Return-Path: X-Original-To: apmail-portals-jetspeed-dev-archive@www.apache.org Delivered-To: apmail-portals-jetspeed-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id ED90611357 for ; Thu, 11 Sep 2014 05:26:11 +0000 (UTC) Received: (qmail 98507 invoked by uid 500); 11 Sep 2014 05:26:11 -0000 Delivered-To: apmail-portals-jetspeed-dev-archive@portals.apache.org Received: (qmail 98469 invoked by uid 500); 11 Sep 2014 05:26:11 -0000 Mailing-List: contact jetspeed-dev-help@portals.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Jetspeed Developers List" Delivered-To: mailing list jetspeed-dev@portals.apache.org Received: (qmail 98458 invoked by uid 99); 11 Sep 2014 05:26:11 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 11 Sep 2014 05:26:11 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 11 Sep 2014 05:25:47 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id D05DE23888D2; Thu, 11 Sep 2014 05:25:44 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1624197 - in /portals/jetspeed-2/applications/j2-admin/trunk: ./ src/main/java/org/apache/jetspeed/portlets/sso/ src/main/webapp/WEB-INF/ Date: Thu, 11 Sep 2014 05:25:44 -0000 To: jetspeed-dev@portals.apache.org From: woonsan@apache.org X-Mailer: svnmailer-1.0.9 Message-Id: <20140911052544.D05DE23888D2@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: woonsan Date: Thu Sep 11 05:25:44 2014 New Revision: 1624197 URL: http://svn.apache.org/r1624197 Log: JS2-1304: basic authentication based sso integration in SSOReverseProxyIFramePortlet Added: portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/sso/JetspeedHttpClientContextBuilder.java portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/sso/JetspeedSSOSiteCredentials.java portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/sso/SSOReverseProxyServlet.java Modified: portals/jetspeed-2/applications/j2-admin/trunk/pom.xml portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/sso/SSOReverseProxyIFramePortlet.java portals/jetspeed-2/applications/j2-admin/trunk/src/main/webapp/WEB-INF/web.xml Modified: portals/jetspeed-2/applications/j2-admin/trunk/pom.xml URL: http://svn.apache.org/viewvc/portals/jetspeed-2/applications/j2-admin/trunk/pom.xml?rev=1624197&r1=1624196&r2=1624197&view=diff ============================================================================== --- portals/jetspeed-2/applications/j2-admin/trunk/pom.xml (original) +++ portals/jetspeed-2/applications/j2-admin/trunk/pom.xml Thu Sep 11 05:25:44 2014 @@ -44,6 +44,7 @@ 1.3.1 2.4 1.9.2 + 1.6 1.5.6 1.1.2 2.4 @@ -216,6 +217,11 @@ commons-fileupload ${commons-fileupload.version} + + commons-codec + commons-codec + ${commons-codec.version} + Added: portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/sso/JetspeedHttpClientContextBuilder.java URL: http://svn.apache.org/viewvc/portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/sso/JetspeedHttpClientContextBuilder.java?rev=1624197&view=auto ============================================================================== --- portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/sso/JetspeedHttpClientContextBuilder.java (added) +++ portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/sso/JetspeedHttpClientContextBuilder.java Thu Sep 11 05:25:44 2014 @@ -0,0 +1,97 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.jetspeed.portlets.sso; + +import java.util.List; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpSession; + +import org.apache.http.HttpHost; +import org.apache.http.auth.AuthScope; +import org.apache.http.auth.UsernamePasswordCredentials; +import org.apache.http.client.protocol.HttpClientContext; +import org.apache.http.impl.auth.BasicScheme; +import org.apache.http.impl.client.BasicAuthCache; +import org.apache.http.impl.client.BasicCredentialsProvider; +import org.apache.portals.applications.webcontent2.proxy.HttpClientContextBuilder; +import org.apache.portals.applications.webcontent2.proxy.impl.ProxyContext; +import