[jboss-cvs] JBossAS SVN: r66447 - in trunk: testsuite/imports/sections and 5 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu Oct 25 14:23:17 EDT 2007
Author: sguilhen at redhat.com
Date: 2007-10-25 14:23:16 -0400 (Thu, 25 Oct 2007)
New Revision: 66447
Added:
trunk/testsuite/src/main/org/jboss/test/web/security/GenericHeaderAuthUnitTestCase.java
trunk/testsuite/src/resources/web/federation/customheader/
trunk/testsuite/src/resources/web/federation/customheader/application.xml
trunk/testsuite/src/resources/web/federation/genericheader/context.xml
trunk/testsuite/src/resources/web/federation/genericheader/header-auth-web.xml
trunk/testsuite/src/resources/web/federation/genericheader/jboss-web.xml
Removed:
trunk/testsuite/src/resources/web/federation/customheader/application.xml
Modified:
trunk/testsuite/build.xml
trunk/testsuite/imports/sections/web.xml
trunk/testsuite/src/resources/web/federation/genericheader/application.xml
trunk/tomcat/src/main/org/jboss/web/tomcat/security/GenericHeaderAuthenticator.java
Log:
JBAS-4804: Merge from Branch_4_2.
Modified: trunk/testsuite/build.xml
===================================================================
--- trunk/testsuite/build.xml 2007-10-25 17:24:56 UTC (rev 66446)
+++ trunk/testsuite/build.xml 2007-10-25 18:23:16 UTC (rev 66447)
@@ -734,6 +734,7 @@
<!-- Tests needing tomcat federation -->
<patternset id="tc-federation.includes">
<include name="org/jboss/test/web/security/*TestCase.class"/>
+ <exclude name="org/jboss/test/web/security/GenericHeaderAuthUnitTestCase.class"/>
<include name="org/jboss/test/web/test/FormAuthUnitTestCase.class"/>
</patternset>
<!-- Tests needing tomcat SSL -->
Modified: trunk/testsuite/imports/sections/web.xml
===================================================================
--- trunk/testsuite/imports/sections/web.xml 2007-10-25 17:24:56 UTC (rev 66446)
+++ trunk/testsuite/imports/sections/web.xml 2007-10-25 18:23:16 UTC (rev 66447)
@@ -552,7 +552,7 @@
<include name="jboss-app.xml"/>
<include name="security-config.xml"/>
</zipfileset>
- <zipfileset dir="${build.resources}/web/federation/genericheader" prefix="META-INF">
+ <zipfileset dir="${build.resources}/web/federation/customheader" prefix="META-INF">
<include name="application.xml"/>
</zipfileset>
<zipfileset dir="${build.resources}/web"
@@ -566,6 +566,40 @@
includes="jboss-service.xml"/>
</zip>
+ <!--JBAS-4804: Generic Header Based Auth -->
+ <war destfile="${build.lib}/generic-header-auth.war"
+ webxml="${build.resources}/web/federation/genericheader/header-auth-web.xml">
+ <webinf dir="${build.resources}/web/federation/genericheader">
+ <include name="jboss-web.xml"/>
+ <include name="context.xml"/>
+ </webinf>
+ <classes dir="${build.classes}">
+ <include name="org/jboss/test/web/servlets/SecureServlet.class"/>
+ </classes>
+ <fileset dir="${build.resources}/web/form-auth">
+ <include name="**/*.html"/>
+ <include name="**/*.jsp"/>
+ </fileset>
+ </war>
+ <zip destfile="${build.lib}/generic-header-auth.ear">
+ <zipfileset dir="${build.resources}/web/form-auth" prefix="META-INF">
+ <include name="jboss-app.xml"/>
+ <include name="security-config.xml"/>
+ </zipfileset>
+ <zipfileset dir="${build.resources}/web/federation/genericheader" prefix="META-INF">
+ <include name="application.xml"/>
+ </zipfileset>
+ <zipfileset dir="${build.resources}/web"
+ fullpath="form-auth-users.properties"
+ includes="users.properties"/>
