Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2025-11-10 07:25:44 +01:00
Code Issues Packages Projects Releases Activity

Added auto-login filter system.

Browse Source
This commit is contained in:
Clemens Rabe
2013-10-02 19:45:21 +02:00
parent 1faa748c3a
commit 2875794519
6 changed files with 615 additions and 464 deletions
Download Patch File Download Diff File Expand all files Collapse all files

137
scm-core/src/main/java/sonia/scm/web/filter/AutoLoginFilter.java Normal file
View File

@@ -0,0 +1,137 @@
/**
* Copyright (c) 2013, Clemens Rabe
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
* 3. Neither the name of SCM-Manager; nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
* ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
package sonia.scm.web.filter;
import java.io.IOException;
import java.util.Set;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.subject.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import sonia.scm.user.User;
import com.google.inject.Inject;
import com.google.inject.Singleton;
/**
* This filter calls all AutoLoginModule objects to try an auto-login. It can be
* used on its own, usually at the global context ('/*') or as a base class like
* BasicAuthenticationFilter.
*
* @author Clemens Rabe
*/
@Singleton
public class AutoLoginFilter extends HttpFilter {
/** the logger for AutoLoginFilter */
private static final Logger logger = LoggerFactory
.getLogger(AutoLoginFilter.class);
@Deprecated
public AutoLoginFilter() {
}
/**
* Constructor.
*
* @param autoLoginModules
* - The auto-login modules.
*/
@Inject
public AutoLoginFilter(Set<AutoLoginModule> autoLoginModules) {
this.autoLoginModules = autoLoginModules;
}
@Override
protected void doFilter(HttpServletRequest request,
HttpServletResponse response, FilterChain chain)
throws IOException, ServletException {
User user = getAuthenticatedUser(request, response);
if (user == null)
chain.doFilter(request, response);
else
chain.doFilter(
new SecurityHttpServletRequestWrapper(request, user),
response);
}
/**
* Check all known AutoLoginModule objects to authenticate the user using
* the current request.
*
* @param request
* - The servlet request.
* @param response
* - The servlet response.
* @return The user or null if no user was found.
*/
protected User getAuthenticatedUser(HttpServletRequest request,
HttpServletResponse response) {
Subject subject = SecurityUtils.getSubject();
User user = null;
if (subject.isAuthenticated() || subject.isRemembered()) {
if (logger.isTraceEnabled()) {
logger.trace("user is allready authenticated");
}
user = subject.getPrincipals().oneByType(User.class);
} else {
// Try the known filters first
for (AutoLoginModule filter : autoLoginModules) {
user = filter.authenticate(request, response, subject);
if (user != null) {
if (logger.isTraceEnabled()) {
logger.trace(
"user {} successfully authenticated by authentication filter",
user.getName());
}
break;
}
}
}
return user;
}
/**
* Set of AutoLoginModule objects.
*/
private Set<AutoLoginModule> autoLoginModules;
}

64
scm-core/src/main/java/sonia/scm/web/filter/AutoLoginModule.java Normal file
View File

@@ -0,0 +1,64 @@
/**
* Copyright (c) 2013, Clemens Rabe
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
* 3. Neither the name of SCM-Manager; nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
* ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
package sonia.scm.web.filter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.shiro.subject.Subject;
import sonia.scm.plugin.ExtensionPoint;
import sonia.scm.user.User;
/**
* Classes implementing this interface are called by the
* BasicAuthenticationFilter before the default basic authentication takes
* place. This allows to implement auto-login methods.
*
* @author Clemens Rabe
*/
@ExtensionPoint
public interface AutoLoginModule {
/**
* Authenticate a user using the given request object. If the user can not
* be authenticated, e.g., because required headers are not set null must be
* returned.
*
* @param request
* The HTTP request.
* @param response
* The HTTP response. Use only if absolutely necessary.
* @param subject
* The subject object.
