[
https://jira.nuxeo.org/browse/WEB-273?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=86441#action_86441
]
Carl Sjoquist commented on WEB-273:
-----------------------------------
Is there any interest in fixing this? I see that it is marked major priority
and open, but was reported 18 months ago. This would suggest there's a work
around, or this is considered a non-issue? no?
> nuxeo-webengine-core module fails to compile to Base64Decoder error
> -------------------------------------------------------------------
>
> Key: WEB-273
> URL: https://jira.nuxeo.org/browse/WEB-273
> Project: Nuxeo Web Engine
> Issue Type: Bug
> Environment: sandbox with maven and jdk 1.6
> Reporter: Naveen Manga
> Assignee: Bogdan Stefanescu
> Priority: Major
>
> Hi,
> I have downloaded latest nuxeo webengine code yesterday as follows:
> hg clone http://hg.nuxeo.org/nuxeo/nuxeo-webengine
> Then i tried to do mvn clean install inside
> nuxeo-webengine\nuxeo-webengine-core module as i want to deploy it as a
> bundle in my nuxeo webengine in my apache tomcat server.
> I got the following compilation error:
> [INFO] Compilation failure
> /mnt/hgfs/workspace/nuxeo-webengine/nuxeo-webengine-core/src/main/java/org/nuxeo/ecm/webengine/login/NuxeoAuthenticationFilter.java:[41,15]
> sun.misc.BASE64Decoder is Sun proprietary API and may be removed in a future
> release
> /mnt/hgfs/workspace/nuxeo-webengine/nuxeo-webengine-core/src/main/java/org/nuxeo/ecm/webengine/WebObject.java:[128,48]
> unreported exception org.nuxeo.ecm.core.api.ClientException; must be caught
> or declared to be thrown
> /mnt/hgfs/workspace/nuxeo-webengine/nuxeo-webengine-core/src/main/java/org/nuxeo/ecm/webengine/login/NuxeoAuthenticationFilter.java:[149,12]
> sun.misc.BASE64Decoder is Sun proprietary API and may be removed in a future
> release
> /mnt/hgfs/workspace/nuxeo-webengine/nuxeo-webengine-core/src/main/java/org/nuxeo/ecm/webengine/login/NuxeoAuthenticationFilter.java:[149,40]
> sun.misc.BASE64Decoder is Sun proprietary API and may be removed in a future
> release
> It is using Sun's proprietery Base64Decoder class which may be removed in
> future.
> Instead it will be better to use apache commons codec Base64 class to decode
> as mentioned below.
> Please find the modified NuxeoAuthenticationFilter.java below:
> /*
> * (C) Copyright 2006-2008 Nuxeo SAS (http://nuxeo.com/) and contributors.
> *
> * All rights reserved. This program and the accompanying materials
> * are made available under the terms of the GNU Lesser General Public License
> * (LGPL) version 2.1 which accompanies this distribution, and is available at
> * http://www.gnu.org/licenses/lgpl.html
> *
> * This library is distributed in the hope that it will be useful,
> * but WITHOUT ANY WARRANTY; without even the implied warranty of
> * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> * Lesser General Public License for more details.
> *
> * Contributors:
> * bstefanescu
> *
> * $Id$
> */
> package org.nuxeo.ecm.webengine.login;
> import java.io.IOException;
> import java.io.PrintWriter;
> import javax.servlet.Filter;
> import javax.servlet.FilterChain;
> import javax.servlet.FilterConfig;
> import javax.servlet.ServletException;
> import javax.servlet.ServletRequest;
> import javax.servlet.ServletResponse;
> import javax.servlet.http.HttpServletRequest;
> import javax.servlet.http.HttpServletResponse;
> import javax.servlet.http.HttpSession;
> import org.nuxeo.ecm.core.api.ClientException;
> import org.nuxeo.ecm.core.api.NuxeoPrincipal;
> import org.nuxeo.ecm.platform.usermanager.UserManager;
> import org.nuxeo.ecm.webengine.DefaultWebContext;
> import org.nuxeo.runtime.api.Framework;
> //import sun.misc.BASE64Decoder;
> import org.apache.commons.codec.binary.Base64;
> /**
> * @author <a href="mailto:[email protected]";>Bogdan Stefanescu</a>
> *
> */
> public class NuxeoAuthenticationFilter implements Filter {
> protected UserManager mgr;
> public void destroy() {
> mgr = null;
> }
> public void doFilter(ServletRequest request, ServletResponse response,
> FilterChain chain) throws IOException, ServletException {
> if (mgr == null) {
> mgr = Framework.getLocalService(UserManager.class);
> if (mgr == null) {
> throw new ServletException("Could not find the UserManager
> service");
> }
> }
> HttpServletRequest req = (HttpServletRequest)request;
> HttpServletResponse resp = (HttpServletResponse)response;
> HttpSession session = req.getSession(true);
> NuxeoPrincipal currentPrincipal =
