From 0485e9c2b31f2cc9ac591936cd7b0603ebd0a057 Mon Sep 17 00:00:00 2001 From: inoshperera Date: Mon, 8 Jan 2018 17:57:44 +0530 Subject: [PATCH 1/2] Fixes https://github.com/wso2/product-iots/issues/1570 --- .../framework/WebappAuthenticationValve.java | 11 ++++++++++- .../authenticator/BasicAuthAuthenticator.java | 4 +--- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationValve.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationValve.java index c1cf0897dc..8c837c5338 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationValve.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationValve.java @@ -106,6 +106,14 @@ public class WebappAuthenticationValve extends CarbonTomcatValve { } private boolean isNonSecuredEndPoint(Request request) { + if (request.getCoyoteRequest() != null && request.getCoyoteRequest().getMimeHeaders() != + null && request.getCoyoteRequest().getMimeHeaders().getValue(Constants + .HTTPHeaders.HEADER_HTTP_AUTHORIZATION) != null) { + //This is to handle the DEP behaviours of the same endpoint being non-secured in the + // first call and then being secured in the second call which comes with the basic + // auth header. + return false; + } String uri = request.getRequestURI(); if (uri == null) { uri = ""; @@ -146,8 +154,9 @@ public class WebappAuthenticationValve extends CarbonTomcatValve { String msg = "Failed to authorize incoming request"; if (authenticationInfo.getMessage() != null && !authenticationInfo.getMessage().isEmpty()) { msg = authenticationInfo.getMessage(); - response.setHeader("WWW-Authenticate", msg); + response.setHeader("WWW-Authenticate", "Basic"); } + if (log.isDebugEnabled()) { log.debug(msg + " , API : " + Encode.forUriComponent(request.getRequestURI())); } diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java index 1b2afedc46..b0e49a7bd3 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java @@ -50,9 +50,6 @@ public class BasicAuthAuthenticator implements WebappAuthenticator { @Override public boolean canHandle(Request request) { - if (!isAuthenticationSupported(request)) { - return false; - } if (request.getCoyoteRequest() == null || request.getCoyoteRequest().getMimeHeaders() == null) { return false; } @@ -84,6 +81,7 @@ public class BasicAuthAuthenticator implements WebappAuthenticator { authenticationInfo.setTenantDomain(Utils.getTenantDomain(tenantId)); authenticationInfo.setTenantId(tenantId); } else { + authenticationInfo.setMessage("Failed to authorize incoming request."); authenticationInfo.setStatus(Status.FAILURE); } } catch (UserStoreException e) { From 28eb2391793831f4046a7b89679e2471ccbb901c Mon Sep 17 00:00:00 2001 From: inoshperera Date: Tue, 9 Jan 2018 14:51:23 +0530 Subject: [PATCH 2/2] upgrading the json version and documenting the usage of the basicAuth paramater. --- .../authenticator/BasicAuthAuthenticator.java | 11 +++++++++++ pom.xml | 2 +- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java index b0e49a7bd3..0f4a7b7700 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BasicAuthAuthenticator.java @@ -50,6 +50,17 @@ public class BasicAuthAuthenticator implements WebappAuthenticator { @Override public boolean canHandle(Request request) { + /* + This is done to avoid every endpoint being able to use basic auth. Add the following to + the required web.xml of the web app. + + basicAuth + true + + */ + if (!isAuthenticationSupported(request)) { + return false; + } if (request.getCoyoteRequest() == null || request.getCoyoteRequest().getMimeHeaders() == null) { return false; } diff --git a/pom.xml b/pom.xml index 9f1f72d631..a03cd8d346 100644 --- a/pom.xml +++ b/pom.xml @@ -1918,7 +1918,7 @@ 2.26.1.wso2v3 - 2.0.0.wso2v1 + 3.0.0.wso2v1 1.3 2.3.1 1.1.1