* @return Return a User object or null.
*/
public User authenticate(HttpServletRequest request,
HttpServletResponse response, Subject subject);
}

353
scm-core/src/main/java/sonia/scm/web/filter/BasicAuthenticationFilter.java
View File

@@ -29,8 +29,6 @@
* *
*/ */
package sonia.scm.web.filter; package sonia.scm.web.filter;
//~--- non-JDK imports -------------------------------------------------------- //~--- non-JDK imports --------------------------------------------------------
@@ -43,7 +41,6 @@ import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject; import org.apache.shiro.subject.Subject;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
@@ -52,6 +49,7 @@ import sonia.scm.config.ScmConfiguration;
import sonia.scm.user.User; import sonia.scm.user.User;
import sonia.scm.util.HttpUtil; import sonia.scm.util.HttpUtil;
import sonia.scm.util.Util; import sonia.scm.util.Util;
import sonia.scm.web.security.AuthenticationHandler;
import sonia.scm.web.security.WebSecurityContext; import sonia.scm.web.security.WebSecurityContext;
//~--- JDK imports ------------------------------------------------------------ //~--- JDK imports ------------------------------------------------------------
@@ -59,6 +57,7 @@ import sonia.scm.web.security.WebSecurityContext;
import com.sun.jersey.core.util.Base64; import com.sun.jersey.core.util.Base64;
import java.io.IOException; import java.io.IOException;
import java.util.Set;
import javax.servlet.FilterChain; import javax.servlet.FilterChain;
import javax.servlet.ServletException; import javax.servlet.ServletException;
@@ -66,221 +65,195 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
/** /**
* *
* @author Sebastian Sdorra * @author Sebastian Sdorra
*/ */
@Singleton @Singleton
public class BasicAuthenticationFilter extends HttpFilter public class BasicAuthenticationFilter extends AutoLoginFilter {
{
/** Field description */ /** Field description */
public static final String AUTHORIZATION_BASIC_PREFIX = "BASIC"; public static final String AUTHORIZATION_BASIC_PREFIX = "BASIC";
/** Field description */ /** Field description */
public static final String CREDENTIAL_SEPARATOR = ":"; public static final String CREDENTIAL_SEPARATOR = ":";
/** Field description */ /** Field description */
public static final String HEADER_AUTHORIZATION = "Authorization"; public static final String HEADER_AUTHORIZATION = "Authorization";
/** the logger for BasicAuthenticationFilter */ /** the logger for BasicAuthenticationFilter */
private static final Logger logger = private static final Logger logger = LoggerFactory
LoggerFactory.getLogger(BasicAuthenticationFilter.class); .getLogger(BasicAuthenticationFilter.class);
//~--- constructors --------------------------------------------------------- // ~--- constructors
// ---------------------------------------------------------
/** /**
* Constructs ... * Constructs ...
* *
* *
* @param securityContextProvider * @param securityContextProvider
* @deprecated use the constructor with out arguments instead. * @deprecated use the constructor with out arguments instead.
