abdera-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jmsn...@apache.org
Subject svn commit: r482415 - in /incubator/abdera/java/trunk/security/src/main/java/org/apache/abdera/security/util/servlet: SecurityFilter.java SignedRequestFilter.java
Date Mon, 04 Dec 2006 23:55:48 GMT
Author: jmsnell
Date: Mon Dec  4 15:55:39 2006
New Revision: 482415

URL: http://svn.apache.org/viewvc?view=rev&rev=482415
Log:
Servlet filter that checks for valid XML DSig's in Atom documents PUT or POST to the server.

Added:
    incubator/abdera/java/trunk/security/src/main/java/org/apache/abdera/security/util/servlet/SignedRequestFilter.java
Modified:
    incubator/abdera/java/trunk/security/src/main/java/org/apache/abdera/security/util/servlet/SecurityFilter.java

Modified: incubator/abdera/java/trunk/security/src/main/java/org/apache/abdera/security/util/servlet/SecurityFilter.java
URL: http://svn.apache.org/viewvc/incubator/abdera/java/trunk/security/src/main/java/org/apache/abdera/security/util/servlet/SecurityFilter.java?view=diff&rev=482415&r1=482414&r2=482415
==============================================================================
--- incubator/abdera/java/trunk/security/src/main/java/org/apache/abdera/security/util/servlet/SecurityFilter.java
(original)
+++ incubator/abdera/java/trunk/security/src/main/java/org/apache/abdera/security/util/servlet/SecurityFilter.java
Mon Dec  4 15:55:39 2006
@@ -17,17 +17,24 @@
 */
 package org.apache.abdera.security.util.servlet;
 
+import java.io.BufferedReader;
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.CharArrayReader;
 import java.io.CharArrayWriter;
 import java.io.IOException;
 import java.io.InputStream;
+import java.io.InputStreamReader;
 import java.io.PrintWriter;
 import java.io.Reader;
 
 import javax.servlet.Filter;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletInputStream;
 import javax.servlet.ServletOutputStream;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletRequestWrapper;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpServletResponseWrapper;
 
@@ -36,6 +43,7 @@
 import org.apache.abdera.model.Element;
 import org.apache.abdera.parser.Parser;
 import org.apache.abdera.security.AbderaSecurity;
+import org.apache.abdera.util.io.RewindableInputStream;
 
 public abstract class SecurityFilter 
   implements Filter {
@@ -48,6 +56,9 @@
     this.security = new AbderaSecurity(abdera);
   }
   
+  public void init(FilterConfig config) throws ServletException {
+  }
+  
   public void destroy() {
   }
 
@@ -65,7 +76,7 @@
     } catch (Exception e) {}
     return null;
   }
- 
+  
   public static class BufferingResponseWrapper 
     extends HttpServletResponseWrapper {
     
@@ -136,4 +147,60 @@
     
   }
 
+  public static class BufferedRequestWrapper 
+  extends HttpServletRequestWrapper {
+  
+  private BufferedServletInputStream bin;
+  private RewindableInputStream rin;
+  private BufferedReader rdr;
+  
+  public BufferedRequestWrapper(HttpServletRequest request) {
+    super(request);
+  }
+
+  @Override
+  public ServletInputStream getInputStream() throws IOException {
+    if (rdr != null) throw new IllegalStateException();
+    if (bin == null) {
+      rin = new RewindableInputStream(super.getInputStream());
+      bin = new BufferedServletInputStream(rin);
+    }
+    return bin;
+  }
+
+  @Override
+  public BufferedReader getReader() throws IOException {
+    if (rdr == null) {
+      String charset = this.getCharacterEncoding();
+      rdr = (charset == null) ?
+        new BufferedReader(new InputStreamReader(getInputStream())) :
+        new BufferedReader(new InputStreamReader(getInputStream(),charset));
+    }
+    return rdr;
+  }
+ 
+  public void reset() throws IOException {
+    if (bin != null) rin.rewind();
+    rdr = null;
+  }
+}
+
+public static class BufferedServletInputStream 
+  extends ServletInputStream {
+
+  private InputStream in;
+  
+  public BufferedServletInputStream(InputStream in) {
+    this.in = in;
+    try {
+      in.mark(in.available());
+    } catch (Exception e) {}
+  }
+  
+  @Override
+  public int read() throws IOException {
+    return in.read();
+  }
+  
+}
 }

Added: incubator/abdera/java/trunk/security/src/main/java/org/apache/abdera/security/util/servlet/SignedRequestFilter.java
URL: http://svn.apache.org/viewvc/incubator/abdera/java/trunk/security/src/main/java/org/apache/abdera/security/util/servlet/SignedRequestFilter.java?view=auto&rev=482415
==============================================================================
--- incubator/abdera/java/trunk/security/src/main/java/org/apache/abdera/security/util/servlet/SignedRequestFilter.java
(added)
+++ incubator/abdera/java/trunk/security/src/main/java/org/apache/abdera/security/util/servlet/SignedRequestFilter.java
Mon Dec  4 15:55:39 2006
@@ -0,0 +1,79 @@
+/*
+* Licensed to the Apache Software Foundation (ASF) under one or more
+* contributor license agreements.  The ASF licenses this file to You
+* under the Apache License, Version 2.0 (the "License"); you may not
+* use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+*     http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.  For additional information regarding
+* copyright in this work, please see the NOTICE file in the top level
+* directory of this distribution.
+*/
+package org.apache.abdera.security.util.servlet;
+
+import java.io.IOException;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.abdera.Abdera;
+import org.apache.abdera.model.Document;
+import org.apache.abdera.model.Element;
+import org.apache.abdera.security.AbderaSecurity;
+import org.apache.abdera.security.Signature;
+
+/**
+ * Servlet Filter that verifies that an Atom document received by the server
+ * via PUT or POST contains a valid XML Digital Signature.  
+ */
+public class SignedRequestFilter 
+  extends SecurityFilter {
+
+  public static final String VALID = "org.apache.abdera.security.util.servlet.SignedRequestFilter.valid";
+  public static final String CERTS = "org.apache.abdera.security.util.servlet.SignedRequestFilter.certs";
+  
+  public void doFilter(
+    ServletRequest request, 
+    ServletResponse response,
+    FilterChain filter) 
+      throws IOException, ServletException {
+    
+    HttpServletRequest req = (HttpServletRequest) request;
+    String method = req.getMethod();
+    if (method.equals("POST") || method.equals("PUT")) {
+      BufferedRequestWrapper wrapper = 
+        new BufferedRequestWrapper((HttpServletRequest) request);
+      try {
+        Abdera abdera = new Abdera();
+        AbderaSecurity absec = new AbderaSecurity(abdera);
+        Signature sig = absec.getSignature();
+        Document<Element> doc = abdera.getParser().parse(wrapper.getInputStream());
+        boolean valid = sig.verify(doc.getRoot(), null);
+        if (!valid) {
+          ((HttpServletResponse)response).sendError(
+            400, "A Valid Signature is required");
+          return;
+        }
+        wrapper.setAttribute(VALID, Boolean.valueOf(valid));
+        wrapper.setAttribute(CERTS, sig.getValidSignatureCertificates(doc.getRoot(), null));
+      } catch (Exception e) {
+        e.printStackTrace();
+      } 
+      wrapper.reset();
+      filter.doFilter(wrapper, response);
+    } else {
+      filter.doFilter(request, response);
+    }
+  }
+
+}



Mime
View raw message