Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bugfix/auth http 401 #697

Closed
wants to merge 7 commits into from
Closed

Bugfix/auth http 401 #697

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
c540e8d
Add --build arguments to docker compose invocations
Mar 25, 2022
9c5b1fa
Add an --add-opens argument to the surefire invocation to support JAI…
Mar 25, 2022
3934409
Replace JDK 15 & 16 with 18 in CI and update Windows containers to Se…
Mar 25, 2022
3f856f4
handle() adds the OperationList to the RequestContext before calling …
May 12, 2022
017af48
Revert "Return JSON-LD in HTTP 4xx responses (#555)"
Apr 5, 2022
e60f33c
Allow delegate system to produce valid HTTP 401 info.json responses (…
Apr 6, 2022
aa5f711
Merge branch 'develop' into bugfix/auth-http-401
ksclarke Aug 27, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion docker/Linux-JDK18/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ COPY dist/deps/Linux-x86-64/lib/* /usr/lib/
# && wget -q https://github.com/GrokImageCompression/grok/releases/download/v7.6.5/grokj2k-tools_7.6.5-1_amd64.deb \
# && dpkg -i ./libgrokj2k1_7.6.5-1_amd64.deb \
# && dpkg -i --ignore-depends=libjpeg62-turbo ./grokj2k-tools_7.6.5-1_amd64.deb \
# Install OpenJDK
# Install OpenJDK
RUN wget -q https://download.java.net/java/GA/jdk18/43f95e8614114aeaa8e8a5fcf20a682d/36/GPL/openjdk-18_linux-x64_bin.tar.gz \
&& tar xfz openjdk-18_linux-x64_bin.tar.gz \
&& mv jdk-18 /opt/jdk \
Expand Down
2 changes: 1 addition & 1 deletion docker/Windows-JDK18/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ RUN powershell -Command \
# TODO: openjpeg
RUN choco install -y maven ffmpeg
RUN choco install -y openjdk --version=18.0.2

# Install TurboJpegProcessor dependencies TODO: libjpeg-turbo
#RUN mkdir -p /opt/libjpeg-turbo/lib
#COPY docker/Windows10-JDK11/image_files/libjpeg-turbo/lib64 c:\windows\system32
Expand Down
3 changes: 3 additions & 0 deletions src/main/java/edu/illinois/library/cantaloupe/resource/AbstractResource.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -364,6 +364,9 @@ private boolean processAuthInfo(AuthInfo info)
if (code == 401) {
getResponse().setHeader("WWW-Authenticate",
info.getChallengeValue());
if (getRequestContext().getLocalURI().getPath().endsWith("info.json")) {
return true;
}
}
throw new ResourceException(new Status(code));
}
Expand Down
23 changes: 10 additions & 13 deletions src/main/java/edu/illinois/library/cantaloupe/resource/iiif/v1/InformationResource.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,7 @@
package edu.illinois.library.cantaloupe.resource.iiif.v1;

import java.util.HashSet;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;

import edu.illinois.library.cantaloupe.http.Method;
Expand Down Expand Up @@ -55,7 +53,16 @@ public void doGET() throws Exception {
class CustomCallback implements InformationRequestHandler.Callback {
@Override
public boolean authorize() throws Exception {
return InformationResource.this.preAuthorize();
try {
// The logic here is somewhat convoluted. See the method
// documentation for more information.
return InformationResource.this.preAuthorize();
} catch (ResourceException e) {
if (e.getStatus().getCode() > 400) {
throw e;
}
}
return false;
}

@Override
Expand Down Expand Up @@ -137,14 +144,4 @@ private String getNegotiatedMediaType() {
return mediaType + ";charset=UTF-8";
}

private JacksonRepresentation newHTTP4xxRepresentation(Status status,
String message) {
final Map<String, Object> map = new LinkedHashMap<>(); // preserves key order
map.put("@context", "http://library.stanford.edu/iiif/image-api/1.1/context.json");
map.put("@id", getImageURI());
map.put("status", status.getCode());
map.put("message", message);
return new JacksonRepresentation(map);
}

