started refactoring Shib code #963

IQSS · Nov 10, 2014 · d8fd790 · d8fd790
1 parent 979a2d3
commit d8fd790
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 24 deletions.
diff --git a/src/main/java/edu/harvard/iq/dataverse/Shib.java b/src/main/java/edu/harvard/iq/dataverse/Shib.java
@@ -2,6 +2,7 @@
 
 import edu.harvard.iq.dataverse.authorization.AuthenticationServiceBean;
 import edu.harvard.iq.dataverse.authorization.RoleAssigneeDisplayInfo;
+import edu.harvard.iq.dataverse.authorization.providers.shib.ShibAuthenticationProvider;
 import edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser;
 import java.io.IOException;
 import java.util.ArrayList;
@@ -32,11 +33,6 @@ public class Shib implements java.io.Serializable {
 
     HttpServletRequest request;
 
-    /**
-     * @todo where should "shib" be defined?
-     */
-    String authPrvId = "shib";
-
     /**
      * @todo these are the attributes we are getting from the IdP at
      * testshib.org. What other attributes should we expect?
@@ -159,7 +155,8 @@ public void init() {
         displayInfo = new RoleAssigneeDisplayInfo(displayName, emailAddress);
 
         userPersistentId = shibIdp + "|" + userIdentifier;
-        AuthenticatedUser au = authSvc.lookupUser(authPrvId, userPersistentId);
+        ShibAuthenticationProvider shibAuthProvider = new ShibAuthenticationProvider();
+        AuthenticatedUser au = authSvc.lookupUser(shibAuthProvider.getId(), userPersistentId);
         if (au != null) {
             logger.info("Found user based on " + userPersistentId + ". Logging in.");
             session.setUser(au);
@@ -179,7 +176,8 @@ public void init() {
 
     public String confirm() {
         logger.info("confirm called...");
-        AuthenticatedUser au = authSvc.createAuthenticatedUser(authPrvId, userPersistentId, displayInfo);
+        ShibAuthenticationProvider shibAuthProvider = new ShibAuthenticationProvider();
+        AuthenticatedUser au = authSvc.createAuthenticatedUser(shibAuthProvider.getId(), userPersistentId, displayInfo);
         session.setUser(au);
         return homepage + "?faces-redirect=true";
     }

diff --git a/src/main/java/edu/harvard/iq/dataverse/authorization/AuthenticationServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/authorization/AuthenticationServiceBean.java
@@ -9,6 +9,7 @@
 import edu.harvard.iq.dataverse.authorization.providers.builtin.BuiltinAuthenticationProviderFactory;
 import edu.harvard.iq.dataverse.authorization.providers.builtin.BuiltinUserServiceBean;
 import edu.harvard.iq.dataverse.authorization.providers.echo.EchoAuthenticationProviderFactory;
+import edu.harvard.iq.dataverse.authorization.providers.shib.ShibAuthenticationProvider;
 import edu.harvard.iq.dataverse.authorization.users.ApiToken;
 import edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser;
 import java.sql.Timestamp;
@@ -62,8 +63,10 @@ public void startup() {
         try {
             registerProviderFactory( new BuiltinAuthenticationProviderFactory(builtinUserServiceBean) );
             registerProviderFactory( new EchoAuthenticationProviderFactory() );
-            // TODO register shib provider factory here
-
+            /**
+             * Register shib provider factory here. Test enable/disable via Admin API, etc.
+             */
+            new ShibAuthenticationProvider();
         } catch (AuthorizationSetupException ex) {
             logger.log(Level.SEVERE, "Exception setting up the authentication provider factories: " + ex.getMessage(), ex);
         }

diff --git a/...ava/edu/harvard/iq/dataverse/authorization/providers/shib/ShibAuthenticationProvider.java b/...ava/edu/harvard/iq/dataverse/authorization/providers/shib/ShibAuthenticationProvider.java
@@ -1,34 +1,31 @@
 package edu.harvard.iq.dataverse.authorization.providers.shib;
 
+import edu.harvard.iq.dataverse.authorization.AuthenticationProvider;
 import edu.harvard.iq.dataverse.authorization.AuthenticationProviderDisplayInfo;
 import edu.harvard.iq.dataverse.authorization.AuthenticationRequest;
 import edu.harvard.iq.dataverse.authorization.AuthenticationResponse;
-import edu.harvard.iq.dataverse.authorization.ExternalLinkAuthenticationProvider;
-import java.net.URL;
 
-public class ShibAuthenticationProvider implements ExternalLinkAuthenticationProvider {
+public class ShibAuthenticationProvider implements AuthenticationProvider {
 
     @Override
     public String getId() {
-        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+        return "shib";
     }
 
     @Override
     public AuthenticationProviderDisplayInfo getInfo() {
-        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+        return new AuthenticationProviderDisplayInfo(getId(), "Shibboleth Provider", "Shibboleth user repository");
     }
 
     @Override
-    public AuthenticationResponse authenticate( AuthenticationRequest req ) {
-        // TODO the credentials map will contain the shib* headers. Find the persistent id of the 
-        // user there, and return it.
-        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    public AuthenticationResponse authenticate(AuthenticationRequest req) {
+        /**
+         * @todo Should we really implement this? It feels like unnecessary
+         * overhead to pass AuthenticationRequest and AuthenticationResponse
+         * back and forth when all the processing is done by the Shibboleth
+         * Identity Providers.
+         */
+        throw new UnsupportedOperationException("Not supported yet. ");
     }
 
-    @Override
-    public URL getAuthenticationUrl() {
-        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
-    }
-
-
 }