[Jboss-cvs] JBossAS SVN: r56774 - in branches/Branch_4_0/tomcat/src: main/org/jboss/web/tomcat/security main/org/jboss/web/tomcat/tc5 resources
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Tue Sep 12 13:03:37 EDT 2006
Author: anil.saldhana at jboss.com
Date: 2006-09-12 13:03:35 -0400 (Tue, 12 Sep 2006)
New Revision: 56774
Added:
branches/Branch_4_0/tomcat/src/main/org/jboss/web/tomcat/security/GenericHeaderAuthenticator.java
Modified:
branches/Branch_4_0/tomcat/src/main/org/jboss/web/tomcat/tc5/Tomcat5.java
branches/Branch_4_0/tomcat/src/resources/webserver-xmbean.xml
Log:
JBAS-2283: provide custom header based authentication support in a generic way
Added: branches/Branch_4_0/tomcat/src/main/org/jboss/web/tomcat/security/GenericHeaderAuthenticator.java
===================================================================
--- branches/Branch_4_0/tomcat/src/main/org/jboss/web/tomcat/security/GenericHeaderAuthenticator.java 2006-09-12 16:56:15 UTC (rev 56773)
+++ branches/Branch_4_0/tomcat/src/main/org/jboss/web/tomcat/security/GenericHeaderAuthenticator.java 2006-09-12 17:03:35 UTC (rev 56774)
@@ -0,0 +1,203 @@
+/*
+ * JBoss, the OpenSource J2EE webOS
+ *
+ * Distributable under LGPL license.
+ * See terms of license at gnu.org.
+ */
+package org.jboss.web.tomcat.security;
+
+import java.io.IOException;
+import java.security.Principal;
+import java.util.StringTokenizer;
+
+import javax.management.JMException;
+import javax.management.ObjectName;
+import javax.servlet.http.Cookie;
+
+import org.apache.catalina.Realm;
+import org.apache.catalina.Session;
+import org.apache.catalina.authenticator.Constants;
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
+import org.apache.catalina.deploy.LoginConfig;
+import org.jboss.logging.Logger;
+
+/**
+ * JBAS-2283: Provide custom header based authentication support
+ *
+ * Header Authenticator that deals with userid from the request header
+ * Requires two attributes configured on the Tomcat Service - one for
+ * the http header denoting the authenticated identity and the other
+ * is the SESSION cookie
+ *
+ * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
+ * @version $Revision$
+ * @since Sep 11, 2006
+ */
+public class GenericHeaderAuthenticator extends ExtendedFormAuthenticator
+{
+ protected static Logger log = Logger.getLogger(GenericHeaderAuthenticator.class);
+ protected boolean trace = log.isTraceEnabled();
+
+ public GenericHeaderAuthenticator()
+ {
+ super();
+ }
+
+ public boolean authenticate(Request request,
+ Response response, LoginConfig config)
+ throws IOException
+ {
+ log.trace("Authenticating user");
+
+ Principal principal = request.getUserPrincipal();
+ if (principal != null)
+ {
+ if (trace)
+ log.trace("Already authenticated '" + principal.getName() + "'");
+ return true;
+ }
+
+ Realm realm = context.getRealm();
+ Session session = request.getSessionInternal(true);
+
+ String username = getUserId(request);
+ String password = getSessionCookie(request);
+
+ //Check if there is sso id as well as sessionkey
+ if(username == null || password == null )
+ {
+ log.trace("Username is null or password(sessionkey) is null:fallback to form auth");
+ return super.authenticate(request, response, config);
+ }
+ principal = realm.authenticate(username,password);
+
+ if (principal == null)
+ {
+ forwardToErrorPage(request, response, config);
+ return false;
+ }
+
+ session.setNote(Constants.SESS_USERNAME_NOTE, username);
+ session.setNote(Constants.SESS_PASSWORD_NOTE, password);
+ request.setUserPrincipal(principal);
+
+ register(request, response, principal, Constants.FORM_METHOD, username, password);
+ return true;
+ }
+
+ /**
+ * Get the username from the request header
+ * @param request
+ * @return
+ */
+ protected String getUserId(Request request)
+ {
+ String ssoid = null;
+ //We can have a comma-separated ids
+ String ids = "";
+ try
+ {
+ ids = this.getIdentityHeaderId();
+ }
+ catch (JMException e)
+ {
+ if(trace)
+ log.trace("getUserId exception", e);
+ }
+ StringTokenizer st = new StringTokenizer(ids,",");
+ while(st.hasMoreTokens())
+ {
+ ssoid = request.getHeader(st.nextToken());
+ if(ssoid != null)
+ break;
+ }
+ if(trace)
+ log.trace("SSOID-" + ssoid);
+ return ssoid;
+ }
+
+ /**
+ * Obtain the session cookie from the request
+ * @param request
