Bypassing URLS

4.x.x
Dilshan Edirisuriya 9 years ago
parent d17f1356e7
commit e1a74e049d

@ -27,18 +27,41 @@ import org.wso2.carbon.tomcat.ext.valves.CompositeValve;
import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator;
import javax.servlet.http.HttpServletResponse;
import java.util.Arrays;
import java.util.List;
import java.util.StringTokenizer;
public class WebappAuthenticationHandler extends CarbonTomcatValve {
private static final Log log = LogFactory.getLog(WebappAuthenticationHandler.class);
private static final String BYPASS_URIS = "bypass-uris";
@Override
public void invoke(Request request, Response response, CompositeValve compositeValve) {
if (this.isContextSkipped(request) || (!this.isAdminService(request) && this.skipAuthentication(request))) {
this.getNext().invoke(request, response, compositeValve);
return;
}
String byPassURIs = request.getContext().findParameter(WebappAuthenticationHandler.BYPASS_URIS);
if(byPassURIs != null && !byPassURIs.isEmpty()) {
List<String> requestURI = Arrays.asList(byPassURIs.split(","));
if(requestURI != null && requestURI.size() > 0) {
for (String pathURI : requestURI) {
pathURI = pathURI.replace("\n", "").replace("\r", "").trim();
if (request.getRequestURI().equals(pathURI)) {
this.getNext().invoke(request, response, compositeValve);
return;
}
}
}
}
WebappAuthenticator authenticator = WebappAuthenticatorFactory.getAuthenticator(request);
if (authenticator == null) {
String msg = "Failed to load an appropriate authenticator to authenticate the request";

@ -27,20 +27,41 @@ import org.wso2.carbon.tomcat.ext.valves.CompositeValve;
import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator;
import javax.servlet.http.HttpServletResponse;
import java.util.Arrays;
import java.util.List;
public class WebappAuthenticatorFrameworkValve extends CarbonTomcatValve {
private static final String AUTHENTICATION_SCHEME = "authentication-scheme";
private static final String BYPASS_URIS = "bypass-uris";
private static final Log log = LogFactory.getLog(WebappAuthenticatorFrameworkValve.class);
@Override
public void invoke(Request request, Response response, CompositeValve compositeValve) {
String authScheme =
request.getContext().findParameter(WebappAuthenticatorFrameworkValve.AUTHENTICATION_SCHEME);
if (authScheme == null || "".equals(authScheme)) {
String authScheme = request.getContext().findParameter(WebappAuthenticatorFrameworkValve.AUTHENTICATION_SCHEME);
if (authScheme == null || authScheme.isEmpty()) {
this.getNext().invoke(request, response, compositeValve);
return;
}
String byPassURIs = request.getContext().findParameter(WebappAuthenticatorFrameworkValve.BYPASS_URIS);
if(byPassURIs != null && !byPassURIs.isEmpty()) {
List<String> requestURI = Arrays.asList(byPassURIs.split(","));
if(requestURI != null && requestURI.size() > 0) {
for (String pathURI : requestURI) {
if (request.getRequestURI().equals(pathURI)) {
this.getNext().invoke(request, response, compositeValve);
return;
}
}
}
}
WebappAuthenticator authenticator = WebappAuthenticatorFactory.getAuthenticator(authScheme);
if (authenticator == null) {
String msg = "Failed to load an appropriate authenticator to authenticate the request";

@ -14,22 +14,20 @@ public class CertificateAuthenticator implements WebappAuthenticator {
private static final Log log = LogFactory.getLog(CertificateAuthenticator.class);
private static final String CERTIFICATE_AUTHENTICATOR = "CertificateAuth";
private static final String HEADER_MDM_SIGNATURE = "Mdm-Signature";
private String[] skippedURIs;
public CertificateAuthenticator() {
skippedURIs = new String[]{
"/ios-enrollment/ca",
"/ios-enrollment/authenticate",
"/ios-enrollment/profile",
"/ios-enrollment/scep",
"/ios-enrollment/enroll",
"/ios-enrollment/enrolled"};
}
private static final String CERTIFICATE_VERIFICATION_HEADER = "certificate-verification-header";
@Override
public boolean canHandle(Request request) {
return true;
String certVerificationHeader = request.getContext().findParameter(CERTIFICATE_VERIFICATION_HEADER);
if (certVerificationHeader != null && !certVerificationHeader.isEmpty()) {
String certHeader = request.getHeader(certVerificationHeader);
return certHeader != null;
}
return false;
}
@Override
@ -40,16 +38,17 @@ public class CertificateAuthenticator implements WebappAuthenticator {
return Status.CONTINUE;
}
if(isURISkipped(requestUri)) {
return Status.CONTINUE;
}
String headerMDMSignature = request.getHeader(HEADER_MDM_SIGNATURE);
String certVerificationHeader = request.getContext().findParameter(CERTIFICATE_VERIFICATION_HEADER);
try {
if (headerMDMSignature != null && !headerMDMSignature.isEmpty() &&
DataHolder.getInstance().getCertificateManagementService().verifySignature(headerMDMSignature)) {
return Status.SUCCESS;
if (certVerificationHeader != null && !certVerificationHeader.isEmpty()) {
String certHeader = request.getHeader(certVerificationHeader);
if (certHeader != null && DataHolder.getInstance().getCertificateManagementService().
verifySignature(certHeader)) {
return Status.SUCCESS;
}
}
} catch (KeystoreException e) {
log.error("KeystoreException occurred ", e);
@ -63,16 +62,4 @@ public class CertificateAuthenticator implements WebappAuthenticator {
public String getName() {
return CERTIFICATE_AUTHENTICATOR;
}
private boolean isURISkipped(String requestUri) {
for (String element : skippedURIs) {
if (element.equals(requestUri)) {
return true;
}
}
return false;
}
}

Loading…
Cancel
Save