From: Ray Lee <rhlee@berkeley.edu>
Date: Sun, 17 Jul 2016 22:37:25 +0000 (-0700)
Subject: DRYD-22: Accept tokens in rest api calls.
X-Git-Url: https://git.aero2k.de/?a=commitdiff_plain;h=fdc733de7f6007a4f4f7a677c721b1fc8fa7f4ea;p=tmp%2Fjakarta-migration.git

DRYD-22: Accept tokens in rest api calls.
---

diff --git a/services/JaxRsServiceProvider/src/main/webapp/WEB-INF/applicationContext-security.xml b/services/JaxRsServiceProvider/src/main/webapp/WEB-INF/applicationContext-security.xml
index 163502a5e..45837ed38 100644
--- a/services/JaxRsServiceProvider/src/main/webapp/WEB-INF/applicationContext-security.xml
+++ b/services/JaxRsServiceProvider/src/main/webapp/WEB-INF/applicationContext-security.xml
@@ -45,6 +45,9 @@
         <sec:intercept-url pattern="/**" access="isFullyAuthenticated()" />
         <sec:http-basic />
         <sec:csrf disabled="true" />
+        
+        <!-- Handle token auth -->
+        <sec:custom-filter ref="oauthResourceServerFilter" before="PRE_AUTH_FILTER" />
     </sec:http>
 
     <sec:authentication-manager id="userAuthenticationManager">
@@ -79,6 +82,8 @@
         </constructor-arg>
     </bean>
     
+    <oauth:resource-server id="oauthResourceServerFilter" resource-id="cspace-services" token-services-ref="tokenServices" />
+    
     <sec:authentication-manager id="clientAuthenticationManager">
         <sec:authentication-provider user-service-ref="clientDetailsUserDetailsService"/>
     </sec:authentication-manager>
@@ -118,5 +123,21 @@
         <constructor-arg ref="tokenEnhancer" />
     </bean>
 
-    <bean id="tokenEnhancer" class="org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter" />
+    <bean id="tokenEnhancer" class="org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter">
+        <!--
+            Can specify a signing key here. By default a random one is generated on bean instantiation,
+            which means that when CSpace is restarted, all granted tokens will become invalid. A
+            public/private key pair may also be supplied, using keyPair.
+        -->
+        <!-- <property name="signingKey" value="" /> -->
+        <property name="accessTokenConverter">
+            <bean class="org.springframework.security.oauth2.provider.token.DefaultAccessTokenConverter">
+                <property name="userTokenConverter">
+                    <bean class="org.collectionspace.authentication.spring.CSpaceUserAuthenticationConverter">
+                        <constructor-arg ref="userDetailsService" />
+                    </bean>
+                </property>
+            </bean>
+        </property>
+    </bean>
 </beans>
diff --git a/services/JaxRsServiceProvider/src/main/webapp/WEB-INF/oauth-servlet.xml b/services/JaxRsServiceProvider/src/main/webapp/WEB-INF/oauth-servlet.xml
index 543e542f1..bc408d066 100644
--- a/services/JaxRsServiceProvider/src/main/webapp/WEB-INF/oauth-servlet.xml
+++ b/services/JaxRsServiceProvider/src/main/webapp/WEB-INF/oauth-servlet.xml
@@ -18,9 +18,10 @@
     
