brooklyn-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From grk...@apache.org
Subject [6/8] git commit: Add logout text next to username and fix issues with logout
Date Sun, 12 Oct 2014 00:11:16 GMT
Add logout text next to username and fix issues with logout


Project: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/commit/0793f3b4
Tree: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/tree/0793f3b4
Diff: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/diff/0793f3b4

Branch: refs/heads/master
Commit: 0793f3b4e46e28f2259aea84779efce452154431
Parents: f904f55
Author: Andrew Kennedy <grkvlt@apache.org>
Authored: Wed Oct 8 17:45:28 2014 +0100
Committer: Andrew Kennedy <grkvlt@apache.org>
Committed: Fri Oct 10 15:03:14 2014 +0100

----------------------------------------------------------------------
 usage/jsgui/src/main/webapp/index.html          |  4 +-
 .../BrooklynPropertiesSecurityFilter.java       | 75 ++++++++++++--------
 .../provider/AbstractSecurityProvider.java      |  4 +-
 .../provider/DelegatingSecurityProvider.java    | 15 ++--
 4 files changed, 59 insertions(+), 39 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/0793f3b4/usage/jsgui/src/main/webapp/index.html
----------------------------------------------------------------------
diff --git a/usage/jsgui/src/main/webapp/index.html b/usage/jsgui/src/main/webapp/index.html
index ffc5722..b1436b3 100644
--- a/usage/jsgui/src/main/webapp/index.html
+++ b/usage/jsgui/src/main/webapp/index.html
@@ -44,7 +44,7 @@ under the License.
 
 <div class="navbar navbar-fixed-top">
     <div class="navbar-inner">
-        <div class="userName-top"><a href="/logout"><span id="user"></span></a></div>
+        <div class="userName-top"><span id="user"></span> | <a href="/logout">Log
out</a></div>
         <div class="container">
             <a class="logo" href="#" title="Brooklyn, Version 0.7.0-SNAPSHOT"><!--
Logo added via CSS --></a> <!-- BROOKLYN_VERSION -->
             <div class="menubar-top">
@@ -62,7 +62,7 @@ under the License.
                     <li><a href="#v1/help" class="nav1 nav1_help"><b>?</b></a></li>
                 </ul>
             </div>
-		</div>
+        </div>
     </div>
 </div>
 

http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/0793f3b4/usage/rest-server/src/main/java/brooklyn/rest/filter/BrooklynPropertiesSecurityFilter.java
----------------------------------------------------------------------
diff --git a/usage/rest-server/src/main/java/brooklyn/rest/filter/BrooklynPropertiesSecurityFilter.java
b/usage/rest-server/src/main/java/brooklyn/rest/filter/BrooklynPropertiesSecurityFilter.java
index 0477044..8d9d560 100644
--- a/usage/rest-server/src/main/java/brooklyn/rest/filter/BrooklynPropertiesSecurityFilter.java
+++ b/usage/rest-server/src/main/java/brooklyn/rest/filter/BrooklynPropertiesSecurityFilter.java
@@ -19,9 +19,11 @@
 package brooklyn.rest.filter;
 
 import java.io.IOException;
+
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
 import javax.servlet.FilterConfig;
+import javax.servlet.RequestDispatcher;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
@@ -32,8 +34,6 @@ import javax.servlet.http.HttpSession;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import com.sun.jersey.core.util.Base64;
-
 import brooklyn.config.BrooklynServiceAttributes;
 import brooklyn.management.ManagementContext;
 import brooklyn.management.entitlement.Entitlements;
@@ -41,6 +41,8 @@ import brooklyn.management.entitlement.WebEntitlementContext;
 import brooklyn.rest.security.provider.DelegatingSecurityProvider;
 import brooklyn.util.text.Strings;
 
+import com.sun.jersey.core.util.Base64;
+
 /**
  * Provides basic HTTP authentication.
  */
@@ -61,15 +63,18 @@ public class BrooklynPropertiesSecurityFilter implements Filter {
     public static final String REMOTE_ADDRESS_SESSION_ATTRIBUTE = "request.remoteAddress";
 
     private static final Logger log = LoggerFactory.getLogger(BrooklynPropertiesSecurityFilter.class);
-    
+
     protected DelegatingSecurityProvider provider;
-    
+
     private static ThreadLocal<String> originalRequest = new ThreadLocal<String>();
 
