johnymachine/Thingworx custom auth

## Thingworx custom auth
package foxon.auth;

import java.util.List;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import com.thingworx.resources.entities.EntityServices;
import com.thingworx.security.authentication.AuthenticatorException;
import com.thingworx.security.authentication.CustomAuthenticator;

public class WebsealAuth extends CustomAuthenticator {
	/**
	* WebSeal SSO Authentication via request headers.
	*
	* ThingWorx - Custom Authenticators Overview: https://support.ptc.com/appserver/cs/view/solution.jsp?n=CS244163&lang=en_US
	* Where To Find ThingWorx Documentation (Developer Guide): https://support.ptc.com/appserver/cs/view/solution.jsp?n=CS232833&art_lang=en&posno=1&q=developer&ProductFamily=ThingWorx%7CNRN%7CAxeda&source=search
	* Testing extensions and SDKs outside of ThingWorx within an IDE: https://support.ptc.com/appserver/cs/view/solution.jsp?n=CS215376&art_lang=en&posno=8&q=debug&ProductFamily=ThingWorx%7CNRN%7CAxeda&source=search
	* Using the Eclipse IDE to debug an Extension running in ThingWorx: https://support.ptc.com/appserver/cs/view/solution.jsp?n=CS219756&art_lang=en&posno=1&q=debug&ProductFamily=ThingWorx%7CNRN%7CAxeda&source=search
	*
	* @author  Jan Gabriel
	* @version 1.0
	*/

	// serialization ID
	private static final long serialVersionUID = 5488597991840865053L;
	private static EntityServices es = new EntityServices();
	private static String user;
	private static List<String> groups;

	public WebsealAuth() {
		/*
		 * Constructor
		 *
		 * Called by JVM
		 * Upon importing extension into ThingWorx, a copy of this method is sent to the authentication manager so it knows there is another authenticator to challenge.
		 * When the authentication manager determines by priority that this is the right authenticator, it instantiates a new instance.
		 * Any static data for each new authenticator instance should be thread safe (final) to avoid causing deadlocks.
		 * Best to avoid putting very much logic here, even calls to get configuration or instance data (use authenticate method instead).
		*/
	}

	@Override
	public void authenticate(HttpServletRequest httpRequest, HttpServletResponse httpRes) throws AuthenticatorException {
		/*
		 * Authenticate
		 *
		 * This method needs to throw an Exception or else the authentication manager will never know there was an error and will always authenticate the user’s credentials.
		 * Sets setCredentials() or throws AuthenticatorException.
		 */
		try {
			// Check if user exists, if not create him with name this.user.

			// Check if groups exist and if not add them with no permissions.

			// Check users membership in groups by this.groups and add or remove him accordingly.

			// Login user.
			this.setCredentials(WebsealAuth.user);
		} catch (Exception e) {
			this.setRequiresChallenge(true);
			throw new AuthenticatorException("Unable to create or login user: " + WebsealAuth.user, e);
		}
	}

	@Override
	public void issueAuthenticationChallenge(HttpServletRequest httpRequest, HttpServletResponse httpRes)
			throws AuthenticatorException {
		/*
		 * IssueAuthenticationChallenge
		 *
		 * This may not be used at all, or it may be used for alerting or logging.
		 * Handles logic which follows authentication fail (e.g. logging an error:  _logger.error).
		 * In order to invoke this method, ensure setRequiresChallenge(true) is in authenticate method before throwing the exception.
		 * ThingworxBasicAuthenticator grabs the response and sets some headers in this method, then calling the pop-up box which requests users attempt login again.
		 * ThingworxFormAuthenticator redirects users to plain form login prompts with return statuses displayed.
		 */

		// Log errors from exceptions.
	}

	@Override
	public boolean matchesAuthRequest(HttpServletRequest httpRequest) throws AuthenticatorException {
		/*
		 * MatchesAuthRequest
		 *
		 * This method determines if this authenticator is valid for the authentication request type and return true if so.
		 */

		// Get authentication headers from SSO request. Header name should be configurable from Thingworx if its possible.
		String user = httpRequest.getHeader("User");
		String groups = httpRequest.getHeader("Groups");

		// Check for missing headers.
		if(user == null || groups == null){
			this.setRequiresChallenge(true);
			throw new AuthenticatorException("Some headers are missing.");
		}

