Example 6 with GlassFishValve
use of org.glassfish.web.valve.GlassFishValve in project Payara by payara.
the class ContextConfig method authenticatorConfig.
/**
* Set up an Authenticator automatically if required, and one has not
* already been configured.
*/
protected synchronized void authenticatorConfig() throws LifecycleException {
// Does this Context require an Authenticator?
/* START IASRI 4856062
// This constraints check is relocated to happen after
// setRealmName(). This allows apps which have no constraints
// and no authenticator to still have a realm name set in
// their RealmAdapater. This is only relevant in the case where
// the core ACLs are doing all access control AND the servlet
// wishes to call isUserInRole AND the application does have
// security-role-mapping elements in sun-web.xml. This is probably
// not an interesting scenario. But might as well allow it to
// work, maybe it is of some use.
SecurityConstraint constraints[] = context.findConstraints();
if ((constraints == null) || (constraints.length == 0))
return;
*/
LoginConfig loginConfig = context.getLoginConfig();
if (loginConfig == null) {
loginConfig = new LoginConfig("NONE", null, null, null);
context.setLoginConfig(loginConfig);
}
// Has an authenticator been configured already?
if (context instanceof Authenticator)
return;
if (context instanceof ContainerBase) {
Pipeline pipeline = ((ContainerBase) context).getPipeline();
if (pipeline != null) {
GlassFishValve basic = pipeline.getBasic();
if ((basic != null) && (basic instanceof Authenticator))
return;
GlassFishValve[] valves = pipeline.getValves();
for (int i = 0; i < valves.length; i++) {
if (valves[i] instanceof Authenticator)
return;
}
}
} else {
// Cannot install a Valve even if it would be needed
return;
}
// Has a Realm been configured for us to authenticate against?
/* START IASRI 4856062
if (context.getRealm() == null) {
*/
// BEGIN IASRI 4856062
Realm rlm = context.getRealm();
if (rlm == null) {
// END IASRI 4856062
throw new LifecycleException(rb.getString(LogFacade.NO_REALM_BEEN_CONFIGURED_EXCEPTION));
}
// BEGIN IASRI 4856062
// If a realm is available set its name in the Realm(Adapter)
rlm.setRealmName(loginConfig.getRealmName(), loginConfig.getAuthMethod());
if (!context.hasConstraints()) {
return;
}
// END IASRI 4856062
/*
* First check to see if there is a custom mapping for the login
* method. If so, use it. Otherwise, check if there is a mapping in
* org/apache/catalina/startup/Authenticators.properties.
*/
GlassFishValve authenticator = null;
if (customAuthenticators != null) {
/* PWC 6392537
authenticator = (Valve)
customAuthenticators.get(loginConfig.getAuthMethod());
*/
// START PWC 6392537
String loginMethod = loginConfig.getAuthMethod();
if (loginMethod != null && customAuthenticators.containsKey(loginMethod)) {
authenticator = getGlassFishValveAuthenticator(loginMethod);
if (authenticator == null) {
String msg = MessageFormat.format(rb.getString(LogFacade.CANNOT_CONFIG_AUTHENTICATOR_EXCEPTION), loginMethod);
throw new LifecycleException(msg);
}
}
// END PWC 6392537
}
if (authenticator == null) {
// Identify the class name of the Valve we should configure
String authenticatorName = null;
// BEGIN RIMOD 4808402
// If login-config is given but auth-method is null, use NONE
// so that NonLoginAuthenticator is picked
String authMethod = loginConfig.getAuthMethod();
if (authMethod == null) {
authMethod = "NONE";
}
authenticatorName = authenticators.getProperty(authMethod);
if (authenticatorName == null) {
String msg = MessageFormat.format(rb.getString(LogFacade.CANNOT_CONFIG_AUTHENTICATOR_EXCEPTION), loginConfig.getAuthMethod());
throw new LifecycleException(msg);
}
// Instantiate and install an Authenticator of the requested class
try {
Class authenticatorClass = Class.forName(authenticatorName);
authenticator = (GlassFishValve) authenticatorClass.newInstance();
} catch (Throwable t) {
String msg = MessageFormat.format(rb.getString(LogFacade.CANNOT_INSTANTIATE_AUTHENTICATOR_EXCEPTION), authenticatorName);
throw new LifecycleException(msg, t);
}
}
if (authenticator != null && context instanceof ContainerBase) {
Pipeline pipeline = ((ContainerBase) context).getPipeline();
if (pipeline != null) {
((ContainerBase) context).addValve(authenticator);
if (log.isLoggable(Level.FINE)) {
log.log(Level.FINE, LogFacade.CONFIGURED_AUTHENTICATOR_FINE, loginConfig.getAuthMethod());
}
}
}
}
Also used :
LoginConfig(org.apache.catalina.deploy.LoginConfig)
SecurityConstraint(org.apache.catalina.deploy.SecurityConstraint)
GlassFishValve(org.glassfish.web.valve.GlassFishValve)
Example 7 with GlassFishValve
use of org.glassfish.web.valve.GlassFishValve in project Payara by payara.
