View Javadoc
1   /*
2    * Copyright (c) 2002-2021, City of Paris
3    * All rights reserved.
4    *
5    * Redistribution and use in source and binary forms, with or without
6    * modification, are permitted provided that the following conditions
7    * are met:
8    *
9    *  1. Redistributions of source code must retain the above copyright notice
10   *     and the following disclaimer.
11   *
12   *  2. Redistributions in binary form must reproduce the above copyright notice
13   *     and the following disclaimer in the documentation and/or other materials
14   *     provided with the distribution.
15   *
16   *  3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
17   *     contributors may be used to endorse or promote products derived from
18   *     this software without specific prior written permission.
19   *
20   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21   * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22   * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23   * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
24   * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25   * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26   * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27   * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28   * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30   * POSSIBILITY OF SUCH DAMAGE.
31   *
32   * License 1.0
33   */
34  package fr.paris.lutece.plugins.mylutece.modules.oauth2.authentication;
35  
36  import java.io.IOException;
37  import java.io.Serializable;
38  import java.util.ArrayList;
39  import java.util.List;
40  import java.util.Locale;
41  import java.util.Map;
42  import java.util.stream.Collectors;
43  
44  import javax.security.auth.login.LoginException;
45  import javax.servlet.http.HttpServletRequest;
46  
47  import fr.paris.lutece.plugins.mylutece.authentication.PortalAuthentication;
48  import fr.paris.lutece.plugins.mylutece.business.LuteceUserAttributeDescription;
49  import fr.paris.lutece.plugins.mylutece.business.LuteceUserRoleDescription;
50  import fr.paris.lutece.plugins.mylutece.business.attribute.AttributeHome;
51  import fr.paris.lutece.plugins.mylutece.modules.oauth2.service.Oauth2Service;
52  import fr.paris.lutece.plugins.mylutece.service.MyLutecePlugin;
53  import fr.paris.lutece.plugins.oauth2.business.Token;
54  import fr.paris.lutece.plugins.oauth2.service.DataClientService;
55  import fr.paris.lutece.plugins.oauth2.service.TokenService;
56  import fr.paris.lutece.portal.business.role.RoleHome;
57  import fr.paris.lutece.portal.service.plugin.Plugin;
58  import fr.paris.lutece.portal.service.plugin.PluginService;
59  import fr.paris.lutece.portal.service.security.LoginRedirectException;
60  import fr.paris.lutece.portal.service.security.LuteceUser;
61  import fr.paris.lutece.portal.service.security.SecurityService;
62  import fr.paris.lutece.portal.service.util.AppLogService;
63  import fr.paris.lutece.portal.service.util.AppPropertiesService;
64  
65  /**
66   * The Class provides an implementation of the inherited abstract class PortalAuthentication based on OpenID
67   */
68  public class Oauth2Authentication extends PortalAuthentication implements Serializable
69  {
70      ////////////////////////////////////////////////////////////////////////////////////////////////
71      // Constants
72      private static final String PROPERTY_AUTH_SERVICE_NAME = "mylutece-oauth2.service.name";
73      private static final String CONSTANT_PATH_ICON = "images/local/skin/plugins/mylutece/modules/openid/mylutece-openid.png";
74      private static final String PLUGIN_NAME = "mylutece-oauth2";
75      private static final long serialVersionUID = 1L;
76      private static final String authDataClientName = "authData";
77  
78      /**
79       * Gets the Authentification service name
80       *
81       * @return The name of the authentication service
82       */
83      @Override
84      public String getAuthServiceName( )
85      {
86          return AppPropertiesService.getProperty( PROPERTY_AUTH_SERVICE_NAME );
87      }
88  
89      /**
90       * Gets the Authentification type
91       *
92       * @param request
93       *            The HTTP request
94       * @return The type of authentication
95       */
96      @Override
97      public String getAuthType( HttpServletRequest request )
98      {
99          return HttpServletRequest.BASIC_AUTH;
100     }
101 
102     /**
