diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/APIInfo.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/APIInfo.java deleted file mode 100644 index 20252f8f5a6..00000000000 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/APIInfo.java +++ /dev/null @@ -1,24 +0,0 @@ -/* - * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. - * - * WSO2 Inc. licenses this file to you under the Apache License, - * Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.wso2.carbon.webapp.authenticator.framework; - -public class APIInfo { - - -} diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/APIMapperContextListener.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/APIMapperContextListener.java deleted file mode 100644 index 21069b67108..00000000000 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/APIMapperContextListener.java +++ /dev/null @@ -1,33 +0,0 @@ -/* - * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. - * - * WSO2 Inc. licenses this file to you under the Apache License, - * Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.wso2.carbon.webapp.authenticator.framework; - -import org.apache.catalina.Lifecycle; -import org.apache.catalina.LifecycleEvent; -import org.apache.catalina.LifecycleListener; - -public class APIMapperContextListener implements LifecycleListener { - - @Override - public void lifecycleEvent(LifecycleEvent lifecycleEvent) { - if (Lifecycle.AFTER_INIT_EVENT.equals(lifecycleEvent.getType())) { - } - } - -} diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationHandler.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationHandler.java new file mode 100644 index 00000000000..26e0e76d74e --- /dev/null +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationHandler.java @@ -0,0 +1,87 @@ +/* + * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.wso2.carbon.webapp.authenticator.framework; + +import org.apache.catalina.connector.Request; +import org.apache.catalina.connector.Response; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve; +import org.wso2.carbon.tomcat.ext.valves.CompositeValve; +import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator; + +import javax.servlet.http.HttpServletResponse; + +public class WebappAuthenticationHandler extends CarbonTomcatValve { + + private static final Log log = LogFactory.getLog(WebappAuthenticationHandler.class); + + @Override + public void invoke(Request request, Response response, CompositeValve compositeValve) { + if (this.isNonAdminService(request) || this.skipAuthentication(request) || this.isContextSkipped(request)) { + this.getNext().invoke(request, response, compositeValve); + return; + } + WebappAuthenticator authenticator = WebappAuthenticatorFactory.getAuthenticator(request); + if (authenticator == null) { + String msg = "Failed to load an appropriate authenticator to authenticate the request"; + AuthenticationFrameworkUtil.handleResponse(request, response, HttpServletResponse.SC_UNAUTHORIZED, msg); + return; + } + WebappAuthenticator.Status status = authenticator.authenticate(request, response); + this.processResponse(request, response, compositeValve, status); + } + + private boolean isNonAdminService(Request request) { + String param = request.getContext().findParameter("isAdminService"); + return !(param != null && Boolean.parseBoolean(param)); + } + + private boolean skipAuthentication(Request request) { + String param = request.getContext().findParameter("doAuthentication"); + return (param == null || !Boolean.parseBoolean(param)); + } + + private boolean isContextSkipped(Request request) { + String ctx = request.getContext().getPath(); + if (ctx == null) { + ctx = request.getContextPath(); + if (ctx == null) { + return false; + } + } + return ctx.equals("/Carbon") || ctx.equals("/Services"); + } + + private void processResponse(Request request, Response response, CompositeValve compositeValve, + WebappAuthenticator.Status status) { + switch (status) { + case SUCCESS: + case CONTINUE: + this.getNext().invoke(request, response, compositeValve); + break; + case FAILURE: + String msg = "Failed to authorize incoming request"; + log.error(msg); + AuthenticationFrameworkUtil.handleResponse(request, response, HttpServletResponse.SC_UNAUTHORIZED, msg); + break; + } + } + +} diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticatorFactory.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticatorFactory.java index 18758a468bf..c0e0e68a495 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticatorFactory.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticatorFactory.java @@ -18,9 +18,26 @@ */ package org.wso2.carbon.webapp.authenticator.framework; +import org.apache.catalina.connector.Request; +import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator; + +import java.util.Map; + public class WebappAuthenticatorFactory { public static WebappAuthenticator getAuthenticator(String authScheme) { return DataHolder.getInstance().getWebappAuthenticatorRepository().getAuthenticator(authScheme); } + + public static WebappAuthenticator getAuthenticator(Request request) { + Map authenticators = + DataHolder.getInstance().getWebappAuthenticatorRepository().getAuthenticators(); + for (WebappAuthenticator authenticator : authenticators.values()) { + if (authenticator.canHandle(request)) { + return authenticator; + } + } + return null; + } + } diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticatorFrameworkValve.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticatorFrameworkValve.java index d27116b8fea..3501c9e5945 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticatorFrameworkValve.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticatorFrameworkValve.java @@ -24,6 +24,7 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve; import org.wso2.carbon.tomcat.ext.valves.CompositeValve; +import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator; import javax.servlet.http.HttpServletResponse; diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticatorRepository.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticatorRepository.java index 02a86ce9cc1..bb805c8c769 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticatorRepository.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticatorRepository.java @@ -18,15 +18,18 @@ */ package org.wso2.carbon.webapp.authenticator.framework; +import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator; + import java.util.HashMap; import java.util.Map; +import java.util.concurrent.ConcurrentHashMap; public class WebappAuthenticatorRepository { private Map authenticators; public WebappAuthenticatorRepository() { - this.authenticators = new HashMap(); + this.authenticators = new ConcurrentHashMap<>(); } public void addAuthenticator(WebappAuthenticator authenticator) { @@ -37,4 +40,8 @@ public class WebappAuthenticatorRepository { return authenticators.get(name); } + public Map getAuthenticators() { + return authenticators; + } + } diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java index d17827bd99b..7227bdf471a 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java @@ -24,15 +24,25 @@ import org.apache.catalina.util.Base64; import org.apache.tomcat.util.buf.ByteChunk; import org.apache.tomcat.util.buf.CharChunk; import org.apache.tomcat.util.buf.MessageBytes; -import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticator; +import org.wso2.carbon.webapp.authenticator.framework.Constants; public class BasicAuthAuthenticator implements WebappAuthenticator { private static final String BASIC_AUTH_AUTHENTICATOR = "BasicAuth"; + private static final String HEADER_BASIC_AUTH = "authorization"; @Override - public boolean isAuthenticated(Request request) { - return false; + public boolean canHandle(Request request) { + MessageBytes authorization = + request.getCoyoteRequest().getMimeHeaders().getValue(Constants.HTTPHeaders.HEADER_HTTP_AUTHORIZATION); + if (authorization != null) { + authorization.toBytes(); + ByteChunk authBC = authorization.getByteChunk(); + if (authBC.startsWithIgnoreCase("basic ", 0)) { + return true; + } + } + return false; } @Override @@ -47,7 +57,8 @@ public class BasicAuthAuthenticator implements WebappAuthenticator { private Credentials getCredentials(Request request) { Credentials credentials = null; - MessageBytes authorization = request.getCoyoteRequest().getMimeHeaders().getValue("authorization"); + MessageBytes authorization = + request.getCoyoteRequest().getMimeHeaders().getValue(Constants.HTTPHeaders.HEADER_HTTP_AUTHORIZATION); if (authorization != null) { authorization.toBytes(); ByteChunk authBC = authorization.getByteChunk(); diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/JWTAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/JWTAuthenticator.java index 20651681f94..974480fd5a2 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/JWTAuthenticator.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/JWTAuthenticator.java @@ -36,7 +36,6 @@ import org.wso2.carbon.user.api.UserStoreManager; import org.wso2.carbon.utils.multitenancy.MultitenantConstants; import org.wso2.carbon.utils.multitenancy.MultitenantUtils; import org.wso2.carbon.webapp.authenticator.framework.DataHolder; -import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticator; import java.security.interfaces.RSAPublicKey; import java.text.ParseException; @@ -51,12 +50,12 @@ public class JWTAuthenticator implements WebappAuthenticator { public static final String SIGNED_JWT_AUTH_USERNAME = "Username"; private static final String JWT_AUTHENTICATOR = "JWT"; - @Override - public boolean isAuthenticated(Request request) { - return false; - } + @Override + public boolean canHandle(Request request) { + return false; + } - @Override + @Override public Status authenticate(Request request, Response response) { String requestUri = request.getRequestURI(); if (requestUri == null || "".equals(requestUri)) { diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java index cf5a177167d..3413cf1b0c3 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java @@ -30,7 +30,6 @@ import org.wso2.carbon.apimgt.core.gateway.APITokenAuthenticator; import org.wso2.carbon.webapp.authenticator.framework.AuthenticationException; import org.wso2.carbon.webapp.authenticator.framework.AuthenticationFrameworkUtil; import org.wso2.carbon.webapp.authenticator.framework.Constants; -import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticator; import java.util.StringTokenizer; import