the class StandardPipeline method addValve.
/**
* <p>Add a new Valve to the end of the pipeline associated with this
* Container. Prior to adding the Valve, the Valve's
* <code>setContainer()</code> method will be called, if it implements
* <code>Contained</code>, with the owning Container as an argument.
* The method may throw an
* <code>IllegalArgumentException</code> if this Valve chooses not to
* be associated with this Container, or <code>IllegalStateException</code>
* if it is already associated with a different Container.</p>
*
* @param valve Valve to be added
*
* @exception IllegalArgumentException if this Container refused to
* accept the specified Valve
* @exception IllegalArgumentException if the specified Valve refuses to be
* associated with this Container
* @exception IllegalStateException if the specified Valve is already
* associated with a different Container
*/
public void addValve(GlassFishValve valve) {
if (firstTcValve != null) {
// Wrap GlassFish-style valve inside Tomcat-style valve
addValve(new TomcatValveAdapter(valve));
return;
}
// Validate that we can add this Valve
if (valve instanceof Contained)
((Contained) valve).setContainer(this.container);
// Start the new component if necessary
if (started) {
if (valve instanceof Lifecycle) {
try {
((Lifecycle) valve).start();
} catch (LifecycleException e) {
log.log(Level.SEVERE, LogFacade.ADD_VALVE_EXCEPTION, e);
}
}
/**
* CR 6411114 (MBean registration moved to ValveBase.start())
* // Register the newly added valve
* registerValve(valve);
*/
}
// Add this Valve to the set associated with this Pipeline
GlassFishValve[] results = new GlassFishValve[valves.length + 1];
System.arraycopy(valves, 0, results, 0, valves.length);
results[valves.length] = valve;
valves = results;
}
Also used :
TomcatValveAdapter(org.glassfish.web.valve.TomcatValveAdapter)
GlassFishValve(org.glassfish.web.valve.GlassFishValve)
Example 8 with GlassFishValve
use of org.glassfish.web.valve.GlassFishValve in project Payara by payara.
the class StandardPipeline method doInvoke.
private void doInvoke(Request request, Response response, boolean chaining) throws IOException, ServletException {
if ((valves.length > 0) || (basic != null)) {
// Set the status so that if there are no valves (other than the
// basic one), the basic valve's request processing logic will
// be invoked
int status = GlassFishValve.INVOKE_NEXT;
// Iterate over all the valves in the pipeline and invoke
// each valve's processing logic and then move onto to the
// next valve in the pipeline only if the previous valve indicated
// that the pipeline should proceed.
int i;
for (i = 0; i < valves.length; i++) {
Request req = request;
Response resp = response;
if (chaining) {
req = getRequest(request);
resp = getResponse(request, response);
}
status = valves[i].invoke(req, resp);
if (status != GlassFishValve.INVOKE_NEXT)
break;
}
// Save a reference to the valve[], to ensure that postInvoke()
// is invoked on the original valve[], in case a valve gets added
// or removed during the invocation of the basic valve (e.g.,
// in case access logging is enabled or disabled by some kind of
// admin servlet), in which case the indices used for postInvoke
// invocations below would be off
GlassFishValve[] savedValves = valves;
// directly.
