You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by ta...@apache.org on 2006/12/08 20:53:05 UTC
svn commit: r484715 - in /portals/jetspeed-2/trunk/components:
sso/src/java/org/apache/jetspeed/sso/impl/
web-content/src/java/org/apache/jetspeed/portlet/
Author: taylor
Date: Fri Dec 8 11:53:04 2006
New Revision: 484715
URL: http://svn.apache.org/viewvc?view=rev&rev=484715
Log:
https://issues.apache.org/jira/browse/JS2-621
Improve SSO Portlet implementation
This is an ongoing work, this first patch applies to:
Fix bug in PersistenceBrokerSSOProvider.java with unscrambling passwords
Specifically doing a “.toString()” on a byte[] object.
As part of this correction we refactored both the scramble and unscramble methods to be a little
more human readable and debugger friendly.
The second change centers around the WebContentPortlet.doHttpWebContent() method.
We changed the return type from Boolean to a byte[].
This byte[] represents the refactored page that should be sent to the browser.
It seems that Jetspeed was properly logging in to the remote site, it would receive the
html back from that site and refactor it in preparation to send back to the browser but
it would not actually send it back to the browser. It would only return a boolean true
that indicated that it had successfully received that new data. It never actually sent it to the browser.
We tested these changes with the NY Times example in Jetspeed and seems to work
contribution from Joe Kueser and Tom Campbell of Gestalt, LLC
Modified:
portals/jetspeed-2/trunk/components/sso/src/java/org/apache/jetspeed/sso/impl/PersistenceBrokerSSOProvider.java
portals/jetspeed-2/trunk/components/web-content/src/java/org/apache/jetspeed/portlet/SSOWebContentPortlet.java
portals/jetspeed-2/trunk/components/web-content/src/java/org/apache/jetspeed/portlet/WebContentPortlet.java
Modified: portals/jetspeed-2/trunk/components/sso/src/java/org/apache/jetspeed/sso/impl/PersistenceBrokerSSOProvider.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/sso/src/java/org/apache/jetspeed/sso/impl/PersistenceBrokerSSOProvider.java?view=diff&rev=484715&r1=484714&r2=484715
==============================================================================
--- portals/jetspeed-2/trunk/components/sso/src/java/org/apache/jetspeed/sso/impl/PersistenceBrokerSSOProvider.java (original)
+++ portals/jetspeed-2/trunk/components/sso/src/java/org/apache/jetspeed/sso/impl/PersistenceBrokerSSOProvider.java Fri Dec 8 11:53:04 2006
@@ -15,7 +15,6 @@
*/
package org.apache.jetspeed.sso.impl;
-import java.io.BufferedInputStream;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
@@ -30,25 +29,19 @@
import java.util.StringTokenizer;
import java.util.Vector;
-import org.apache.jetspeed.security.UserPrincipal;
-
import javax.security.auth.Subject;
+import org.apache.commons.codec.binary.Base64;
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.UsernamePasswordCredentials;
+import org.apache.commons.httpclient.cookie.CookiePolicy;
+import org.apache.commons.httpclient.methods.GetMethod;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
import org.apache.jetspeed.components.dao.InitablePersistenceBrokerDaoSupport;
-
-import org.apache.jetspeed.sso.SSOContext;
-import org.apache.jetspeed.sso.SSOCookie;
-import org.apache.jetspeed.sso.SSOException;
-import org.apache.jetspeed.sso.SSOProvider;
-import org.apache.jetspeed.sso.SSOSite;
-import org.apache.jetspeed.sso.SSOPrincipal;
-
-import org.apache.jetspeed.sso.impl.SSOSiteImpl;
-import org.apache.jetspeed.sso.impl.SSOPrincipalImpl;
-
-
-import org.apache.jetspeed.security.SecurityHelper;
import org.apache.jetspeed.security.BasePrincipal;
+import org.apache.jetspeed.security.SecurityHelper;
+import org.apache.jetspeed.security.UserPrincipal;
import org.apache.jetspeed.security.impl.GroupPrincipalImpl;
import org.apache.jetspeed.security.impl.UserPrincipalImpl;
import org.apache.jetspeed.security.om.InternalCredential;
@@ -58,28 +51,16 @@
import org.apache.jetspeed.security.om.impl.InternalGroupPrincipalImpl;
import org.apache.jetspeed.security.om.impl.InternalUserPrincipalImpl;
import org.apache.jetspeed.security.spi.impl.DefaultPasswordCredentialImpl;
-
+import org.apache.jetspeed.sso.SSOContext;
+import org.apache.jetspeed.sso.SSOException;
+import org.apache.jetspeed.sso.SSOPrincipal;
+import org.apache.jetspeed.sso.SSOProvider;
+import org.apache.jetspeed.sso.SSOSite;
import org.apache.ojb.broker.query.Criteria;
import org.apache.ojb.broker.query.Query;
import org.apache.ojb.broker.query.QueryByCriteria;
import org.apache.ojb.broker.query.QueryFactory;
-// HTTPClient imports
-import org.apache.commons.codec.binary.Base64;
