This module, used with the authentication manager, allow users to be authenticated with OAuth2 protocol.
To use this module, some interface must be implemented :
Firstly, to communicate with a provider, an OAuthProvider class must be created.
It give information and methods for the module to provide authentication.
public interface OAuthProvider
{
/**
* Setup the client identifier (applicationToken and secretToken)
* to bind your application with the provider
*/
OAuthProvider setup(String clientId, String clientSecret);
/**
* Setup the URI where the provider redirect yours application
* users after authentication
*/
OAuthProvider setup(String redirectUri);
/**
* If the provider need more information (like scope for Google),
* you can get it here.
* <p><i>(See the provider documentation for more information)</i></p>
*/
OAuthProvider setup(Properties properties) throws OAuthConfigurationException;
/**
* Configure the OAuthProvider with settings
*/
void configure() throws OAuthConfigurationException;
/**
* Check if the provider is already configured
*/
boolean isConfigured();
/**
* Start authentication flow with OAuth2.
*/
OAuthService.OAuthProviderResponse startAuthentication(URI originUri) throws OAuthFlowException;
/**
* Finish authentication flow with OAuth2.
*/
OAuthService.OAuthProviderResponse finishAuthentication(OAuthenticatingClient oAuthenticatingClient,
String code, String state,
Function<String, String> internalTokenGenerator)
throws OAuthFlowException;
}See the Google provider implementation if example is needed
To avoid private token sharing, a mecanism was created to generate internal token, which can be shared with the client into a cookie.
For security reason, you can implement your OAuthCookieManager which can obfuscate this internal token.
public interface OAuthCookieManager
{
/**
* Insert a cookie with the internal token into the response
*/
HttpServletResponse insertInternalToken(HttpServletResponse response, String internalToken);
/**
* Insert a cookie with the internal token into the response
*/
Response.ResponseBuilder insertInternalToken(Response.ResponseBuilder response, String internalToken);
/**
* Extract the internal token from the request
*/
String extractInternalToken(HttpServletRequest request);
}See the simple cookie manager implementation if example is needed
This module can be easily configured throw the property file, read by KairosDB.
kairosdb.service.oauth=org.kairosdb.security.oauth2.core.OAuthModule: Enable the OAuth2 KairosDB servicekairosdb.security.oauth2.provider: Classpath of the provider implementationkairosdb.security.oauth2.cookie.manager: Classpath of the cookie manager implementationkairosdb.security.oauth2.priority_weight: Priority weight to choose which authentication use
Required for the module, for any provider
kairosdb.security.oauth2.clientId: Client ID, provided by the providerkairosdb.security.oauth2.clientSecret: Client Secret, provided by the providerkairosdb.security.oauth2.redirectionUri: Redirection URI, used bu the provider to get the client information
For Google implementation
kairosdb.security.oauth2.google.scope: Google OAuth2 scope
kairosdb.security.oauth2.filters.path.AAA=XXX: Enable OAuth authentication on XXXkairosdb.security.oauth2.filters.path.api=/api/*|Post: Enable OAuth authentication on/api/*forPOSTmethod. For more information, see authentication manager for KairosDB.
This module is licensed under the MIT license. See License file for more information.