xref: /OpenGrok/plugins/src/main/java/opengrok/auth/plugin/decoders/MellonHeaderDecoder.java (revision aa6abf429bacc2c0baa482bff3022e77ef23c183) 
1b28a5538SAdam Hornacek /*
2b28a5538SAdam Hornacek  * CDDL HEADER START
3b28a5538SAdam Hornacek  *
4b28a5538SAdam Hornacek  * The contents of this file are subject to the terms of the
5b28a5538SAdam Hornacek  * Common Development and Distribution License (the "License").
6b28a5538SAdam Hornacek  * You may not use this file except in compliance with the License.
7b28a5538SAdam Hornacek  *
8b28a5538SAdam Hornacek  * See LICENSE.txt included in this distribution for the specific
9b28a5538SAdam Hornacek  * language governing permissions and limitations under the License.
10b28a5538SAdam Hornacek  *
11b28a5538SAdam Hornacek  * When distributing Covered Code, include this CDDL HEADER in each
12b28a5538SAdam Hornacek  * file and include the License file at LICENSE.txt.
13b28a5538SAdam Hornacek  * If applicable, add the following below this CDDL HEADER, with the
14b28a5538SAdam Hornacek  * fields enclosed by brackets "[]" replaced with your own identifying
15b28a5538SAdam Hornacek  * information: Portions Copyright [yyyy] [name of copyright owner]
16b28a5538SAdam Hornacek  *
17b28a5538SAdam Hornacek  * CDDL HEADER END
18b28a5538SAdam Hornacek  */
19b28a5538SAdam Hornacek 
20b28a5538SAdam Hornacek /*
21b28a5538SAdam Hornacek  * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
22b28a5538SAdam Hornacek  */
23b28a5538SAdam Hornacek package opengrok.auth.plugin.decoders;
24b28a5538SAdam Hornacek 
25*aa6abf42SAdam Hornacek import jakarta.servlet.http.HttpServletRequest;
26b28a5538SAdam Hornacek import opengrok.auth.plugin.entity.User;
27b28a5538SAdam Hornacek 
28b28a5538SAdam Hornacek import java.util.Collections;
29b28a5538SAdam Hornacek import java.util.logging.Level;
30b28a5538SAdam Hornacek import java.util.logging.Logger;
31b28a5538SAdam Hornacek 
32b28a5538SAdam Hornacek /**
33b28a5538SAdam Hornacek  * Decode basic headers coming from the
34b28a5538SAdam Hornacek  * <a href="https://github.com/Uninett/mod_auth_mellon">mod_auth_mellon</a> module
35b28a5538SAdam Hornacek  * for Apache web server.
36b28a5538SAdam Hornacek  *
37b28a5538SAdam Hornacek  * This decoder assumes that the SAML Service Provider metadata was setup with
38b28a5538SAdam Hornacek  * {@code <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>}
39b28a5538SAdam Hornacek  * i.e. that Identity Provider will send back e-mail address of the authenticated user
40b28a5538SAdam Hornacek  * and that the {@code mod_auth_mellon} is setup to create Apache environment variable
41b28a5538SAdam Hornacek  * containing the e-mail address and the {@code mod_headers} Apache module is set to
42b28a5538SAdam Hornacek  * pass the value of this variable in HTTP header called {@code MELLON_email}, i.e.:
43b28a5538SAdam Hornacek  * {@code RequestHeader set email "%{MELLON_email}e" env=MELLON_email}
445880dabeSVladimir Kotal  *
455880dabeSVladimir Kotal  * The e-mail value is then stored as the {@code id} property of the {@code User} object.
46b28a5538SAdam Hornacek  */
47b28a5538SAdam Hornacek public class MellonHeaderDecoder implements IUserDecoder {
48b28a5538SAdam Hornacek 
49b28a5538SAdam Hornacek     private static final Logger LOGGER = Logger.getLogger(MellonHeaderDecoder.class.getName());
50b28a5538SAdam Hornacek 
51b28a5538SAdam Hornacek     static final String MELLON_EMAIL_HEADER = "MELLON_email";
525880dabeSVladimir Kotal     static final String MELLON_USERNAME_HEADER = "MELLON_username";
53b28a5538SAdam Hornacek 
54b28a5538SAdam Hornacek     @Override
fromRequest(HttpServletRequest request)55b28a5538SAdam Hornacek     public User fromRequest(HttpServletRequest request) {
565880dabeSVladimir Kotal         // e-mail is mandatory.
575880dabeSVladimir Kotal         String id = request.getHeader(MELLON_EMAIL_HEADER);
585880dabeSVladimir Kotal         if (id == null || id.isEmpty()) {
59b28a5538SAdam Hornacek             LOGGER.log(Level.WARNING,
60b28a5538SAdam Hornacek                     "Can not construct User object: header ''{1}'' not found in request headers: {0}",
61b28a5538SAdam Hornacek                     new Object[]{String.join(",", Collections.list(request.getHeaderNames())),
62b28a5538SAdam Hornacek                             MELLON_EMAIL_HEADER});
63b28a5538SAdam Hornacek             return null;
64b28a5538SAdam Hornacek         }
65b28a5538SAdam Hornacek 
665880dabeSVladimir Kotal         // username is optional.
675880dabeSVladimir Kotal         String username = request.getHeader(MELLON_USERNAME_HEADER);
685880dabeSVladimir Kotal 
695880dabeSVladimir Kotal         return new User(username, id);
70b28a5538SAdam Hornacek     }
71b28a5538SAdam Hornacek }
72