Changeset 37390

Timestamp:

2023-03-02T23:05:36+13:00 (3 weeks ago)

Author:

davidb

Message:

A set of changes related to supporting GoogleIdentity signin

Location:

main/trunk/greenstone3/src/java/org/greenstone/gsdl3

Files:

• GoogleSigninJDBCRealm.java (modified) (4 diffs)
• LibraryServlet.java (modified) (10 diffs)
• util/GSParams.java (modified) (1 diff)

main/trunk/greenstone3/src/java/org/greenstone/gsdl3/GoogleSigninJDBCRealm.java

@@ -169 +169 @@
         
     //containerLog.debug("**** GoogleSigninJDBCRealm::initGoogleIdTokenVerifier():" + googlesignin_client_id);
-    System.err.println("**** GoogleSigninJDBCRealm::initGoogleIdTokenVerifier() googlesignin_client_id=" + googlesignin_client_id);
+    //System.err.println("**** GoogleSigninJDBCRealm::initGoogleIdTokenVerifier() googlesignin_client_id=" + googlesignin_client_id);
     //GoogleSigninJDBCRealm.googlesignin_client_id = googlesignin_client_id;
     
@@ -326 +326 @@
     public String getGreenstoneUsernameFromGoogleTokenId(String googlesignin_id_token)
     {   
-    System.err.println("**** GoogleSigninJDBCRealm::getGreenstoneUsernameFromGoogleTokenId():" + googlesignin_id_token);
+    //System.err.println("**** GoogleSigninJDBCRealm::getGreenstoneUsernameFromGoogleTokenId():" + googlesignin_id_token);
     
     String greenstone_username = null;
@@ -371 +371 @@
     }
     else {
-        System.err.println("***** No googlesignin_id_token detected.  No Google Signin check to do");
+        System.err.println("No googlesignin_id_token detected.  No Google Signin check to do");
     }
     
-    System.err.println("***** End of getGoogleSinginInfo()");
+    //System.err.println("***** End of getGoogleSinginInfo()");
     
     return greenstone_username;
@@ -384 +384 @@
     public Principal authenticate(String username, String credentials)
     {
+    //System.err.println("**** in GogleSigninJDBCRealm::authenticte()");
+    //System.err.println("  username = " + username);
+    //System.err.println("  credentials = " + credentials);
+    
     Principal principal = null;
     

main/trunk/greenstone3/src/java/org/greenstone/gsdl3/LibraryServlet.java

@@ -552 +552 @@
     userContext.setUserID(uid);
 
+    // If GoogleSignin is operational (due to googlesignin_client_id specified in servlet.xml)
+    // AND a Google Client ID Token is provided via googlesignin_id_token then
+    // initiate authentication via Google Signin, which is then tied into Greenstone3 through
+    // the customized Realm written for Greenstone3.
+    //
+    // This customized Realm, GoogleSigninJDBCRealm, works by overriding 'authenticate()'
+    // in Realm.
+
+    // 1.  If the username 'googlesign' is provided, then the credentials
+    //     passed in needs to be a valid verifyable Google Client Id Token.
+    // 1a. From this verified token, the email address that is registered with
+    //     Google for that user account is then used to find a match in the
+    //     Greenstone3 JDBC-specified Username table.
+    // 1b. Assuming that an email address match is found, then the customized Realm
+    //     completes the authentication process by making the found username, the
+    //     one that is autheticated.
+    // 2.  If the username is anything but 'googlesignin' then the authentication process
+    //     continues as with the regular JDBCRealm process
+        
+    //String googlesignin_id_token = getFirstParam("googlesignin_id_token",queryMap);
+    //if ((googlesignin_id_token != null) && (!googlesignin_id_token.equals(""))) {
+
+    String googleidentity_signin = getFirstParam(GSParams.GOOGLE_SIGNIN,queryMap);
+    if ((googleidentity_signin != null) && (googleidentity_signin.equals("1"))) {
+    queryMap.put(GSParams.USERNAME, new String[] { GoogleSigninJDBCRealm.GOOGLESIGNIN_USERNAME_BRIDGE });
+
+    String googlesignin_credential = getFirstParam("credential",queryMap);
+    queryMap.put(GSParams.PASSWORD, new String[] { googlesignin_credential });
+    // logger.info("**** googlesignin_credenital (aka id_token) = '" + googlesignin_credential +"'");
+    }
+
+    
     if (!processLoginChanges(request, userContext, out, baseURL, queryMap, lang, output)) {
     // any invalid login attempt will redirect to a new login page and return false
@@ -813 +845 @@
         else
           {
-        Element param = msg_doc.createElement(GSXML.PARAM_ELEM);
-        param.setAttribute(GSXML.NAME_ATT, name);
-        param.setAttribute(GSXML.VALUE_ATT, GSXML.xmlSafe(value));
-        if (this.gs_params.isSensitive(name)) {
-          param.setAttribute(GSXML.SENSITIVE_ATT, "true");
-        }
-        xml_param_list.appendChild(param);
+          // If logging out as the very next step after logging in, then
+          // the 'password' param was found to be null
+          //
+          // This then causes GSXML.xsmSafe(value) to throw an exception
+          // For now, the coding decision is to test for null, and skip
+          // adding the param if it is null
+          //
+          // Could be that it is more meaningful to store the values as
+          // the empty string.  In which case updating GSXML.xsmlSafe to
+          // test for null and treat it as an empty string would be
+          // a better way to go
+         
+          if (value != null) {
+              Element param = msg_doc.createElement(GSXML.PARAM_ELEM);
+              param.setAttribute(GSXML.NAME_ATT, name);
+              param.setAttribute(GSXML.VALUE_ATT, GSXML.xmlSafe(value));
+              if (this.gs_params.isSensitive(name)) {
+              param.setAttribute(GSXML.SENSITIVE_ATT, "true");
+              }
+              xml_param_list.appendChild(param);
+          }
                         
