Ravi Nori has uploaded a new change for review. Change subject: aaa: add support for basic athentication ......................................................................
aaa: add support for basic athentication Add support to engine sso for basic authentication Change-Id: If09285f0e6cd8909f21aa7e88ae1a3c1a30763c2 Bug-Url: https://bugzilla.redhat.com/1092744 Signed-off-by: Ravi Nori <[email protected]> --- A backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/servlets/BasicAuthServlet.java M backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/servlets/EngineSSOServlet.java M backend/manager/modules/enginesso/src/main/webapp/WEB-INF/web.xml 3 files changed, 93 insertions(+), 8 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/99/37299/1 diff --git a/backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/servlets/BasicAuthServlet.java b/backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/servlets/BasicAuthServlet.java new file mode 100644 index 0000000..dae3805 --- /dev/null +++ b/backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/servlets/BasicAuthServlet.java @@ -0,0 +1,19 @@ +package org.ovirt.engine.core.sso.servlets; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; + +public class BasicAuthServlet extends HttpServlet { + private static final long serialVersionUID = -2049151874771762209L; + private String realm = "engine sso"; + + @Override + protected void service(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + response.setHeader("WWW-Authenticate", "Basic realm=\"" + realm + "\""); + response.sendError(HttpServletResponse.SC_UNAUTHORIZED); + } +} diff --git a/backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/servlets/EngineSSOServlet.java b/backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/servlets/EngineSSOServlet.java index d2a7c20..27b7ed9 100644 --- a/backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/servlets/EngineSSOServlet.java +++ b/backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/servlets/EngineSSOServlet.java @@ -1,5 +1,6 @@ package org.ovirt.engine.core.sso.servlets; +import org.apache.commons.codec.binary.Base64; import org.apache.commons.lang.StringUtils; import org.ovirt.engine.core.sso.utils.AuthenticationException; import org.ovirt.engine.core.sso.utils.AuthenticationUtils; @@ -13,15 +14,17 @@ import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import java.io.IOException; +import java.nio.charset.Charset; import java.sql.SQLException; -import java.util.Map; public class EngineSSOServlet extends HttpServlet { private static final long serialVersionUID = -88168919566901736L; + private static final String BASIC_AUTH = "basicAuth"; private static final String USERNAME = "username"; private static final String PASSWORD = "password"; private static final String PROFILE = "profile"; + private static final String HEADER_AUTHORIZATION = "Authorization"; private static Logger log = LoggerFactory.getLogger(EngineSSOServlet.class); @@ -39,30 +42,83 @@ } } - private boolean containsUserCredentials(Map<String, String[]> parameters) { - return parameters.containsKey(USERNAME) && parameters.containsKey(PASSWORD) && parameters.containsKey(PROFILE); + private boolean containsUserCredentials(boolean basicAuth, HttpServletRequest request) { + return basicAuth ? + StringUtils.isNotEmpty(request.getHeader(HEADER_AUTHORIZATION)) : + request.getParameterMap().containsKey(USERNAME) && request.getParameterMap().containsKey(PASSWORD) && request.getParameterMap().containsKey(PROFILE); } private void authenticateUser(HttpSession session, HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + boolean basicAuth = false; try { - if (!containsUserCredentials(request.getParameterMap())) { + if (StringUtils.isNotEmpty(request.getParameter(BASIC_AUTH))) { + basicAuth = Boolean.parseBoolean(request.getParameter(BASIC_AUTH)); + } + if (basicAuth && StringUtils.isEmpty(request.getHeader(HEADER_AUTHORIZATION))) { + throw new AuthenticationException("Unauthorized"); + } + if (!containsUserCredentials(basicAuth, request)) { throw new AuthenticationException("Credentials Required"); } try { + Credentials userCredentials = getUserCredentials(basicAuth, request); AuthenticationUtils.handleCredentials( session, - request.getParameter(USERNAME), - request.getParameter(PASSWORD), - request.getParameter(PROFILE)); + userCredentials.username, + userCredentials.password, + userCredentials.profile); request.getRequestDispatcher("/sso-redirect").forward(request, response); } catch (SQLException ex) { log.error("Internal Database Error", ex); throw new AuthenticationException("Internal Database Error", ex); } } catch (AuthenticationException ex) { - request.getRequestDispatcher("/WEB-INF/login.jsp?msg=" + ex.getMessage()).forward(request, response); + if (basicAuth) { + request.getRequestDispatcher("/basic").forward(request, response); + } else { + request.getRequestDispatcher("/WEB-INF/login.jsp?msg=" + ex.getMessage()).forward(request, response); + } } } + private Credentials getUserCredentials(boolean basicAuth, HttpServletRequest request) { + Credentials credentials; + if (basicAuth) { + String[] creds = new String( + Base64.decodeBase64(request.getHeader(HEADER_AUTHORIZATION).substring("Basic".length())), + Charset.forName("UTF-8") + ).split(":", 2); + credentials = translateUser(creds[0], creds[1]); + } else { + credentials = new Credentials(); + credentials.username = request.getParameter(USERNAME); + credentials.password = request.getParameter(PASSWORD); + credentials.profile = request.getParameter(PROFILE); + } + return credentials; + } + + private Credentials translateUser(String user, String password) { + Credentials credentials = new Credentials(); + credentials.password = password; + int separator = user.lastIndexOf("@"); + if (separator != -1) { + credentials.profile = user.substring(separator + 1); + credentials.username = user.substring(0, separator); + } else { + separator = user.indexOf("\\"); + if (separator != -1) { + credentials.profile = user.substring(0, separator); + credentials.username = user.substring(separator + 1); + } + } + return credentials; + } + + class Credentials { + String username; + String password; + String profile; + } } diff --git a/backend/manager/modules/enginesso/src/main/webapp/WEB-INF/web.xml b/backend/manager/modules/enginesso/src/main/webapp/WEB-INF/web.xml index 56032eb..4c7f27f 100644 --- a/backend/manager/modules/enginesso/src/main/webapp/WEB-INF/web.xml +++ b/backend/manager/modules/enginesso/src/main/webapp/WEB-INF/web.xml @@ -114,6 +114,16 @@ <url-pattern>/sso-redirect</url-pattern> </servlet-mapping> + <servlet> + <servlet-name>BasicAuthServlet</servlet-name> + <servlet-class>org.ovirt.engine.core.sso.servlets.BasicAuthServlet</servlet-class> + </servlet> + + <servlet-mapping> + <servlet-name>BasicAuthServlet</servlet-name> + <url-pattern>/basic</url-pattern> + </servlet-mapping> + <welcome-file-list> <welcome-file>login</welcome-file> </welcome-file-list> -- To view, visit http://gerrit.ovirt.org/37299 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: If09285f0e6cd8909f21aa7e88ae1a3c1a30763c2 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Ravi Nori <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
