You are viewing a plain text version of this content. The canonical link for it is here.
Posted to portalapps-dev@portals.apache.org by wo...@apache.org on 2009/09/28 10:16:23 UTC
svn commit: r819472 - in /portals/applications/webcontent/trunk:
webcontent-jar/src/main/java/org/apache/portals/applications/webcontent/proxy/
webcontent-jar/src/main/java/org/apache/portals/applications/webcontent/proxy/impl/
webcontent-jar/src/test/...
Author: woonsan
Date: Mon Sep 28 08:16:22 2009
New Revision: 819472
URL: http://svn.apache.org/viewvc?rev=819472&view=rev
Log:
APA-17: Clean ups for reverse proxy components.
I thought it was possible to provide generic sso credentials retrieval mechanism between different PAs. However, it is not possible or requires nasty app dependencies.
So, I just cleaned up the components of apa-webcontent. So, a PA should include library and reverse proxy component inside itself and set sso creds information. I will add this in j2-admin later.
Added:
portals/applications/webcontent/trunk/webcontent-jar/src/main/java/org/apache/portals/applications/webcontent/proxy/SSOSiteCredentials.java (with props)
portals/applications/webcontent/trunk/webcontent-jar/src/main/java/org/apache/portals/applications/webcontent/proxy/SSOSiteCredentialsProvider.java (with props)
Removed:
portals/applications/webcontent/trunk/webcontent-jar/src/main/java/org/apache/portals/applications/webcontent/proxy/AuthScopeCredentials.java
portals/applications/webcontent/trunk/webcontent-jar/src/main/java/org/apache/portals/applications/webcontent/proxy/impl/DefaultAuthScopeCredentialsImpl.java
portals/applications/webcontent/trunk/webcontent-jar/src/test/java/org/apache/portals/applications/webcontent/proxy/TestAuthScopeCredentials.java
Modified:
portals/applications/webcontent/trunk/webcontent-jar/src/main/java/org/apache/portals/applications/webcontent/proxy/HttpReverseProxyConstants.java
portals/applications/webcontent/trunk/webcontent-jar/src/main/java/org/apache/portals/applications/webcontent/proxy/impl/DefaultHttpReverseProxyServlet.java
portals/applications/webcontent/trunk/webcontent-jar/src/main/java/org/apache/portals/applications/webcontent/proxy/impl/RewritableHttpReverseProxyServiceImpl.java
portals/applications/webcontent/trunk/webcontent-war/src/main/webapp/WEB-INF/conf/reverseproxy.properties
Modified: portals/applications/webcontent/trunk/webcontent-jar/src/main/java/org/apache/portals/applications/webcontent/proxy/HttpReverseProxyConstants.java
URL: http://svn.apache.org/viewvc/portals/applications/webcontent/trunk/webcontent-jar/src/main/java/org/apache/portals/applications/webcontent/proxy/HttpReverseProxyConstants.java?rev=819472&r1=819471&r2=819472&view=diff
==============================================================================
--- portals/applications/webcontent/trunk/webcontent-jar/src/main/java/org/apache/portals/applications/webcontent/proxy/HttpReverseProxyConstants.java (original)
+++ portals/applications/webcontent/trunk/webcontent-jar/src/main/java/org/apache/portals/applications/webcontent/proxy/HttpReverseProxyConstants.java Mon Sep 28 08:16:22 2009
@@ -23,6 +23,6 @@
String PATH_MAPPER = "org.apache.portals.applications.webcontent.proxy.reverseProxyPathMapper";
- String USER_AUTH_SCOPE_CREDS = "org.apache.portals.applications.webcontent.proxy.reverseProxyUserAuthScopeCreds";
+ String SSO_SITE_CREDENTIALS_PROVIDER = "org.apache.portals.applications.webcontent.proxy.reverseProxySSOSiteCredentialsProvider";
}
Added: portals/applications/webcontent/trunk/webcontent-jar/src/main/java/org/apache/portals/applications/webcontent/proxy/SSOSiteCredentials.java
URL: http://svn.apache.org/viewvc/portals/applications/webcontent/trunk/webcontent-jar/src/main/java/org/apache/portals/applications/webcontent/proxy/SSOSiteCredentials.java?rev=819472&view=auto
==============================================================================
--- portals/applications/webcontent/trunk/webcontent-jar/src/main/java/org/apache/portals/applications/webcontent/proxy/SSOSiteCredentials.java (added)
