You can proxy authentication to another Cordra instance by using the authenticate JavaScript lifecycle hook.
This can be useful if you have multiple Cordra instances but a single set of users controlled
by a single, remote, Cordra instance.
The below example authenticate hook implementation on the design object provides the complete
code to proxy authentication to another Cordra instance.
The code takes all incoming authentication requests and forwards them to the Op.Auth.Token operation
on a remote Cordra instance. This does not require any modifications on the remote instance. The result is
treated as if the authentication happened locally. Any groups the user is a member of on the remote Cordra are
included in the response and can be referenced in the authorization configuration of this local Cordra.
exports.authenticate = authenticate;
const CORDRA_AUTH_URL = "https://example.org/doip/?operationId=20.DOIP/Op.Auth.Token&targetId=service";
function authenticate(authInfo, context) {
if (authInfo.authTokenInput) {
const response = postJson(CORDRA_AUTH_URL, authInfo.authTokenInput);
if (response.status === 200) {
const responseAuthInfo = JSON.parse(response.text);
responseAuthInfo.grantAuthenticatedAccess = true;
return responseAuthInfo;
} else {
return null;
}
}
return null;
}
const HttpClients = Java.type("org.apache.http.impl.client.HttpClients");
const client = HttpClients.createDefault();
const HttpPost = Java.type("org.apache.http.client.methods.HttpPost");
const StringEntity = Java.type("org.apache.http.entity.StringEntity");
const EntityUtils = Java.type("org.apache.http.util.EntityUtils");
function postJson(url, bodyObj) {
const post = new HttpPost(url);
post.setHeader("Content-Type", "application/json");
const json = JSON.stringify(bodyObj);
post.setEntity(new StringEntity(json, "UTF-8"));
const response = client.execute(post);
const entity = response.getEntity();
return {
status: response.getStatusLine().getStatusCode(),
text: EntityUtils.toString(entity)
};
}