[Yanel-commits] rev 45139 - public/yanel/trunk/src/webapp/src/java/org/wyona/yanel/servlet/security/impl

guillaume at wyona.com guillaume at wyona.com
Wed Oct 21 16:35:15 CEST 2009 

Author: guillaume
Date: 2009-10-21 16:35:14 +0200 (Wed, 21 Oct 2009)
New Revision: 45139

Modified:
   public/yanel/trunk/src/webapp/src/java/org/wyona/yanel/servlet/security/impl/DefaultWebAuthenticatorImpl.java
Log:
Some harmless refactorings to help factoring out Neutron-Auth.
Issue: 4964


Modified: public/yanel/trunk/src/webapp/src/java/org/wyona/yanel/servlet/security/impl/DefaultWebAuthenticatorImpl.java
===================================================================
--- public/yanel/trunk/src/webapp/src/java/org/wyona/yanel/servlet/security/impl/DefaultWebAuthenticatorImpl.java	2009-10-21 14:11:27 UTC (rev 45138)
+++ public/yanel/trunk/src/webapp/src/java/org/wyona/yanel/servlet/security/impl/DefaultWebAuthenticatorImpl.java	2009-10-21 14:35:14 UTC (rev 45139)
@@ -49,9 +49,6 @@
 import org.openid4java.message.AuthRequest;
 import org.openid4java.message.ParameterList;
 
-/**
- *
- */
 public class DefaultWebAuthenticatorImpl implements WebAuthenticator {
 
     private static Category log = Category.getInstance(DefaultWebAuthenticatorImpl.class);
@@ -65,9 +62,6 @@
     private ConsumerManager manager;
     private boolean allowOpenIdUserCreation;
 
-    /**
-     *
-     */
     public void init(org.w3c.dom.Document configuration, javax.xml.transform.URIResolver resolver) throws Exception {
         // TODO: commented because there is a problem with this line 
         //manager = new ConsumerManager();
@@ -171,15 +165,28 @@
             } else {
                 if (log.isDebugEnabled()) log.debug("No form based authentication request.");
             }
-
-
-
-
             // Check for Neutron-Auth based authentication
             String yanelUsecase = request.getParameter("yanel.usecase");
             if(yanelUsecase != null && yanelUsecase.equals("neutron-auth")) {
                 log.debug("Neutron Authentication ...");
 
+                return handleNeutronAuthAuthenticationRequest(request, response, map, reservedPrefix, xsltLoginScreenDefault, servletContextRealPath, sslPort);
+            }
+            if (log.isDebugEnabled()) log.debug("No Neutron based authentication request.");
+
+            return getUnauthenticatedResponse(request, response, map, reservedPrefix, xsltLoginScreenDefault, servletContextRealPath, sslPort);
+        } catch (Exception e) {
+            log.error(e.getMessage(), e);
+            throw new ServletException(e.getMessage(), e);
+        }
+    }
+
+    /**
+     * @see org.wyona.yanel.core.api.security.WebAuthenticator#doAuthenticate(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, org.wyona.yanel.core.map.Map, java.lang.String, java.lang.String, java.lang.String, java.lang.String)
+     */
+    private static HttpServletResponse handleNeutronAuthAuthenticationRequest(HttpServletRequest request, HttpServletResponse response, Map map, String reservedPrefix, String xsltLoginScreenDefault, String servletContextRealPath, String sslPort) throws Exception {
+        Realm realm = map.getRealm(request.getServletPath());
+        HttpSession session = request.getSession(true);
                 String username = null;
                 String password = null;
                 String originalRequest = null;
@@ -302,15 +309,9 @@
                 PrintWriter writer = response.getWriter();
                 writer.print(sb);
                 return response;
-            }
-            if (log.isDebugEnabled()) log.debug("No Neutron based authentication request.");
+    }
 
-
-            log.warn("No credentials specified yet!");
-
-
-            // Check if this is a neutron request, a Sunbird/Calendar request or just a common GET request
-            // Also see e-mail about recognizing a WebDAV request: http://lists.w3.org/Archives/Public/w3c-dist-auth/2006AprJun/0064.html
+    private static boolean challengeUsingNeutronAuth(HttpServletRequest request, HttpServletResponse response, Realm realm, String sslPort) throws Exception {
             String neutronVersions = request.getHeader("Neutron");
             String clientSupportedAuthScheme = request.getHeader("WWW-Authenticate");
             
