Class HTTPAuthentication
- java.lang.Object
-
- org.silverpeas.core.webapi.base.HTTPAuthentication
-
@Service public class HTTPAuthentication extends Object
An HTTP authentication mechanism for Silverpeas. It implements the authentication mechanism in Silverpeas from an incoming HTTP request. This HTTP request can be as well an explicit authentication call as a Silverpeas API consume. The HTTP request is expected either to contain the HTTP headerAuthorization
valued with the authentication scheme and the user credentials as expected by the IETF RFC 2617 or to target an URI with the query parameteraccess_token
(see IETF RFC 6750).Actually, Silverpeas supports two HTTP authentication schemes: the
Basic
one (covered by the IETF RFC 2617) and the Bearer one (covered by the IETF RFC 6750). The API token of the users must be passed with theBearer
scheme to access the REST API of Silverpeas.The authentication opens a new session when succeeded, otherwise a
WebApplicationException
exception is thrown with the statusResponse.Status.UNAUTHORIZED
.- Author:
- mmoquillon
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
HTTPAuthentication.AuthenticationContext
-
Constructor Summary
Constructors Modifier Constructor Description protected
HTTPAuthentication()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description SessionInfo
authenticate(HTTPAuthentication.AuthenticationContext context)
Authenticates the user behind the incoming HTTP request according to the specified authentication context.
-
-
-
Method Detail
-
authenticate
public SessionInfo authenticate(HTTPAuthentication.AuthenticationContext context)
Authenticates the user behind the incoming HTTP request according to the specified authentication context.The context is defined for the incoming HTTP request and for the HTTP response to send. The HTTP request contains the elements required to authenticate the user at the source of the request. The mandatory element is either the
Authorization
HTTP header that must be valued with an authentication scheme and with the credentials of the user or theaccess_token
URI query parameter or theaccess_token
form-encoded body parameter.A
WebApplicationException
is thrown with the statusResponse.Status.UNAUTHORIZED
in the following case:- No
Authentication
header and noaccess_token
parameter - The authentication scheme isn't supported
- the credentials passed in the
Authentication
header are invalid - the user API token passed in the
access_token
parameter is invalid - the user account in Silverpeas isn't valid (blocked, deactivated, ...)
If the authentication process succeeds, then a session is created and returned. For a basic authentication scheme, the session comes from a session opening in Silverpeas by the
SessionManagement
subsystem and its unique identifier is set in theUserPrivilegeValidation.HTTP_SESSIONKEY
header of the HTTP response; the session life will span over several HTTP requests and it will be closed either explicitly or by the default session timeout. For a bearer authentication scheme and for an authentication from theaccess_token
parameter, the session is just created for the specific incoming request and will expire at the end of it.At the end of the authentication, the context is alimented with the user credentials and with the authentication scheme that were fetched from the HTTP request. They can then be retrieved for further operation by the invoker of this method. In the case of an authentication from the
access_token
parameter, the authentication scheme is in the context is set as a bearer authentication scheme.- Parameters:
context
- the context of the authentication with the HTTP request and with the HTTP response.- Returns:
- the created session for the request if the authentication succeeds or throws a
WebApplicationException
with as statusResponse.Status.UNAUTHORIZED
.
- No
-
-