remove http basic auth, establish openapi config modification hook.

Author: MikeNeilson

opendcs-rest-api/src/main/java/org/opendcs/odcsapi/openapi/OpenDcsOpenApiModifier.java

@@ -0,0 +1,31 @@
+package org.opendcs.odcsapi.openapi;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import io.swagger.v3.jaxrs2.ReaderListener;
+import io.swagger.v3.oas.annotations.OpenAPIDefinition;
+import io.swagger.v3.oas.integration.api.OpenApiReader;
+import io.swagger.v3.oas.models.OpenAPI;
+
+@OpenAPIDefinition
+public class OpenDcsOpenApiModifier implements ReaderListener
+{
+    private static final Logger log = LoggerFactory.getLogger(OpenDcsOpenApiModifier.class);
+    @Override
+    public void beforeScan(OpenApiReader reader, OpenAPI openAPI)
+    {
+        /* do nothing */
+    }
+
+    @Override
+    public void afterScan(OpenApiReader reader, OpenAPI openAPI)
+    {
+        /**
+         * todo: 
+         * 1 update authcheck provider to return security scheme with runtime determined info
+         * 2 add SecuritySchemes
+         */
+    }
+    
+}

opendcs-rest-api/src/main/java/org/opendcs/odcsapi/sec/basicauth/BasicAuthResource.java

@@ -78,6 +78,69 @@ public final class BasicAuthResource extends OpenDcsResource
 	@Context
 	private HttpHeaders httpHeaders;
 
+	@POST
+	@Path("credentials")
+	@Consumes(MediaType.APPLICATION_JSON)
+	@Produces(MediaType.APPLICATION_JSON)
+	@RolesAllowed({ApiConstants.ODCS_API_GUEST})
+	@Operation(
+			summary = "The ‘credentials’ POST method is used to obtain a new token",
+			description = "The user name and password provided must be a valid login for the underlying database.   \n"
+					+ "Also, that user must be assigned either of the roles OTSDB_ADMIN or OTSDB_MGR.\n"
+					+ "--- \n\n\n"
+					+ "Starting in **API Version 0.0.3**, authentication credentials (username and password) "
+					+ "may be passed as shown above in the POST body.   \n"
+					+ "They may also be passed in a GET call to the 'credentials' method, "
+					+ "(e.g. '*http://localhost:8080/odcsapi/credentials*') containing an HTTP Authentication Basic "
+					+ "header in the form 'username:password'.  \n\nThe returned data to the GET call will be empty.",
+			requestBody = @RequestBody(
+					description = "Login Credentials",
+					required = true,
+					content = @Content(
+							mediaType = MediaType.APPLICATION_JSON,
+							schema = @Schema(implementation = Credentials.class)
+					)
+			),
+			responses = {
+					@ApiResponse(
+							responseCode = "200",
+							description = "Successful authentication."
+					),
+					@ApiResponse(
+							responseCode = "400",
+							description = "Bad request - null or otherwise invalid credentials.",
+							content = @Content(mediaType = MediaType.APPLICATION_JSON,
+									schema = @Schema(type = "object", implementation = StringToClassMapItem.class),
+									examples = @ExampleObject(value = "{\"status\":400," +
+											"\"message\": \"Neither username nor password may be null.\"}"))
+					),
+					@ApiResponse(
+							responseCode = "403",
+							description = "Invalid credentials or insufficient role.",
+							content = @Content(mediaType = MediaType.APPLICATION_JSON,
+									schema = @Schema(type = "object", implementation = StringToClassMapItem.class),
+									examples = @ExampleObject(value = "{\"status\":403," +
+											"\"message\":\"Failed to authorize user.\"}"))
+					),
+					@ApiResponse(
+							responseCode = "500",
+							description = "Internal Server Error"
+					),
+					@ApiResponse(
+							responseCode = "501",
+							description = "This authentication method is only supported by the OpenTSDB database.",
+							content = @Content(mediaType = MediaType.APPLICATION_JSON,
+									schema = @Schema(type = "object", implementation = StringToClassMapItem.class),
+									examples = @ExampleObject(value = "{\"status\":501," +
+											"\"message\":\"Basic Auth is not supported.\"}"))
+					)
+			}
+	)
+	public Response postCredentials(Credentials credentials) throws WebAppException
+	{
+		return doLogin(credentials);
+	}
+
 	@POST
 	@Path("credentials")
 	@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
@@ -142,20 +205,18 @@ public Response postCredentials(@FormParam("username") String username,
 		Credentials credentials = new Credentials();
 		credentials.setUsername(username);
 		credentials.setPassword(password);
-		TimeSeriesDb db = getLegacyTimeseriesDB();
-		if(!db.isOpenTSDB())
-		{
-			throw new ServerErrorException("Basic Auth is not supported", Response.Status.NOT_IMPLEMENTED);
-		}
+		return doLogin(credentials);
+	}
 