+ <zipfileset dir="${build.resources}/web"
+ fullpath="form-auth-roles.properties"
+ includes="roles.properties"/>
+ <zipfileset dir="${build.lib}" includes="generic-header-auth.war"/>
+ <zipfileset dir="${build.resources}/web/form-auth"
+ includes="jboss-service.xml"/>
+ </zip>
+
<!-- Simple war for testing web app enc setup using descriptors -->
<war destfile="${build.lib}/simple-xmlonly.war"
webxml="${build.resources}/web/simple-xmlonly/web.xml">
Copied: trunk/testsuite/src/main/org/jboss/test/web/security/GenericHeaderAuthUnitTestCase.java (from rev 66441, branches/Branch_4_2/testsuite/src/main/org/jboss/test/web/security/GenericHeaderAuthUnitTestCase.java)
===================================================================
--- trunk/testsuite/src/main/org/jboss/test/web/security/GenericHeaderAuthUnitTestCase.java (rev 0)
+++ trunk/testsuite/src/main/org/jboss/test/web/security/GenericHeaderAuthUnitTestCase.java 2007-10-25 18:23:16 UTC (rev 66447)
@@ -0,0 +1,254 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.web.security;
+
+import java.net.HttpURLConnection;
+
+import junit.framework.Test;
+import junit.framework.TestSuite;
+
+import org.apache.commons.httpclient.Cookie;
+import org.apache.commons.httpclient.Header;
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.HttpState;
+import org.apache.commons.httpclient.methods.GetMethod;
+import org.apache.commons.httpclient.methods.PostMethod;
+import org.jboss.test.JBossTestCase;
+import org.jboss.test.JBossTestSetup;
+
+/**
+ * <p>
+ * JBAS-4804: Generic Header Based Authentication. This test case addresses the scenarios in which the
+ * <code>GenericHeaderAuthenticator</code> is configured in the <code>WEB-INF/context.xml</code> file of
+ * the web application. The <code>HttpHeaderForSSOAuth</code> and <code>SessionCookieForSSOAuth</code>
+ * properties are defined as attributes of the <code>GenericHeaderAuthenticator</code>, requiring no
+ * further configuration of the application server.
+ * </p>
+ * <p>
+ * The web application's <code>contex.xml</code> file should look like the following:
+ * <pre>
+ * <Context>
+ * <Valve className="org.jboss.web.tomcat.security.GenericHeaderAuthenticator"
+ * httpHeaderForSSOAuth="sm_ssoid,ct-remote-user,HTTP_OBLIX_UID"
+ * sessionCookieForSSOAuth="SMSESSION,CTSESSION,ObSSOCookie"/>
+ * </Context>
+ * </pre>
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
+ * @since Oct 18, 2007
+ */
+public class GenericHeaderAuthUnitTestCase extends JBossTestCase
+{
+ private String testAppBaseURL;
+
+ private String securedServletPath;
+
+ private HttpClient httpClient;
+
+ /**
+ * <p>
+ * Creates an instance of <code>GenericHeaderAuthUnitTestCase</code> with the specified name.
+ * </p>
+ *
+ * @param name the name of the test case.
+ */
+ public GenericHeaderAuthUnitTestCase(String name)
+ {
+ super(name);
+// this.testAppBaseURL = "http://" + super.getServerHost() + ":" + Integer.getInteger("web.port", 8080)
+// + "/generic-header-auth/";
+ this.securedServletPath = "restricted/SecuredServlet";
+ this.httpClient = new HttpClient();
+ }
+
+ protected void setUp() throws Exception
+ {
+ super.setUp();
+ this.testAppBaseURL = "http://" + super.getServerHost() + ":" + Integer.getInteger("web.port", 8080)
+ + "/generic-header-auth/";
+ }
+
+
+ /**
+ * <p>
+ * Check that, in the absence of headers, regular form authentication takes place.