+++ portals/applications/webcontent/trunk/webcontent-jar/src/main/java/org/apache/portals/applications/webcontent/proxy/SSOSiteCredentials.java Mon Sep 28 08:16:22 2009
@@ -0,0 +1,34 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.portals.applications.webcontent.proxy;
+
+public interface SSOSiteCredentials
+{
+
+ public String getHost();
+
+ public int getPort();
+
+ public String getRealm();
+
+ public String getScheme();
+
+ public String getUsername();
+
+ public String getPassword();
+
+}
Propchange: portals/applications/webcontent/trunk/webcontent-jar/src/main/java/org/apache/portals/applications/webcontent/proxy/SSOSiteCredentials.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: portals/applications/webcontent/trunk/webcontent-jar/src/main/java/org/apache/portals/applications/webcontent/proxy/SSOSiteCredentials.java
------------------------------------------------------------------------------
svn:keywords = Id
Propchange: portals/applications/webcontent/trunk/webcontent-jar/src/main/java/org/apache/portals/applications/webcontent/proxy/SSOSiteCredentials.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: portals/applications/webcontent/trunk/webcontent-jar/src/main/java/org/apache/portals/applications/webcontent/proxy/SSOSiteCredentialsProvider.java
URL: http://svn.apache.org/viewvc/portals/applications/webcontent/trunk/webcontent-jar/src/main/java/org/apache/portals/applications/webcontent/proxy/SSOSiteCredentialsProvider.java?rev=819472&view=auto
==============================================================================
--- portals/applications/webcontent/trunk/webcontent-jar/src/main/java/org/apache/portals/applications/webcontent/proxy/SSOSiteCredentialsProvider.java (added)
+++ portals/applications/webcontent/trunk/webcontent-jar/src/main/java/org/apache/portals/applications/webcontent/proxy/SSOSiteCredentialsProvider.java Mon Sep 28 08:16:22 2009
@@ -0,0 +1,26 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.portals.applications.webcontent.proxy;
+
+import java.util.List;
+
+public interface SSOSiteCredentialsProvider
+{
+
+ public List<SSOSiteCredentials> getSSOCredentials(String siteURL);
+
+}
Propchange: portals/applications/webcontent/trunk/webcontent-jar/src/main/java/org/apache/portals/applications/webcontent/proxy/SSOSiteCredentialsProvider.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: portals/applications/webcontent/trunk/webcontent-jar/src/main/java/org/apache/portals/applications/webcontent/proxy/SSOSiteCredentialsProvider.java
------------------------------------------------------------------------------
svn:keywords = Id
Propchange: portals/applications/webcontent/trunk/webcontent-jar/src/main/java/org/apache/portals/applications/webcontent/proxy/SSOSiteCredentialsProvider.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified: portals/applications/webcontent/trunk/webcontent-jar/src/main/java/org/apache/portals/applications/webcontent/proxy/impl/DefaultHttpReverseProxyServlet.java
URL: http://svn.apache.org/viewvc/portals/applications/webcontent/trunk/webcontent-jar/src/main/java/org/apache/portals/applications/webcontent/proxy/impl/DefaultHttpReverseProxyServlet.java?rev=819472&r1=819471&r2=819472&view=diff
==============================================================================
--- portals/applications/webcontent/trunk/webcontent-jar/src/main/java/org/apache/portals/applications/webcontent/proxy/impl/DefaultHttpReverseProxyServlet.java (original)
+++ portals/applications/webcontent/trunk/webcontent-jar/src/main/java/org/apache/portals/applications/webcontent/proxy/impl/DefaultHttpReverseProxyServlet.java Mon Sep 28 08:16:22 2009
@@ -242,22 +242,6 @@
Configuration ssoUserConf = configuration.subset("proxy.sso.user");
- try
- {
- ((RewritableHttpReverseProxyServiceImpl) tempProxyService).setUserAuthScopeCredentialsPropertyPath(ssoUserConf.getString("userAuthScopeCredentialsPropertyPath"));
- }
- catch (Exception e)
- {
- }
-
- try
