Skip to content

Commit

Permalink
#2379 implemented JWT token handling in CXF AccessControlInterceptor.…
Browse files Browse the repository at this point in the history 
…java
  • Loading branch information
@tjamakeev
tjamakeev committed Apr 4, 2018
1 parent 4bc68d7 commit 879bd4f
Show file tree
Hide file tree
Showing 2 changed files with 98 additions and 58 deletions.
154 changes: 97 additions & 57 deletions ...impl/src/main/java/io/subutai/core/channel/impl/interceptor/AccessControlInterceptor.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,48 +53,13 @@ public void handleMessage( final Message message )
if ( InterceptorState.SERVER_IN.isActive( message ) )
{
HttpServletRequest req = ( HttpServletRequest ) message.get( AbstractHTTPDestination.HTTP_REQUEST );
Session userSession;

if ( req.getLocalPort() == Common.DEFAULT_PUBLIC_SECURE_PORT )
{
// auth with system user since bi-SSL port is already secured
userSession = authenticateAccess( null, null );
}
else
{

if ( ChannelSettings.checkURLAccess( req.getRequestURI() ) )
{
// auth with system user b/c this is a public endpoint
userSession = authenticateAccess( null, null );
}
else
{
//require token auth
userSession = authenticateAccess( message, req );
}
}
Session userSession = getUserSession( req, message );

//******Authenticate************************************************
if ( userSession != null )
{
Subject.doAs( userSession.getSubject(), new PrivilegedAction<Void>()
{
@Override
public Void run()
{
try
{
message.getInterceptorChain().doIntercept( message );
}
catch ( Exception ex )
{
Throwable t = ExceptionUtils.getRootCause( ex );
MessageContentUtil.abortChain( message, t );
}
return null;
}
} );
doAs( message, userSession );
}
else
{
Expand All @@ -110,6 +75,71 @@ public Void run()
}


private Session getUserSession( HttpServletRequest request, Message message )
{
Session userSession;
if ( isPublicResource( request ) || isPublicSecureResource( request ) )
{
// auth with system user since bi-SSL port is already secured
userSession = authenticateAccess( null, null );
}
else
{
//require token auth
userSession = authenticateAccess( message, request );
}

return userSession;
}


private boolean isPublicSecureResource( HttpServletRequest request )
{
return request.getLocalPort() == Common.DEFAULT_PUBLIC_SECURE_PORT;
}


private String getBearerToken( HttpServletRequest request )
{
String authorization = request.getHeader( "Authorization" );
String result = null;
if ( authorization != null && authorization.startsWith( "Bearer" ) )
{
String[] splittedAuthString = authorization.split( "\\s" );
result = splittedAuthString.length == 2 ? splittedAuthString[1] : null;
}
return result;
}


private boolean isPublicResource( HttpServletRequest request )
{
return ChannelSettings.checkURLAccess( request.getRequestURI() );
}


private void doAs( final Message message, Session userSession )
{
Subject.doAs( userSession.getSubject(), new PrivilegedAction<Void>()
{
@Override
public Void run()
{
try
{
message.getInterceptorChain().doIntercept( message );
}
catch ( Exception ex )
{
Throwable t = ExceptionUtils.getRootCause( ex );
MessageContentUtil.abortChain( message, t );
}
return null;
}
} );
}


//******************************************************************
protected Session authenticateAccess( Message message, HttpServletRequest req )
{
Expand All @@ -122,37 +152,47 @@ protected Session authenticateAccess( Message message, HttpServletRequest req )
}
else
{
sptoken = req.getParameter( "sptoken" );

if ( Strings.isNullOrEmpty( sptoken ) )
String bearerToken = getBearerToken( req );
if ( bearerToken != null )
{
HttpHeaders headers = new HttpHeadersImpl( message.getExchange().getInMessage() );
sptoken = headers.getHeaderString( "sptoken" );
return identityManager.login( bearerToken );
}
else
{
sptoken = req.getParameter( "sptoken" );

//******************Get sptoken from cookies *****************
if ( Strings.isNullOrEmpty( sptoken ) )
{
HttpHeaders headers = new HttpHeadersImpl( message.getExchange().getInMessage() );
sptoken = headers.getHeaderString( "sptoken" );
}

if ( Strings.isNullOrEmpty( sptoken ) )
{
Cookie[] cookies = req.getCookies();
for ( final Cookie cookie : cookies )
//******************Get sptoken from cookies *****************

if ( Strings.isNullOrEmpty( sptoken ) )
{
if ( "sptoken".equals( cookie.getName() ) )
Cookie[] cookies = req.getCookies();
for ( final Cookie cookie : cookies )
{
sptoken = cookie.getValue();
if ( "sptoken".equals( cookie.getName() ) )
{
sptoken = cookie.getValue();
}
}
}
}

if ( Strings.isNullOrEmpty( sptoken ) )
{
return null;
}
else
{
return identityManager.login( IdentityManager.TOKEN_ID, sptoken );
if ( Strings.isNullOrEmpty( sptoken ) )
{
return null;
}
else
{
return identityManager.login( IdentityManager.TOKEN_ID, sptoken );
}
}
}
}


//******************************************************************
}
2 changes: 1 addition & 1 deletion ...ement/server/subutai-common/src/main/java/io/subutai/common/settings/ChannelSettings.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ public class ChannelSettings
"/rest/v1/security/keyman/getpublickey", "/rest/v1/security/keyman/getpublickeyfingerprint",
"/rest/v1/handshake/info", "/rest/v1/handshake/register", "/rest/v1/handshake/approve",
"/rest/v1/handshake/cancel", "/rest/v1/handshake/reject", "/rest/v1/handshake/unregister",
"/rest/v1/handshake/status/{$}", "/rest/v1/registration/public-key", "/rest/v1/environments/{$}/info"
"/rest/v1/handshake/status/{$}", "/rest/v1/registration/public-key", "/rest/v1/environments/{$}/info", "/rest/v1/metadata/token/{$}"
};


Expand Down

0 comments on commit 879bd4f

Please sign in to comment.