You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ace.apache.org by ja...@apache.org on 2016/01/28 11:49:38 UTC
svn commit: r1727306 - in /ace/trunk: org.apache.ace.gogo.servlet/
org.apache.ace.gogo.servlet/src/org/apache/ace/gogo/servlet/
org.apache.ace.obr/src/org/apache/ace/obr/servlet/ run-client/conf/
run-server-allinone/conf/
Author: jawi
Date: Thu Jan 28 10:49:38 2016
New Revision: 1727306
URL: http://svn.apache.org/viewvc?rev=1727306&view=rev
Log:
ACE-511 - ScriptServlet does not apply security:
- applied patch from @brampouwelse to let this servlet use the same
authentication mechanism as all other servlets.
Modified:
ace/trunk/org.apache.ace.gogo.servlet/bnd.bnd
ace/trunk/org.apache.ace.gogo.servlet/src/org/apache/ace/gogo/servlet/Activator.java
ace/trunk/org.apache.ace.gogo.servlet/src/org/apache/ace/gogo/servlet/ScriptServlet.java
ace/trunk/org.apache.ace.obr/src/org/apache/ace/obr/servlet/BundleServlet.java
ace/trunk/run-client/conf/org.apache.ace.gogo.servlet.cfg
ace/trunk/run-server-allinone/conf/org.apache.ace.gogo.servlet.cfg
Modified: ace/trunk/org.apache.ace.gogo.servlet/bnd.bnd
URL: http://svn.apache.org/viewvc/ace/trunk/org.apache.ace.gogo.servlet/bnd.bnd?rev=1727306&r1=1727305&r2=1727306&view=diff
==============================================================================
--- ace/trunk/org.apache.ace.gogo.servlet/bnd.bnd (original)
+++ ace/trunk/org.apache.ace.gogo.servlet/bnd.bnd Thu Jan 28 10:49:38 2016
@@ -8,6 +8,7 @@ Bundle-Version: 1.0.0
org.apache.felix.http.servlet-api,\
org.apache.felix.dependencymanager,\
org.apache.ace.gogo;version=latest,\
- org.apache.felix.gogo.runtime
+ org.apache.felix.gogo.runtime,\
+ org.apache.ace.authentication.api;version=latest
Bundle-Activator: org.apache.ace.gogo.servlet.Activator
Private-Package: org.apache.ace.gogo.servlet
Modified: ace/trunk/org.apache.ace.gogo.servlet/src/org/apache/ace/gogo/servlet/Activator.java
URL: http://svn.apache.org/viewvc/ace/trunk/org.apache.ace.gogo.servlet/src/org/apache/ace/gogo/servlet/Activator.java?rev=1727306&r1=1727305&r2=1727306&view=diff
==============================================================================
--- ace/trunk/org.apache.ace.gogo.servlet/src/org/apache/ace/gogo/servlet/Activator.java (original)
+++ ace/trunk/org.apache.ace.gogo.servlet/src/org/apache/ace/gogo/servlet/Activator.java Thu Jan 28 10:49:38 2016
@@ -20,6 +20,7 @@ package org.apache.ace.gogo.servlet;
import javax.servlet.Servlet;
+import org.apache.ace.authentication.api.AuthenticationService;
import org.apache.felix.dm.DependencyActivatorBase;
import org.apache.felix.dm.DependencyManager;
import org.apache.felix.service.command.CommandProcessor;
@@ -38,11 +39,8 @@ public class Activator extends Dependenc
.add(createConfigurationDependency().setPropagate(true).setPid(SCRIPT_SERVLET_PID))
.add(createServiceDependency().setService(CommandProcessor.class).setRequired(true))
.add(createServiceDependency().setService(LogService.class).setRequired(false))
+ .add(createServiceDependency().setService(AuthenticationService.class).setRequired(true))
);
}
- @Override
- public void destroy(BundleContext context, DependencyManager manager) throws Exception {
- // nothing to do here for now
- }
}
Modified: ace/trunk/org.apache.ace.gogo.servlet/src/org/apache/ace/gogo/servlet/ScriptServlet.java
URL: http://svn.apache.org/viewvc/ace/trunk/org.apache.ace.gogo.servlet/src/org/apache/ace/gogo/servlet/ScriptServlet.java?rev=1727306&r1=1727305&r2=1727306&view=diff
==============================================================================
--- ace/trunk/org.apache.ace.gogo.servlet/src/org/apache/ace/gogo/servlet/ScriptServlet.java (original)
+++ ace/trunk/org.apache.ace.gogo.servlet/src/org/apache/ace/gogo/servlet/ScriptServlet.java Thu Jan 28 10:49:38 2016
@@ -18,6 +18,8 @@
*/
package org.apache.ace.gogo.servlet;
+import static javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED;
+
import java.io.IOException;
import java.io.InputStream;
import java.util.Dictionary;
@@ -30,9 +32,13 @@ import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.ace.authentication.api.AuthenticationService;
import org.apache.felix.service.command.CommandProcessor;
import org.apache.felix.service.command.CommandSession;
+import org.osgi.service.cm.ConfigurationException;
+import org.osgi.service.cm.ManagedService;
import org.osgi.service.log.LogService;
+import org.osgi.service.useradmin.User;
/**
* Servlet that can execute a Gogo script provided by the caller. Note that this is a generic service that is not
@@ -44,12 +50,19 @@ import org.osgi.service.log.LogService;
*
* Motivation: provide the ability to script client calls to an ACE server for various automation purposes.
