cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sergey Beryozkin <sberyoz...@gmail.com>
Subject Re: svn commit: r1507984 - in /cxf/trunk/rt/transports/http/src/main: java/org/apache/cxf/transport/servlet/ java/org/apache/cxf/transport/servlet/servicelist/ resources/OSGI-INF/blueprint/
Date Mon, 29 Jul 2013 16:36:24 GMT
Actually, does not make sense, obviously the request does not continue 
after that, got confused

Sergey

On 29/07/13 10:41, Sergey Beryozkin wrote:
> Hi Freeman
>
> Can you please update ServiceListGeneratorServlet to actually remove the
> temp HTTPServletRequest attributes - because they are not needed any
> more after that ?
>
> The reason is that these attributes will leak into JAX-RS
> ContainerRequestFilter.getProperties() - unfortunately this method has
> been tied to HTTPServletRequest attributes,
>
> Thanks, Sergey
>
> Thanks, Sergey
> On 29/07/13 10:31, ffang@apache.org wrote:
>> Author: ffang
>> Date: Mon Jul 29 09:31:48 2013
>> New Revision: 1507984
>>
>> URL: http://svn.apache.org/r1507984
>> Log:
>> [CXF-5165]add a JAAS authenticator for ServiceListPage
>>
>> Added:
>>
>> cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/servicelist/ServiceListJAASAuthenticator.java
>>
>> Modified:
>>
>> cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/ServletController.java
>>
>>
>> cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/servicelist/ServiceListGeneratorServlet.java
>>
>>
>> cxf/trunk/rt/transports/http/src/main/resources/OSGI-INF/blueprint/osgiservlet.xml
>>
>>
>> Modified:
>> cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/ServletController.java
>>
>> URL:
>> http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/ServletController.java?rev=1507984&r1=1507983&r2=1507984&view=diff
>>
>> ==============================================================================
>>
>> ---
>> cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/ServletController.java
>> (original)
>> +++
>> cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/ServletController.java
>> Mon Jul 29 09:31:48 2013
>> @@ -40,12 +40,17 @@ import org.apache.cxf.transport.http.Abs
>>   import org.apache.cxf.transport.http.DestinationRegistry;
>>
>>   public class ServletController {
>> +
>> +    public static final String AUTH_SERVICE_LIST = "auth.service.list";
>> +    public static final String AUTH_SERVICE_LIST_REALM =
>> "auth.service.list.realm";
>>       protected static final String DEFAULT_LISTINGS_CLASSIFIER =
>> "/services";
>>       private static final Logger LOG =
>> LogUtils.getL7dLogger(ServletController.class);
>>       private static final String HTTP_PREFIX = "http";
>> -
>> +
>>       protected boolean isHideServiceList;
>> +    protected boolean isAuthServiceListPage;
>>       protected boolean disableAddressUpdates;
>> +    protected String authServiceListPageRealm;
>>       protected String forcedBaseAddress;
>>       protected String serviceListRelativePath =
>> DEFAULT_LISTINGS_CLASSIFIER;
>>       protected ServletConfig servletConfig;
>> @@ -108,6 +113,17 @@ public class ServletController {
>>           if (!StringUtils.isEmpty(hideServiceList)) {
>>               this.isHideServiceList = Boolean.valueOf(hideServiceList);
>>           }
>> +
>> +        String authServiceListPage =
>> servletConfig.getInitParameter("service-list-page-authenticate");
>> +        if (!StringUtils.isEmpty(authServiceListPage)) {
>> +            this.isAuthServiceListPage =
>> Boolean.valueOf(authServiceListPage);
>> +        }
>> +
>> +        String authServiceListRealm =
>> servletConfig.getInitParameter("service-list-page-authenticate-realm");
>> +        if (!StringUtils.isEmpty(authServiceListRealm)) {
>> +            this.authServiceListPageRealm = authServiceListRealm;
>> +        }
>> +
>>           String isDisableAddressUpdates =
>> servletConfig.getInitParameter("disable-address-updates");
>>           if (!StringUtils.isEmpty(isDisableAddressUpdates)) {
>>               this.disableAddressUpdates =
>> Boolean.valueOf(isDisableAddressUpdates);
>> @@ -143,6 +159,9 @@ public class ServletController {
>>                       ||
>> request.getRequestURI().endsWith(serviceListRelativePath + "/")
>>                       || StringUtils.isEmpty(pathInfo)
>>                       || "/".equals(pathInfo))) {
>> +                    if (isAuthServiceListPage) {
>> +                        setAuthServiceListPageAttribute(request);
>> +                    }
>>                       setBaseURLAttribute(request);
