ace-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From j...@apache.org
Subject svn commit: r1727306 - in /ace/trunk: org.apache.ace.gogo.servlet/ org.apache.ace.gogo.servlet/src/org/apache/ace/gogo/servlet/ org.apache.ace.obr/src/org/apache/ace/obr/servlet/ run-client/conf/ run-server-allinone/conf/
Date Thu, 28 Jan 2016 10:49:38 GMT
Author: jawi
Date: Thu Jan 28 10:49:38 2016
New Revision: 1727306

URL: http://svn.apache.org/viewvc?rev=1727306&view=rev
Log:
ACE-511 - ScriptServlet does not apply security:

- applied patch from @brampouwelse to let this servlet use the same
  authentication mechanism as all other servlets.


Modified:
    ace/trunk/org.apache.ace.gogo.servlet/bnd.bnd
    ace/trunk/org.apache.ace.gogo.servlet/src/org/apache/ace/gogo/servlet/Activator.java
    ace/trunk/org.apache.ace.gogo.servlet/src/org/apache/ace/gogo/servlet/ScriptServlet.java
    ace/trunk/org.apache.ace.obr/src/org/apache/ace/obr/servlet/BundleServlet.java
    ace/trunk/run-client/conf/org.apache.ace.gogo.servlet.cfg
    ace/trunk/run-server-allinone/conf/org.apache.ace.gogo.servlet.cfg

Modified: ace/trunk/org.apache.ace.gogo.servlet/bnd.bnd
URL: http://svn.apache.org/viewvc/ace/trunk/org.apache.ace.gogo.servlet/bnd.bnd?rev=1727306&r1=1727305&r2=1727306&view=diff
==============================================================================
--- ace/trunk/org.apache.ace.gogo.servlet/bnd.bnd (original)
+++ ace/trunk/org.apache.ace.gogo.servlet/bnd.bnd Thu Jan 28 10:49:38 2016
@@ -8,6 +8,7 @@ Bundle-Version: 1.0.0
 	org.apache.felix.http.servlet-api,\
 	org.apache.felix.dependencymanager,\
 	org.apache.ace.gogo;version=latest,\
-	org.apache.felix.gogo.runtime
+	org.apache.felix.gogo.runtime,\
+	org.apache.ace.authentication.api;version=latest
 Bundle-Activator: org.apache.ace.gogo.servlet.Activator
 Private-Package: org.apache.ace.gogo.servlet

Modified: ace/trunk/org.apache.ace.gogo.servlet/src/org/apache/ace/gogo/servlet/Activator.java
URL: http://svn.apache.org/viewvc/ace/trunk/org.apache.ace.gogo.servlet/src/org/apache/ace/gogo/servlet/Activator.java?rev=1727306&r1=1727305&r2=1727306&view=diff
==============================================================================
--- ace/trunk/org.apache.ace.gogo.servlet/src/org/apache/ace/gogo/servlet/Activator.java (original)
+++ ace/trunk/org.apache.ace.gogo.servlet/src/org/apache/ace/gogo/servlet/Activator.java Thu
Jan 28 10:49:38 2016
@@ -20,6 +20,7 @@ package org.apache.ace.gogo.servlet;
 
 import javax.servlet.Servlet;
 
+import org.apache.ace.authentication.api.AuthenticationService;
 import org.apache.felix.dm.DependencyActivatorBase;
 import org.apache.felix.dm.DependencyManager;
 import org.apache.felix.service.command.CommandProcessor;
@@ -38,11 +39,8 @@ public class Activator extends Dependenc
             .add(createConfigurationDependency().setPropagate(true).setPid(SCRIPT_SERVLET_PID))
             .add(createServiceDependency().setService(CommandProcessor.class).setRequired(true))
             .add(createServiceDependency().setService(LogService.class).setRequired(false))
+            .add(createServiceDependency().setService(AuthenticationService.class).setRequired(true))
         );
     }
 
-    @Override
-    public void destroy(BundleContext context, DependencyManager manager) throws Exception
{
-        // nothing to do here for now
-    }
 }

Modified: ace/trunk/org.apache.ace.gogo.servlet/src/org/apache/ace/gogo/servlet/ScriptServlet.java
URL: http://svn.apache.org/viewvc/ace/trunk/org.apache.ace.gogo.servlet/src/org/apache/ace/gogo/servlet/ScriptServlet.java?rev=1727306&r1=1727305&r2=1727306&view=diff
==============================================================================
--- ace/trunk/org.apache.ace.gogo.servlet/src/org/apache/ace/gogo/servlet/ScriptServlet.java
(original)
+++ ace/trunk/org.apache.ace.gogo.servlet/src/org/apache/ace/gogo/servlet/ScriptServlet.java
Thu Jan 28 10:49:38 2016
@@ -18,6 +18,8 @@
  */
 package org.apache.ace.gogo.servlet;
 
+import static javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED;
+
 import java.io.IOException;
 import java.io.InputStream;
 import java.util.Dictionary;
@@ -30,9 +32,13 @@ import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.ace.authentication.api.AuthenticationService;
 import org.apache.felix.service.command.CommandProcessor;
 import org.apache.felix.service.command.CommandSession;
+import org.osgi.service.cm.ConfigurationException;
+import org.osgi.service.cm.ManagedService;
 import org.osgi.service.log.LogService;
+import org.osgi.service.useradmin.User;
 
