Commit 6b4fabc1 authored by Brian Major's avatar Brian Major
Browse files

t72959 - added scope parameter to login servlet

parent efc84b5d
...@@ -69,10 +69,14 @@ ...@@ -69,10 +69,14 @@
package ca.nrc.cadc.ac.server.web; package ca.nrc.cadc.ac.server.web;
import java.io.IOException; import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.AccessControlException; import java.security.AccessControlException;
import java.security.Principal; import java.security.Principal;
import java.security.PrivilegedActionException; import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction; import java.security.PrivilegedExceptionAction;
import java.util.Calendar;
import java.util.GregorianCalendar;
import javax.security.auth.Subject; import javax.security.auth.Subject;
import javax.servlet.ServletConfig; import javax.servlet.ServletConfig;
...@@ -92,8 +96,10 @@ import ca.nrc.cadc.ac.server.PluginFactory; ...@@ -92,8 +96,10 @@ import ca.nrc.cadc.ac.server.PluginFactory;
import ca.nrc.cadc.ac.server.UserPersistence; import ca.nrc.cadc.ac.server.UserPersistence;
import ca.nrc.cadc.ac.server.ldap.LdapGroupPersistence; import ca.nrc.cadc.ac.server.ldap.LdapGroupPersistence;
import ca.nrc.cadc.auth.AuthenticatorImpl; import ca.nrc.cadc.auth.AuthenticatorImpl;
import ca.nrc.cadc.auth.DelegationToken;
import ca.nrc.cadc.auth.HttpPrincipal; import ca.nrc.cadc.auth.HttpPrincipal;
import ca.nrc.cadc.auth.SSOCookieManager; import ca.nrc.cadc.auth.SSOCookieManager;
import ca.nrc.cadc.date.DateUtil;
import ca.nrc.cadc.log.ServletLogInfo; import ca.nrc.cadc.log.ServletLogInfo;
import ca.nrc.cadc.net.TransientException; import ca.nrc.cadc.net.TransientException;
import ca.nrc.cadc.util.StringUtil; import ca.nrc.cadc.util.StringUtil;
...@@ -152,6 +158,7 @@ public class LoginServlet<T extends Principal> extends HttpServlet ...@@ -152,6 +158,7 @@ public class LoginServlet<T extends Principal> extends HttpServlet
log.info(logInfo.start()); log.info(logInfo.start());
String userID = request.getParameter("username"); String userID = request.getParameter("username");
String password = request.getParameter("password"); String password = request.getParameter("password");
String scope = request.getParameter("scope");
if (userID == null || userID.length() == 0) if (userID == null || userID.length() == 0)
throw new IllegalArgumentException("Missing username"); throw new IllegalArgumentException("Missing username");
...@@ -174,9 +181,31 @@ public class LoginServlet<T extends Principal> extends HttpServlet ...@@ -174,9 +181,31 @@ public class LoginServlet<T extends Principal> extends HttpServlet
(!StringUtil.hasText(proxyUser) && (!StringUtil.hasText(proxyUser) &&
userPersistence.doLogin(userID, password))) userPersistence.doLogin(userID, password)))
{ {
String token = String token = null;
new SSOCookieManager().generate( HttpPrincipal p = new HttpPrincipal(userID, proxyUser);
new HttpPrincipal(userID, proxyUser)); if (scope != null)
{
// This cookie will be scope to a certain URI,
// such as a VOSpace node
URI uri = null;
try
{
uri = new URI(scope);
}
catch (URISyntaxException e)
{
throw new IllegalArgumentException("Invalid scope: " + scope);
}
final Calendar expiryDate = new GregorianCalendar(DateUtil.UTC);
expiryDate.add(Calendar.HOUR, SSOCookieManager.SSO_COOKIE_LIFETIME_HOURS);
DelegationToken dt = new DelegationToken(p, uri, expiryDate.getTime());
token = DelegationToken.format(dt);
}
else
{
token = new SSOCookieManager().generate(p);
}
response.setContentType(CONTENT_TYPE); response.setContentType(CONTENT_TYPE);
response.setContentLength(token.length()); response.setContentLength(token.length());
response.getWriter().write(token); response.getWriter().write(token);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment