From e1a74e049dbebd513910e9ed69226f488d73c314 Mon Sep 17 00:00:00 2001 From: Dilshan Edirisuriya Date: Wed, 9 Sep 2015 17:16:26 +0530 Subject: [PATCH] Bypassing URLS --- .../WebappAuthenticationHandler.java | 23 ++++++++ .../WebappAuthenticatorFrameworkValve.java | 27 ++++++++-- .../CertificateAuthenticator.java | 53 +++++++------------ 3 files changed, 67 insertions(+), 36 deletions(-) diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationHandler.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationHandler.java index c700fb304f..7eb98c0d55 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationHandler.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationHandler.java @@ -27,18 +27,41 @@ import org.wso2.carbon.tomcat.ext.valves.CompositeValve; import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator; import javax.servlet.http.HttpServletResponse; +import java.util.Arrays; +import java.util.List; import java.util.StringTokenizer; public class WebappAuthenticationHandler extends CarbonTomcatValve { private static final Log log = LogFactory.getLog(WebappAuthenticationHandler.class); + private static final String BYPASS_URIS = "bypass-uris"; @Override public void invoke(Request request, Response response, CompositeValve compositeValve) { + if (this.isContextSkipped(request) || (!this.isAdminService(request) && this.skipAuthentication(request))) { this.getNext().invoke(request, response, compositeValve); return; } + + String byPassURIs = request.getContext().findParameter(WebappAuthenticationHandler.BYPASS_URIS); + + if(byPassURIs != null && !byPassURIs.isEmpty()) { + + List requestURI = Arrays.asList(byPassURIs.split(",")); + + if(requestURI != null && requestURI.size() > 0) { + for (String pathURI : requestURI) { + pathURI = pathURI.replace("\n", "").replace("\r", "").trim(); + + if (request.getRequestURI().equals(pathURI)) { + this.getNext().invoke(request, response, compositeValve); + return; + } + } + } + } + WebappAuthenticator authenticator = WebappAuthenticatorFactory.getAuthenticator(request); if (authenticator == null) { String msg = "Failed to load an appropriate authenticator to authenticate the request"; diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticatorFrameworkValve.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticatorFrameworkValve.java index 3501c9e594..1701c7d30c 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticatorFrameworkValve.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticatorFrameworkValve.java @@ -27,20 +27,41 @@ import org.wso2.carbon.tomcat.ext.valves.CompositeValve; import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator; import javax.servlet.http.HttpServletResponse; +import java.util.Arrays; +import java.util.List; public class WebappAuthenticatorFrameworkValve extends CarbonTomcatValve { private static final String AUTHENTICATION_SCHEME = "authentication-scheme"; + private static final String BYPASS_URIS = "bypass-uris"; private static final Log log = LogFactory.getLog(WebappAuthenticatorFrameworkValve.class); @Override public void invoke(Request request, Response response, CompositeValve compositeValve) { - String authScheme = - request.getContext().findParameter(WebappAuthenticatorFrameworkValve.AUTHENTICATION_SCHEME); - if (authScheme == null || "".equals(authScheme)) { + + String authScheme = request.getContext().findParameter(WebappAuthenticatorFrameworkValve.AUTHENTICATION_SCHEME); + + if (authScheme == null || authScheme.isEmpty()) { this.getNext().invoke(request, response, compositeValve); return; } + + String byPassURIs = request.getContext().findParameter(WebappAuthenticatorFrameworkValve.BYPASS_URIS); + + if(byPassURIs != null && !byPassURIs.isEmpty()) { + + List requestURI = Arrays.asList(byPassURIs.split(",")); + + if(requestURI != null && requestURI.size() > 0) { + for (String pathURI : requestURI) { + if (request.getRequestURI().equals(pathURI)) { + this.getNext().invoke(request, response, compositeValve); + return; + } + } + } + } + WebappAuthenticator authenticator = WebappAuthenticatorFactory.getAuthenticator(authScheme); if (authenticator == null) { String msg = "Failed to load an appropriate authenticator to authenticate the request"; diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java index 6916e21a34..7ef83a3fd9 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java @@ -14,22 +14,20 @@ public class CertificateAuthenticator implements WebappAuthenticator { private static final Log log = LogFactory.getLog(CertificateAuthenticator.class); private static final String CERTIFICATE_AUTHENTICATOR = "CertificateAuth"; - private static final String HEADER_MDM_SIGNATURE = "Mdm-Signature"; - private String[] skippedURIs; - - public CertificateAuthenticator() { - skippedURIs = new String[]{ - "/ios-enrollment/ca", - "/ios-enrollment/authenticate", - "/ios-enrollment/profile", - "/ios-enrollment/scep", - "/ios-enrollment/enroll", - "/ios-enrollment/enrolled"}; - } + private static final String CERTIFICATE_VERIFICATION_HEADER = "certificate-verification-header"; @Override public boolean canHandle(Request request) { - return true; + String certVerificationHeader = request.getContext().findParameter(CERTIFICATE_VERIFICATION_HEADER); + + if (certVerificationHeader != null && !certVerificationHeader.isEmpty()) { + + String certHeader = request.getHeader(certVerificationHeader); + + return certHeader != null; + } + + return false; } @Override @@ -40,16 +38,17 @@ public class CertificateAuthenticator implements WebappAuthenticator { return Status.CONTINUE; } - if(isURISkipped(requestUri)) { - return Status.CONTINUE; - } - - String headerMDMSignature = request.getHeader(HEADER_MDM_SIGNATURE); + String certVerificationHeader = request.getContext().findParameter(CERTIFICATE_VERIFICATION_HEADER); try { - if (headerMDMSignature != null && !headerMDMSignature.isEmpty() && - DataHolder.getInstance().getCertificateManagementService().verifySignature(headerMDMSignature)) { - return Status.SUCCESS; + if (certVerificationHeader != null && !certVerificationHeader.isEmpty()) { + + String certHeader = request.getHeader(certVerificationHeader); + + if (certHeader != null && DataHolder.getInstance().getCertificateManagementService(). + verifySignature(certHeader)) { + return Status.SUCCESS; + } } } catch (KeystoreException e) { log.error("KeystoreException occurred ", e); @@ -63,16 +62,4 @@ public class CertificateAuthenticator implements WebappAuthenticator { public String getName() { return CERTIFICATE_AUTHENTICATOR; } - - private boolean isURISkipped(String requestUri) { - - for (String element : skippedURIs) { - if (element.equals(requestUri)) { - return true; - } - } - - return false; - } - }