RestAuthenticator (pac4j#934)

* RestAuthenticator

* test RestAuthenticator

* refactor + config

* update doc

* Accounted Victor's feedbacks

* better logs

README.md

@@ -18,7 +18,7 @@ It provides a comprehensive set of [**concepts and components**](http://www.pac4
 
 [OAuth (Facebook, Twitter, Google...)](http://www.pac4j.org/docs/clients/oauth.html) - [SAML](http://www.pac4j.org/docs/clients/saml.html) - [CAS](http://www.pac4j.org/docs/clients/cas.html) - [OpenID Connect](http://www.pac4j.org/docs/clients/openid-connect.html) - [HTTP](http://www.pac4j.org/docs/clients/http.html) - [OpenID](http://www.pac4j.org/docs/clients/openid.html) - [Google App Engine](http://www.pac4j.org/docs/clients/google-app-engine.html) - [Kerberos (SPNEGO/Negotiate)](http://www.pac4j.org/docs/clients/kerberos.html)
 
-[LDAP](http://www.pac4j.org/docs/authenticators/ldap.html) - [SQL](http://www.pac4j.org/docs/authenticators/sql.html) - [JWT](http://www.pac4j.org/docs/authenticators/jwt.html) - [MongoDB](http://www.pac4j.org/docs/authenticators/mongodb.html) - [CouchDB](http://www.pac4j.org/docs/authenticators/couchdb.html) - [IP address](http://www.pac4j.org/docs/authenticators/ip.html)
+[LDAP](http://www.pac4j.org/docs/authenticators/ldap.html) - [SQL](http://www.pac4j.org/docs/authenticators/sql.html) - [JWT](http://www.pac4j.org/docs/authenticators/jwt.html) - [MongoDB](http://www.pac4j.org/docs/authenticators/mongodb.html) - [CouchDB](http://www.pac4j.org/docs/authenticators/couchdb.html) - [IP address](http://www.pac4j.org/docs/authenticators/ip.html) - [REST API](http://www.pac4j.org/docs/authenticators/rest.html)
 
 ## Authorization mechanisms:
 

documentation/_includes/header.html

@@ -12,7 +12,7 @@
     {% if page.url contains 'docs' %}
       <script src="/js/anchor.min.js"></script>
     {% endif %}
-    <link href="https://fonts.googleapis.com/css?family=Droid+Sans" rel="stylesheet">
+    <link href="https://fonts.googleapis.com/css?family=Droid+Sans:400,700" rel="stylesheet">
   </head>
   <body>
     <a href="https://github.com/pac4j/pac4j"><img style="position: absolute; top: 0; right: 0; border: 0; z-index: 9999;" src="https://camo.githubusercontent.com/365986a132ccd6a44c23a9169022c0b5c890c387/68747470733a2f2f73332e616d617a6f6e6177732e636f6d2f6769746875622f726962626f6e732f666f726b6d655f72696768745f7265645f6161303030302e706e67" alt="Fork me on GitHub" data-canonical-src="https://s3.amazonaws.com/github/ribbons/forkme_right_red_aa0000.png"></a>

documentation/docs/authenticators.md

@@ -14,14 +14,15 @@ This `Authenticator` interface has only one method: `void validate(C credentials
 
 The [`HttpAction`](https://github.com/pac4j/pac4j/blob/master/pac4j-core/src/main/java/org/pac4j/core/exception/HttpAction.java) allows you to interrupt the credentials validation and trigger a specific HTTP action (like a temporary redirection).
 
-You can use various `Authenticator` for many identity systems:
+You can use various `Authenticator` for many identity mechanisms:
 
 - [LDAP](authenticators/ldap.html)
 - [SQL](authenticators/sql.html)
 - [JWT](authenticators/jwt.html)
 - [MongoDB](authenticators/mongodb.html)
 - [CouchDB](authenticators/couchdb.html)
 - [IP address](authenticators/ip.html)
+- [REST API](authenticators/rest.html)
 
