Example 21 with HttpServletRequestWrapper
use of javax.servlet.http.HttpServletRequestWrapper in project lucene-solr by apache.
the class BasicAuthPlugin method doAuthenticate.
@Override
public boolean doAuthenticate(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws Exception {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
String authHeader = request.getHeader("Authorization");
if (authHeader != null) {
BasicAuthPlugin.authHeader.set(new BasicHeader("Authorization", authHeader));
StringTokenizer st = new StringTokenizer(authHeader);
if (st.hasMoreTokens()) {
String basic = st.nextToken();
if (basic.equalsIgnoreCase("Basic")) {
try {
String credentials = new String(Base64.decodeBase64(st.nextToken()), "UTF-8");
int p = credentials.indexOf(":");
if (p != -1) {
final String username = credentials.substring(0, p).trim();
String pwd = credentials.substring(p + 1).trim();
if (!authenticate(username, pwd)) {
log.debug("Bad auth credentials supplied in Authorization header");
authenticationFailure(response, "Bad credentials");
} else {
HttpServletRequestWrapper wrapper = new HttpServletRequestWrapper(request) {
@Override
public Principal getUserPrincipal() {
return new BasicUserPrincipal(username);
}
};
filterChain.doFilter(wrapper, response);
return true;
}
} else {
authenticationFailure(response, "Invalid authentication token");
}
} catch (UnsupportedEncodingException e) {
throw new Error("Couldn't retrieve authentication", e);
}
}
}
} else {
if (blockUnknown) {
authenticationFailure(response, "require authentication");
} else {
request.setAttribute(AuthenticationPlugin.class.getName(), authenticationProvider.getPromptHeaders());
filterChain.doFilter(request, response);
return true;
}
}
return false;
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
StringTokenizer(java.util.StringTokenizer)
BasicUserPrincipal(org.apache.http.auth.BasicUserPrincipal)
HttpServletRequestWrapper(javax.servlet.http.HttpServletRequestWrapper)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
BasicHeader(org.apache.http.message.BasicHeader)
Example 22 with HttpServletRequestWrapper
use of javax.servlet.http.HttpServletRequestWrapper in project lucene-solr by apache.
the class DelegationTokenKerberosFilter method doFilter.
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException {
// HttpClient 4.4.x throws NPE if query string is null and parsed through URLEncodedUtils.
// See HTTPCLIENT-1746 and HADOOP-12767
HttpServletRequest httpRequest = (HttpServletRequest) request;
String queryString = httpRequest.getQueryString();
final String nonNullQueryString = queryString == null ? "" : queryString;
HttpServletRequest requestNonNullQueryString = new HttpServletRequestWrapper(httpRequest) {
@Override
public String getQueryString() {
return nonNullQueryString;
}
};
// include Impersonator User Name in case someone (e.g. logger) wants it
FilterChain filterChainWrapper = new FilterChain() {
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) servletRequest;
UserGroupInformation ugi = HttpUserGroupInformation.get();
if (ugi != null && ugi.getAuthenticationMethod() == UserGroupInformation.AuthenticationMethod.PROXY) {
UserGroupInformation realUserUgi = ugi.getRealUser();
if (realUserUgi != null) {
httpRequest.setAttribute(KerberosPlugin.IMPERSONATOR_USER_NAME, realUserUgi.getShortUserName());
}
}
filterChain.doFilter(servletRequest, servletResponse);
}
};
super.doFilter(requestNonNullQueryString, response, filterChainWrapper);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ServletRequest(javax.servlet.ServletRequest)
ServletResponse(javax.servlet.ServletResponse)
HttpServletRequestWrapper(javax.servlet.http.HttpServletRequestWrapper)
FilterChain(javax.servlet.FilterChain)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
HttpUserGroupInformation(org.apache.hadoop.security.token.delegation.web.HttpUserGroupInformation)
Example 23 with HttpServletRequestWrapper
use of javax.servlet.http.HttpServletRequestWrapper in project sling by apache.
the class ExternalServletContextWrapperTest method testUnwrappingWrappedSlingRequest.
/**
* Unwrapping a wrapped sling request should return the first-level request
* wrapped by the sling request.
*/
@Test
public void testUnwrappingWrappedSlingRequest() {
final HttpServletRequest req = context.mock(HttpServletRequest.class);
context.checking(new Expectations() {
{
allowing(req).getServletPath();
will(returnValue("/"));
allowing(req).getPathInfo();
will(returnValue("/test"));
}
});
final HttpServletRequestWrapper wrapper = new HttpServletRequestWrapper(req);
final HttpServletRequestWrapper wrapper2 = new HttpServletRequestWrapper(wrapper);
final SlingHttpServletRequestImpl slingRequest = new SlingHttpServletRequestImpl(null, wrapper2);
final HttpServletRequestWrapper slingWrapper = new HttpServletRequestWrapper(slingRequest);
ServletRequest unwrapped = ExternalServletContextWrapper.RequestDispatcherWrapper.unwrapServletRequest(slingWrapper);
assertEquals(wrapper2, unwrapped);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Expectations(org.jmock.Expectations)
ServletRequest(javax.servlet.ServletRequest)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
HttpServletRequestWrapper(javax.servlet.http.HttpServletRequestWrapper)
SlingHttpServletRequestImpl(org.apache.sling.engine.impl.SlingHttpServletRequestImpl)
Test(org.junit.Test)
Example 24 with HttpServletRequestWrapper
use of javax.servlet.http.HttpServletRequestWrapper in project sling by apache.
the class ExternalServletContextWrapperTest method testUnwrappingSlingRequest.