-import org.apache.commons.httpclient.Cookie;
-import org.apache.commons.httpclient.Header;
-import org.apache.commons.httpclient.HttpClient;
-import org.apache.commons.httpclient.HttpConnection;
-import org.apache.commons.httpclient.HttpException;
-import org.apache.commons.httpclient.UsernamePasswordCredentials;
-import org.apache.commons.httpclient.auth.AuthScheme;
-import org.apache.commons.httpclient.auth.HttpAuthenticator;
-import org.apache.commons.httpclient.cookie.CookiePolicy;
-import org.apache.commons.httpclient.methods.GetMethod;
-import org.apache.commons.httpclient.methods.MultipartPostMethod;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
/**
* <p>Utility component to handle SSO requests</p>
@@ -1427,12 +1408,19 @@
// On some database platforms, like PostgreSQL this can lead to something like:
// org.postgresql.util.PSQLException: ERROR: invalid byte sequence for encoding "UTF8": 0x00
// To prevent this, the resulting xored password is encoded in Base64
- return new String( Base64.encodeBase64(new String( xor(pwd.toCharArray(), scrambler) ).getBytes() ) );
+ String xored = new String(xor(pwd.toCharArray(), scrambler));
+ byte[] bytes = Base64.encodeBase64(xored.getBytes());
+ String scrambled = new String(bytes);
+ return scrambled;
}
private String unscramble(String pwd)
{
- return new String(xor(Base64.decodeBase64(pwd.getBytes()).toString().toCharArray(),scrambler));
+ byte[] bytes = pwd.getBytes();
+ bytes = Base64.decodeBase64(bytes);
+ String chars = new String(bytes);
+ String unscrambled = new String(xor(chars.toCharArray(), scrambler));
+ return unscrambled;
}
private char[] xor(char[] a, char[]b)
Modified: portals/jetspeed-2/trunk/components/web-content/src/java/org/apache/jetspeed/portlet/SSOWebContentPortlet.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/web-content/src/java/org/apache/jetspeed/portlet/SSOWebContentPortlet.java?view=diff&rev=484715&r1=484714&r2=484715
==============================================================================
--- portals/jetspeed-2/trunk/components/web-content/src/java/org/apache/jetspeed/portlet/SSOWebContentPortlet.java (original)
+++ portals/jetspeed-2/trunk/components/web-content/src/java/org/apache/jetspeed/portlet/SSOWebContentPortlet.java Fri Dec 8 11:53:04 2006
@@ -15,15 +15,11 @@
*/
package org.apache.jetspeed.portlet;
-import java.util.Map;
-import java.util.HashMap;
-import java.util.StringTokenizer;
-import java.io.BufferedInputStream;
import java.io.IOException;
-import java.io.InputStreamReader;
-import java.io.Reader;
import java.security.AccessControlContext;
import java.security.AccessController;
+import java.util.HashMap;
+import java.util.StringTokenizer;
import javax.portlet.ActionRequest;
import javax.portlet.ActionResponse;
@@ -37,28 +33,21 @@
import javax.security.auth.Subject;
import org.apache.commons.codec.binary.Base64;
-import org.apache.commons.httpclient.Credentials;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.HttpMethod;
-import org.apache.commons.httpclient.HttpState;
import org.apache.commons.httpclient.NameValuePair;
import org.apache.commons.httpclient.UsernamePasswordCredentials;
import org.apache.commons.httpclient.auth.AuthScope;
-import org.apache.commons.httpclient.auth.AuthScheme;
import org.apache.commons.httpclient.auth.AuthState;
import org.apache.commons.httpclient.auth.BasicScheme;
-import org.apache.commons.httpclient.methods.GetMethod;
import org.apache.commons.httpclient.methods.PostMethod;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-
-import org.apache.portals.messaging.PortletMessaging;
-
-import org.apache.jetspeed.rewriter.BasicRewriter;
import org.apache.jetspeed.rewriter.WebContentRewriter;
import org.apache.jetspeed.sso.SSOContext;
import org.apache.jetspeed.sso.SSOException;
import org.apache.jetspeed.sso.SSOProvider;
+import org.apache.portals.messaging.PortletMessaging;
/**
@@ -255,12 +244,13 @@
return Subject.getSubject(context);
}
- protected boolean doPreemptiveAuthentication(HttpClient client,HttpMethod method, RenderRequest request, RenderResponse response)
+ protected byte[] doPreemptiveAuthentication(HttpClient client,HttpMethod method, RenderRequest request, RenderResponse response)
{
- if ( super.doPreemptiveAuthentication(client, method, request, response))
+ byte[] result = super.doPreemptiveAuthentication(client, method, request, response);
+ if ( result != null)
{
// already handled
- return true ;
+ return result ;
}
// System.out.println("SSOWebContentPortlet.doPreemptiveAuthentication...");
@@ -282,7 +272,7 @@
client.getState().setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(userName, password));
// handled!
