Search in sources :

Example 1 with RealmBase

use of org.apache.catalina.realm.RealmBase in project fru-paqx-parent by dellemc-symphony.

the class ContextConfig method servletContainer.

@Bean
public /**
     * This container is required in order to implement the redirect from http 8080 to https 18443 in spring boot.
     * This means that http can continue to be used but will automatically redirect to https
     * The responses from FRU will be https regardless of the protocol/port used by the cli.
     */
EmbeddedServletContainerFactory servletContainer() {
    TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory() {

        @Override
        protected void postProcessContext(Context context) {
            SecurityConstraint securityConstraint = new SecurityConstraint();
            securityConstraint.setUserConstraint("CONFIDENTIAL");
            SecurityCollection collection = new SecurityCollection();
            collection.addPattern("/*");
            securityConstraint.addCollection(collection);
            context.addConstraint(securityConstraint);
        }

        @Override
        protected /**
             * This is the method where ssl is configured in the tomcat container.
             * We want to override this in order to be able to take an encrypted-base64-encoded password from
             * application.properties and to decode+decrypt it and provide it to the Ssl object before ssl configuration begins.
             */
        void configureSsl(AbstractHttp11JsseProtocol<?> protocol, Ssl ssl) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("ContextConfig: servletContainer: encoded password = " + ssl.getKeyStorePassword());
            }
            byte[] decodedBytes = Base64.getDecoder().decode(ssl.getKeyStorePassword());
            ssl.setKeyStorePassword(new String(decodedBytes));
            super.configureSsl(protocol, ssl);
        }
    };
    //Setup the redirection
    tomcat.addAdditionalTomcatConnectors(initiateHttpConnector());
    //Setup the custom realm, which sets the custom redirect code.
    //By default the redirect is 302.  But if the request to be redirected is a post,
    //then the post is converted to a get and therefore the post's body is removed in the redirect. (e.g. using CURL)
    //We need to set the redirection with code 307 so that the origin method is used in the redirect
    //e.g. get uses get on redirect and post uses post on redirect.
    //This conforms to standard RFC 2616
    tomcat.addContextCustomizers((TomcatContextCustomizer) context -> {
        RealmBase base = new CombinedRealm();
        base.setTransportGuaranteeRedirectStatus(307);
        context.setRealm(base);
    });
    return tomcat;
}
Also used : Context(org.apache.catalina.Context) CombinedRealm(org.apache.catalina.realm.CombinedRealm) Logger(org.slf4j.Logger) TomcatContextCustomizer(org.springframework.boot.context.embedded.tomcat.TomcatContextCustomizer) SecurityCollection(org.apache.tomcat.util.descriptor.web.SecurityCollection) LoggerFactory(org.slf4j.LoggerFactory) Connector(org.apache.catalina.connector.Connector) Context(org.apache.catalina.Context) EmbeddedServletContainerFactory(org.springframework.boot.context.embedded.EmbeddedServletContainerFactory) RealmBase(org.apache.catalina.realm.RealmBase) Configuration(org.springframework.context.annotation.Configuration) Ssl(org.springframework.boot.context.embedded.Ssl) TomcatEmbeddedServletContainerFactory(org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainerFactory) Base64(java.util.Base64) ConsumerContextConfig(com.dell.cpsd.service.common.client.context.ConsumerContextConfig) AbstractHttp11JsseProtocol(org.apache.coyote.http11.AbstractHttp11JsseProtocol) SecurityConstraint(org.apache.tomcat.util.descriptor.web.SecurityConstraint) Bean(org.springframework.context.annotation.Bean) AbstractHttp11JsseProtocol(org.apache.coyote.http11.AbstractHttp11JsseProtocol) CombinedRealm(org.apache.catalina.realm.CombinedRealm) TomcatEmbeddedServletContainerFactory(org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainerFactory) RealmBase(org.apache.catalina.realm.RealmBase) Ssl(org.springframework.boot.context.embedded.Ssl) SecurityConstraint(org.apache.tomcat.util.descriptor.web.SecurityConstraint) SecurityCollection(org.apache.tomcat.util.descriptor.web.SecurityCollection) Bean(org.springframework.context.annotation.Bean)

Aggregations

ConsumerContextConfig (com.dell.cpsd.service.common.client.context.ConsumerContextConfig)1 Base64 (java.util.Base64)1 Context (org.apache.catalina.Context)1 Connector (org.apache.catalina.connector.Connector)1 CombinedRealm (org.apache.catalina.realm.CombinedRealm)1 RealmBase (org.apache.catalina.realm.RealmBase)1 AbstractHttp11JsseProtocol (org.apache.coyote.http11.AbstractHttp11JsseProtocol)1 SecurityCollection (org.apache.tomcat.util.descriptor.web.SecurityCollection)1 SecurityConstraint (org.apache.tomcat.util.descriptor.web.SecurityConstraint)1 Logger (org.slf4j.Logger)1 LoggerFactory (org.slf4j.LoggerFactory)1 EmbeddedServletContainerFactory (org.springframework.boot.context.embedded.EmbeddedServletContainerFactory)1 Ssl (org.springframework.boot.context.embedded.Ssl)1 TomcatContextCustomizer (org.springframework.boot.context.embedded.tomcat.TomcatContextCustomizer)1 TomcatEmbeddedServletContainerFactory (org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainerFactory)1 Bean (org.springframework.context.annotation.Bean)1 Configuration (org.springframework.context.annotation.Configuration)1