Examples with ResourceRequest org.opencastproject.urlsigning.common.ResourceRequest used on opensource projects

Search in sources :

Example 6 with ResourceRequest

use of org.opencastproject.urlsigning.common.ResourceRequest in project opencast by opencast.

the class UrlSigningFilter method doFilter.

/**
 * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse,
 *      javax.servlet.FilterChain)
 */
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
    if (!enabled) {
        chain.doFilter(request, response);
        return;
    }
    if (urlRegularExpressions.size() == 0) {
        logger.debug("There are no regular expressions configured to protect endpoints, skipping filter.");
        chain.doFilter(request, response);
        return;
    }
    HttpServletRequest httpRequest = (HttpServletRequest) request;
    HttpServletResponse httpResponse = (HttpServletResponse) response;
    if (!("GET".equalsIgnoreCase(httpRequest.getMethod()) || "HEAD".equalsIgnoreCase(httpRequest.getMethod()))) {
        logger.debug("The request '{}' is not a GET or HEAD request so skipping the filter.", httpRequest.getRequestURL());
        chain.doFilter(request, response);
        return;
    }
    boolean matches = false;
    for (String urlRegularExpression : urlRegularExpressions) {
        Pattern p = Pattern.compile(urlRegularExpression);
        Matcher m = p.matcher(httpRequest.getRequestURL());
        if (m.matches()) {
            matches = true;
            break;
        }
    }
    if (!matches) {
        logger.debug("The request '{}' doesn't match any of the configured regular expressions so skipping the filter.", httpRequest.getRequestURL());
        chain.doFilter(request, response);
        return;
    }
    ResourceRequest resourceRequest;
    try {
        resourceRequest = urlSigningVerifier.verify(httpRequest.getQueryString(), httpRequest.getRemoteAddr(), httpRequest.getRequestURL().toString(), strict);
        if (resourceRequest == null) {
            logger.error("Unable to process httpRequest '{}' because we got a null object as the verification.", httpRequest.getRequestURL());
            httpResponse.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Unable to process http request because we got a null object as the verification.");
            return;
        }
        switch(resourceRequest.getStatus()) {
            case Ok:
                logger.trace("The request '{}' matched a regular expression path and was accepted as a properly signed url.", httpRequest.getRequestURL());
                chain.doFilter(httpRequest, response);
                return;
            case BadRequest:
                logger.debug("Unable to process httpRequest '{}' because it was rejected as a Bad Request, usually a problem with query string: {}", httpRequest.getRequestURL(), resourceRequest.getRejectionReason());
                httpResponse.sendError(HttpServletResponse.SC_BAD_REQUEST);
                return;
            case Forbidden:
                logger.debug("Unable to process httpRequest '{}' because is was rejected as Forbidden, usually a problem with making policy matching the signature: {}", httpRequest.getRequestURL(), resourceRequest.getRejectionReason());
                httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN);
                return;
            case Gone:
                logger.debug("Unable to process httpRequest '{}' because is was rejected as Gone: {}", httpRequest.getRequestURL(), resourceRequest.getRejectionReason());
                httpResponse.sendError(HttpServletResponse.SC_GONE);
                return;
            default:
                logger.error("Unable to process httpRequest '{}' because is was rejected as status {} which is not a status we should be handling here. This must be due to a code change and is a bug.: {}", httpRequest.getRequestURL(), resourceRequest.getStatus(), resourceRequest.getRejectionReason());
                httpResponse.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
                return;
        }
    } catch (UrlSigningException e) {
        logger.error("Unable to verify request for '{}' with query string '{}' from host '{}' because: {}", httpRequest.getRequestURL(), httpRequest.getQueryString(), httpRequest.getRemoteAddr(), ExceptionUtils.getStackTrace(e));
        httpResponse.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, String.format("%s is unable to verify request for '%s' with query string '%s' from host '%s' because: %s", getName(), httpRequest.getRequestURL(), httpRequest.getQueryString(), httpRequest.getRemoteAddr(), ExceptionUtils.getStackTrace(e)));
        return;
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) Pattern(java.util.regex.Pattern) Matcher(java.util.regex.Matcher) HttpServletResponse(javax.servlet.http.HttpServletResponse) ResourceRequest(org.opencastproject.urlsigning.common.ResourceRequest) UrlSigningException(org.opencastproject.security.urlsigning.exception.UrlSigningException)

Example 7 with ResourceRequest

use of org.opencastproject.urlsigning.common.ResourceRequest in project opencast by opencast.

the class UrlSigningFilterTest method testDeniedOnBadRequest.

