Improving web-app authenticator framework

revert-70aa11f8
prabathabey 9 years ago
parent e1da84ec55
commit 46c5dba5c5

@ -1,24 +0,0 @@
/*
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*
*/
package org.wso2.carbon.webapp.authenticator.framework;
public class APIInfo {
}

@ -1,33 +0,0 @@
/*
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*
*/
package org.wso2.carbon.webapp.authenticator.framework;
import org.apache.catalina.Lifecycle;
import org.apache.catalina.LifecycleEvent;
import org.apache.catalina.LifecycleListener;
public class APIMapperContextListener implements LifecycleListener {
@Override
public void lifecycleEvent(LifecycleEvent lifecycleEvent) {
if (Lifecycle.AFTER_INIT_EVENT.equals(lifecycleEvent.getType())) {
}
}
}

@ -0,0 +1,87 @@
/*
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*
*/
package org.wso2.carbon.webapp.authenticator.framework;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve;
import org.wso2.carbon.tomcat.ext.valves.CompositeValve;
import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator;
import javax.servlet.http.HttpServletResponse;
public class WebappAuthenticationHandler extends CarbonTomcatValve {
private static final Log log = LogFactory.getLog(WebappAuthenticationHandler.class);
@Override
public void invoke(Request request, Response response, CompositeValve compositeValve) {
if (this.isNonAdminService(request) || this.skipAuthentication(request) || this.isContextSkipped(request)) {
this.getNext().invoke(request, response, compositeValve);
return;
}
WebappAuthenticator authenticator = WebappAuthenticatorFactory.getAuthenticator(request);
if (authenticator == null) {
String msg = "Failed to load an appropriate authenticator to authenticate the request";
AuthenticationFrameworkUtil.handleResponse(request, response, HttpServletResponse.SC_UNAUTHORIZED, msg);
return;
}
WebappAuthenticator.Status status = authenticator.authenticate(request, response);
this.processResponse(request, response, compositeValve, status);
}
private boolean isNonAdminService(Request request) {
String param = request.getContext().findParameter("isAdminService");
return !(param != null && Boolean.parseBoolean(param));
}
private boolean skipAuthentication(Request request) {
String param = request.getContext().findParameter("doAuthentication");
return (param == null || !Boolean.parseBoolean(param));
}
private boolean isContextSkipped(Request request) {
String ctx = request.getContext().getPath();
if (ctx == null) {
ctx = request.getContextPath();
if (ctx == null) {
return false;
}
}
return ctx.equals("/Carbon") || ctx.equals("/Services");
}
private void processResponse(Request request, Response response, CompositeValve compositeValve,
WebappAuthenticator.Status status) {
switch (status) {
case SUCCESS:
case CONTINUE:
this.getNext().invoke(request, response, compositeValve);
break;
case FAILURE:
String msg = "Failed to authorize incoming request";
log.error(msg);
AuthenticationFrameworkUtil.handleResponse(request, response, HttpServletResponse.SC_UNAUTHORIZED, msg);
break;
}
}
}

@ -18,9 +18,26 @@
*/ */
package org.wso2.carbon.webapp.authenticator.framework; package org.wso2.carbon.webapp.authenticator.framework;
import org.apache.catalina.connector.Request;
import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator;
import java.util.Map;
public class WebappAuthenticatorFactory { public class WebappAuthenticatorFactory {
public static WebappAuthenticator getAuthenticator(String authScheme) { public static WebappAuthenticator getAuthenticator(String authScheme) {
return DataHolder.getInstance().getWebappAuthenticatorRepository().getAuthenticator(authScheme); return DataHolder.getInstance().getWebappAuthenticatorRepository().getAuthenticator(authScheme);
} }
public static WebappAuthenticator getAuthenticator(Request request) {
Map<String, WebappAuthenticator> authenticators =
DataHolder.getInstance().getWebappAuthenticatorRepository().getAuthenticators();
for (WebappAuthenticator authenticator : authenticators.values()) {
if (authenticator.canHandle(request)) {
return authenticator;
}
}
return null;
}
} }

@ -24,6 +24,7 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve; import org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve;
import org.wso2.carbon.tomcat.ext.valves.CompositeValve; import org.wso2.carbon.tomcat.ext.valves.CompositeValve;
import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;

@ -18,15 +18,18 @@
*/ */
package org.wso2.carbon.webapp.authenticator.framework; package org.wso2.carbon.webapp.authenticator.framework;
import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator;
import java.util.HashMap; import java.util.HashMap;
import java.util.Map; import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
public class WebappAuthenticatorRepository { public class WebappAuthenticatorRepository {
private Map<String, WebappAuthenticator> authenticators; private Map<String, WebappAuthenticator> authenticators;
public WebappAuthenticatorRepository() { public WebappAuthenticatorRepository() {
this.authenticators = new HashMap<String, WebappAuthenticator>(); this.authenticators = new ConcurrentHashMap<>();
} }
public void addAuthenticator(WebappAuthenticator authenticator) { public void addAuthenticator(WebappAuthenticator authenticator) {
@ -37,4 +40,8 @@ public class WebappAuthenticatorRepository {
return authenticators.get(name); return authenticators.get(name);
} }
public Map<String, WebappAuthenticator> getAuthenticators() {
return authenticators;
}
} }

