Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sac2 #6037

Closed
wants to merge 8 commits into from
Closed

sac2 #6037

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
7999b34
LPS-27888 Initial work
topolik Jul 11, 2012
bd1404c
LPS-27888 Authentication layer based on request verification pipeline
topolik Jun 14, 2012
6c6d14d
LPS-27634 Securing servlets
topolik Jul 11, 2012
dbc888d
LPS-27949 Hook support for API services verification pipeline
topolik Jun 20, 2012
a2466f7
LPS-27967 Service verification layer: support for plugins - remoting-…
topolik Jun 20, 2012
37a6cf7
LPS-28052 Removing /secure/ contexts from /api
topolik Jun 20, 2012
c7963b2
LPS-27633 Digest verification
topolik Jun 20, 2012
9200748
LPS-26803 Source formatting
rotty3000 Jul 11, 2012
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
8 changes: 7 additions & 1 deletion portal-impl/src/META-INF/base-spring.xml
View file
Open in desktop
Expand Up @@ -16,7 +16,13 @@
<property name="dataSource" ref="liferayDataSource" />
<property name="sessionFactory" ref="liferaySessionFactory" />
</bean>
<bean id="serviceAdvice" class="com.liferay.portal.security.pacl.PACLAdvice">
<bean id="serviceAdvice" class="com.liferay.portal.security.sac.SACAdvice">
<property name="nextMethodInterceptor" ref="paclAdvice" />
<property name="serviceAccessControlManager">
<bean class="com.liferay.portal.security.sac.ServiceAccessControlManagerImpl" />
</property>
</bean>
<bean id="paclAdvice" class="com.liferay.portal.security.pacl.PACLAdvice">
<property name="nextMethodInterceptor" ref="asyncAdvice" />
</bean>
<bean id="asyncAdvice" class="com.liferay.portal.messaging.async.AsyncAdvice">
Expand Down
25 changes: 0 additions & 25 deletions portal-impl/src/com/liferay/portal/action/JSONServiceAction.java
View file
Open in desktop
Expand Up @@ -31,7 +31,6 @@
import com.liferay.portal.kernel.util.StringPool;
import com.liferay.portal.kernel.util.StringUtil;
import com.liferay.portal.kernel.util.Validator;
import com.liferay.portal.security.auth.PrincipalException;
import com.liferay.portal.security.pacl.PACLClassLoaderUtil;
import com.liferay.portal.service.ServiceContext;
import com.liferay.portal.service.ServiceContextUtil;
Expand All @@ -52,8 +51,6 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import jodd.util.Wildcard;

import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionMapping;

Expand Down Expand Up @@ -85,9 +82,6 @@ public String getJSON(
String className = ParamUtil.getString(request, "serviceClassName");
String methodName = ParamUtil.getString(request, "serviceMethodName");

checkMethodGuestAccess(
request, methodName, PropsValues.JSON_SERVICE_PUBLIC_METHODS);

String[] serviceParameters = getStringArrayFromJSON(
request, "serviceParameters");
String[] serviceParameterTypes = getStringArrayFromJSON(
Expand Down Expand Up @@ -147,25 +141,6 @@ public String getJSON(
return null;
}

protected void checkMethodGuestAccess(
HttpServletRequest request, String methodName,
String[] publicMethods)
throws PrincipalException {

if ((methodName != null) && (publicMethods.length > 0)) {
if (Wildcard.matchOne(methodName, publicMethods) != -1) {
return;
}
}