+ * </p>
+ *
+ * @throws Exception if an error occurs when running the test.
+ */
+ public void testRegularFormAuth() throws Exception
+ {
+ GetMethod getMethod = new GetMethod(this.testAppBaseURL + this.securedServletPath);
+ // execute a plain request to the SecureServlet
+ try
+ {
+ int responseCode = this.httpClient.executeMethod(getMethod);
+ String body = getMethod.getResponseBodyAsString();
+ // check the response code and assert the redirection to the login page
+ assertTrue("Unexpected response code received: " + responseCode, responseCode == HttpURLConnection.HTTP_OK);
+ assertTrue("Failed to redirect the request to the login page", body.indexOf("j_security_check") > 0);
+ }
+ finally
+ {
+ getMethod.releaseConnection();
+ }
+
+ HttpState state = this.httpClient.getState();
+ // fill in the login form and submit it
+ PostMethod postMethod = new PostMethod(this.testAppBaseURL + "j_security_check");
+ postMethod.addRequestHeader("Referer", this.testAppBaseURL + "restricted/login.html");
+ postMethod.addParameter("j_username", "jduke");
+ postMethod.addParameter("j_password", "theduke");
+ Header location = null;
+ try
+ {
+ int responseCode = this.httpClient.executeMethod(postMethod.getHostConfiguration(), postMethod, state);
+ log.debug("responseCode=" + responseCode + ", response=" + postMethod.getStatusText());
+ // check the response code received and the presence of a location header in the response
+ assertTrue("Unexpected response code received: " + responseCode,
+ responseCode == HttpURLConnection.HTTP_MOVED_TEMP);
+ location = postMethod.getResponseHeader("Location");
+ assertNotNull("Location header not found in response", location);
+ }
+ finally
+ {
+ postMethod.releaseConnection();
+ }
+
+ // follow the redirect as defined by the location header
+ String indexURI = location.getValue();
+ getMethod = new GetMethod(indexURI);
+ try
+ {
+ int responseCode = this.httpClient.executeMethod(getMethod.getHostConfiguration(), getMethod, state);
+ log.debug("responseCode=" + responseCode + ", response=" + getMethod.getStatusText());
+ // check the reponse code received
+ assertTrue("Unexpected response code received: " + responseCode, responseCode == HttpURLConnection.HTTP_OK);
+ String body = getMethod.getResponseBodyAsString();
+ // assert the redirection of to the SecureServlet
+ assertTrue("Redirect to SecureServlet has failed", body.indexOf("SecureServlet") > 0);
+ }
+ finally
+ {
+ getMethod.releaseConnection();
+ }
+ }
+
+ /**
+ * <p>
+ * Test usecases where the userid is sent via header and the session key is used as the password. To simplify
+ * testing, we pass a password as part of the session key. In reality, there needs to be a login module that can
+ * take the username and session key and validate.
+ * </p>
+ *
+ * @throws Exception if an error occurs when running the test.
+ */
+ public void testGenericHeaderBaseAuth() throws Exception
+ {
+ String serverHost = super.getServerHost();
+ // Siteminder usecase
+ this
+ .performHeaderAuth("sm_ssoid", new Cookie(serverHost, "SMSESSION", "theduke", "/", null, false),
+ "SiteMinder");
+ // Cleartrust usecase
+ this.performHeaderAuth("ct-remote-user", new Cookie(serverHost, "CTSESSION", "theduke", "/", null, false),
+ "Cleartrust");
+ // Oblix usecase
+ this.performHeaderAuth("HTTP_OBLIX_UID", new Cookie(serverHost, "ObSSOCookie", "theduke", "/", null, false),
+ "Oblix");
+ }
+
+ /**
+ * <p>
+ * Invoke the <code>SecureServlet</code> setting the specified <code>headerId</code> and <code>cookie</code> objects
+ * in the request.
