Merge branch 'master' of https://github.com/Evolveum/midpoint

Evolveum · Apr 2, 2017 · 425a268 · 425a268
2 parents 767e677 + e4cc09a
commit 425a268
Show file tree

Hide file tree

Showing 4 changed files with 76 additions and 49 deletions.
diff --git a/...ain/java/com/evolveum/midpoint/model/impl/security/MidpointRestAuthenticationHandler.java b/...ain/java/com/evolveum/midpoint/model/impl/security/MidpointRestAuthenticationHandler.java
@@ -32,6 +32,8 @@
 import org.apache.cxf.message.Message;
 import org.springframework.beans.factory.annotation.Autowired;
 
+import com.evolveum.midpoint.model.impl.util.RestServiceUtil;
+
 /**
  * @author Katka Valalikova
  * @author Radovan Semancik
@@ -40,31 +42,6 @@ public class MidpointRestAuthenticationHandler implements ContainerRequestFilter
 
 //	private static final Trace LOGGER = TraceManager.getTrace(MidpointRestAuthenticationHandler.class);
 
-	private enum AuthenticationType {
-		BASIC("Basic"), SECURITY_QUESTIONS("SecQ");
-
-		private String authenticationType;
-
-		private AuthenticationType(String authneticationType) {
-			this.authenticationType = authneticationType;
-		}
-
-		protected boolean equals(String authenticationType) {
-			if (StringUtils.isBlank(authenticationType)) {
-				return false;
-			}
-
-			if (getAuthenticationType().equals(authenticationType)) {
-				return true;
-			}
-			return false;
-		}
-
-		protected String getAuthenticationType() {
-			return authenticationType;
-		}
-	}
-
 	@Autowired(required=true)
 	private MidpointRestPasswordAuthenticator passwordAuthenticator;
 
@@ -90,36 +67,36 @@ public void filter(ContainerRequestContext requestCtx) throws IOException {
 		String authorization = requestCtx.getHeaderString("Authorization");
 
 		if (StringUtils.isBlank(authorization)){
-			createAbortMessage(requestCtx);
+			RestServiceUtil.createAbortMessage(requestCtx);
 			return;
 		}
 
 		String[] parts = authorization.split(" ");
 		String authenticationType = parts[0];
 
 		if (parts.length == 1) {
-			if (AuthenticationType.SECURITY_QUESTIONS.equals(authenticationType)) {
-				createAbortMessage(requestCtx);
+			if (RestAuthenticationMethod.SECURITY_QUESTIONS.equals(authenticationType)) {
+				RestServiceUtil.createAbortMessage(requestCtx);
 				return;
 			}
 		}
 
-		if (parts.length != 2 || (!"SecQ".equals(authenticationType))) {
-			createAbortMessage(requestCtx);
+		if (parts.length != 2 || (!RestAuthenticationMethod.SECURITY_QUESTIONS.equals(authenticationType))) {
+			RestServiceUtil.createAbortMessage(requestCtx);
 			return;
 		}
 		String base64Credentials = (parts.length == 2) ? parts[1] : null;
 		try {
 			String decodedCredentials = new String(Base64Utility.decode(base64Credentials));
-			if ("SecQ".equals(authenticationType)) {
+			if (RestAuthenticationMethod.SECURITY_QUESTIONS.equals(authenticationType)) {
 
 				policy = new AuthorizationPolicy();
-				policy.setAuthorizationType("SecQ");
+				policy.setAuthorizationType(RestAuthenticationMethod.SECURITY_QUESTIONS.getMethod());
 				policy.setAuthorization(decodedCredentials);
 			}
 			securityQuestionAuthenticator.handleRequest(policy, m, requestCtx);
 		} catch (Base64Exception e) {
-			createAbortMessage(requestCtx);
+			RestServiceUtil.createAbortMessage(requestCtx);
 			return;
 
 		}
@@ -128,10 +105,10 @@ public void filter(ContainerRequestContext requestCtx) throws IOException {
 
 
 
-	private void createAbortMessage(ContainerRequestContext requestCtx){
-		requestCtx.abortWith(Response.status(Status.UNAUTHORIZED)
-				.header("WWW-Authenticate", AuthenticationType.BASIC.getAuthenticationType() + ", " + AuthenticationType.SECURITY_QUESTIONS.getAuthenticationType()).build());
-	}
-
+//	protected void createAbortMessage(ContainerRequestContext requestCtx){
+//		requestCtx.abortWith(Response.status(Status.UNAUTHORIZED)
+//				.header("WWW-Authenticate", AuthenticationType.BASIC.getAuthenticationType() + " realm=\"midpoint\", " + AuthenticationType.SECURITY_QUESTIONS.getAuthenticationType()).build());
+//	}
+//	
 