 
 ## 1) Deal with performance issues

documentation/docs/authenticators/rest.md

@@ -0,0 +1,48 @@
+---
+layout: doc
+title: REST API
+---
+
+*pac4j* allows you to validate users via a REST API.
+
+## 1) Dependency
+
+You need to use the following module: `pac4j-http`.
+
+**Example (Maven dependency):**
+
+```xml
+<dependency>
+    <groupId>org.pac4j</groupId>
+    <artifactId>pac4j-http</artifactId>
+    <version>${pac4j.version}</version>
+</dependency>
+```
+
+## 2) `RestAuthenticator`
+
+The [`RestAuthenticator`](https://github.com/pac4j/pac4j/blob/master/pac4j-http/src/main/java/org/pac4j/http/credentials/authenticator/RestAuthenticator.java) validates the provided username/password by POSTing them as a basic authentication to an URL which must return:
+
+- a 200 HTTP response with a user profile as a JSON if the username/password credentials are valid
+
+- any other HTTP status code (preferably 401) if the username/password credentials are not valid.
+
+In case of a successful authentication, a [`RestProfile`](https://github.com/pac4j/pac4j/blob/master/pac4j-http/src/main/java/org/pac4j/http/profile/RestProfile.java) is returned.
+
+**Example of a correct server response:**
+
+```json
+{
+  "id": "1234",
+  "attributes": {
+    "firstName": "Jerome"
+  }
+}
+```
+
+**Example of a client:**
+
+```java
+RestAuthenticator authenticator = new RestAuthenticator("http://rest-api-url");
+DirectBasicAuthClient directBasicAuthClient = new DirectBasicAuthClient(authenticator);
+```

documentation/docs/backward-compatibility.md

@@ -15,6 +15,9 @@ Given a version X.Y.Z:
 
 Generally, *pac4j* implementations will adopt the semver versioning when upgrading to `pac4j` version 2, if they don't already have.
 
+<div class="alert alert-danger"><i class="fa fa-exclamation-triangle" aria-hidden="true"></i> Notice that, while <code>pac4j-*</code> modules are backward compatible, you should always add the <code>pac4j-core</code> dependency in the same version as the upgraded <code>pac4j-*</code> dependency.</div>
+
+
 ## 2) Maintenance
 
 Two stable and released streams of `pac4j` are maintained at the same time.

documentation/docs/config.md

@@ -93,7 +93,9 @@ Here are the properties you can use to define the clients (, password encoders a
 | `encoder.shiro` (if no specific properties are required), `encoder.shiro.generatePublicSalt`, `encoder.shiro.hashAlgorithmName`, `encoder.shiro.hashIterations` and `encoder.shiro.privateSalt` | To define a `ShiroPasswordEncoder` based on the provided properties and named `encoder.shiro` or `encoder.shiro.N` |
 | `ldap.type`, `ldap.dnFormat`, `ldap.principalAttributes`,`ldap.principalAttributeId`, `ldap.principalAttributePassword`, `ldap.subtreeSearch`, `ldap.usersDn`, `ldap.userFilter`, `ldap.enhanceWithEntryResolver`, `ldap.trustCertificates`, `ldap.keystore`, `ldap.keystorePassword`, `ldap.keystoreType`, `ldap.minPoolSize`, `ldap.maxPoolSize`, `ldap.poolPassivator`, `ldap.validateOnCheckout`, `ldap.validatePeriodically`, `ldap.validatePeriod`, `ldap.failFast`, `ldap.idleTime`, `ldap.prunePeriod`, `ldap.blockWaitTime`, `ldap.url`, `ldap.useSsl`, `ldap.useStartTls`, `ldap.connectTimeout`, `ldap.providerClass`, `ldap.allowMultipleDns`, `ldap.bindDn`, `ldap.bindCredential`, `ldap.saslRealm`, `ldap.saslMechanism`, `ldap.saslAuthorizationId`, `ldap.saslSecurityStrength` and `ldap.saslQualityOfProtection` | To define a `LdapAuthenticator` based on the provided properties and named `ldap` or `ldap.N` |
 | `db.dataSourceClassName`, `db.jdbcUrl`, `db.userAttributes`, `db.userIdAttribute`, `db.usernameAttribute`, `db.userPasswordAttribute`, `db.usersTable`, `db.username`, `db.password`, `db.autoCommit`, `db.connectionTimeout`, `db.idleTimeout`, `db.maxLifetime`, `db.connectionTestQuery`, `db.minimumIdle`, `db.maximumPoolSize`, `db.poolName`, `db.initializationFailTimeout`, `db.isolateInternalQueries`, `db.allowPoolSuspension`, `db.readOnly`, `db.registerMbeans`, `db.catalog`, `db.connectionInitSql`, `db.driverClassName`, `db.transactionIsolation`, `db.validationTimeout`, `db.leakDetectionThreshold`, `db.customParamKey`, `db.customParamValue`, `db.loginTimeout`, `db.dataSourceJndi` and `db.passwordEncoder` | To define a `DbAuthenticator` based on the provided properties and named `db` or `db.N` |
+| `rest.url` | To define a `RestAuthenticator` based on the provided properties and named `rest` or `rest.N` |
 | `anonymous` | To define the `AnonymousClient`, the value is ignored |
+| `directBasicAuth.authenticator` | To define a `DirectBasicAuthClient` based on the provided properties |
 | `saml.keystorePassword`, `saml.privateKeyPassword`, `saml.keystorePath`, `saml.identityProviderMetadataPath`, `saml.maximumAuthenticationLifetime`, `saml.serviceProviderEntityId`, `saml.serviceProviderMetadataPath`, `saml.destinationBindingType` | To define a `SAML2Client` based on the provided properties |
 | `cas.loginUrl`, `cas.protocol` | To define a `CasClient` based on the provided properties |
 | `oidc.type` (`google` or `azure`), `oidc.id`, `oidc.secret`, `oidc.scope`, `oidc.discoveryUri`, `oidc.useNonce`, `oidc.preferredJwsAlgorithm`, `oidc.maxClockSkew`, `oidc.clientAuthenticationMethod`, `oidc.customParamKey1`, `oidc.customParamValue1`, `oidc.customParamKey2`,`oidc.customParamValue2` | To define an OpenID connect client based on the provided properties |

