[Jboss-cvs] JBossAS SVN: r56809 - in trunk/tomcat: . src/main/org/jboss/web/tomcat/security src/main/org/jboss/web/tomcat/tc6 src/resources
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Wed Sep 13 13:50:25 EDT 2006
Author: anil.saldhana at jboss.com
Date: 2006-09-13 13:50:23 -0400 (Wed, 13 Sep 2006)
New Revision: 56809
Added:
trunk/tomcat/src/main/org/jboss/web/tomcat/security/GenericHeaderAuthenticator.java
Modified:
trunk/tomcat/.classpath
trunk/tomcat/src/main/org/jboss/web/tomcat/tc6/Tomcat6.java
trunk/tomcat/src/resources/webserver-xmbean.xml
Log:
JBAS-2283: Provide custom header authentication support
Modified: trunk/tomcat/.classpath
===================================================================
--- trunk/tomcat/.classpath 2006-09-13 17:40:07 UTC (rev 56808)
+++ trunk/tomcat/.classpath 2006-09-13 17:50:23 UTC (rev 56809)
@@ -11,9 +11,6 @@
<classpathentry kind="lib" path="/thirdparty/sun-servlet/lib/jsp-api.jar"/>
<classpathentry kind="src" path="/connector"/>
<classpathentry kind="lib" path="/thirdparty/jgroups/lib/jgroups.jar"/>
- <classpathentry kind="lib" path="/thirdparty/apache-tomcat/lib/catalina.jar"/>
- <classpathentry kind="lib" path="/thirdparty/apache-modeler/lib/commons-modeler.jar"/>
- <classpathentry kind="lib" path="/thirdparty/apache-tomcat/lib/tomcat-coyote.jar"/>
<classpathentry kind="lib" path="/thirdparty/sun-servlet/lib/servlet-api.jar"/>
<classpathentry kind="lib" path="/thirdparty/oswego-concurrent/lib/concurrent.jar"/>
<classpathentry kind="lib" path="/thirdparty/apache-logging/lib/commons-logging.jar"/>
@@ -23,12 +20,6 @@
<classpathentry kind="src" path="/transaction"/>
<classpathentry kind="lib" path="/thirdparty/jboss/cache/lib/jboss-cache-jdk50.jar"/>
<classpathentry kind="lib" path="/thirdparty/sun-xacml/lib/sunxacml.jar"/>
- <classpathentry kind="lib" path="/thirdparty/apache-tomcat/lib/catalina-ant.jar"/>
- <classpathentry kind="lib" path="/thirdparty/apache-tomcat/lib/el-api.jar"/>
- <classpathentry kind="lib" path="/thirdparty/apache-tomcat/lib/jasper.jar"/>
- <classpathentry kind="lib" path="/thirdparty/apache-tomcat/lib/jasper-el.jar"/>
- <classpathentry kind="lib" path="/thirdparty/apache-tomcat/lib/jasper-jdt.jar"/>
- <classpathentry kind="lib" path="/thirdparty/apache-tomcat/lib/servlet-api.jar"/>
<classpathentry kind="lib" path="/thirdparty/jboss/jbossxb/lib/jboss-xml-binding.jar"/>
<classpathentry kind="lib" path="/thirdparty/sun-jsf/lib/jsf-api.jar"/>
<classpathentry kind="lib" path="/thirdparty/sun-jsf/lib/jsf-impl.jar"/>
@@ -36,5 +27,12 @@
<classpathentry kind="lib" path="/thirdparty/jboss/serialization/lib/jboss-serialization.jar"/>
<classpathentry kind="lib" path="/thirdparty/jboss/security/lib/jbosssx.jar"/>
<classpathentry kind="lib" path="/thirdparty/jboss/security-spi/lib/jboss-security-spi.jar"/>
+ <classpathentry kind="lib" path="/thirdparty/jboss/web/lib/annotations-api-temp.jar"/>
+ <classpathentry kind="lib" path="/thirdparty/jboss/web/lib/el-api.jar"/>
+ <classpathentry kind="lib" path="/thirdparty/jboss/web/lib/jasper-jdt.jar"/>
+ <classpathentry kind="lib" path="/thirdparty/jboss/web/lib/jbossweb.jar"/>
+ <classpathentry kind="lib" path="/thirdparty/jboss/web/lib/jbossweb-extras.jar"/>
+ <classpathentry kind="lib" path="/thirdparty/jboss/web/lib/jsp-api.jar"/>
+ <classpathentry kind="lib" path="/thirdparty/jboss/web/lib/servlet-api.jar"/>
<classpathentry kind="output" path="output/eclipse-classes"/>
</classpath>
Added: trunk/tomcat/src/main/org/jboss/web/tomcat/security/GenericHeaderAuthenticator.java
===================================================================
--- trunk/tomcat/src/main/org/jboss/web/tomcat/security/GenericHeaderAuthenticator.java 2006-09-13 17:40:07 UTC (rev 56808)
+++ trunk/tomcat/src/main/org/jboss/web/tomcat/security/GenericHeaderAuthenticator.java 2006-09-13 17:50:23 UTC (rev 56809)
@@ -0,0 +1,203 @@
+/*
+ * JBoss, the OpenSource J2EE webOS
+ *
+ * Distributable under LGPL license.