>>                       serviceListGenerator.service(request, res);
>>                   } else {
>> @@ -188,6 +207,12 @@ public class ServletController {
>>           return true;
>>       }
>>
>> +    private void setAuthServiceListPageAttribute(HttpServletRequest
>> request) {
>> +        request.setAttribute(ServletController.AUTH_SERVICE_LIST,
>> this.isAuthServiceListPage);
>> +
>> request.setAttribute(ServletController.AUTH_SERVICE_LIST_REALM,
>> this.authServiceListPageRealm);
>> +
>> +    }
>> +
>>       public void invokeDestination(final HttpServletRequest request,
>> HttpServletResponse response,
>>                                     AbstractHTTPDestination d) throws
>> ServletException {
>>           if (LOG.isLoggable(Level.FINE)) {
>>
>> Modified:
>> cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/servicelist/ServiceListGeneratorServlet.java
>>
>> URL:
>> http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/servicelist/ServiceListGeneratorServlet.java?rev=1507984&r1=1507983&r2=1507984&view=diff
>>
>> ==============================================================================
>>
>> ---
>> cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/servicelist/ServiceListGeneratorServlet.java
>> (original)
>> +++
>> cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/servicelist/ServiceListGeneratorServlet.java
>> Mon Jul 29 09:31:48 2013
>> @@ -39,6 +39,7 @@ import org.apache.cxf.message.Message;
>>   import org.apache.cxf.service.model.EndpointInfo;
>>   import org.apache.cxf.transport.AbstractDestination;
>>   import org.apache.cxf.transport.http.DestinationRegistry;
>> +import org.apache.cxf.transport.servlet.ServletController;
>>
>>   public class ServiceListGeneratorServlet extends HttpServlet {
>>       private static final long serialVersionUID = -113918058557537996L;
>> @@ -67,6 +68,19 @@ public class ServiceListGeneratorServlet
>>       @Override
>>       public void service(HttpServletRequest request,
>>                           HttpServletResponse response) throws
>> ServletException, IOException {
>> +        Object obj =
>> request.getAttribute(ServletController.AUTH_SERVICE_LIST);
>> +        boolean isAuthServiceList = false;
>> +        if (obj != null) {
>> +            isAuthServiceList = Boolean.valueOf(obj.toString());
>> +        }
>> +        if (isAuthServiceList) {
>> +            String authServiceListRealm =
>> (String)request.getAttribute(ServletController.AUTH_SERVICE_LIST_REALM);
>> +            ServiceListJAASAuthenticator authenticator = new
>> ServiceListJAASAuthenticator();
>> +            authenticator.setRealm(authServiceListRealm);
>> +            if (!authenticator.authenticate(request, response)) {
>> +                return;
>> +            }
>> +        }
>>           PrintWriter writer = response.getWriter();
>>           AbstractDestination[] destinations =
>> destinationRegistry.getSortedDestinations();
>>           if (request.getParameter("stylesheet") != null) {
>>
>> Added:
>> cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/servicelist/ServiceListJAASAuthenticator.java
>>
>> URL:
>> http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/servicelist/ServiceListJAASAuthenticator.java?rev=1507984&view=auto
>>
>> ==============================================================================
>>
>> ---
>> cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/servicelist/ServiceListJAASAuthenticator.java
>> (added)
>> +++
>> cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/servicelist/ServiceListJAASAuthenticator.java
>> Mon Jul 29 09:31:48 2013
>> @@ -0,0 +1,163 @@
>> +/**
>> + * Licensed to the Apache Software Foundation (ASF) under one
>> + * or more contributor license agreements. See the NOTICE file
>> + * distributed with this work for additional information
>> + * regarding copyright ownership. The ASF licenses this file
>> + * to you under the Apache License, Version 2.0 (the
>> + * "License"); you may not use this file except in compliance
>> + * with the License. You may obtain a copy of the License at
>> + *
>> + * http://www.apache.org/licenses/LICENSE-2.0
>> + *
>> + * Unless required by applicable law or agreed to in writing,
>> + * software distributed under the License is distributed on an
>> + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
>> + * KIND, either express or implied. See the License for the
>> + * specific language governing permissions and limitations
>> + * under the License.
