use of org.apache.catalina.connector.Request in project tomee by apache.
the class TomEERealm method logInTomEE.
private Principal logInTomEE(final Principal pcp) {
if (pcp == null) {
return null;
}
if (securityService == null) {
// tomee-embedded get it later than startInternals so we need it this way
securityService = (TomcatSecurityService) SystemInstance.get().getComponent(SecurityService.class);
}
// normally we don't care about oldstate because the listener already contains one
// which is the previous one
// so no need to clean twice here
final Request request = OpenEJBSecurityListener.requests.get();
if (request != null) {
final Object securityContext = securityService.enterWebApp(this, pcp, OpenEJBSecurityListener.requests.get().getWrapper().getRunAs());
request.setNote(SECURITY_NOTE, securityContext);
} else {
final CUTask.Context context = CUTask.Context.CURRENT.get();
if (context != null) {
final Object state = securityService.enterWebApp(this, pcp, null);
context.pushExitTask(new Runnable() {
@Override
public void run() {
securityService.exitWebApp(state);
}
});
} else {
final Logger instance = Logger.getInstance(LogCategory.OPENEJB_SECURITY, TomEERealm.class);
if (instance.isDebugEnabled()) {
instance.debug("No request or concurrency-utilities context so skipping login context propagation, " + "thread=" + Thread.currentThread().getName());
}
}
}
return pcp;
}
use of org.apache.catalina.connector.Request in project tomee by apache.
the class CXFJAXRSFilter method servletMappingIsUnderRestPath.
private boolean servletMappingIsUnderRestPath(final HttpServletRequest request) {
final HttpServletRequest unwrapped = unwrap(request);
if (!RequestFacade.class.isInstance(unwrapped)) {
return false;
}
final Request tr;
try {
tr = Request.class.cast(REQUEST.get(unwrapped));
} catch (final IllegalAccessException e) {
return false;
}
final Wrapper wrapper = tr.getWrapper();
if (wrapper == null || mapping == null) {
return false;
}
Boolean accept = mappingByServlet.get(wrapper);
if (accept == null) {
accept = false;
if (!"org.apache.catalina.servlets.DefaultServlet".equals(wrapper.getServletClass())) {
for (final String mapping : wrapper.findMappings()) {
if (!mapping.isEmpty() && !"/*".equals(mapping) && !"/".equals(mapping) && !mapping.startsWith("*") && mapping.startsWith(this.mapping)) {
accept = true;
break;
}
}
}
// else will be handed by getResourceAsStream()
mappingByServlet.putIfAbsent(wrapper, accept);
return accept;
}
return accept;
}
use of org.apache.catalina.connector.Request in project tomcat by apache.
the class TestRemoteIpValve method testInvokeUntrustedProxyInTheChain.
@Test
public void testInvokeUntrustedProxyInTheChain() throws Exception {
// PREPARE
RemoteIpValve remoteIpValve = new RemoteIpValve();
remoteIpValve.setInternalProxies("192\\.168\\.0\\.10|192\\.168\\.0\\.11");
remoteIpValve.setTrustedProxies("proxy1|proxy2|proxy3");
remoteIpValve.setRemoteIpHeader("x-forwarded-for");
remoteIpValve.setProxiesHeader("x-forwarded-by");
RemoteAddrAndHostTrackerValve remoteAddrAndHostTrackerValve = new RemoteAddrAndHostTrackerValve();
remoteIpValve.setNext(remoteAddrAndHostTrackerValve);
Request request = new MockRequest();
request.setCoyoteRequest(new org.apache.coyote.Request());
request.setRemoteAddr("192.168.0.10");
request.setRemoteHost("remote-host-original-value");
request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-for").setString("140.211.11.130, proxy1, untrusted-proxy, proxy2");
// TEST
remoteIpValve.invoke(request, null);
// VERIFY
String actualXForwardedFor = remoteAddrAndHostTrackerValve.getForwardedFor();
assertEquals("ip/host before untrusted-proxy must appear in x-forwarded-for", "140.211.11.130, proxy1", actualXForwardedFor);
String actualXForwardedBy = remoteAddrAndHostTrackerValve.getForwardedBy();
assertEquals("ip/host after untrusted-proxy must appear in x-forwarded-by", "proxy2", actualXForwardedBy);
String actualRemoteAddr = remoteAddrAndHostTrackerValve.getRemoteAddr();
assertEquals("remoteAddr", "untrusted-proxy", actualRemoteAddr);
String actualRemoteHost = remoteAddrAndHostTrackerValve.getRemoteHost();
assertEquals("remoteHost", "untrusted-proxy", actualRemoteHost);
String actualPostInvokeRemoteAddr = request.getRemoteAddr();
assertEquals("postInvoke remoteAddr", "192.168.0.10", actualPostInvokeRemoteAddr);
String actualPostInvokeRemoteHost = request.getRemoteHost();
assertEquals("postInvoke remoteAddr", "remote-host-original-value", actualPostInvokeRemoteHost);
}
use of org.apache.catalina.connector.Request in project tomcat by apache.
the class TestRemoteIpValve method testInvokeNotAllowedRemoteAddr.
