Partial commit

2025-10-06 02:01:45 +00:00 · 2015-09-10 11:36:18 +05:30 · 2015-09-10 11:36:18 +05:30 · 3de2591444
commit 3de2591444
parent 517039cccb e1a74e049d
3 changed files with 70 additions and 35 deletions
--- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationHandler.java
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationHandler.java
@ -27,18 +27,41 @@ import org.wso2.carbon.tomcat.ext.valves.CompositeValve;
 import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator;

 import javax.servlet.http.HttpServletResponse;
+import java.util.Arrays;
+import java.util.List;
 import java.util.StringTokenizer;

 public class WebappAuthenticationHandler extends CarbonTomcatValve {

    private static final Log log = LogFactory.getLog(WebappAuthenticationHandler.class);
+    private static final String BYPASS_URIS = "bypass-uris";

    @Override
    public void invoke(Request request, Response response, CompositeValve compositeValve) {
+
        if (this.isContextSkipped(request) || (!this.isAdminService(request) && this.skipAuthentication(request))) {
            this.getNext().invoke(request, response, compositeValve);
            return;
        }
+
+        String byPassURIs = request.getContext().findParameter(WebappAuthenticationHandler.BYPASS_URIS);
+
+        if(byPassURIs != null && !byPassURIs.isEmpty()) {
+
+            List<String> requestURI = Arrays.asList(byPassURIs.split(","));
+
+            if(requestURI != null && requestURI.size() > 0) {
+                for (String pathURI : requestURI) {
+                    pathURI = pathURI.replace("\n", "").replace("\r", "").trim();
+
+                    if (request.getRequestURI().equals(pathURI)) {
+                        this.getNext().invoke(request, response, compositeValve);
+                        return;
+                    }
+                }
+            }
+        }
+
        WebappAuthenticator authenticator = WebappAuthenticatorFactory.getAuthenticator(request);
        if (authenticator == null) {
            String msg = "Failed to load an appropriate authenticator to authenticate the request";
--- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticatorFrameworkValve.java
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticatorFrameworkValve.java
@ -27,22 +27,47 @@ import org.wso2.carbon.tomcat.ext.valves.CompositeValve;
 import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator;

 import javax.servlet.http.HttpServletResponse;
+<<<<<<< HEAD
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Properties;
+=======
+import java.util.Arrays;
+import java.util.List;
+>>>>>>> e1a74e049dbebd513910e9ed69226f488d73c314

 public class WebappAuthenticatorFrameworkValve extends CarbonTomcatValve {

    private static final String AUTHENTICATION_SCHEME = "authentication-scheme";
+    private static final String BYPASS_URIS = "bypass-uris";
    private static final Log log = LogFactory.getLog(WebappAuthenticatorFrameworkValve.class);

    @Override
    public void invoke(Request request, Response response, CompositeValve compositeValve) {
-        String authScheme = request.getAuthType();
-        if (authScheme == null || "".equals(authScheme)) {
+
+        String authScheme = request.getContext().findParameter(WebappAuthenticatorFrameworkValve.AUTHENTICATION_SCHEME);
+
+        if (authScheme == null || authScheme.isEmpty()) {
            this.getNext().invoke(request, response, compositeValve);
            return;
        }
+
+        String byPassURIs = request.getContext().findParameter(WebappAuthenticatorFrameworkValve.BYPASS_URIS);
+
+        if(byPassURIs != null && !byPassURIs.isEmpty()) {
+
+            List<String> requestURI = Arrays.asList(byPassURIs.split(","));
+
+            if(requestURI != null && requestURI.size() > 0) {
+                for (String pathURI : requestURI) {
+                    if (request.getRequestURI().equals(pathURI)) {
+                        this.getNext().invoke(request, response, compositeValve);
+                        return;
+                    }
+                }
+            }
+        }
+
        WebappAuthenticator authenticator = WebappAuthenticatorFactory.getAuthenticator(authScheme);
        if (authenticator == null) {
            String msg = "Failed to load an appropriate authenticator to authenticate the request";
--- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java
@ -14,22 +14,20 @@ public class CertificateAuthenticator implements WebappAuthenticator {

    private static final Log log = LogFactory.getLog(CertificateAuthenticator.class);
    private static final String CERTIFICATE_AUTHENTICATOR = "CertificateAuth";
-    private static final String HEADER_MDM_SIGNATURE = "Mdm-Signature";
-    private String[] skippedURIs;
-
-    public CertificateAuthenticator() {
-        skippedURIs = new String[]{
-                "/ios-enrollment/ca",
-                "/ios-enrollment/authenticate",
-                "/ios-enrollment/profile",
-                "/ios-enrollment/scep",
-                "/ios-enrollment/enroll",
-                "/ios-enrollment/enrolled"};
-    }
+    private static final String CERTIFICATE_VERIFICATION_HEADER = "certificate-verification-header";

    @Override
    public boolean canHandle(Request request) {
-        return true;
+        String certVerificationHeader = request.getContext().findParameter(CERTIFICATE_VERIFICATION_HEADER);
+
+        if (certVerificationHeader != null && !certVerificationHeader.isEmpty()) {
+
+            String certHeader = request.getHeader(certVerificationHeader);
+
+            return certHeader != null;
+        }
+
+        return false;
    }

    @Override
@ -40,16 +38,17 @@ public class CertificateAuthenticator implements WebappAuthenticator {
            return Status.CONTINUE;
        }

-        if(isURISkipped(requestUri)) {
-            return Status.CONTINUE;
-        }
-
-        String headerMDMSignature = request.getHeader(HEADER_MDM_SIGNATURE);
+        String certVerificationHeader = request.getContext().findParameter(CERTIFICATE_VERIFICATION_HEADER);

        try {
-            if (headerMDMSignature != null && !headerMDMSignature.isEmpty() &&
-                    DataHolder.getInstance().getCertificateManagementService().verifySignature(headerMDMSignature)) {
-                return Status.SUCCESS;
+            if (certVerificationHeader != null && !certVerificationHeader.isEmpty()) {
+
+                String certHeader = request.getHeader(certVerificationHeader);
+
+                if (certHeader != null && DataHolder.getInstance().getCertificateManagementService().
+                        verifySignature(certHeader)) {
+                    return Status.SUCCESS;
+                }
            }
        } catch (KeystoreException e) {
            log.error("KeystoreException occurred ", e);
@ -63,16 +62,4 @@ public class CertificateAuthenticator implements WebappAuthenticator {
    public String getName() {
        return CERTIFICATE_AUTHENTICATOR;
    }
-
-    private boolean isURISkipped(String requestUri) {
-
-        for (String element : skippedURIs) {
-            if (element.equals(requestUri)) {
-                return true;
-            }
-        }
-
-        return false;
-    }
-
 }