use of org.apache.pulsar.broker.authentication.AuthenticationDataHttps in project incubator-pulsar by apache.
the class AuthenticationFilter method doFilter.
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
try {
String role = authenticationService.authenticateHttpRequest((HttpServletRequest) request);
request.setAttribute(AuthenticatedRoleAttributeName, role);
request.setAttribute(AuthenticatedDataAttributeName, new AuthenticationDataHttps((HttpServletRequest) request));
if (LOG.isDebugEnabled()) {
LOG.debug("[{}] Authenticated HTTP request with role {}", request.getRemoteAddr(), role);
}
} catch (AuthenticationException e) {
HttpServletResponse httpResponse = (HttpServletResponse) response;
httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Authentication required");
LOG.warn("[{}] Failed to authenticate HTTP request: {}", request.getRemoteAddr(), e.getMessage());
return;
}
chain.doFilter(request, response);
}
use of org.apache.pulsar.broker.authentication.AuthenticationDataHttps in project incubator-pulsar by apache.
the class AbstractWebSocketHandler method checkAuth.
protected boolean checkAuth(ServletUpgradeResponse response) {
String authRole = "<none>";
AuthenticationDataSource authenticationData = new AuthenticationDataHttps(request);
if (service.isAuthenticationEnabled()) {
try {
authRole = service.getAuthenticationService().authenticateHttpRequest(request);
log.info("[{}:{}] Authenticated WebSocket client {} on topic {}", request.getRemoteAddr(), request.getRemotePort(), authRole, topic);
} catch (AuthenticationException e) {
log.warn("[{}:{}] Failed to authenticated WebSocket client {} on topic {}: {}", request.getRemoteAddr(), request.getRemotePort(), authRole, topic, e.getMessage());
try {
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Failed to authenticate");
} catch (IOException e1) {
log.warn("[{}:{}] Failed to send error: {}", request.getRemoteAddr(), request.getRemotePort(), e1.getMessage(), e1);
}
return false;
}
}
if (service.isAuthorizationEnabled()) {
try {
if (!isAuthorized(authRole, authenticationData)) {
log.warn("[{}:{}] WebSocket Client [{}] is not authorized on topic {}", request.getRemoteAddr(), request.getRemotePort(), authRole, topic);
response.sendError(HttpServletResponse.SC_FORBIDDEN, "Not authorized");
return false;
}
} catch (Exception e) {
log.warn("[{}:{}] Got an exception when authorizing WebSocket client {} on topic {} on: {}", request.getRemoteAddr(), request.getRemotePort(), authRole, topic, e.getMessage());
try {
response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Server error");
} catch (IOException e1) {
log.warn("[{}:{}] Failed to send error: {}", request.getRemoteAddr(), request.getRemotePort(), e1.getMessage(), e1);
}
return false;
}
}
return true;
}
Aggregations