source: cats/ISOcat/trunk/mod-ISOcat-control-access/control/credentials.js @ 2675

Last change on this file since 2675 was 2675, checked in by mwindhouwer, 11 years ago

M control/credentials.js

  • oops
File size: 8.1 KB
Line 
1importPackage(Packages.com.Ostermiller.util);
2
3importClass(Packages.org.ten60.netkernel.layer1.representation.MonoRepresentationImpl);
4importClass(Packages.com.ten60.netkernel.urii.aspect.StringAspect);
5importClass(Packages.org.ten60.netkernel.xml.representation.DOMXDAAspect);
6
7//java.lang.System.out.println("DBG:credentials.js:welcome");
8
9// get the current request
10req = context.getThisRequest();
11
12// create a subrequest out of the current request
13subreq = context.createSubRequest();
14subreq.setURI(req.getArgument("uri"));
15
16cred = null;
17shib = null;
18
19// first try HTTP Basic authentication
20if (req.argumentExists("Authorization")) {
21    auth = req.getArgument("Authorization");
22    auth = auth.replace("data:text/plain,","");
23    auth = java.net.URLDecoder.decode(auth,"UTF-8");
24    auth = auth.trim();
25    if (auth.startsWith("Basic ")) {
26        // the shibboleth token password can never come by BASIC authentication
27        if (!auth.endsWith(":shib")) {
28            auth = auth.replace("Basic ","");
29            auth = Base64.decode(auth,"UTF-8");
30            //java.lang.System.out.println("DBG:credentials.js:auth["+auth+"] with prefix");
31            auth = ""+auth; // turn the Java string into a JS string
32            auth = auth.replace(/^[^\:\-]+-/,'');
33            //java.lang.System.out.println("DBG:credentials.js:auth["+auth+"] without prefix");
34            cred = auth;
35            subreq.addArgument("credentials","data:text/plain,"+java.net.URLEncoder.encode(cred,"UTF-8"));
36        }
37    }
38}
39
40// try Shibboleth EPPN authentication
41if ((req.argumentExists("eduPersonPrincipalName"))) {
42    var auth = req.getArgument("eduPersonPrincipalName");
43    auth = auth.replace("data:text/plain,","");
44    //java.lang.System.out.println("DBG:credentials.js:principal["+auth+"]");
45    if (auth != "") {
46        shib = auth;
47    }
48}
49
50// if no principal yet, try Shibboleth EPTID authentication
51if (shib == null) {
52    if ((req.argumentExists("eduPersonTargetedID"))) {
53        var auth = req.getArgument("eduPersonTargetedID");
54        auth = auth.replace("data:text/plain,","");
55        //java.lang.System.out.println("DBG:credentials.js:principal["+auth+"]");
56        if (auth != "") {
57            shib = auth;
58        }
59    }
60}
61
62// if no credentials and no principal yet, try Shibboleth security token authentication
63if ((cred == null) && (shib == null)) {
64    if (req.argumentExists("Authorization")) {
65        auth = req.getArgument("Authorization");
66        auth = auth.replace("data:text/plain,","");
67        auth = java.net.URLDecoder.decode(auth,"UTF-8");
68        auth = auth.trim();
69        if (auth.startsWith("Bearer ")) {
70            tok = auth.replace("Bearer ","");
71            tok = ""+tok; // turn the Java string into a JS string
72            tok = tok.replace(/^[^\:\-]+-/,'');
73            //java.lang.System.out.println("DBG:credentials.js:token["+tok+"]");
74            var tokreq = context.createSubRequest();
75            tokreq.setURI("active:ISOcat.control.access.shib.check_token");
76            tokreq.addArgument("token","data:text/plain,"+tok);
77            tokreq.setAspectClass(DOMXDAAspect);
78            tokres = context.issueSubRequest(tokreq);
79            if (tokres != null) {
80                //java.lang.System.out.println("DBG:credentials.js:tokres["+tokres.getAspects()+"]");
81                if (tokres.hasAspect(DOMXDAAspect)) {
82                    tokres = tokres.getAspect(DOMXDAAspect);
83                    //java.lang.System.out.println("DBG:credentials.js:XDA["+tokres+"]");
84                    if (tokres != null) {
85                        tokres = tokres.getXDA();
86                        if (tokres.isTrue("/string")) {
87                            tokres =  tokres.getText("/string",true);
88                            //java.lang.System.out.println("DBG:credentials.js:tokres["+tokres+"]");
89                            if (tokres != "") {
90                                shib = tokres;
91                            }
92                        }
93                    }