*/ */
@Deprecated @Deprecated
public BasicAuthenticationFilter( public BasicAuthenticationFilter(
Provider<WebSecurityContext> securityContextProvider) {} Provider<WebSecurityContext> securityContextProvider) {
}
/** /**
* Constructs a new basic authenticaton filter * Constructs a new basic authenticaton filter
* *
* @param configuration scm-manager global configuration * @param configuration
* * scm-manager global configuration
* @since 1.21 *
*/ * @since 1.21
@Inject */
public BasicAuthenticationFilter(ScmConfiguration configuration) @Inject
{ public BasicAuthenticationFilter(ScmConfiguration configuration,
this.configuration = configuration; Set<AutoLoginModule> autoLoginModules) {
} super(autoLoginModules);
this.configuration = configuration;
}
//~--- methods -------------------------------------------------------------- // ~--- methods
// --------------------------------------------------------------
/** /**
* Method description * Method description
* *
* *
* @param request * @param request
* @param response * @param response
* @param chain * @param chain
* *
* @throws IOException * @throws IOException
* @throws ServletException * @throws ServletException
*/ */
@Override @Override
protected void doFilter(HttpServletRequest request, protected void doFilter(HttpServletRequest request,
HttpServletResponse response, FilterChain chain) HttpServletResponse response, FilterChain chain)
throws IOException, ServletException throws IOException, ServletException {
{ Subject subject = SecurityUtils.getSubject();
Subject subject = SecurityUtils.getSubject(); User user = getAuthenticatedUser(request, response);
User user = null; // Fallback to basic authentication scheme
String authentication = request.getHeader(HEADER_AUTHORIZATION); if (user == null) {
String authentication = request.getHeader(HEADER_AUTHORIZATION);
if (Util.startWithIgnoreCase(authentication, AUTHORIZATION_BASIC_PREFIX)) if (Util.startWithIgnoreCase(authentication,
{ AUTHORIZATION_BASIC_PREFIX)) {
if (logger.isTraceEnabled()) if (logger.isTraceEnabled()) {
{ logger.trace("found basic authorization header, start authentication");
logger.trace("found basic authorization header, start authentication"); }
}
user = authenticate(request, response, subject, authentication); user = authenticate(request, response, subject, authentication);
if (logger.isTraceEnabled()) if (logger.isTraceEnabled()) {
{ if (user != null) {
if (user != null) logger.trace("user {} successfully authenticated",
{ user.getName());
logger.trace("user {} successfully authenticated", user.getName()); } else {
} logger.trace("authentcation failed, user object is null");
else }
{ }
logger.trace("authentcation failed, user object is null"); } else if ((configuration != null)
} && configuration.isAnonymousAccessEnabled()) {
} if (logger.isTraceEnabled()) {
} logger.trace("anonymous access granted");
else if (subject.isAuthenticated() || subject.isRemembered()) }
{
if (logger.isTraceEnabled())
{
logger.trace("user is allready authenticated");
}
user = subject.getPrincipals().oneByType(User.class); user = SCMContext.ANONYMOUS;
} }
else if ((configuration != null) }
&& configuration.isAnonymousAccessEnabled())
{
if (logger.isTraceEnabled())
{
logger.trace("anonymous access granted");
}
user = SCMContext.ANONYMOUS; if (user == null) {
} if (logger.isTraceEnabled()) {
logger.trace("could not find user send unauthorized");
}
if (user == null) handleUnauthorized(request, response, chain);
{ } else {
if (logger.isTraceEnabled()) chain.doFilter(
{ new SecurityHttpServletRequestWrapper(request, user),
logger.trace("could not find user send unauthorized"); response);
} }
}
handleUnauthorized(request, response, chain); /**
} * Method description
else *
{ *
chain.doFilter(new SecurityHttpServletRequestWrapper(request, user), * @param request
response); * @param response
} * @param chain
} *
* @throws IOException
* @throws ServletException
*
* @since 1.8
*/
protected void handleUnauthorized(HttpServletRequest request,
HttpServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpUtil.sendUnauthorized(request, response);
}
/** /**
* Method description * Method description