if (status == GlassFishValve.INVOKE_NEXT) {
if (firstTcValve != null) {
firstTcValve.invoke((org.apache.catalina.connector.Request) request, (org.apache.catalina.connector.Response) response);
} else if (basic != null) {
Request req = request;
Response resp = response;
if (chaining) {
req = getRequest(request);
resp = getResponse(request, response);
}
basic.invoke(req, resp);
postInvoke(basic, req, resp);
}
}
// that returned a status of INVOKE_NEXT
for (int j = i - 1; j >= 0; j--) {
Request req = request;
Response resp = response;
if (chaining) {
req = getRequest(request);
resp = getResponse(request, response);
}
postInvoke(savedValves[j], req, resp);
}
savedValves = null;
} else {
throw new ServletException(rb.getString(LogFacade.NO_VALVES_IN_PIPELINE_EXCEPTION));
}
// Calls the protocol handler's init method if the request is marked to be upgraded
if (request instanceof org.apache.catalina.connector.Request) {
org.apache.catalina.connector.Request req = (org.apache.catalina.connector.Request) request;
if (req.isUpgrade()) {
HttpUpgradeHandler handler = req.getHttpUpgradeHandler();
if (handler != null) {
WebConnectionImpl wc = new WebConnectionImpl(req.getInputStream(), ((org.apache.catalina.connector.Response) req.getResponse()).getOutputStream());
wc.setRequest(req);
req.setWebConnection(wc);
if (response instanceof org.apache.catalina.connector.Response) {
wc.setResponse((org.apache.catalina.connector.Response) response);
}
Context context = req.getContext();
try {
context.fireContainerEvent(ContainerEvent.BEFORE_UPGRADE_HANDLER_INITIALIZED, handler);
req.initialiseHttpUpgradeHandler(wc);
} finally {
context.fireContainerEvent(ContainerEvent.AFTER_UPGRADE_HANDLER_INITIALIZED, handler);
}
} else {
log.log(Level.SEVERE, LogFacade.PROTOCOL_HANDLER_REQUIRED_EXCEPTION);
}
// req.setUpgrade(false);
}
}
}
Also used :
Request(org.apache.catalina.Request)
GlassFishValve(org.glassfish.web.valve.GlassFishValve)
Response(org.apache.catalina.Response)
ServletException(javax.servlet.ServletException)
org.apache.catalina.connector(org.apache.catalina.connector)
org.apache.catalina(org.apache.catalina)
HttpUpgradeHandler(javax.servlet.http.HttpUpgradeHandler)
Example 9 with GlassFishValve
use of org.glassfish.web.valve.GlassFishValve in project Payara by payara.
the class CoyoteAdapter method doService.
private void doService(final org.glassfish.grizzly.http.server.Request req, final Request request, final org.glassfish.grizzly.http.server.Response res, final Response response, final boolean v3Enabled) throws Exception {
// Check connector for disabled state
if (!connector.isEnabled()) {
String msg = MessageFormat.format(rb.getString(LogFacade.HTTP_LISTENER_DISABLED), String.valueOf(connector.getPort()));
if (log.isLoggable(Level.FINE)) {
log.log(Level.FINE, msg);
}
response.sendError(HttpServletResponse.SC_NOT_FOUND, msg);
return;
}
// request parameters
if (postParseRequest(req, request, res, response, v3Enabled)) {
// START S1AS 6188932
boolean authPassthroughEnabled = connector.getAuthPassthroughEnabled();
ProxyHandler proxyHandler = connector.getProxyHandler();
if (authPassthroughEnabled && proxyHandler != null) {
// START SJSAS 6397218
if (proxyHandler.getSSLKeysize((HttpServletRequest) request.getRequest()) > 0) {
request.setSecure(true);
}
// END SJSAS 6397218
X509Certificate[] certs = null;
try {
certs = proxyHandler.getSSLClientCertificateChain(request.getRequest());
} catch (CertificateException ce) {
log.log(Level.SEVERE, LogFacade.PARSING_CLIENT_CERT_EXCEPTION, ce);
}
if (certs != null) {
request.setAttribute(Globals.CERTIFICATES_ATTR, certs);
}
}
// END S1AS 6188932
// // "Server" header is set by GlassfishHttpCodecFilter
