use of org.opencastproject.urlsigning.common.ResourceRequest in project opencast by opencast.
the class UrlSigningFilter method doFilter.
/**
* @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse,
* javax.servlet.FilterChain)
*/
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
if (!enabled) {
chain.doFilter(request, response);
return;
}
if (urlRegularExpressions.size() == 0) {
logger.debug("There are no regular expressions configured to protect endpoints, skipping filter.");
chain.doFilter(request, response);
return;
}
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
if (!("GET".equalsIgnoreCase(httpRequest.getMethod()) || "HEAD".equalsIgnoreCase(httpRequest.getMethod()))) {
logger.debug("The request '{}' is not a GET or HEAD request so skipping the filter.", httpRequest.getRequestURL());
chain.doFilter(request, response);
return;
}
boolean matches = false;
for (String urlRegularExpression : urlRegularExpressions) {
Pattern p = Pattern.compile(urlRegularExpression);
Matcher m = p.matcher(httpRequest.getRequestURL());
if (m.matches()) {
matches = true;
break;
}
}
if (!matches) {
logger.debug("The request '{}' doesn't match any of the configured regular expressions so skipping the filter.", httpRequest.getRequestURL());
chain.doFilter(request, response);
return;
}
ResourceRequest resourceRequest;
try {
resourceRequest = urlSigningVerifier.verify(httpRequest.getQueryString(), httpRequest.getRemoteAddr(), httpRequest.getRequestURL().toString(), strict);
if (resourceRequest == null) {
logger.error("Unable to process httpRequest '{}' because we got a null object as the verification.", httpRequest.getRequestURL());
httpResponse.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Unable to process http request because we got a null object as the verification.");
return;
}
switch(resourceRequest.getStatus()) {
case Ok:
logger.trace("The request '{}' matched a regular expression path and was accepted as a properly signed url.", httpRequest.getRequestURL());
chain.doFilter(httpRequest, response);
return;
case BadRequest:
logger.debug("Unable to process httpRequest '{}' because it was rejected as a Bad Request, usually a problem with query string: {}", httpRequest.getRequestURL(), resourceRequest.getRejectionReason());
httpResponse.sendError(HttpServletResponse.SC_BAD_REQUEST);
return;
case Forbidden:
logger.debug("Unable to process httpRequest '{}' because is was rejected as Forbidden, usually a problem with making policy matching the signature: {}", httpRequest.getRequestURL(), resourceRequest.getRejectionReason());
httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN);
return;
case Gone:
logger.debug("Unable to process httpRequest '{}' because is was rejected as Gone: {}", httpRequest.getRequestURL(), resourceRequest.getRejectionReason());
httpResponse.sendError(HttpServletResponse.SC_GONE);
return;
default:
logger.error("Unable to process httpRequest '{}' because is was rejected as status {} which is not a status we should be handling here. This must be due to a code change and is a bug.: {}", httpRequest.getRequestURL(), resourceRequest.getStatus(), resourceRequest.getRejectionReason());
httpResponse.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
return;
}
} catch (UrlSigningException e) {
logger.error("Unable to verify request for '{}' with query string '{}' from host '{}' because: {}", httpRequest.getRequestURL(), httpRequest.getQueryString(), httpRequest.getRemoteAddr(), ExceptionUtils.getStackTrace(e));
httpResponse.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, String.format("%s is unable to verify request for '%s' with query string '%s' from host '%s' because: %s", getName(), httpRequest.getRequestURL(), httpRequest.getQueryString(), httpRequest.getRemoteAddr(), ExceptionUtils.getStackTrace(e)));
return;
}
}
use of org.opencastproject.urlsigning.common.ResourceRequest in project opencast by opencast.
the class UrlSigningFilterTest method testDeniedOnBadRequest.