+	private Response doLogin(Credentials credentials) throws WebAppException
+	{
 		//If credentials are null, Authorization header will be checked.
-		if(credentials != null)
+		if(credentials == null)
 		{
-			verifyCredentials(credentials);
+			throw newAuthException();
 		}
-
-		String authorizationHeader = httpHeaders.getHeaderString(HttpHeaders.AUTHORIZATION);
-		credentials = getCredentials(credentials, authorizationHeader);
+		
+		verifyCredentials(credentials);
 		validateDbCredentials(credentials);
 		Set<OpenDcsApiRoles> roles = getUserRoles(credentials.getUsername());
 		OpenDcsPrincipal principal = new OpenDcsPrincipal(credentials.getUsername(), roles);
@@ -196,75 +257,11 @@ private static void verifyCredentials(Credentials credentials)
 		}
 	}
 
-	private static Credentials getCredentials(Credentials postBody, String authorizationHeader)
-	{
-		if(postBody != null)
-		{
-			return postBody;
-		}
-		if(authorizationHeader == null || authorizationHeader.isEmpty())
-		{
-			throw newAuthException();
-		}
-		return parseAuthorizationHeader(authorizationHeader);
-	}
-
 	private static BadRequestException newAuthException()
 	{
 		return new BadRequestException("Credentials not provided.");
 	}
 
-	private static Credentials parseAuthorizationHeader(String authString)
-	{
-		String[] authHeaders = authString.split(",");
-		for(String header : authHeaders)
-		{
-			String trimmedHeader = header.trim();
-			LOGGER.debug(MODULE + ".makeToken authHdr = {}", trimmedHeader);
-			if(trimmedHeader.startsWith("Basic"))
-			{
-				return extractCredentials(trimmedHeader.substring(6).trim());
-			}
-		}
-		throw newAuthException();
-	}
-
-	private static Credentials extractCredentials(String base64Credentials)
-	{
-		String decodedCredentials = new String(Base64.getDecoder().decode(base64Credentials.getBytes()));
-		String[] parts = decodedCredentials.split(":", 2);
-
-		if(parts.length < 2 || parts[0] == null || parts[1] == null
-				|| parts[0].isEmpty() || parts[1].isEmpty())
-		{
-			throw newAuthException();
-		}
-
-		Credentials credentials = new Credentials();
-		credentials.setUsername(parts[0]);
-		credentials.setPassword(parts[1]);
-
-		LOGGER.info(MODULE + ".checkToken found tokstr in header.");
-		return credentials;
-	}
-
-	private String getDatabaseUrl() throws WebAppException
-	{
-		DataSource dataSource = (DataSource) context.getAttribute(DATA_SOURCE_ATTRIBUTE_KEY);
-		try(Connection poolCon = dataSource.getConnection())
-		{
-			// The only way to verify that user/pw is valid is to attempt to establish a connection:
-			// This should eventually be moved to a users table
-			DatabaseMetaData metaData = poolCon.getMetaData();
-			return metaData.getURL();
-		}
-		catch(SQLException e)
-		{
-			throw new WebAppException(HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
-					"Failed to obtain database URL.", e);
-		}
-	}
-
 	private void validateDbCredentials(Credentials creds) throws WebAppException
 	{
 

opendcs-rest-api/src/main/java/org/opendcs/odcsapi/sec/basicauth/CredentalReader.java

@@ -33,6 +33,7 @@
 import com.nimbusds.jose.proc.BadJOSEException;
 import com.nimbusds.jose.proc.SecurityContext;
 import com.nimbusds.jwt.JWTClaimsSet;
+
 import org.opendcs.odcsapi.dao.ApiAuthorizationDAI;
 import org.opendcs.odcsapi.hydrojson.DbInterface;
 import org.opendcs.odcsapi.sec.AuthorizationCheck;

opendcs-rest-api/src/main/java/org/opendcs/odcsapi/sec/basicauth/LoginProviderResource.java

@@ -34,7 +34,9 @@
             <param-name>jersey.config.server.provider.packages</param-name>
             <param-value>
                 io.swagger.jaxrs.listing,
-                org.opendcs.odcsapi.res
+                org.opendcs.odcsapi.res,
+                org.opendcs.odcsapi.sec,
+                org.opendcs.odcsapi.openapi
             </param-value>
         </init-param>
         <load-on-startup>1</load-on-startup>
@@ -50,20 +52,6 @@
         <param-name>opendcs.rest.api.authorization.expiration.duration</param-name>
         <param-value>PT15M</param-value>
     </context-param>
-    <!--
-    <context-param>
-        <param-name>opendcs.rest.api.cwms.office</param-name>
-        <param-value></param-value>
-    </context-param>
-    <context-param>
-        <param-name>opendcs.rest.api.authorization.jwt.jwkset.url</param-name>
-        <param-value></param-value>
-    </context-param>
-    <context-param>
-        <param-name>opendcs.rest.api.authorization.jwt.issuer.url</param-name>
-        <param-value></param-value>
-    </context-param>
-    -->
     <servlet-mapping>
         <servlet-name>jersey-servlet</servlet-name>
         <url-pattern>/*</url-pattern>