@Test
public void testDeniedOnBadRequest() throws Exception {
    String encryptionKeyId = "theKey";
    String acceptedUrl = "http://accepted.com";
    String acceptedKey = "ThisIsTheKey";
    String acceptedIp = "10.0.0.1";
    DateTime future = new DateTime(4749125399000L);
    Policy policy = Policy.mkSimplePolicy(acceptedUrl, future);
    String acceptedQueryString = ResourceRequestUtil.policyToResourceRequestQueryString(policy, encryptionKeyId, acceptedKey);
    ResourceRequest acceptedRequest = new ResourceRequest();
    acceptedRequest.setStatus(Status.BadRequest);
    // Setup the Mock Url Signing Service
    UrlSigningVerifier urlSigningVerifier = EasyMock.createMock(UrlSigningVerifier.class);
    EasyMock.expect(urlSigningVerifier.verify(acceptedQueryString, acceptedIp, acceptedUrl, true)).andReturn(acceptedRequest);
    EasyMock.replay(urlSigningVerifier);
    UrlSigningFilter filter = new UrlSigningFilter();
    filter.updated(matchAllProperties);
    filter.setUrlSigningVerifier(urlSigningVerifier);
    // Setup the Mock Request
    HttpServletRequest request = EasyMock.createMock(HttpServletRequest.class);
    EasyMock.expect(request.getMethod()).andStubReturn("GET");
    EasyMock.expect(request.getRequestURL()).andStubReturn(new StringBuffer(acceptedUrl));
    EasyMock.expect(request.getQueryString()).andStubReturn(acceptedQueryString);
    EasyMock.expect(request.getRemoteAddr()).andStubReturn(acceptedIp);
    EasyMock.replay(request);
    HttpServletResponse response = EasyMock.createMock(HttpServletResponse.class);
    // Setup the mock filter chain.
    FilterChain chain = EasyMock.createMock(FilterChain.class);
    EasyMock.replay(chain);
    filter.doFilter(request, response, chain);
    EasyMock.verify(chain);
}
Also used : Policy(org.opencastproject.urlsigning.common.Policy) HttpServletRequest(javax.servlet.http.HttpServletRequest) FilterChain(javax.servlet.FilterChain) UrlSigningVerifier(org.opencastproject.security.urlsigning.verifier.UrlSigningVerifier) HttpServletResponse(javax.servlet.http.HttpServletResponse) ResourceRequest(org.opencastproject.urlsigning.common.ResourceRequest) DateTime(org.joda.time.DateTime) Test(org.junit.Test)

Example 8 with ResourceRequest

use of org.opencastproject.urlsigning.common.ResourceRequest in project opencast by opencast.

the class UrlSigningFilterTest method testDeniedOnException.