@Test
public void testDeniedOnBadRequest() throws Exception {
String encryptionKeyId = "theKey";
String acceptedUrl = "http://accepted.com";
String acceptedKey = "ThisIsTheKey";
String acceptedIp = "10.0.0.1";
DateTime future = new DateTime(4749125399000L);
Policy policy = Policy.mkSimplePolicy(acceptedUrl, future);
String acceptedQueryString = ResourceRequestUtil.policyToResourceRequestQueryString(policy, encryptionKeyId, acceptedKey);
ResourceRequest acceptedRequest = new ResourceRequest();
acceptedRequest.setStatus(Status.BadRequest);
// Setup the Mock Url Signing Service
UrlSigningVerifier urlSigningVerifier = EasyMock.createMock(UrlSigningVerifier.class);
EasyMock.expect(urlSigningVerifier.verify(acceptedQueryString, acceptedIp, acceptedUrl, true)).andReturn(acceptedRequest);
EasyMock.replay(urlSigningVerifier);
UrlSigningFilter filter = new UrlSigningFilter();
filter.updated(matchAllProperties);
filter.setUrlSigningVerifier(urlSigningVerifier);
// Setup the Mock Request
HttpServletRequest request = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(request.getMethod()).andStubReturn("GET");
EasyMock.expect(request.getRequestURL()).andStubReturn(new StringBuffer(acceptedUrl));
EasyMock.expect(request.getQueryString()).andStubReturn(acceptedQueryString);
EasyMock.expect(request.getRemoteAddr()).andStubReturn(acceptedIp);
EasyMock.replay(request);
HttpServletResponse response = EasyMock.createMock(HttpServletResponse.class);
// Setup the mock filter chain.
FilterChain chain = EasyMock.createMock(FilterChain.class);
EasyMock.replay(chain);
filter.doFilter(request, response, chain);
EasyMock.verify(chain);
}
use of org.opencastproject.urlsigning.common.ResourceRequest in project opencast by opencast.
the class UrlSigningFilterTest method testDeniedOnException.
@Test
public void testDeniedOnException() throws Exception {
String encryptionKeyId = "theKey";
String acceptedUrl = "http://accepted.com";
String acceptedKey = "ThisIsTheKey";
String acceptedIp = "10.0.0.1";
DateTime future = new DateTime(4749125399000L);
Policy policy = Policy.mkSimplePolicy(acceptedUrl, future);
String acceptedQueryString = ResourceRequestUtil.policyToResourceRequestQueryString(policy, encryptionKeyId, acceptedKey);
ResourceRequest acceptedRequest = new ResourceRequest();
acceptedRequest.setStatus(Status.Ok);
// Setup the Mock Url Signing Service
UrlSigningVerifier urlSigningVerifier = EasyMock.createMock(UrlSigningVerifier.class);
EasyMock.expect(urlSigningVerifier.verify(acceptedQueryString, acceptedIp, acceptedUrl, true)).andThrow(UrlSigningException.internalProviderError());
EasyMock.replay(urlSigningVerifier);
UrlSigningFilter filter = new UrlSigningFilter();
filter.updated(matchAllProperties);
filter.setUrlSigningVerifier(urlSigningVerifier);
// Setup the Mock Request
HttpServletRequest request = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(request.getMethod()).andStubReturn("GET");
EasyMock.expect(request.getRequestURL()).andStubReturn(new StringBuffer(acceptedUrl));
EasyMock.expect(request.getQueryString()).andStubReturn(acceptedQueryString);
EasyMock.expect(request.getRemoteAddr()).andStubReturn(acceptedIp);
EasyMock.replay(request);
HttpServletResponse response = EasyMock.createMock(HttpServletResponse.class);
// Setup the mock filter chain.
FilterChain chain = EasyMock.createStrictMock(FilterChain.class);
EasyMock.replay(chain);
filter.doFilter(request, response, chain);
EasyMock.verify(chain);
}
use of org.opencastproject.urlsigning.common.ResourceRequest in project opencast by opencast.
the class UrlSigningFilterTest method testDeniedOnForbidden.