org.apache.portals.applications.webcontent2.proxy.impl.ServletRequestContext; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class JetspeedHttpClientContextBuilder implements HttpClientContextBuilder +{ + + private static Logger log = LoggerFactory.getLogger(JetspeedHttpClientContextBuilder.class); + + public HttpClientContext build() + { + ProxyContext proxyContext = ProxyContext.getCurrentProxyContext(); + HttpServletRequest request = ((ServletRequestContext) proxyContext.getRequestContext()).getServletRequest(); + + List ssoCredsList = (List) request.getAttribute(SSOReverseProxyIFramePortlet.SUBJECT_SSO_SITE_CREDS); + + if (ssoCredsList == null) + { + HttpSession session = request.getSession(false); + + if (session == null) + { + return null; + } + + ssoCredsList = (List) session.getAttribute(SSOReverseProxyIFramePortlet.SUBJECT_SSO_SITE_CREDS); + } + + if (ssoCredsList == null || ssoCredsList.isEmpty()) + { + return null; + } + + HttpClientContext httpClientContext = HttpClientContext.create(); + + try + { + httpClientContext.setCredentialsProvider(new BasicCredentialsProvider()); + httpClientContext.setAuthCache(new BasicAuthCache()); + + for (JetspeedSSOSiteCredentials ssoCreds : ssoCredsList) + { + HttpHost targetHost = new HttpHost(ssoCreds.getHost(), ssoCreds.getPort(), ssoCreds.getScheme()); + // set Basic authentication scheme + httpClientContext.getAuthCache().put(targetHost, new BasicScheme()); + httpClientContext.getCredentialsProvider().setCredentials( + new AuthScope(targetHost.getHostName(), targetHost.getPort(), ssoCreds.getRealm()), + new UsernamePasswordCredentials(ssoCreds.getUsername(), ssoCreds.getPassword())); + } + } + catch (Exception e) + { + if (log.isDebugEnabled()) + { + log.warn("Failed to retrieve sso site credentials.", e); + } + else + { + log.warn("Failed to retrieve sso site credentials. {}", e.toString()); + } + } + + return httpClientContext; + } +} Added: portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/sso/JetspeedSSOSiteCredentials.java URL: http://svn.apache.org/viewvc/portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/sso/JetspeedSSOSiteCredentials.java?rev=1624197&view=auto ============================================================================== --- portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/sso/JetspeedSSOSiteCredentials.java (added) +++ portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/sso/JetspeedSSOSiteCredentials.java Thu Sep 11 05:25:44 2014 @@ -0,0 +1,178 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.jetspeed.portlets.sso; + +import java.io.Serializable; +import java.net.URI; + +public class JetspeedSSOSiteCredentials implements Serializable +{ + + private static final long serialVersionUID = 1L; + + private URI baseURI; + private String host; + private int port = -1; + private String realm; + private String scheme; + + private String username; + private String password; + + private boolean challengeResponseAuthentication = true; + private boolean formAuthentication = false; + private String formUserField; + private String formPwdField; + + public JetspeedSSOSiteCredentials() + { + this(null); + } + + public JetspeedSSOSiteCredentials(URI baseURI) + { + this(baseURI, null); + } + + public JetspeedSSOSiteCredentials(URI baseURI, String host) + { + this(baseURI, host, -1); + } + + public JetspeedSSOSiteCredentials(URI baseURI, String host, int port) + { + this(baseURI, host, port, null); + } + + public JetspeedSSOSiteCredentials(URI baseURI, String host, int port, String realm) + { + this.baseURI = baseURI; + this.host = host; + this.port = port; + this.realm = realm; + } + + public URI getBaseURI() + { + return baseURI; + } + + public void setBaseURI(URI baseURI) + { + this.baseURI = baseURI; + } + + public String getHost() + { + return host; + } + + public void setHost(String host) + { + this.host = host; + } + + public int getPort() + { + return port; + } + + public void setPort(int port) + { + this.port = port; + } + + public String