You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by re...@apache.org on 2015/10/21 14:44:40 UTC
svn commit: r1709818 - in
/tomcat/trunk/java/org/apache/catalina/authenticator:
BasicAuthenticator.java jaspic/JaspicAuthenticator.java
jaspic/LocalStrings.properties jaspic/MessageInfoImpl.java
jaspic/provider/modules/BasicAuthModule.java
Author: remm
Date: Wed Oct 21 12:44:40 2015
New Revision: 1709818
URL: http://svn.apache.org/viewvc?rev=1709818&view=rev
Log:
Cleanup, use the main Request type like the current authenticators and remove code duplication with the "classic" BASIC authenticator.
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/BasicAuthenticator.java
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/LocalStrings.properties
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/MessageInfoImpl.java
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/BasicAuthModule.java
Modified: tomcat/trunk/java/org/apache/catalina/authenticator/BasicAuthenticator.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/BasicAuthenticator.java?rev=1709818&r1=1709817&r2=1709818&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/BasicAuthenticator.java (original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/BasicAuthenticator.java Wed Oct 21 12:44:40 2015
@@ -117,7 +117,7 @@ public class BasicAuthenticator extends
* as per RFC 2617 section 2, and the Base64 encoded credentials as
* per RFC 2045 section 6.8.
*/
- protected static class BasicCredentials {
+ public static class BasicCredentials {
// the only authentication method supported by this parser
// note: we include single white space as its delimiter
Modified: tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java?rev=1709818&r1=1709817&r2=1709818&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java (original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java Wed Oct 21 12:44:40 2015
@@ -38,6 +38,7 @@ import org.apache.catalina.connector.Req
import org.apache.catalina.realm.GenericPrincipal;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.res.StringManager;
/**
* Security valve which implements JASPIC authentication.
@@ -45,6 +46,7 @@ import org.apache.juli.logging.LogFactor
public class JaspicAuthenticator extends AuthenticatorBase {
private static final Log log = LogFactory.getLog(JaspicAuthenticator.class);
+ protected static final StringManager sm = StringManager.getManager(JaspicAuthenticator.class);
private static final String AUTH_TYPE = "JASPIC";
public static final String MESSAGE_LAYER = "HttpServlet";
Modified: tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/LocalStrings.properties
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/LocalStrings.properties?rev=1709818&r1=1709817&r2=1709818&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/LocalStrings.properties (original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/LocalStrings.properties Wed Oct 21 12:44:40 2015
@@ -16,3 +16,5 @@
authenticator.jaspic.unauthorized=Cannot authenticate with the provided credentials
authenticator.jaspic.unknownCallback=Unknown JASPIC callback: [{0}]
authenticator.jaspic.unknownAuthType=Unknown authentication type: [{0}]
+authenticator.jaspic.badRequestType=Request [{0}] is not a Catalina request
+authenticator.jaspic.badResponseType=Response [{0}] is not a Servlet response
\ No newline at end of file
Modified: tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/MessageInfoImpl.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/MessageInfoImpl.java?rev=1709818&r1=1709817&r2=1709818&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/MessageInfoImpl.java (original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/MessageInfoImpl.java Wed Oct 21 12:44:40 2015
@@ -20,16 +20,18 @@ import java.util.HashMap;
import java.util.Map;
import javax.security.auth.message.MessageInfo;
-import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.connector.Request;
+import org.apache.tomcat.util.res.StringManager;
public class MessageInfoImpl implements MessageInfo {
+ protected static final StringManager sm = StringManager.getManager(MessageInfoImpl.class);
+
public static final String IS_MANDATORY = "javax.security.auth.message.MessagePolicy.isMandatory";
private final Map<String, Object> map = new HashMap<>();
- private HttpServletRequest request;
+ private Request request;
private HttpServletResponse response;
public MessageInfoImpl() {
@@ -60,18 +62,18 @@ public class MessageInfoImpl implements
@Override
public void setRequestMessage(Object request) {
- if (!(request instanceof HttpServletRequest)) {
- throw new IllegalArgumentException("Request is not a servlet request but "
- + request.getClass().getName());
+ if (!(request instanceof Request)) {
+ throw new IllegalArgumentException(sm.getString("authenticator.jaspic.badRequestType",
+ request.getClass().getName()));
}
- this.request = (HttpServletRequest) request;
+ this.request = (Request) request;
}
@Override
public void setResponseMessage(Object response) {
if (!(response instanceof HttpServletResponse)) {
- throw new IllegalArgumentException("response is not a servlet response but "
- + response.getClass().getName());
+ throw new IllegalArgumentException(sm.getString("authenticator.jaspic.badResponseType",
+ response.getClass().getName()));
}
this.response = (HttpServletResponse) response;
}
Modified: tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/BasicAuthModule.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/BasicAuthModule.java?rev=1709818&r1=1709817&r2=1709818&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/BasicAuthModule.java (original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/BasicAuthModule.java Wed Oct 21 12:44:40 2015
@@ -17,7 +17,6 @@
package org.apache.catalina.authenticator.jaspic.provider.modules;
import java.io.IOException;
-import java.nio.charset.StandardCharsets;
import java.text.MessageFormat;
import java.util.Iterator;
import java.util.Map;
@@ -34,10 +33,11 @@ import javax.servlet.http.HttpServletReq
import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.Context;
+import org.apache.catalina.authenticator.BasicAuthenticator.BasicCredentials;
+import org.apache.catalina.connector.Request;
import org.apache.catalina.realm.GenericPrincipal;
import org.apache.tomcat.util.buf.ByteChunk;
import org.apache.tomcat.util.buf.MessageBytes;
-import org.apache.tomcat.util.codec.binary.Base64;
/**
* This class implements JASPIC based HTTP BASIC authentication.