+ * </p>
+ *
+ * @param headerId a <code>String</code> representing the name of the request header that holds the user id.
+ * @param cookie a <code>Cookie</code> object containing the user's password.
+ * @param usecase a <code>String</code> representing the name of the use case being tested.
+ * @throws Exception if an error occurs when authenticating the user.
+ */
+ private void performHeaderAuth(String headerId, Cookie cookie, String usecase) throws Exception
+ {
+ GetMethod method = new GetMethod(this.testAppBaseURL + this.securedServletPath);
+ // add the headerId and cookie objects to the request
+ method.addRequestHeader(headerId, "jduke");
+ this.httpClient.getState().addCookie(cookie);
+ // execute the request
+ try
+ {
+ int responseCode = this.httpClient.executeMethod(method);
+ // check the response code received
+ log.debug("Response from " + usecase + " case:" + method.getStatusText());
+ assertTrue("Unexpected response code received: " + responseCode, responseCode == HttpURLConnection.HTTP_OK);
+ // check that access to the secure servlet has been granted
+ String body = method.getResponseBodyAsString();
+ assertTrue("Access to SecureServlet has not been granted", body.indexOf("SecureServlet") > 0);
+ }
+ finally
+ {
+ // release the connection
+ method.releaseConnection();
+ }
+ }
+
+ public static Test suite() throws Exception
+ {
+ TestSuite suite = new TestSuite();
+ suite.addTest(new TestSuite(GenericHeaderAuthUnitTestCase.class));
+
+ // create an initializer for the test suite
+ Test wrapper = new JBossTestSetup(suite)
+ {
+ /**
+ * <p>
+ * Deploy the ear file containing the Servlets used by the tests.
+ * </p>
+ *
+ * @throws Exception if an error occurs when deploying the ear.
+ */
+ protected void setUp() throws Exception
+ {
+ super.setUp();
+ super.deploy("generic-header-auth.ear");
+ // make sure the security cache is clear
+ super.flushAuthCache();
+ }
+
+ /**
+ * <p>
+ * Undeploy the ear file containing the Servlets used by the tests.
+ * </p>
+ *
+ * @throws Exception if an error occurs when undeploying the ear.
+ */
+ protected void tearDown() throws Exception
+ {
+ super.undeploy("generic-header-auth.ear");
+ super.tearDown();
+ }
+ };
+ return wrapper;
+ }
+}
Copied: trunk/testsuite/src/resources/web/federation/customheader (from rev 66441, branches/Branch_4_2/testsuite/src/resources/web/federation/customheader)
Deleted: trunk/testsuite/src/resources/web/federation/customheader/application.xml
===================================================================
--- branches/Branch_4_2/testsuite/src/resources/web/federation/customheader/application.xml 2007-10-25 16:07:07 UTC (rev 66441)
+++ trunk/testsuite/src/resources/web/federation/customheader/application.xml 2007-10-25 18:23:16 UTC (rev 66447)
@@ -1,15 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE application PUBLIC
- "-//Sun Microsystems, Inc.//DTD J2EE Application 1.3//EN"
- "http://java.sun.com/dtd/application_1_3.dtd">
-
-<application>
- <display-name>JBossTest Web Container FORM auth tests</display-name>
-
- <module>
- <web>
- <web-uri>header-form-auth.war</web-uri>
- </web>
- </module>
-
-</application>
Copied: trunk/testsuite/src/resources/web/federation/customheader/application.xml (from rev 66441, branches/Branch_4_2/testsuite/src/resources/web/federation/customheader/application.xml)
===================================================================
--- trunk/testsuite/src/resources/web/federation/customheader/application.xml (rev 0)
+++ trunk/testsuite/src/resources/web/federation/customheader/application.xml 2007-10-25 18:23:16 UTC (rev 66447)
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE application PUBLIC