           }
@@ -896 +942 @@
     xml_request.setAttribute("baseURL", baseURL);
 
-//    logger.error("about to process this message");
-    //   logger.error(XMLConverter.getPrettyString(xml_message));
+    // logger.error("about to process this message");
+    // logger.error(XMLConverter.getPrettyString(xml_message));
     Node xml_result = this.recept.process(xml_message);
     encodeURLs(xml_result, response);
@@ -1031 +1077 @@
     
     private boolean processLoginChanges(HttpServletRequest request, UserContext userContext, PrintWriter out, String baseURL, Map<String, String[]> queryMap, String lang, String output) throws ServletException {
-    
+
+    //logger.info("Start of LibraryServlet::processLoginChanges()");    
+
     //Check if we need to login or logout
     String username = getFirstParam(GSParams.USERNAME, queryMap);
@@ -1039 +1087 @@
     if (logout != null)
     {
+        //logger.info("LibraryServlet::processLoginChanges() logging out (logout cgi param non-null)");
         request.logout();
     }
@@ -1044 +1093 @@
     if (username != null && password != null)
     {
+        //logger.info("LibrarySerlvet::processLoginChagnes(): username and password not null");
+
         //We are changing to another user, so log out first
         if (request.getAuthType() != null)
         {
+        //logger.info("Logging out (preparing to change to another user) ");
         request.logout();
         }
@@ -1053 +1105 @@
         try
         {
-        //Try a global login first
-        password = Authentication.hashPassword(password);
+        //Try a global login first, and then go on to site-login if throws exception
+        if (!username.equals(GoogleSigninJDBCRealm.GOOGLESIGNIN_USERNAME_BRIDGE)) {
+            // Hashing password used by a direct to Greenstone3 authentication text,
+            // but not when a Google Signin
+            password = Authentication.hashPassword(password);
+        }
+        
         request.login(username, password);
+        //logger.info("Global Login successful");
             }
         catch (Exception ex)
@@ -1063 +1121 @@
             //If the global login fails then try a site-level login
             String siteName = (String) this.recept.getConfigParams().get(GSConstants.SITE_NAME);
-            request.login(siteName + "-" + username, password);
-    
+            String siteUserName = siteName + "-" + username;
+            //logger.info("Global login unsuccessful, trying site-level login with: " + siteUserName);
+            request.login(siteUserName, password);
+            //logger.info("Site-wide login successful");
         }
         catch (Exception exc)
         {
+            //logger.info("Site-wide login unsuccessful => generating login page");         
+
             //The user entered in either the wrong username or the wrong password
         
@@ -1091 +1153 @@
     private void updateUserContextWithAuthenticatedInfo(HttpServletRequest request, UserContext userContext)
     {
+    //logger.info("Start of updateUserContextWithAutenticatedInfo");
     
     //Get the username
     String user_name = request.getUserPrincipal().getName();
+    //logger.info("  getUserPrincipal user_name = " + user_name);
+    
     userContext.setUsername(user_name);
 
@@ -1242 +1307 @@
     private boolean runCollectionSecurityCheck(HttpServletRequest request, UserContext userContext, PrintWriter out, String baseURL, String collection, String document, String lang, String output) {
 
+        // logger.info("LibraryServlet::runCollectionSecurityCheck(): start of check for collection:"+collection);
+    
     //Get the security info for this collection
     Document msg_doc = XMLConverter.newDOM();

main/trunk/greenstone3/src/java/org/greenstone/gsdl3/util/GSParams.java

@@ -75 +75 @@
   
     //Administration
-        public static final String PASSWORD = "password";
-        public static final String USERNAME = "username";
-        public static final String LOGOUT = "logout";
-  public static final String VERIFIED = "hmvf";
+    public static final String PASSWORD = "password";
+    public static final String USERNAME = "username";
+    public static final String GOOGLE_SIGNIN = "googleidentity-signin";
+    public static final String LOGOUT = "logout";
+    public static final String VERIFIED = "hmvf";
 
     // some standard arg values