Search in sources :

Example 6 with InternalUnauthenticatedException

use of org.jivesoftware.openfire.auth.InternalUnauthenticatedException in project Openfire by igniterealtime.

the class AuthFilter method filter.

/*
	 * (non-Javadoc)
	 * 
	 * @see
	 * com.sun.jersey.spi.container.ContainerRequestFilter#filter(com.sun.jersey
	 * .spi.container.ContainerRequest)
	 */
@Override
public ContainerRequest filter(ContainerRequest containerRequest) throws WebApplicationException {
    if (!plugin.isEnabled()) {
        throw new WebApplicationException(Status.FORBIDDEN);
    }
    // Let the preflight request through the authentication
    if ("OPTIONS".equals(containerRequest.getMethod())) {
        return containerRequest;
    }
    // To be backwards compatible to userservice 1.*
    if ("restapi/v1/userservice".equals(containerRequest.getPath())) {
        return containerRequest;
    }
    if (!plugin.getAllowedIPs().isEmpty()) {
        // Get client's IP address
        String ipAddress = httpRequest.getHeader("x-forwarded-for");
        if (ipAddress == null) {
            ipAddress = httpRequest.getHeader("X_FORWARDED_FOR");
            if (ipAddress == null) {
                ipAddress = httpRequest.getHeader("X-Forward-For");
                if (ipAddress == null) {
                    ipAddress = httpRequest.getRemoteAddr();
                }
            }
        }
        if (!plugin.getAllowedIPs().contains(ipAddress)) {
            LOG.warn("REST API rejected service to IP address: " + ipAddress);
            throw new WebApplicationException(Status.UNAUTHORIZED);
        }
    }
    // Get the authentification passed in HTTP headers parameters
    String auth = containerRequest.getHeaderValue("authorization");
    if (auth == null) {
        throw new WebApplicationException(Status.UNAUTHORIZED);
    }
    // HTTP Basic Auth or Shared Secret key
    if ("basic".equals(plugin.getHttpAuth())) {
        String[] usernameAndPassword = BasicAuth.decode(auth);
        // If username or password fail
        if (usernameAndPassword == null || usernameAndPassword.length != 2) {
            throw new WebApplicationException(Status.UNAUTHORIZED);
        }
        boolean userAdmin = AdminManager.getInstance().isUserAdmin(usernameAndPassword[0], true);
        if (!userAdmin) {
            throw new WebApplicationException(Status.UNAUTHORIZED);
        }
        try {
            AuthFactory.authenticate(usernameAndPassword[0], usernameAndPassword[1]);
        } catch (UnauthorizedException e) {
            LOG.warn("Wrong HTTP Basic Auth authorization", e);
            throw new WebApplicationException(Status.UNAUTHORIZED);
        } catch (ConnectionException e) {
            throw new WebApplicationException(Status.UNAUTHORIZED);
        } catch (InternalUnauthenticatedException e) {
            throw new WebApplicationException(Status.UNAUTHORIZED);
        }
    } else {
        if (!auth.equals(plugin.getSecret())) {
            LOG.warn("Wrong secret key authorization. Provided key: " + auth);
            throw new WebApplicationException(Status.UNAUTHORIZED);
        }
    }
    return containerRequest;
}
Also used : WebApplicationException(javax.ws.rs.WebApplicationException) UnauthorizedException(org.jivesoftware.openfire.auth.UnauthorizedException) InternalUnauthenticatedException(org.jivesoftware.openfire.auth.InternalUnauthenticatedException) ConnectionException(org.jivesoftware.openfire.auth.ConnectionException)

Aggregations

ConnectionException (org.jivesoftware.openfire.auth.ConnectionException)6 InternalUnauthenticatedException (org.jivesoftware.openfire.auth.InternalUnauthenticatedException)6 UnauthorizedException (org.jivesoftware.openfire.auth.UnauthorizedException)6 WebApplicationException (javax.ws.rs.WebApplicationException)3 UserNotFoundException (org.jivesoftware.openfire.user.UserNotFoundException)3 JID (org.xmpp.packet.JID)3 Element (org.dom4j.Element)2 LocalClientSession (org.jivesoftware.openfire.session.LocalClientSession)2 IQ (org.xmpp.packet.IQ)2 StringprepException (gnu.inet.encoding.StringprepException)1 PacketException (org.jivesoftware.openfire.PacketException)1 AuthToken (org.jivesoftware.openfire.auth.AuthToken)1 ClientSession (org.jivesoftware.openfire.session.ClientSession)1 User (org.jivesoftware.openfire.user.User)1 StreamError (org.xmpp.packet.StreamError)1