String remoteUser = request.getRemoteUser();

if (remoteUser == null) {
throw new PrincipalException(
"Please sign in to invoke this method");
}
}

protected Object getArgValue(
HttpServletRequest request, Class<?> clazz, String methodName,
String parameter, Type parameterType)
Expand Down
28 changes: 14 additions & 14 deletions portal-impl/src/com/liferay/portal/atom/AtomProvider.java
View file
Open in desktop
Expand Up @@ -93,22 +93,18 @@ private void _initTargetBuilder() {
private void _initTargetResolver() {
RegexTargetResolver targetResolver = new RegexTargetResolver();

for (String base : _BASES) {
targetResolver.setPattern(
base + "?(\\?[^#]*)?", TargetType.TYPE_SERVICE);
targetResolver.setPattern(_SERVICE_PATTERN, TargetType.TYPE_SERVICE);

targetResolver.setPattern(
base + "/([^/#?;]+)(\\?[^#]*)?", TargetType.TYPE_COLLECTION,
"collection");
targetResolver.setPattern(
_COLLECTION_PATTERN, TargetType.TYPE_COLLECTION, "collection");

targetResolver.setPattern(
base + "/([^/#?]+)/([^/#?:]+)(\\?[^#]*)?",
TargetType.TYPE_ENTRY, "collection", "entry");
targetResolver.setPattern(
_COLLECTION_ENTRY_PATTERN, TargetType.TYPE_ENTRY, "collection",
"entry");

targetResolver.setPattern(
base + "/([^/#?]+)/([^/#?]+):media(\\?[^#]*)?",
TargetType.TYPE_MEDIA, "collection", "media");
}
targetResolver.setPattern(
_COLLECTION_MEDIA_PATTERN, TargetType.TYPE_MEDIA, "collection",
"media");

setTargetResolver(targetResolver);
}
Expand All @@ -121,7 +117,11 @@ private void _initWorkspace() {
addWorkspace(_workspace);
}

private static final String[] _BASES = {"/api/secure/atom", "/api/atom"};
private static final String _BASE = "/api/atom";
private static final String _COLLECTION_ENTRY_PATTERN = _BASE + "/([^/#?]+)/([^/#?:]+)(\\?[^#]*)?";
private static final String _COLLECTION_MEDIA_PATTERN = _BASE + "/([^/#?]+)/([^/#?]+):media(\\?[^#]*)?";
private static final String _COLLECTION_PATTERN = _BASE + "/([^/#?;]+)(\\?[^#]*)?";
private static final String _SERVICE_PATTERN = _BASE + "?(\\?[^#]*)?";

private SimpleWorkspaceInfo _workspace;

