[
https://jira.nuxeo.org/browse/WEB-273?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Florent Guillaume resolved WEB-273.
-----------------------------------
Resolution: Not A Bug
Class sun.misc.BASE64Decoder hasn't been used anymore in Nuxeo for a while.
And anyway NuxeoAuthenticationFilter.java hasn't existed in
nuxeo-webengine-core for *ages*. You must have incorrectly checked out the
source code. Proper way to checkout source is not to do hg clone. You must
specify the branch or tag you want. Please check the documentation.
Finally, JIRA WEB is closed, please use NXP.
> nuxeo-webengine-core module fails to compile to Base64Decoder error
> -------------------------------------------------------------------
>
> Key: WEB-273
> URL: https://jira.nuxeo.org/browse/WEB-273
> Project: Nuxeo Web Engine
> Issue Type: Bug
> Environment: sandbox with maven and jdk 1.6
> Reporter: Naveen Manga
> Assignee: Bogdan Stefanescu
> Priority: Major
>
> Hi,
> I have downloaded latest nuxeo webengine code yesterday as follows:
> hg clone http://hg.nuxeo.org/nuxeo/nuxeo-webengine
> Then i tried to do mvn clean install inside
> nuxeo-webengine\nuxeo-webengine-core module as i want to deploy it as a
> bundle in my nuxeo webengine in my apache tomcat server.
> I got the following compilation error:
> [INFO] Compilation failure
> /mnt/hgfs/workspace/nuxeo-webengine/nuxeo-webengine-core/src/main/java/org/nuxeo/ecm/webengine/login/NuxeoAuthenticationFilter.java:[41,15]
> sun.misc.BASE64Decoder is Sun proprietary API and may be removed in a future
> release
> /mnt/hgfs/workspace/nuxeo-webengine/nuxeo-webengine-core/src/main/java/org/nuxeo/ecm/webengine/WebObject.java:[128,48]
> unreported exception org.nuxeo.ecm.core.api.ClientException; must be caught
> or declared to be thrown
> /mnt/hgfs/workspace/nuxeo-webengine/nuxeo-webengine-core/src/main/java/org/nuxeo/ecm/webengine/login/NuxeoAuthenticationFilter.java:[149,12]
> sun.misc.BASE64Decoder is Sun proprietary API and may be removed in a future
> release
> /mnt/hgfs/workspace/nuxeo-webengine/nuxeo-webengine-core/src/main/java/org/nuxeo/ecm/webengine/login/NuxeoAuthenticationFilter.java:[149,40]
> sun.misc.BASE64Decoder is Sun proprietary API and may be removed in a future
> release
> It is using Sun's proprietery Base64Decoder class which may be removed in
> future.
> Instead it will be better to use apache commons codec Base64 class to decode
> as mentioned below.
> Please find the modified NuxeoAuthenticationFilter.java below:
> /*
> * (C) Copyright 2006-2008 Nuxeo SAS (http://nuxeo.com/) and contributors.
> *
> * All rights reserved. This program and the accompanying materials
> * are made available under the terms of the GNU Lesser General Public License
> * (LGPL) version 2.1 which accompanies this distribution, and is available at
> * http://www.gnu.org/licenses/lgpl.html
> *
> * This library is distributed in the hope that it will be useful,
> * but WITHOUT ANY WARRANTY; without even the implied warranty of
> * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> * Lesser General Public License for more details.
> *
> * Contributors:
> * bstefanescu
> *
> * $Id$
> */
> package org.nuxeo.ecm.webengine.login;
> import java.io.IOException;
> import java.io.PrintWriter;
> import javax.servlet.Filter;
> import javax.servlet.FilterChain;
> import javax.servlet.FilterConfig;
> import javax.servlet.ServletException;
> import javax.servlet.ServletRequest;
> import javax.servlet.ServletResponse;
> import javax.servlet.http.HttpServletRequest;
> import javax.servlet.http.HttpServletResponse;
> import javax.servlet.http.HttpSession;
> import org.nuxeo.ecm.core.api.ClientException;
> import org.nuxeo.ecm.core.api.NuxeoPrincipal;
> import org.nuxeo.ecm.platform.usermanager.UserManager;
> import org.nuxeo.ecm.webengine.DefaultWebContext;
> import org.nuxeo.runtime.api.Framework;
> //import sun.misc.BASE64Decoder;
> import org.apache.commons.codec.binary.Base64;
> /**
> * @author <a href="mailto:[email protected]";>Bogdan Stefanescu</a>
> *
> */
> public class NuxeoAuthenticationFilter implements Filter {
> protected UserManager mgr;
> public void destroy() {
> mgr = null;
> }
> public void doFilter(ServletRequest request, ServletResponse response,
> FilterChain chain) throws IOException, ServletException {
> if (mgr == null) {
> mgr = Framework.getLocalService(UserManager.class);
> if (mgr == null) {
> throw new ServletException("Could not find the UserManager
> service");
> }
> }
> HttpServletRequest req = (HttpServletRequest)request;
> HttpServletResponse resp = (HttpServletResponse)response;
