Improving web-app authenticator framework

components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/APIInfo.java

@@ -1,24 +0,0 @@
-/*
- *   Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
- *
- *   WSO2 Inc. licenses this file to you under the Apache License,
- *   Version 2.0 (the "License"); you may not use this file except
- *   in compliance with the License.
- *   You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- *   Unless required by applicable law or agreed to in writing,
- *   software distributed under the License is distributed on an
- *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *   KIND, either express or implied.  See the License for the
- *   specific language governing permissions and limitations
- *   under the License.
- *
- */
-package org.wso2.carbon.webapp.authenticator.framework;
-
-public class APIInfo {
-
-
-}

components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/APIMapperContextListener.java

@@ -1,33 +0,0 @@
-/*
- *   Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
- *
- *   WSO2 Inc. licenses this file to you under the Apache License,
- *   Version 2.0 (the "License"); you may not use this file except
- *   in compliance with the License.
- *   You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- *   Unless required by applicable law or agreed to in writing,
- *   software distributed under the License is distributed on an
- *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *   KIND, either express or implied.  See the License for the
- *   specific language governing permissions and limitations
- *   under the License.
- *
- */
-package org.wso2.carbon.webapp.authenticator.framework;
-
-import org.apache.catalina.Lifecycle;
-import org.apache.catalina.LifecycleEvent;
-import org.apache.catalina.LifecycleListener;
-
-public class APIMapperContextListener implements LifecycleListener {
-
-    @Override
-    public void lifecycleEvent(LifecycleEvent lifecycleEvent) {
-        if (Lifecycle.AFTER_INIT_EVENT.equals(lifecycleEvent.getType())) {
-        }
-    }
-
-}

components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationHandler.java

@@ -0,0 +1,87 @@
+/*
+ *   Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ *   WSO2 Inc. licenses this file to you under the Apache License,
+ *   Version 2.0 (the "License"); you may not use this file except
+ *   in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing,
+ *   software distributed under the License is distributed on an
+ *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *   KIND, either express or implied.  See the License for the
+ *   specific language governing permissions and limitations
+ *   under the License.
+ *
+ */
+package org.wso2.carbon.webapp.authenticator.framework;
+
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve;
+import org.wso2.carbon.tomcat.ext.valves.CompositeValve;
+import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator;
+
+import javax.servlet.http.HttpServletResponse;
+
+public class WebappAuthenticationHandler extends CarbonTomcatValve {
+
+    private static final Log log = LogFactory.getLog(WebappAuthenticationHandler.class);
+
+    @Override
+    public void invoke(Request request, Response response, CompositeValve compositeValve) {
+        if (this.isNonAdminService(request) || this.skipAuthentication(request) || this.isContextSkipped(request)) {
+            this.getNext().invoke(request, response, compositeValve);
+            return;
+        }
+        WebappAuthenticator authenticator = WebappAuthenticatorFactory.getAuthenticator(request);
+        if (authenticator == null) {
+            String msg = "Failed to load an appropriate authenticator to authenticate the request";
+            AuthenticationFrameworkUtil.handleResponse(request, response, HttpServletResponse.SC_UNAUTHORIZED, msg);
+            return;
+        }
+        WebappAuthenticator.Status status = authenticator.authenticate(request, response);
+        this.processResponse(request, response, compositeValve, status);
+    }
+
+    private boolean isNonAdminService(Request request) {
+        String param = request.getContext().findParameter("isAdminService");
+        return !(param != null && Boolean.parseBoolean(param));
+    }
+
+    private boolean skipAuthentication(Request request) {
+        String param = request.getContext().findParameter("doAuthentication");
+        return (param == null || !Boolean.parseBoolean(param));
+    }
+
+    private boolean isContextSkipped(Request request) {
+        String ctx = request.getContext().getPath();
+        if (ctx == null) {
+            ctx = request.getContextPath();
+            if (ctx == null) {
+                return false;
+            }
+        }
+        return ctx.equals("/Carbon") || ctx.equals("/Services");
+    }
+
+    private void processResponse(Request request, Response response, CompositeValve compositeValve,
+                                 WebappAuthenticator.Status status) {
+        switch (status) {
+            case SUCCESS:
+            case CONTINUE:
+                this.getNext().invoke(request, response, compositeValve);
+                break;
+            case FAILURE:
+                String msg = "Failed to authorize incoming request";
+                log.error(msg);
+                AuthenticationFrameworkUtil.handleResponse(request, response, HttpServletResponse.SC_UNAUTHORIZED, msg);
+                break;
+        }
+    }
+
+}

components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticatorFactory.java

@@ -18,9 +18,26 @@
  */
 package org.wso2.carbon.webapp.authenticator.framework;
 