+ * @return
+ */
+ protected String getSessionCookie(Request request)
+ {
+ Cookie[] cookies = request.getCookies();
+ log.trace("Cookies:"+cookies);
+ int numCookies = cookies != null ? cookies.length : 0;
+
+ //We can have comma-separated ids
+ String ids = "";
+ try
+ {
+ ids = this.getSessionCookieId();
+ log.trace("Session Cookie Ids="+ids);
+ }
+ catch (JMException e)
+ {
+ if(trace)
+ log.trace("checkSessionCookie exception", e);
+ }
+ StringTokenizer st = new StringTokenizer(ids,",");
+ while(st.hasMoreTokens())
+ {
+ String cookieToken = st.nextToken();
+ String val = getCookieValue(cookies, numCookies, cookieToken);
+ if(val != null)
+ return val;
+ }
+ if(trace)
+ log.trace("Session Cookie not found");
+ return null;
+ }
+
+ /**
+ * Get the configured header identity id
+ * in the tomcat service
+ * @return
+ * @throws JMException
+ */
+ protected String getIdentityHeaderId() throws JMException
+ {
+ return (String)mserver.getAttribute(new ObjectName("jboss.web:service=WebServer"),
+ "HttpHeaderForSSOAuth");
+ }
+
+ /**
+ * Get the configured session cookie id in the tomcat service
+ * @return
+ * @throws JMException
+ */
+ protected String getSessionCookieId() throws JMException
+ {
+ return (String)mserver.getAttribute(new ObjectName("jboss.web:service=WebServer"),
+ "SessionCookieForSSOAuth");
+ }
+
+ /**
+ * Get the value of a cookie if the name matches the token
+ * @param cookies array of cookies
+ * @param numCookies number of cookies in the array
+ * @param token Key
+ * @return value of cookie
+ */
+ protected String getCookieValue(Cookie[] cookies, int numCookies,
+ String token)
+ {
+ for(int i = 0; i < numCookies; i++)
+ {
+ Cookie cookie = cookies[i];
+ log.trace("Matching cookieToken:"+token+" with cookie name="
+ + cookie.getName());
+ if(token.equals(cookie.getName()))
+ {
+ if(trace)
+ log.trace("Cookie-" + token + " value=" + cookie.getValue());
+ return cookie.getValue();
+ }
+ }
+ return null;
+ }
+}
Modified: branches/Branch_4_0/tomcat/src/main/org/jboss/web/tomcat/tc5/Tomcat5.java
===================================================================
--- branches/Branch_4_0/tomcat/src/main/org/jboss/web/tomcat/tc5/Tomcat5.java 2006-09-12 16:56:15 UTC (rev 56773)
+++ branches/Branch_4_0/tomcat/src/main/org/jboss/web/tomcat/tc5/Tomcat5.java 2006-09-12 17:03:35 UTC (rev 56774)
@@ -142,6 +142,12 @@
private boolean deleteWorkDirOnContextDestroy = false;
/**
+ * JBAS-2283: Provide custom header based auth support
+ */
+ private String httpHeaderForSSOAuth = null;
+ private String sessionCookieForSSOAuth = null;
+
+ /**
* The server xml configuration file name
*/
private String serverConfigFile = "server.xml";
@@ -309,8 +315,28 @@
public void setDeleteWorkDirOnContextDestroy(boolean deleteFlag)
{
this.deleteWorkDirOnContextDestroy = deleteFlag;
+ }
+
+ public String getHttpHeaderForSSOAuth()
+ {
+ return httpHeaderForSSOAuth;
}
+ public void setHttpHeaderForSSOAuth(String httpHeader)
+ {
+ this.httpHeaderForSSOAuth = httpHeader;
+ }
+
+ public String getSessionCookieForSSOAuth()
+ {
+ return sessionCookieForSSOAuth;
+ }
+
+ public void setSessionCookieForSSOAuth(String sessionC)
+ {
+ this.sessionCookieForSSOAuth = sessionC;
+ }
+
/**
* The SessionIdAlphabet is the set of characters used to create a session Id
*/
Modified: branches/Branch_4_0/tomcat/src/resources/webserver-xmbean.xml
===================================================================
--- branches/Branch_4_0/tomcat/src/resources/webserver-xmbean.xml 2006-09-12 16:56:15 UTC (rev 56773)
+++ branches/Branch_4_0/tomcat/src/resources/webserver-xmbean.xml 2006-09-12 17:03:35 UTC (rev 56774)
@@ -40,6 +40,18 @@
<type>boolean</type>
</attribute>
+ <attribute access="read-write" getMethod="getHttpHeaderForSSOAuth"
+ setMethod="setHttpHeaderForSSOAuth">
+ <name>HttpHeaderForSSOAuth</name>
+ <type>java.lang.String</type>
+ </attribute>
+
+ <attribute access="read-write" getMethod="getSessionCookieForSSOAuth"
+ setMethod="setSessionCookieForSSOAuth">
+ <name>SessionCookieForSSOAuth</name>
+ <type>java.lang.String</type>
+ </attribute>
+
<attribute access="read-write" getMethod="getSubjectAttributeName" setMethod="setSubjectAttributeName">
<name>SubjectAttributeName</name>
<type>java.lang.String</type>
More information about the jboss-cvs-commits
mailing list