Expand Down
108 changes: 4 additions & 104 deletions portal-impl/src/com/liferay/portal/deploy/dependencies/remoting-web.xml
View file
Open in desktop
Expand Up @@ -7,7 +7,7 @@
<filter-class>com.liferay.portal.kernel.servlet.PortalClassLoaderFilter</filter-class>
<init-param>
<param-name>filter-class</param-name>
<param-value>com.liferay.portal.servlet.filters.secure.SecureFilter</param-value>
<param-value>com.liferay.portal.servlet.filters.authverification.AuthVerificationFilter</param-value>
</init-param>
<init-param>
<param-name>portal_property_prefix</param-name>
Expand All @@ -19,7 +19,7 @@
<filter-class>com.liferay.portal.kernel.servlet.PortalClassLoaderFilter</filter-class>
<init-param>
<param-name>filter-class</param-name>
<param-value>com.liferay.portal.servlet.filters.secure.SecureFilter</param-value>
<param-value>com.liferay.portal.servlet.filters.authverification.AuthVerificationFilter</param-value>
</init-param>
<init-param>
<param-name>portal_property_prefix</param-name>
Expand All @@ -31,7 +31,7 @@
<filter-class>com.liferay.portal.kernel.servlet.PortalClassLoaderFilter</filter-class>
<init-param>
<param-name>filter-class</param-name>
<param-value>com.liferay.portal.servlet.filters.secure.SecureFilter</param-value>
<param-value>com.liferay.portal.servlet.filters.authverification.AuthVerificationFilter</param-value>
</init-param>
<init-param>
<param-name>portal_property_prefix</param-name>
Expand All @@ -43,71 +43,7 @@
<filter-class>com.liferay.portal.kernel.servlet.PortalClassLoaderFilter</filter-class>
<init-param>
<param-name>filter-class</param-name>
<param-value>com.liferay.portal.servlet.filters.secure.SecureFilter</param-value>
</init-param>
<init-param>
<param-name>portal_property_prefix</param-name>
<param-value>jsonws.servlet.</param-value>
</init-param>
</filter>
<filter>
<filter-name>Secure Atom Servlet Filter</filter-name>
<filter-class>com.liferay.portal.kernel.servlet.PortalClassLoaderFilter</filter-class>
<init-param>
<param-name>filter-class</param-name>
<param-value>com.liferay.portal.servlet.filters.secure.SecureFilter</param-value>
</init-param>
<init-param>
<param-name>basic_auth</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>portal_property_prefix</param-name>
<param-value>atom.servlet.</param-value>
</init-param>
</filter>
<filter>
<filter-name>Secure Axis Servlet Filter</filter-name>
<filter-class>com.liferay.portal.kernel.servlet.PortalClassLoaderFilter</filter-class>
<init-param>
<param-name>filter-class</param-name>
<param-value>com.liferay.portal.servlet.filters.secure.SecureFilter</param-value>
</init-param>
<init-param>
<param-name>basic_auth</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>portal_property_prefix</param-name>
<param-value>axis.servlet.</param-value>
</init-param>
</filter>
<filter>
<filter-name>Secure JSON Servlet Filter</filter-name>
<filter-class>com.liferay.portal.kernel.servlet.PortalClassLoaderFilter</filter-class>
<init-param>
<param-name>filter-class</param-name>
<param-value>com.liferay.portal.servlet.filters.secure.SecureFilter</param-value>
</init-param>
<init-param>
<param-name>basic_auth</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>portal_property_prefix</param-name>
<param-value>json.servlet.</param-value>
</init-param>
</filter>
<filter>
<filter-name>Secure JSON Web Service Servlet Filter</filter-name>
<filter-class>com.liferay.portal.kernel.servlet.PortalClassLoaderFilter</filter-class>
<init-param>
<param-name>filter-class</param-name>
<param-value>com.liferay.portal.servlet.filters.secure.SecureFilter</param-value>
</init-param>
<init-param>
<param-name>basic_auth</param-name>
<param-value>true</param-value>
<param-value>com.liferay.portal.servlet.filters.authverification.AuthVerificationFilter</param-value>
</init-param>
<init-param>
<param-name>portal_property_prefix</param-name>
Expand Down Expand Up @@ -138,10 +74,6 @@
<filter-name>Thread Local Filter</filter-name>
<url-pattern>/api/jsonws/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Thread Local Filter</filter-name>
<url-pattern>/api/secure/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Atom Servlet Filter</filter-name>
<url-pattern>/api/atom/*</url-pattern>
Expand All @@ -158,22 +90,6 @@
<filter-name>JSON Web Service Servlet Filter</filter-name>
<url-pattern>/api/jsonws/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Secure Atom Servlet Filter</filter-name>
<url-pattern>/api/secure/atom/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Secure Axis Servlet Filter</filter-name>
<url-pattern>/api/secure/axis/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Secure JSON Servlet Filter</filter-name>
<url-pattern>/api/secure/json/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Secure JSON Web Service Servlet Filter</filter-name>
<url-pattern>/api/secure/jsonws/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>Atom Servlet</servlet-name>
<servlet-class>com.liferay.portal.kernel.servlet.PortalClassLoaderServlet</servlet-class>
Expand Down Expand Up @@ -226,31 +142,15 @@
<servlet-name>Atom Servlet</servlet-name>
<url-pattern>/api/atom/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Atom Servlet</servlet-name>
<url-pattern>/api/secure/atom/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Axis Servlet</servlet-name>
<url-pattern>/api/axis/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Axis Servlet</servlet-name>
<url-pattern>/api/secure/axis/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>JSON Servlet</servlet-name>
<url-pattern>/api/json/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>JSON Servlet</servlet-name>
<url-pattern>/api/secure/json/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>JSON Web Service Servlet</servlet-name>
<url-pattern>/api/jsonws/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>JSON Web Service Servlet</servlet-name>
<url-pattern>/api/secure/jsonws/*</url-pattern>
</servlet-mapping>