documentation/docs/index.md

@@ -9,7 +9,7 @@ title: <i class="fa fa-user" aria-hidden="true"></i> The <i>pac4j</i> engine/cor
 
 ### &#9656; [Clients](clients.html): [OAuth](clients/oauth.html) - [SAML](clients/saml.html) - [CAS](clients/cas.html) - [OpenID Connect](clients/openid-connect.html) - [HTTP](clients/http.html) - [OpenID](clients/openid.html) - [Google App Engine](clients/google-app-engine.html) - [Kerberos (SPNEGO)](clients/kerberos.html)
 
-### &#9656; [Authenticators](authenticators.html): [LDAP](authenticators/ldap.html) - [SQL](authenticators/sql.html) - [JWT](authenticators/jwt.html) - [MongoDB](authenticators/mongodb.html) - [CouchDB](authenticators/couchdb.html) - [IP address](authenticators/ip.html)
+### &#9656; [Authenticators](authenticators.html): [LDAP](authenticators/ldap.html) - [SQL](authenticators/sql.html) - [JWT](authenticators/jwt.html) - [MongoDB](authenticators/mongodb.html) - [CouchDB](authenticators/couchdb.html) - [IP address](authenticators/ip.html) - [REST API](authenticators/rest.html)
 
 ## 3) Authorization mechanisms: [Authorizers](authorizers.html)
 

documentation/docs/release-notes.md

@@ -9,6 +9,7 @@ title: Release notes:
 - Removed Stormpath support
 - The password encoders and LDAP/SQL authenticators can be defined via properties through the `PropertiesConfigFactory`
 - Supports CouchDB for authentication and user management
+- REST API `Authenticator`
 - In case of an unauthorized AJAX request, the redirection URL to the identity server is added as the `Location` header to the 401 error
 
 **v2.0.0**:

documentation/index.html

@@ -42,7 +42,7 @@ <h2 id="implem">Available for most frameworks/tools (<i>implementations</i>):<br
     <h2 id="authent">Supports most authentication mechanisms:<br />
 
         <small>OAuth (Facebook, Twitter, Google...) - SAML - CAS - OpenID Connect - HTTP - OpenID - Google App Engine<br />
-        LDAP - SQL - JWT - MongoDB - Stormpath - IP address - Kerberos (SPNEGO)</small>
+        LDAP - SQL - JWT - MongoDB - CouchDB - IP address - Kerberos (SPNEGO) - REST API</small>
 
     </h2>
     <h2 id="authoriz">and authorization mechanisms:<br />

pac4j-cas/src/main/java/org/pac4j/cas/client/rest/AbstractCasRestClient.java

@@ -6,7 +6,7 @@
 import org.pac4j.cas.config.CasConfiguration;
 import org.pac4j.cas.profile.CasProfile;
 import org.pac4j.cas.profile.CasRestProfile;
-import org.pac4j.cas.util.HttpUtils;
+import org.pac4j.core.util.HttpUtils;
 import org.pac4j.core.client.DirectClient;
 import org.pac4j.core.context.HttpConstants;
 import org.pac4j.core.context.WebContext;

pac4j-cas/src/main/java/org/pac4j/cas/credentials/authenticator/CasRestAuthenticator.java

