Skip to content
GitLab
Commit 778ef2f1 authored by frederic motte's avatar frederic motte
Browse files

modify the SF to communication with HTTPS services, and to support empty AuthZ groups

parent 432fcdcf
Hide whitespace changes
Inline Side-by-side
Security-filter-impl/pom.xml
View file @ 778ef2f1
<?xml version="1.0" encoding="UTF-8"?>
<!--
Security Filter Servlet Proxy
Copyright (C) 2015 The CHOReVOLUTION project
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
-->
<!-- Security Filter Servlet Proxy Copyright (C) 2015 The CHOReVOLUTION project
This program is free software: you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software
Foundation, either version 3 of the License, or (at your option) any later
version. This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
more details. You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>. -->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<organization>
<name>The CHOReVOLUTION project</name>
<url>http://www.chorevolution.eu</url>
</organization>
<licenses>
<license>
<name>GPL v3.0</name>
<url>http://www.gnu.org/licenses/gpl-3.0.en.html</url>
<distribution>repo</distribution>
</license>
</licenses>
<scm>
<connection>scm:git:ssh://gitolite@tuleap.ow2.org/chorevolution/security-filter.git</connection>
<developerConnection>scm:git:ssh://gitolite@tuleap.ow2.org/chorevolution/security-filter.git</developerConnection>
<url>https://tuleap.ow2.org/plugins/git/chorevolution/security-filter</url>
</scm>
<issueManagement>
<system>jira</system>
<url>https://jira.ow2.org/browse/CRV</url>
</issueManagement>
<groupId>eu.chorevolution.securityfilter</groupId>
<artifactId>SecurityfilterServletProxy</artifactId>
<packaging>war</packaging>
<version>0.0.1-SNAPSHOT</version>
<name>SecurityfilterServletProxy Maven Webapp</name>
<url>http://maven.apache.org</url>
<distributionManagement>
<snapshotRepository>
<id>ow2-nexus-snapshots</id>
<name>OW2 Snapshots Repository</name>
<url>http://repository.ow2.org/nexus/content/repositories/snapshots/</url>
</snapshotRepository>
</distributionManagement>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<!-- works with v4.1 and forward; see .travis.yml -->
<httpclient.version>4.5</httpclient.version>
<!-- the last version to provide LocalTestServer.java -->
<httpclient.test.version>4.3.5</httpclient.test.version>
<jackson.version>2.8.3</jackson.version>
</properties>
<dependencies>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.1.0</version>
</dependency>
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<organization>
<name>The CHOReVOLUTION project</name>
<url>http://www.chorevolution.eu</url>
</organization>
<licenses>
<license>
<name>GPL v3.0</name>
<url>http://www.gnu.org/licenses/gpl-3.0.en.html</url>
<distribution>repo</distribution>
</license>
</licenses>
<scm>
<connection>scm:git:ssh://gitolite@tuleap.ow2.org/chorevolution/security-filter.git</connection>
<developerConnection>scm:git:ssh://gitolite@tuleap.ow2.org/chorevolution/security-filter.git</developerConnection>
<url>https://tuleap.ow2.org/plugins/git/chorevolution/security-filter</url>
</scm>
<issueManagement>
<system>jira</system>
<url>https://jira.ow2.org/browse/CRV</url>
</issueManagement>
<groupId>eu.chorevolution.securityfilter</groupId>
<artifactId>SecurityfilterServletProxy</artifactId>
<packaging>war</packaging>
<version>0.0.1-SNAPSHOT</version>
<name>SecurityfilterServletProxy Maven Webapp</name>
<url>http://maven.apache.org</url>
<distributionManagement>
<snapshotRepository>
<id>ow2-nexus-snapshots</id>
<name>OW2 Snapshots Repository</name>
<url>http://repository.ow2.org/nexus/content/repositories/snapshots/</url>
</snapshotRepository>
</distributionManagement>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<!-- works with v4.1 and forward; see .travis.yml -->
<httpclient.version>4.5</httpclient.version>
<!-- the last version to provide LocalTestServer.java -->
<httpclient.test.version>4.3.5</httpclient.test.version>
<jackson.version>2.8.3</jackson.version>
</properties>
<dependencies>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.1.0</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
<version>2.5</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
<version>2.5</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>${httpclient.version}</version>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>2.4</version>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.12</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>${httpclient.version}</version>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>2.4</version>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.12</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>${httpclient.test.version}</version>