+ * See terms of license at gnu.org.
+ */
+package org.jboss.web.tomcat.security;
+
+import java.io.IOException;
+import java.security.Principal;
+import java.util.StringTokenizer;
+
+import javax.management.JMException;
+import javax.management.ObjectName;
+import javax.servlet.http.Cookie;
+
+import org.apache.catalina.Realm;
+import org.apache.catalina.Session;
+import org.apache.catalina.authenticator.Constants;
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
+import org.apache.catalina.deploy.LoginConfig;
+import org.jboss.logging.Logger;
+
+/**
+ * JBAS-2283: Provide custom header based authentication support
+ *
+ * Header Authenticator that deals with userid from the request header
+ * Requires two attributes configured on the Tomcat Service - one for
+ * the http header denoting the authenticated identity and the other
+ * is the SESSION cookie
+ *
+ * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
+ * @version $Revision$
+ * @since Sep 11, 2006
+ */
+public class GenericHeaderAuthenticator extends ExtendedFormAuthenticator
+{
+ protected static Logger log = Logger.getLogger(GenericHeaderAuthenticator.class);
+ protected boolean trace = log.isTraceEnabled();
+
+ public GenericHeaderAuthenticator()
+ {
+ super();
+ }
+
+ public boolean authenticate(Request request,
+ Response response, LoginConfig config)
+ throws IOException
+ {
+ log.trace("Authenticating user");
+
+ Principal principal = request.getUserPrincipal();
+ if (principal != null)
+ {
+ if (trace)
+ log.trace("Already authenticated '" + principal.getName() + "'");
+ return true;
+ }
+
+ Realm realm = context.getRealm();
+ Session session = request.getSessionInternal(true);
+
+ String username = getUserId(request);
+ String password = getSessionCookie(request);
+
+ //Check if there is sso id as well as sessionkey
+ if(username == null || password == null )
+ {
+ log.trace("Username is null or password(sessionkey) is null:fallback to form auth");
+ return super.authenticate(request, response, config);
+ }
+ principal = realm.authenticate(username,password);
+
+ if (principal == null)
+ {
+ forwardToErrorPage(request, response, config);
+ return false;
+ }
+
+ session.setNote(Constants.SESS_USERNAME_NOTE, username);
+ session.setNote(Constants.SESS_PASSWORD_NOTE, password);
+ request.setUserPrincipal(principal);
+
+ register(request, response, principal, Constants.FORM_METHOD, username, password);
+ return true;
+ }
+
+ /**
+ * Get the username from the request header
+ * @param request
+ * @return
+ */
+ protected String getUserId(Request request)
+ {
+ String ssoid = null;
+ //We can have a comma-separated ids
+ String ids = "";
+ try
+ {
+ ids = this.getIdentityHeaderId();
+ }
+ catch (JMException e)
+ {
+ if(trace)
+ log.trace("getUserId exception", e);
+ }
+ StringTokenizer st = new StringTokenizer(ids,",");
+ while(st.hasMoreTokens())
+ {
+ ssoid = request.getHeader(st.nextToken());
+ if(ssoid != null)
+ break;
+ }
+ if(trace)
+ log.trace("SSOID-" + ssoid);
+ return ssoid;
+ }
+
+ /**
+ * Obtain the session cookie from the request
+ * @param request
+ * @return
+ */
+ protected String getSessionCookie(Request request)
+ {
+ Cookie[] cookies = request.getCookies();
+ log.trace("Cookies:"+cookies);
+ int numCookies = cookies != null ? cookies.length : 0;
+
+ //We can have comma-separated ids
+ String ids = "";
+ try
+ {
+ ids = this.getSessionCookieId();
+ log.trace("Session Cookie Ids="+ids);
+ }
+ catch (JMException e)
+ {
+ if(trace)
+ log.trace("checkSessionCookie exception", e);
+ }
+ StringTokenizer st = new StringTokenizer(ids,",");
+ while(st.hasMoreTokens())
+ {