		// Validate headers and parse groups.
		try {
			// Validate and save to prop user this.user = user;
			// Parse and validate groups this.groups = groupsArray;
		} catch(Exception e) {
			this.setRequiresChallenge(true);
			throw new AuthenticatorException("Parsing error, headers malformed.", e);
		}
		return true;
	}
}
	package foxon.auth;

	import java.util.List;

	import javax.servlet.http.HttpServletRequest;
	import javax.servlet.http.HttpServletResponse;

	import com.thingworx.resources.entities.EntityServices;
	import com.thingworx.security.authentication.AuthenticatorException;
	import com.thingworx.security.authentication.CustomAuthenticator;

	public class WebsealAuth extends CustomAuthenticator {
	/**
	* WebSeal SSO Authentication via request headers.
	*
	* ThingWorx - Custom Authenticators Overview: https://support.ptc.com/appserver/cs/view/solution.jsp?n=CS244163&lang=en_US
	* Where To Find ThingWorx Documentation (Developer Guide): https://support.ptc.com/appserver/cs/view/solution.jsp?n=CS232833&art_lang=en&posno=1&q=developer&ProductFamily=ThingWorx%7CNRN%7CAxeda&source=search
	* Testing extensions and SDKs outside of ThingWorx within an IDE: https://support.ptc.com/appserver/cs/view/solution.jsp?n=CS215376&art_lang=en&posno=8&q=debug&ProductFamily=ThingWorx%7CNRN%7CAxeda&source=search
	* Using the Eclipse IDE to debug an Extension running in ThingWorx: https://support.ptc.com/appserver/cs/view/solution.jsp?n=CS219756&art_lang=en&posno=1&q=debug&ProductFamily=ThingWorx%7CNRN%7CAxeda&source=search
	*
	* @author Jan Gabriel
	* @version 1.0
	*/

	// serialization ID
	private static final long serialVersionUID = 5488597991840865053L;
	private static EntityServices es = new EntityServices();
	private static String user;
	private static List<String> groups;

	public WebsealAuth() {
	/*
	* Constructor
	*
	* Called by JVM
	* Upon importing extension into ThingWorx, a copy of this method is sent to the authentication manager so it knows there is another authenticator to challenge.
	* When the authentication manager determines by priority that this is the right authenticator, it instantiates a new instance.
	* Any static data for each new authenticator instance should be thread safe (final) to avoid causing deadlocks.
	* Best to avoid putting very much logic here, even calls to get configuration or instance data (use authenticate method instead).
	*/
	}

	@Override
	public void authenticate(HttpServletRequest httpRequest, HttpServletResponse httpRes) throws AuthenticatorException {
	/*
	* Authenticate
	*
	* This method needs to throw an Exception or else the authentication manager will never know there was an error and will always authenticate the user’s credentials.
	* Sets setCredentials() or throws AuthenticatorException.
	*/
	try {
	// Check if user exists, if not create him with name this.user.

	// Check if groups exist and if not add them with no permissions.

	// Check users membership in groups by this.groups and add or remove him accordingly.

	// Login user.
	this.setCredentials(WebsealAuth.user);
	} catch (Exception e) {
	this.setRequiresChallenge(true);
	throw new AuthenticatorException("Unable to create or login user: " + WebsealAuth.user, e);
	}
	}

	@Override
	public void issueAuthenticationChallenge(HttpServletRequest httpRequest, HttpServletResponse httpRes)
	throws AuthenticatorException {
	/*
	* IssueAuthenticationChallenge
	*
	* This may not be used at all, or it may be used for alerting or logging.
	* Handles logic which follows authentication fail (e.g. logging an error: _logger.error).
	* In order to invoke this method, ensure setRequiresChallenge(true) is in authenticate method before throwing the exception.
	* ThingworxBasicAuthenticator grabs the response and sets some headers in this method, then calling the pop-up box which requests users attempt login again.
	* ThingworxFormAuthenticator redirects users to plain form login prompts with return statuses displayed.
	*/

	// Log errors from exceptions.
	}

	@Override
	public boolean matchesAuthRequest(HttpServletRequest httpRequest) throws AuthenticatorException {
	/*
	* MatchesAuthRequest
	*
	* This method determines if this authenticator is valid for the authentication request type and return true if so.
	*/

	// Get authentication headers from SSO request. Header name should be configurable from Thingworx if its possible.
	String user = httpRequest.getHeader("User");
	String groups = httpRequest.getHeader("Groups");

	// Check for missing headers.
	if(user == null \|\| groups == null){
	this.setRequiresChallenge(true);
	throw new AuthenticatorException("Some headers are missing.");
	}

	// Validate headers and parse groups.
	try {
	// Validate and save to prop user this.user = user;
	// Parse and validate groups this.groups = groupsArray;
	} catch(Exception e) {
	this.setRequiresChallenge(true);
	throw new AuthenticatorException("Parsing error, headers malformed.", e);
	}
	return true;
	}
	}