>> + */
>> +package org.apache.cxf.transport.servlet.servicelist;
>> +
>> +import java.io.IOException;
>> +import java.io.UnsupportedEncodingException;
>> +import java.security.GeneralSecurityException;
>> +import java.util.logging.Level;
>> +import java.util.logging.Logger;
>> +
>> +import javax.security.auth.Subject;
>> +import javax.security.auth.callback.Callback;
>> +import javax.security.auth.callback.CallbackHandler;
>> +import javax.security.auth.callback.NameCallback;
>> +import javax.security.auth.callback.PasswordCallback;
>> +import javax.security.auth.callback.UnsupportedCallbackException;
>> +import javax.security.auth.login.AccountException;
>> +import javax.security.auth.login.FailedLoginException;
>> +import javax.security.auth.login.LoginContext;
>> +import javax.servlet.http.HttpServletRequest;
>> +import javax.servlet.http.HttpServletResponse;
>> +
>> +import org.apache.cxf.common.logging.LogUtils;
>> +import org.apache.cxf.common.util.Base64Exception;
>> +import org.apache.cxf.common.util.Base64Utility;
>> +import
>> org.apache.cxf.transport.http.blueprint.HttpDestinationBPBeanDefinitionParser;
>>
>> +
>> +
>> +
>> +public class ServiceListJAASAuthenticator {
>> +
>> +    private static final Logger LOG =
>> LogUtils.getL7dLogger(HttpDestinationBPBeanDefinitionParser.class);
>> +
>> +    private static final String HEADER_WWW_AUTHENTICATE =
>> "WWW-Authenticate";
>> +
>> +    private static final String HEADER_AUTHORIZATION = "Authorization";
>> +
>> +    private static final String AUTHENTICATION_SCHEME_BASIC = "Basic";
>> +
>> +    private String realm;
>> +
>> +    public String getRealm() {
>> +        return realm;
>> +    }
>> +
>> +    public void setRealm(String realm) {
>> +        this.realm = realm;
>> +    }
>> +
>> +
>> +    public Object authenticate(final String username, final String
>> password) {
>> +        return doAuthenticate(username, password);
>> +    }
>> +
>> +    public Subject doAuthenticate(final String username, final String
>> password) {
>> +        try {
>> +            Subject subject = new Subject();
>> +            LoginContext loginContext = new LoginContext(realm,
>> subject, new CallbackHandler() {
>> +                public void handle(Callback[] callbacks) throws
>> IOException, UnsupportedCallbackException {
>> +                    for (int i = 0; i < callbacks.length; i++) {
>> +                        if (callbacks[i] instanceof NameCallback) {
>> +
>> ((NameCallback)callbacks[i]).setName(username);
>> +                        } else if (callbacks[i] instanceof
>> PasswordCallback) {
>> +
>> ((PasswordCallback)callbacks[i]).setPassword(password.toCharArray());
>> +                        } else {
>> +                            throw new
>> UnsupportedCallbackException(callbacks[i]);
>> +                        }
>> +                    }
>> +                }
>> +            });
>> +            loginContext.login();
>> +            return subject;
>> +        } catch (FailedLoginException e) {
>> +            LOG.log(Level.FINE, "Login failed ", e);
>> +            return null;
>> +        } catch (AccountException e) {
>> +            LOG.log(Level.WARNING, "Account failure ",  e);
>> +            return null;
>> +        } catch (GeneralSecurityException e) {
>> +            LOG.log(Level.SEVERE, "General Security Exception ", e);
>> +            return null;
>> +        }
>> +    }
>> +
>> +    public boolean authenticate(HttpServletRequest request,
>> HttpServletResponse response) {
>> +        // Return immediately if the header is missing
>> +        String authHeader = request.getHeader(HEADER_AUTHORIZATION);
>> +        if (authHeader != null && authHeader.length() > 0) {
>> +
>> +            // Get the authType (Basic, Digest) and authInfo
>> (user/password)
>> +            // from the header
>> +            authHeader = authHeader.trim();
>> +            int blank = authHeader.indexOf(' ');
>> +            if (blank > 0) {