+ String cookieToken = st.nextToken();
+ String val = getCookieValue(cookies, numCookies, cookieToken);
+ if(val != null)
+ return val;
+ }
+ if(trace)
+ log.trace("Session Cookie not found");
+ return null;
+ }
+
+ /**
+ * Get the configured header identity id
+ * in the tomcat service
+ * @return
+ * @throws JMException
+ */
+ protected String getIdentityHeaderId() throws JMException
+ {
+ return (String)mserver.getAttribute(new ObjectName("jboss.web:service=WebServer"),
+ "HttpHeaderForSSOAuth");
+ }
+
+ /**
+ * Get the configured session cookie id in the tomcat service
+ * @return
+ * @throws JMException
+ */
+ protected String getSessionCookieId() throws JMException
+ {
+ return (String)mserver.getAttribute(new ObjectName("jboss.web:service=WebServer"),
+ "SessionCookieForSSOAuth");
+ }
+
+ /**
+ * Get the value of a cookie if the name matches the token
+ * @param cookies array of cookies
+ * @param numCookies number of cookies in the array
+ * @param token Key
+ * @return value of cookie
+ */
+ protected String getCookieValue(Cookie[] cookies, int numCookies,
+ String token)
+ {
+ for(int i = 0; i < numCookies; i++)
+ {
+ Cookie cookie = cookies[i];
+ log.trace("Matching cookieToken:"+token+" with cookie name="
+ + cookie.getName());
+ if(token.equals(cookie.getName()))
+ {
+ if(trace)
+ log.trace("Cookie-" + token + " value=" + cookie.getValue());
+ return cookie.getValue();
+ }
+ }
+ return null;
+ }
+}
Modified: trunk/tomcat/src/main/org/jboss/web/tomcat/tc6/Tomcat6.java
===================================================================
--- trunk/tomcat/src/main/org/jboss/web/tomcat/tc6/Tomcat6.java 2006-09-13 17:40:07 UTC (rev 56808)
+++ trunk/tomcat/src/main/org/jboss/web/tomcat/tc6/Tomcat6.java 2006-09-13 17:50:23 UTC (rev 56809)
@@ -139,7 +139,14 @@
* JBAS-3358: Work directory shouldn't be deleted on Context Destroy
*/
private boolean deleteWorkDirOnContextDestroy = false;
+
+ /**
+ * JBAS-2283: Provide custom header based auth support
+ */
+ private String httpHeaderForSSOAuth = null;
+ private String sessionCookieForSSOAuth = null;
+
/**
* The server xml configuration file name
*/
@@ -311,6 +318,26 @@
this.deleteWorkDirOnContextDestroy = deleteFlag;
}
+ public String getHttpHeaderForSSOAuth()
+ {
+ return httpHeaderForSSOAuth;
+ }
+
+ public void setHttpHeaderForSSOAuth(String httpHeader)
+ {
+ this.httpHeaderForSSOAuth = httpHeader;
+ }
+
+ public String getSessionCookieForSSOAuth()
+ {
+ return sessionCookieForSSOAuth;
+ }
+
+ public void setSessionCookieForSSOAuth(String sessionC)
+ {
+ this.sessionCookieForSSOAuth = sessionC;
+ }
+
/**
* The SessionIdAlphabet is the set of characters used to create a session Id
*/
Modified: trunk/tomcat/src/resources/webserver-xmbean.xml
===================================================================
--- trunk/tomcat/src/resources/webserver-xmbean.xml 2006-09-13 17:40:07 UTC (rev 56808)
+++ trunk/tomcat/src/resources/webserver-xmbean.xml 2006-09-13 17:50:23 UTC (rev 56809)
@@ -40,6 +40,18 @@
<type>boolean</type>
</attribute>
+ <attribute access="read-write" getMethod="getHttpHeaderForSSOAuth"
+ setMethod="setHttpHeaderForSSOAuth">
+ <name>HttpHeaderForSSOAuth</name>
+ <type>java.lang.String</type>
+ </attribute>
+
+ <attribute access="read-write" getMethod="getSessionCookieForSSOAuth"
+ setMethod="setSessionCookieForSSOAuth">
+ <name>SessionCookieForSSOAuth</name>
+ <type>java.lang.String</type>
+ </attribute>
+
<attribute access="read-write" getMethod="getSubjectAttributeName" setMethod="setSubjectAttributeName">
<name>SubjectAttributeName</name>
<type>java.lang.String</type>
More information about the jboss-cvs-commits
mailing list