Merge pull request #582 from hazendaz/1.8.x

Custom instances of GenericPrincipal in WaffleAuthenticatorBase (#571)
Waffle · Dec 18, 2017 · b03f9a1 · b03f9a1
2 parents 67bab20 + 010d047
commit b03f9a1
Show file tree

Hide file tree

Showing 16 changed files with 243 additions and 70 deletions.
diff --git a/Source/JNA/waffle-tomcat7/src/main/java/waffle/apache/MixedAuthenticator.java b/Source/JNA/waffle-tomcat7/src/main/java/waffle/apache/MixedAuthenticator.java
@@ -16,6 +16,7 @@
 
 import java.io.IOException;
 import java.security.Principal;
+import java.util.Arrays;
 
 import javax.servlet.RequestDispatcher;
 import javax.servlet.ServletContext;
@@ -26,6 +27,7 @@
 import org.apache.catalina.LifecycleException;
 import org.apache.catalina.connector.Request;
 import org.apache.catalina.deploy.LoginConfig;
+import org.apache.catalina.realm.GenericPrincipal;
 import org.slf4j.LoggerFactory;
 
 import waffle.util.AuthorizationHeader;
@@ -254,17 +256,15 @@ private boolean post(final Request request, final HttpServletResponse response)
         try {
             this.log.debug("successfully logged in {} ({})", username, windowsIdentity.getSidString());
 
-            final GenericWindowsPrincipal windowsPrincipal = new GenericWindowsPrincipal(windowsIdentity,
-                    this.principalFormat, this.roleFormat);
-
-            this.log.debug("roles: {}", windowsPrincipal.getRolesString());
+            final GenericPrincipal genericPrincipal = createPrincipal(windowsIdentity);
 
+            this.log.debug("roles: {}", Arrays.toString(genericPrincipal.getRoles()));
             // create a session associated with this request if there's none
             final HttpSession session = request.getSession(true);
             this.log.debug("session id: {}", session == null ? "null" : session.getId());
 
-            this.register(request, response, windowsPrincipal, "FORM", windowsPrincipal.getName(), null);
-            this.log.info("successfully logged in user: {}", windowsPrincipal.getName());
+            this.register(request, response, genericPrincipal, "FORM", genericPrincipal.getName(), null);
+            this.log.info("successfully logged in user: {}", genericPrincipal.getName());
         } finally {
             windowsIdentity.dispose();
         }

diff --git a/Source/JNA/waffle-tomcat7/src/main/java/waffle/apache/NegotiateAuthenticator.java b/Source/JNA/waffle-tomcat7/src/main/java/waffle/apache/NegotiateAuthenticator.java
@@ -16,13 +16,15 @@
 
 import java.io.IOException;
 import java.security.Principal;
+import java.util.Arrays;
 
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
 import org.apache.catalina.LifecycleException;
 import org.apache.catalina.connector.Request;
 import org.apache.catalina.deploy.LoginConfig;
+import org.apache.catalina.realm.GenericPrincipal;
 import org.slf4j.LoggerFactory;
 
 import waffle.util.AuthorizationHeader;
@@ -160,12 +162,11 @@ public boolean authenticate(final Request request, final HttpServletResponse res
             try {
                 this.log.debug("logged in user: {} ({})", windowsIdentity.getFqn(), windowsIdentity.getSidString());
 
-                final GenericWindowsPrincipal windowsPrincipal = new GenericWindowsPrincipal(windowsIdentity,
-                        this.principalFormat, this.roleFormat);
+                final GenericPrincipal genericPrincipal = createPrincipal(windowsIdentity);
 
-                this.log.debug("roles: {}", windowsPrincipal.getRolesString());
+                this.log.debug("roles: {}", Arrays.toString(genericPrincipal.getRoles()));
 
-                principal = windowsPrincipal;
+                principal = genericPrincipal;
 