+ "-//Sun Microsystems, Inc.//DTD J2EE Application 1.3//EN"
+ "http://java.sun.com/dtd/application_1_3.dtd">
+
+<application>
+ <display-name>JBossTest Web Container FORM auth tests</display-name>
+
+ <module>
+ <web>
+ <web-uri>header-form-auth.war</web-uri>
+ <context-root>header-form-auth</context-root>
+ </web>
+ </module>
+
+</application>
Modified: trunk/testsuite/src/resources/web/federation/genericheader/application.xml
===================================================================
--- trunk/testsuite/src/resources/web/federation/genericheader/application.xml 2007-10-25 17:24:56 UTC (rev 66446)
+++ trunk/testsuite/src/resources/web/federation/genericheader/application.xml 2007-10-25 18:23:16 UTC (rev 66447)
@@ -8,8 +8,8 @@
<module>
<web>
- <web-uri>header-form-auth.war</web-uri>
- <context-root>header-form-auth</context-root>
+ <web-uri>generic-header-auth.war</web-uri>
+ <context-root>generic-header-auth</context-root>
</web>
</module>
Copied: trunk/testsuite/src/resources/web/federation/genericheader/context.xml (from rev 66441, branches/Branch_4_2/testsuite/src/resources/web/federation/genericheader/context.xml)
===================================================================
--- trunk/testsuite/src/resources/web/federation/genericheader/context.xml (rev 0)
+++ trunk/testsuite/src/resources/web/federation/genericheader/context.xml 2007-10-25 18:23:16 UTC (rev 66447)
@@ -0,0 +1,4 @@
+<Context>
+ <Valve className="org.jboss.web.tomcat.security.GenericHeaderAuthenticator" httpHeaderForSSOAuth="sm_ssoid,ct-remote-user,HTTP_OBLIX_UID"
+ sessionCookieForSSOAuth="SMSESSION,CTSESSION,ObSSOCookie"/>
+</Context>
Copied: trunk/testsuite/src/resources/web/federation/genericheader/header-auth-web.xml (from rev 66441, branches/Branch_4_2/testsuite/src/resources/web/federation/genericheader/header-auth-web.xml)
===================================================================
--- trunk/testsuite/src/resources/web/federation/genericheader/header-auth-web.xml (rev 0)
+++ trunk/testsuite/src/resources/web/federation/genericheader/header-auth-web.xml 2007-10-25 18:23:16 UTC (rev 66447)
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE web-app PUBLIC
+ "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
+ "http://java.sun.com/dtd/web-app_2_3.dtd">
+
+<web-app>
+ <description>Security Tests Using FORM Authentication</description>
+
+ <!-- ### Servlets -->
+ <servlet>
+ <servlet-name>SecureServlet</servlet-name>
+ <servlet-class>org.jboss.test.web.servlets.SecureServlet</servlet-class>
+ </servlet>
+
+ <!-- The servlet and jsp page mappings -->
+ <servlet-mapping>
+ <servlet-name>SecureServlet</servlet-name>
+ <url-pattern>/restricted/SecuredServlet</url-pattern>
+ </servlet-mapping>
+
+ <!-- The Welcome File List -->
+ <welcome-file-list>
+ <welcome-file>index.html</welcome-file>
+ </welcome-file-list>
+
+ <!-- ### Security -->
+ <security-constraint>
+ <web-resource-collection>
+
+ <web-resource-name>Restricted</web-resource-name>
+ <description>Declarative security tests</description>
+ <url-pattern>/restricted/*</url-pattern>
+ <http-method>HEAD</http-method>
+ <http-method>GET</http-method>
+ <http-method>POST</http-method>
+
+ <http-method>PUT</http-method>
+ <http-method>DELETE</http-method>
+ </web-resource-collection>
+ <auth-constraint>
+ <description>Only authenticated users can access secure content</description>
+ <role-name>AuthorizedUser</role-name>
+ </auth-constraint>
+
+ <user-data-constraint>
+ <description>no description</description>
+ <transport-guarantee>NONE</transport-guarantee>
+ </user-data-constraint>
+ </security-constraint>
+
+ <login-config>