// if (serverName != null && !serverName.isEmpty()) {
// response.addHeader("Server", serverName);
// }
// Invoke the web container
connector.requestStartEvent(request.getRequest(), request.getHost(), request.getContext());
Container container = connector.getContainer();
enteringServletContainer(request, response);
try {
request.lockSession();
if (container.getPipeline().hasNonBasicValves() || container.hasCustomPipeline()) {
container.getPipeline().invoke(request, response);
} else {
// Invoke host directly
Host host = request.getHost();
if (host == null) {
response.sendError(HttpServletResponse.SC_BAD_REQUEST);
String msg = MessageFormat.format(rb.getString(LogFacade.NO_HOST_MATCHES_SERVER_NAME_INFO), request.getRequest().getServerName());
response.setDetailMessage(msg);
return;
}
if (host.getPipeline().hasNonBasicValves() || host.hasCustomPipeline()) {
host.getPipeline().invoke(request, response);
} else {
GlassFishValve hostValve = host.getPipeline().getBasic();
hostValve.invoke(request, response);
// Error handling
hostValve.postInvoke(request, response);
}
}
} finally {
try {
connector.requestEndEvent(request.getRequest(), request.getHost(), request.getContext(), response.getStatus());
} finally {
leavingServletContainer(request, response);
}
}
}
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Container(org.apache.catalina.Container)
ProxyHandler(com.sun.appserv.ProxyHandler)
CertificateException(java.security.cert.CertificateException)
Host(org.apache.catalina.Host)
X509Certificate(java.security.cert.X509Certificate)
GlassFishValve(org.glassfish.web.valve.GlassFishValve)
Example 10 with GlassFishValve
use of org.glassfish.web.valve.GlassFishValve in project Payara by payara.
the class StandardContextValve method invoke.
/**
* Tomcat style invocation.
*/
@Override
public void invoke(org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response) throws IOException, ServletException {
Wrapper wrapper = preInvoke(request, response);
if (wrapper == null) {
return;
}
// START GlassFish 1343
if (wrapper.getPipeline().hasNonBasicValves() || wrapper.hasCustomPipeline()) {
wrapper.getPipeline().invoke(request, response);
} else {
GlassFishValve basic = wrapper.getPipeline().getBasic();
if (basic != null) {
basic.invoke(request, response);
basic.postInvoke(request, response);
}
}
// END GlassFish 1343
postInvoke(request, response);
}
Also used :
GlassFishValve(org.glassfish.web.valve.GlassFishValve)
Aggregations
GlassFishValve (org.glassfish.web.valve.GlassFishValve)16
SecurityConstraint (org.apache.catalina.deploy.SecurityConstraint)3
Method (java.lang.reflect.Method)2
ServletException (javax.servlet.ServletException)2
ContainerBase (org.apache.catalina.core.ContainerBase)2
LoginConfig (org.apache.catalina.deploy.LoginConfig)2
ProxyHandler (com.sun.appserv.ProxyHandler)1
Config (com.sun.enterprise.config.serverbeans.Config)1
SecurityService (com.sun.enterprise.config.serverbeans.SecurityService)1
WebServiceEndpoint (com.sun.enterprise.deployment.WebServiceEndpoint)1
LoginConfiguration (com.sun.enterprise.deployment.web.LoginConfiguration)1
SecurityConstraint (com.sun.enterprise.deployment.web.SecurityConstraint)1
UserDataConstraint (com.sun.enterprise.deployment.web.UserDataConstraint)1
WebResourceCollection (com.sun.enterprise.deployment.web.WebResourceCollection)1
RealmInitializer (com.sun.enterprise.security.integration.RealmInitializer)1
GlassFishSingleSignOn (com.sun.enterprise.security.web.GlassFishSingleSignOn)1
LoginConfigDecorator (com.sun.enterprise.web.deploy.LoginConfigDecorator)1
IOException (java.io.IOException)1
String (java.lang.String)1
CertificateException (java.security.cert.CertificateException)1