- {
- ((RewritableHttpReverseProxyServiceImpl) tempProxyService).setKeepAuthScopeCredentialsInSession(ssoUserConf.getBoolean("keepAuthScopeCredentialsInSession", true));
- }
- catch (Exception e)
- {
- }
-
tempProxyService.initialize();
HttpReverseProxyService oldProxyService = proxyService;
Modified: portals/applications/webcontent/trunk/webcontent-jar/src/main/java/org/apache/portals/applications/webcontent/proxy/impl/RewritableHttpReverseProxyServiceImpl.java
URL: http://svn.apache.org/viewvc/portals/applications/webcontent/trunk/webcontent-jar/src/main/java/org/apache/portals/applications/webcontent/proxy/impl/RewritableHttpReverseProxyServiceImpl.java?rev=819472&r1=819471&r2=819472&view=diff
==============================================================================
--- portals/applications/webcontent/trunk/webcontent-jar/src/main/java/org/apache/portals/applications/webcontent/proxy/impl/RewritableHttpReverseProxyServiceImpl.java (original)
+++ portals/applications/webcontent/trunk/webcontent-jar/src/main/java/org/apache/portals/applications/webcontent/proxy/impl/RewritableHttpReverseProxyServiceImpl.java Mon Sep 28 08:16:22 2009
@@ -23,8 +23,6 @@
import java.io.OutputStreamWriter;
import java.io.Reader;
import java.io.Writer;
-import java.net.URI;
-import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;
@@ -32,12 +30,11 @@
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
-import org.apache.commons.beanutils.PropertyUtils;
import org.apache.commons.io.IOUtils;
-import org.apache.commons.lang.StringUtils;
import org.apache.http.Header;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
+import org.apache.http.auth.AuthScope;
import org.apache.http.auth.Credentials;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.methods.HttpGet;
@@ -56,11 +53,12 @@
import org.apache.http.params.HttpParams;
import org.apache.http.protocol.HTTP;
import org.apache.http.util.EntityUtils;
-import org.apache.portals.applications.webcontent.proxy.AuthScopeCredentials;
import org.apache.portals.applications.webcontent.proxy.HttpReverseProxyConstants;
import org.apache.portals.applications.webcontent.proxy.HttpReverseProxyPathMapper;
import org.apache.portals.applications.webcontent.proxy.HttpReverseProxyPathMapperProvider;
import org.apache.portals.applications.webcontent.proxy.HttpReverseProxyService;
+import org.apache.portals.applications.webcontent.proxy.SSOSiteCredentials;
+import org.apache.portals.applications.webcontent.proxy.SSOSiteCredentialsProvider;
import org.apache.portals.applications.webcontent.rewriter.ParserAdaptor;
import org.apache.portals.applications.webcontent.rewriter.Rewriter;
import org.apache.portals.applications.webcontent.rewriter.RewriterController;
@@ -108,15 +106,6 @@
*/
private HttpParams clientParams;
- /**
- * Property Path to find User AuthScope-Credentials for SSO.
- * <P>The property path value will be evaluated from {@link HttpServletRequest} object.
- * The property path syntax conforms Apache Commons BeanUtils {@link PropertyUtils#getProperty(Object, String)}.</P>
- */
- private String userAuthScopeCredentialsPropertyPath;
-
- private boolean keepAuthScopeCredentialsInSession = true;
-
public RewritableHttpReverseProxyServiceImpl(HttpReverseProxyPathMapperProvider proxyPathMapperProvider)
{
this.proxyPathMapperProvider = proxyPathMapperProvider;
@@ -142,16 +131,6 @@
this.connectionManagerParams = connectionManagerParams;
}
- public void setUserAuthScopeCredentialsPropertyPath(String userAuthScopeCredentialsPropertyPath)
- {
- this.userAuthScopeCredentialsPropertyPath = userAuthScopeCredentialsPropertyPath;
- }
-
- public void setKeepAuthScopeCredentialsInSession(boolean keepAuthScopeCredentialsInSession)
- {
- this.keepAuthScopeCredentialsInSession = keepAuthScopeCredentialsInSession;
- }
-
public void initialize()
{
if (clientParams == null)
@@ -231,8 +210,9 @@
DefaultHttpClient httpClient = new DefaultHttpClient(connectionManager, clientParams);
// redirection should be adjusted with local host header...
