cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ff...@apache.org
Subject svn commit: r1507984 - in /cxf/trunk/rt/transports/http/src/main: java/org/apache/cxf/transport/servlet/ java/org/apache/cxf/transport/servlet/servicelist/ resources/OSGI-INF/blueprint/
Date Mon, 29 Jul 2013 09:31:49 GMT
Author: ffang
Date: Mon Jul 29 09:31:48 2013
New Revision: 1507984

URL: http://svn.apache.org/r1507984
Log:
[CXF-5165]add a JAAS authenticator for ServiceListPage

Added:
    cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/servicelist/ServiceListJAASAuthenticator.java
Modified:
    cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/ServletController.java
    cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/servicelist/ServiceListGeneratorServlet.java
    cxf/trunk/rt/transports/http/src/main/resources/OSGI-INF/blueprint/osgiservlet.xml

Modified: cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/ServletController.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/ServletController.java?rev=1507984&r1=1507983&r2=1507984&view=diff
==============================================================================
--- cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/ServletController.java
(original)
+++ cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/ServletController.java
Mon Jul 29 09:31:48 2013
@@ -40,12 +40,17 @@ import org.apache.cxf.transport.http.Abs
 import org.apache.cxf.transport.http.DestinationRegistry;
 
 public class ServletController {
+    
+    public static final String AUTH_SERVICE_LIST = "auth.service.list";
+    public static final String AUTH_SERVICE_LIST_REALM = "auth.service.list.realm";
     protected static final String DEFAULT_LISTINGS_CLASSIFIER = "/services";
     private static final Logger LOG = LogUtils.getL7dLogger(ServletController.class);
     private static final String HTTP_PREFIX = "http";
-    
+        
     protected boolean isHideServiceList;
+    protected boolean isAuthServiceListPage;
     protected boolean disableAddressUpdates;
+    protected String authServiceListPageRealm;
     protected String forcedBaseAddress;
     protected String serviceListRelativePath = DEFAULT_LISTINGS_CLASSIFIER;
     protected ServletConfig servletConfig;
@@ -108,6 +113,17 @@ public class ServletController {
         if (!StringUtils.isEmpty(hideServiceList)) {
             this.isHideServiceList = Boolean.valueOf(hideServiceList);
         }
+        
+        String authServiceListPage = servletConfig.getInitParameter("service-list-page-authenticate");
+        if (!StringUtils.isEmpty(authServiceListPage)) {
+            this.isAuthServiceListPage = Boolean.valueOf(authServiceListPage);
+        }
+        
+        String authServiceListRealm = servletConfig.getInitParameter("service-list-page-authenticate-realm");
+        if (!StringUtils.isEmpty(authServiceListRealm)) {
+            this.authServiceListPageRealm = authServiceListRealm;
+        }
+        
         String isDisableAddressUpdates = servletConfig.getInitParameter("disable-address-updates");
         if (!StringUtils.isEmpty(isDisableAddressUpdates)) {
             this.disableAddressUpdates = Boolean.valueOf(isDisableAddressUpdates);
@@ -143,6 +159,9 @@ public class ServletController {
                     || request.getRequestURI().endsWith(serviceListRelativePath + "/")
                     || StringUtils.isEmpty(pathInfo)
                     || "/".equals(pathInfo))) {
+                    if (isAuthServiceListPage) {
+                        setAuthServiceListPageAttribute(request);
+                    }
                     setBaseURLAttribute(request);
                     serviceListGenerator.service(request, res);
                 } else {
@@ -188,6 +207,12 @@ public class ServletController {
         return true;
     }
 
+    private void setAuthServiceListPageAttribute(HttpServletRequest request) {
+        request.setAttribute(ServletController.AUTH_SERVICE_LIST, this.isAuthServiceListPage);
+        request.setAttribute(ServletController.AUTH_SERVICE_LIST_REALM, this.authServiceListPageRealm);
+        
+    }
+
     public void invokeDestination(final HttpServletRequest request, HttpServletResponse response,
                                   AbstractHTTPDestination d) throws ServletException {
         if (LOG.isLoggable(Level.FINE)) {