/**
* Unwrapping a sling request should return the first-level request wrapped
* by the sling request.
*/
@Test
public void testUnwrappingSlingRequest() {
final HttpServletRequest req = context.mock(HttpServletRequest.class);
context.checking(new Expectations() {
{
allowing(req).getServletPath();
will(returnValue("/"));
allowing(req).getPathInfo();
will(returnValue("/test"));
}
});
final HttpServletRequestWrapper wrapper = new HttpServletRequestWrapper(req);
final HttpServletRequestWrapper wrapper2 = new HttpServletRequestWrapper(wrapper);
final SlingHttpServletRequestImpl slingRequest = new SlingHttpServletRequestImpl(null, wrapper2);
ServletRequest unwrapped = ExternalServletContextWrapper.RequestDispatcherWrapper.unwrapServletRequest(slingRequest);
assertEquals(wrapper2, unwrapped);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Expectations(org.jmock.Expectations)
ServletRequest(javax.servlet.ServletRequest)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
HttpServletRequestWrapper(javax.servlet.http.HttpServletRequestWrapper)
SlingHttpServletRequestImpl(org.apache.sling.engine.impl.SlingHttpServletRequestImpl)
Test(org.junit.Test)
Example 25 with HttpServletRequestWrapper
use of javax.servlet.http.HttpServletRequestWrapper in project uPortal by Jasig.
the class RemoteUserSettingFilter method doFilter.
/* (non-Javadoc)
* @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)
*/
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
final String remoteUser = StringUtils.trimToNull(FileUtils.readFileToString(this.remoteUserFile));
if (remoteUser != null) {
request = new HttpServletRequestWrapper((HttpServletRequest) request) {
/* (non-Javadoc)
* @see javax.servlet.http.HttpServletRequestWrapper#getRemoteUser()
*/
@Override
public String getRemoteUser() {
return remoteUser;
}
/* (non-Javadoc)
* @see javax.servlet.http.HttpServletRequestWrapper#getHeader(java.lang.String)
*/
@Override
public String getHeader(String name) {
if ("REMOTE_USER".equals(name)) {
return remoteUser;
}
return super.getHeader(name);
}
/* (non-Javadoc)
* @see javax.servlet.http.HttpServletRequestWrapper#getHeaders(java.lang.String)
*/
@Override
public Enumeration<String> getHeaders(String name) {
if ("REMOTE_USER".equals(name)) {
return Iterators.asEnumeration(Collections.singleton(remoteUser).iterator());
}
return super.getHeaders(name);
}
/* (non-Javadoc)
* @see javax.servlet.http.HttpServletRequestWrapper#getHeaderNames()
*/
@Override
public Enumeration<String> getHeaderNames() {
final LinkedHashSet<String> headers = new LinkedHashSet<String>();
for (final Enumeration<String> headersEnum = super.getHeaderNames(); headersEnum.hasMoreElements(); ) {
headers.add(headersEnum.nextElement());
}
headers.add("REMOTE_USER");
return Iterators.asEnumeration(headers.iterator());
}
/* (non-Javadoc)
* @see javax.servlet.http.HttpServletRequestWrapper#getIntHeader(java.lang.String)
*/
@Override
public int getIntHeader(String name) {
if ("REMOTE_USER".equals(name)) {
return Integer.valueOf(remoteUser);
}
return super.getIntHeader(name);
}
};
}
chain.doFilter(request, response);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
LinkedHashSet(java.util.LinkedHashSet)
Enumeration(java.util.Enumeration)
HttpServletRequestWrapper(javax.servlet.http.HttpServletRequestWrapper)
Aggregations
HttpServletRequestWrapper (javax.servlet.http.HttpServletRequestWrapper)51
HttpServletRequest (javax.servlet.http.HttpServletRequest)40
HttpServletResponse (javax.servlet.http.HttpServletResponse)17
ServletRequest (javax.servlet.ServletRequest)12
ServletResponse (javax.servlet.ServletResponse)10
IOException (java.io.IOException)9
FilterChain (javax.servlet.FilterChain)9
Test (org.junit.Test)9
ServletException (javax.servlet.ServletException)8
HttpServletResponseWrapper (javax.servlet.http.HttpServletResponseWrapper)8
Principal (java.security.Principal)6
FilterConfig (javax.servlet.FilterConfig)6
ArrayList (java.util.ArrayList)5
Filter (javax.servlet.Filter)5
Provider (com.google.inject.Provider)4
ServletTestUtils.newFakeHttpServletRequest (com.google.inject.servlet.ServletTestUtils.newFakeHttpServletRequest)4
ServletTestUtils.newFakeHttpServletResponse (com.google.inject.servlet.ServletTestUtils.newFakeHttpServletResponse)4
OutputStream (java.io.OutputStream)4
Cookie (javax.servlet.http.Cookie)4
Injector (com.google.inject.Injector)2
