Example 1 with AuthenticationDataHttps
use of org.apache.pulsar.broker.authentication.AuthenticationDataHttps in project incubator-pulsar by apache.
the class AuthenticationFilter method doFilter.
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
try {
String role = authenticationService.authenticateHttpRequest((HttpServletRequest) request);
request.setAttribute(AuthenticatedRoleAttributeName, role);
request.setAttribute(AuthenticatedDataAttributeName, new AuthenticationDataHttps((HttpServletRequest) request));
if (LOG.isDebugEnabled()) {
LOG.debug("[{}] Authenticated HTTP request with role {}", request.getRemoteAddr(), role);
}
} catch (AuthenticationException e) {
HttpServletResponse httpResponse = (HttpServletResponse) response;
httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Authentication required");
LOG.warn("[{}] Failed to authenticate HTTP request: {}", request.getRemoteAddr(), e.getMessage());
return;
}
chain.doFilter(request, response);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
AuthenticationException(javax.naming.AuthenticationException)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
AuthenticationDataHttps(org.apache.pulsar.broker.authentication.AuthenticationDataHttps)
Example 2 with AuthenticationDataHttps
use of org.apache.pulsar.broker.authentication.AuthenticationDataHttps in project incubator-pulsar by apache.
the class AbstractWebSocketHandler method checkAuth.
protected boolean checkAuth(ServletUpgradeResponse response) {
String authRole = "<none>";
AuthenticationDataSource authenticationData = new AuthenticationDataHttps(request);
if (service.isAuthenticationEnabled()) {
try {
authRole = service.getAuthenticationService().authenticateHttpRequest(request);
log.info("[{}:{}] Authenticated WebSocket client {} on topic {}", request.getRemoteAddr(), request.getRemotePort(), authRole, topic);
} catch (AuthenticationException e) {
log.warn("[{}:{}] Failed to authenticated WebSocket client {} on topic {}: {}", request.getRemoteAddr(), request.getRemotePort(), authRole, topic, e.getMessage());
try {
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Failed to authenticate");
} catch (IOException e1) {
log.warn("[{}:{}] Failed to send error: {}", request.getRemoteAddr(), request.getRemotePort(), e1.getMessage(), e1);
}
return false;
}
}
if (service.isAuthorizationEnabled()) {
try {
if (!isAuthorized(authRole, authenticationData)) {
log.warn("[{}:{}] WebSocket Client [{}] is not authorized on topic {}", request.getRemoteAddr(), request.getRemotePort(), authRole, topic);
response.sendError(HttpServletResponse.SC_FORBIDDEN, "Not authorized");
return false;
}
} catch (Exception e) {
log.warn("[{}:{}] Got an exception when authorizing WebSocket client {} on topic {} on: {}", request.getRemoteAddr(), request.getRemotePort(), authRole, topic, e.getMessage());
try {
response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Server error");
} catch (IOException e1) {
log.warn("[{}:{}] Failed to send error: {}", request.getRemoteAddr(), request.getRemotePort(), e1.getMessage(), e1);
}
return false;
}
}
return true;
}
Also used :
AuthenticationException(javax.naming.AuthenticationException)
IOException(java.io.IOException)
AuthenticationDataSource(org.apache.pulsar.broker.authentication.AuthenticationDataSource)
AuthenticationDataHttps(org.apache.pulsar.broker.authentication.AuthenticationDataHttps)
IOException(java.io.IOException)
AuthenticationException(javax.naming.AuthenticationException)
Aggregations
AuthenticationException (javax.naming.AuthenticationException)2
AuthenticationDataHttps (org.apache.pulsar.broker.authentication.AuthenticationDataHttps)2
IOException (java.io.IOException)1
HttpServletRequest (javax.servlet.http.HttpServletRequest)1
HttpServletResponse (javax.servlet.http.HttpServletResponse)1
AuthenticationDataSource (org.apache.pulsar.broker.authentication.AuthenticationDataSource)1