     @Override
     public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
         HttpServletRequest httpRequest = (HttpServletRequest) request;
         HttpServletResponse httpResponse = (HttpServletResponse) response;
+        String uri = httpRequest.getRequestURI();
+        String uid = RequestTaggingFilter.getTag();
+        String user = Strings.toString(httpRequest.getSession().getAttribute(AUTHENTICATED_USER_SESSION_ATTRIBUTE));
 
         if (provider == null) {
             log.warn("No security provider available: disallowing web access to brooklyn");
@@ -77,29 +82,42 @@ public class BrooklynPropertiesSecurityFilter implements Filter {
             return;
         }
 
-        if (handleLogout(httpRequest) || !authenticate(httpRequest)) {
+        if (originalRequest.get() != null) {
+            // clear the entitlement context before setting to avoid warnings
+            Entitlements.clearEntitlementContext();
+        } else {
+            originalRequest.set(uri);
+        }
+
+        boolean authenticated = provider.isAuthenticated(httpRequest.getSession());
+        if ("/logout".equals(uri) || "/v1/logout".equals(uri)) {
+            httpResponse.setHeader("WWW-Authenticate", "Basic realm=\"brooklyn\"");
+            if (authenticated && httpRequest.getSession().getAttributeNames().hasMoreElements())
{
+                logout(httpRequest);
+                httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+            } else {
+                RequestDispatcher dispatcher = httpRequest.getRequestDispatcher("/");
+                dispatcher.forward(httpRequest, httpResponse);
+            }
+            return;
+        }
+
+        if (!(httpRequest.getSession().getAttributeNames().hasMoreElements() && provider.isAuthenticated(httpRequest.getSession()))
||
+                "/logout".equals(originalRequest.get())) {
+            authenticated = authenticate(httpRequest);
+        }
+
+        if (!authenticated) {
             httpResponse.setHeader("WWW-Authenticate", "Basic realm=\"brooklyn\"");
             httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
             return;
         }
 
-        String uri = httpRequest.getRequestURI();
-        String uid = RequestTaggingFilter.getTag();
-        String user = Strings.toString(httpRequest.getSession().getAttribute(AUTHENTICATED_USER_SESSION_ATTRIBUTE));
         try {
             WebEntitlementContext entitlementContext = new WebEntitlementContext(user, httpRequest.getRemoteAddr(),
uri, uid);
-            if (originalRequest.get() == null) {
-                // initial filter application
-                originalRequest.set(uri);
-            } else {
-                // this filter is being applied *again*, probably due to forwarding (e.g.
from '/' to '/index.html')
-                // clear the entitlement context before setting to avoid warnings
-                Entitlements.clearEntitlementContext();
-            }
             Entitlements.setEntitlementContext(entitlementContext);
 
             chain.doFilter(request, response);
-
         } catch (Throwable e) {
             if (!response.isCommitted()) {
                 httpResponse.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
@@ -108,7 +126,6 @@ public class BrooklynPropertiesSecurityFilter implements Filter {
             originalRequest.remove();
             Entitlements.clearEntitlementContext();
         }
-
     }
 
     protected boolean authenticate(HttpServletRequest request) {
@@ -130,7 +147,7 @@ public class BrooklynPropertiesSecurityFilter implements Filter {
             }
             return true;
         }
-        
+
         return false;
     }
 
@@ -139,22 +156,18 @@ public class BrooklynPropertiesSecurityFilter implements Filter {
         ManagementContext mgmt = (ManagementContext) config.getServletContext().getAttribute(BrooklynServiceAttributes.BROOKLYN_MANAGEMENT_CONTEXT);
         provider = new DelegatingSecurityProvider(mgmt);
     }
-    
+
     @Override
     public void destroy() {
     }
 