+ <auth-method>FORM</auth-method>
+
+ <form-login-config>
+ <form-login-page>/restricted/login.html</form-login-page>
+ <form-error-page>/restricted/errors.jsp</form-error-page>
+ </form-login-config>
+ </login-config>
+
+ <security-role>
+ <description>An AuthorizedUser is one with a valid username and password</description>
+
+ <role-name>AuthorizedUser</role-name>
+ </security-role>
+
+</web-app>
Copied: trunk/testsuite/src/resources/web/federation/genericheader/jboss-web.xml (from rev 66441, branches/Branch_4_2/testsuite/src/resources/web/federation/genericheader/jboss-web.xml)
===================================================================
--- trunk/testsuite/src/resources/web/federation/genericheader/jboss-web.xml (rev 0)
+++ trunk/testsuite/src/resources/web/federation/genericheader/jboss-web.xml 2007-10-25 18:23:16 UTC (rev 66447)
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE jboss-web
+ PUBLIC "-//JBoss//DTD Web Application 2.4//EN"
+ "http://www.jboss.org/j2ee/dtds/jboss-web_4_0.dtd">
+
+<jboss-web>
+ <!-- Specify the security domain for authentication/authorization and
+ require that the domain's cache be flushed when the session invalidates.
+ -->
+ <security-domain flushOnSessionInvalidation="true">
+ java:/jaas/jbossweb-form-auth
+ </security-domain>
+</jboss-web>
Modified: trunk/tomcat/src/main/org/jboss/web/tomcat/security/GenericHeaderAuthenticator.java
===================================================================
--- trunk/tomcat/src/main/org/jboss/web/tomcat/security/GenericHeaderAuthenticator.java 2007-10-25 17:24:56 UTC (rev 66446)
+++ trunk/tomcat/src/main/org/jboss/web/tomcat/security/GenericHeaderAuthenticator.java 2007-10-25 18:23:16 UTC (rev 66447)
@@ -10,17 +10,17 @@
import java.security.Principal;
import java.util.StringTokenizer;
-import javax.management.JMException;
-import javax.management.ObjectName;
+import javax.management.JMException;
+import javax.management.ObjectName;
import javax.servlet.http.Cookie;
import org.apache.catalina.Realm;
import org.apache.catalina.Session;
-import org.apache.catalina.authenticator.Constants;
+import org.apache.catalina.authenticator.Constants;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.deploy.LoginConfig;
-import org.jboss.logging.Logger;
+import org.jboss.logging.Logger;
/**
* JBAS-2283: Provide custom header based authentication support
@@ -31,22 +31,91 @@
* is the SESSION cookie
*
* @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
+ * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
* @version $Revision$
* @since Sep 11, 2006
*/
public class GenericHeaderAuthenticator extends ExtendedFormAuthenticator
{
protected static Logger log = Logger.getLogger(GenericHeaderAuthenticator.class);
+
protected boolean trace = log.isTraceEnabled();
+ // JBAS-4804: GenericHeaderAuthenticator injection of ssoid and sessioncookie name.
+ private String httpHeaderForSSOAuth = null;
+
+ private String sessionCookieForSSOAuth = null;
+
+ /**
+ * <p>
+ * Obtain the value of the <code>httpHeaderForSSOAuth</code> attribute. This attribute is
+ * used to indicate the request header ids that have to be checked in order to retrieve the SSO
+ * identity set by a third party security system.
+ * </p>
+ *
+ * @return a <code>String</code> containing the value of the <code>httpHeaderForSSOAuth</code>
+ * attribute.
+ */
+ public String getHttpHeaderForSSOAuth()
+ {
+ return httpHeaderForSSOAuth;
+ }
+
+ /**
+ * <p>
+ * Set the value of the <code>httpHeaderForSSOAuth</code> attribute. This attribute is
+ * used to indicate the request header ids that have to be checked in order to retrieve the SSO
+ * identity set by a third party security system.
