saves that token to the response (optionally in a cookie).

Specified by:

addAuthenticationDataForUser in interface RestAuthenticationService

Parameters:

request - current request

response - current response

authentication - Authentication data generated by the authentication plugin

addCookie - boolean, whether to save the generated auth token to a Cookie or not. Default is false. However, some authentication methods may require this information be saved to a cookie (even temporarily) in order to complete the login process (e.g. Shibboleth requires this)

Throws:

IOException

getShortLivedAuthenticationToken

public AuthenticationToken getShortLivedAuthenticationToken(Context context,
 jakarta.servlet.http.HttpServletRequest request)

Create a short-lived token for bitstream downloads among other things

Specified by:

getShortLivedAuthenticationToken in interface RestAuthenticationService

Parameters:

context - The context for which to create the token

request - The request for which to create the token

Returns:

The token with a short lifespan

getAuthenticatedEPerson

public EPerson getAuthenticatedEPerson(jakarta.servlet.http.HttpServletRequest request,
 jakarta.servlet.http.HttpServletResponse response,
 Context context)

Description copied from interface: RestAuthenticationService

Checks the current request for a valid authentication token. If found, extracts that token and obtains the currently logged in EPerson.

Specified by:

getAuthenticatedEPerson in interface RestAuthenticationService

Parameters:

request - current request

response - current response

context - current DSpace Context

Returns:

EPerson of the logged in user (if auth token found), or null if no auth token is found

hasAuthenticationData

public boolean hasAuthenticationData(jakarta.servlet.http.HttpServletRequest request)

Description copied from interface: RestAuthenticationService

Checks the current request for a valid authentication token. If found, returns true. If not found, returns false

Specified by:

hasAuthenticationData in interface RestAuthenticationService

Parameters:

request - current request

Returns:

true if this request includes a valid authentication token. False otherwise.

invalidateAuthenticationData

public void invalidateAuthenticationData(jakarta.servlet.http.HttpServletRequest request,
 jakarta.servlet.http.HttpServletResponse response,
 Context context)
                                  throws Exception

Description copied from interface: RestAuthenticationService

Invalidate the current authentication token/data in the request. This is used during logout to ensure any existing authentication data/token is destroyed/invalidated and cannot be reused in later requests.

In other words, this method invalidates the authentication data created by addAuthenticationDataForUser().

Specified by:

invalidateAuthenticationData in interface RestAuthenticationService

Parameters:

request - current request

response - current response

context - current DSpace Context.

Throws:

Exception

invalidateAuthenticationCookie

public void invalidateAuthenticationCookie(jakarta.servlet.http.HttpServletRequest request,
 jakarta.servlet.http.HttpServletResponse response)

Invalidate our temporary authentication cookie by overwriting it in the response.

Specified by:

invalidateAuthenticationCookie in interface RestAuthenticationService

Parameters:

request -

response -

getAuthenticationService

public AuthenticationService getAuthenticationService()

Description copied from interface: RestAuthenticationService

Get access to the current AuthenticationService

Specified by:

getAuthenticationService in interface RestAuthenticationService

Returns:

current AuthenticationService

getWwwAuthenticateHeaderValue

public String getWwwAuthenticateHeaderValue(jakarta.servlet.http.HttpServletRequest request,
 jakarta.servlet.http.HttpServletResponse response)

Return a comma-separated list of all currently enabled authentication options (based on DSpace configuration). This list is sent to the client in the WWW-Authenticate header in order to inform it of all the enabled authentication plugins *and* (optionally) to provide it with the "location" of the login page, if the authentication plugin requires an external login page (e.g. Shibboleth).

Example output looks like: shibboleth realm="DSpace REST API" location=[shibboleth-url], password realm="DSpace REST API"

Specified by:

getWwwAuthenticateHeaderValue in interface RestAuthenticationService

Parameters:

request - The current client request

response - The response being build for the client

Returns:

comma separated list of authentication options