Package org.mycore.restapi.v1

Class MCRRestAPIAuthentication

java.lang.Object
org.mycore.restapi.v1.MCRRestAPIAuthentication
@Path("/auth") public class MCRRestAPIAuthentication extends Object
Rest Controller that handles authentication.
Author:
Thomas Scheffler, Robert Stephan

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final String
    AUDIENCE
     

  • Constructor Summary

    Constructors
    Constructor
    Description
    MCRRestAPIAuthentication()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    jakarta.ws.rs.core.Response
    authorize(String authorization)
    Unauthenticated requests should return a response whose header contains a HTTP 401 Unauthorized status and a WWW-Authenticate field. 200 OK Content-Type: application/json;charset=UTF-8 { "access_token": "NgCXRK...MzYjw", "token_type": "Bearer", "expires_at": 1372700873, "refresh_token": "NgAagA...Um_SHo" } Returning the JWT (Java Web Token to the client is not properly specified).
    static Optional<String>
    getToken(MCRSession session, String remoteIp)
     
    jakarta.ws.rs.core.Response
    renew(String authorization)
     
    static void
    validate(String token)
     

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

  • Constructor Details

    • MCRRestAPIAuthentication

      public MCRRestAPIAuthentication()

  • Method Details

    • authorize

      @GET @Produces("application/json;charset=utf-8") @Path("/login") public jakarta.ws.rs.core.Response authorize(@DefaultValue("") @HeaderParam("Authorization") String authorization) throws IOException
      Unauthenticated requests should return a response whose header contains a HTTP 401 Unauthorized status and a WWW-Authenticate field. 200 OK Content-Type: application/json;charset=UTF-8 { "access_token": "NgCXRK...MzYjw", "token_type": "Bearer", "expires_at": 1372700873, "refresh_token": "NgAagA...Um_SHo" } Returning the JWT (Java Web Token to the client is not properly specified). We use the "Authorization" Header in the response, which is unusual but not strictly forbidden.
      Parameters:
      authorization - - content HTTP Header Authorization
      Returns:
      response message as JSON
      Throws:
      IOException - if JWT cannot be written

    • getToken

      public static Optional<String> getToken(MCRSession session, String remoteIp)

    • renew

      @GET @Path("/renew") public jakarta.ws.rs.core.Response renew(@DefaultValue("") @HeaderParam("Authorization") String authorization) throws IOException
      Throws:
      IOException

    • validate

      public static void validate(String token) throws com.auth0.jwt.exceptions.JWTVerificationException
      Throws:
      com.auth0.jwt.exceptions.JWTVerificationException