@@ -67,9 +67,10 @@ public class BasicAuthModule extends Tom
return AuthStatus.SUCCESS;
}
- HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
+ Request request = (Request) messageInfo.getRequestMessage();
HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage();
- String authorization = request.getHeader(AUTHORIZATION_HEADER);
+ MessageBytes authorization = request.getCoyoteRequest().getMimeHeaders()
+ .getValue(AUTHORIZATION_HEADER);
String realmName = getRealmName();
@@ -77,11 +78,14 @@ public class BasicAuthModule extends Tom
return sendUnauthorizedError(response, realmName);
}
- BasicCredentials credentials = parseAuthorizationString(authorization);
- String username = credentials.getUsername();
- char[] password = credentials.getPassword().toCharArray();
-
+ authorization.toBytes();
+ ByteChunk authorizationBC = authorization.getByteChunk();
+ BasicCredentials credentials = null;
try {
+ credentials = new BasicCredentials(authorizationBC);
+ String username = credentials.getUsername();
+ char[] password = credentials.getPassword().toCharArray();
+
PasswordValidationCallback passwordCallback = new PasswordValidationCallback(
clientSubject, username, password);
handler.handle(new Callback[] { passwordCallback });
@@ -91,7 +95,6 @@ public class BasicAuthModule extends Tom
}
handlePrincipalCallbacks(clientSubject, getPrincipal(passwordCallback));
return AuthStatus.SUCCESS;
-
} catch (Exception e) {
throw new AuthException(e.getMessage());
}
@@ -118,15 +121,6 @@ public class BasicAuthModule extends Tom
}
- private BasicCredentials parseAuthorizationString(String authorization) {
- MessageBytes authorizationBytes = MessageBytes.newInstance();
- authorizationBytes.setString(authorization);
- authorizationBytes.toBytes();
- ByteChunk authorizationBC = authorizationBytes.getByteChunk();
- return new BasicCredentials(authorizationBC);
- }
-
-
@Override
public AuthStatus secureResponse(MessageInfo messageInfo, Subject serviceSubject)
throws AuthException {
@@ -145,130 +139,4 @@ public class BasicAuthModule extends Tom
return supportedMessageTypes;
}
- /**
- * Parser for an HTTP Authorization header for BASIC authentication as per
- * RFC 2617 section 2, and the Base64 encoded credentials as per RFC 2045
- * section 6.8.
- */
- protected static class BasicCredentials {
-
- // the only authentication method supported by this parser
- // note: we include single white space as its delimiter
- private static final String METHOD = "basic ";
-
- private ByteChunk authorization;
- private int initialOffset;
- private int base64blobOffset;
- private int base64blobLength;
-
- private String username = null;
- private String password = null;
-
-
- /**
- * Parse the HTTP Authorization header for BASIC authentication as per
- * RFC 2617 section 2, and the Base64 encoded credentials as per RFC
- * 2045 section 6.8.
- *
- * @param input The header value to parse in-place
- * @throws IllegalArgumentException If the header does not conform to
- * RFC 2617
- */
- public BasicCredentials(ByteChunk input) throws IllegalArgumentException {
- authorization = input;
- initialOffset = input.getOffset();
- parseMethod();
- byte[] decoded = parseBase64();
- parseCredentials(decoded);
- }
-
-
- /**
- * Trivial accessor.
- *
- * @return the decoded username token as a String, which is never be
- * <code>null</code>, but can be empty.
- */
- public String getUsername() {
- return username;
- }
-
-
- /**
- * Trivial accessor.
- *
- * @return the decoded password token as a String, or <code>null</code>
- * if no password was found in the credentials.
- */
- public String getPassword() {
- return password;
- }
-
-
- /*
- * The authorization method string is case-insensitive and must have at
- * least one space character as a delimiter.
- */
- private void parseMethod() throws IllegalArgumentException {
- if (authorization.startsWithIgnoreCase(METHOD, 0)) {
- // step past the auth method name
- base64blobOffset = initialOffset + METHOD.length();
- base64blobLength = authorization.getLength() - METHOD.length();
- } else {
- // is this possible, or permitted?
- throw new IllegalArgumentException("Authorization header method is not \"Basic\"");
- }
- }
-
-
- /*
- * Decode the base64-user-pass token, which RFC 2617 states can be
- * longer than the 76 characters per line limit defined in RFC 2045. The
- * base64 decoder will ignore embedded line break characters as well as
- * surplus surrounding white space.
- */
- private byte[] parseBase64() throws IllegalArgumentException {
- byte[] decoded = Base64.decodeBase64(authorization.getBuffer(), base64blobOffset,
- base64blobLength);
- // restore original offset
- authorization.setOffset(initialOffset);
- if (decoded == null) {
- throw new IllegalArgumentException("Basic Authorization credentials are not Base64");
- }
- return decoded;
- }
-
-
- /*
- * Extract the mandatory username token and separate it from the
- * optional password token. Tolerate surplus surrounding white space.
- */
- private void parseCredentials(byte[] decoded) throws IllegalArgumentException {
-
- int colon = -1;
- for (int i = 0; i < decoded.length; i++) {
- if (decoded[i] == ':') {
- colon = i;
- break;
- }
- }
-
- if (colon < 0) {
- username = new String(decoded, StandardCharsets.ISO_8859_1);
- // password will remain null!
- } else {
- username = new String(decoded, 0, colon, StandardCharsets.ISO_8859_1);
- password = new String(decoded, colon + 1, decoded.length - colon - 1,
- StandardCharsets.ISO_8859_1);
- // tolerate surplus white space around credentials
- if (password.length() > 1) {
- password = password.trim();
- }
- }
- // tolerate surplus white space around credentials
- if (username.length() > 1) {
- username = username.trim();
- }
- }
- }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org