From 6b4fabc18c1f09e429eb0635c3e3aed8e855797b Mon Sep 17 00:00:00 2001
From: Brian Major <major.brian@gmail.com>
Date: Thu, 28 Apr 2016 11:40:53 -0700
Subject: [PATCH] t72959 - added scope parameter to login servlet

---
 .../nrc/cadc/ac/server/web/LoginServlet.java  | 35 +++++++++++++++++--
 1 file changed, 32 insertions(+), 3 deletions(-)

diff --git a/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/LoginServlet.java b/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/LoginServlet.java
index e41f0181..6c4a1379 100755
--- a/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/LoginServlet.java
+++ b/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/LoginServlet.java
@@ -69,10 +69,14 @@
 package ca.nrc.cadc.ac.server.web;
 
 import java.io.IOException;
+import java.net.URI;
+import java.net.URISyntaxException;
 import java.security.AccessControlException;
 import java.security.Principal;
 import java.security.PrivilegedActionException;
 import java.security.PrivilegedExceptionAction;
+import java.util.Calendar;
+import java.util.GregorianCalendar;
 
 import javax.security.auth.Subject;
 import javax.servlet.ServletConfig;
@@ -92,8 +96,10 @@ import ca.nrc.cadc.ac.server.PluginFactory;
 import ca.nrc.cadc.ac.server.UserPersistence;
 import ca.nrc.cadc.ac.server.ldap.LdapGroupPersistence;
 import ca.nrc.cadc.auth.AuthenticatorImpl;
+import ca.nrc.cadc.auth.DelegationToken;
 import ca.nrc.cadc.auth.HttpPrincipal;
 import ca.nrc.cadc.auth.SSOCookieManager;
+import ca.nrc.cadc.date.DateUtil;
 import ca.nrc.cadc.log.ServletLogInfo;
 import ca.nrc.cadc.net.TransientException;
 import ca.nrc.cadc.util.StringUtil;
@@ -152,6 +158,7 @@ public class LoginServlet<T extends Principal> extends HttpServlet
             log.info(logInfo.start());
             String userID = request.getParameter("username");
             String password = request.getParameter("password");
+            String scope = request.getParameter("scope");
 
             if (userID == null || userID.length() == 0)
                 throw new IllegalArgumentException("Missing username");
@@ -174,9 +181,31 @@ public class LoginServlet<T extends Principal> extends HttpServlet
                 (!StringUtil.hasText(proxyUser) &&
                         userPersistence.doLogin(userID, password)))
             {
-        	    String token =
-        	            new SSOCookieManager().generate(
-        	                    new HttpPrincipal(userID, proxyUser));
+                String token = null;
+                HttpPrincipal p = new HttpPrincipal(userID, proxyUser);
+                if (scope != null)
+                {
+                    // This cookie will be scope to a certain URI,
+                    // such as a VOSpace node
+                    URI uri = null;
+                    try
+                    {
+                        uri = new URI(scope);
+                    }
+                    catch (URISyntaxException e)
+                    {
+                        throw new IllegalArgumentException("Invalid scope: " + scope);
+                    }
+
+                    final Calendar expiryDate = new GregorianCalendar(DateUtil.UTC);
+                    expiryDate.add(Calendar.HOUR, SSOCookieManager.SSO_COOKIE_LIFETIME_HOURS);
+                    DelegationToken dt = new DelegationToken(p, uri, expiryDate.getTime());
+                    token = DelegationToken.format(dt);
+                }
+                else
+                {
+                    token = new SSOCookieManager().generate(p);
+                }
         	    response.setContentType(CONTENT_TYPE);
         	    response.setContentLength(token.length());
         	    response.getWriter().write(token);
-- 
GitLab