Merge pull request #3180 from ControlSystemStudio/CSSTUDIO-2768

Updated login procedure for Olog and save&restore

Author: georgweiss

app/logbook/olog/client-es/src/main/java/org/phoebus/olog/es/api/OlogClient.java

@@ -29,6 +29,7 @@
 import org.phoebus.olog.es.api.model.OlogLog;
 import org.phoebus.olog.es.api.model.OlogObjectMappers;
 import org.phoebus.olog.es.api.model.OlogSearchResult;
+import org.phoebus.olog.es.authentication.LoginCredentials;
 import org.phoebus.security.store.SecureStore;
 import org.phoebus.security.tokens.AuthenticationScope;
 import org.phoebus.security.tokens.ScopedAuthenticationToken;
@@ -519,16 +520,15 @@ public void groupLogEntries(List<Long> logEntryIds) throws LogbookException {
     /**
      * Logs in to the Olog service.
      *
-     * @param username User name, must not be <code>null</code>.
+     * @param username Username, must not be <code>null</code>.
      * @param password Password, must not be <code>null</code>.
      * @throws Exception if the login fails, e.g. bad credentials or service off-line.
      */
     public void authenticate(String username, String password) throws Exception {
         try {
             ClientResponse clientResponse = service.path("login")
-                    .queryParam("username", username)
-                    .queryParam("password", password)
-                    .post(ClientResponse.class);
+                    .type(MediaType.APPLICATION_JSON)
+                    .post(ClientResponse.class, OlogObjectMappers.logEntrySerializer.writeValueAsString(new LoginCredentials(username, password)));
             if (clientResponse.getStatus() == Status.UNAUTHORIZED.getStatusCode()) {
                 throw new Exception("Failed to login: user unauthorized");
             } else if (clientResponse.getStatus() != Status.OK.getStatusCode()) {

app/logbook/olog/client-es/src/main/java/org/phoebus/olog/es/authentication/LoginCredentials.java

@@ -0,0 +1,14 @@
+/*
+ * Copyright (C) 2024 European Spallation Source ERIC.
+ */
+
+package org.phoebus.olog.es.authentication;
+
+/**
+ * Wrapper around user's credentials
+ *
+ * @param username Self-explanatory
+ * @param password Self-explanatory
+ */
+public record LoginCredentials(String username, String password) {
+}

app/save-and-restore/app/src/main/java/org/phoebus/applications/saveandrestore/client/SaveAndRestoreClientImpl.java

@@ -15,6 +15,7 @@
 import org.phoebus.applications.saveandrestore.model.CompositeSnapshot;
 import org.phoebus.applications.saveandrestore.model.Configuration;
 import org.phoebus.applications.saveandrestore.model.ConfigurationData;
+import org.phoebus.applications.saveandrestore.model.LoginCredentials;
 import org.phoebus.applications.saveandrestore.model.Node;
 import org.phoebus.applications.saveandrestore.model.RestoreResult;
 import org.phoebus.applications.saveandrestore.model.Snapshot;
@@ -34,11 +35,9 @@
 import java.net.CookieManager;
 import java.net.CookiePolicy;
 import java.net.URI;
-import java.net.URLEncoder;
 import java.net.http.HttpClient;
 import java.net.http.HttpRequest;
 import java.net.http.HttpResponse;
-import java.nio.charset.StandardCharsets;
 import java.time.Duration;
 import java.util.Base64;
 import java.util.List;
@@ -582,16 +581,14 @@ public List<Node> deleteTag(TagData tagData) {
      */
     @Override
     public UserData authenticate(String userName, String password) {
-        String stringBuilder = Preferences.jmasarServiceUrl +
-                "/login?username=" +
-                URLEncoder.encode(userName, StandardCharsets.UTF_8) +
-                "&password=" +
-                URLEncoder.encode(password, StandardCharsets.UTF_8);
-        HttpRequest request = HttpRequest.newBuilder()
+        try {
+            String stringBuilder = Preferences.jmasarServiceUrl +
+                    "/login";
+            HttpRequest request = HttpRequest.newBuilder()
                 .uri(URI.create(stringBuilder))
-                .POST(HttpRequest.BodyPublishers.noBody())
+                .header("Content-Type", CONTENT_TYPE_JSON)
+                .POST(HttpRequest.BodyPublishers.ofString(OBJECT_MAPPER.writeValueAsString(new LoginCredentials(userName, password))))
                 .build();
-        try {
             HttpResponse<String> response = CLIENT.send(request, HttpResponse.BodyHandlers.ofString());
             return OBJECT_MAPPER.readValue(response.body(), UserData.class);
         } catch (Exception e) {