@@ -1,7 +1,7 @@
 package org.pac4j.cas.credentials.authenticator;
 
 import org.pac4j.cas.config.CasConfiguration;
-import org.pac4j.cas.util.HttpUtils;
+import org.pac4j.core.util.HttpUtils;
 import org.pac4j.cas.profile.CasRestProfile;
 import org.pac4j.core.context.HttpConstants;
 import org.pac4j.core.context.Pac4jConstants;

pac4j-config/pom.xml

@@ -1,52 +1,52 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
-	<modelVersion>4.0.0</modelVersion>
+    <modelVersion>4.0.0</modelVersion>
 
-	<parent>
-		<groupId>org.pac4j</groupId>
-		<artifactId>pac4j</artifactId>
-		<version>2.1.0-SNAPSHOT</version>
-	</parent>
+    <parent>
+        <groupId>org.pac4j</groupId>
+        <artifactId>pac4j</artifactId>
+        <version>2.1.0-SNAPSHOT</version>
+    </parent>
 
-	<artifactId>pac4j-config</artifactId>
-	<packaging>jar</packaging>
-	<name>pac4j configuration</name>
+    <artifactId>pac4j-config</artifactId>
+    <packaging>jar</packaging>
+    <name>pac4j configuration</name>
 
-	<dependencies>
-		<dependency>
-			<groupId>org.pac4j</groupId>
-			<artifactId>pac4j-core</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.pac4j</groupId>
-			<artifactId>pac4j-cas</artifactId>
-			<optional>true</optional>
-		</dependency>
-		<dependency>
-			<groupId>org.pac4j</groupId>
-			<artifactId>pac4j-saml</artifactId>
-			<optional>true</optional>
-		</dependency>
-		<dependency>
-			<groupId>org.pac4j</groupId>
-			<artifactId>pac4j-oauth</artifactId>
-			<optional>true</optional>
-		</dependency>
+    <dependencies>
+        <dependency>
+            <groupId>org.pac4j</groupId>
+            <artifactId>pac4j-core</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.pac4j</groupId>
+            <artifactId>pac4j-cas</artifactId>
+            <optional>true</optional>
+        </dependency>
+        <dependency>
+            <groupId>org.pac4j</groupId>
+            <artifactId>pac4j-saml</artifactId>
+            <optional>true</optional>
+        </dependency>
+        <dependency>
+            <groupId>org.pac4j</groupId>
+            <artifactId>pac4j-oauth</artifactId>
+            <optional>true</optional>
+        </dependency>
         <dependency>
             <groupId>org.pac4j</groupId>
             <artifactId>pac4j-oidc</artifactId>
-			<optional>true</optional>
-        </dependency>
-		<dependency>
-			<groupId>org.pac4j</groupId>
-			<artifactId>pac4j-ldap</artifactId>
-			<optional>true</optional>
-		</dependency>
-		<dependency>
-			<groupId>org.pac4j</groupId>
-			<artifactId>pac4j-http</artifactId>
-			<optional>true</optional>
-		</dependency>
+            <optional>true</optional>
+        </dependency>
+        <dependency>
+            <groupId>org.pac4j</groupId>
+            <artifactId>pac4j-ldap</artifactId>
+            <optional>true</optional>
+        </dependency>
+        <dependency>
+            <groupId>org.pac4j</groupId>
+            <artifactId>pac4j-http</artifactId>
+            <optional>true</optional>
+        </dependency>
         <dependency>
             <groupId>com.zaxxer</groupId>
             <artifactId>HikariCP</artifactId>
@@ -68,22 +68,22 @@
             <optional>true</optional>
         </dependency>
         <!-- for testing -->
-		<dependency>
-			<groupId>org.pac4j</groupId>
-			<artifactId>pac4j-core</artifactId>
-			<type>test-jar</type>
-			<scope>test</scope>
-		</dependency>
-		<dependency>
-			<groupId>junit</groupId>
-			<artifactId>junit</artifactId>
-			<scope>test</scope>
-		</dependency>
-		<dependency>
-			<groupId>ch.qos.logback</groupId>
-			<artifactId>logback-classic</artifactId>
-			<scope>test</scope>
-		</dependency>
+        <dependency>
+            <groupId>org.pac4j</groupId>
+            <artifactId>pac4j-core</artifactId>
+            <type>test-jar</type>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>ch.qos.logback</groupId>
+            <artifactId>logback-classic</artifactId>
+            <scope>test</scope>
+        </dependency>
         <dependency>
             <groupId>org.pac4j</groupId>
             <artifactId>pac4j-ldap</artifactId>
@@ -107,23 +107,23 @@
             <version>${h2.version}</version>
             <scope>test</scope>
         </dependency>
-		<!-- for testing -->
-	</dependencies>
+        <!-- for testing -->
+    </dependencies>
 