                 // create a session associated with this request if there's none
                 final HttpSession session = request.getSession(true);

diff --git a/Source/JNA/waffle-tomcat7/src/main/java/waffle/apache/WaffleAuthenticatorBase.java b/Source/JNA/waffle-tomcat7/src/main/java/waffle/apache/WaffleAuthenticatorBase.java
@@ -1,7 +1,7 @@
 /**
  * Waffle (https://github.com/Waffle/waffle)
  *
- * Copyright (c) 2010-2016 Application Security, Inc.
+ * Copyright (c) 2010-2017 Application Security, Inc.
  *
  * All rights reserved. This program and the accompanying materials are made available under the terms of the Eclipse
  * Public License v1.0 which accompanies this distribution, and is available at
@@ -24,6 +24,7 @@
 import org.apache.catalina.LifecycleException;
 import org.apache.catalina.authenticator.AuthenticatorBase;
 import org.apache.catalina.connector.Request;
+import org.apache.catalina.realm.GenericPrincipal;
 import org.slf4j.Logger;
 
 import waffle.windows.auth.IWindowsAuthProvider;
@@ -263,10 +264,9 @@ protected Principal doLogin(final Request request, final String username, final
         }
         try {
             this.log.debug("successfully logged in {} ({})", username, windowsIdentity.getSidString());
-            final GenericWindowsPrincipal windowsPrincipal = new GenericWindowsPrincipal(windowsIdentity,
-                    this.principalFormat, this.roleFormat);
-            this.log.debug("roles: {}", windowsPrincipal.getRolesString());
-            return windowsPrincipal;
+            final GenericPrincipal genericPrincipal = createPrincipal(windowsIdentity);
+            this.log.debug("roles: {}", Arrays.toString(genericPrincipal.getRoles()));
+            return genericPrincipal;
         } finally {
             windowsIdentity.dispose();
         }
@@ -284,4 +284,14 @@ protected synchronized void startInternal() throws LifecycleException {
         super.startInternal();
     }
 
+    /**
+     * This method will create an instance of a IWindowsIdentity based GenericPrincipal.
+     * It is used for creating custom implementation within subclasses.
+     * @param windowsIdentity the windows identity to initialize the principal
+     * @return the Generic Principal
+     */
+    protected GenericPrincipal createPrincipal(final IWindowsIdentity windowsIdentity) {
+        return new GenericWindowsPrincipal(windowsIdentity, this.principalFormat, this.roleFormat);
+    }
+
 }
diff --git a/Source/JNA/waffle-tomcat7/src/test/java/waffle/apache/MixedAuthenticatorTests.java b/Source/JNA/waffle-tomcat7/src/test/java/waffle/apache/MixedAuthenticatorTests.java
@@ -15,6 +15,9 @@
 import com.sun.jna.platform.win32.Sspi;
 import com.sun.jna.platform.win32.Sspi.SecBufferDesc;
 
+import java.io.IOException;
+import java.util.ArrayList;
+
 import javax.servlet.ServletException;
 
 import mockit.Expectations;
@@ -24,6 +27,7 @@
 import org.apache.catalina.Engine;
 import org.apache.catalina.LifecycleException;
 import org.apache.catalina.deploy.LoginConfig;
+import org.apache.catalina.realm.GenericPrincipal;
 import org.assertj.core.api.Assertions;
 import org.junit.After;
 import org.junit.Assert;
@@ -363,4 +367,34 @@ public void testSecurityCheckQueryString() {
         final SimpleHttpResponse response = new SimpleHttpResponse();
         Assert.assertTrue(this.authenticator.authenticate(request, response, loginConfig));
     }
+
+    @Test
+    public void testCustomPrincipal() throws LifecycleException, IOException {
+        final GenericPrincipal genericPrincipal = new GenericPrincipal("my-principal", "my-password",
+                new ArrayList<String>());
+        final MixedAuthenticator customAuthenticator = new MixedAuthenticator() {
+            @Override
+            protected GenericPrincipal createPrincipal(IWindowsIdentity windowsIdentity) {
+                return genericPrincipal;
+            }
+        };
+        try {
+            customAuthenticator.setContainer(this.context);
+            customAuthenticator.setAlwaysUseSession(true);
+            customAuthenticator.start();
+
+            customAuthenticator.setAuth(new MockWindowsAuthProvider());
+            final SimpleHttpRequest request = new SimpleHttpRequest();
+            request.addParameter("j_security_check", "");
+            request.addParameter("j_username", WindowsAccountImpl.getCurrentUsername());
+            request.addParameter("j_password", "");
+            final SimpleHttpResponse response = new SimpleHttpResponse();
+            Assert.assertTrue(customAuthenticator.authenticate(request, response));
+
+            Assert.assertEquals(genericPrincipal, request.getUserPrincipal());
+        } finally {
+            customAuthenticator.stop();
+        }
+
+    }
 }
diff --git a/Source/JNA/waffle-tomcat8/src/main/java/waffle/apache/MixedAuthenticator.java b/Source/JNA/waffle-tomcat8/src/main/java/waffle/apache/MixedAuthenticator.java
@@ -16,6 +16,7 @@
 