httpClient.getParams().setBooleanParameter(ClientPNames.HANDLE_REDIRECTS, false);
- // set credentials for this user if available
- setUserCredentialsInfos(httpClient, request);
+
+ // set sso credentials if available
+ setSSOSiteCredentials(proxyTargetURL, httpClient, request);
String method = request.getMethod();
boolean isGetMethod = "GET".equals(method);
@@ -510,56 +490,29 @@
}
}
- private void setUserCredentialsInfos(DefaultHttpClient httpClient, HttpServletRequest request)
+ private void setSSOSiteCredentials(String siteURL, DefaultHttpClient httpClient, HttpServletRequest request)
{
- List<AuthScopeCredentials> userAuthScopeCredentials = (List<AuthScopeCredentials>) request.getAttribute(HttpReverseProxyConstants.USER_AUTH_SCOPE_CREDS);
+ SSOSiteCredentialsProvider credsProvider = (SSOSiteCredentialsProvider) request.getAttribute(HttpReverseProxyConstants.SSO_SITE_CREDENTIALS_PROVIDER);
- if (userAuthScopeCredentials == null)
+ if (credsProvider == null)
{
HttpSession session = request.getSession(false);
if (session != null)
{
- userAuthScopeCredentials = (List<AuthScopeCredentials>) session.getAttribute(HttpReverseProxyConstants.USER_AUTH_SCOPE_CREDS);
- }
- }
-
- if (userAuthScopeCredentials == null && userAuthScopeCredentialsPropertyPath != null)
- {
- try
- {
- List<URI> authCredsURIs = (List<URI>) PropertyUtils.getProperty(request, StringUtils.removeStart(userAuthScopeCredentialsPropertyPath, "request."));
-
- if (authCredsURIs != null)
- {
- userAuthScopeCredentials = new ArrayList<AuthScopeCredentials>();
-
- for (URI authCredsURI : authCredsURIs)
- {
- userAuthScopeCredentials.add(new DefaultAuthScopeCredentialsImpl(authCredsURI));
- }
-
- if (keepAuthScopeCredentialsInSession)
- {
- request.getSession().setAttribute(HttpReverseProxyConstants.USER_AUTH_SCOPE_CREDS, userAuthScopeCredentials);
- }
- }
- }
- catch (Exception e)
- {
- if (log.isWarnEnabled())
- {
- log.warn("Cannot access the authScopeCredentials list object by the path, {}. {}", userAuthScopeCredentialsPropertyPath, e);
- }
+ credsProvider = (SSOSiteCredentialsProvider) session.getAttribute(HttpReverseProxyConstants.SSO_SITE_CREDENTIALS_PROVIDER);
}
}
- if (userAuthScopeCredentials != null && !userAuthScopeCredentials.isEmpty())
+ if (credsProvider != null)
{
- for (AuthScopeCredentials authScopeCreds : userAuthScopeCredentials)
+ List<SSOSiteCredentials> credsList = credsProvider.getSSOCredentials(siteURL);
+
+ for (SSOSiteCredentials creds : credsList)
{
- Credentials creds = new UsernamePasswordCredentials(authScopeCreds.getUsername(), authScopeCreds.getPassword());
- httpClient.getCredentialsProvider().setCredentials(authScopeCreds.getAuthScope(), creds);
+ AuthScope authScope = new AuthScope(creds.getHost(), creds.getPort(), creds.getRealm(), creds.getScheme());
+ Credentials usernamePwdCreds = new UsernamePasswordCredentials(creds.getUsername(), creds.getPassword());
+ httpClient.getCredentialsProvider().setCredentials(authScope, usernamePwdCreds);
}
}
}
Modified: portals/applications/webcontent/trunk/webcontent-war/src/main/webapp/WEB-INF/conf/reverseproxy.properties
URL: http://svn.apache.org/viewvc/portals/applications/webcontent/trunk/webcontent-war/src/main/webapp/WEB-INF/conf/reverseproxy.properties?rev=819472&r1=819471&r2=819472&view=diff
==============================================================================
--- portals/applications/webcontent/trunk/webcontent-war/src/main/webapp/WEB-INF/conf/reverseproxy.properties (original)
+++ portals/applications/webcontent/trunk/webcontent-war/src/main/webapp/WEB-INF/conf/reverseproxy.properties Mon Sep 28 08:16:22 2009
@@ -42,12 +42,6 @@
proxy.http.client.param.allowCircularRedirects = false
-# Reverse Proxy Single Sign On configurations
-# ... Sets property path from request object to retrieve user's authScopeCredential list object.
-# ... The property path should conform Apache Commons BeanUtils PropUtils.getProperty(Object, String).
-proxy.sso.user.userAuthScopeCredentialsPropertyPath = request.attribute(org.apache.jetspeed.request.RequestContext).objects(org.apache.portals.applications.webcontent.proxy.authCredsProvider).authCredsURIs
-proxy.sso.user.keepAuthScopeCredentialsInSession
-
# Global HTTP ClientConnectionManager parameters
# ... You can set various http client connection manager parameters with prefix, 'proxy.http.connManager.param.'.
# ... Refer to the javadoc of org.apache.http.conn.params.ConnManagerParamBean.