| | |
|---|
| | | import com.sun.net.httpserver.HttpExchange; |
|---|
| | | import com.sun.net.httpserver.HttpPrincipal; |
|---|
| | | import de.uhilger.httpserver.auth.realm.Realm; |
|---|
| | | import de.uhilger.httpserver.base.handler.HttpResponder; |
|---|
| | | import de.uhilger.httpserver.base.HttpResponder; |
|---|
| | | import io.jsonwebtoken.Claims; |
|---|
| | | import io.jsonwebtoken.JwtException; |
|---|
| | | import io.jsonwebtoken.Jwts; |
|---|
| | |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Die Klasse Authenticator authentifziert gemäß OAuth-Spezifikation |
|---|
| | | * |
|---|
| | | * |
|---|
| | | * "The OAuth 2.0 Authorization Framework: Bearer Token Usage" |
|---|
| | | * https://datatracker.ietf.org/doc/html/rfc6750 |
|---|
| | | * |
|---|
| | | * |
|---|
| | | * weitere Info-Links |
|---|
| | | * https://www.oauth.com/oauth2-servers/making-authenticated-requests/refreshing-an-access-token/ |
|---|
| | | * https://swagger.io/docs/specification/authentication/bearer-authentication/ |
|---|
| | | * |
|---|
| | |
|---|
| | | if(parts != null && parts.length > 1) { |
|---|
| | | token = parts[1].trim(); |
|---|
| | | } |
|---|
| | | } else { |
|---|
| | | // unschoen, aber fuer Image-Links in HTML-Inhalten |
|---|
| | | // mit Query versuchen |
|---|
| | | // z.B. |
|---|
| | | // GET /resource?access_token=mF_9.B5f-4.1JqM HTTP/1.1 |
|---|
| | | // Host: server.example.com |
|---|
| | | String query = exchange.getRequestURI().getQuery(); |
|---|
| | | if(query != null && query.toLowerCase().contains("access_token")) { |
|---|
| | | String[] parts = query.split("&"); |
|---|
| | | for(String part : parts) { |
|---|
| | | String[] keyVal = part.split("="); |
|---|
| | | if(keyVal[0].equalsIgnoreCase("access_token")) { |
|---|
| | | token = keyVal[1].trim(); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | return token; |
|---|
| | | } |
|---|
| | |
|---|
| | | * im WWW-Authenticate Header bestimmen |
|---|
| | | * |
|---|
| | | * @param exchange |
|---|
| | | * @return den Ausdruck fuer den WWW-Authenticate Header |
|---|
| | | */ |
|---|
| | | protected String getWWWAuthRealm(HttpExchange exchange) { |
|---|
| | | return wwwAuthRealm; |
|---|
| | |
|---|
| | | * WWW-Authenticate: Bearer realm="example" |
|---|
| | | * |
|---|
| | | * @param exchange |
|---|
| | | * @return |
|---|
| | | * @throws java.io.IOException |
|---|
| | | * @return das Ergebnis |
|---|
| | | */ |
|---|
| | | protected Result unauthorized(HttpExchange exchange) { |
|---|
| | | StringBuilder sb = new StringBuilder(); |
|---|
| | |
|---|
| | | this.realm = realm; |
|---|
| | | } |
|---|
| | | |
|---|
| | | //public Realm getRealm() { |
|---|
| | | // return realm; |
|---|
| | | //} |
|---|
| | | |
|---|
| | | public boolean hasRole(String userId, String roleId) { |
|---|
| | | return realm.hasRole(userId, roleId); |
|---|
| | | } |
|---|
| | | |
|---|
| | | public void setWWWAuthRealm(String wwwAuthRealm) { |
|---|
| | | this.wwwAuthRealm = wwwAuthRealm; |
|---|
| | | } |
|---|