- return true ;
+ return result ;
}
else if (type.startsWith(SSO_TYPE_FORM))
@@ -293,7 +283,7 @@
if (formAuth != null)
{
// already been here, done that
- return formAuth.booleanValue();
+ return (formAuth.booleanValue() ? result : null);
}
else
{
@@ -305,19 +295,19 @@
if (formAction == null || formAction.length() == 0)
{
log.warn("sso.type specified as 'form', but no: "+SSO_TYPE_FORM_ACTION_URL+", action was specified - unable to preemptively authenticate by form.");
- return false ;
+ return null ;
}
String userNameField = prefs.getValue(SSO_TYPE_FORM_USERNAME_FIELD, "");
if (userNameField == null || userNameField.length() == 0)
{
log.warn("sso.type specified as 'form', but no: "+SSO_TYPE_FORM_USERNAME_FIELD+", username field was specified - unable to preemptively authenticate by form.");
- return false ;
+ return null ;
}
String passwordField = prefs.getValue(SSO_TYPE_FORM_PASSWORD_FIELD, "password");
if (passwordField == null || passwordField.length() == 0)
{
log.warn("sso.type specified as 'form', but no: "+SSO_TYPE_FORM_PASSWORD_FIELD+", password field was specified - unable to preemptively authenticate by form.");
- return false ;
+ return null ;
}
String userName = (String)request.getAttribute(SSO_REQUEST_ATTRIBUTE_USERNAME);
@@ -349,11 +339,10 @@
// resuse client - in case new cookies get set - but create a new method (for the formAction)
method = getHttpMethod(client, getURLSource(formAction, formParams, request, response), formParams, isPost, request);
// System.out.println("...posting credentials");
- byte[] result = doHttpWebContent(client, method, 0, request, response) ;
- boolean success = result != null;
+ result = doHttpWebContent(client, method, 0, request, response) ;
// System.out.println("Result of attempted authorization: "+success);
- PortletMessaging.publish(request, FORM_AUTH_STATE, Boolean.valueOf(success));
- return success ;
+ PortletMessaging.publish(request, FORM_AUTH_STATE, Boolean.valueOf(result != null));
+ return result ;
}
catch (Exception ex)
{
@@ -368,13 +357,13 @@
if (userNameParam == null || userNameParam.length() == 0)
{
log.warn("sso.type specified as 'url', but no: "+SSO_TYPE_URL_USERNAME_PARAM+", username parameter was specified - unable to preemptively authenticate by URL.");
- return false ;
+ return null ;
}
String passwordParam = prefs.getValue(SSO_TYPE_URL_PASSWORD_PARAM, "");
if (passwordParam == null || passwordParam.length() == 0)
{
log.warn("sso.type specified as 'url', but no: "+SSO_TYPE_URL_PASSWORD_PARAM+", password parameter was specified - unable to preemptively authenticate by URL.");
- return false ;
+ return null ;
}
String userName = (String)request.getAttribute(SSO_REQUEST_ATTRIBUTE_USERNAME);
if (userName == null) userName = "";
@@ -409,12 +398,12 @@
}
}
- return true ;
+ return result ;
}
// else System.out.println("...sso.type: "+type+", no pre-emptive authentication");
// not handled
- return false ;
+ return null ;
}
protected boolean doRequestedAuthentication(HttpClient client,HttpMethod method, RenderRequest request, RenderResponse response)
Modified: portals/jetspeed-2/trunk/components/web-content/src/java/org/apache/jetspeed/portlet/WebContentPortlet.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/web-content/src/java/org/apache/jetspeed/portlet/WebContentPortlet.java?view=diff&rev=484715&r1=484714&r2=484715
==============================================================================
--- portals/jetspeed-2/trunk/components/web-content/src/java/org/apache/jetspeed/portlet/WebContentPortlet.java (original)
+++ portals/jetspeed-2/trunk/components/web-content/src/java/org/apache/jetspeed/portlet/WebContentPortlet.java Fri Dec 8 11:53:04 2006
@@ -14,29 +14,26 @@
*/
package org.apache.jetspeed.portlet;
-import java.io.IOException;
import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileReader;
