/** * POST api/authentication?token=xxx * * <p>This action is called after signing the nonce on the client-side with the user's * certificate. We'll once again use the Authentication class to do the actual work. */ @RequestMapping( value = "/api/authentication", method = {RequestMethod.POST}) public AuthenticationPostResponse post( @RequestParam(value = "token", required = true) String token) throws RestException { // Instantiate the Authentication class Authentication auth = new Authentication(Util.getRestPkiClient()); // Call the completeWithWebPki() method, which finalizes the authentication process. It receives // as input // only the token that was yielded previously (which we sent to the page and the page sent us // back on the URL). // The call yields a ValidationResults which denotes whether the authentication was successful // or not. ValidationResults vr = auth.completeWithWebPki(token); AuthenticationPostResponse response = new AuthenticationPostResponse(); // Check the authentication result if (!vr.isValid()) { // If the authentication failed, inform the page response.setSuccess(false); response.setMessage("Authentication failed"); response.setValidationResults(vr.toString()); return response; } // At this point, you have assurance that the certificate is valid according to the // SecurityContext passed on the first step (see method get()) and that the user is indeed the // certificate's // subject. Now, you'd typically query your database for a user that matches one of the // certificate's fields, such as cert.getEmailAddress() or cert.getPkiBrazil().getCpf() (the // actual field // to be used as key depends on your application's business logic) and set the user // as authenticated with whatever web security framework your application uses. // For demonstration purposes, we'll just return a success and put on the message something // to show that we have access to the certificate's fields. PKCertificate userCert = auth.getPKCertificate(); StringBuilder message = new StringBuilder(); message.append("Welcome, " + userCert.getSubjectName().getCommonName() + "!"); if (!StringUtils.isEmpty(userCert.getEmailAddress())) { message.append(" Your email address is " + userCert.getEmailAddress()); } if (!StringUtils.isEmpty(userCert.getPkiBrazil().getCpf())) { message.append(" and your CPF is " + userCert.getPkiBrazil().getCpf()); } // Return success to the page response.setSuccess(true); response.setMessage(message.toString()); return response; }
/** * GET api/authentication * * <p>This action is called once the user clicks the "Sign In" button. */ @RequestMapping( value = "/api/authentication", method = {RequestMethod.GET}) public String get() throws RestException { // Instantiate the Authentication class Authentication auth = new Authentication(Util.getRestPkiClient()); // Call the Authentication startWithWebPki() method, which initiates the authentication. This // yields the token, // a 22-character case-sensitive URL-safe string, which we'll send to the page in order to pass // on the // signWithRestPki method of the Web PKI component. String token = auth.startWithWebPki(Util.getSecurityContext()); // Note: By changing the SecurityContext above you can accept only certificates from a certain // PKI, // for instance, ICP-Brasil (SecurityContext.pkiBrazil). // Return the token to the page return token; }