 }
diff --git a/...pl/src/main/java/com/evolveum/midpoint/model/impl/security/MidpointRestAuthenticator.java b/...pl/src/main/java/com/evolveum/midpoint/model/impl/security/MidpointRestAuthenticator.java
@@ -67,7 +67,7 @@ public abstract class MidpointRestAuthenticator<T extends AbstractAuthentication
 	 public void handleRequest(AuthorizationPolicy policy, Message m, ContainerRequestContext requestCtx) {
 
 	    	if (policy == null){
-	        	requestCtx.abortWith(Response.status(Status.UNAUTHORIZED).header("WWW-Authenticate", "Basic, SecQ").build());
+	    		RestServiceUtil.createAbortMessage(requestCtx);
 	        	return;
 	        }
 
@@ -76,14 +76,14 @@ public void handleRequest(AuthorizationPolicy policy, Message m, ContainerReques
 			try {
 				authenticationContext = createAuthenticationContext(policy);
 			} catch (IOException e1) {
-				requestCtx.abortWith(Response.status(Status.UNAUTHORIZED).header("WWW-Authenticate", "Basic, SecQ").build());
+				RestServiceUtil.createAbortMessage(requestCtx);
 				return;
 			}	
 
 	        String enteredUsername = authenticationContext.getUsername();
 
 	        if (enteredUsername == null){
-	        	requestCtx.abortWith(Response.status(Status.UNAUTHORIZED).header("WWW-Authenticate", "Basic, SecQ").build());
+	        	RestServiceUtil.createAbortMessage(requestCtx);
 	        	return;
 	        }
 

diff --git a/...mpl/src/main/java/com/evolveum/midpoint/model/impl/security/RestAuthenticationMethod.java b/...mpl/src/main/java/com/evolveum/midpoint/model/impl/security/RestAuthenticationMethod.java
@@ -0,0 +1,30 @@
+package com.evolveum.midpoint.model.impl.security;
+
+import org.apache.commons.lang.StringUtils;
+
+public enum RestAuthenticationMethod {
+
+	BASIC("Basic"),
+	SECURITY_QUESTIONS("SecQ");
+
+	private String method;
+
+	private RestAuthenticationMethod(String method) {
+		this.method = method;
+	}
+
+	public String getMethod() {
+		return method;
+	}
+
+	protected boolean equals(String authenticationType) {
+		if (StringUtils.isBlank(authenticationType)) {
+			return false;
+		}
+
+		if (getMethod().equals(authenticationType)) {
+			return true;
+		}
+		return false;
+	}
+}
diff --git a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/util/RestServiceUtil.java b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/util/RestServiceUtil.java
@@ -16,23 +16,38 @@
 
 package com.evolveum.midpoint.model.impl.util;
 
+import java.util.List;
+
+import javax.ws.rs.container.ContainerRequestContext;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.Response.Status;
+import javax.ws.rs.core.UriInfo;
+
+import org.apache.cxf.jaxrs.ext.MessageContext;
+
 import com.evolveum.midpoint.model.api.ModelExecuteOptions;
+import com.evolveum.midpoint.model.impl.security.RestAuthenticationMethod;
 import com.evolveum.midpoint.model.impl.security.SecurityHelper;
 import com.evolveum.midpoint.schema.constants.SchemaConstants;
 import com.evolveum.midpoint.schema.result.OperationResult;
 import com.evolveum.midpoint.schema.result.OperationResultStatus;
 import com.evolveum.midpoint.security.api.ConnectionEnvironment;
 import com.evolveum.midpoint.task.api.Task;
-import com.evolveum.midpoint.util.exception.*;
+import com.evolveum.midpoint.util.exception.AuthorizationException;
+import com.evolveum.midpoint.util.exception.CommunicationException;
+import com.evolveum.midpoint.util.exception.ConcurrencyException;
+import com.evolveum.midpoint.util.exception.ConfigurationException;
+import com.evolveum.midpoint.util.exception.ConsistencyViolationException;
+import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
+import com.evolveum.midpoint.util.exception.NoFocusNameSchemaException;
+import com.evolveum.midpoint.util.exception.ObjectAlreadyExistsException;
+import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
+import com.evolveum.midpoint.util.exception.PolicyViolationException;
+import com.evolveum.midpoint.util.exception.SchemaException;
+import com.evolveum.midpoint.util.exception.SecurityViolationException;
+import com.evolveum.midpoint.util.exception.TunnelException;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.OperationResultType;
 
-import org.apache.cxf.jaxrs.ext.MessageContext;
-
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.Response;
-import javax.ws.rs.core.UriInfo;
-import java.util.List;
-
 /**
  * @author mederly (only copied existing code)
  */
@@ -113,4 +128,9 @@ public static Response.ResponseBuilder createResultHeaders(Response.ResponseBuil
 				.header(OPERATION_RESULT_STATUS, OperationResultStatus.createStatusType(result.getStatus()).value())
 				.header(OPERATION_RESULT_MESSAGE, result.getMessage());
 	}
+
+	public static void createAbortMessage(ContainerRequestContext requestCtx){
+		requestCtx.abortWith(Response.status(Status.UNAUTHORIZED)
+				.header("WWW-Authenticate", RestAuthenticationMethod.BASIC.getMethod() + " realm=\"midpoint\", " + RestAuthenticationMethod.SECURITY_QUESTIONS.getMethod()).build());
+	}
 }