@Test
public void testDeniedOnException() throws Exception {
    String encryptionKeyId = "theKey";
    String acceptedUrl = "http://accepted.com";
    String acceptedKey = "ThisIsTheKey";
    String acceptedIp = "10.0.0.1";
    DateTime future = new DateTime(4749125399000L);
    Policy policy = Policy.mkSimplePolicy(acceptedUrl, future);
    String acceptedQueryString = ResourceRequestUtil.policyToResourceRequestQueryString(policy, encryptionKeyId, acceptedKey);
    ResourceRequest acceptedRequest = new ResourceRequest();
    acceptedRequest.setStatus(Status.Ok);
    // Setup the Mock Url Signing Service
    UrlSigningVerifier urlSigningVerifier = EasyMock.createMock(UrlSigningVerifier.class);
    EasyMock.expect(urlSigningVerifier.verify(acceptedQueryString, acceptedIp, acceptedUrl, true)).andThrow(UrlSigningException.internalProviderError());
    EasyMock.replay(urlSigningVerifier);
    UrlSigningFilter filter = new UrlSigningFilter();
    filter.updated(matchAllProperties);
    filter.setUrlSigningVerifier(urlSigningVerifier);
    // Setup the Mock Request
    HttpServletRequest request = EasyMock.createMock(HttpServletRequest.class);
    EasyMock.expect(request.getMethod()).andStubReturn("GET");
    EasyMock.expect(request.getRequestURL()).andStubReturn(new StringBuffer(acceptedUrl));
    EasyMock.expect(request.getQueryString()).andStubReturn(acceptedQueryString);
    EasyMock.expect(request.getRemoteAddr()).andStubReturn(acceptedIp);
    EasyMock.replay(request);
    HttpServletResponse response = EasyMock.createMock(HttpServletResponse.class);
    // Setup the mock filter chain.
    FilterChain chain = EasyMock.createStrictMock(FilterChain.class);
    EasyMock.replay(chain);
    filter.doFilter(request, response, chain);
    EasyMock.verify(chain);
}
Also used : Policy(org.opencastproject.urlsigning.common.Policy) HttpServletRequest(javax.servlet.http.HttpServletRequest) FilterChain(javax.servlet.FilterChain) UrlSigningVerifier(org.opencastproject.security.urlsigning.verifier.UrlSigningVerifier) HttpServletResponse(javax.servlet.http.HttpServletResponse) ResourceRequest(org.opencastproject.urlsigning.common.ResourceRequest) DateTime(org.joda.time.DateTime) Test(org.junit.Test)

Example 9 with ResourceRequest

use of org.opencastproject.urlsigning.common.ResourceRequest in project opencast by opencast.

the class UrlSigningFilterTest method testDeniedOnForbidden.

@Test
public void testDeniedOnForbidden() throws Exception {
    String encryptionKeyId = "theKey";
    String acceptedUrl = "http://accepted.com";
    String acceptedKey = "ThisIsTheKey";
    String acceptedIp = "10.0.0.1";
    DateTime future = new DateTime(4749125399000L);
    Policy policy = Policy.mkSimplePolicy(acceptedUrl, future);
    String acceptedQueryString = ResourceRequestUtil.policyToResourceRequestQueryString(policy, encryptionKeyId, acceptedKey);
    ResourceRequest acceptedRequest = new ResourceRequest();
    acceptedRequest.setStatus(Status.Forbidden);
    // Setup the Mock Url Signing Service
    UrlSigningVerifier urlSigningVerifier = EasyMock.createMock(UrlSigningVerifier.class);
    EasyMock.expect(urlSigningVerifier.verify(acceptedQueryString, acceptedIp, acceptedUrl, true)).andReturn(acceptedRequest);
    EasyMock.replay(urlSigningVerifier);
    UrlSigningFilter filter = new UrlSigningFilter();
    filter.updated(matchAllProperties);
    filter.setUrlSigningVerifier(urlSigningVerifier);
    // Setup the Mock Request
    HttpServletRequest request = EasyMock.createMock(HttpServletRequest.class);
    EasyMock.expect(request.getMethod()).andStubReturn("GET");
    EasyMock.expect(request.getRequestURL()).andStubReturn(new StringBuffer(acceptedUrl));
    EasyMock.expect(request.getQueryString()).andStubReturn(acceptedQueryString);
    EasyMock.expect(request.getRemoteAddr()).andStubReturn(acceptedIp);
    EasyMock.replay(request);
    HttpServletResponse response = EasyMock.createMock(HttpServletResponse.class);
    // Setup the mock filter chain.
    FilterChain chain = EasyMock.createMock(FilterChain.class);
    EasyMock.replay(chain);
    filter.doFilter(request, response, chain);
    EasyMock.verify(chain);
}
Also used : Policy(org.opencastproject.urlsigning.common.Policy) HttpServletRequest(javax.servlet.http.HttpServletRequest) FilterChain(javax.servlet.FilterChain) UrlSigningVerifier(org.opencastproject.security.urlsigning.verifier.UrlSigningVerifier) HttpServletResponse(javax.servlet.http.HttpServletResponse) ResourceRequest(org.opencastproject.urlsigning.common.ResourceRequest) DateTime(org.joda.time.DateTime) Test(org.junit.Test)

Example 10 with ResourceRequest

use of org.opencastproject.urlsigning.common.ResourceRequest in project opencast by opencast.

the class UrlSigningFilterTest method testCorrectPolicyAndSignature.

