Integrating custom authentication module in opengrok

[shylxsh]

Problem : Since I am new to java and integrating multiple java projects, How can I Integrate my custom authentication java project module into opengrok source code.

Why ? To restrict the users who are allowed to access the opengrok instance.

My Custom Login and Authentication Module

I have a webpage for login. The authentication and authorization are done through LDAP and my backend PostgreSQL database. Once the user is verified, the jsessionid cookie is set through setAttribute. Whenever a webpage is accessed by a user, I have a filter (CheckAuth) which checks for this set attribute. If available, it allows the user to proceed to the page; otherwise, it redirects to the login page. Currently, the CheckAuth filter is applied on the path /secure/, but it can be changed to /.

Structure of Custom Login and Authentication Module:

├── pom.xml
└── src
    ├── main
    │   ├── java
    │   │   └── com
    │   │       └── my-app
    │   │           ├── CheckAuth.java  // checks for attr
    │   │           ├── DatabaseAccess.java //checks for LDAP authentication
    │   │           └── LDAPAuthenticator.java //checks for project authorization
    │   └── webapp
    │       ├── WEB-INF
    │       │   └── web.xml
    │       ├── authenticate.jsp
    │       ├── css
    │       │   └── styles.css
    │       ├── js
    │       │   └── scripts.js
    │       ├── login.jsp
    │       └── secure
    │           └── home.jsp
    └── test
        └── java
            └── com

How I Want This Custom Authentication Module to Be Applied on OpenGrok:

By default, the OpenGrok instance should be restricted for all users trying to access it, redirecting them to the login page every time. Once the user logs in and is authenticated, they should be allowed to visit the OpenGrok pages; otherwise, they should be redirected to the login page.

[vladak]

Firstly, take a look at https://github.com/oracle/opengrok/wiki/Authorization

Basically, you will need to make sure your authentication layers sets an attribute in the request which will be then interpreted by the OpenGrok authorization framework. An OpenGrok authorization plugin is needed that will check whether the attribute is set. The UserPlugin needs to be first in the authorization stack. Its UserPrincipalDecoder might be a good fit for your case given you have a Java app performing the authentication, optionally you can write a custom decoder for the attribute.