mirror of
https://repository.entgra.net/community/device-mgt-core.git
synced 2025-10-06 02:01:45 +00:00
Merge branch 'master' of https://github.com/wso2/carbon-device-mgt
This commit is contained in:
mharindu
commit
b33925c497
@ -92,7 +92,9 @@
|
||||
javax.servlet.http,
|
||||
javax.xml,
|
||||
org.apache.axis2.transport.http,
|
||||
org.wso2.carbon.apimgt.impl
|
||||
org.wso2.carbon.apimgt.impl,
|
||||
org.wso2.carbon.certificate.mgt.core.service,
|
||||
org.wso2.carbon.certificate.mgt.core.exception
|
||||
</Import-Package>
|
||||
<!--<Fragment-Host>tomcat</Fragment-Host>-->
|
||||
</instructions>
|
||||
@ -146,6 +148,10 @@
|
||||
<groupId>org.wso2.orbit.com.nimbusds</groupId>
|
||||
<artifactId>nimbus-jose-jwt</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.wso2.carbon.devicemgt</groupId>
|
||||
<artifactId>org.wso2.carbon.certificate.mgt.core</artifactId>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
|
||||
</project>
|
||||
|
||||
@ -18,12 +18,14 @@
|
||||
*/
|
||||
package org.wso2.carbon.webapp.authenticator.framework;
|
||||
|
||||
import org.wso2.carbon.certificate.mgt.core.service.CertificateManagementService;
|
||||
import org.wso2.carbon.user.core.service.RealmService;
|
||||
|
||||
public class DataHolder {
|
||||
|
||||
private WebappAuthenticatorRepository repository;
|
||||
private RealmService realmService;
|
||||
private CertificateManagementService certificateManagementService;
|
||||
|
||||
private DataHolder() {}
|
||||
|
||||
@ -48,4 +50,12 @@ public class DataHolder {
|
||||
public void setRealmService(RealmService realmService) {
|
||||
this.realmService = realmService;
|
||||
}
|
||||
|
||||
public CertificateManagementService getCertificateManagementService() {
|
||||
return certificateManagementService;
|
||||
}
|
||||
|
||||
public void setCertificateManagementService(CertificateManagementService certificateManagementService) {
|
||||
this.certificateManagementService = certificateManagementService;
|
||||
}
|
||||
}
|
||||
|
||||
@ -27,18 +27,41 @@ import org.wso2.carbon.tomcat.ext.valves.CompositeValve;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator;
|
||||
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
import java.util.StringTokenizer;
|
||||
|
||||
public class WebappAuthenticationHandler extends CarbonTomcatValve {
|
||||
|
||||
private static final Log log = LogFactory.getLog(WebappAuthenticationHandler.class);
|
||||
private static final String BYPASS_URIS = "bypass-uris";
|
||||
|
||||
@Override
|
||||
public void invoke(Request request, Response response, CompositeValve compositeValve) {
|
||||
|
||||
if (this.isContextSkipped(request) || (!this.isAdminService(request) && this.skipAuthentication(request))) {
|
||||
this.getNext().invoke(request, response, compositeValve);
|
||||
return;
|
||||
}
|
||||
|
||||
String byPassURIs = request.getContext().findParameter(WebappAuthenticationHandler.BYPASS_URIS);
|
||||
|
||||
if(byPassURIs != null && !byPassURIs.isEmpty()) {
|
||||
|
||||
List<String> requestURI = Arrays.asList(byPassURIs.split(","));
|
||||
|
||||
if(requestURI != null && requestURI.size() > 0) {
|
||||
for (String pathURI : requestURI) {
|
||||
pathURI = pathURI.replace("\n", "").replace("\r", "").trim();
|
||||
|
||||
if (request.getRequestURI().equals(pathURI)) {
|
||||
this.getNext().invoke(request, response, compositeValve);
|
||||
return;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
WebappAuthenticator authenticator = WebappAuthenticatorFactory.getAuthenticator(request);
|
||||
if (authenticator == null) {
|
||||
String msg = "Failed to load an appropriate authenticator to authenticate the request";
|
||||
|
||||
@ -27,20 +27,41 @@ import org.wso2.carbon.tomcat.ext.valves.CompositeValve;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator;
|
||||
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
|
||||
public class WebappAuthenticatorFrameworkValve extends CarbonTomcatValve {
|
||||
|
||||
private static final String AUTHENTICATION_SCHEME = "authentication-scheme";
|
||||
private static final String BYPASS_URIS = "bypass-uris";
|
||||
private static final Log log = LogFactory.getLog(WebappAuthenticatorFrameworkValve.class);
|
||||
|
||||
@Override
|
||||
public void invoke(Request request, Response response, CompositeValve compositeValve) {
|
||||
String authScheme =
|
||||
request.getContext().findParameter(WebappAuthenticatorFrameworkValve.AUTHENTICATION_SCHEME);
|
||||
if (authScheme == null || "".equals(authScheme)) {
|
||||
|
||||
String authScheme = request.getContext().findParameter(WebappAuthenticatorFrameworkValve.AUTHENTICATION_SCHEME);
|
||||
|
||||
if (authScheme == null || authScheme.isEmpty()) {
|
||||
this.getNext().invoke(request, response, compositeValve);
|
||||
return;
|
||||
}
|
||||
|
||||
String byPassURIs = request.getContext().findParameter(WebappAuthenticatorFrameworkValve.BYPASS_URIS);
|
||||
|
||||
if(byPassURIs != null && !byPassURIs.isEmpty()) {
|
||||
|
||||
List<String> requestURI = Arrays.asList(byPassURIs.split(","));
|
||||
|
||||
if(requestURI != null && requestURI.size() > 0) {
|
||||
for (String pathURI : requestURI) {
|
||||
if (request.getRequestURI().equals(pathURI)) {
|
||||
this.getNext().invoke(request, response, compositeValve);
|
||||
return;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
WebappAuthenticator authenticator = WebappAuthenticatorFactory.getAuthenticator(authScheme);
|
||||
if (authenticator == null) {
|
||||
String msg = "Failed to load an appropriate authenticator to authenticate the request";
|
||||
|
||||
@ -0,0 +1,65 @@
|
||||
package org.wso2.carbon.webapp.authenticator.framework.authenticator;
|
||||
|
||||
import org.apache.catalina.connector.Request;
|
||||
import org.apache.catalina.connector.Response;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.wso2.carbon.certificate.mgt.core.exception.KeystoreException;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.DataHolder;
|
||||
|
||||
/**
|
||||
* This authenticator authenticates HTTP requests using certificates.
|
||||
*/
|
||||
public class CertificateAuthenticator implements WebappAuthenticator {
|
||||
|
||||
private static final Log log = LogFactory.getLog(CertificateAuthenticator.class);
|
||||
private static final String CERTIFICATE_AUTHENTICATOR = "CertificateAuth";
|
||||
private static final String CERTIFICATE_VERIFICATION_HEADER = "certificate-verification-header";
|
||||
|
||||
@Override
|
||||
public boolean canHandle(Request request) {
|
||||
String certVerificationHeader = request.getContext().findParameter(CERTIFICATE_VERIFICATION_HEADER);
|
||||
|
||||
if (certVerificationHeader != null && !certVerificationHeader.isEmpty()) {
|
||||
|
||||
String certHeader = request.getHeader(certVerificationHeader);
|
||||
|
||||
return certHeader != null;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Status authenticate(Request request, Response response) {
|
||||
|
||||
String requestUri = request.getRequestURI();
|
||||
if (requestUri == null || requestUri.isEmpty()) {
|
||||
return Status.CONTINUE;
|
||||
}
|
||||
|
||||
String certVerificationHeader = request.getContext().findParameter(CERTIFICATE_VERIFICATION_HEADER);
|
||||
|
||||
try {
|
||||
if (certVerificationHeader != null && !certVerificationHeader.isEmpty()) {
|
||||
|
||||
String certHeader = request.getHeader(certVerificationHeader);
|
||||
|
||||
if (certHeader != null && DataHolder.getInstance().getCertificateManagementService().
|
||||
verifySignature(certHeader)) {
|
||||
return Status.SUCCESS;
|
||||
}
|
||||
}
|
||||
} catch (KeystoreException e) {
|
||||
log.error("KeystoreException occurred ", e);
|
||||
return Status.FAILURE;
|
||||
}
|
||||
|
||||
return Status.FAILURE;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getName() {
|
||||
return CERTIFICATE_AUTHENTICATOR;
|
||||
}
|
||||
}
|
||||
@ -21,14 +21,14 @@ package org.wso2.carbon.webapp.authenticator.framework.internal;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.osgi.service.component.ComponentContext;
|
||||
import org.wso2.carbon.certificate.mgt.core.service.CertificateManagementService;
|
||||
import org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve;
|
||||
import org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer;
|
||||
import org.wso2.carbon.user.core.service.RealmService;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.DataHolder;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticationHandler;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticatorFrameworkValve;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticatorRepository;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.config.AuthenticatorConfig;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.config.WebappAuthenticatorConfig;
|
||||
|
||||
@ -44,6 +44,12 @@ import java.util.List;
|
||||
* policy="dynamic"
|
||||
* bind="setRealmService"
|
||||
* unbind="unsetRealmService"
|
||||
* @scr.reference name="org.wso2.carbon.certificate.mgt"
|
||||
* interface="org.wso2.carbon.certificate.mgt.core.service.CertificateManagementService"
|
||||
* policy="dynamic"
|
||||
* cardinality="1..n"
|
||||
* bind="setCertificateManagementService"
|
||||
* unbind="unsetCertificateManagementService"
|
||||
*/
|
||||
public class WebappAuthenticatorFrameworkServiceComponent {
|
||||
|
||||
@ -91,4 +97,19 @@ public class WebappAuthenticatorFrameworkServiceComponent {
|
||||
protected void unsetRealmService(RealmService realmService) {
|
||||
DataHolder.getInstance().setRealmService(null);
|
||||
}
|
||||
|
||||
protected void setCertificateManagementService(CertificateManagementService certificateManagementService) {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("Setting certificate management service");
|
||||
}
|
||||
DataHolder.getInstance().setCertificateManagementService(certificateManagementService);
|
||||
}
|
||||
|
||||
protected void unsetCertificateManagementService(CertificateManagementService certificateManagementService) {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("Removing certificate management service");
|
||||
}
|
||||
|
||||
DataHolder.getInstance().setCertificateManagementService(null);
|
||||
}
|
||||
}
|
||||
|
||||
@ -12,5 +12,9 @@
|
||||
<Name>JWT</Name>
|
||||
<ClassName>org.wso2.carbon.webapp.authenticator.framework.authenticator.JWTAuthenticator</ClassName>
|
||||
</Authenticator>
|
||||
<Authenticator>
|
||||
<Name>CertificateAuth</Name>
|
||||
<ClassName>org.wso2.carbon.webapp.authenticator.framework.authenticator.CertificateAuthenticator</ClassName>
|
||||
</Authenticator>
|
||||
</Authenticators>
|
||||
</WebappAuthenticatorConfig>
|
||||
|
||||
Loading…
Reference in New Issue
Block a user