-	<build>
-		<plugins>
-			<plugin>
-				<groupId>org.apache.felix</groupId>
-				<artifactId>maven-bundle-plugin</artifactId>
-				<configuration>
-					<instructions>
-						<Bundle-SymbolicName>org.pac4j.config</Bundle-SymbolicName>
-						<Export-Package>org.pac4j.config.*;version=${project.version}</Export-Package>
-						<Import-Package>*</Import-Package>
-					</instructions>
-				</configuration>
-			</plugin>
-		</plugins>
-	</build>
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.felix</groupId>
+                <artifactId>maven-bundle-plugin</artifactId>
+                <configuration>
+                    <instructions>
+                        <Bundle-SymbolicName>org.pac4j.config</Bundle-SymbolicName>
+                        <Export-Package>org.pac4j.config.*;version=${project.version}</Export-Package>
+                        <Import-Package>*</Import-Package>
+                    </instructions>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
 
 </project>

pac4j-config/src/main/java/org/pac4j/config/builder/AbstractBuilder.java

@@ -1,5 +1,11 @@
 package org.pac4j.config.builder;
 
+import org.pac4j.config.client.PropertiesConstants;
+import org.pac4j.core.credentials.authenticator.Authenticator;
+import org.pac4j.http.credentials.authenticator.test.SimpleTestTokenAuthenticator;
+import org.pac4j.http.credentials.authenticator.test.SimpleTestUsernamePasswordAuthenticator;
+
+import java.util.HashMap;
 import java.util.Map;
 
 /**
@@ -8,7 +14,7 @@
  * @author Jerome Leleu
  * @since 2.0.0
  */
-public abstract class AbstractBuilder {
+public abstract class AbstractBuilder implements PropertiesConstants {
 
     protected static final int MAX_NUM_CLIENTS = 10;
     protected static final int MAX_NUM_AUTHENTICATORS = 10;
@@ -17,8 +23,16 @@ public abstract class AbstractBuilder {
 
     protected final Map<String, String> properties;
 
+    protected final Map<String, Authenticator> authenticators;
+
     protected AbstractBuilder(final Map<String, String> properties) {
         this.properties = properties;
+        this.authenticators = new HashMap<>();
+    }
+
+    protected AbstractBuilder(final Map<String, String> properties, final Map<String, Authenticator> authenticators) {
+        this.properties = properties;
+        this.authenticators = authenticators;
     }
 
     protected String concat(final String value, int num) {
@@ -48,4 +62,14 @@ protected int getPropertyAsInteger(final String name, final int num) {
     protected long getPropertyAsLong(final String name, final int num) {
         return Long.parseLong(getProperty(name, num));
     }
+
+    protected Authenticator getAuthenticator(final String name) {
+        if (AUTHENTICATOR_TEST_TOKEN.equals(name)) {
+            return new SimpleTestTokenAuthenticator();
+        } else if (AUTHENTICATOR_TEST_USERNAME_PASSWORD.equals(name)) {
+            return new SimpleTestUsernamePasswordAuthenticator();
+        } else {
+            return authenticators.get(name);
+        }
+    }
 }

pac4j-config/src/main/java/org/pac4j/config/builder/CasClientBuilder.java

@@ -3,7 +3,6 @@
 import org.pac4j.cas.client.CasClient;
 import org.pac4j.cas.config.CasConfiguration;
 import org.pac4j.cas.config.CasProtocol;
-import org.pac4j.config.client.PropertiesConstants;
 import org.pac4j.core.client.Client;
 
 import java.util.List;
@@ -17,7 +16,7 @@
  * @author Jerome Leleu
  * @since 2.0.0
  */
-public class CasClientBuilder extends AbstractBuilder implements PropertiesConstants {
+public class CasClientBuilder extends AbstractBuilder {
 
     public CasClientBuilder(final Map<String, String> properties) {
         super(properties);