* *
* *
* @param request * @param request
* @param response * @param response
* @param chain * @param securityContext
* * @param subject
* @throws IOException * @param authentication
* @throws ServletException *
* * @return
* @since 1.8 */
*/ private User authenticate(HttpServletRequest request,
protected void handleUnauthorized(HttpServletRequest request, HttpServletResponse response, Subject subject, String authentication) {
HttpServletResponse response, FilterChain chain) String token = authentication.substring(6);
throws IOException, ServletException
{
HttpUtil.sendUnauthorized(request, response);
}
/** token = new String(Base64.decode(token.getBytes()));
* Method description
*
*
* @param request
* @param response
* @param securityContext
* @param subject
* @param authentication
*
* @return
*/
private User authenticate(HttpServletRequest request,
HttpServletResponse response, Subject subject, String authentication)
{
String token = authentication.substring(6);
token = new String(Base64.decode(token.getBytes())); int index = token.indexOf(CREDENTIAL_SEPARATOR);
User user = null;
int index = token.indexOf(CREDENTIAL_SEPARATOR); if ((index > 0) && (index < token.length())) {
User user = null; String username = token.substring(0, index);
String password = token.substring(index + 1);
if ((index > 0) && (index < token.length())) if (Util.isNotEmpty(username) && Util.isNotEmpty(password)) {
{ if (logger.isTraceEnabled()) {
String username = token.substring(0, index); logger.trace("try to authenticate user {}", username);
String password = token.substring(index + 1); }
if (Util.isNotEmpty(username) && Util.isNotEmpty(password)) try {
{
if (logger.isTraceEnabled())
{
logger.trace("try to authenticate user {}", username);
}
try subject.login(new UsernamePasswordToken(username, password,
{ request.getRemoteAddr()));
user = subject.getPrincipals().oneByType(User.class);
} catch (AuthenticationException ex) {
if (logger.isTraceEnabled()) {
logger.trace("authentication failed for user "
.concat(username), ex);
} else if (logger.isWarnEnabled()) {
logger.warn("authentication failed for user {}",
username);
}
}
} else if (logger.isWarnEnabled()) {
logger.warn("username or password is null/empty");
}
} else if (logger.isWarnEnabled()) {
logger.warn("failed to read basic auth credentials");
}
subject.login(new UsernamePasswordToken(username, password, return user;
request.getRemoteAddr())); }
user = subject.getPrincipals().oneByType(User.class);
}
catch (AuthenticationException ex)
{
if (logger.isTraceEnabled())
{
logger.trace("authentication failed for user ".concat(username),
ex);
}
else if (logger.isWarnEnabled())
{
logger.warn("authentication failed for user {}", username);
}
}
}
else if (logger.isWarnEnabled())
{
logger.warn("username or password is null/empty");
}
}
else if (logger.isWarnEnabled())
{
logger.warn("failed to read basic auth credentials");
}
return user; // ~--- fields
} // ---------------------------------------------------------------
//~--- fields --------------------------------------------------------------- /** Field description */
private ScmConfiguration configuration;
/** Field description */
private ScmConfiguration configuration;
} }

4
scm-webapp/src/main/java/sonia/scm/ScmServletModule.java
View File

@@ -43,7 +43,6 @@ import com.google.inject.servlet.ServletModule;
import com.google.inject.throwingproviders.ThrowingProviderBinder; import com.google.inject.throwingproviders.ThrowingProviderBinder;
import org.apache.shiro.authz.permission.PermissionResolver; import org.apache.shiro.authz.permission.PermissionResolver;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
@@ -130,6 +129,7 @@ import sonia.scm.util.DebugServlet;
import sonia.scm.util.ScmConfigurationUtil; import sonia.scm.util.ScmConfigurationUtil;
import sonia.scm.web.cgi.CGIExecutorFactory; import sonia.scm.web.cgi.CGIExecutorFactory;
import sonia.scm.web.cgi.DefaultCGIExecutorFactory; import sonia.scm.web.cgi.DefaultCGIExecutorFactory;
import sonia.scm.web.filter.AutoLoginFilter;
import sonia.scm.web.filter.LoggingFilter; import sonia.scm.web.filter.LoggingFilter;