103      * This methods checks the login info in the LDAP repository
104      *
105      *
106      * @return A LuteceUser object corresponding to the login
107      * @param strUserName
108      *            The username
109      * @param strUserPassword
110      *            The password
111      * @param request
112      *            The HttpServletRequest
113      * @throws LoginRedirectException
114      *             This exception is used to redirect the authentication to the provider
115      * @throws LoginException
116      *             The LoginException
117      */
118     @Override
119     public LuteceUser processLogin( String strUserName, String strUserPassword, HttpServletRequest request ) throws LoginException, LoginRedirectException
120     {
121         return getHttpAuthenticatedUser( request );
122     }
123 
124     /**
125      * This methods logout the user
126      *
127      * @param user
128      *            The user
129      */
130     @Override
131     public void logout( LuteceUser user )
132     {
133     }
134 
135     /**
136      * This method returns an anonymous Lutece user
137      *
138      * @return An anonymous Lutece user
139      */
140     @Override
141     public LuteceUser getAnonymousUser( )
142     {
143         return new Oauth2User( LuteceUser.ANONYMOUS_USERNAME, null, this );
144     }
145 
146     /**
147      *
148      * {@inheritDoc}
149      */
150     @Override
151     public String getIconUrl( )
152     {
153         return CONSTANT_PATH_ICON;
154     }
155 
156     /**
157      *
158      * {@inheritDoc}
159      */
160     @Override
161     public String getName( )
162     {
163         return PLUGIN_NAME;
164     }
165 
166     /**
167      *
168      * {@inheritDoc}
169      */
170     @Override
171     public String getPluginName( )
172     {
173         return PLUGIN_NAME;
174     }
175 
176     /**
177      *
178      * {@inheritDoc}
179      */
180     @Override
181     public boolean isMultiAuthenticationSupported( )
182     {
183         return false;
184     }
185 
186     /**
187      * Returns a Lutece user object if the user is already authenticated by Openam
188      * 
189      * @param request
190      *            The HTTP request
191      * @return Returns A Lutece User or null if there no user authenticated
192      */
193     @Override
194     public LuteceUser getHttpAuthenticatedUser( HttpServletRequest request )
195     {
196         LuteceUser user = null;
197         user = SecurityService.getInstance( ).getRegisteredUser( request );
198         // Reload User if info
199         if ( user != null && user instanceof Oauth2User )
200         {
201             Oauth2User./../../../../../fr/paris/lutece/plugins/mylutece/modules/oauth2/authentication/Oauth2User.html#Oauth2User">Oauth2User userOauth = (Oauth2User) user;
202             if ( userOauth.getToken( ).getRefreshToken( ) != null )
203             {
204 
205                 AuthDataClient./../../fr/paris/lutece/plugins/mylutece/modules/oauth2/authentication/AuthDataClient.html#AuthDataClient">AuthDataClient authDataClient = (AuthDataClient) DataClientService.instance( ).getClient( authDataClientName );
206                 Token token = TokenService.getService( ).getTokenByRefreshToken( userOauth.getToken( ).getRefreshToken( ) );
207                 try
208                 {
209                     Map<String, Object> mapUserInfo = authDataClient.parse( authDataClient.getData( token ) );
210                     return Oauth2Service.getInstance( ).processAuthentication( request, mapUserInfo, token );
211 
212                 }
213                 catch( IOException e )
214                 {
215                     // TODO Auto-generated catch block
216                     AppLogService.error( "error during retrieving user info with refresh token  ", e );
217                 }
218 
219             }
220             // userOauth.getToken( )
221             // // add Openam LuteceUser session
222             // OpenamLuteceUserSessionService.getInstance( ).addLuteceUserSession( user.getName( ), request.getSession( true ).getId( ) );
223             // }
224         }
225 
226         return user;
227     }
228     
229     
230     
231 
232     /**
233      * {@inheritDoc}
234      */
235     @Override
236    public List<LuteceUserAttributeDescription> getLuteceUserAttributesProvided(Locale locale)
237     {
238     	
239     	return Oauth2Service.getInstance().getLuteceUserAttributesProvided(locale);
240     }
241 }