@ -24,14 +24,24 @@ import org.apache.catalina.util.Base64;
import org.apache.tomcat.util.buf.ByteChunk; import org.apache.tomcat.util.buf.ByteChunk;
import org.apache.tomcat.util.buf.CharChunk; import org.apache.tomcat.util.buf.CharChunk;
import org.apache.tomcat.util.buf.MessageBytes; import org.apache.tomcat.util.buf.MessageBytes;
import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticator; import org.wso2.carbon.webapp.authenticator.framework.Constants;
public class BasicAuthAuthenticator implements WebappAuthenticator { public class BasicAuthAuthenticator implements WebappAuthenticator {
private static final String BASIC_AUTH_AUTHENTICATOR = "BasicAuth"; private static final String BASIC_AUTH_AUTHENTICATOR = "BasicAuth";
private static final String HEADER_BASIC_AUTH = "authorization";
@Override @Override
public boolean isAuthenticated(Request request) { public boolean canHandle(Request request) {
MessageBytes authorization =
request.getCoyoteRequest().getMimeHeaders().getValue(Constants.HTTPHeaders.HEADER_HTTP_AUTHORIZATION);
if (authorization != null) {
authorization.toBytes();
ByteChunk authBC = authorization.getByteChunk();
if (authBC.startsWithIgnoreCase("basic ", 0)) {
return true;
}
}
return false; return false;
} }
@ -47,7 +57,8 @@ public class BasicAuthAuthenticator implements WebappAuthenticator {
private Credentials getCredentials(Request request) { private Credentials getCredentials(Request request) {
Credentials credentials = null; Credentials credentials = null;
MessageBytes authorization = request.getCoyoteRequest().getMimeHeaders().getValue("authorization"); MessageBytes authorization =
request.getCoyoteRequest().getMimeHeaders().getValue(Constants.HTTPHeaders.HEADER_HTTP_AUTHORIZATION);
if (authorization != null) { if (authorization != null) {
authorization.toBytes(); authorization.toBytes();
ByteChunk authBC = authorization.getByteChunk(); ByteChunk authBC = authorization.getByteChunk();

@ -36,7 +36,6 @@ import org.wso2.carbon.user.api.UserStoreManager;
import org.wso2.carbon.utils.multitenancy.MultitenantConstants; import org.wso2.carbon.utils.multitenancy.MultitenantConstants;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils; import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
import org.wso2.carbon.webapp.authenticator.framework.DataHolder; import org.wso2.carbon.webapp.authenticator.framework.DataHolder;
import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticator;
import java.security.interfaces.RSAPublicKey; import java.security.interfaces.RSAPublicKey;
import java.text.ParseException; import java.text.ParseException;
@ -51,12 +50,12 @@ public class JWTAuthenticator implements WebappAuthenticator {
public static final String SIGNED_JWT_AUTH_USERNAME = "Username"; public static final String SIGNED_JWT_AUTH_USERNAME = "Username";
private static final String JWT_AUTHENTICATOR = "JWT"; private static final String JWT_AUTHENTICATOR = "JWT";
@Override @Override
public boolean isAuthenticated(Request request) { public boolean canHandle(Request request) {
return false; return false;
} }
@Override @Override
public Status authenticate(Request request, Response response) { public Status authenticate(Request request, Response response) {
String requestUri = request.getRequestURI(); String requestUri = request.getRequestURI();
if (requestUri == null || "".equals(requestUri)) { if (requestUri == null || "".equals(requestUri)) {