+import org.apache.catalina.connector.Request;
+import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator;
+
+import java.util.Map;
+
 public class WebappAuthenticatorFactory {
 
     public static WebappAuthenticator getAuthenticator(String authScheme) {
         return DataHolder.getInstance().getWebappAuthenticatorRepository().getAuthenticator(authScheme);
     }
+
+    public static WebappAuthenticator getAuthenticator(Request request) {
+        Map<String, WebappAuthenticator> authenticators =
+                DataHolder.getInstance().getWebappAuthenticatorRepository().getAuthenticators();
+        for (WebappAuthenticator authenticator : authenticators.values()) {
+            if (authenticator.canHandle(request)) {
+                return authenticator;
+            }
+        }
+        return null;
+    }
+
 }

components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticatorFrameworkValve.java

@@ -24,6 +24,7 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve;
 import org.wso2.carbon.tomcat.ext.valves.CompositeValve;
+import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator;
 
 import javax.servlet.http.HttpServletResponse;
 

components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticatorRepository.java

@@ -18,15 +18,18 @@
  */
 package org.wso2.carbon.webapp.authenticator.framework;
 
+import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator;
+
 import java.util.HashMap;
 import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
 
 public class WebappAuthenticatorRepository {
 
     private Map<String, WebappAuthenticator> authenticators;
 
     public WebappAuthenticatorRepository() {
-        this.authenticators = new HashMap<String, WebappAuthenticator>();
+        this.authenticators = new ConcurrentHashMap<>();
     }
 
     public void addAuthenticator(WebappAuthenticator authenticator) {
@@ -37,4 +40,8 @@ public class WebappAuthenticatorRepository {
         return authenticators.get(name);
     }
 
+    public Map<String, WebappAuthenticator> getAuthenticators() {
+        return authenticators;
+    }
+
 }

components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java

@@ -24,15 +24,25 @@ import org.apache.catalina.util.Base64;
 import org.apache.tomcat.util.buf.ByteChunk;
 import org.apache.tomcat.util.buf.CharChunk;
 import org.apache.tomcat.util.buf.MessageBytes;
-import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticator;
+import org.wso2.carbon.webapp.authenticator.framework.Constants;
 
 public class BasicAuthAuthenticator implements WebappAuthenticator {
 
     private static final String BASIC_AUTH_AUTHENTICATOR = "BasicAuth";
+    private static final String HEADER_BASIC_AUTH = "authorization";
 
     @Override
-    public boolean isAuthenticated(Request request) {
-        return false;  
+    public boolean canHandle(Request request) {
+        MessageBytes authorization =
+                request.getCoyoteRequest().getMimeHeaders().getValue(Constants.HTTPHeaders.HEADER_HTTP_AUTHORIZATION);
+        if (authorization != null) {
+            authorization.toBytes();
+            ByteChunk authBC = authorization.getByteChunk();
+            if (authBC.startsWithIgnoreCase("basic ", 0)) {
+                return true;
+            }
+        }
+        return false;
     }
 
     @Override
@@ -47,7 +57,8 @@ public class BasicAuthAuthenticator implements WebappAuthenticator {
 
     private Credentials getCredentials(Request request) {
         Credentials credentials = null;
-        MessageBytes authorization = request.getCoyoteRequest().getMimeHeaders().getValue("authorization");
+        MessageBytes authorization =
+                request.getCoyoteRequest().getMimeHeaders().getValue(Constants.HTTPHeaders.HEADER_HTTP_AUTHORIZATION);
         if (authorization != null) {
             authorization.toBytes();
             ByteChunk authBC = authorization.getByteChunk();

components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/JWTAuthenticator.java

@@ -36,7 +36,6 @@ import org.wso2.carbon.user.api.UserStoreManager;
 import org.wso2.carbon.utils.multitenancy.MultitenantConstants;
 import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
 import org.wso2.carbon.webapp.authenticator.framework.DataHolder;
-import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticator;
 
 import java.security.interfaces.RSAPublicKey;
 import java.text.ParseException;
@@ -51,12 +50,12 @@ public class JWTAuthenticator implements WebappAuthenticator {
 	public static final String SIGNED_JWT_AUTH_USERNAME = "Username";
 	private static final String JWT_AUTHENTICATOR = "JWT";
 
-	@Override
-	public boolean isAuthenticated(Request request) {
-		return false;
-	}
+    @Override
+    public boolean canHandle(Request request) {
+        return false;
+    }
 