>> +                String authType = authHeader.substring(0, blank);
>> +                String authInfo = authHeader.substring(blank).trim();
>> +
>> +
>> +                if
>> (authType.equalsIgnoreCase(AUTHENTICATION_SCHEME_BASIC)) {
>> +                    try {
>> +                        String srcString = base64Decode(authInfo);
>> +
>> +                        int i = srcString.indexOf(':');
>> +                        String username = srcString.substring(0, i);
>> +                        String password = srcString.substring(i + 1);
>> +
>> +                        // authenticate
>> +                        Subject subject = doAuthenticate(username,
>> password);
>> +                        if (subject != null) {
>> +                            return true;
>> +                        }
>> +
>> +                    } catch (Exception e) {
>> +                        // Ignore
>> +                    }
>> +                }
>> +            }
>> +        }
>> +
>> +        // request authentication
>> +        try {
>> +            response.setHeader(HEADER_WWW_AUTHENTICATE,
>> AUTHENTICATION_SCHEME_BASIC + " realm=\""
>> +                                                        + this.realm
>> + "\"");
>> +            response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
>> +            response.setContentLength(0);
>> +            response.flushBuffer();
>> +        } catch (IOException ioe) {
>> +            // failed sending the response ... cannot do anything
>> about it
>> +        }
>> +
>> +        // inform HttpService that authentication failed
>> +        return false;
>> +    }
>> +
>> +    private static String base64Decode(String srcString) {
>> +        byte[] transformed = null;
>> +        try {
>> +            transformed = Base64Utility.decode(srcString);
>> +            return new String(transformed, "ISO-8859-1");
>> +        } catch (UnsupportedEncodingException uee) {
>> +            return srcString;
>> +        } catch (Base64Exception e) {
>> +            return srcString;
>> +        }
>> +    }
>> +
>> +}
>>
>> Modified:
>> cxf/trunk/rt/transports/http/src/main/resources/OSGI-INF/blueprint/osgiservlet.xml
>>
>> URL:
>> http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/main/resources/OSGI-INF/blueprint/osgiservlet.xml?rev=1507984&r1=1507983&r2=1507984&view=diff
>>
>> ==============================================================================
>>
>> ---
>> cxf/trunk/rt/transports/http/src/main/resources/OSGI-INF/blueprint/osgiservlet.xml
>> (original)
>> +++
>> cxf/trunk/rt/transports/http/src/main/resources/OSGI-INF/blueprint/osgiservlet.xml
>> Mon Jul 29 09:31:48 2013
>> @@ -39,7 +39,8 @@ under the License.
>>         <cm:property
>> name="org.apache.cxf.servlet.redirect-servlet-name" value=""/>
>>         <cm:property
>> name="org.apache.cxf.servlet.redirect-servlet-path" value=""/>
>>         <cm:property
>> name="org.apache.cxf.servlet.service-list-all-contexts" value=""/>
>> -
>> +      <cm:property
>> name="org.apache.cxf.servlet.service-list-page-authenticate"
>> value="false"/>
>> +      <cm:property
>> name="org.apache.cxf.servlet.service-list-page-authenticate-realm"
>> value="karaf"/>
>>       </cm:default-properties>
>>
>>     </cm:property-placeholder>
>> @@ -64,6 +65,8 @@ under the License.
>>         <entry key="redirect-servlet-name"
>> value="${org.apache.cxf.servlet.redirect-servlet-name}"/>
>>         <entry key="redirect-servlet-path"
>> value="${org.apache.cxf.servlet.redirect-servlet-path}"/>
>>         <entry key="service-list-all-contexts"
>> value="${org.apache.cxf.servlet.service-list-all-contexts}"/>
>> +      <entry key="service-list-page-authenticate"
>> value="${org.apache.cxf.servlet.service-list-page-authenticate}"/>
>> +      <entry key="service-list-page-authenticate-realm"
>> value="${org.apache.cxf.servlet.service-list-page-authenticate-realm}"/>
>>       </service-properties>
>>     </service>
>>
>>
>>
>
>


Mime
View raw message