Search in sources :

Example 1 with AuthenticationDataHttps

use of org.apache.pulsar.broker.authentication.AuthenticationDataHttps in project incubator-pulsar by apache.

the class AuthenticationFilter method doFilter.

@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
    try {
        String role = authenticationService.authenticateHttpRequest((HttpServletRequest) request);
        request.setAttribute(AuthenticatedRoleAttributeName, role);
        request.setAttribute(AuthenticatedDataAttributeName, new AuthenticationDataHttps((HttpServletRequest) request));
        if (LOG.isDebugEnabled()) {
            LOG.debug("[{}] Authenticated HTTP request with role {}", request.getRemoteAddr(), role);
        }
    } catch (AuthenticationException e) {
        HttpServletResponse httpResponse = (HttpServletResponse) response;
        httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Authentication required");
        LOG.warn("[{}] Failed to authenticate HTTP request: {}", request.getRemoteAddr(), e.getMessage());
        return;
    }
    chain.doFilter(request, response);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) AuthenticationException(javax.naming.AuthenticationException) HttpServletResponse(javax.servlet.http.HttpServletResponse) AuthenticationDataHttps(org.apache.pulsar.broker.authentication.AuthenticationDataHttps)

Example 2 with AuthenticationDataHttps

use of org.apache.pulsar.broker.authentication.AuthenticationDataHttps in project incubator-pulsar by apache.

the class AbstractWebSocketHandler method checkAuth.

protected boolean checkAuth(ServletUpgradeResponse response) {
    String authRole = "<none>";
    AuthenticationDataSource authenticationData = new AuthenticationDataHttps(request);
    if (service.isAuthenticationEnabled()) {
        try {
            authRole = service.getAuthenticationService().authenticateHttpRequest(request);
            log.info("[{}:{}] Authenticated WebSocket client {} on topic {}", request.getRemoteAddr(), request.getRemotePort(), authRole, topic);
        } catch (AuthenticationException e) {
            log.warn("[{}:{}] Failed to authenticated WebSocket client {} on topic {}: {}", request.getRemoteAddr(), request.getRemotePort(), authRole, topic, e.getMessage());
            try {
                response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Failed to authenticate");
            } catch (IOException e1) {
                log.warn("[{}:{}] Failed to send error: {}", request.getRemoteAddr(), request.getRemotePort(), e1.getMessage(), e1);
            }
            return false;
        }
    }
    if (service.isAuthorizationEnabled()) {
        try {
            if (!isAuthorized(authRole, authenticationData)) {
                log.warn("[{}:{}] WebSocket Client [{}] is not authorized on topic {}", request.getRemoteAddr(), request.getRemotePort(), authRole, topic);
                response.sendError(HttpServletResponse.SC_FORBIDDEN, "Not authorized");
                return false;
            }
        } catch (Exception e) {
            log.warn("[{}:{}] Got an exception when authorizing WebSocket client {} on topic {} on: {}", request.getRemoteAddr(), request.getRemotePort(), authRole, topic, e.getMessage());
            try {
                response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Server error");
            } catch (IOException e1) {
                log.warn("[{}:{}] Failed to send error: {}", request.getRemoteAddr(), request.getRemotePort(), e1.getMessage(), e1);
            }
            return false;
        }
    }
    return true;
}
Also used : AuthenticationException(javax.naming.AuthenticationException) IOException(java.io.IOException) AuthenticationDataSource(org.apache.pulsar.broker.authentication.AuthenticationDataSource) AuthenticationDataHttps(org.apache.pulsar.broker.authentication.AuthenticationDataHttps) IOException(java.io.IOException) AuthenticationException(javax.naming.AuthenticationException)

Aggregations

AuthenticationException (javax.naming.AuthenticationException)2 AuthenticationDataHttps (org.apache.pulsar.broker.authentication.AuthenticationDataHttps)2 IOException (java.io.IOException)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 HttpServletResponse (javax.servlet.http.HttpServletResponse)1 AuthenticationDataSource (org.apache.pulsar.broker.authentication.AuthenticationDataSource)1