| commit | author | age | ||
| 9ee357 | 1 | /* |
| U | 2 | jwtTest - JSON Web Token Testimplementierung |
| 3 | Copyright (C) 2021 Ulrich Hilger | |
| 4 | ||
| 5 | This program is free software: you can redistribute it and/or modify | |
| 6 | it under the terms of the GNU Affero General Public License as | |
| 7 | published by the Free Software Foundation, either version 3 of the | |
| 8 | License, or (at your option) any later version. | |
| 9 | ||
| 10 | This program is distributed in the hope that it will be useful, | |
| 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
| 13 | GNU Affero General Public License for more details. | |
| 14 | ||
| 15 | You should have received a copy of the GNU Affero General Public License | |
| 16 | along with this program. If not, see <https://www.gnu.org/licenses/>. | |
| 17 | */ | |
| 18 | package de.uhilger.httpserver.auth.handler; | |
| 19 | ||
| 20 | import com.sun.net.httpserver.Authenticator; | |
| 21 | import com.sun.net.httpserver.Headers; | |
| 22 | import com.sun.net.httpserver.HttpContext; | |
| 23 | import com.sun.net.httpserver.HttpExchange; | |
| 24 | import com.sun.net.httpserver.HttpHandler; | |
| 25 | import de.uhilger.httpserver.auth.TokenAuthenticator; | |
| 26 | import de.uhilger.httpserver.auth.realm.User; | |
| 27 | import java.io.BufferedReader; | |
| 28 | import java.io.IOException; | |
| 29 | import java.io.InputStream; | |
| 30 | import java.io.InputStreamReader; | |
| 31 | import java.text.SimpleDateFormat; | |
| 32 | import java.util.Date; | |
| 33 | import java.util.Locale; | |
| 34 | ||
| 35 | /** | |
| 36 | * | |
| 37 | * @author Ulrich Hilger | |
| 38 | * @version 1, 30.05.2021 | |
| 39 | */ | |
| 40 | public abstract class LoginHandler implements HttpHandler { | |
| 41 | ||
| 42 | /* Der Logger fuer diesen JWTLoginHandler */ | |
| 43 | //private static final Logger logger = Logger.getLogger(LoginHandler.class.getName()); | |
| 44 | ||
| 45 | public static final String ATTR_JWT_AUTH = "jwtauth"; | |
| 46 | ||
| 47 | ||
| 48 | //protected String ctx; | |
| 49 | ||
| 50 | /** | |
| 51 | * Wenn einfach ein HTML-Formular hierhin geschickt wird, das wie | |
| 52 | * bei Java die Formular-Eingabefelder 'j_username' und 'j_password' | |
| 53 | * enthaelt, kommt im Body folgendes an: | |
| 54 | * j_username=name&j_password=password | |
| 55 | * | |
| 56 | * body koennte auch einen JSON-Ausdruck enthalten wie z.B. | |
| 57 | * {"name": "fred", "password": "secret"} | |
| 58 | * | |
| 59 | * Das ist hier noch nicht implementiert | |
| 60 | * | |
| 61 | * @param exchange | |
| 62 | * @throws IOException | |
| 63 | */ | |
| 64 | @Override | |
| 65 | public void handle(HttpExchange exchange) throws IOException { | |
| 66 | User nutzer = getUser(exchange); | |
| 67 | HttpContext context = exchange.getHttpContext(); | |
| 68 | Object o = context.getAttributes().get(ATTR_JWT_AUTH); | |
| 69 | if (o instanceof TokenAuthenticator) { | |
| 70 | TokenAuthenticator jwtAuth = (TokenAuthenticator) o; | |
| 71 | String token = jwtAuth.anmelden(nutzer.getName(), nutzer.getPassword()); | |
| 72 | if (token != null) { | |
| 73 | loginResponse(exchange, jwtAuth, token); | |
| 74 | } else { | |
| 75 | // Nutzer und Kennwort passen nicht | |
| 76 | } | |
| 77 | } else { | |
| 78 | // interner Fehler: Kein passender Authenticator | |
| 79 | } | |
| 80 | } | |
| 81 | ||
| 82 | protected void setAuthenticatedHeader(HttpExchange exchange, Authenticator auth, String token) { | |
| 83 | if(auth instanceof TokenAuthenticator) { | |
| 84 | TokenAuthenticator jwtAuth = (TokenAuthenticator) auth; | |
| 85 | // angemeldet, Token als Antwort zurueckgeben | |
| 86 | Headers respHeaders = exchange.getResponseHeaders(); | |
| 87 | // JWT=[cookie-inhalt]; Expires=Thu, 21 Oct 2021 07:28:00 GMT; Secure; HttpOnly | |
| 88 | SimpleDateFormat f = | |
| 89 | new SimpleDateFormat(TokenAuthenticator.HEADER_DATE_PATTERN, Locale.US); | |
| 90 | Date exp = Date.from(new Date().toInstant().plusSeconds(TokenAuthenticator.TOKEN_EXPIRATION)); | |
| 91 | respHeaders.add(TokenAuthenticator.SET_COOKIE_HEADER, | |
| 92 | jwtAuth.cookieBilden(TokenAuthenticator.JWT_INDICATOR, token, exp)); | |
| 93 | } | |
| 94 | } | |
| 95 | ||
| 96 | protected abstract void loginResponse(HttpExchange exchange, Authenticator auth, String token) throws IOException; | |
| 97 | ||
| 98 | protected abstract User getUser(HttpExchange exchange) throws IOException; | |
| 99 | ||
| 100 | ||
| 101 | protected String bodyLesen(HttpExchange exchange) throws IOException { | |
| 102 | StringBuilder sb = new StringBuilder(); | |
| 103 | InputStream is = exchange.getRequestBody(); | |
| 104 | BufferedReader in = new BufferedReader(new InputStreamReader(is)); | |
| 105 | String line = in.readLine(); | |
| 106 | while (line != null) { | |
| 107 | sb.append(line); | |
| 108 | line = in.readLine(); | |
| 109 | } | |
| 110 | return sb.toString(); | |
| 111 | } | |
| 112 | ||
| 113 | ||
| 114 | } | |