app/save-and-restore/model/src/main/java/org/phoebus/applications/saveandrestore/model/LoginCredentials.java

@@ -0,0 +1,14 @@
+/*
+ * Copyright (C) 2024 European Spallation Source ERIC.
+ */
+
+package org.phoebus.applications.saveandrestore.model;
+
+/**
+ * Wrapper around user's credentials
+ *
+ * @param username Self-explanatory
+ * @param password Self-explanatory
+ */
+public record LoginCredentials(String username, String password) {
+}

services/save-and-restore/doc/index.rst

@@ -869,6 +869,21 @@ Authorization uses a role-based approach like so:
         * Object is a tag
 * Save-and-restore role "sar-admin": no restrictions
 
+Authentication endpoint
+"""""""""""""""""""""""
+
+A client can may use the /login endpoint to check if user is authenticated:
+
+**.../login**
+
+Method: POST
+
+Body:
+
+.. code-block:: JSON
+
+    {"username":"johndoe", "password":"undisclosed"}
+
 
 Enabled authentication, disabled authorization
 ----------------------------------------------

services/save-and-restore/pom.xml

@@ -70,12 +70,6 @@
 			<version>4.7.4-SNAPSHOT</version>
 		</dependency>
 
-		<dependency>
-			<groupId>org.phoebus</groupId>
-			<artifactId>core-util</artifactId>
-			<version>4.7.4-SNAPSHOT</version>
-		</dependency>
-
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter</artifactId>

services/save-and-restore/src/main/java/org/phoebus/service/saveandrestore/web/controllers/AuthenticationController.java

@@ -19,6 +19,7 @@
 
 package org.phoebus.service.saveandrestore.web.controllers;
 
+import org.phoebus.applications.saveandrestore.model.LoginCredentials;
 import org.phoebus.applications.saveandrestore.model.UserData;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
@@ -29,7 +30,7 @@
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RestController;
 
 import java.util.List;
@@ -50,28 +51,26 @@ public class AuthenticationController extends BaseController {
     /**
      * Authenticates user.
      *
-     * @param userName The user principal name
-     * @param password User's password
+     * @param loginCredentials User's credentials
      * @return A {@link ResponseEntity} carrying a {@link UserData} object if the login was successful,
      * otherwise the body will be <code>null</code>.
      */
     @PostMapping(value = "login")
-    public ResponseEntity<UserData> login(@RequestParam(value = "username") String userName,
-                                          @RequestParam(value = "password") String password) {
+    public ResponseEntity<UserData> login(@RequestBody LoginCredentials loginCredentials) {
         Authentication authentication =
-                new UsernamePasswordAuthenticationToken(userName, password);
+                new UsernamePasswordAuthenticationToken(loginCredentials.username(), loginCredentials.password());
         try {
             authentication = authenticationManager.authenticate(authentication);
         } catch (AuthenticationException e) {
-            Logger.getLogger(AuthenticationController.class.getName()).log(Level.WARNING, "Unable to authenticate", e);
+            Logger.getLogger(AuthenticationController.class.getName()).log(Level.WARNING, "Unable to authenticate user " + loginCredentials.username());
             return new ResponseEntity<>(
                     null,
                     HttpStatus.UNAUTHORIZED);
         }
         List<String> roles = authentication.getAuthorities().stream()
                 .map(GrantedAuthority::getAuthority).collect(Collectors.toList());
         return new ResponseEntity<>(
-                new UserData(userName, roles),
+                new UserData(loginCredentials.username(), roles),
                 HttpStatus.OK);
     }
 }