94                }
95            }
96        }
97    }
98}
99
100//java.lang.System.out.println("DBG:credentials.js:principal["+shib+"]");
101if (shib != null) {
102    subreq.addArgument("principal","data:text/plain,"+java.net.URLEncoder.encode(shib,"UTF-8"));
103}
104
105// if no credentials but the principal is known, try to resolve principal to credentials
106if ((cred == null) && (shib != null)) {
107    // request the credentials for the principal
108    var credreq = context.createSubRequest();
109    credreq.setURI("active:ISOcat.manage.access.shibboleth");
110    credreq.addArgument("principal","data:text/plain,"+java.net.URLEncoder.encode(shib,"UTF-8"));
111    credreq.setAspectClass(DOMXDAAspect);
112    auth = context.issueSubRequest(credreq);
113    if (auth != null) {
114        //java.lang.System.out.println("DBG:credentials.js:cred["+auth.getAspects()+"]");
115        if (auth.hasAspect(DOMXDAAspect)) {
116            auth = auth.getAspect(DOMXDAAspect);
117            //java.lang.System.out.println("DBG:credentials.js:XDA["+auth+"]");
118            if (auth != null) {
119                auth = auth.getXDA();
120                if (auth.isTrue("/string")) {
121                    auth =  auth.getText("/string",true);
122                    //java.lang.System.out.println("DBG:credentials.js:auth["+auth+"]");
123                    cred = auth;
124                    subreq.addArgument("credentials","data:text/plain,"+java.net.URLEncoder.encode(cred,"UTF-8"));
125                } //else
126                    //java.lang.System.out.println("ERR:credentials.js:cred["+cred+"] has no <string/> envelop");
127            } //else
128                //java.lang.System.out.println("ERR:credentials.js:cred["+cred+"] has NULL DOMXDAAspect");
129        } //else
130            //java.lang.System.out.println("ERR:credentials.js:cred["+cred+"] has no DOMXDAAspect");
131    } //else
132        //java.lang.System.out.println("ERR:credentials.js:auth is NULL");
133}
134
135//java.lang.System.out.println("DBG:credentials.js:authorization credentials["+cred+"]");
136//java.lang.System.out.println("DBG:credentials.js:shiboleth principal["+shib+"]");
137
138for(iter = req.getArguments(); iter.hasNext(); ) {
139    arg = iter.next();
140    if (arg.equals("Authorization")) {
141        continue;
142    } else if (arg.equals("eduPersonPrincipalName")) {
143        continue;
144    } else if (arg.equals("eduPersonTargetedID")) {
145        continue;
146    } else if (arg.equals("principal")) {
147        continue;
148    } else if (arg.equals("uri")) {
149        continue;
150    } else if (arg.equals("operator")) {
151        continue;
152    } else {
153        //java.lang.System.out.println("DBG:credentials.js:arg["+arg+"]");
154        argURI = req.getArgument(arg);
155        if (argURI != null) {
156            //java.lang.System.out.println("DBG:credentials.js:arg["+arg+"]["+argURI+"]");
157            argValue = req.getArgumentValue(argURI);
158            //java.lang.System.out.println("DBG:credentials.js:arg["+arg+"]["+argURI+"]["+argValue+"]");
159            if (argValue != null) {
160                //java.lang.System.out.println("DBG:credentials.js:arg["+arg+"]["+argValue+"] value");
161                subreq.addArgument(arg,argValue);
162            //} else if (argURI.startsWith("data:text/plain,")) {
163            //    var val = java.net.URLEncoder.encode(argURI.replaceFirst("data:text/plain,",""),"UTF-8");
164            //    val = val.replace("\+","%20");// we don't want + to escape spaces but %20, as + has a special meaning in an active URI
165            //    java.lang.System.out.println("DBG:credentials.js:arg["+arg+"]["+argURI+"][data:text/plain,"+val+"] encoded URI");
166            //    subreq.addArgument(arg,"data:text/plain,"+val);
167            } else {
168                //java.lang.System.out.println("DBG:credentials.js:arg["+arg+"]["+argURI+"] URI");
169                subreq.addArgument(arg,argURI);
170            }
171        }// else
172        //    java.lang.System.out.println("DBG:credentials.js:arg["+arg+"] null");
173    }
174}
175
176reply = context.issueSubRequest(subreq);
177
178//Create response, set metadata and exit
179response = context.createResponseFrom(reply);
180
181//java.lang.System.out.println("DBG:credentials.js:done");
Note: See TracBrowser for help on using the repository browser.