use of javax.servlet.ServletRequest in project apex-core by apache.
the class StramWSFilter method doFilter.
@Override
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException {
if (!(req instanceof HttpServletRequest)) {
throw new ServletException("This filter only works for HTTP/HTTPS");
}
HttpServletRequest httpReq = (HttpServletRequest) req;
HttpServletResponse httpResp = (HttpServletResponse) resp;
String remoteAddr = httpReq.getRemoteAddr();
String requestURI = httpReq.getRequestURI();
boolean authenticate = true;
String user = null;
if (getProxyAddresses().contains(httpReq.getRemoteAddr())) {
if (httpReq.getCookies() != null) {
for (Cookie c : httpReq.getCookies()) {
if (WEBAPP_PROXY_USER.equals(c.getName())) {
user = c.getValue();
break;
}
}
}
if (requestURI.equals(WebServices.PATH) && (user != null)) {
String token = createClientToken(user, httpReq.getLocalAddr());
logger.debug("{}: creating token {}", remoteAddr, token);
Cookie cookie = new Cookie(CLIENT_COOKIE, token);
httpResp.addCookie(cookie);
} else {
logger.info("{}: proxy access to URI {} by user {}, no cookie created", remoteAddr, requestURI, user);
}
authenticate = false;
}
if (authenticate) {
Cookie cookie = null;
if (httpReq.getCookies() != null) {
for (Cookie c : httpReq.getCookies()) {
if (c.getName().equals(CLIENT_COOKIE)) {
cookie = c;
break;
}
}
}
boolean valid = false;
if (cookie != null) {
user = verifyClientToken(cookie.getValue(), remoteAddr);
if (user != null) {
valid = true;
} else {
logger.debug("{}: invalid cookie {}", remoteAddr, cookie.getValue());
}
} else {
logger.debug("{}: cookie not found {}", remoteAddr, CLIENT_COOKIE);
}
if (!valid) {
logger.debug("{}: auth failure", remoteAddr);
httpResp.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return;
}
}
if (user == null) {
logger.debug("{}: could not find user, so user principal will not be set", remoteAddr);
chain.doFilter(req, resp);
} else {
final StramWSPrincipal principal = new StramWSPrincipal(user);
ServletRequest requestWrapper = new StramWSServletRequestWrapper(httpReq, principal);
chain.doFilter(requestWrapper, resp);
}
}
use of javax.servlet.ServletRequest in project lucene-solr by apache.
the class MockAuthenticationPlugin method doAuthenticate.
@Override
public boolean doAuthenticate(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException {
String user = null;
if (predicate != null) {
if (predicate.test(request)) {
user = (String) request.getAttribute(Principal.class.getName());
request.removeAttribute(Principal.class.getName());
}
}
final FilterChain ffc = filterChain;
final AtomicBoolean requestContinues = new AtomicBoolean(false);
forward(user, request, response, new FilterChain() {
@Override
public void doFilter(ServletRequest req, ServletResponse res) throws IOException, ServletException {
ffc.doFilter(req, res);
requestContinues.set(true);
}
});
return requestContinues.get();
}
use of javax.servlet.ServletRequest in project lucene-solr by apache.
the class PKIAuthenticationIntegrationTest method testPkiAuth.
@Test
public void testPkiAuth() throws Exception {
CollectionAdminRequest.createCollection("collection", "conf", 2, 1).process(cluster.getSolrClient());
// TODO make a SolrJ helper class for this
byte[] bytes = Utils.toJSON(makeMap("authorization", singletonMap("class", MockAuthorizationPlugin.class.getName()), "authentication", singletonMap("class", MockAuthenticationPlugin.class.getName())));
zkClient().setData(ZkStateReader.SOLR_SECURITY_CONF_PATH, bytes, true);
HttpClient httpClient = cluster.getSolrClient().getHttpClient();
for (JettySolrRunner jetty : cluster.getJettySolrRunners()) {
String baseUrl = jetty.getBaseUrl().toString();
verifySecurityStatus(httpClient, baseUrl + "/admin/authorization", "authorization/class", MockAuthorizationPlugin.class.getName(), 20);
verifySecurityStatus(httpClient, baseUrl + "/admin/authentication", "authentication.enabled", "true", 20);
}
log.info("Starting test");
ModifiableSolrParams params = new ModifiableSolrParams();
params.add("q", "*:*");
params.add("__user", "solr");
params.add("__pwd", "SolrRocks");
// This should work fine.
final AtomicInteger count = new AtomicInteger();
MockAuthorizationPlugin.predicate = new Predicate<AuthorizationContext>() {
@Override
public boolean test(AuthorizationContext context) {
if ("/select".equals(context.getResource())) {
Principal principal = context.getUserPrincipal();
log.info("principalIs : {}", principal);
if (principal != null && principal.getName().equals("solr")) {
count.incrementAndGet();
}
}
return true;
}
};
MockAuthenticationPlugin.predicate = new Predicate<ServletRequest>() {
@Override
public boolean test(ServletRequest servletRequest) {
String s = ((HttpServletRequest) servletRequest).getQueryString();
if (s != null && s.contains("__user=solr") && s.contains("__pwd=SolrRocks")) {
servletRequest.setAttribute(Principal.class.getName(), "solr");
}
return true;
}
};
QueryRequest query = new QueryRequest(params);
query.process(cluster.getSolrClient(), "collection");
assertTrue("all nodes must get the user solr , no:of nodes got solr : " + count.get(), count.get() > 2);
}
use of javax.servlet.ServletRequest in project lucene-solr by apache.
the class DelegationTokenKerberosFilter method doFilter.
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException {
// HttpClient 4.4.x throws NPE if query string is null and parsed through URLEncodedUtils.
// See HTTPCLIENT-1746 and HADOOP-12767
HttpServletRequest httpRequest = (HttpServletRequest) request;
String queryString = httpRequest.getQueryString();
final String nonNullQueryString = queryString == null ? "" : queryString;
HttpServletRequest requestNonNullQueryString = new HttpServletRequestWrapper(httpRequest) {
@Override
public String getQueryString() {
return nonNullQueryString;
}
};
// include Impersonator User Name in case someone (e.g. logger) wants it
FilterChain filterChainWrapper = new FilterChain() {
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) servletRequest;
UserGroupInformation ugi = HttpUserGroupInformation.get();
if (ugi != null && ugi.getAuthenticationMethod() == UserGroupInformation.AuthenticationMethod.PROXY) {
UserGroupInformation realUserUgi = ugi.getRealUser();
if (realUserUgi != null) {
httpRequest.setAttribute(KerberosPlugin.IMPERSONATOR_USER_NAME, realUserUgi.getShortUserName());
}
}
filterChain.doFilter(servletRequest, servletResponse);
}
};
super.doFilter(requestNonNullQueryString, response, filterChainWrapper);
}
use of javax.servlet.ServletRequest in project sling by apache.
the class SlingAuthenticator method requestDestroyed.
@Override
public void requestDestroyed(ServletRequestEvent sre) {
ServletRequest request = sre.getServletRequest();
Object resolverAttr = request.getAttribute(REQUEST_ATTRIBUTE_RESOLVER);
if (resolverAttr instanceof ResourceResolver) {
((ResourceResolver) resolverAttr).close();
request.removeAttribute(REQUEST_ATTRIBUTE_RESOLVER);
}
}
Aggregations