|
|
@ -29,6 +29,7 @@ import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthen
|
|
|
|
|
|
|
|
|
|
|
|
import javax.servlet.http.HttpServletResponse;
|
|
|
|
import javax.servlet.http.HttpServletResponse;
|
|
|
|
import java.util.Arrays;
|
|
|
|
import java.util.Arrays;
|
|
|
|
|
|
|
|
import java.util.HashMap;
|
|
|
|
import java.util.List;
|
|
|
|
import java.util.List;
|
|
|
|
import java.util.StringTokenizer;
|
|
|
|
import java.util.StringTokenizer;
|
|
|
|
|
|
|
|
|
|
|
@ -36,6 +37,7 @@ public class WebappAuthenticationValve extends CarbonTomcatValve {
|
|
|
|
|
|
|
|
|
|
|
|
private static final Log log = LogFactory.getLog(WebappAuthenticationValve.class);
|
|
|
|
private static final Log log = LogFactory.getLog(WebappAuthenticationValve.class);
|
|
|
|
private static final String BYPASS_URIS = "bypass-uris";
|
|
|
|
private static final String BYPASS_URIS = "bypass-uris";
|
|
|
|
|
|
|
|
private static HashMap<String, String> nonSecuredEndpoints = new HashMap<>();
|
|
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
@Override
|
|
|
|
public void invoke(Request request, Response response, CompositeValve compositeValve) {
|
|
|
|
public void invoke(Request request, Response response, CompositeValve compositeValve) {
|
|
|
@ -90,7 +92,7 @@ public class WebappAuthenticationValve extends CarbonTomcatValve {
|
|
|
|
|
|
|
|
|
|
|
|
private boolean skipAuthentication(Request request) {
|
|
|
|
private boolean skipAuthentication(Request request) {
|
|
|
|
String param = request.getContext().findParameter("doAuthentication");
|
|
|
|
String param = request.getContext().findParameter("doAuthentication");
|
|
|
|
return (param == null || !Boolean.parseBoolean(param));
|
|
|
|
return (param == null || !Boolean.parseBoolean(param) || isNonSecuredEndPoint(request));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
private boolean isContextSkipped(Request request) {
|
|
|
|
private boolean isContextSkipped(Request request) {
|
|
|
@ -112,6 +114,35 @@ public class WebappAuthenticationValve extends CarbonTomcatValve {
|
|
|
|
return (ctx.equalsIgnoreCase("carbon") || ctx.equalsIgnoreCase("services"));
|
|
|
|
return (ctx.equalsIgnoreCase("carbon") || ctx.equalsIgnoreCase("services"));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
private boolean isNonSecuredEndPoint(Request request) {
|
|
|
|
|
|
|
|
String uri = request.getRequestURI();
|
|
|
|
|
|
|
|
if(!uri.endsWith("/")) {
|
|
|
|
|
|
|
|
uri = uri + "/";
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
String ctx = request.getContextPath();
|
|
|
|
|
|
|
|
//Check the context in nonSecuredEndpoints. If so it means current context is a skippedContext.
|
|
|
|
|
|
|
|
if (nonSecuredEndpoints.containsKey(uri)) {
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
String param = request.getContext().findParameter("nonSecuredEndPoints");
|
|
|
|
|
|
|
|
String skippedEndPoint;
|
|
|
|
|
|
|
|
if (param != null && !param.isEmpty()) {
|
|
|
|
|
|
|
|
//Add the nonSecured end-points to cache
|
|
|
|
|
|
|
|
StringTokenizer tokenizer = new StringTokenizer(param, ",");
|
|
|
|
|
|
|
|
while (tokenizer.hasMoreTokens()) {
|
|
|
|
|
|
|
|
skippedEndPoint = ctx + tokenizer.nextToken();
|
|
|
|
|
|
|
|
if(!skippedEndPoint.endsWith("/")) {
|
|
|
|
|
|
|
|
skippedEndPoint = skippedEndPoint + "/";
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
nonSecuredEndpoints.put(skippedEndPoint, "true");
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
if (nonSecuredEndpoints.containsKey(uri)) {
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
return false;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
private void processRequest(Request request, Response response, CompositeValve compositeValve,
|
|
|
|
private void processRequest(Request request, Response response, CompositeValve compositeValve,
|
|
|
|
AuthenticationInfo authenticationInfo) {
|
|
|
|
AuthenticationInfo authenticationInfo) {
|
|
|
|
switch (authenticationInfo.getStatus()) {
|
|
|
|
switch (authenticationInfo.getStatus()) {
|
|
|
@ -121,7 +152,7 @@ public class WebappAuthenticationValve extends CarbonTomcatValve {
|
|
|
|
break;
|
|
|
|
break;
|
|
|
|
case FAILURE:
|
|
|
|
case FAILURE:
|
|
|
|
String msg = "Failed to authorize incoming request";
|
|
|
|
String msg = "Failed to authorize incoming request";
|
|
|
|
if(authenticationInfo.getMessage() != null && !authenticationInfo.getMessage().isEmpty()) {
|
|
|
|
if (authenticationInfo.getMessage() != null && !authenticationInfo.getMessage().isEmpty()) {
|
|
|
|
msg = authenticationInfo.getMessage();
|
|
|
|
msg = authenticationInfo.getMessage();
|
|
|
|
response.setHeader("WWW-Authenticate", msg);
|
|
|
|
response.setHeader("WWW-Authenticate", msg);
|
|
|
|
}
|
|
|
|
}
|
|
|
@ -132,5 +163,4 @@ public class WebappAuthenticationValve extends CarbonTomcatValve {
|
|
|
|
break;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|