 import java.io.IOException;
 import java.security.Principal;
+import java.util.Arrays;
 
 import javax.servlet.RequestDispatcher;
 import javax.servlet.ServletContext;
@@ -25,6 +26,7 @@
 
 import org.apache.catalina.LifecycleException;
 import org.apache.catalina.connector.Request;
+import org.apache.catalina.realm.GenericPrincipal;
 import org.apache.tomcat.util.descriptor.web.LoginConfig;
 import org.slf4j.LoggerFactory;
 
@@ -255,17 +257,15 @@ private boolean post(final Request request, final HttpServletResponse response)
         try {
             this.log.debug("successfully logged in {} ({})", username, windowsIdentity.getSidString());
 
-            final GenericWindowsPrincipal windowsPrincipal = new GenericWindowsPrincipal(windowsIdentity,
-                    this.principalFormat, this.roleFormat);
-
-            this.log.debug("roles: {}", windowsPrincipal.getRolesString());
+            final GenericPrincipal genericPrincipal = createPrincipal(windowsIdentity);
 
+            this.log.debug("roles: {}", Arrays.toString(genericPrincipal.getRoles()));
             // create a session associated with this request if there's none
             final HttpSession session = request.getSession(true);
             this.log.debug("session id: {}", session == null ? "null" : session.getId());
 
-            this.register(request, response, windowsPrincipal, "FORM", windowsPrincipal.getName(), null);
-            this.log.info("successfully logged in user: {}", windowsPrincipal.getName());
+            this.register(request, response, genericPrincipal, "FORM", genericPrincipal.getName(), null);
+            this.log.info("successfully logged in user: {}", genericPrincipal.getName());
         } finally {
             windowsIdentity.dispose();
         }

diff --git a/Source/JNA/waffle-tomcat8/src/main/java/waffle/apache/NegotiateAuthenticator.java b/Source/JNA/waffle-tomcat8/src/main/java/waffle/apache/NegotiateAuthenticator.java
@@ -16,12 +16,14 @@
 
 import java.io.IOException;
 import java.security.Principal;
+import java.util.Arrays;
 
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
 import org.apache.catalina.LifecycleException;
 import org.apache.catalina.connector.Request;
+import org.apache.catalina.realm.GenericPrincipal;
 import org.slf4j.LoggerFactory;
 
 import waffle.util.AuthorizationHeader;
@@ -158,12 +160,11 @@ public boolean authenticate(final Request request, final HttpServletResponse res
             try {
                 this.log.debug("logged in user: {} ({})", windowsIdentity.getFqn(), windowsIdentity.getSidString());
 
-                final GenericWindowsPrincipal windowsPrincipal = new GenericWindowsPrincipal(windowsIdentity,
-                        this.principalFormat, this.roleFormat);
+                final GenericPrincipal genericPrincipal = createPrincipal(windowsIdentity);
 
-                this.log.debug("roles: {}", windowsPrincipal.getRolesString());
+                this.log.debug("roles: {}", Arrays.toString(genericPrincipal.getRoles()));
 
-                principal = windowsPrincipal;
+                principal = genericPrincipal;
 
