Added support for non-secured endpoints within a security enabled webapp

revert-70aa11f8
harshanl 9 years ago
parent 14923d0d99
commit 520c07693d

@ -29,6 +29,7 @@ import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthen
import javax.servlet.http.HttpServletResponse;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.StringTokenizer;
@ -36,6 +37,7 @@ public class WebappAuthenticationValve extends CarbonTomcatValve {
private static final Log log = LogFactory.getLog(WebappAuthenticationValve.class);
private static final String BYPASS_URIS = "bypass-uris";
private static HashMap<String, String> nonSecuredEndpoints = new HashMap<>();
@Override
public void invoke(Request request, Response response, CompositeValve compositeValve) {
@ -90,7 +92,7 @@ public class WebappAuthenticationValve extends CarbonTomcatValve {
private boolean skipAuthentication(Request request) {
String param = request.getContext().findParameter("doAuthentication");
return (param == null || !Boolean.parseBoolean(param));
return (param == null || !Boolean.parseBoolean(param) || isNonSecuredEndPoint(request));
}
private boolean isContextSkipped(Request request) {
@ -112,6 +114,35 @@ public class WebappAuthenticationValve extends CarbonTomcatValve {
return (ctx.equalsIgnoreCase("carbon") || ctx.equalsIgnoreCase("services"));
}
private boolean isNonSecuredEndPoint(Request request) {
String uri = request.getRequestURI();
if(!uri.endsWith("/")) {
uri = uri + "/";
}
String ctx = request.getContextPath();
//Check the context in nonSecuredEndpoints. If so it means current context is a skippedContext.
if (nonSecuredEndpoints.containsKey(uri)) {
return true;
}
String param = request.getContext().findParameter("nonSecuredEndPoints");
String skippedEndPoint;
if (param != null && !param.isEmpty()) {
//Add the nonSecured end-points to cache
StringTokenizer tokenizer = new StringTokenizer(param, ",");
while (tokenizer.hasMoreTokens()) {
skippedEndPoint = ctx + tokenizer.nextToken();
if(!skippedEndPoint.endsWith("/")) {
skippedEndPoint = skippedEndPoint + "/";
}
nonSecuredEndpoints.put(skippedEndPoint, "true");
}
if (nonSecuredEndpoints.containsKey(uri)) {
return true;
}
}
return false;
}
private void processRequest(Request request, Response response, CompositeValve compositeValve,
AuthenticationInfo authenticationInfo) {
switch (authenticationInfo.getStatus()) {
@ -121,7 +152,7 @@ public class WebappAuthenticationValve extends CarbonTomcatValve {
break;
case FAILURE:
String msg = "Failed to authorize incoming request";
if(authenticationInfo.getMessage() != null && !authenticationInfo.getMessage().isEmpty()) {
if (authenticationInfo.getMessage() != null && !authenticationInfo.getMessage().isEmpty()) {
msg = authenticationInfo.getMessage();
response.setHeader("WWW-Authenticate", msg);
}
@ -132,5 +163,4 @@ public class WebappAuthenticationValve extends CarbonTomcatValve {
break;
}
}
}
}
Loading…
Cancel
Save