+ * </p>
+ *
+ * @param httpHeaderForSSOAuth a <code>String</code> containing the value of the
+ * <code>httpHeaderForSSOAuth</code> attribute.
+ */
+ public void setHttpHeaderForSSOAuth(String httpHeaderForSSOAuth)
+ {
+ this.httpHeaderForSSOAuth = httpHeaderForSSOAuth;
+ }
+
+ /**
+ * <p>
+ * Obtain the value of the <code>sessionCookieForSSOAuth</code> attribute. This attribute is used
+ * to indicate the names of the SSO cookies that may be present in the request object.
+ * </p>
+ *
+ * @return a <code>String</code> containing the names (separated by a <code>','</code>) of the SSO cookies
+ * that may have been set by a third party security system in the request.
+ */
+ public String getSessionCookieForSSOAuth()
+ {
+ return sessionCookieForSSOAuth;
+ }
+
+ /**
+ * <p>
+ * Set the value of the <code>sessionCookieForSSOAuth</code> attribute. This attribute is used
+ * to indicate the names of the SSO cookies that may be present in the request object.
+ * </p>
+ *
+ * @param sessionCookieForSSOAuth a <code>String</code> containing the names (separated by a
+ * <code>','</code>) of the SSO cookies that may have been set by a third party security system in
+ * the request.
+ */
+ public void setSessionCookieForSSOAuth(String sessionCookieForSSOAuth)
+ {
+ this.sessionCookieForSSOAuth = sessionCookieForSSOAuth;
+ }
+
+ /**
+ * <p>
+ * Creates an instance of <code>GenericHeaderAuthenticator</code>.
+ * </p>
+ */
public GenericHeaderAuthenticator()
{
- super();
+ super();
}
-
- public boolean authenticate(Request request,
- Response response, LoginConfig config)
- throws IOException
+
+ public boolean authenticate(Request request, Response response, LoginConfig config) throws IOException
{
log.trace("Authenticating user");
@@ -62,15 +131,15 @@
Session session = request.getSessionInternal(true);
String username = getUserId(request);
- String password = getSessionCookie(request);
+ String password = getSessionCookie(request);
//Check if there is sso id as well as sessionkey
- if(username == null || password == null )
+ if (username == null || password == null)
{
log.trace("Username is null or password(sessionkey) is null:fallback to form auth");
return super.authenticate(request, response, config);
- }
- principal = realm.authenticate(username,password);
+ }
+ principal = realm.authenticate(username, password);
if (principal == null)
{
@@ -79,19 +148,19 @@
}
session.setNote(Constants.SESS_USERNAME_NOTE, username);
- session.setNote(Constants.SESS_PASSWORD_NOTE, password);
+ session.setNote(Constants.SESS_PASSWORD_NOTE, password);
request.setUserPrincipal(principal);
register(request, response, principal, Constants.FORM_METHOD, username, password);
return true;
- }
-
+ }
+
/**
* Get the username from the request header
* @param request
* @return
*/
- protected String getUserId(Request request)
+ protected String getUserId(Request request)
{
String ssoid = null;
//We can have a comma-separated ids
@@ -102,63 +171,63 @@
}
catch (JMException e)
{
- if(trace)
+ if (trace)
log.trace("getUserId exception", e);
}
- if(ids == null || ids.length() == 0)
+ if (ids == null || ids.length() == 0)
throw new IllegalStateException("Http headers configuration in tomcat service missing");
-
- StringTokenizer st = new StringTokenizer(ids,",");
- while(st.hasMoreTokens())
+
+ StringTokenizer st = new StringTokenizer(ids, ",");
+ while (st.hasMoreTokens())
{
ssoid = request.getHeader(st.nextToken());
