Updated Branches: refs/heads/master f8dd42be9 -> f8605c956
Implementing authentication chain mechanism Project: http://git-wip-us.apache.org/repos/asf/incubator-stratos/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-stratos/commit/f8605c95 Tree: http://git-wip-us.apache.org/repos/asf/incubator-stratos/tree/f8605c95 Diff: http://git-wip-us.apache.org/repos/asf/incubator-stratos/diff/f8605c95 Branch: refs/heads/master Commit: f8605c956763e4113aff2f9f1d86301ebe5707d6 Parents: f8dd42b Author: Pradeep Fernando <[email protected]> Authored: Sun Jan 12 21:57:06 2014 +0530 Committer: Pradeep Fernando <[email protected]> Committed: Sun Jan 12 21:57:06 2014 +0530 ---------------------------------------------------------------------- ...tractAuthenticationAuthorizationHandler.java | 46 ++++++++++++++++++++ .../rest/endpoint/handlers/OAuthHandler.java | 9 +++- .../handlers/StratosAuthenticationHandler.java | 10 ++++- .../handlers/StratosAuthorizingHandler.java | 8 +++- .../main/webapp/stratos/WEB-INF/cxf-servlet.xml | 11 ++--- 5 files changed, 70 insertions(+), 14 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-stratos/blob/f8605c95/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/AbstractAuthenticationAuthorizationHandler.java ---------------------------------------------------------------------- diff --git a/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/AbstractAuthenticationAuthorizationHandler.java b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/AbstractAuthenticationAuthorizationHandler.java new file mode 100644 index 0000000..4c0d274 --- /dev/null +++ b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/AbstractAuthenticationAuthorizationHandler.java @@ -0,0 +1,46 @@ +package org.apache.stratos.rest.endpoint.handlers;/* +* Copyright (c) 2005-2012, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. +* +* WSO2 Inc. licenses this file to you under the Apache License, +* Version 2.0 (the "License"); you may not use this file except +* in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, +* software distributed under the License is distributed on an +* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +* KIND, either express or implied. See the License for the +* specific language governing permissions and limitations +* under the License. +*/ + +import org.apache.cxf.jaxrs.ext.RequestHandler; +import org.apache.cxf.jaxrs.impl.HttpHeadersImpl; +import org.apache.cxf.jaxrs.model.ClassResourceInfo; +import org.apache.cxf.message.Message; + +import javax.ws.rs.core.HttpHeaders; +import javax.ws.rs.core.Response; +import java.util.List; + +public abstract class AbstractAuthenticationAuthorizationHandler implements RequestHandler { + + + + + public Response handleRequest(Message message, ClassResourceInfo classResourceInfo) { + HttpHeaders headers = new HttpHeadersImpl(message); + List<String> authHeader = headers.getRequestHeader(HttpHeaders.AUTHORIZATION); + if(authHeader != null && authHeader.size() > 0 && canHandle(authHeader.get(0).trim().split(" ")[0])){ + return handle(message,classResourceInfo); + } + // give the control to the next handler + return null; + + } + + protected abstract boolean canHandle(String authHeaderPrefix); + protected abstract Response handle(Message message,ClassResourceInfo classResourceInfo); +} http://git-wip-us.apache.org/repos/asf/incubator-stratos/blob/f8605c95/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/OAuthHandler.java ---------------------------------------------------------------------- diff --git a/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/OAuthHandler.java b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/OAuthHandler.java index 4bcf6c2..ce7524f 100644 --- a/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/OAuthHandler.java +++ b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/OAuthHandler.java @@ -34,8 +34,9 @@ import javax.ws.rs.core.Response; * This class responsible for OAuth based authentication/authorization. A client has to bring a valid OAuth token from a * a OAuth provider. This class intercept the request and calls the OAuthTokenValidation endpoint of the provider. */ -public class OAuthHandler implements RequestHandler { +public class OAuthHandler extends AbstractAuthenticationAuthorizationHandler { private static Log log = LogFactory.getLog(OAuthHandler.class); + private static String SUPPORTED_AUTHENTICATION_TYPE = "Bearer"; private static String oauthValidationEndpoint; private static String username; private static String password; @@ -52,7 +53,11 @@ public class OAuthHandler implements RequestHandler { OAuthHandler.password = password; } - public Response handleRequest(Message message, ClassResourceInfo classResourceInfo) { + public boolean canHandle(String authHeaderPrefix) { + return SUPPORTED_AUTHENTICATION_TYPE.equals(authHeaderPrefix); + } + + public Response handle(Message message, ClassResourceInfo classResourceInfo) { try { OAuth2TokenValidationResponseDTO respDTO; ValidationServiceClient validationServiceClient = new http://git-wip-us.apache.org/repos/asf/incubator-stratos/blob/f8605c95/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/StratosAuthenticationHandler.java ---------------------------------------------------------------------- diff --git a/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/StratosAuthenticationHandler.java b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/StratosAuthenticationHandler.java