@Test
public void testInvokeNotAllowedRemoteAddr() throws Exception {
// PREPARE
RemoteIpValve remoteIpValve = new RemoteIpValve();
remoteIpValve.setInternalProxies("192\\.168\\.0\\.10|192\\.168\\.0\\.11");
remoteIpValve.setTrustedProxies("proxy1|proxy2|proxy3");
remoteIpValve.setRemoteIpHeader("x-forwarded-for");
remoteIpValve.setProxiesHeader("x-forwarded-by");
RemoteAddrAndHostTrackerValve remoteAddrAndHostTrackerValve = new RemoteAddrAndHostTrackerValve();
remoteIpValve.setNext(remoteAddrAndHostTrackerValve);
Request request = new MockRequest();
request.setCoyoteRequest(new org.apache.coyote.Request());
request.setRemoteAddr("not-allowed-internal-proxy");
request.setRemoteHost("not-allowed-internal-proxy-host");
request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-for").setString("140.211.11.130, proxy1, proxy2");
// TEST
remoteIpValve.invoke(request, null);
// VERIFY
String actualXForwardedFor = request.getHeader("x-forwarded-for");
assertEquals("x-forwarded-for must be unchanged", "140.211.11.130, proxy1, proxy2", actualXForwardedFor);
String actualXForwardedBy = request.getHeader("x-forwarded-by");
assertNull("x-forwarded-by must be null", actualXForwardedBy);
String actualRemoteAddr = remoteAddrAndHostTrackerValve.getRemoteAddr();
assertEquals("remoteAddr", "not-allowed-internal-proxy", actualRemoteAddr);
String actualRemoteHost = remoteAddrAndHostTrackerValve.getRemoteHost();
assertEquals("remoteHost", "not-allowed-internal-proxy-host", actualRemoteHost);
String actualPostInvokeRemoteAddr = request.getRemoteAddr();
assertEquals("postInvoke remoteAddr", "not-allowed-internal-proxy", actualPostInvokeRemoteAddr);
String actualPostInvokeRemoteHost = request.getRemoteHost();
assertEquals("postInvoke remoteAddr", "not-allowed-internal-proxy-host", actualPostInvokeRemoteHost);
}
use of org.apache.catalina.connector.Request in project tomcat by apache.
the class TestRequestFilterValve method oneTest.
private void oneTest(String allow, String deny, boolean denyStatus, boolean addConnectorPort, boolean auth, String property, String type, boolean allowed) {
// PREPARE
RequestFilterValve valve = null;
Connector connector = new Connector();
Context context = new StandardContext();
Request request = new Request(connector);
Response response = new MockResponse();
StringBuilder msg = new StringBuilder();
int expected = allowed ? OK : FORBIDDEN;
connector.setPort(PORT);
request.getMappingData().context = context;
request.setCoyoteRequest(new org.apache.coyote.Request());
Assert.assertNotNull("Invalid test with null type", type);
if (property != null) {
if (type.equals("Addr")) {
valve = new RemoteAddrValve();
request.setRemoteAddr(property);
msg.append(" ip='" + property + "'");
} else if (type.equals("Host")) {
valve = new RemoteHostValve();
request.setRemoteHost(property);
msg.append(" host='" + property + "'");
}
}
Assert.assertNotNull("Invalid test type" + type, valve);
valve.setNext(new TerminatingValve());
if (allow != null) {
valve.setAllow(allow);
msg.append(" allow='" + allow + "'");
}
if (deny != null) {
valve.setDeny(deny);
msg.append(" deny='" + deny + "'");
}
if (denyStatus) {
valve.setDenyStatus(CUSTOM);
msg.append(" denyStatus='" + CUSTOM + "'");
if (!allowed) {
expected = CUSTOM;
}
}
if (addConnectorPort) {
if (valve instanceof RemoteAddrValve) {
((RemoteAddrValve) valve).setAddConnectorPort(true);
} else if (valve instanceof RemoteHostValve) {
((RemoteHostValve) valve).setAddConnectorPort(true);
} else {
fail("Can only set 'addConnectorPort' for RemoteAddrValve and RemoteHostValve");
}
msg.append(" addConnectorPort='true'");
}
if (auth) {
context.setPreemptiveAuthentication(true);
valve.setInvalidAuthenticationWhenDeny(true);
msg.append(" auth='true'");
}
// TEST
try {
valve.invoke(request, response);
} catch (IOException ex) {
//Ignore
} catch (ServletException ex) {
//Ignore
}
// VERIFY
if (!allowed && auth) {
assertEquals(msg.toString(), OK, response.getStatus());
assertEquals(msg.toString(), "invalid", request.getHeader("authorization"));
} else {
assertEquals(msg.toString(), expected, response.getStatus());
}
}
Aggregations