Return-Path: <commits-return-20291-archive-asf-public=cust-asf.ponee.io@usergrid.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id DC982200B7E
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Mon,  1 Aug 2016 18:53:38 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id DA450160AC3; Mon,  1 Aug 2016 16:53:38 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 320F1160AB3
	for <archive-asf-public@cust-asf.ponee.io>; Mon,  1 Aug 2016 18:53:38 +0200 (CEST)
Received: (qmail 96233 invoked by uid 500); 1 Aug 2016 16:53:37 -0000
Mailing-List: contact commits-help@usergrid.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@usergrid.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@usergrid.apache.org>
List-Post: <mailto:commits@usergrid.apache.org>
List-Id: <commits.usergrid.apache.org>
Reply-To: dev@usergrid.apache.org
Delivered-To: mailing list commits@usergrid.apache.org
Received: (qmail 95760 invoked by uid 99); 1 Aug 2016 16:53:37 -0000
Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 01 Aug 2016 16:53:37 +0000
Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33)
	id D1744EE68F; Mon,  1 Aug 2016 16:53:36 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: mrusso@apache.org
To: commits@usergrid.apache.org
Date: Mon, 01 Aug 2016 16:53:43 -0000
Message-Id: <150901fc576f46bfa120d6350c995c1c@git.apache.org>
In-Reply-To: <5bb816fa9ec14f87a7a46cab47f2ff30@git.apache.org>
References: <5bb816fa9ec14f87a7a46cab47f2ff30@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: [08/50] [abbrv] usergrid git commit: Allow CORS pre-flight requests
 to come through unauthenticated ( bad creds shouldn't stop browsers from
 trying the real request ).
archived-at: Mon, 01 Aug 2016 16:53:39 -0000

Allow CORS pre-flight requests to come through unauthenticated ( bad creds shouldn't stop browsers from trying the real request ).


Project: http://git-wip-us.apache.org/repos/asf/usergrid/repo
Commit: http://git-wip-us.apache.org/repos/asf/usergrid/commit/8413f212
Tree: http://git-wip-us.apache.org/repos/asf/usergrid/tree/8413f212
Diff: http://git-wip-us.apache.org/repos/asf/usergrid/diff/8413f212

Branch: refs/heads/master
Commit: 8413f212ee7bdfdd729d4f3f7d93200362e01751
Parents: 8d79d36
Author: Michael Russo <mrusso@apigee.com>
Authored: Thu Jul 7 17:47:52 2016 -0700
Committer: Michael Russo <mrusso@apigee.com>
Committed: Thu Jul 7 17:47:52 2016 -0700

----------------------------------------------------------------------
 .../security/shiro/filters/BasicAuthSecurityFilter.java |  3 +++
 .../shiro/filters/ClientCredentialsSecurityFilter.java  |  4 ++++
 .../shiro/filters/OAuth2AccessTokenSecurityFilter.java  |  4 ++++
 .../rest/security/shiro/filters/SecurityFilter.java     | 12 ++++++++++++
 4 files changed, 23 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/usergrid/blob/8413f212/stack/rest/src/main/java/org/apache/usergrid/rest/security/shiro/filters/BasicAuthSecurityFilter.java
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/security/shiro/filters/BasicAuthSecurityFilter.java b/stack/rest/src/main/java/org/apache/usergrid/rest/security/shiro/filters/BasicAuthSecurityFilter.java
index a5d7272..5594a1c 100644
--- a/stack/rest/src/main/java/org/apache/usergrid/rest/security/shiro/filters/BasicAuthSecurityFilter.java
+++ b/stack/rest/src/main/java/org/apache/usergrid/rest/security/shiro/filters/BasicAuthSecurityFilter.java
@@ -49,6 +49,9 @@ public class BasicAuthSecurityFilter extends SecurityFilter {
             logger.trace("Filtering: {}", request.getUriInfo().getBaseUri());
         }
 
+        if( bypassSecurityCheck(request) ){
+            return;
+        }
 
         Map<String, String> auth_types = getAuthTypes( request );
         if ( ( auth_types == null ) || !auth_types.containsKey( AUTH_BASIC_TYPE ) ) {

http://git-wip-us.apache.org/repos/asf/usergrid/blob/8413f212/stack/rest/src/main/java/org/apache/usergrid/rest/security/shiro/filters/ClientCredentialsSecurityFilter.java
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/security/shiro/filters/ClientCredentialsSecurityFilter.java b/stack/rest/src/main/java/org/apache/usergrid/rest/security/shiro/filters/ClientCredentialsSecurityFilter.java
index 83e53c1..486d105 100644
--- a/stack/rest/src/main/java/org/apache/usergrid/rest/security/shiro/filters/ClientCredentialsSecurityFilter.java
+++ b/stack/rest/src/main/java/org/apache/usergrid/rest/security/shiro/filters/ClientCredentialsSecurityFilter.java
@@ -55,6 +55,10 @@ public class ClientCredentialsSecurityFilter extends SecurityFilter {
             logger.trace("Filtering: {}", request.getUriInfo().getBaseUri());
         }
 
+        if( bypassSecurityCheck(request) ){
+            return;
+        }
+
         String clientId = httpServletRequest.getParameter( "client_id" );
         String clientSecret = httpServletRequest.getParameter( "client_secret" );
 

http://git-wip-us.apache.org/repos/asf/usergrid/blob/8413f212/stack/rest/src/main/java/org/apache/usergrid/rest/security/shiro/filters/OAuth2AccessTokenSecurityFilter.java
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/security/shiro/filters/OAuth2AccessTokenSecurityFilter.java b/stack/rest/src/main/java/org/apache/usergrid/rest/security/shiro/filters/OAuth2AccessTokenSecurityFilter.java
index 03da0e8..ca040e8 100644
--- a/stack/rest/src/main/java/org/apache/usergrid/rest/security/shiro/filters/OAuth2AccessTokenSecurityFilter.java
+++ b/stack/rest/src/main/java/org/apache/usergrid/rest/security/shiro/filters/OAuth2AccessTokenSecurityFilter.java
@@ -74,6 +74,10 @@ public class OAuth2AccessTokenSecurityFilter extends SecurityFilter implements C
             logger.trace("Filtering: {}", request.getUriInfo().getBaseUri());
         }
 
+        if( bypassSecurityCheck(request) ){
+            return;
+        }
+
         try {
             try {
 

http://git-wip-us.apache.org/repos/asf/usergrid/blob/8413f212/stack/rest/src/main/java/org/apache/usergrid/rest/security/shiro/filters/SecurityFilter.java
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/security/shiro/filters/SecurityFilter.java b/stack/rest/src/main/java/org/apache/usergrid/rest/security/shiro/filters/SecurityFilter.java
index e0dadba..1c06aed 100644
--- a/stack/rest/src/main/java/org/apache/usergrid/rest/security/shiro/filters/SecurityFilter.java
+++ b/stack/rest/src/main/java/org/apache/usergrid/rest/security/shiro/filters/SecurityFilter.java
@@ -132,4 +132,16 @@ public abstract class SecurityFilter implements ContainerRequestFilter {
         }
         return auth_types;
     }
+
+    public static boolean bypassSecurityCheck( ContainerRequestContext request ){
+
+        // if this is a CORS Pre-Flight request, we can skip the security check
+        // OPTIONS requests do not have access into Usergrid data, Jersey default handles these requests
+        if( request.getMethod().equalsIgnoreCase("options")){
+            return true;
+        }
+
+        return false;
+
+    }
 }