}
28 changes: 10 additions & 18 deletions src/main/java/edu/illinois/library/cantaloupe/resource/iiif/v2/InformationResource.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,7 @@
package edu.illinois.library.cantaloupe.resource.iiif.v2;

import java.util.HashSet;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;

import edu.illinois.library.cantaloupe.http.Method;
Expand All @@ -19,8 +17,6 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import javax.script.ScriptException;

/**
* Handles information requests.
*
Expand Down Expand Up @@ -62,7 +58,16 @@ public void doGET() throws Exception {
class CustomCallback implements InformationRequestHandler.Callback {
@Override
public boolean authorize() throws Exception {
return InformationResource.this.preAuthorize();
try {
// The logic here is somewhat convoluted. See the method
// documentation for more information.
return InformationResource.this.preAuthorize();
} catch (ResourceException e) {
if (e.getStatus().getCode() > 400) {
throw e;
}
}
return false;
}

@Override
Expand Down Expand Up @@ -149,17 +154,4 @@ private JacksonRepresentation newRepresentation(Info info,
return new JacksonRepresentation(iiifInfo);
}

private JacksonRepresentation newHTTP4xxRepresentation(
Status status,
String message) throws ScriptException {
final Map<String,Object> map = new LinkedHashMap<>(); // preserves key order
map.put("@context", "http://iiif.io/api/image/2/context.json");
map.put("@id", getImageURI());
map.put("protocol", "http://iiif.io/api/image");
map.put("status", status.getCode());
map.put("message", message);
map.putAll(getDelegateProxy().getExtraIIIF2InformationResponseKeys());
return new JacksonRepresentation(map);
}

}
30 changes: 10 additions & 20 deletions src/main/java/edu/illinois/library/cantaloupe/resource/iiif/v3/InformationResource.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,7 @@
package edu.illinois.library.cantaloupe.resource.iiif.v3;

import java.util.HashSet;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;

import edu.illinois.library.cantaloupe.http.Method;
Expand All @@ -19,8 +17,6 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import javax.script.ScriptException;

/**
* Handles IIIF Image API 3.x information requests.
*
Expand Down Expand Up @@ -62,7 +58,16 @@ public void doGET() throws Exception {
class CustomCallback implements InformationRequestHandler.Callback {
@Override
public boolean authorize() throws Exception {
return InformationResource.this.preAuthorize();
try {
// The logic here is somewhat convoluted. See the method
// documentation for more information.
return InformationResource.this.preAuthorize();
} catch (ResourceException e) {
if (e.getStatus().getCode() > 400) {
throw e;
}
}
return false;
}

@Override
Expand Down Expand Up @@ -151,19 +156,4 @@ private JacksonRepresentation newRepresentation(Info info,
return new JacksonRepresentation(iiifInfo);
}

private JacksonRepresentation newHTTP4xxRepresentation(
Status status,
String message) throws ScriptException {
final Map<String,Object> map = new LinkedHashMap<>(); // preserves key order
map.put("@context", "http://iiif.io/api/image/3/context.json");
map.put("id", getImageURI());
map.put("type", "ImageService3");
map.put("protocol", "http://iiif.io/api/image");
map.put("profile", "level2");
map.put("status", status.getCode());
map.put("message", message);
map.putAll(getDelegateProxy().getExtraIIIF3InformationResponseKeys());
return new JacksonRepresentation(map);
}

}
14 changes: 14 additions & 0 deletions src/test/java/edu/illinois/library/cantaloupe/resource/iiif/ImageAPIResourceTester.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,20 @@ public void testAuthorizationWhenAuthorized(URI uri) {
assertStatus(200, uri);
}

public void testAuthorizationWhenUnauthorized(URI uri, String endpointPath) {
// This may vary depending on the return value of a delegate method,
// but the way the tests are set up, it's 401.
assertStatus(401, uri);
assertRepresentationContains("401 Unauthorized", uri);
}

public void testAuthorizationWhenForbidden(URI uri) {
// This may vary depending on the return value of a delegate method,
// but the way the tests are set up, it's 403.
assertStatus(403, uri);
assertRepresentationContains("403 Forbidden", uri);
}

public void testAuthorizationWhenNotAuthorizedWhenAccessingCachedResource(URI uri)
throws Exception {
initializeFilesystemCache();
Expand Down
14 changes: 0 additions & 14 deletions src/test/java/edu/illinois/library/cantaloupe/resource/iiif/ImageResourceTester.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,20 +30,6 @@
*/
public class ImageResourceTester extends ImageAPIResourceTester {

