/*
|
jwtTest - JSON Web Token Testimplementierung
|
Copyright (C) 2021 Ulrich Hilger
|
|
This program is free software: you can redistribute it and/or modify
|
it under the terms of the GNU Affero General Public License as
|
published by the Free Software Foundation, either version 3 of the
|
License, or (at your option) any later version.
|
|
This program is distributed in the hope that it will be useful,
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
GNU Affero General Public License for more details.
|
|
You should have received a copy of the GNU Affero General Public License
|
along with this program. If not, see <https://www.gnu.org/licenses/>.
|
*/
|
package de.uhilger.httpserver.auth.handler;
|
|
import com.sun.net.httpserver.Authenticator;
|
import com.sun.net.httpserver.Headers;
|
import com.sun.net.httpserver.HttpContext;
|
import com.sun.net.httpserver.HttpExchange;
|
import com.sun.net.httpserver.HttpHandler;
|
import de.uhilger.httpserver.auth.TokenAuthenticator;
|
import de.uhilger.httpserver.auth.realm.User;
|
import java.io.BufferedReader;
|
import java.io.IOException;
|
import java.io.InputStream;
|
import java.io.InputStreamReader;
|
import java.text.SimpleDateFormat;
|
import java.util.Date;
|
import java.util.Locale;
|
|
/**
|
*
|
* @author Ulrich Hilger
|
* @version 1, 30.05.2021
|
*/
|
public abstract class LoginHandler implements HttpHandler {
|
|
/* Der Logger fuer diesen JWTLoginHandler */
|
//private static final Logger logger = Logger.getLogger(LoginHandler.class.getName());
|
|
public static final String ATTR_JWT_AUTH = "jwtauth";
|
|
|
//protected String ctx;
|
|
/**
|
* Wenn einfach ein HTML-Formular hierhin geschickt wird, das wie
|
* bei Java die Formular-Eingabefelder 'j_username' und 'j_password'
|
* enthaelt, kommt im Body folgendes an:
|
* j_username=name&j_password=password
|
*
|
* body koennte auch einen JSON-Ausdruck enthalten wie z.B.
|
* {"name": "fred", "password": "secret"}
|
*
|
* Das ist hier noch nicht implementiert
|
*
|
* @param exchange
|
* @throws IOException
|
*/
|
@Override
|
public void handle(HttpExchange exchange) throws IOException {
|
User nutzer = getUser(exchange);
|
HttpContext context = exchange.getHttpContext();
|
Object o = context.getAttributes().get(ATTR_JWT_AUTH);
|
if (o instanceof TokenAuthenticator) {
|
TokenAuthenticator jwtAuth = (TokenAuthenticator) o;
|
String token = jwtAuth.anmelden(nutzer.getName(), nutzer.getPassword());
|
if (token != null) {
|
loginResponse(exchange, jwtAuth, token);
|
} else {
|
// Nutzer und Kennwort passen nicht
|
}
|
} else {
|
// interner Fehler: Kein passender Authenticator
|
}
|
}
|
|
protected void setAuthenticatedHeader(HttpExchange exchange, Authenticator auth, String token) {
|
if(auth instanceof TokenAuthenticator) {
|
TokenAuthenticator jwtAuth = (TokenAuthenticator) auth;
|
// angemeldet, Token als Antwort zurueckgeben
|
Headers respHeaders = exchange.getResponseHeaders();
|
// JWT=[cookie-inhalt]; Expires=Thu, 21 Oct 2021 07:28:00 GMT; Secure; HttpOnly
|
SimpleDateFormat f =
|
new SimpleDateFormat(TokenAuthenticator.HEADER_DATE_PATTERN, Locale.US);
|
Date exp = Date.from(new Date().toInstant().plusSeconds(TokenAuthenticator.TOKEN_EXPIRATION));
|
respHeaders.add(TokenAuthenticator.SET_COOKIE_HEADER,
|
jwtAuth.cookieBilden(TokenAuthenticator.JWT_INDICATOR, token, exp));
|
}
|
}
|
|
protected abstract void loginResponse(HttpExchange exchange, Authenticator auth, String token) throws IOException;
|
|
protected abstract User getUser(HttpExchange exchange) throws IOException;
|
|
|
protected String bodyLesen(HttpExchange exchange) throws IOException {
|
StringBuilder sb = new StringBuilder();
|
InputStream is = exchange.getRequestBody();
|
BufferedReader in = new BufferedReader(new InputStreamReader(is));
|
String line = in.readLine();
|
while (line != null) {
|
sb.append(line);
|
line = in.readLine();
|
}
|
return sb.toString();
|
}
|
|
|
}
|