getRealm() + { + return realm; + } + + public void setRealm(String realm) + { + this.realm = realm; + } + + public String getScheme() + { + return scheme; + } + + public void setScheme(String scheme) + { + this.scheme = scheme; + } + + public String getUsername() + { + return username; + } + + public void setUsername(String username) + { + this.username = username; + } + + public String getPassword() + { + return password; + } + + public void setPassword(String password) + { + this.password = password; + } + + public boolean isChallengeResponseAuthentication() + { + return challengeResponseAuthentication; + } + + public void setChallengeResponseAuthentication(boolean challengeResponseAuthentication) + { + this.challengeResponseAuthentication = challengeResponseAuthentication; + } + + public boolean isFormAuthentication() + { + return formAuthentication; + } + + public void setFormAuthentication(boolean formAuthentication) + { + this.formAuthentication = formAuthentication; + } + + public String getFormUserField() + { + return formUserField; + } + + public void setFormUserField(String formUserField) + { + this.formUserField = formUserField; + } + + public String getFormPwdField() + { + return formPwdField; + } + + public void setFormPwdField(String formPwdField) + { + this.formPwdField = formPwdField; + } +} Modified: portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/sso/SSOReverseProxyIFramePortlet.java URL: http://svn.apache.org/viewvc/portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/sso/SSOReverseProxyIFramePortlet.java?rev=1624197&r1=1624196&r2=1624197&view=diff ============================================================================== --- portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/sso/SSOReverseProxyIFramePortlet.java (original) +++ portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/sso/SSOReverseProxyIFramePortlet.java Thu Sep 11 05:25:44 2014 @@ -16,14 +16,21 @@ */ package org.apache.jetspeed.portlets.sso; +import java.io.IOException; import java.net.URI; import java.security.AccessController; +import java.util.ArrayList; import java.util.Collection; +import java.util.List; import javax.portlet.PortletConfig; import javax.portlet.PortletException; +import javax.portlet.PortletSession; +import javax.portlet.RenderRequest; +import javax.portlet.RenderResponse; import javax.security.auth.Subject; +import org.apache.commons.lang.StringUtils; import org.apache.jetspeed.security.JSSubject; import org.apache.jetspeed.security.PasswordCredential; import org.apache.jetspeed.sso.SSOManager; @@ -40,28 +47,42 @@ import org.slf4j.LoggerFactory; */ public class SSOReverseProxyIFramePortlet extends IFrameGenericPortlet { - + public static final String SUBJECT_SSO_SITE_CREDS = "org.apache.jetspeed.portlets.sso.ssoSiteCredsOfSubject"; - + private static Logger log = LoggerFactory.getLogger(SSOReverseProxyIFramePortlet.class); - + private SSOManager ssoManager; - + public void init(PortletConfig config) throws PortletException { super.init(config); - + ssoManager = (SSOManager) config.getPortletContext().getAttribute("cps:SSO"); - + if (null == ssoManager) - { + { throw new PortletException("Failed to find SSO Provider on portlet initialization"); } } - // TODO - private void readSSOSiteCredentialsOfSubject() + @Override + public void doView(RenderRequest request, RenderResponse response) throws PortletException, IOException + { + List ssoCredsList = getJetspeedSSOSiteCredentialsList(); + + if (ssoCredsList != null && !ssoCredsList.isEmpty()) + { + request.getPortletSession().setAttribute(SUBJECT_SSO_SITE_CREDS, ssoCredsList, PortletSession.APPLICATION_SCOPE); + } + + super.doView(request, response); + } + + protected List getJetspeedSSOSiteCredentialsList() { + List ssoCredsList = new ArrayList(); + try { Subject subject = JSSubject.getSubject(AccessController.getContext()); @@ -69,9 +90,33 @@ public class SSOReverseProxyIFramePortle if (ssoSites != null) { + URI siteURI = null; + String