 /**
  * Servlet that can execute a Gogo script provided by the caller. Note that this is a generic
service that is not
@@ -44,12 +50,19 @@ import org.osgi.service.log.LogService;
  * 
  * Motivation: provide the ability to script client calls to an ACE server for various automation
purposes.
  */
-public class ScriptServlet extends HttpServlet {
+public class ScriptServlet extends HttpServlet implements ManagedService {
     private static final long serialVersionUID = -7838800050936438994L;
     private static final String SCRIPT_KEY = "script";
+    /** A boolean denoting whether or not authentication is enabled. */
+    private static final String KEY_USE_AUTHENTICATION = "authentication.enabled";
+    
     private volatile LogService m_logger;
     private volatile CommandProcessor m_processor;
+    private volatile AuthenticationService m_authService;
+    
+    private boolean m_useAuth = false;
 
+    @Override
     protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException,
IOException {
         Dictionary<String, String> scriptDefinition = toDictionary(req.getParameterMap());
         respondToScriptRequest(resp, scriptDefinition);
@@ -63,6 +76,33 @@ public class ScriptServlet extends HttpS
         scriptDefinition.put(SCRIPT_KEY, script);
         respondToScriptRequest(resp, scriptDefinition);
     }
+    
+    @Override
+    protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException,
IOException {
+        if (!authenticate(req)) {
+            // Authentication failed; don't proceed with the original request...
+            resp.sendError(SC_UNAUTHORIZED);
+        } else {
+            // Authentication successful, proceed with original request...
+            super.service(req, resp);
+        }
+    }
+    /**
+     * Authenticates, if needed the user with the information from the given request.
+     * 
+     * @param request the request to obtain the credentials from, cannot be <code>null</code>.
+     * @return <code>true</code> if the authentication was successful, <code>false</code>
otherwise.
+     */
+    private boolean authenticate(HttpServletRequest request) {
+        if (m_useAuth) {
+            User user = m_authService.authenticate(request);
+            if (user == null) {
+                m_logger.log(LogService.LOG_INFO, "Authentication failure!");
+            }
+            return (user != null);
+        }
+        return true;
+    }
 
     private void respondToScriptRequest(HttpServletResponse resp, Dictionary<String, String>
scriptDefinition) throws IOException {
         try {
@@ -116,4 +156,17 @@ public class ScriptServlet extends HttpS
             return scanner.hasNext() ? scanner.next() : null;
         }
     }
+    
+    @Override
+    public void updated(Dictionary<String, ?> settings) throws ConfigurationException
{
+        if (settings != null) {
+            String useAuthString = (String) settings.get(KEY_USE_AUTHENTICATION);
+            if (useAuthString == null
+                || !("true".equalsIgnoreCase(useAuthString) || "false".equalsIgnoreCase(useAuthString)))
{
+                throw new ConfigurationException(KEY_USE_AUTHENTICATION, "Missing or invalid
value!");
+            }
+            boolean useAuth = Boolean.parseBoolean(useAuthString);
+            m_useAuth = useAuth;
+        }
+    }
 }

Modified: ace/trunk/org.apache.ace.obr/src/org/apache/ace/obr/servlet/BundleServlet.java
URL: http://svn.apache.org/viewvc/ace/trunk/org.apache.ace.obr/src/org/apache/ace/obr/servlet/BundleServlet.java?rev=1727306&r1=1727305&r2=1727306&view=diff
==============================================================================
--- ace/trunk/org.apache.ace.obr/src/org/apache/ace/obr/servlet/BundleServlet.java (original)
+++ ace/trunk/org.apache.ace.obr/src/org/apache/ace/obr/servlet/BundleServlet.java Thu Jan
28 10:49:38 2016
@@ -73,7 +73,7 @@ public class BundleServlet extends HttpS
         return "Apache ACE OBR Servlet";
     }
 
-    public void updated(Dictionary settings) throws ConfigurationException {
+    public void updated(Dictionary<String, ?> settings) throws ConfigurationException
{
         if (settings != null) {
             String useAuthString = (String) settings.get(KEY_USE_AUTHENTICATION);
             if (useAuthString == null

Modified: ace/trunk/run-client/conf/org.apache.ace.gogo.servlet.cfg
URL: http://svn.apache.org/viewvc/ace/trunk/run-client/conf/org.apache.ace.gogo.servlet.cfg?rev=1727306&r1=1727305&r2=1727306&view=diff
==============================================================================
--- ace/trunk/run-client/conf/org.apache.ace.gogo.servlet.cfg (original)
+++ ace/trunk/run-client/conf/org.apache.ace.gogo.servlet.cfg Thu Jan 28 10:49:38 2016
@@ -1,4 +1,4 @@
 # Licensed to the Apache Software Foundation (ASF) under the terms of ASLv2 (http://www.apache.org/licenses/LICENSE-2.0).
 
 org.apache.ace.server.servlet.endpoint=/gogo
-
+authentication.enabled=false

Modified: ace/trunk/run-server-allinone/conf/org.apache.ace.gogo.servlet.cfg
URL: http://svn.apache.org/viewvc/ace/trunk/run-server-allinone/conf/org.apache.ace.gogo.servlet.cfg?rev=1727306&r1=1727305&r2=1727306&view=diff
==============================================================================
--- ace/trunk/run-server-allinone/conf/org.apache.ace.gogo.servlet.cfg (original)
+++ ace/trunk/run-server-allinone/conf/org.apache.ace.gogo.servlet.cfg Thu Jan 28 10:49:38
2016
@@ -1,3 +1,4 @@
 # Licensed to the Apache Software Foundation (ASF) under the terms of ASLv2 (http://www.apache.org/licenses/LICENSE-2.0).
 
 org.apache.ace.server.servlet.endpoint=/gogo
+authentication.enabled=false



Mime
View raw message