1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * See LICENSE.txt included in this distribution for the specific 9 * language governing permissions and limitations under the License. 10 * 11 * When distributing Covered Code, include this CDDL HEADER in each 12 * file and include the License file at LICENSE.txt. 13 * If applicable, add the following below this CDDL HEADER, with the 14 * fields enclosed by brackets "[]" replaced with your own identifying 15 * information: Portions Copyright [yyyy] [name of copyright owner] 16 * 17 * CDDL HEADER END 18 */ 19 20 /* 21 * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. 22 */ 23 package opengrok.auth.plugin.decoders; 24 25 import jakarta.servlet.http.HttpServletRequest; 26 import opengrok.auth.plugin.entity.User; 27 28 import java.util.Collections; 29 import java.util.logging.Level; 30 import java.util.logging.Logger; 31 32 /** 33 * Decode basic headers coming from the 34 * <a href="https://github.com/Uninett/mod_auth_mellon">mod_auth_mellon</a> module 35 * for Apache web server. 36 * 37 * This decoder assumes that the SAML Service Provider metadata was setup with 38 * {@code <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>} 39 * i.e. that Identity Provider will send back e-mail address of the authenticated user 40 * and that the {@code mod_auth_mellon} is setup to create Apache environment variable 41 * containing the e-mail address and the {@code mod_headers} Apache module is set to 42 * pass the value of this variable in HTTP header called {@code MELLON_email}, i.e.: 43 * {@code RequestHeader set email "%{MELLON_email}e" env=MELLON_email} 44 * 45 * The e-mail value is then stored as the {@code id} property of the {@code User} object. 46 */ 47 public class MellonHeaderDecoder implements IUserDecoder { 48 49 private static final Logger LOGGER = Logger.getLogger(MellonHeaderDecoder.class.getName()); 50 51 static final String MELLON_EMAIL_HEADER = "MELLON_email"; 52 static final String MELLON_USERNAME_HEADER = "MELLON_username"; 53 54 @Override fromRequest(HttpServletRequest request)55 public User fromRequest(HttpServletRequest request) { 56 // e-mail is mandatory. 57 String id = request.getHeader(MELLON_EMAIL_HEADER); 58 if (id == null || id.isEmpty()) { 59 LOGGER.log(Level.WARNING, 60 "Can not construct User object: header ''{1}'' not found in request headers: {0}", 61 new Object[]{String.join(",", Collections.list(request.getHeaderNames())), 62 MELLON_EMAIL_HEADER}); 63 return null; 64 } 65 66 // username is optional. 67 String username = request.getHeader(MELLON_USERNAME_HEADER); 68 69 return new User(username, id); 70 } 71 } 72