                 // create a session associated with this request if there's none
                 final HttpSession session = request.getSession(true);

diff --git a/Source/JNA/waffle-tomcat8/src/main/java/waffle/apache/WaffleAuthenticatorBase.java b/Source/JNA/waffle-tomcat8/src/main/java/waffle/apache/WaffleAuthenticatorBase.java
@@ -1,7 +1,7 @@
 /**
  * Waffle (https://github.com/Waffle/waffle)
  *
- * Copyright (c) 2010-2016 Application Security, Inc.
+ * Copyright (c) 2010-2017 Application Security, Inc.
  *
  * All rights reserved. This program and the accompanying materials are made available under the terms of the Eclipse
  * Public License v1.0 which accompanies this distribution, and is available at
@@ -24,6 +24,7 @@
 import org.apache.catalina.LifecycleException;
 import org.apache.catalina.authenticator.AuthenticatorBase;
 import org.apache.catalina.connector.Request;
+import org.apache.catalina.realm.GenericPrincipal;
 import org.slf4j.Logger;
 
 import waffle.windows.auth.IWindowsAuthProvider;
@@ -262,10 +263,9 @@ protected Principal doLogin(final Request request, final String username, final
         }
         try {
             this.log.debug("successfully logged in {} ({})", username, windowsIdentity.getSidString());
-            final GenericWindowsPrincipal windowsPrincipal = new GenericWindowsPrincipal(windowsIdentity,
-                    this.principalFormat, this.roleFormat);
-            this.log.debug("roles: {}", windowsPrincipal.getRolesString());
-            return windowsPrincipal;
+            final GenericPrincipal genericPrincipal = createPrincipal(windowsIdentity);
+            this.log.debug("roles: {}", Arrays.toString(genericPrincipal.getRoles()));
+            return genericPrincipal;
         } finally {
             windowsIdentity.dispose();
         }
@@ -282,4 +282,15 @@ protected synchronized void startInternal() throws LifecycleException {
         this.auth = new WindowsAuthProviderImpl(this.continueContextsTimeout);
         super.startInternal();
     }
+
+    /**
+     * This method will create an instance of a IWindowsIdentity based GenericPrincipal.
+     * It is used for creating custom implementation within subclasses.
+     * @param windowsIdentity the windows identity to initialize the principal
+     * @return the Generic Principal
+     */
+    protected GenericPrincipal createPrincipal(final IWindowsIdentity windowsIdentity) {
+        return new GenericWindowsPrincipal(windowsIdentity, this.principalFormat, this.roleFormat);
+    }
+
 }
diff --git a/Source/JNA/waffle-tomcat8/src/test/java/waffle/apache/MixedAuthenticatorTests.java b/Source/JNA/waffle-tomcat8/src/test/java/waffle/apache/MixedAuthenticatorTests.java
@@ -15,6 +15,8 @@
 import com.sun.jna.platform.win32.Sspi;
 import com.sun.jna.platform.win32.Sspi.SecBufferDesc;
 
+import java.util.ArrayList;
+
 import javax.servlet.ServletException;
 
