Repository: usergrid Updated Branches: refs/heads/apigee-sso-provider 8d79d365c -> 8413f212e
Allow CORS pre-flight requests to come through unauthenticated ( bad creds shouldn't stop browsers from trying the real request ). Project: http://git-wip-us.apache.org/repos/asf/usergrid/repo Commit: http://git-wip-us.apache.org/repos/asf/usergrid/commit/8413f212 Tree: http://git-wip-us.apache.org/repos/asf/usergrid/tree/8413f212 Diff: http://git-wip-us.apache.org/repos/asf/usergrid/diff/8413f212 Branch: refs/heads/apigee-sso-provider Commit: 8413f212ee7bdfdd729d4f3f7d93200362e01751 Parents: 8d79d36 Author: Michael Russo <[email protected]> Authored: Thu Jul 7 17:47:52 2016 -0700 Committer: Michael Russo <[email protected]> Committed: Thu Jul 7 17:47:52 2016 -0700 ---------------------------------------------------------------------- .../security/shiro/filters/BasicAuthSecurityFilter.java | 3 +++ .../shiro/filters/ClientCredentialsSecurityFilter.java | 4 ++++ .../shiro/filters/OAuth2AccessTokenSecurityFilter.java | 4 ++++ .../rest/security/shiro/filters/SecurityFilter.java | 12 ++++++++++++ 4 files changed, 23 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/usergrid/blob/8413f212/stack/rest/src/main/java/org/apache/usergrid/rest/security/shiro/filters/BasicAuthSecurityFilter.java ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/security/shiro/filters/BasicAuthSecurityFilter.java b/stack/rest/src/main/java/org/apache/usergrid/rest/security/shiro/filters/BasicAuthSecurityFilter.java index a5d7272..5594a1c 100644 --- a/stack/rest/src/main/java/org/apache/usergrid/rest/security/shiro/filters/BasicAuthSecurityFilter.java +++ b/stack/rest/src/main/java/org/apache/usergrid/rest/security/shiro/filters/BasicAuthSecurityFilter.java @@ -49,6 +49,9 @@ public class BasicAuthSecurityFilter extends SecurityFilter { logger.trace("Filtering: {}", request.getUriInfo().getBaseUri()); } + if( bypassSecurityCheck(request) ){ + return; + } Map<String, String> auth_types = getAuthTypes( request ); if ( ( auth_types == null ) || !auth_types.containsKey( AUTH_BASIC_TYPE ) ) { http://git-wip-us.apache.org/repos/asf/usergrid/blob/8413f212/stack/rest/src/main/java/org/apache/usergrid/rest/security/shiro/filters/ClientCredentialsSecurityFilter.java ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/security/shiro/filters/ClientCredentialsSecurityFilter.java b/stack/rest/src/main/java/org/apache/usergrid/rest/security/shiro/filters/ClientCredentialsSecurityFilter.java index 83e53c1..486d105 100644 --- a/stack/rest/src/main/java/org/apache/usergrid/rest/security/shiro/filters/ClientCredentialsSecurityFilter.java +++ b/stack/rest/src/main/java/org/apache/usergrid/rest/security/shiro/filters/ClientCredentialsSecurityFilter.java @@ -55,6 +55,10 @@ public class ClientCredentialsSecurityFilter extends SecurityFilter { logger.trace("Filtering: {}", request.getUriInfo().getBaseUri()); } + if( bypassSecurityCheck(request) ){ + return; + } + String clientId = httpServletRequest.getParameter( "client_id" ); String clientSecret = httpServletRequest.getParameter( "client_secret" ); http://git-wip-us.apache.org/repos/asf/usergrid/blob/8413f212/stack/rest/src/main/java/org/apache/usergrid/rest/security/shiro/filters/OAuth2AccessTokenSecurityFilter.java ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/security/shiro/filters/OAuth2AccessTokenSecurityFilter.java b/stack/rest/src/main/java/org/apache/usergrid/rest/security/shiro/filters/OAuth2AccessTokenSecurityFilter.java index 03da0e8..ca040e8 100644 --- a/stack/rest/src/main/java/org/apache/usergrid/rest/security/shiro/filters/OAuth2AccessTokenSecurityFilter.java +++ b/stack/rest/src/main/java/org/apache/usergrid/rest/security/shiro/filters/OAuth2AccessTokenSecurityFilter.java @@ -74,6 +74,10 @@ public class OAuth2AccessTokenSecurityFilter extends SecurityFilter implements C logger.trace("Filtering: {}", request.getUriInfo().getBaseUri()); } + if( bypassSecurityCheck(request) ){ + return; + } + try { try { http://git-wip-us.apache.org/repos/asf/usergrid/blob/8413f212/stack/rest/src/main/java/org/apache/usergrid/rest/security/shiro/filters/SecurityFilter.java ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/security/shiro/filters/SecurityFilter.java b/stack/rest/src/main/java/org/apache/usergrid/rest/security/shiro/filters/SecurityFilter.java index e0dadba..1c06aed 100644 --- a/stack/rest/src/main/java/org/apache/usergrid/rest/security/shiro/filters/SecurityFilter.java +++ b/stack/rest/src/main/java/org/apache/usergrid/rest/security/shiro/filters/SecurityFilter.java @@ -132,4 +132,16 @@ public abstract class SecurityFilter implements ContainerRequestFilter { } return auth_types; } + + public static boolean bypassSecurityCheck( ContainerRequestContext request ){ + + // if this is a CORS Pre-Flight request, we can skip the security check + // OPTIONS requests do not have access into Usergrid data, Jersey default handles these requests + if( request.getMethod().equalsIgnoreCase("options")){ + return true; + } + + return false; + + } }