- if(ssoid != null)
+ if (ssoid != null)
break;
}
- if(trace)
+ if (trace)
log.trace("SSOID-" + ssoid);
return ssoid;
}
-
+
/**
* Obtain the session cookie from the request
* @param request
* @return
*/
- protected String getSessionCookie(Request request)
- {
+ protected String getSessionCookie(Request request)
+ {
Cookie[] cookies = request.getCookies();
- log.trace("Cookies:"+cookies);
+ log.trace("Cookies:" + cookies);
int numCookies = cookies != null ? cookies.length : 0;
-
+
//We can have comma-separated ids
String ids = "";
try
{
ids = this.getSessionCookieId();
- log.trace("Session Cookie Ids="+ids);
+ log.trace("Session Cookie Ids=" + ids);
}
catch (JMException e)
{
- if(trace)
+ if (trace)
log.trace("checkSessionCookie exception", e);
}
- if(ids == null || ids.length() == 0)
+ if (ids == null || ids.length() == 0)
throw new IllegalStateException("Session cookies configuration in tomcat service missing");
-
- StringTokenizer st = new StringTokenizer(ids,",");
- while(st.hasMoreTokens())
- {
+
+ StringTokenizer st = new StringTokenizer(ids, ",");
+ while (st.hasMoreTokens())
+ {
String cookieToken = st.nextToken();
String val = getCookieValue(cookies, numCookies, cookieToken);
- if(val != null)
- return val;
+ if (val != null)
+ return val;
}
- if(trace)
- log.trace("Session Cookie not found");
+ if (trace)
+ log.trace("Session Cookie not found");
return null;
- }
-
+ }
+
/**
* Get the configured header identity id
* in the tomcat service
@@ -166,22 +235,24 @@
* @throws JMException
*/
protected String getIdentityHeaderId() throws JMException
- {
- return (String)mserver.getAttribute(new ObjectName("jboss.web:service=WebServer"),
- "HttpHeaderForSSOAuth");
+ {
+ if (this.httpHeaderForSSOAuth != null)
+ return this.httpHeaderForSSOAuth;
+ return (String) mserver.getAttribute(new ObjectName("jboss.web:service=WebServer"), "HttpHeaderForSSOAuth");
}
-
+
/**
* Get the configured session cookie id in the tomcat service
* @return
* @throws JMException
*/
protected String getSessionCookieId() throws JMException
- {
- return (String)mserver.getAttribute(new ObjectName("jboss.web:service=WebServer"),
- "SessionCookieForSSOAuth");
+ {
+ if (this.sessionCookieForSSOAuth != null)
+ return this.sessionCookieForSSOAuth;
+ return (String) mserver.getAttribute(new ObjectName("jboss.web:service=WebServer"), "SessionCookieForSSOAuth");
}
-
+
/**
* Get the value of a cookie if the name matches the token
* @param cookies array of cookies
@@ -189,21 +260,19 @@
* @param token Key
* @return value of cookie
*/
- protected String getCookieValue(Cookie[] cookies, int numCookies,
- String token)
- {
- for(int i = 0; i < numCookies; i++)
+ protected String getCookieValue(Cookie[] cookies, int numCookies, String token)
+ {
+ for (int i = 0; i < numCookies; i++)
{
- Cookie cookie = cookies[i];
- log.trace("Matching cookieToken:"+token+" with cookie name="
- + cookie.getName());
- if(token.equals(cookie.getName()))
+ Cookie cookie = cookies[i];
+ log.trace("Matching cookieToken:" + token + " with cookie name=" + cookie.getName());
+ if (token.equals(cookie.getName()))
{
- if(trace)
- log.trace("Cookie-" + token + " value=" + cookie.getValue());
- return cookie.getValue();
+ if (trace)
+ log.trace("Cookie-" + token + " value=" + cookie.getValue());
+ return cookie.getValue();
}
- }
+ }
return null;
}
}
More information about the jboss-cvs-commits
mailing list