+import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.io.PrintWriter;
+import java.io.Reader;
import java.io.StringWriter;
import java.io.UnsupportedEncodingException;
-import java.io.Reader;
import java.io.Writer;
import java.net.URL;
-import java.net.URLConnection;
-import java.net.MalformedURLException;
-import java.util.Arrays;
import java.util.ArrayList;
-import java.util.Enumeration;
+import java.util.Arrays;
+import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
-import java.util.HashMap;
import java.util.StringTokenizer;
import javax.portlet.ActionRequest;
@@ -45,27 +42,22 @@
import javax.portlet.PortletContext;
import javax.portlet.PortletException;
import javax.portlet.PortletMode;
-import javax.portlet.PortletPreferences;
-import javax.portlet.PortletSession;
import javax.portlet.PortletURL;
import javax.portlet.RenderRequest;
import javax.portlet.RenderResponse;
-import org.apache.portals.bridges.velocity.GenericVelocityPortlet;
-import org.apache.portals.messaging.PortletMessaging;
-
+import org.apache.commons.httpclient.Cookie;
+import org.apache.commons.httpclient.Header;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.HttpMethod;
import org.apache.commons.httpclient.HttpMethodBase;
-import org.apache.commons.httpclient.HttpState;
-import org.apache.commons.httpclient.Cookie;
-import org.apache.commons.httpclient.Header;
import org.apache.commons.httpclient.NameValuePair;
-import org.apache.commons.httpclient.cookie.CookiePolicy;
import org.apache.commons.httpclient.methods.GetMethod;
import org.apache.commons.httpclient.methods.PostMethod;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.apache.jetspeed.portlet.webcontent.WebContentHistoryList;
+import org.apache.jetspeed.portlet.webcontent.WebContentHistoryPage;
import org.apache.jetspeed.rewriter.JetspeedRewriterController;
import org.apache.jetspeed.rewriter.RewriterController;
import org.apache.jetspeed.rewriter.RewriterException;
@@ -74,8 +66,8 @@
import org.apache.jetspeed.rewriter.html.neko.NekoParserAdaptor;
import org.apache.jetspeed.rewriter.rules.Ruleset;
import org.apache.jetspeed.rewriter.xml.SaxParserAdaptor;
-import org.apache.jetspeed.portlet.webcontent.WebContentHistoryList;
-import org.apache.jetspeed.portlet.webcontent.WebContentHistoryPage;
+import org.apache.portals.bridges.velocity.GenericVelocityPortlet;
+import org.apache.portals.messaging.PortletMessaging;
/**
@@ -339,10 +331,14 @@
// ...set up URL and HttpClient stuff
HttpClient httpClient = getHttpClient(request) ;
httpMethod = getHttpMethod(httpClient, getURLSource(sourceAttr, sourceParams, request, response), sourceParams, isPost, request);
- doPreemptiveAuthentication(httpClient, httpMethod, request, response);
+ byte[] result = doPreemptiveAuthentication(httpClient, httpMethod, request, response);
// ...get, cache, and return the content
- return doHttpWebContent(httpClient, httpMethod, 0, request, response);
+ if (result == null) {
+ return doHttpWebContent(httpClient, httpMethod, 0, request, response);
+ } else {
+ return result;
+ }
}
catch (PortletException pex)
{
@@ -454,6 +450,7 @@
// Page has been rewritten
// TODO: Write it to cache
+ //System.out.println(new String(byteOutputStream.toByteArray()));
return byteOutputStream.toByteArray();
}
catch (UnsupportedEncodingException ueex)
@@ -475,10 +472,10 @@
return source;
}
- protected boolean doPreemptiveAuthentication(HttpClient clent,HttpMethod method, RenderRequest request, RenderResponse response)
+ protected byte[] doPreemptiveAuthentication(HttpClient clent,HttpMethod method, RenderRequest request, RenderResponse response)
{
// derived class responsibilty - return true, if credentials have been set
- return false ;
+ return null ;
}
protected boolean doRequestedAuthentication(HttpClient clent,HttpMethod method, RenderRequest request, RenderResponse response)
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org