import sonia.scm.web.security.AdministrationContext; import sonia.scm.web.security.AdministrationContext;
import sonia.scm.web.security.ApiBasicAuthenticationFilter; import sonia.scm.web.security.ApiBasicAuthenticationFilter;
@@ -141,6 +141,7 @@ import sonia.scm.web.security.WebSecurityContext;
//~--- JDK imports ------------------------------------------------------------ //~--- JDK imports ------------------------------------------------------------
import com.sun.jersey.api.core.PackagesResourceConfig; import com.sun.jersey.api.core.PackagesResourceConfig;
import com.sun.jersey.api.core.ResourceConfig; import com.sun.jersey.api.core.ResourceConfig;
import com.sun.jersey.api.json.JSONConfiguration; import com.sun.jersey.api.json.JSONConfiguration;
@@ -347,6 +348,7 @@ public class ScmServletModule extends ServletModule
* PATTERN_STATIC_RESOURCES).through(StaticResourceFilter.class); * PATTERN_STATIC_RESOURCES).through(StaticResourceFilter.class);
*/ */
filter(PATTERN_ALL).through(BaseUrlFilter.class); filter(PATTERN_ALL).through(BaseUrlFilter.class);
filter(PATTERN_ALL).through(AutoLoginFilter.class);
filterRegex(RESOURCE_REGEX).through(GZipFilter.class); filterRegex(RESOURCE_REGEX).through(GZipFilter.class);
filter(PATTERN_RESTAPI, filter(PATTERN_RESTAPI,
PATTERN_DEBUG).through(ApiBasicAuthenticationFilter.class); PATTERN_DEBUG).through(ApiBasicAuthenticationFilter.class);

8
scm-webapp/src/main/java/sonia/scm/web/security/ApiBasicAuthenticationFilter.java
View File

@@ -39,11 +39,14 @@ import com.google.inject.Inject;
import com.google.inject.Singleton; import com.google.inject.Singleton;
import sonia.scm.config.ScmConfiguration; import sonia.scm.config.ScmConfiguration;
import sonia.scm.web.filter.AutoLoginModule;
import sonia.scm.web.filter.BasicAuthenticationFilter; import sonia.scm.web.filter.BasicAuthenticationFilter;
//~--- JDK imports ------------------------------------------------------------ //~--- JDK imports ------------------------------------------------------------
import java.io.IOException; import java.io.IOException;
import java.util.Set;
import javax.servlet.FilterChain; import javax.servlet.FilterChain;
import javax.servlet.ServletException; import javax.servlet.ServletException;
@@ -76,9 +79,10 @@ public class ApiBasicAuthenticationFilter extends BasicAuthenticationFilter
* @param configuration * @param configuration
*/ */
@Inject @Inject
public ApiBasicAuthenticationFilter(ScmConfiguration configuration) public ApiBasicAuthenticationFilter(ScmConfiguration configuration,
Set<AutoLoginModule> autoLoginModules)
{ {
super(configuration); super(configuration, autoLoginModules);
} }
//~--- methods -------------------------------------------------------------- //~--- methods --------------------------------------------------------------

513
scm-webapp/src/main/java/sonia/scm/web/security/ChainAuthenticatonManager.java
View File

@@ -29,8 +29,6 @@
* *
*/ */
package sonia.scm.web.security; package sonia.scm.web.security;
//~--- non-JDK imports -------------------------------------------------------- //~--- non-JDK imports --------------------------------------------------------
@@ -66,323 +64,296 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
/** /**
* *
* @author Sebastian Sdorra * @author Sebastian Sdorra
*/ */
@Singleton @Singleton
public class ChainAuthenticatonManager extends AbstractAuthenticationManager public class ChainAuthenticatonManager extends AbstractAuthenticationManager {
{
/** Field description */ /** Field description */
public static final String CACHE_NAME = "sonia.cache.auth"; public static final String CACHE_NAME = "sonia.cache.auth";
/** the logger for ChainAuthenticatonManager */ /** the logger for ChainAuthenticatonManager */
private static final Logger logger = private static final Logger logger = LoggerFactory
LoggerFactory.getLogger(ChainAuthenticatonManager.class); .getLogger(ChainAuthenticatonManager.class);
//~--- constructors --------------------------------------------------------- // ~--- constructors
// ---------------------------------------------------------
/** /**
* Constructs ... * Constructs ...