@Test
public void testCorrectPolicyAndSignature() throws Exception {
    String encryptionKeyId = "theKey";
    String acceptedUrl = "http://accepted.com";
    String acceptedKey = "ThisIsTheKey";
    String acceptedIp = "10.0.0.1";
    DateTime future = new DateTime(4749125399000L);
    Policy policy = Policy.mkSimplePolicy(acceptedUrl, future);
    String acceptedQueryString = ResourceRequestUtil.policyToResourceRequestQueryString(policy, encryptionKeyId, acceptedKey);
    ResourceRequest acceptedRequest = new ResourceRequest();
    acceptedRequest.setStatus(Status.Ok);
    // Setup the Mock Url Signing Service
    UrlSigningVerifier urlSigningVerifier = EasyMock.createMock(UrlSigningVerifier.class);
    EasyMock.expect(urlSigningVerifier.verify(acceptedQueryString, acceptedIp, acceptedUrl, true)).andReturn(acceptedRequest);
    EasyMock.replay(urlSigningVerifier);
    UrlSigningFilter filter = new UrlSigningFilter();
    filter.setUrlSigningVerifier(urlSigningVerifier);
    // Setup the Mock Request
    HttpServletRequest request = EasyMock.createMock(HttpServletRequest.class);
    EasyMock.expect(request.getMethod()).andStubReturn("GET");
    EasyMock.expect(request.getRequestURL()).andStubReturn(new StringBuffer(acceptedUrl));
    EasyMock.expect(request.getQueryString()).andStubReturn(acceptedQueryString);
    EasyMock.expect(request.getRemoteAddr()).andStubReturn(acceptedIp);
    EasyMock.replay(request);
    HttpServletResponse response = EasyMock.createMock(HttpServletResponse.class);
    // Setup the mock filter chain.
    FilterChain chain = EasyMock.createMock(FilterChain.class);
    chain.doFilter(request, response);
    EasyMock.expectLastCall();
    EasyMock.replay(chain);
    filter.doFilter(request, response, chain);
    EasyMock.verify(chain);
}
Also used : Policy(org.opencastproject.urlsigning.common.Policy) HttpServletRequest(javax.servlet.http.HttpServletRequest) FilterChain(javax.servlet.FilterChain) UrlSigningVerifier(org.opencastproject.security.urlsigning.verifier.UrlSigningVerifier) HttpServletResponse(javax.servlet.http.HttpServletResponse) ResourceRequest(org.opencastproject.urlsigning.common.ResourceRequest) DateTime(org.joda.time.DateTime) Test(org.junit.Test)

Aggregations

ResourceRequest (org.opencastproject.urlsigning.common.ResourceRequest)10 DateTime (org.joda.time.DateTime)7 Policy (org.opencastproject.urlsigning.common.Policy)7 HttpServletRequest (javax.servlet.http.HttpServletRequest)6 HttpServletResponse (javax.servlet.http.HttpServletResponse)6 Test (org.junit.Test)6 FilterChain (javax.servlet.FilterChain)5 UrlSigningVerifier (org.opencastproject.security.urlsigning.verifier.UrlSigningVerifier)5 URI (java.net.URI)1 URISyntaxException (java.net.URISyntaxException)1 Properties (java.util.Properties)1 Matcher (java.util.regex.Matcher)1 Pattern (java.util.regex.Pattern)1 NameValuePair (org.apache.http.NameValuePair)1 BasicNameValuePair (org.apache.http.message.BasicNameValuePair)1 UrlSigningException (org.opencastproject.security.urlsigning.exception.UrlSigningException)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial