forked from Islandora/islandora
-
Notifications
You must be signed in to change notification settings - Fork 1
Token Authentication for External Services
willtp87 edited this page Dec 19, 2012
·
1 revision
In the large image solution pack viewing would fail when trying to access datastreams locked down via XACML. This was because the third party services of SeaDragon and Djatoka can not pass through the Drupal credentials to the requests they send to Fedora (Drupal->SeaDragon->Djatoka->Fedora).
The solution we use is token authentication. We proxy Fedora in Drupal where we can send the right credentials ourselves (Drupal->SeaDragon->Djatoka->Drupal->Fedora). The token identifies an allowed proxy event. The token has a timeout, a limited number of uses, and is limited to PID and DSID. XACML can be applied globaly so when the large image needs to display it's JP2 it always uses token authentication.
This is the relevant code for anyone needing to use the token authentication in another module:
// Get token to allow access to XACML protected datastreams. // Always use token authentication in case there is a global policy. module_load_include('inc', 'islandora', 'includes/islandora_authtokens'); $token = islandora_get_object_token($islandora_object->id, 'JP2', 2); $jp2_url = url("islandora/object/{$islandora_object->id}/datastream/JP2/view", array( 'absolute' => TRUE, 'query' => array('token' => $token), ));
// Display large image $viewer = islandora_get_viewer($jp2_url, 'islandora_large_image_viewers');