* *
* *
* *
* @param userManager * @param userManager
* @param authenticationHandlerSet * @param authenticationHandlerSet
* @param encryptionHandler * @param encryptionHandler
* @param cacheManager * @param cacheManager
* @param authenticationListenerProvider * @param authenticationListenerProvider
* @param authenticationListeners * @param authenticationListeners
*/ */
@Inject @Inject
public ChainAuthenticatonManager(UserManager userManager, public ChainAuthenticatonManager(UserManager userManager,
Set<AuthenticationHandler> authenticationHandlerSet, Set<AuthenticationHandler> authenticationHandlerSet,
EncryptionHandler encryptionHandler, CacheManager cacheManager, EncryptionHandler encryptionHandler, CacheManager cacheManager,
Set<AuthenticationListener> authenticationListeners) Set<AuthenticationListener> authenticationListeners) {
{ AssertUtil.assertIsNotEmpty(authenticationHandlerSet);
AssertUtil.assertIsNotEmpty(authenticationHandlerSet); AssertUtil.assertIsNotNull(cacheManager);
AssertUtil.assertIsNotNull(cacheManager); this.authenticationHandlers = sort(userManager,
this.authenticationHandlers = sort(userManager, authenticationHandlerSet); authenticationHandlerSet);
this.encryptionHandler = encryptionHandler; this.encryptionHandler = encryptionHandler;
this.cache = cacheManager.getCache(String.class, this.cache = cacheManager.getCache(String.class,
AuthenticationCacheValue.class, CACHE_NAME); AuthenticationCacheValue.class, CACHE_NAME);
if (Util.isNotEmpty(authenticationListeners)) if (Util.isNotEmpty(authenticationListeners)) {
{ addListeners(authenticationListeners);
addListeners(authenticationListeners); }
} }
}
//~--- methods -------------------------------------------------------------- // ~--- methods
// --------------------------------------------------------------
/** /**
* Method description * Method description
* *
* *
* @param request * @param request
* @param response * @param response
* @param username * @param username
* @param password * @param password
* *
* @return * @return
*/ */
@Override @Override
public AuthenticationResult authenticate(HttpServletRequest request, public AuthenticationResult authenticate(HttpServletRequest request,
HttpServletResponse response, String username, String password) HttpServletResponse response, String username, String password) {
{ AssertUtil.assertIsNotEmpty(username);
AssertUtil.assertIsNotEmpty(username); AssertUtil.assertIsNotEmpty(password);
AssertUtil.assertIsNotEmpty(password);
String encryptedPassword = encryptionHandler.encrypt(password); String encryptedPassword = encryptionHandler.encrypt(password);
AuthenticationResult ar = getCached(username, encryptedPassword); AuthenticationResult ar = getCached(username, encryptedPassword);
if (ar == null) if (ar == null) {
{ if (logger.isTraceEnabled()) {
if (logger.isTraceEnabled()) logger.trace(
{ "no authentication result for user {} found in cache",
logger.trace("no authentication result for user {} found in cache", username);
username); }
}
ar = doAuthentication(request, response, username, password); ar = doAuthentication(request, response, username, password);
if ((ar != null) && ar.isCacheable()) if ((ar != null) && ar.isCacheable()) {
{ cache.put(username, new AuthenticationCacheValue(ar,
cache.put(username, encryptedPassword));
new AuthenticationCacheValue(ar, encryptedPassword)); }
} } else if (logger.isDebugEnabled()) {
} logger.debug("authenticate {} via cache", username);
else if (logger.isDebugEnabled()) }
{
logger.debug("authenticate {} via cache", username);
}
return ar; return ar;
} }
/** /**
* Method description * Method description
* *
* *
* @throws IOException * @throws IOException
*/ */
@Override @Override
public void close() throws IOException public void close() throws IOException {
{ for (AuthenticationHandler authenticator : authenticationHandlers) {
for (AuthenticationHandler authenticator : authenticationHandlers) if (logger.isTraceEnabled()) {
{ logger.trace("close authenticator {}", authenticator.getClass());
if (logger.isTraceEnabled()) }
{
logger.trace("close authenticator {}", authenticator.getClass());
}
IOUtil.close(authenticator); IOUtil.close(authenticator);
} }
} }
/** /**
* Method description * Method description
* *
* *
* @param context * @param context
*/ */
@Override @Override
public void init(SCMContextProvider context) public void init(SCMContextProvider context) {
{ for (AuthenticationHandler authenticator : authenticationHandlers) {
for (AuthenticationHandler authenticator : authenticationHandlers) if (logger.isTraceEnabled()) {
{ logger.trace("initialize authenticator {}",
if (logger.isTraceEnabled()) authenticator.getClass());
{ }
logger.trace("initialize authenticator {}", authenticator.getClass());
}
authenticator.init(context); authenticator.init(context);
} }
} }
/** /**
* Method description * Method description
* *
* *
* @param request * @param request
* @param response * @param response
* @param username * @param username
* @param password * @param password
* *
* @return * @return
*/ */
private AuthenticationResult doAuthentication(HttpServletRequest request, private AuthenticationResult doAuthentication(HttpServletRequest request,
HttpServletResponse response, String username, String password) HttpServletResponse response, String username, String password) {
{ AuthenticationResult ar = null;
AuthenticationResult ar = null;
if (logger.isTraceEnabled()) if (logger.isTraceEnabled()) {
{ logger.trace("start authentication chain for user {}", username);
logger.trace("start authentication chain for user {}", username); }
}
for (AuthenticationHandler authenticator : authenticationHandlers) for (AuthenticationHandler authenticator : authenticationHandlers) {
{ if (logger.isTraceEnabled()) {
if (logger.isTraceEnabled()) logger.trace("check authenticator {} for user {}",
{ authenticator.getClass(), username);
logger.trace("check authenticator {} for user {}", }
authenticator.getClass(), username);
}
try try {
{ AuthenticationResult result = authenticator.authenticate(
AuthenticationResult result = authenticator.authenticate(request, request, response, username, password);
response, username, password);
if (logger.isDebugEnabled()) if (logger.isDebugEnabled()) {
{ logger.debug("authenticator {} ends with result, {}",
logger.debug("authenticator {} ends with result, {}", authenticator.getClass().getName(), result);
authenticator.getClass().getName(), result); }
}
if ((result != null) && (result.getState() != null) // CR: Removed check on state=failed to allow next module to
&& (result.getState().isSuccessfully() // continue
|| (result.getState() == AuthenticationState.FAILED))) if ((result != null) && (result.getState() != null)
{ && result.getState().isSuccessfully()) {
if (result.getState().isSuccessfully() && (result.getUser() != null)) if (result.getUser() != null) {
{ User user = result.getUser();
User user = result.getUser();
user.setType(authenticator.getType()); user.setType(authenticator.getType());
ar = result; ar = result;
// notify authentication listeners // notify authentication listeners
fireAuthenticationEvent(request, response, user); fireAuthenticationEvent(request, response, user);
} }
break; break;
} }
} } catch (Exception ex) {
catch (Exception ex) logger.error("error durring authentication process of "
{ .concat(authenticator.getClass().getName()), ex);
logger.error( }
"error durring authentication process of ".concat( }
authenticator.getClass().getName()), ex);
}
}
return ar; return ar;
} }
/** /**
* Method description * Method description
* *
* *
* @param userManager * @param userManager
* @param authenticationHandlerSet * @param authenticationHandlerSet
* *
* @return * @return
*/ */
@VisibleForTesting @VisibleForTesting
private List<AuthenticationHandler> sort(UserManager userManager, private List<AuthenticationHandler> sort(UserManager userManager,
Set<AuthenticationHandler> authenticationHandlerSet) Set<AuthenticationHandler> authenticationHandlerSet) {
{ List<AuthenticationHandler> handlers = Lists
List<AuthenticationHandler> handlers = .newArrayListWithCapacity(authenticationHandlerSet.size());
Lists.newArrayListWithCapacity(authenticationHandlerSet.size());
String first = Strings.nullToEmpty(userManager.getDefaultType()); String first = Strings.nullToEmpty(userManager.getDefaultType());
for (AuthenticationHandler handler : authenticationHandlerSet) for (AuthenticationHandler handler : authenticationHandlerSet) {
{ if (first.equals(handler.getType())) {
if (first.equals(handler.getType())) handlers.add(0, handler);
{ } else {
handlers.add(0, handler); handlers.add(handler);
} }
else }
{
handlers.add(handler);
}
}
return handlers; return handlers;
} }
//~--- get methods ---------------------------------------------------------- // ~--- get methods
// ----------------------------------------------------------
/** /**
* Method description * Method description
* *
* *
* @param username * @param username
* @param encryptedPassword * @param encryptedPassword
* *
* @return * @return
*/ */
private AuthenticationResult getCached(String username, private AuthenticationResult getCached(String username,
String encryptedPassword) String encryptedPassword) {
{ AuthenticationResult result = null;
AuthenticationResult result = null; AuthenticationCacheValue value = cache.get(username);
AuthenticationCacheValue value = cache.get(username);
if (value != null) if (value != null) {
{ String cachedPassword = value.password;
String cachedPassword = value.password;
if (cachedPassword.equals(encryptedPassword)) if (cachedPassword.equals(encryptedPassword)) {
{ result = value.authenticationResult;
result = value.authenticationResult; }
} }
}
return result; return result;
} }
//~--- inner classes -------------------------------------------------------- // ~--- inner classes
// --------------------------------------------------------
/** /**
* Class description * Class description
* *
* *
* @version Enter version here..., 2011-01-15 * @version Enter version here..., 2011-01-15
* @author Sebastian Sdorra * @author Sebastian Sdorra
*/ */
private static class AuthenticationCacheValue implements Serializable private static class AuthenticationCacheValue implements Serializable {
{
/** Field description */ /** Field description */
private static final long serialVersionUID = 2201116145941277549L; private static final long serialVersionUID = 2201116145941277549L;
//~--- constructors ------------------------------------------------------- // ~--- constructors
// -------------------------------------------------------
/** /**
* Constructs ... * Constructs ...
* *
* *
* *
* @param ar * @param ar
* @param password * @param password
*/ */
public AuthenticationCacheValue(AuthenticationResult ar, String password) public AuthenticationCacheValue(AuthenticationResult ar, String password) {
{ this.authenticationResult = new AuthenticationResult(ar.getUser()
this.authenticationResult = .clone(), ar.getGroups(), ar.getState());
new AuthenticationResult(ar.getUser().clone(), ar.getGroups(), this.password = password;
ar.getState()); }
this.password = password;
}
//~--- fields ------------------------------------------------------------- // ~--- fields
// -------------------------------------------------------------
/** Field description */ /** Field description */
private AuthenticationResult authenticationResult; private AuthenticationResult authenticationResult;
/** Field description */ /** Field description */
private String password; private String password;
} }
// ~--- fields
// ---------------------------------------------------------------
//~--- fields --------------------------------------------------------------- /** Field description */
private List<AuthenticationHandler> authenticationHandlers;
/** Field description */ /** Field description */
private List<AuthenticationHandler> authenticationHandlers; private Cache<String, AuthenticationCacheValue> cache;
/** Field description */ /** Field description */
private Cache<String, AuthenticationCacheValue> cache; private EncryptionHandler encryptionHandler;
/** Field description */
private EncryptionHandler encryptionHandler;
} }