> (NuxeoPrincipal)session.getAttribute("nuxeo.principal");
> NuxeoPrincipal principal = null;
> String[] auth = getClientAuthorizationTokens(req);
> try {
> if (auth != null) { // a login/logout request
> if (auth[0] == null) { // a logout request
> session.setAttribute("nuxeo.principal", null);
> String userId = mgr.getAnonymousUserId();
> // reset user to anonymous
> if (userId != null) {
> currentPrincipal = mgr.getPrincipal(userId);
> }
> } else {
> if (mgr.checkUsernamePassword(auth[0], auth[1])) {
> principal = mgr.getPrincipal(auth[0]);
> }
> if (principal == null) {
> clientAuthenticationError(req, resp);
> return;
> }
> }
> } else {
> auth = getBasicAuthorizationTokens(req);
> if (auth != null) { // Basic HTTP login
> if (mgr.checkUsernamePassword(auth[0], auth[1])) {
> principal = mgr.getPrincipal(auth[0]);
> }
> if (principal == null) {
> basicAuthenticationError(req, resp);
> return;
> }
> } else if (currentPrincipal == null) { // anonymous login
> String userId = mgr.getAnonymousUserId();
> if (userId != null) {
> principal = mgr.getPrincipal(userId);
> }
> }
> }
> if (principal != null) {
> // remove the existing core session if any to force a new
> session creation based on the new principal
> session.removeAttribute(DefaultWebContext.CORESESSION_KEY);
> session.setAttribute("nuxeo.principal", principal);
> currentPrincipal = principal;
> }
> if (currentPrincipal != null) { // if a current principal is
> defined wrap the request
> request = new NuxeoSecuredRequestWrapper(req,
> currentPrincipal);
> }
> } catch (ClientException e) {
> throw new ServletException("Failed to perform authentication", e);
> }
> chain.doFilter(request, response);
> }
> public void init(FilterConfig filterConfig) throws ServletException {
> }
> public void clientAuthenticationError(HttpServletRequest request,
> HttpServletResponse response) throws IOException {
> //response.sendError(HttpServletResponse.SC_UNAUTHORIZED,
> "Authentication Failed");
> response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
>
> response.sendRedirect(request.getRequestURL().toString()+"?failed=true");
> }
> public void basicAuthenticationError(HttpServletRequest request,
> HttpServletResponse response) throws IOException {
> //***We weren't sent a valid username/password in the header, so ask
> for one***
> response.setHeader("WWW-Authenticate","Basic realm=\"WebEngine
> Authentication\"");
> response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Authentication
> Failed");
> }
> public void sendError(HttpServletResponse response, Throwable e) throws
> IOException {
> response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
> PrintWriter w = response.getWriter();
> w.append("<html><head><title>Authorization
> Failed</title></head><body><pre>");
> e.printStackTrace(w);
> w.append("</pre></body></html>");
> }
> public String[] getBasicAuthorizationTokens(
> HttpServletRequest httpRequest) throws IOException {
> String auth = httpRequest.getHeader("Authorization");
> if (auth != null && auth.toLowerCase().startsWith("basic")) {
> int idx = auth.indexOf(" ");
> String b64userpassword = auth.substring(idx + 1);
> //BASE64Decoder decoder = new BASE64Decoder();
> //byte[] clearUp = decoder.decodeBuffer(b64userpassword);
> byte[] clearUp =
> Base64.decodeBase64(b64userpassword.getBytes());
> String userpassword = new String(clearUp);
> String username = userpassword.split(":")[0];
> String password = userpassword.split(":")[1];
> return new String[] {username, password};
> }
> return null;
> }
> /**
> * If a request contains the "nuxeo@@login" parameter a login will be
> performed using
> * 'userid' and 'password' parameters. If the 'userid' is null (not
> specified by the client) a logout will be performed
> * @param httpRequest
> * @return
> * @throws IOException
> */
> public String[] getClientAuthorizationTokens(
> HttpServletRequest httpRequest) throws IOException {
> if (httpRequest.getParameter("nuxeo_login") != null) {
> String userId = httpRequest.getParameter("userid");
> String passwd = httpRequest.getParameter("password");
> return new String[] { userId, passwd };
> }
> return null;
> }
> }
> Also it will be better to replace any Base64Encoder used in Nuxeo core
> modules with commonscodec Base64.encodeBase64() method.
> Please let me know if you need more info.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.nuxeo.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
ECM-tickets mailing list
[email protected]
http://lists.nuxeo.com/mailman/listinfo/ecm-tickets
