Search in sources :

Example 56 with ServletRequest

use of javax.servlet.ServletRequest in project apex-core by apache.

the class StramWSFilter method doFilter.

@Override
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException {
    if (!(req instanceof HttpServletRequest)) {
        throw new ServletException("This filter only works for HTTP/HTTPS");
    }
    HttpServletRequest httpReq = (HttpServletRequest) req;
    HttpServletResponse httpResp = (HttpServletResponse) resp;
    String remoteAddr = httpReq.getRemoteAddr();
    String requestURI = httpReq.getRequestURI();
    boolean authenticate = true;
    String user = null;
    if (getProxyAddresses().contains(httpReq.getRemoteAddr())) {
        if (httpReq.getCookies() != null) {
            for (Cookie c : httpReq.getCookies()) {
                if (WEBAPP_PROXY_USER.equals(c.getName())) {
                    user = c.getValue();
                    break;
                }
            }
        }
        if (requestURI.equals(WebServices.PATH) && (user != null)) {
            String token = createClientToken(user, httpReq.getLocalAddr());
            logger.debug("{}: creating token {}", remoteAddr, token);
            Cookie cookie = new Cookie(CLIENT_COOKIE, token);
            httpResp.addCookie(cookie);
        } else {
            logger.info("{}: proxy access to URI {} by user {}, no cookie created", remoteAddr, requestURI, user);
        }
        authenticate = false;
    }
    if (authenticate) {
        Cookie cookie = null;
        if (httpReq.getCookies() != null) {
            for (Cookie c : httpReq.getCookies()) {
                if (c.getName().equals(CLIENT_COOKIE)) {
                    cookie = c;
                    break;
                }
            }
        }
        boolean valid = false;
        if (cookie != null) {
            user = verifyClientToken(cookie.getValue(), remoteAddr);
            if (user != null) {
                valid = true;
            } else {
                logger.debug("{}: invalid cookie {}", remoteAddr, cookie.getValue());
            }
        } else {
            logger.debug("{}: cookie not found {}", remoteAddr, CLIENT_COOKIE);
        }
        if (!valid) {
            logger.debug("{}: auth failure", remoteAddr);
            httpResp.sendError(HttpServletResponse.SC_UNAUTHORIZED);
            return;
        }
    }
    if (user == null) {
        logger.debug("{}: could not find user, so user principal will not be set", remoteAddr);
        chain.doFilter(req, resp);
    } else {
        final StramWSPrincipal principal = new StramWSPrincipal(user);
        ServletRequest requestWrapper = new StramWSServletRequestWrapper(httpReq, principal);
        chain.doFilter(requestWrapper, resp);
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) ServletException(javax.servlet.ServletException) Cookie(javax.servlet.http.Cookie) ServletRequest(javax.servlet.ServletRequest) HttpServletRequest(javax.servlet.http.HttpServletRequest) HttpServletResponse(javax.servlet.http.HttpServletResponse)

Example 57 with ServletRequest

use of javax.servlet.ServletRequest in project lucene-solr by apache.

the class MockAuthenticationPlugin method doAuthenticate.

@Override
public boolean doAuthenticate(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException {
    String user = null;
    if (predicate != null) {
        if (predicate.test(request)) {
            user = (String) request.getAttribute(Principal.class.getName());
            request.removeAttribute(Principal.class.getName());
        }
    }
    final FilterChain ffc = filterChain;
    final AtomicBoolean requestContinues = new AtomicBoolean(false);
    forward(user, request, response, new FilterChain() {

        @Override
        public void doFilter(ServletRequest req, ServletResponse res) throws IOException, ServletException {
            ffc.doFilter(req, res);
            requestContinues.set(true);
        }
    });
    return requestContinues.get();
}
Also used : ServletException(javax.servlet.ServletException) AtomicBoolean(java.util.concurrent.atomic.AtomicBoolean) ServletRequest(javax.servlet.ServletRequest) HttpServletRequest(javax.servlet.http.HttpServletRequest) ServletResponse(javax.servlet.ServletResponse) FilterChain(javax.servlet.FilterChain) IOException(java.io.IOException) Principal(java.security.Principal) BasicUserPrincipal(org.apache.http.auth.BasicUserPrincipal)

Example 58 with ServletRequest

use of javax.servlet.ServletRequest in project lucene-solr by apache.

the class PKIAuthenticationIntegrationTest method testPkiAuth.

@Test
public void testPkiAuth() throws Exception {
    CollectionAdminRequest.createCollection("collection", "conf", 2, 1).process(cluster.getSolrClient());
    // TODO make a SolrJ helper class for this
    byte[] bytes = Utils.toJSON(makeMap("authorization", singletonMap("class", MockAuthorizationPlugin.class.getName()), "authentication", singletonMap("class", MockAuthenticationPlugin.class.getName())));
    zkClient().setData(ZkStateReader.SOLR_SECURITY_CONF_PATH, bytes, true);
    HttpClient httpClient = cluster.getSolrClient().getHttpClient();
    for (JettySolrRunner jetty : cluster.getJettySolrRunners()) {
        String baseUrl = jetty.getBaseUrl().toString();
        verifySecurityStatus(httpClient, baseUrl + "/admin/authorization", "authorization/class", MockAuthorizationPlugin.class.getName(), 20);
        verifySecurityStatus(httpClient, baseUrl + "/admin/authentication", "authentication.enabled", "true", 20);
    }
    log.info("Starting test");
    ModifiableSolrParams params = new ModifiableSolrParams();
    params.add("q", "*:*");
    params.add("__user", "solr");
    params.add("__pwd", "SolrRocks");
    // This should work fine.
    final AtomicInteger count = new AtomicInteger();
    MockAuthorizationPlugin.predicate = new Predicate<AuthorizationContext>() {