     <bean id="viewResolver" class="org.springframework.web.servlet.view.ContentNegotiatingViewResolver">
         <property name="defaultViews">
-            <bean class="org.springframework.web.servlet.view.json.MappingJackson2JsonView">
-                <property name="extractValueFromSingleKeyModel" value="true" />
-            </bean>
+            <list>
+                <bean class="org.springframework.web.servlet.view.xml.MappingJackson2XmlView" />
+                <bean class="org.springframework.web.servlet.view.json.MappingJackson2JsonView" />
+            </list>
         </property>
     </bean>
 </beans>
diff --git a/services/authentication/service/src/main/java/org/collectionspace/authentication/spring/CSpaceUserAuthenticationConverter.java b/services/authentication/service/src/main/java/org/collectionspace/authentication/spring/CSpaceUserAuthenticationConverter.java
new file mode 100644
index 000000000..3d81539a6
--- /dev/null
+++ b/services/authentication/service/src/main/java/org/collectionspace/authentication/spring/CSpaceUserAuthenticationConverter.java
@@ -0,0 +1,63 @@
+package org.collectionspace.authentication.spring;
+
+import java.util.LinkedHashMap;
+import java.util.Map;
+
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.oauth2.provider.token.UserAuthenticationConverter;
+
+/**
+ * Converter for CSpace user authentication information to and from Maps.
+ * This is used to serialize/deserialize user information to/from JWTs.
+ * When extracting the user authentication from a map, only the username
+ * is required. The full user information is retrieved from a UserDetailsService.
+ */
+public class CSpaceUserAuthenticationConverter implements UserAuthenticationConverter {
+
+    private UserDetailsService userDetailsService;
+
+    /**
+     * Creates a converter that uses the given UserDetailsService when extracting
+     * the authentication information.
+     * 
+     * @param userDetailsService the UserDetailsService to use
+     */
+    public CSpaceUserAuthenticationConverter(UserDetailsService userDetailsService) {
+        this.userDetailsService = userDetailsService;
+    }
+    
+    @Override
+    public Map<String, ?> convertUserAuthentication(Authentication userAuthentication) {
+        // In extractAuthentication we use a UserDetailsService to look up
+        // the user's roles and tenants, so there's no need to serialize
+        // those. We just need the username.
+        
+        Map<String, Object> response = new LinkedHashMap<String, Object>();
+        
+        response.put(USERNAME, userAuthentication.getName());
+        
+        return response;
+    }
+
+    @Override
+    public Authentication extractAuthentication(Map<String, ?> map) {
+        if (!map.containsKey(USERNAME) || userDetailsService == null) {
+            return null;
+        }
+        
+        String username = (String) map.get(USERNAME);
+
+        try {
+            UserDetails user = userDetailsService.loadUserByUsername(username);
+            
+            return new UsernamePasswordAuthenticationToken(user, "N/A", user.getAuthorities());
+        }
+        catch(UsernameNotFoundException e) {
+            return null;
+        }
+    }
+}
diff --git a/services/common/build.xml b/services/common/build.xml
index 0ab5ab267..55356b429 100644
--- a/services/common/build.xml
+++ b/services/common/build.xml
@@ -200,8 +200,10 @@
             <fileset dir="${jee.server.cspace}/lib" includes="aopalliance-*.jar"/>
             <fileset dir="${jee.server.cspace}/lib" includes="commons-lang3-*.jar"/>
             <fileset dir="${jee.server.cspace}/lib" includes="ehcache-*.jar"/>
+            <fileset dir="${jee.server.cspace}/lib" includes="jackson-*.jar"/>
             <fileset dir="${jee.server.cspace}/lib" includes="org.springframework.*.jar"/>
             <fileset dir="${jee.server.cspace}/lib" includes="spring-*.jar"/>
+            <fileset dir="${jee.server.cspace}/lib" includes="stax2-api-*.jar"/>
         </delete>
     </target>
 	
diff --git a/services/common/lib/.DS_Store b/services/common/lib/.DS_Store
new file mode 100644
index 000000000..e8a3178cf
Binary files /dev/null and b/services/common/lib/.DS_Store differ
diff --git a/services/common/lib/spring/.DS_Store b/services/common/lib/spring/.DS_Store
new file mode 100644
index 000000000..d3d4408c9
Binary files /dev/null and b/services/common/lib/spring/.DS_Store differ
diff --git a/services/common/lib/spring/jackson-annotations-2.8.0.jar b/services/common/lib/spring/jackson-annotations-2.8.0.jar
new file mode 100644
index 000000000..d19b67b0f
Binary files /dev/null and b/services/common/lib/spring/jackson-annotations-2.8.0.jar differ
diff --git a/services/common/lib/spring/jackson-core-2.8.0.jar b/services/common/lib/spring/jackson-core-2.8.0.jar
new file mode 100644
index 000000000..a078720cd
Binary files /dev/null and b/services/common/lib/spring/jackson-core-2.8.0.jar differ
diff --git a/services/common/lib/spring/jackson-databind-2.8.0.jar b/services/common/lib/spring/jackson-databind-2.8.0.jar
new file mode 100644
index 000000000..3565ff515
Binary files /dev/null and b/services/common/lib/spring/jackson-databind-2.8.0.jar differ
diff --git a/services/common/lib/spring/jackson-dataformat-xml-2.8.0.jar b/services/common/lib/spring/jackson-dataformat-xml-2.8.0.jar
new file mode 100644
index 000000000..d1567a2ea
Binary files /dev/null and b/services/common/lib/spring/jackson-dataformat-xml-2.8.0.jar differ
diff --git a/services/common/lib/spring/stax2-api-4.0.0.jar b/services/common/lib/spring/stax2-api-4.0.0.jar
new file mode 100644
index 000000000..00afafa60
Binary files /dev/null and b/services/common/lib/spring/stax2-api-4.0.0.jar differ