-    protected boolean handleLogout(HttpServletRequest request) {
-        if ("/logout".equals(request.getRequestURI()) || "/v1/logout".equals(request.getRequestURI()))
{
-            log.info("REST logging {} out of session {}",
-                    request.getSession().getAttribute(AUTHENTICATED_USER_SESSION_ATTRIBUTE),
request.getSession().getId());
-            provider.logout(request.getSession());
-            request.getSession().removeAttribute(AUTHENTICATED_USER_SESSION_ATTRIBUTE);
-            request.getSession().removeAttribute(REMOTE_ADDRESS_SESSION_ATTRIBUTE);
-            request.getSession().invalidate();
-            return true;
-        }
-        return false;
+    protected void logout(HttpServletRequest request) {
+        log.info("REST logging {} out of session {}",
+                request.getSession().getAttribute(AUTHENTICATED_USER_SESSION_ATTRIBUTE),
request.getSession().getId());
+        provider.logout(request.getSession());
+        request.getSession().removeAttribute(AUTHENTICATED_USER_SESSION_ATTRIBUTE);
+        request.getSession().removeAttribute(REMOTE_ADDRESS_SESSION_ATTRIBUTE);
+        request.getSession().invalidate();
     }
 
 }

http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/0793f3b4/usage/rest-server/src/main/java/brooklyn/rest/security/provider/AbstractSecurityProvider.java
----------------------------------------------------------------------
diff --git a/usage/rest-server/src/main/java/brooklyn/rest/security/provider/AbstractSecurityProvider.java
b/usage/rest-server/src/main/java/brooklyn/rest/security/provider/AbstractSecurityProvider.java
index 90b413f..6fd2f30 100644
--- a/usage/rest-server/src/main/java/brooklyn/rest/security/provider/AbstractSecurityProvider.java
+++ b/usage/rest-server/src/main/java/brooklyn/rest/security/provider/AbstractSecurityProvider.java
@@ -20,6 +20,8 @@ package brooklyn.rest.security.provider;
 
 import javax.servlet.http.HttpSession;
 
+import brooklyn.util.text.Strings;
+
 /**
  * Provides default implementations of {@link #isAuthenticated(HttpSession)} and
  * {@link #logout(HttpSession)}.
@@ -30,7 +32,7 @@ public abstract class AbstractSecurityProvider implements SecurityProvider
{
     public boolean isAuthenticated(HttpSession session) {
         if (session == null) return false;
         Object value = session.getAttribute(getAuthenticationKey());
-        return value != null && Boolean.TRUE.equals(value);
+        return Strings.isNonBlank(Strings.toString(value));
     }
 
     @Override

http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/0793f3b4/usage/rest-server/src/main/java/brooklyn/rest/security/provider/DelegatingSecurityProvider.java
----------------------------------------------------------------------
diff --git a/usage/rest-server/src/main/java/brooklyn/rest/security/provider/DelegatingSecurityProvider.java
b/usage/rest-server/src/main/java/brooklyn/rest/security/provider/DelegatingSecurityProvider.java
index 567eb13..d14e582 100644
--- a/usage/rest-server/src/main/java/brooklyn/rest/security/provider/DelegatingSecurityProvider.java
+++ b/usage/rest-server/src/main/java/brooklyn/rest/security/provider/DelegatingSecurityProvider.java
@@ -106,18 +106,19 @@ public class DelegatingSecurityProvider implements SecurityProvider
{
 
     @Override
     public boolean isAuthenticated(HttpSession session) {
+        if (session == null) return false;
         Object modCountWhenFirstAuthenticated = session.getAttribute(getModificationCountKey());
         boolean authenticated = getDelegate().isAuthenticated(session) &&
-                modCountWhenFirstAuthenticated != null && ((Long) modCount.get()).equals(modCountWhenFirstAuthenticated);
-        if (authenticated) {
-            session.setAttribute(getModificationCountKey(), modCount.get());
-        }
+                Long.valueOf(modCount.get()).equals(modCountWhenFirstAuthenticated);
         return authenticated;
     }
 
     @Override
     public boolean authenticate(HttpSession session, String user, String password) {
         boolean authenticated = getDelegate().authenticate(session, user, password);
+        if (authenticated) {
+            session.setAttribute(getModificationCountKey(), modCount.get());
+        }
         if (log.isTraceEnabled() && authenticated) {
             log.trace("User {} authenticated with provider {}", user, getDelegate());
         } else if (!authenticated && log.isDebugEnabled()) {
@@ -128,7 +129,11 @@ public class DelegatingSecurityProvider implements SecurityProvider {
 
     @Override
     public boolean logout(HttpSession session) { 
-        return getDelegate().logout(session);
+        boolean logout = getDelegate().logout(session);
+        if (logout) {
+            session.removeAttribute(getModificationCountKey());
+        }
+        return logout;
     }
 
     private String getModificationCountKey() {


Mime
View raw message