*/
-public class ScriptServlet extends HttpServlet {
+public class ScriptServlet extends HttpServlet implements ManagedService {
private static final long serialVersionUID = -7838800050936438994L;
private static final String SCRIPT_KEY = "script";
+ /** A boolean denoting whether or not authentication is enabled. */
+ private static final String KEY_USE_AUTHENTICATION = "authentication.enabled";
+
private volatile LogService m_logger;
private volatile CommandProcessor m_processor;
+ private volatile AuthenticationService m_authService;
+
+ private boolean m_useAuth = false;
+ @Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
Dictionary<String, String> scriptDefinition = toDictionary(req.getParameterMap());
respondToScriptRequest(resp, scriptDefinition);
@@ -63,6 +76,33 @@ public class ScriptServlet extends HttpS
scriptDefinition.put(SCRIPT_KEY, script);
respondToScriptRequest(resp, scriptDefinition);
}
+
+ @Override
+ protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
+ if (!authenticate(req)) {
+ // Authentication failed; don't proceed with the original request...
+ resp.sendError(SC_UNAUTHORIZED);
+ } else {
+ // Authentication successful, proceed with original request...
+ super.service(req, resp);
+ }
+ }
+ /**
+ * Authenticates, if needed the user with the information from the given request.
+ *
+ * @param request the request to obtain the credentials from, cannot be <code>null</code>.
+ * @return <code>true</code> if the authentication was successful, <code>false</code> otherwise.
+ */
+ private boolean authenticate(HttpServletRequest request) {
+ if (m_useAuth) {
+ User user = m_authService.authenticate(request);
+ if (user == null) {
+ m_logger.log(LogService.LOG_INFO, "Authentication failure!");
+ }
+ return (user != null);
+ }
+ return true;
+ }
private void respondToScriptRequest(HttpServletResponse resp, Dictionary<String, String> scriptDefinition) throws IOException {
try {
@@ -116,4 +156,17 @@ public class ScriptServlet extends HttpS
return scanner.hasNext() ? scanner.next() : null;
}
}
+
+ @Override
+ public void updated(Dictionary<String, ?> settings) throws ConfigurationException {
+ if (settings != null) {
+ String useAuthString = (String) settings.get(KEY_USE_AUTHENTICATION);
+ if (useAuthString == null
+ || !("true".equalsIgnoreCase(useAuthString) || "false".equalsIgnoreCase(useAuthString))) {
+ throw new ConfigurationException(KEY_USE_AUTHENTICATION, "Missing or invalid value!");
+ }
+ boolean useAuth = Boolean.parseBoolean(useAuthString);
+ m_useAuth = useAuth;
+ }
+ }
}
Modified: ace/trunk/org.apache.ace.obr/src/org/apache/ace/obr/servlet/BundleServlet.java
URL: http://svn.apache.org/viewvc/ace/trunk/org.apache.ace.obr/src/org/apache/ace/obr/servlet/BundleServlet.java?rev=1727306&r1=1727305&r2=1727306&view=diff
==============================================================================
--- ace/trunk/org.apache.ace.obr/src/org/apache/ace/obr/servlet/BundleServlet.java (original)
+++ ace/trunk/org.apache.ace.obr/src/org/apache/ace/obr/servlet/BundleServlet.java Thu Jan 28 10:49:38 2016
@@ -73,7 +73,7 @@ public class BundleServlet extends HttpS
return "Apache ACE OBR Servlet";
}
- public void updated(Dictionary settings) throws ConfigurationException {
+ public void updated(Dictionary<String, ?> settings) throws ConfigurationException {
if (settings != null) {
String useAuthString = (String) settings.get(KEY_USE_AUTHENTICATION);
if (useAuthString == null
Modified: ace/trunk/run-client/conf/org.apache.ace.gogo.servlet.cfg
URL: http://svn.apache.org/viewvc/ace/trunk/run-client/conf/org.apache.ace.gogo.servlet.cfg?rev=1727306&r1=1727305&r2=1727306&view=diff
==============================================================================
--- ace/trunk/run-client/conf/org.apache.ace.gogo.servlet.cfg (original)
+++ ace/trunk/run-client/conf/org.apache.ace.gogo.servlet.cfg Thu Jan 28 10:49:38 2016
@@ -1,4 +1,4 @@
# Licensed to the Apache Software Foundation (ASF) under the terms of ASLv2 (http://www.apache.org/licenses/LICENSE-2.0).
org.apache.ace.server.servlet.endpoint=/gogo
-
+authentication.enabled=false
Modified: ace/trunk/run-server-allinone/conf/org.apache.ace.gogo.servlet.cfg
URL: http://svn.apache.org/viewvc/ace/trunk/run-server-allinone/conf/org.apache.ace.gogo.servlet.cfg?rev=1727306&r1=1727305&r2=1727306&view=diff
==============================================================================
--- ace/trunk/run-server-allinone/conf/org.apache.ace.gogo.servlet.cfg (original)
+++ ace/trunk/run-server-allinone/conf/org.apache.ace.gogo.servlet.cfg Thu Jan 28 10:49:38 2016
@@ -1,3 +1,4 @@
# Licensed to the Apache Software Foundation (ASF) under the terms of ASLv2 (http://www.apache.org/licenses/LICENSE-2.0).
org.apache.ace.server.servlet.endpoint=/gogo
+authentication.enabled=false