Bypassing URLS

revert-70aa11f8
Dilshan Edirisuriya 10 years ago
parent d17f1356e7
commit e1a74e049d

@ -27,18 +27,41 @@ import org.wso2.carbon.tomcat.ext.valves.CompositeValve;
import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator; import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import java.util.Arrays;
import java.util.List;
import java.util.StringTokenizer; import java.util.StringTokenizer;
public class WebappAuthenticationHandler extends CarbonTomcatValve { public class WebappAuthenticationHandler extends CarbonTomcatValve {
private static final Log log = LogFactory.getLog(WebappAuthenticationHandler.class); private static final Log log = LogFactory.getLog(WebappAuthenticationHandler.class);
private static final String BYPASS_URIS = "bypass-uris";
@Override @Override
public void invoke(Request request, Response response, CompositeValve compositeValve) { public void invoke(Request request, Response response, CompositeValve compositeValve) {
if (this.isContextSkipped(request) || (!this.isAdminService(request) && this.skipAuthentication(request))) { if (this.isContextSkipped(request) || (!this.isAdminService(request) && this.skipAuthentication(request))) {
this.getNext().invoke(request, response, compositeValve); this.getNext().invoke(request, response, compositeValve);
return; return;
} }
String byPassURIs = request.getContext().findParameter(WebappAuthenticationHandler.BYPASS_URIS);
if(byPassURIs != null && !byPassURIs.isEmpty()) {
List<String> requestURI = Arrays.asList(byPassURIs.split(","));
if(requestURI != null && requestURI.size() > 0) {
for (String pathURI : requestURI) {
pathURI = pathURI.replace("\n", "").replace("\r", "").trim();
if (request.getRequestURI().equals(pathURI)) {
this.getNext().invoke(request, response, compositeValve);
return;
}
}
}
}
WebappAuthenticator authenticator = WebappAuthenticatorFactory.getAuthenticator(request); WebappAuthenticator authenticator = WebappAuthenticatorFactory.getAuthenticator(request);
if (authenticator == null) { if (authenticator == null) {
String msg = "Failed to load an appropriate authenticator to authenticate the request"; String msg = "Failed to load an appropriate authenticator to authenticate the request";

@ -27,20 +27,41 @@ import org.wso2.carbon.tomcat.ext.valves.CompositeValve;
import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator; import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import java.util.Arrays;
import java.util.List;
public class WebappAuthenticatorFrameworkValve extends CarbonTomcatValve { public class WebappAuthenticatorFrameworkValve extends CarbonTomcatValve {
private static final String AUTHENTICATION_SCHEME = "authentication-scheme"; private static final String AUTHENTICATION_SCHEME = "authentication-scheme";
private static final String BYPASS_URIS = "bypass-uris";
private static final Log log = LogFactory.getLog(WebappAuthenticatorFrameworkValve.class); private static final Log log = LogFactory.getLog(WebappAuthenticatorFrameworkValve.class);
@Override @Override
public void invoke(Request request, Response response, CompositeValve compositeValve) { public void invoke(Request request, Response response, CompositeValve compositeValve) {
String authScheme =
request.getContext().findParameter(WebappAuthenticatorFrameworkValve.AUTHENTICATION_SCHEME); String authScheme = request.getContext().findParameter(WebappAuthenticatorFrameworkValve.AUTHENTICATION_SCHEME);
if (authScheme == null || "".equals(authScheme)) {
if (authScheme == null || authScheme.isEmpty()) {
this.getNext().invoke(request, response, compositeValve); this.getNext().invoke(request, response, compositeValve);
return; return;
} }
String byPassURIs = request.getContext().findParameter(WebappAuthenticatorFrameworkValve.BYPASS_URIS);
if(byPassURIs != null && !byPassURIs.isEmpty()) {
List<String> requestURI = Arrays.asList(byPassURIs.split(","));
if(requestURI != null && requestURI.size() > 0) {
for (String pathURI : requestURI) {
if (request.getRequestURI().equals(pathURI)) {
this.getNext().invoke(request, response, compositeValve);
return;
}
}
}
}
WebappAuthenticator authenticator = WebappAuthenticatorFactory.getAuthenticator(authScheme); WebappAuthenticator authenticator = WebappAuthenticatorFactory.getAuthenticator(authScheme);
if (authenticator == null) { if (authenticator == null) {
String msg = "Failed to load an appropriate authenticator to authenticate the request"; String msg = "Failed to load an appropriate authenticator to authenticate the request";

@ -14,22 +14,20 @@ public class CertificateAuthenticator implements WebappAuthenticator {
private static final Log log = LogFactory.getLog(CertificateAuthenticator.class); private static final Log log = LogFactory.getLog(CertificateAuthenticator.class);
private static final String CERTIFICATE_AUTHENTICATOR = "CertificateAuth"; private static final String CERTIFICATE_AUTHENTICATOR = "CertificateAuth";
private static final String HEADER_MDM_SIGNATURE = "Mdm-Signature"; private static final String CERTIFICATE_VERIFICATION_HEADER = "certificate-verification-header";
private String[] skippedURIs;
public CertificateAuthenticator() {
skippedURIs = new String[]{
"/ios-enrollment/ca",
"/ios-enrollment/authenticate",
"/ios-enrollment/profile",
"/ios-enrollment/scep",
"/ios-enrollment/enroll",
"/ios-enrollment/enrolled"};
}
@Override @Override
public boolean canHandle(Request request) { public boolean canHandle(Request request) {
return true; String certVerificationHeader = request.getContext().findParameter(CERTIFICATE_VERIFICATION_HEADER);
if (certVerificationHeader != null && !certVerificationHeader.isEmpty()) {
String certHeader = request.getHeader(certVerificationHeader);
return certHeader != null;
}
return false;
} }
@Override @Override
@ -40,17 +38,18 @@ public class CertificateAuthenticator implements WebappAuthenticator {
return Status.CONTINUE; return Status.CONTINUE;
} }
if(isURISkipped(requestUri)) { String certVerificationHeader = request.getContext().findParameter(CERTIFICATE_VERIFICATION_HEADER);
return Status.CONTINUE;
}
String headerMDMSignature = request.getHeader(HEADER_MDM_SIGNATURE);
try { try {
if (headerMDMSignature != null && !headerMDMSignature.isEmpty() && if (certVerificationHeader != null && !certVerificationHeader.isEmpty()) {
DataHolder.getInstance().getCertificateManagementService().verifySignature(headerMDMSignature)) {
String certHeader = request.getHeader(certVerificationHeader);
if (certHeader != null && DataHolder.getInstance().getCertificateManagementService().
verifySignature(certHeader)) {
return Status.SUCCESS; return Status.SUCCESS;
} }
}
} catch (KeystoreException e) { } catch (KeystoreException e) {
log.error("KeystoreException occurred ", e); log.error("KeystoreException occurred ", e);
return Status.FAILURE; return Status.FAILURE;
@ -63,16 +62,4 @@ public class CertificateAuthenticator implements WebappAuthenticator {
public String getName() { public String getName() {
return CERTIFICATE_AUTHENTICATOR; return CERTIFICATE_AUTHENTICATOR;
} }
private boolean isURISkipped(String requestUri) {
for (String element : skippedURIs) {
if (element.equals(requestUri)) {
return true;
}
}
return false;
}
} }

Loading…
Cancel
Save