public void testAuthorizationWhenUnauthorized(URI uri) {
// This may vary depending on the return value of a delegate method,
// but the test delegate script returns 403.
assertStatus(401, uri);
assertRepresentationContains("401 Unauthorized", uri);
}

public void testAuthorizationWhenForbidden(URI uri) {
// This may vary depending on the return value of a delegate method,
// but the test delegate script returns 403.
assertStatus(403, uri);
assertRepresentationContains("403 Forbidden", uri);
}

public void testAuthorizationWhenRedirecting(URI uri)
throws Exception {
Client client = newClient(uri);
Expand Down
18 changes: 13 additions & 5 deletions src/test/java/edu/illinois/library/cantaloupe/resource/iiif/InformationResourceTester.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
import edu.illinois.library.cantaloupe.http.Response;
import edu.illinois.library.cantaloupe.image.Identifier;
import edu.illinois.library.cantaloupe.resource.AbstractResource;
import edu.illinois.library.cantaloupe.resource.Route;
import edu.illinois.library.cantaloupe.test.TestUtil;

import java.io.File;
Expand All @@ -27,11 +28,18 @@
*/
public class InformationResourceTester extends ImageAPIResourceTester {

public void testAuthorizationWhenForbidden(URI uri) {
// This may vary depending on the return value of a delegate method,
// but the test delegate script returns 401.
assertStatus(403, uri);
assertRepresentationContains("\"status\":403", uri);
@Override
public void testAuthorizationWhenUnauthorized(URI uri, String endpointPath) {
final String requiredJsonLdContent;

if (endpointPath.equals(Route.IIIF_1_PATH)) {
requiredJsonLdContent = "\"@context\":\"http://library.stanford.edu/iiif/image-api/1.1/context.json\"";
} else {
requiredJsonLdContent = "\"protocol\":\"http://iiif.io/api/image\"";
}

assertStatus(401, uri);
assertRepresentationContains(requiredJsonLdContent, uri);
}

public void testCacheWithDerivativeCacheEnabledAndInfoCacheEnabledAndResolveFirstEnabled(
Expand Down
2 changes: 1 addition & 1 deletion src/test/java/edu/illinois/library/cantaloupe/resource/iiif/v1/ImageResourceTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ void testGETAuthorizationWhenAuthorized() {
@Test
void testGETAuthorizationWhenUnauthorized() {
URI uri = getHTTPURI("/unauthorized.jpg/full/full/0/color.jpg");
tester.testAuthorizationWhenUnauthorized(uri);
tester.testAuthorizationWhenUnauthorized(uri, getEndpointPath());
}

@Test
Expand Down
10 changes: 1 addition & 9 deletions src/test/java/edu/illinois/library/cantaloupe/resource/iiif/v1/InformationResourceTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,15 +51,7 @@ void testGETAuthorizationWhenAuthorized() {
@Test
void testGETAuthorizationWhenUnauthorized() {
URI uri = getHTTPURI("/unauthorized.jpg/info.json");
// This may vary depending on the return value of a delegate method,
// but the test delegate script returns 401.
assertStatus(401, uri);
assertRepresentationEquals(
"{\"@context\":\"http://library.stanford.edu/iiif/image-api/1.1/context.json\","+
"\"@id\":\"" + uri.toString().replace("/info.json", "") + "\"," +
"\"status\":401," +
"\"message\":\"Unauthorized\"" +
"}", uri);
tester.testAuthorizationWhenUnauthorized(uri, getEndpointPath());
}

@Test
Expand Down
2 changes: 1 addition & 1 deletion src/test/java/edu/illinois/library/cantaloupe/resource/iiif/v2/ImageResourceTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ void testGETAuthorizationWhenAuthorized() {
@Test
void testGETAuthorizationWhenUnauthorized() {
URI uri = getHTTPURI("/unauthorized.jpg/full/full/0/color.jpg");
tester.testAuthorizationWhenUnauthorized(uri);
tester.testAuthorizationWhenUnauthorized(uri, getEndpointPath());
}