 import mockit.Expectations;
@@ -23,6 +25,7 @@
 import org.apache.catalina.Context;
 import org.apache.catalina.Engine;
 import org.apache.catalina.LifecycleException;
+import org.apache.catalina.realm.GenericPrincipal;
 import org.assertj.core.api.Assertions;
 import org.junit.After;
 import org.junit.Assert;
@@ -348,4 +351,34 @@ public void testSecurityCheckQueryString() {
         final SimpleHttpResponse response = new SimpleHttpResponse();
         Assert.assertTrue(this.authenticator.authenticate(request, response));
     }
+
+    @Test
+    public void testCustomPrincipal() throws LifecycleException {
+        final GenericPrincipal genericPrincipal = new GenericPrincipal("my-principal", "my-password",
+                new ArrayList<String>());
+        final MixedAuthenticator customAuthenticator = new MixedAuthenticator() {
+            @Override
+            protected GenericPrincipal createPrincipal(IWindowsIdentity windowsIdentity) {
+                return genericPrincipal;
+            }
+        };
+        try {
+            customAuthenticator.setContainer(this.context);
+            customAuthenticator.setAlwaysUseSession(true);
+            customAuthenticator.start();
+
+            customAuthenticator.setAuth(new MockWindowsAuthProvider());
+            final SimpleHttpRequest request = new SimpleHttpRequest();
+            request.addParameter("j_security_check", "");
+            request.addParameter("j_username", WindowsAccountImpl.getCurrentUsername());
+            request.addParameter("j_password", "");
+            final SimpleHttpResponse response = new SimpleHttpResponse();
+            Assert.assertTrue(customAuthenticator.authenticate(request, response));
+
+            Assert.assertEquals(genericPrincipal, request.getUserPrincipal());
+        } finally {
+            customAuthenticator.stop();
+        }
+
+    }
 }
diff --git a/Source/JNA/waffle-tomcat85/src/main/java/waffle/apache/MixedAuthenticator.java b/Source/JNA/waffle-tomcat85/src/main/java/waffle/apache/MixedAuthenticator.java
@@ -16,6 +16,7 @@
 
 import java.io.IOException;
 import java.security.Principal;
+import java.util.Arrays;
 
 import javax.servlet.RequestDispatcher;
 import javax.servlet.ServletContext;
@@ -25,6 +26,7 @@
 
 import org.apache.catalina.LifecycleException;
 import org.apache.catalina.connector.Request;
+import org.apache.catalina.realm.GenericPrincipal;
 import org.apache.tomcat.util.descriptor.web.LoginConfig;
 import org.slf4j.LoggerFactory;
 
@@ -202,17 +204,16 @@ private boolean negotiate(final Request request, final HttpServletResponse respo
 
             this.log.debug("logged in user: {} ({})", windowsIdentity.getFqn(), windowsIdentity.getSidString());
 
-            final GenericWindowsPrincipal windowsPrincipal = new GenericWindowsPrincipal(windowsIdentity,
-                    this.principalFormat, this.roleFormat);
+            final GenericPrincipal genericPrincipal = createPrincipal(windowsIdentity);
 
-            this.log.debug("roles: {}", windowsPrincipal.getRolesString());
+            this.log.debug("roles: {}", Arrays.toString(genericPrincipal.getRoles()));
 
             // create a session associated with this request if there's none
             final HttpSession session = request.getSession(true);
             this.log.debug("session id: {}", session == null ? "null" : session.getId());
 
-            this.register(request, response, windowsPrincipal, securityPackage, windowsPrincipal.getName(), null);
-            this.log.info("successfully logged in user: {}", windowsPrincipal.getName());
+            this.register(request, response, genericPrincipal, securityPackage, genericPrincipal.getName(), null);
+            this.log.info("successfully logged in user: {}", genericPrincipal.getName());
 
         } finally {
             windowsIdentity.dispose();
@@ -255,17 +256,15 @@ private boolean post(final Request request, final HttpServletResponse response)
         try {
             this.log.debug("successfully logged in {} ({})", username, windowsIdentity.getSidString());
 
-            final GenericWindowsPrincipal windowsPrincipal = new GenericWindowsPrincipal(windowsIdentity,
-                    this.principalFormat, this.roleFormat);
-
-            this.log.debug("roles: {}", windowsPrincipal.getRolesString());
+            final GenericPrincipal genericPrincipal = createPrincipal(windowsIdentity);
 
+            this.log.debug("roles: {}", Arrays.toString(genericPrincipal.getRoles()));
             // create a session associated with this request if there's none
             final HttpSession session = request.getSession(true);
             this.log.debug("session id: {}", session == null ? "null" : session.getId());
 
-            this.register(request, response, windowsPrincipal, "FORM", windowsPrincipal.getName(), null);
-            this.log.info("successfully logged in user: {}", windowsPrincipal.getName());
+            this.register(request, response, genericPrincipal, "FORM", genericPrincipal.getName(), null);
+            this.log.info("successfully logged in user: {}", genericPrincipal.getName());
         } finally {
             windowsIdentity.dispose();
         }