        @Override
        public boolean test(AuthorizationContext context) {
            if ("/select".equals(context.getResource())) {
                Principal principal = context.getUserPrincipal();
                log.info("principalIs : {}", principal);
                if (principal != null && principal.getName().equals("solr")) {
                    count.incrementAndGet();
                }
            }
            return true;
        }
    };
    MockAuthenticationPlugin.predicate = new Predicate<ServletRequest>() {

        @Override
        public boolean test(ServletRequest servletRequest) {
            String s = ((HttpServletRequest) servletRequest).getQueryString();
            if (s != null && s.contains("__user=solr") && s.contains("__pwd=SolrRocks")) {
                servletRequest.setAttribute(Principal.class.getName(), "solr");
            }
            return true;
        }
    };
    QueryRequest query = new QueryRequest(params);
    query.process(cluster.getSolrClient(), "collection");
    assertTrue("all nodes must get the user solr , no:of nodes got solr : " + count.get(), count.get() > 2);
}
Also used : ServletRequest(javax.servlet.ServletRequest) HttpServletRequest(javax.servlet.http.HttpServletRequest) QueryRequest(org.apache.solr.client.solrj.request.QueryRequest) JettySolrRunner(org.apache.solr.client.solrj.embedded.JettySolrRunner) ModifiableSolrParams(org.apache.solr.common.params.ModifiableSolrParams) AtomicInteger(java.util.concurrent.atomic.AtomicInteger) HttpClient(org.apache.http.client.HttpClient) Principal(java.security.Principal) Test(org.junit.Test)

Example 59 with ServletRequest

use of javax.servlet.ServletRequest in project lucene-solr by apache.

the class DelegationTokenKerberosFilter method doFilter.

@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException {
    // HttpClient 4.4.x throws NPE if query string is null and parsed through URLEncodedUtils.
    // See HTTPCLIENT-1746 and HADOOP-12767
    HttpServletRequest httpRequest = (HttpServletRequest) request;
    String queryString = httpRequest.getQueryString();
    final String nonNullQueryString = queryString == null ? "" : queryString;
    HttpServletRequest requestNonNullQueryString = new HttpServletRequestWrapper(httpRequest) {

        @Override
        public String getQueryString() {
            return nonNullQueryString;
        }
    };
    // include Impersonator User Name in case someone (e.g. logger) wants it
    FilterChain filterChainWrapper = new FilterChain() {

        @Override
        public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException, ServletException {
            HttpServletRequest httpRequest = (HttpServletRequest) servletRequest;
            UserGroupInformation ugi = HttpUserGroupInformation.get();
            if (ugi != null && ugi.getAuthenticationMethod() == UserGroupInformation.AuthenticationMethod.PROXY) {
                UserGroupInformation realUserUgi = ugi.getRealUser();
                if (realUserUgi != null) {
                    httpRequest.setAttribute(KerberosPlugin.IMPERSONATOR_USER_NAME, realUserUgi.getShortUserName());
                }
            }
            filterChain.doFilter(servletRequest, servletResponse);
        }
    };
    super.doFilter(requestNonNullQueryString, response, filterChainWrapper);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) HttpServletRequest(javax.servlet.http.HttpServletRequest) ServletRequest(javax.servlet.ServletRequest) ServletResponse(javax.servlet.ServletResponse) HttpServletRequestWrapper(javax.servlet.http.HttpServletRequestWrapper) FilterChain(javax.servlet.FilterChain) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation) HttpUserGroupInformation(org.apache.hadoop.security.token.delegation.web.HttpUserGroupInformation)

Example 60 with ServletRequest

use of javax.servlet.ServletRequest in project sling by apache.

the class SlingAuthenticator method requestDestroyed.

@Override
public void requestDestroyed(ServletRequestEvent sre) {
    ServletRequest request = sre.getServletRequest();
    Object resolverAttr = request.getAttribute(REQUEST_ATTRIBUTE_RESOLVER);
    if (resolverAttr instanceof ResourceResolver) {
        ((ResourceResolver) resolverAttr).close();
        request.removeAttribute(REQUEST_ATTRIBUTE_RESOLVER);
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) ServletRequest(javax.servlet.ServletRequest) ResourceResolver(org.apache.sling.api.resource.ResourceResolver)

Aggregations

ServletRequest (javax.servlet.ServletRequest)185 ServletResponse (javax.servlet.ServletResponse)129 HttpServletRequest (javax.servlet.http.HttpServletRequest)117 HttpServletResponse (javax.servlet.http.HttpServletResponse)95 FilterChain (javax.servlet.FilterChain)79 Test (org.junit.Test)75 ServletException (javax.servlet.ServletException)59 IOException (java.io.IOException)57 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)35 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)35 MockFilterChain (org.springframework.mock.web.MockFilterChain)32 Filter (javax.servlet.Filter)28 Injector (com.google.inject.Injector)25 HttpServletResponseWrapper (javax.servlet.http.HttpServletResponseWrapper)21 NestedServletException (org.springframework.web.util.NestedServletException)19 ServletTestUtils.newFakeHttpServletRequest (com.google.inject.servlet.ServletTestUtils.newFakeHttpServletRequest)18 ServletTestUtils.newFakeHttpServletResponse (com.google.inject.servlet.ServletTestUtils.newFakeHttpServletResponse)18 HttpServletRequestWrapper (javax.servlet.http.HttpServletRequestWrapper)15 ErrorPage (org.springframework.boot.web.server.ErrorPage)15 MockHttpServletRequest (org.springframework.mock.web.test.MockHttpServletRequest)14