Modified: cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/servicelist/ServiceListGeneratorServlet.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/servicelist/ServiceListGeneratorServlet.java?rev=1507984&r1=1507983&r2=1507984&view=diff
==============================================================================
--- cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/servicelist/ServiceListGeneratorServlet.java
(original)
+++ cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/servicelist/ServiceListGeneratorServlet.java
Mon Jul 29 09:31:48 2013
@@ -39,6 +39,7 @@ import org.apache.cxf.message.Message;
 import org.apache.cxf.service.model.EndpointInfo;
 import org.apache.cxf.transport.AbstractDestination;
 import org.apache.cxf.transport.http.DestinationRegistry;
+import org.apache.cxf.transport.servlet.ServletController;
 
 public class ServiceListGeneratorServlet extends HttpServlet {
     private static final long serialVersionUID = -113918058557537996L;
@@ -67,6 +68,19 @@ public class ServiceListGeneratorServlet
     @Override
     public void service(HttpServletRequest request, 
                         HttpServletResponse response) throws ServletException, IOException
{
+        Object obj = request.getAttribute(ServletController.AUTH_SERVICE_LIST);
+        boolean isAuthServiceList = false;
+        if (obj != null) {
+            isAuthServiceList = Boolean.valueOf(obj.toString());
+        }
+        if (isAuthServiceList) {
+            String authServiceListRealm = (String)request.getAttribute(ServletController.AUTH_SERVICE_LIST_REALM);
+            ServiceListJAASAuthenticator authenticator = new ServiceListJAASAuthenticator();
+            authenticator.setRealm(authServiceListRealm);
+            if (!authenticator.authenticate(request, response)) {
+                return;
+            }
+        }
         PrintWriter writer = response.getWriter();
         AbstractDestination[] destinations = destinationRegistry.getSortedDestinations();
         if (request.getParameter("stylesheet") != null) {

Added: cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/servicelist/ServiceListJAASAuthenticator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/servicelist/ServiceListJAASAuthenticator.java?rev=1507984&view=auto
==============================================================================
--- cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/servicelist/ServiceListJAASAuthenticator.java
(added)
+++ cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/servicelist/ServiceListJAASAuthenticator.java
Mon Jul 29 09:31:48 2013
@@ -0,0 +1,163 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.transport.servlet.servicelist;
+
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.security.GeneralSecurityException;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.login.AccountException;
+import javax.security.auth.login.FailedLoginException;
+import javax.security.auth.login.LoginContext;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.common.util.Base64Exception;
+import org.apache.cxf.common.util.Base64Utility;
+import org.apache.cxf.transport.http.blueprint.HttpDestinationBPBeanDefinitionParser;
+
+
+
+public class ServiceListJAASAuthenticator {
+
+    private static final Logger LOG = LogUtils.getL7dLogger(HttpDestinationBPBeanDefinitionParser.class);
+
+    private static final String HEADER_WWW_AUTHENTICATE = "WWW-Authenticate";
+
+    private static final String HEADER_AUTHORIZATION = "Authorization";
+
+    private static final String AUTHENTICATION_SCHEME_BASIC = "Basic";
+
+    private String realm;
+        
+    public String getRealm() {
+        return realm;
+    }
+
+    public void setRealm(String realm) {
+        this.realm = realm;
+    }
+
+    
+    public Object authenticate(final String username, final String password) {
+        return doAuthenticate(username, password);
+    }
+
+    public Subject doAuthenticate(final String username, final String password) {
+        try {
+            Subject subject = new Subject();
+            LoginContext loginContext = new LoginContext(realm, subject, new CallbackHandler()
{
+                public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException
{
+                    for (int i = 0; i < callbacks.length; i++) {
+                        if (callbacks[i] instanceof NameCallback) {
+                            ((NameCallback)callbacks[i]).setName(username);
+                        } else if (callbacks[i] instanceof PasswordCallback) {
+                            ((PasswordCallback)callbacks[i]).setPassword(password.toCharArray());
+                        } else {
+                            throw new UnsupportedCallbackException(callbacks[i]);
+                        }
+                    }
+                }
+            });
+            loginContext.login();
+            return subject;
+        } catch (FailedLoginException e) {
+            LOG.log(Level.FINE, "Login failed ", e);
+            return null;
+        } catch (AccountException e) {
+            LOG.log(Level.WARNING, "Account failure ",  e);
+            return null;
+        } catch (GeneralSecurityException e) {
+            LOG.log(Level.SEVERE, "General Security Exception ", e);
+            return null;
+        }
+    }
+
+    public boolean authenticate(HttpServletRequest request, HttpServletResponse response)
{
+        // Return immediately if the header is missing
+        String authHeader = request.getHeader(HEADER_AUTHORIZATION);
+        if (authHeader != null && authHeader.length() > 0) {
+
+            // Get the authType (Basic, Digest) and authInfo (user/password)
+            // from the header
+            authHeader = authHeader.trim();
+            int blank = authHeader.indexOf(' ');
+            if (blank > 0) {
+                String authType = authHeader.substring(0, blank);
+                String authInfo = authHeader.substring(blank).trim();
+
+                
+                if (authType.equalsIgnoreCase(AUTHENTICATION_SCHEME_BASIC)) {
+                    try {
+                        String srcString = base64Decode(authInfo);
+
+                        int i = srcString.indexOf(':');
+                        String username = srcString.substring(0, i);
+                        String password = srcString.substring(i + 1);
+
+                        // authenticate
+                        Subject subject = doAuthenticate(username, password);
+                        if (subject != null) {
+                            return true;
+                        }
+                       
+                    } catch (Exception e) {
+                        // Ignore
+                    }
+                }
+            }
+        }
+
+        // request authentication
+        try {
+            response.setHeader(HEADER_WWW_AUTHENTICATE, AUTHENTICATION_SCHEME_BASIC + " realm=\""
+                                                        + this.realm + "\"");
+            response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+            response.setContentLength(0);
+            response.flushBuffer();
+        } catch (IOException ioe) {
+            // failed sending the response ... cannot do anything about it
+        }
+
+        // inform HttpService that authentication failed
+        return false;
+    }
+    
+    private static String base64Decode(String srcString) {
+        byte[] transformed = null;
+        try {
+            transformed = Base64Utility.decode(srcString);
+            return new String(transformed, "ISO-8859-1");
+        } catch (UnsupportedEncodingException uee) {
+            return srcString;
+        } catch (Base64Exception e) {
+            return srcString;
+        }
+    }
+
+}