java.util.regex.Matcher; @@ -39,13 +38,28 @@ import java.util.regex.Pattern; public class OAuthAuthenticator implements WebappAuthenticator { private static final String OAUTH_AUTHENTICATOR = "OAuth"; - private static APITokenAuthenticator authenticator = new APITokenAuthenticator(); private static final String REGEX_BEARER_PATTERN = "[B|b]earer\\s"; + private static final Pattern PATTERN = Pattern.compile(REGEX_BEARER_PATTERN); + + private static APITokenAuthenticator authenticator = new APITokenAuthenticator(); private static final Log log = LogFactory.getLog(OAuthAuthenticator.class); @Override - public boolean isAuthenticated(Request request) { + public boolean canHandle(Request request) { + MessageBytes authorization = + request.getCoyoteRequest().getMimeHeaders(). + getValue(Constants.HTTPHeaders.HEADER_HTTP_AUTHORIZATION); + String tokenValue = null; + if (authorization != null) { + authorization.toBytes(); + ByteChunk authBC = authorization.getByteChunk(); + tokenValue = authBC.toString(); + Matcher matcher = PATTERN.matcher(tokenValue); + if (matcher.find()) { + return true; + } + } return false; } @@ -93,19 +107,15 @@ public class OAuthAuthenticator implements WebappAuthenticator { } private String getBearerToken(Request request) { - MessageBytes authorization = request.getCoyoteRequest().getMimeHeaders(). getValue(Constants.HTTPHeaders.HEADER_HTTP_AUTHORIZATION); String tokenValue = null; - if (authorization != null) { - authorization.toBytes(); ByteChunk authBC = authorization.getByteChunk(); tokenValue = authBC.toString(); - Pattern pattern = Pattern.compile(REGEX_BEARER_PATTERN); - Matcher matcher = pattern.matcher(tokenValue); + Matcher matcher = PATTERN.matcher(tokenValue); if (matcher.find()) { tokenValue = tokenValue.substring(matcher.end()); } diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/WebappAuthenticator.java similarity index 89% rename from components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticator.java rename to components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/WebappAuthenticator.java index 5f2eecf8d10..18e49cb2125 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticator.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/WebappAuthenticator.java @@ -16,7 +16,7 @@ * under the License. * */ -package org.wso2.carbon.webapp.authenticator.framework; +package org.wso2.carbon.webapp.authenticator.framework.authenticator; import org.apache.catalina.connector.Request; import org.apache.catalina.connector.Response; @@ -27,7 +27,7 @@ public interface WebappAuthenticator { SUCCESS, FAILURE, CONTINUE } - boolean isAuthenticated(Request request); + boolean canHandle(Request request); Status authenticate(Request request, Response response); diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/internal/WebappAuthenticatorFrameworkServiceComponent.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/internal/WebappAuthenticatorFrameworkServiceComponent.java index 6dad1613d39..e30d9ce6806 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/internal/WebappAuthenticatorFrameworkServiceComponent.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/internal/WebappAuthenticatorFrameworkServiceComponent.java @@ -25,7 +25,8 @@ import org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve; import org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer; import org.wso2.carbon.user.core.service.RealmService; import org.wso2.carbon.webapp.authenticator.framework.DataHolder; -import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticator; +import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticationHandler; +import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator; import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticatorFrameworkValve; import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticatorRepository; import org.wso2.carbon.webapp.authenticator.framework.config.AuthenticatorConfig; @@ -64,7 +65,7 @@ public class WebappAuthenticatorFrameworkServiceComponent { DataHolder.getInstance().setWebappAuthenticatorRepository(repository); List valves = new ArrayList(); - valves.add(new WebappAuthenticatorFrameworkValve()); + valves.add(new WebappAuthenticationHandler()); TomcatValveContainer.addValves(valves); if (log.isDebugEnabled()) { diff --git a/features/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework.server.feature/src/main/resources/conf/webapp-authenticator-config.xml b/features/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework.server.feature/src/main/resources/conf/webapp-authenticator-config.xml index d4c9638d49e..f42dde6271f 100644 --- a/features/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework.server.feature/src/main/resources/conf/webapp-authenticator-config.xml +++ b/features/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework.server.feature/src/main/resources/conf/webapp-authenticator-config.xml @@ -4,5 +4,13 @@ OAuth org.wso2.carbon.webapp.authenticator.framework.authenticator.OAuthAuthenticator + + BasicAuth + org.wso2.carbon.webapp.authenticator.framework.authenticator.BasicAuthAuthenticator + + + JWT + org.wso2.carbon.webapp.authenticator.framework.authenticator.JWTAuthenticator +