/* http-auth - Authentication Extensions to jdk.httpserver Copyright (C) 2021 Ulrich Hilger This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. You should have received a copy of the GNU Affero General Public License along with this program. If not, see . */ package de.uhilger.httpserver.auth.handler; import com.sun.net.httpserver.Authenticator; import com.sun.net.httpserver.Headers; import com.sun.net.httpserver.HttpContext; import com.sun.net.httpserver.HttpExchange; import com.sun.net.httpserver.HttpHandler; import de.uhilger.httpserver.auth.TokenAuthenticator; import de.uhilger.httpserver.auth.realm.User; import java.io.IOException; import java.text.SimpleDateFormat; import java.util.Date; import java.util.Locale; /** * * @author Ulrich Hilger * @version 1, 30.05.2021 */ public abstract class LoginHandler implements HttpHandler { /* Der Logger fuer diesen JWTLoginHandler */ //private static final Logger logger = Logger.getLogger(LoginHandler.class.getName()); public static final String ATTR_AUTHENTICATOR = "authenticator"; //protected String ctx; /** * Wenn einfach ein HTML-Formular hierhin geschickt wird, das wie * bei Java die Formular-Eingabefelder 'j_username' und 'j_password' * enthaelt, kommt im Body folgendes an: * j_username=name&j_password=password * * body koennte auch einen JSON-Ausdruck enthalten wie z.B. * {"name": "fred", "password": "secret"} * * Das ist hier noch nicht implementiert * * @param exchange * @throws IOException */ @Override public void handle(HttpExchange exchange) throws IOException { User nutzer = getUser(exchange); HttpContext context = exchange.getHttpContext(); Object o = context.getAttributes().get(ATTR_AUTHENTICATOR); if (o instanceof TokenAuthenticator) { TokenAuthenticator auth = (TokenAuthenticator) o; String token = auth.anmelden(nutzer.getName(), nutzer.getPassword()); if (token != null) { loginResponse(exchange, auth, token); } else { // Nutzer und Kennwort passen nicht } } else { // interner Fehler: Kein passender Authenticator } } protected void setAuthenticatedHeader(HttpExchange exchange, Authenticator auth, String token) { if(auth instanceof TokenAuthenticator) { TokenAuthenticator tAuth = (TokenAuthenticator) auth; // angemeldet, Token als Antwort zurueckgeben Headers respHeaders = exchange.getResponseHeaders(); // JWT=[cookie-inhalt]; Expires=Thu, 21 Oct 2021 07:28:00 GMT; Secure; HttpOnly SimpleDateFormat f = new SimpleDateFormat(TokenAuthenticator.HEADER_DATE_PATTERN, Locale.US); Date exp = Date.from(new Date().toInstant().plusSeconds(TokenAuthenticator.TOKEN_EXPIRATION)); respHeaders.add(TokenAuthenticator.SET_COOKIE_HEADER, tAuth.cookieBilden(TokenAuthenticator.JWT_INDICATOR, token, exp)); } } protected abstract void loginResponse(HttpExchange exchange, Authenticator auth, String token) throws IOException; protected abstract User getUser(HttpExchange exchange) throws IOException; /* protected String bodyLesen(HttpExchange exchange) throws IOException { StringBuilder sb = new StringBuilder(); InputStream is = exchange.getRequestBody(); BufferedReader in = new BufferedReader(new InputStreamReader(is)); String line = in.readLine(); while (line != null) { sb.append(line); line = in.readLine(); } return sb.toString(); } */ }