/*
|
http-oauth - OAuth Extensions to jdk.httpserver
|
Copyright (C) 2021 Ulrich Hilger
|
|
This program is free software: you can redistribute it and/or modify
|
it under the terms of the GNU Affero General Public License as
|
published by the Free Software Foundation, either version 3 of the
|
License, or (at your option) any later version.
|
|
This program is distributed in the hope that it will be useful,
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
GNU Affero General Public License for more details.
|
|
You should have received a copy of the GNU Affero General Public License
|
along with this program. If not, see <https://www.gnu.org/licenses/>.
|
*/
|
package de.uhilger.httpserver.oauth;
|
|
import com.google.gson.Gson;
|
import com.sun.net.httpserver.Headers;
|
import com.sun.net.httpserver.HttpContext;
|
import com.sun.net.httpserver.HttpExchange;
|
import com.sun.net.httpserver.HttpHandler;
|
import de.uhilger.httpserver.auth.realm.User;
|
import de.uhilger.httpserver.base.handler.HttpHelper;
|
import de.uhilger.httpserver.base.handler.HttpResponder;
|
import java.io.IOException;
|
import java.util.logging.Level;
|
import java.util.logging.Logger;
|
|
/**
|
* Ein Login Handler, der zur Authentifizierung ein Objekt der Klasse
|
* BearerAuthenticator im HttpContext benoetigt.
|
*
|
* Der Authenticator wird mit der Methode
|
* context.getAttributes().get(ATTR_AUTHENTICATOR);
|
* aus dem HttpContext entnommen, d.h., der Authenticator muss zuvor dort
|
* eingetragen werden. Das kann wie folgt vonstatten gehen:
|
*
|
* HttpContext context = server.createContext("/myapp/secure/service", new SomeServiceHandler());
|
* BearerApiAuthenticator auth = new BearerAuthenticator();
|
* context.setAuthenticator(auth);
|
*
|
* ...und danach...
|
*
|
* context = server.createContext("/myapp/login", new BearerLoginHandler());
|
* context.getAttributes().put(LoginHandler.ATTR_AUTHENTICATOR, auth);
|
*
|
* @author Ulrich Hilger
|
* @version 1, 08.06.2021
|
*/
|
public class BearerLoginHandler implements HttpHandler {
|
|
private static final Logger logger = Logger.getLogger(BearerLoginHandler.class.getName());
|
|
public static final String ATTR_AUTHENTICATOR = "authenticator";
|
|
public static final String CACHE_CONTROL = "Cache-Control";
|
public static final String NO_STORE = "no-store";
|
public static final String PRAGMA = "Pragma";
|
public static final String NO_CACHE = "no-cache";
|
public static final String BEARER_CONTENT_TYPE = "application/json;charset=UTF-8";
|
|
/*
|
gemaess RFC 6750 lautet die Antwort auf eine erfolgreiche Anmeldung
|
wie folgt:
|
|
HTTP/1.1 200 OK
|
Content-Type: application/json;charset=UTF-8
|
Cache-Control: no-store
|
Pragma: no-cache
|
|
{
|
"access_token":"mF_9.B5f-4.1JqM",
|
"token_type":"Bearer",
|
"expires_in":3600,
|
"refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA"
|
}
|
*/
|
@Override
|
public void handle(HttpExchange exchange) throws IOException {
|
HttpContext context = exchange.getHttpContext();
|
Object o = context.getAttributes().get(ATTR_AUTHENTICATOR);
|
if (o instanceof BearerAuthenticator) {
|
BearerAuthenticator auth = (BearerAuthenticator) o;
|
User user = getUser(exchange);
|
LoginResponse response = auth.login(user.getName(), user.getPassword());
|
handleLoginResponse(exchange, response);
|
/*
|
if(response != null) {
|
// hier erfolg melden
|
// 200 OK
|
setLoginHeader(exchange);
|
HttpResponder r = new HttpResponder();
|
r.antwortSenden(exchange, 200, response.toJson());
|
} else {
|
HttpResponder r = new HttpResponder();
|
r.antwortSenden(exchange, 406, "Login failed.");
|
}
|
*/
|
} else {
|
HttpResponder r = new HttpResponder();
|
r.antwortSenden(exchange, 500, "No suitable authenticator.");
|
}
|
}
|
|
protected void handleLoginResponse(HttpExchange exchange, LoginResponse response) throws IOException {
|
if(response != null) {
|
// hier erfolg melden
|
// 200 OK
|
setLoginHeader(exchange);
|
HttpResponder r = new HttpResponder();
|
r.antwortSenden(exchange, 200, response.toJson());
|
} else {
|
HttpResponder r = new HttpResponder();
|
r.antwortSenden(exchange, 406, "Login failed.");
|
}
|
}
|
|
private void setLoginHeader(HttpExchange exchange) {
|
Headers headers = exchange.getResponseHeaders();
|
headers.add(HttpHelper.CONTENT_TYPE, BEARER_CONTENT_TYPE);
|
headers.add(CACHE_CONTROL, NO_STORE);
|
headers.add(PRAGMA, NO_CACHE);
|
}
|
|
private User getUser(HttpExchange exchange) throws IOException {
|
/*
|
Wenn ein JSON-Inhalt im Body uebermittelt wird, steht
|
dort evtl. etwas wie
|
{"name": "fred", "password": "secret"}
|
das kann wie folgt gelesen werden
|
*/
|
String body = new HttpHelper().bodyLesen(exchange);
|
Gson gson = new Gson();
|
User user = gson.fromJson(body, User.class);
|
return user;
|
}
|
|
|
}
|