/* * CDDL HEADER START * * The contents of this file are subject to the terms of the * Common Development and Distribution License (the "License"). * You may not use this file except in compliance with the License. * * See LICENSE.txt included in this distribution for the specific * language governing permissions and limitations under the License. * * When distributing Covered Code, include this CDDL HEADER in each * file and include the License file at LICENSE.txt. * If applicable, add the following below this CDDL HEADER, with the * fields enclosed by brackets "[]" replaced with your own identifying * information: Portions Copyright [yyyy] [name of copyright owner] * * CDDL HEADER END */ /* * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. */ package opengrok.auth.plugin.decoders; import jakarta.servlet.http.HttpServletRequest; import opengrok.auth.plugin.entity.User; import java.util.Collections; import java.util.logging.Level; import java.util.logging.Logger; /** * Decode basic headers coming from the * mod_auth_mellon module * for Apache web server. * * This decoder assumes that the SAML Service Provider metadata was setup with * {@code urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress} * i.e. that Identity Provider will send back e-mail address of the authenticated user * and that the {@code mod_auth_mellon} is setup to create Apache environment variable * containing the e-mail address and the {@code mod_headers} Apache module is set to * pass the value of this variable in HTTP header called {@code MELLON_email}, i.e.: * {@code RequestHeader set email "%{MELLON_email}e" env=MELLON_email} * * The e-mail value is then stored as the {@code id} property of the {@code User} object. */ public class MellonHeaderDecoder implements IUserDecoder { private static final Logger LOGGER = Logger.getLogger(MellonHeaderDecoder.class.getName()); static final String MELLON_EMAIL_HEADER = "MELLON_email"; static final String MELLON_USERNAME_HEADER = "MELLON_username"; @Override public User fromRequest(HttpServletRequest request) { // e-mail is mandatory. String id = request.getHeader(MELLON_EMAIL_HEADER); if (id == null || id.isEmpty()) { LOGGER.log(Level.WARNING, "Can not construct User object: header ''{1}'' not found in request headers: {0}", new Object[]{String.join(",", Collections.list(request.getHeaderNames())), MELLON_EMAIL_HEADER}); return null; } // username is optional. String username = request.getHeader(MELLON_USERNAME_HEADER); return new User(username, id); } }