scheme = "http"; + String host = null; + int port = 80; + for (SSOSite ssoSite : ssoSites) { - URI siteURI = URI.create(ssoSite.getURL()); + siteURI = URI.create(ssoSite.getURL()); + + if (StringUtils.isNotEmpty(siteURI.getScheme())) + { + scheme = siteURI.getScheme(); + } + + host = siteURI.getHost(); + + if (StringUtils.isEmpty(host)) + { + log.warn("Skipping invalid SSO site URI (no host): '{}'.", host); + continue; + } + + if (siteURI.getPort() > 0) + { + port = siteURI.getPort(); + } + Collection ssoUsers = ssoManager.getRemoteUsers(ssoSite, subject); if (ssoUsers != null) @@ -80,12 +125,17 @@ public class SSOReverseProxyIFramePortle { String realm = ssoSite.getRealm(); PasswordCredential pwc = ssoManager.getCredentials(ssoUser); - String username = pwc.getUserName(); - String password = pwc.getPassword(); - if (ssoSite.isFormAuthentication()) - { - } + JetspeedSSOSiteCredentials ssoCreds = new JetspeedSSOSiteCredentials(siteURI, host, port, realm); + ssoCreds.setScheme(scheme); + ssoCreds.setChallengeResponseAuthentication(ssoSite.isChallengeResponseAuthentication()); + ssoCreds.setFormAuthentication(ssoSite.isFormAuthentication()); + ssoCreds.setFormUserField(ssoSite.getFormUserField()); + ssoCreds.setFormPwdField(ssoSite.getFormPwdField()); + ssoCreds.setUsername(pwc.getUserName()); + ssoCreds.setPassword(pwc.getPassword()); + + ssoCredsList.add(ssoCreds); } } } @@ -93,10 +143,16 @@ public class SSOReverseProxyIFramePortle } catch (Exception e) { - if (log.isWarnEnabled()) + if (log.isDebugEnabled()) + { + log.warn("Failed to retrieve sso site credentials.", e); + } + else { log.warn("Failed to retrieve sso site credentials. {}", e.toString()); } } + + return ssoCredsList; } } Added: portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/sso/SSOReverseProxyServlet.java URL: http://svn.apache.org/viewvc/portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/sso/SSOReverseProxyServlet.java?rev=1624197&view=auto ============================================================================== --- portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/sso/SSOReverseProxyServlet.java (added) +++ portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/sso/SSOReverseProxyServlet.java Thu Sep 11 05:25:44 2014 @@ -0,0 +1,40 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.jetspeed.portlets.sso; + +import javax.servlet.ServletConfig; +import javax.servlet.ServletException; + +import org.apache.portals.applications.webcontent2.proxy.servlet.SimpleReverseProxyServlet; + +public class SSOReverseProxyServlet extends SimpleReverseProxyServlet +{ + + private static final long serialVersionUID = 1L; + + public SSOReverseProxyServlet() + { + super(); + } + + @Override + public void init(ServletConfig servletConfig) throws ServletException + { + setHttpClientContextBuilder(new JetspeedHttpClientContextBuilder()); + super.init(servletConfig); + } +} Modified: portals/jetspeed-2/applications/j2-admin/trunk/src/main/webapp/WEB-INF/web.xml URL: http://svn.apache.org/viewvc/portals/jetspeed-2/applications/j2-admin/trunk/src/main/webapp/WEB-INF/web.xml?rev=1624197&r1=1624196&r2=1624197&view=diff ============================================================================== --- portals/jetspeed-2/applications/j2-admin/trunk/src/main/webapp/WEB-INF/web.xml (original) +++ portals/jetspeed-2/applications/j2-admin/trunk/src/main/webapp/WEB-INF/web.xml Thu Sep 11 05:25:44 2014 @@ -205,10 +205,10 @@ org.apache.jetspeed.security.mfa.impl.MFAServletListener - + - ReverseProxyServlet - org.apache.portals.applications.webcontent2.proxy.servlet.SimpleReverseProxyServlet + SSOReverseProxyServlet + org.apache.jetspeed.portlets.sso.SSOReverseProxyServlet mappings @@ -260,7 +260,7 @@ - ReverseProxyServlet + SSOReverseProxyServlet /rproxy/* --------------------------------------------------------------------- To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org For additional commands, e-mail: jetspeed-dev-help@portals.apache.org