Modified: cxf/trunk/rt/transports/http/src/main/resources/OSGI-INF/blueprint/osgiservlet.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/main/resources/OSGI-INF/blueprint/osgiservlet.xml?rev=1507984&r1=1507983&r2=1507984&view=diff
==============================================================================
--- cxf/trunk/rt/transports/http/src/main/resources/OSGI-INF/blueprint/osgiservlet.xml (original)
+++ cxf/trunk/rt/transports/http/src/main/resources/OSGI-INF/blueprint/osgiservlet.xml Mon
Jul 29 09:31:48 2013
@@ -39,7 +39,8 @@ under the License.
       <cm:property name="org.apache.cxf.servlet.redirect-servlet-name" value=""/>
       <cm:property name="org.apache.cxf.servlet.redirect-servlet-path" value=""/>
       <cm:property name="org.apache.cxf.servlet.service-list-all-contexts" value=""/>
-
+      <cm:property name="org.apache.cxf.servlet.service-list-page-authenticate" value="false"/>
+      <cm:property name="org.apache.cxf.servlet.service-list-page-authenticate-realm"
value="karaf"/>
     </cm:default-properties>
 
   </cm:property-placeholder>
@@ -64,6 +65,8 @@ under the License.
       <entry key="redirect-servlet-name" value="${org.apache.cxf.servlet.redirect-servlet-name}"/>
       <entry key="redirect-servlet-path" value="${org.apache.cxf.servlet.redirect-servlet-path}"/>
       <entry key="service-list-all-contexts" value="${org.apache.cxf.servlet.service-list-all-contexts}"/>
+      <entry key="service-list-page-authenticate" value="${org.apache.cxf.servlet.service-list-page-authenticate}"/>
+      <entry key="service-list-page-authenticate-realm" value="${org.apache.cxf.servlet.service-list-page-authenticate-realm}"/>
     </service-properties>
   </service>
 



Mime
View raw message