Using Google authentication with Restlet

Question

I have this very basic authentication for my app:

    MapVerifier mapVerifier = new MapVerifier();
    mapVerifier.getLocalSecrets().put("user", "pass".toCharArray());

    ChallengeAuthenticator guard= new ChallengeAuthenticator(null, ChallengeScheme.HTTP_BASIC, "Secured Resources");
    guard.setContext(getContext());
    guard.setVerifier(mapVerifier);

How do I adapt this to use Google authentication scheme? That, instead of showing the Username/Password browser popup, it will go to the Google authentication page.

Answer 1

I think that you aren't in the context of a challenge authentication and you need to leverage the authentication service of Google.

Here is an implementation of this approach (not tested) if you want a custom Restlet Authenticator implementation:

public class GoogleAuthenticator extends Authenticator {
    private UserService userService;

    public GoogleAuthenticator(Context context) {
        super(context);
        this.userService = UserServiceFactory.getUserService();
    }

    protected User createUser(com.google.appengine.api.users.User googleUser,
                             Request request, Response response) {
        return new User(googleUser.getUserId());
    }

    protected boolean authenticate(Request request, Response response) {
        // Get current Google user
        com.google.appengine.api.users.User googleUser = userService.getCurrentUser();

        // Check if the user is authenticated
        if (googleUser!=null) {
            // Authenticated through Google authentication service

            request.getClientInfo().setUser(
                 createUser(googleUser, request, response));
            return true;
        } else {
            // Not authenticated. Redirect to the login URL
            response.redirectSeeOther(userService.createLoginURL(
                                      request.getRequestURI()));
            return false;
        }
    }
}

However such authenticator exists in the extension org.restlet.ext.gae for a while. It leverages the service UserService of GAE. So I think that you have it with the version of Restlet you use. Here is a sample of use below:

public Restlet createInboundRoot() {
    Router router = new Router(getContext());
    (...)

    GaeAuthenticator guard= new GaeAuthenticator(getContext());
    guard.setNext(router);

    return guard;
}

Edited :

You can notice that the GAE authenticator can use the GAE enroler for this purpose (ie if it's an admin one).

To implement this, you simply need to instantiate such enroler and set it on your authenticator, as desribed below:

GaeEnroler enroler = new GaeEnroler();
GaeAuthenticator guard = new GaeAuthenticator(getContext());
guard.setEnroler(enroler)
guard.setNext(router);

Within your server resource, you can then check the role, as described below:

protected boolean hasAdminRole() {
    ClientInfo clientInfo = getClientInfo();
    List<Role> roles = clientInfo.getRoles();
    boolean isAdmin = false;
    for (Role role : roles) {
        if (role.getName().equals("admin")) {
            isAdmin = true;
            break;
        }
    }
    return isAdmin;
}

@Post
public XX handlePost(YY content) {
    if (!hasAdminRole()) {
        throw new ResourceException(Status.CLIENT_ERROR_FORBIDDEN);
    }

    (...)
}

Hope it helps you, Thierry

Answer 2

I haven't fully understood what's ur question is ? If u wanted to integrate Google authentication in yours system check the link google Oauth2

It's not depend upon any framework it's simply redirection and callback which u can do with plain servlets , obviously you can do with restlets too

I have written an simply library to integrate google and Facebook oauth 2, you can check this to see how it works

java oauth2 gae