@Test
Expand Down
17 changes: 1 addition & 16 deletions src/test/java/edu/illinois/library/cantaloupe/resource/iiif/v2/InformationResourceTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,22 +51,7 @@ void testGETAuthorizationWhenAuthorized() {
@Test
void testGETAuthorizationWhenUnauthorized() {
URI uri = getHTTPURI("/unauthorized.jpg/info.json");
// This may vary depending on the return value of a delegate method,
// but the test delegate script returns 401.
assertStatus(401, uri);
assertRepresentationEquals("{\"@context\":\"http://iiif.io/api/image/2/context.json\","+
"\"@id\":\"" + uri.toString().replace("/info.json", "") + "\"," +
"\"protocol\":\"http://iiif.io/api/image\"," +
"\"status\":401," +
"\"message\":\"Unauthorized\"," +
"\"attribution\":\"Copyright My Great Organization. All rights reserved.\"," +
"\"license\":\"http://example.org/license.html\"," +
"\"service\":{" +
"\"@context\":\"http://iiif.io/api/annex/services/physdim/1/context.json\"," +
"\"profile\":\"http://iiif.io/api/annex/services/physdim\"," +
"\"physicalScale\":0.0025," +
"\"physicalUnits\":\"in\"}" +
"}", uri);
tester.testAuthorizationWhenUnauthorized(uri, getEndpointPath());
}

@Test
Expand Down
2 changes: 1 addition & 1 deletion src/test/java/edu/illinois/library/cantaloupe/resource/iiif/v3/ImageResourceTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ void testGETAuthorizationWhenAuthorized() {
@Test
void testGETAuthorizationWhenUnauthorized() {
URI uri = getHTTPURI("/unauthorized.jpg/full/max/0/color.jpg");
tester.testAuthorizationWhenUnauthorized(uri);
tester.testAuthorizationWhenUnauthorized(uri, getEndpointPath());
}

@Test
Expand Down
19 changes: 1 addition & 18 deletions src/test/java/edu/illinois/library/cantaloupe/resource/iiif/v3/InformationResourceTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,24 +51,7 @@ void testGETAuthorizationWhenAuthorized() {
@Test
void testGETAuthorizationWhenUnauthorized() {
URI uri = getHTTPURI("/unauthorized.jpg/info.json");
// This may vary depending on the return value of a delegate method,
// but the test delegate script returns 401.
assertStatus(401, uri);
assertRepresentationEquals("{\"@context\":\"http://iiif.io/api/image/3/context.json\","+
"\"id\":\"" + uri.toString().replace("/info.json", "") + "\"," +
"\"type\":\"ImageService3\"," +
"\"protocol\":\"http://iiif.io/api/image\"," +
"\"profile\":\"level2\"," +
"\"status\":401," +
"\"message\":\"Unauthorized\"," +
"\"attribution\":\"Copyright My Great Organization. All rights reserved.\"," +
"\"license\":\"http://example.org/license.html\"," +
"\"service\":{" +
"\"@context\":\"http://iiif.io/api/annex/services/physdim/1/context.json\"," +
"\"profile\":\"http://iiif.io/api/annex/services/physdim\"," +
"\"physicalScale\":0.0025," +
"\"physicalUnits\":\"in\"}" +
"}", uri);
tester.testAuthorizationWhenUnauthorized(uri, getEndpointPath());
}

@Test
Expand Down
20 changes: 0 additions & 20 deletions src/test/java/edu/illinois/library/cantaloupe/test/Assert/HTTPAssert.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,26 +62,6 @@ public static void assertRepresentationContains(String contains, URI uri) {
assertRepresentationContains(contains, uri.toString());
}

public static void assertRepresentationEquals(String expected,
String uri) {
Client client = newClient();
try {
client.setURI(new URI(uri));
Response response = client.send();
assertEquals(expected, response.getBodyAsString());
} catch (ResourceException e) {
assertEquals(expected, e.getResponse().getBodyAsString());
} catch (Exception e) {
fail(e.getMessage());
} finally {
stopQuietly(client);
}
}

public static void assertRepresentationEquals(String equals, URI uri) {
assertRepresentationEquals(equals, uri.toString());
}

public static void assertRepresentationsNotSame(URI uri1, URI uri2) {
Client client = newClient();
try {
Expand Down
Loading