@Test
public void testDeniedOnForbidden() throws Exception {
String encryptionKeyId = "theKey";
String acceptedUrl = "http://accepted.com";
String acceptedKey = "ThisIsTheKey";
String acceptedIp = "10.0.0.1";
DateTime future = new DateTime(4749125399000L);
Policy policy = Policy.mkSimplePolicy(acceptedUrl, future);
String acceptedQueryString = ResourceRequestUtil.policyToResourceRequestQueryString(policy, encryptionKeyId, acceptedKey);
ResourceRequest acceptedRequest = new ResourceRequest();
acceptedRequest.setStatus(Status.Forbidden);
// Setup the Mock Url Signing Service
UrlSigningVerifier urlSigningVerifier = EasyMock.createMock(UrlSigningVerifier.class);
EasyMock.expect(urlSigningVerifier.verify(acceptedQueryString, acceptedIp, acceptedUrl, true)).andReturn(acceptedRequest);
EasyMock.replay(urlSigningVerifier);
UrlSigningFilter filter = new UrlSigningFilter();
filter.updated(matchAllProperties);
filter.setUrlSigningVerifier(urlSigningVerifier);
// Setup the Mock Request
HttpServletRequest request = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(request.getMethod()).andStubReturn("GET");
EasyMock.expect(request.getRequestURL()).andStubReturn(new StringBuffer(acceptedUrl));
EasyMock.expect(request.getQueryString()).andStubReturn(acceptedQueryString);
EasyMock.expect(request.getRemoteAddr()).andStubReturn(acceptedIp);
EasyMock.replay(request);
HttpServletResponse response = EasyMock.createMock(HttpServletResponse.class);
// Setup the mock filter chain.
FilterChain chain = EasyMock.createMock(FilterChain.class);
EasyMock.replay(chain);
filter.doFilter(request, response, chain);
EasyMock.verify(chain);
}
use of org.opencastproject.urlsigning.common.ResourceRequest in project opencast by opencast.
the class UrlSigningFilterTest method testCorrectPolicyAndSignature.
@Test
public void testCorrectPolicyAndSignature() throws Exception {
String encryptionKeyId = "theKey";
String acceptedUrl = "http://accepted.com";
String acceptedKey = "ThisIsTheKey";
String acceptedIp = "10.0.0.1";
DateTime future = new DateTime(4749125399000L);
Policy policy = Policy.mkSimplePolicy(acceptedUrl, future);
String acceptedQueryString = ResourceRequestUtil.policyToResourceRequestQueryString(policy, encryptionKeyId, acceptedKey);
ResourceRequest acceptedRequest = new ResourceRequest();
acceptedRequest.setStatus(Status.Ok);
// Setup the Mock Url Signing Service
UrlSigningVerifier urlSigningVerifier = EasyMock.createMock(UrlSigningVerifier.class);
EasyMock.expect(urlSigningVerifier.verify(acceptedQueryString, acceptedIp, acceptedUrl, true)).andReturn(acceptedRequest);
EasyMock.replay(urlSigningVerifier);
UrlSigningFilter filter = new UrlSigningFilter();
filter.setUrlSigningVerifier(urlSigningVerifier);
// Setup the Mock Request
HttpServletRequest request = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(request.getMethod()).andStubReturn("GET");
EasyMock.expect(request.getRequestURL()).andStubReturn(new StringBuffer(acceptedUrl));
EasyMock.expect(request.getQueryString()).andStubReturn(acceptedQueryString);
EasyMock.expect(request.getRemoteAddr()).andStubReturn(acceptedIp);
EasyMock.replay(request);
HttpServletResponse response = EasyMock.createMock(HttpServletResponse.class);
// Setup the mock filter chain.
FilterChain chain = EasyMock.createMock(FilterChain.class);
chain.doFilter(request, response);
EasyMock.expectLastCall();
EasyMock.replay(chain);
filter.doFilter(request, response, chain);
EasyMock.verify(chain);
}
Aggregations