@@ -323,11 +324,11 @@
                 StringBuilder sb = new StringBuilder("");
                 sb.append("<?xml version=\"1.0\"?>");
                 sb.append("<exception xmlns=\"http://www.wyona.org/neutron/1.0\" type=\"authorization\">");
-                sb.append("<message>Authorization denied: " + getRequestURLQS(request, null, true, map) + "</message>");
+                sb.append("<message>Authorization denied: " + getRequestPatchedURL(request, null, true, realm) + "</message>");
                 sb.append("<authentication>");
-                sb.append("<original-request url=\"" + getRequestURLQS(request, null, true, map) + "\"/>");
+                sb.append("<original-request url=\"" + getRequestPatchedURL(request, null, true, realm) + "\"/>");
                 //TODO: Also support https ...
-                sb.append("<login url=\"" + getRequestURLQS(request, "yanel.usecase=neutron-auth", true, map) + "\" method=\"POST\">");
+                sb.append("<login url=\"" + getRequestPatchedURL(request, "yanel.usecase=neutron-auth", true, realm) + "\" method=\"POST\">");
                 sb.append("<form>");
                 sb.append("<message>Enter username and password for \"" + realm.getName() + "\" at \"" + realm.getMountPoint() + "\"</message>");
                 sb.append("<param description=\"Username\" name=\"username\"/>");
@@ -335,7 +336,7 @@
                 sb.append("</form>");
                 sb.append("</login>");
                 // NOTE: Needs to be a full URL, because user might switch the server ...
-                sb.append("<logout url=\"" + getRequestURLQS(request, "yanel.usecase=logout", true, map) + "\" realm=\"" + realm.getName() + "\"/>");
+                sb.append("<logout url=\"" + getRequestPatchedURL(request, "yanel.usecase=logout", true, realm) + "\" realm=\"" + realm.getName() + "\"/>");
                 sb.append("</authentication>");
                 sb.append("</exception>");
 
@@ -345,6 +346,17 @@
                 response.setHeader("WWW-Authenticate", "NEUTRON-AUTH");
                 PrintWriter w = response.getWriter();
                 w.print(sb);
+            return true;
+        }
+        return false;
+    }
+            
+    private HttpServletResponse getUnauthenticatedResponse(HttpServletRequest request, HttpServletResponse response, Map map, String reservedPrefix, String xsltLoginScreenDefault, String servletContextRealPath, String sslPort) throws Exception {
+        Realm realm = map.getRealm(request.getServletPath());
+            log.warn("No credentials specified yet!");
+            // Check if this is a neutron request, a Sunbird/Calendar request or just a common GET request
+            // Also see e-mail about recognizing a WebDAV request: http://lists.w3.org/Archives/Public/w3c-dist-auth/2006AprJun/0064.html
+            if (challengeUsingNeutronAuth(request, response, realm, sslPort)) {
             } else if (request.getRequestURI().endsWith(".ics")) {
                 log.warn("Somebody seems to ask for a Calendar (ICS) ...");
                 response.setHeader("WWW-Authenticate", "BASIC realm=\"" + realm.getName() + "\"");
@@ -358,10 +370,6 @@
             if (log.isDebugEnabled()) log.debug("TODO: Was this authentication request really necessary!");
             return null;
 */
-        } catch (Exception e) {
-            log.error(e.getMessage(), e);
-            throw new ServletException(e.getMessage(), e);
-        }
     }
 
     /**
@@ -455,23 +463,36 @@
     /**
      * Patch request with proxy settings re realm configuration
      */
-    private String getRequestURLQS(HttpServletRequest request, String addQS, boolean xml, Map map) {
+    private static String getRequestURLQS(HttpServletRequest request, String addQS, boolean xml, Map map) {
         try {
             Realm realm = map.getRealm(request.getServletPath());
     
             // TODO: Handle this exception more gracefully!
             if (realm == null) log.error("No realm found for path " +request.getServletPath());
+            return getRequestPatchedURL(request, addQS, xml, realm);
+        } catch (Exception e) {
+            log.error(e);
+            return null;
+        }
+    }
 
+    /**
+     * XXX REFACTORME: Once the proxy settings exist independently from the Realm API, we should
+     *  extract this method and use a "proxy settings object" as parameter instead of a Realm.
+     */
+    private static String getRequestPatchedURL(HttpServletRequest request, String addQS, boolean xml, Realm realm) {
             String proxyHostName = realm.getProxyHostName();
             int proxyPort = realm.getProxyPort();
             String proxyPrefix = realm.getProxyPrefix();
-    
+        boolean isProxySet = realm.isProxySet();
+
+        try {
             URL url = null;
         
             url = new URL(request.getRequestURL().toString());
 
             //if(proxyHostName != null || proxyPort >= null || proxyPrefix != null) {
-            if(realm.isProxySet()) {
+            if(isProxySet) {
                 if (proxyHostName != null) {
                     url = new URL(url.getProtocol(), proxyHostName, url.getPort(), url.getFile());
                 }
@@ -588,7 +609,7 @@
     /**
      * Handle "remember my login"
      */
-    private boolean doRememberMyLoginName(HttpServletRequest request, HttpServletResponse response, String loginUsername, String openID) {
+    private static boolean doRememberMyLoginName(HttpServletRequest request, HttpServletResponse response, String loginUsername, String openID) {
         boolean rememberMyLoginName = false;
         if (request.getParameter("remember-my-login-name") != null) {
             log.error("DEBUG:Remember my login name: " + loginUsername + "," + openID);

More information about the Yanel-commits mailing list