@ -30,7 +30,6 @@ import org.wso2.carbon.apimgt.core.gateway.APITokenAuthenticator;
import org.wso2.carbon.webapp.authenticator.framework.AuthenticationException; import org.wso2.carbon.webapp.authenticator.framework.AuthenticationException;
import org.wso2.carbon.webapp.authenticator.framework.AuthenticationFrameworkUtil; import org.wso2.carbon.webapp.authenticator.framework.AuthenticationFrameworkUtil;
import org.wso2.carbon.webapp.authenticator.framework.Constants; import org.wso2.carbon.webapp.authenticator.framework.Constants;
import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticator;
import java.util.StringTokenizer; import java.util.StringTokenizer;
import java.util.regex.Matcher; import java.util.regex.Matcher;
@ -39,13 +38,28 @@ import java.util.regex.Pattern;
public class OAuthAuthenticator implements WebappAuthenticator { public class OAuthAuthenticator implements WebappAuthenticator {
private static final String OAUTH_AUTHENTICATOR = "OAuth"; private static final String OAUTH_AUTHENTICATOR = "OAuth";
private static APITokenAuthenticator authenticator = new APITokenAuthenticator();
private static final String REGEX_BEARER_PATTERN = "[B|b]earer\\s"; private static final String REGEX_BEARER_PATTERN = "[B|b]earer\\s";
private static final Pattern PATTERN = Pattern.compile(REGEX_BEARER_PATTERN);
private static APITokenAuthenticator authenticator = new APITokenAuthenticator();
private static final Log log = LogFactory.getLog(OAuthAuthenticator.class); private static final Log log = LogFactory.getLog(OAuthAuthenticator.class);
@Override @Override
public boolean isAuthenticated(Request request) { public boolean canHandle(Request request) {
MessageBytes authorization =
request.getCoyoteRequest().getMimeHeaders().
getValue(Constants.HTTPHeaders.HEADER_HTTP_AUTHORIZATION);
String tokenValue = null;
if (authorization != null) {
authorization.toBytes();
ByteChunk authBC = authorization.getByteChunk();
tokenValue = authBC.toString();
Matcher matcher = PATTERN.matcher(tokenValue);
if (matcher.find()) {
return true;
}
}
return false; return false;
} }
@ -93,19 +107,15 @@ public class OAuthAuthenticator implements WebappAuthenticator {
} }
private String getBearerToken(Request request) { private String getBearerToken(Request request) {
MessageBytes authorization = MessageBytes authorization =
request.getCoyoteRequest().getMimeHeaders(). request.getCoyoteRequest().getMimeHeaders().
getValue(Constants.HTTPHeaders.HEADER_HTTP_AUTHORIZATION); getValue(Constants.HTTPHeaders.HEADER_HTTP_AUTHORIZATION);
String tokenValue = null; String tokenValue = null;
if (authorization != null) { if (authorization != null) {
authorization.toBytes(); authorization.toBytes();
ByteChunk authBC = authorization.getByteChunk(); ByteChunk authBC = authorization.getByteChunk();
tokenValue = authBC.toString(); tokenValue = authBC.toString();
Pattern pattern = Pattern.compile(REGEX_BEARER_PATTERN); Matcher matcher = PATTERN.matcher(tokenValue);
Matcher matcher = pattern.matcher(tokenValue);
if (matcher.find()) { if (matcher.find()) {
tokenValue = tokenValue.substring(matcher.end()); tokenValue = tokenValue.substring(matcher.end());
} }

@ -16,7 +16,7 @@
* under the License. * under the License.
* *
*/ */
package org.wso2.carbon.webapp.authenticator.framework; package org.wso2.carbon.webapp.authenticator.framework.authenticator;
import org.apache.catalina.connector.Request; import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response; import org.apache.catalina.connector.Response;
@ -27,7 +27,7 @@ public interface WebappAuthenticator {
SUCCESS, FAILURE, CONTINUE SUCCESS, FAILURE, CONTINUE
} }
boolean isAuthenticated(Request request); boolean canHandle(Request request);
Status authenticate(Request request, Response response); Status authenticate(Request request, Response response);

@ -25,7 +25,8 @@ import org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve;
import org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer; import org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer;
import org.wso2.carbon.user.core.service.RealmService; import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.webapp.authenticator.framework.DataHolder; import org.wso2.carbon.webapp.authenticator.framework.DataHolder;
import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticator; import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticationHandler;
import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator;
import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticatorFrameworkValve; import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticatorFrameworkValve;
import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticatorRepository; import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticatorRepository;
import org.wso2.carbon.webapp.authenticator.framework.config.AuthenticatorConfig; import org.wso2.carbon.webapp.authenticator.framework.config.AuthenticatorConfig;
@ -64,7 +65,7 @@ public class WebappAuthenticatorFrameworkServiceComponent {
DataHolder.getInstance().setWebappAuthenticatorRepository(repository); DataHolder.getInstance().setWebappAuthenticatorRepository(repository);
List<CarbonTomcatValve> valves = new ArrayList<CarbonTomcatValve>(); List<CarbonTomcatValve> valves = new ArrayList<CarbonTomcatValve>();
valves.add(new WebappAuthenticatorFrameworkValve()); valves.add(new WebappAuthenticationHandler());
TomcatValveContainer.addValves(valves); TomcatValveContainer.addValves(valves);
if (log.isDebugEnabled()) { if (log.isDebugEnabled()) {

@ -4,5 +4,13 @@
<Name>OAuth</Name> <Name>OAuth</Name>
<ClassName>org.wso2.carbon.webapp.authenticator.framework.authenticator.OAuthAuthenticator</ClassName> <ClassName>org.wso2.carbon.webapp.authenticator.framework.authenticator.OAuthAuthenticator</ClassName>
</Authenticator> </Authenticator>
<Authenticator>
<Name>BasicAuth</Name>
<ClassName>org.wso2.carbon.webapp.authenticator.framework.authenticator.BasicAuthAuthenticator</ClassName>
</Authenticator>
<Authenticator>
<Name>JWT</Name>
<ClassName>org.wso2.carbon.webapp.authenticator.framework.authenticator.JWTAuthenticator</ClassName>
</Authenticator>
</Authenticators> </Authenticators>
</WebappAuthenticatorConfig> </WebappAuthenticatorConfig>

Loading…
Cancel
Save