Apache/archiva-redback-core
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Changing authentication REST service

Browse Source
This commit is contained in:
Martin Stockhammer 2020-07-10 13:21:47 +02:00
parent 3a33afe9e9
commit 9e0e580cce
3 changed files with 42 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/AuthenticationService.java
View File

@ -19,6 +19,9 @@
* under the License. * under the License.
*/ */
import io.swagger.v3.oas.annotations.OpenAPIDefinition;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.responses.ApiResponse;
import org.apache.archiva.redback.authorization.RedbackAuthorization; import org.apache.archiva.redback.authorization.RedbackAuthorization;
import org.apache.archiva.redback.rest.api.model.ActionStatus; import org.apache.archiva.redback.rest.api.model.ActionStatus;
import org.apache.archiva.redback.rest.api.model.AuthenticationKeyResult; import org.apache.archiva.redback.rest.api.model.AuthenticationKeyResult;
@ -70,16 +73,39 @@ PingResult pingWithAutz()
throws RedbackServiceException; throws RedbackServiceException;
/** /**
* check username/password and create a http session. * Check username/password and return a bearer token.
* So no more need of reuse username/password for all ajaxRequest * The bearer token can be added to the HTTP header on further requests to authenticate.
*
*/ */
@Path( "authenticate" ) @Path( "authenticate" )
@POST @POST
@RedbackAuthorization( noRestriction = true, noPermission = true ) @RedbackAuthorization( noRestriction = true, noPermission = true )
@Produces( { MediaType.APPLICATION_JSON } ) @Produces( { MediaType.APPLICATION_JSON } )
UserLogin logIn( LoginRequest loginRequest ) @Operation( summary = "Authenticate by user/password login and return a bearer token, usable for further requests",
responses = {
@ApiResponse( description = "The bearer token. The token data contains the token string that should be added to the Bearer header" )
}
)
Token logIn( LoginRequest loginRequest )
throws RedbackServiceException; throws RedbackServiceException;
/**
* Renew the bearer token. The request must send a bearer token in the HTTP header
*
*/
@Path( "authenticate" )
@GET
@RedbackAuthorization( noRestriction = false, noPermission = true )
@Produces( { MediaType.APPLICATION_JSON } )
@Operation( summary = "Creates a new bearer token. The requestor must present a still valid bearer token in the HTTP header.",
responses = {
@ApiResponse( description = "The new bearer token," )
}
)
Token renewToken( )
throws RedbackServiceException;
/** /**
* simply check if current user has an http session opened with authz passed and return user data * simply check if current user has an http session opened with authz passed and return user data
* @since 1.4 * @since 1.4

12
redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultAuthenticationService.java
View File

@ -146,7 +146,7 @@ public PingResult pingWithAutz()
} }
@Override @Override
public UserLogin logIn( LoginRequest loginRequest ) public Token logIn( LoginRequest loginRequest )
throws RedbackServiceException throws RedbackServiceException
{ {
String userName = loginRequest.getUsername(), password = loginRequest.getPassword(); String userName = loginRequest.getUsername(), password = loginRequest.getPassword();
@ -180,7 +180,7 @@ public UserLogin logIn( LoginRequest loginRequest )
// here create an http session // here create an http session
httpAuthenticator.authenticate( authDataSource, httpServletRequest.getSession( true ) ); httpAuthenticator.authenticate( authDataSource, httpServletRequest.getSession( true ) );
return restUser; return null;
} }
if ( securitySession.getAuthenticationResult() != null if ( securitySession.getAuthenticationResult() != null
&& securitySession.getAuthenticationResult().getAuthenticationFailureCauses() != null ) && securitySession.getAuthenticationResult().getAuthenticationFailureCauses() != null )
@ -212,7 +212,7 @@ public UserLogin logIn( LoginRequest loginRequest )
} }
catch ( MustChangePasswordException e ) catch ( MustChangePasswordException e )
{ {
return buildRestUser( e.getUser() ); return null;
} }
catch ( UserManagerException e ) catch ( UserManagerException e )
{ {
@ -224,6 +224,12 @@ public UserLogin logIn( LoginRequest loginRequest )
} }
@Override
public Token renewToken( ) throws RedbackServiceException
{
return null;
}
@Override @Override
public User isLogged() public User isLogged()
throws RedbackServiceException throws RedbackServiceException

7
redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/AuthenticationServiceTest.java
View File

@ -20,6 +20,7 @@
import org.apache.archiva.redback.integration.security.role.RedbackRoleConstants; import org.apache.archiva.redback.integration.security.role.RedbackRoleConstants;
import org.apache.archiva.redback.rest.api.model.LoginRequest; import org.apache.archiva.redback.rest.api.model.LoginRequest;
import org.apache.archiva.redback.rest.api.model.Token;
import org.apache.archiva.redback.rest.api.model.User; import org.apache.archiva.redback.rest.api.model.User;
import org.apache.archiva.redback.rest.api.services.RedbackServiceException; import org.apache.archiva.redback.rest.api.services.RedbackServiceException;
import org.apache.archiva.redback.rest.api.services.UserService; import org.apache.archiva.redback.rest.api.services.UserService;
@ -95,9 +96,9 @@ public void simpleLogin() throws RedbackServiceException
userService.createUser( user ); userService.createUser( user );
// END SNIPPET: create-user // END SNIPPET: create-user
LoginRequest request = new LoginRequest( "toto", "foo123" ); LoginRequest request = new LoginRequest( "toto", "foo123" );
User result = getLoginServiceV2( "" ).logIn( request ); Token result = getLoginServiceV2( "" ).logIn( request );
assertNotNull( result ); // assertNotNull( result );
assertEquals( "toto", result.getUsername( ) ); // assertEquals( "toto", result.getUsername( ) );
} }
finally finally