index f9a42fd..b9da59c 100644 --- a/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/StratosAuthenticationHandler.java +++ b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/StratosAuthenticationHandler.java @@ -39,14 +39,20 @@ import org.wso2.carbon.utils.multitenancy.MultitenantUtils; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; +import java.util.List; /** * Here we are doing the request authentication within a {@link RequestHandler}. The request handlers * are get invoked just before the actual method invocation. This authentication handler make use * of HTTP basic auth headers as the authentication mechanism. */ -public class StratosAuthenticationHandler implements RequestHandler { +public class StratosAuthenticationHandler extends AbstractAuthenticationAuthorizationHandler { private static Log log = LogFactory.getLog(StratosAuthenticationHandler.class); + private static String SUPPORTED_AUTHENTICATION_TYPE = "Basic"; + + public boolean canHandle(String authHeaderPrefix){ + return SUPPORTED_AUTHENTICATION_TYPE.equals(authHeaderPrefix); + } /** * Authenticate the user against the user store. Once authenticate, populate the {@link org.wso2.carbon.context.CarbonContext} @@ -55,7 +61,7 @@ public class StratosAuthenticationHandler implements RequestHandler { * @param classResourceInfo * @return */ - public Response handleRequest(Message message, ClassResourceInfo classResourceInfo) { + public Response handle(Message message, ClassResourceInfo classResourceInfo) { AuthorizationPolicy policy = (AuthorizationPolicy) message.get(AuthorizationPolicy.class); String username = policy.getUserName().trim(); String password = policy.getPassword().trim(); http://git-wip-us.apache.org/repos/asf/incubator-stratos/blob/f8605c95/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/StratosAuthorizingHandler.java ---------------------------------------------------------------------- diff --git a/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/StratosAuthorizingHandler.java b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/StratosAuthorizingHandler.java index 0902182..d9a044d 100644 --- a/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/StratosAuthorizingHandler.java +++ b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/StratosAuthorizingHandler.java @@ -48,9 +48,10 @@ import java.util.*; * details using annotations present in the service bean. This particular implementation is inspired * by the {@link org.apache.cxf.jaxrs.security.SimpleAuthorizingFilter} */ -public class StratosAuthorizingHandler implements RequestHandler { +public class StratosAuthorizingHandler extends AbstractAuthenticationAuthorizationHandler { private Log log = LogFactory.getLog(StratosAuthorizingHandler.class); + private static String SUPPORTED_AUTHENTICATION_TYPE = "Basic"; private static final String AUTHORIZATION_ANNOTATION_CLASS_NAME = "org.apache.stratos.rest.endpoint.annotation.AuthorizationAction"; private static final String TENANT_ANNOTATION_CLASS_NAME = "org.apache.stratos.rest.endpoint.annotation.SuperTenantService"; private static final String ACTION_ON_RESOURCE = "ui.execute"; @@ -65,8 +66,11 @@ public class StratosAuthorizingHandler implements RequestHandler { "equals", "toString", "hashCode"})); } + public boolean canHandle(String authHeaderPrefix){ + return SUPPORTED_AUTHENTICATION_TYPE.equals(authHeaderPrefix); + } - public Response handleRequest(Message message, ClassResourceInfo resourceClass) { + public Response handle(Message message, ClassResourceInfo resourceClass) { try { SecurityContext securityContext = message.get(SecurityContext.class); Method method = getTargetMethod(message); http://git-wip-us.apache.org/repos/asf/incubator-stratos/blob/f8605c95/components/org.apache.stratos.rest.endpoint/src/main/webapp/stratos/WEB-INF/cxf-servlet.xml ---------------------------------------------------------------------- diff --git a/components/org.apache.stratos.rest.endpoint/src/main/webapp/stratos/WEB-INF/cxf-servlet.xml b/components/org.apache.stratos.rest.endpoint/src/main/webapp/stratos/WEB-INF/cxf-servlet.xml index dfb7263..7677748 100644 --- a/components/org.apache.stratos.rest.endpoint/src/main/webapp/stratos/WEB-INF/cxf-servlet.xml +++ b/components/org.apache.stratos.rest.endpoint/src/main/webapp/stratos/WEB-INF/cxf-servlet.xml @@ -34,12 +34,8 @@ <ref bean="exceptionHandler"/> <ref bean="authenticationFilter"/> <ref bean="authorizationFilter"/> - </jaxrs:providers> - - <!--The below config enables OAuth based authentication/authorization for REST API--> - <!--jaxrs:providers> <ref bean="OAuthFilter"/> - </jaxrs:providers--> + </jaxrs:providers> </jaxrs:server> <bean id="stratosRestEndpointBean" class="org.apache.stratos.rest.endpoint.services.StratosAdmin"/> @@ -48,12 +44,11 @@ <property name="securedObject" ref="stratosRestEndpointBean"/> </bean> <bean id="exceptionHandler" class="org.apache.stratos.rest.endpoint.handlers.CustomExceptionMapper"/> - <!--The below config enables OAuth based authentication/authorization for REST API--> - <!--bean id="OAuthFilter" class="org.apache.stratos.rest.endpoint.handlers.OAuthHandler"> + <bean id="OAuthFilter" class="org.apache.stratos.rest.endpoint.handlers.OAuthHandler"> <property name="password" value="admin"/> <property name="username" value="admin"/> <property name="oauthValidationEndpoint" value="https://localhost:9443/services/"/> - </bean--> + </bean> </beans>