-	@Override
+    @Override
 	public Status authenticate(Request request, Response response) {
 		String requestUri = request.getRequestURI();
 		if (requestUri == null || "".equals(requestUri)) {

components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java

@@ -30,7 +30,6 @@ import org.wso2.carbon.apimgt.core.gateway.APITokenAuthenticator;
 import org.wso2.carbon.webapp.authenticator.framework.AuthenticationException;
 import org.wso2.carbon.webapp.authenticator.framework.AuthenticationFrameworkUtil;
 import org.wso2.carbon.webapp.authenticator.framework.Constants;
-import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticator;
 
 import java.util.StringTokenizer;
 import java.util.regex.Matcher;
@@ -39,13 +38,28 @@ import java.util.regex.Pattern;
 public class OAuthAuthenticator implements WebappAuthenticator {
 
     private static final String OAUTH_AUTHENTICATOR = "OAuth";
-    private static APITokenAuthenticator authenticator = new APITokenAuthenticator();
     private static final String REGEX_BEARER_PATTERN = "[B|b]earer\\s";
+    private static final Pattern PATTERN = Pattern.compile(REGEX_BEARER_PATTERN);
+
+    private static APITokenAuthenticator authenticator = new APITokenAuthenticator();
 
     private static final Log log = LogFactory.getLog(OAuthAuthenticator.class);
 
     @Override
-    public boolean isAuthenticated(Request request) {
+    public boolean canHandle(Request request) {
+        MessageBytes authorization =
+                request.getCoyoteRequest().getMimeHeaders().
+                        getValue(Constants.HTTPHeaders.HEADER_HTTP_AUTHORIZATION);
+        String tokenValue = null;
+        if (authorization != null) {
+            authorization.toBytes();
+            ByteChunk authBC = authorization.getByteChunk();
+            tokenValue = authBC.toString();
+            Matcher matcher = PATTERN.matcher(tokenValue);
+            if (matcher.find()) {
+                return true;
+            }
+        }
         return false;
     }
 
@@ -93,19 +107,15 @@ public class OAuthAuthenticator implements WebappAuthenticator {
     }
 
     private String getBearerToken(Request request) {
-
         MessageBytes authorization =
                 request.getCoyoteRequest().getMimeHeaders().
                         getValue(Constants.HTTPHeaders.HEADER_HTTP_AUTHORIZATION);
         String tokenValue = null;
-
         if (authorization != null) {
-
             authorization.toBytes();
             ByteChunk authBC = authorization.getByteChunk();
             tokenValue = authBC.toString();
-            Pattern pattern = Pattern.compile(REGEX_BEARER_PATTERN);
-            Matcher matcher = pattern.matcher(tokenValue);
+            Matcher matcher = PATTERN.matcher(tokenValue);
             if (matcher.find()) {
                 tokenValue = tokenValue.substring(matcher.end());
             }

components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/WebappAuthenticator.java

@@ -16,7 +16,7 @@
  *   under the License.
  *
  */
-package org.wso2.carbon.webapp.authenticator.framework;
+package org.wso2.carbon.webapp.authenticator.framework.authenticator;
 
 import org.apache.catalina.connector.Request;
 import org.apache.catalina.connector.Response;
@@ -27,7 +27,7 @@ public interface WebappAuthenticator {
         SUCCESS, FAILURE, CONTINUE
     }
 
-    boolean isAuthenticated(Request request);
+    boolean canHandle(Request request);
 
     Status authenticate(Request request, Response response);
 

components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/internal/WebappAuthenticatorFrameworkServiceComponent.java

@@ -25,7 +25,8 @@ import org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve;
 import org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer;
 import org.wso2.carbon.user.core.service.RealmService;
 import org.wso2.carbon.webapp.authenticator.framework.DataHolder;
-import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticator;
+import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticationHandler;
+import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator;
 import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticatorFrameworkValve;
 import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticatorRepository;
 import org.wso2.carbon.webapp.authenticator.framework.config.AuthenticatorConfig;
@@ -64,7 +65,7 @@ public class WebappAuthenticatorFrameworkServiceComponent {
             DataHolder.getInstance().setWebappAuthenticatorRepository(repository);
 
             List<CarbonTomcatValve> valves = new ArrayList<CarbonTomcatValve>();
-            valves.add(new WebappAuthenticatorFrameworkValve());
+            valves.add(new WebappAuthenticationHandler());
             TomcatValveContainer.addValves(valves);
 
             if (log.isDebugEnabled()) {

features/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework.server.feature/src/main/resources/conf/webapp-authenticator-config.xml

@@ -4,5 +4,13 @@
 			<Name>OAuth</Name>
 			<ClassName>org.wso2.carbon.webapp.authenticator.framework.authenticator.OAuthAuthenticator</ClassName>
 		</Authenticator>
+        <Authenticator>
+            <Name>BasicAuth</Name>
+            <ClassName>org.wso2.carbon.webapp.authenticator.framework.authenticator.BasicAuthAuthenticator</ClassName>
+        </Authenticator>
+        <Authenticator>
+            <Name>JWT</Name>
+            <ClassName>org.wso2.carbon.webapp.authenticator.framework.authenticator.JWTAuthenticator</ClassName>
+        </Authenticator>
 	</Authenticators>
 </WebappAuthenticatorConfig>