> HttpSession session = req.getSession(true);
> NuxeoPrincipal currentPrincipal =
> (NuxeoPrincipal)session.getAttribute("nuxeo.principal");
> NuxeoPrincipal principal = null;
> String[] auth = getClientAuthorizationTokens(req);
> try {
> if (auth != null) { // a login/logout request
> if (auth[0] == null) { // a logout request
> session.setAttribute("nuxeo.principal", null);
> String userId = mgr.getAnonymousUserId();
> // reset user to anonymous
> if (userId != null) {
> currentPrincipal = mgr.getPrincipal(userId);
> }
> } else {
> if (mgr.checkUsernamePassword(auth[0], auth[1])) {
> principal = mgr.getPrincipal(auth[0]);
> }
> if (principal == null) {
> clientAuthenticationError(req, resp);
> return;
> }
> }
> } else {
> auth = getBasicAuthorizationTokens(req);
> if (auth != null) { // Basic HTTP login
> if (mgr.checkUsernamePassword(auth[0], auth[1])) {
> principal = mgr.getPrincipal(auth[0]);
> }
> if (principal == null) {
> basicAuthenticationError(req, resp);
> return;
> }
> } else if (currentPrincipal == null) { // anonymous login
> String userId = mgr.getAnonymousUserId();
> if (userId != null) {
> principal = mgr.getPrincipal(userId);
> }
> }
> }
> if (principal != null) {
> // remove the existing core session if any to force a new
> session creation based on the new principal
> session.removeAttribute(DefaultWebContext.CORESESSION_KEY);
> session.setAttribute("nuxeo.principal", principal);
> currentPrincipal = principal;
> }
> if (currentPrincipal != null) { // if a current principal is
> defined wrap the request
> request = new NuxeoSecuredRequestWrapper(req,
> currentPrincipal);
> }
> } catch (ClientException e) {
> throw new ServletException("Failed to perform authentication", e);
> }
> chain.doFilter(request, response);
> }
> public void init(FilterConfig filterConfig) throws ServletException {
> }
> public void clientAuthenticationError(HttpServletRequest request,
> HttpServletResponse response) throws IOException {
> //response.sendError(HttpServletResponse.SC_UNAUTHORIZED,
> "Authentication Failed");
> response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
>
> response.sendRedirect(request.getRequestURL().toString()+"?failed=true");
> }
> public void basicAuthenticationError(HttpServletRequest request,
> HttpServletResponse response) throws IOException {
> //***We weren't sent a valid username/password in the header, so ask
> for one***
> response.setHeader("WWW-Authenticate","Basic realm=\"WebEngine
> Authentication\"");
> response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Authentication
> Failed");
> }
> public void sendError(HttpServletResponse response, Throwable e) throws
> IOException {
> response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
> PrintWriter w = response.getWriter();
> w.append("<html><head><title>Authorization
> Failed</title></head><body><pre>");
> e.printStackTrace(w);
> w.append("</pre></body></html>");
> }
> public String[] getBasicAuthorizationTokens(
> HttpServletRequest httpRequest) throws IOException {
> String auth = httpRequest.getHeader("Authorization");
> if (auth != null && auth.toLowerCase().startsWith("basic")) {
> int idx = auth.indexOf(" ");
> String b64userpassword = auth.substring(idx + 1);
> //BASE64Decoder decoder = new BASE64Decoder();
> //byte[] clearUp = decoder.decodeBuffer(b64userpassword);
> byte[] clearUp =
> Base64.decodeBase64(b64userpassword.getBytes());
> String userpassword = new String(clearUp);
> String username = userpassword.split(":")[0];
> String password = userpassword.split(":")[1];
> return new String[] {username, password};
> }
> return null;
> }
> /**
> * If a request contains the "nuxeo@@login" parameter a login will be
> performed using
> * 'userid' and 'password' parameters. If the 'userid' is null (not
> specified by the client) a logout will be performed
> * @param httpRequest
> * @return
> * @throws IOException
> */
> public String[] getClientAuthorizationTokens(
> HttpServletRequest httpRequest) throws IOException {
> if (httpRequest.getParameter("nuxeo_login") != null) {
> String userId = httpRequest.getParameter("userid");
> String passwd = httpRequest.getParameter("password");
> return new String[] { userId, passwd };
> }
> return null;
> }
> }
> Also it will be better to replace any Base64Encoder used in Nuxeo core
> modules with commonscodec Base64.encodeBase64() method.
> Please let me know if you need more info.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.nuxeo.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
ECM-tickets mailing list
[email protected]
http://lists.nuxeo.com/mailman/listinfo/ecm-tickets