<classifier>tests</classifier>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-api</artifactId>
<version>2.4.1</version>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-core</artifactId>
<version>2.4.1</version>
</dependency>
<dependency>
<groupId>org.apache.ws.security</groupId>
<artifactId>wss4j</artifactId>
<version>1.6.19</version>
</dependency>
<dependency>
<groupId>eu.chorevolution.securityfilter</groupId>
<artifactId>sf-provision-data</artifactId>
<version>0.0.1-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>eu.chorevolution.sts</groupId>
<artifactId>sts-provision-data</artifactId>
<version>0.0.1-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>com.sun.jersey</groupId>
<artifactId>jersey-server</artifactId>
<version>1.9</version>
</dependency>
<dependency>
<groupId>com.sun.jersey</groupId>
<artifactId>jersey-client</artifactId>
<version>1.9</version>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-ws-security</artifactId>
<version>3.1.4</version>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-frontend-jaxws</artifactId>
<version>3.1.4</version>
</dependency>
<dependency>
<groupId>org.apache.cxf.services.sts</groupId>
<artifactId>cxf-services-sts-core</artifactId>
<version>3.1.4</version>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
<version>1.1.3</version>
</dependency>
<!-- <dependency> <groupId>eu.chorevolution</groupId> <artifactId>SecurityTokenService</artifactId>
<version>0.0.1-SNAPSHOT</version> </dependency> -->
<dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>${httpclient.test.version}</version>
<classifier>tests</classifier>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-api</artifactId>
<version>2.4.1</version>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-core</artifactId>
<version>2.4.1</version>
</dependency>
<dependency>
<groupId>org.apache.ws.security</groupId>
<artifactId>wss4j</artifactId>
<version>1.6.19</version>
</dependency>
<dependency>
<groupId>eu.chorevolution.securityfilter</groupId>
<artifactId>sf-provision-data</artifactId>
<version>0.0.1-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>eu.chorevolution.sts</groupId>
<artifactId>sts-provision-data</artifactId>
<version>0.0.1-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>com.sun.jersey</groupId>
<artifactId>jersey-server</artifactId>
<version>1.9</version>
</dependency>
<dependency>
<groupId>com.sun.jersey</groupId>
<artifactId>jersey-client</artifactId>
<version>1.9</version>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-ws-security</artifactId>
<version>3.1.4</version>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-frontend-jaxws</artifactId>
<version>3.1.4</version>
</dependency>
<dependency>
<groupId>org.apache.cxf.services.sts</groupId>
<artifactId>cxf-services-sts-core</artifactId>
<version>3.1.4</version>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
<version>1.1.3</version>
</dependency>
<!-- <dependency> <groupId>eu.chorevolution</groupId> <artifactId>SecurityTokenService</artifactId>
<version>0.0.1-SNAPSHOT</version> </dependency> -->
<dependency>
<groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-xacml-model</artifactId>
<version>3.4.0</version>
</dependency>
<dependency>
<dependency>
<groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-core</artifactId>
<version>5.0.2</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.8.3</version>
</dependency>
<!-- https://mvnrepository.com/artifact/com.google.code.gson/gson -->
<dependency>
<groupId>com.google.code.gson</groupId>
<artifactId>gson</artifactId>
<version>2.7</version>
</dependency>
</dependencies>
<build>
<finalName>SecurityfilterServletProxy</finalName>
<plugins>
<plugin><!-- Plugin Maven pour creer archive WAR -->
<artifactId>maven-war-plugin</artifactId>
<version>2.6</version>
</plugin>
<plugin><!-- Plugin pour compilation code Java -->
<artifactId>maven-compiler-plugin</artifactId>
<version>3.5.1</version>
<configuration>
<!-- Java version for compiling the source code -->
<source>1.8</source>
<target>1.8</target>
</configuration>
</plugin>
</plugins>
</build>
<repositories>
<repository>
<id>sonatype</id>
<url>https://oss.sonatype.org/content/repositories/snapshots</url>
<releases>
<enabled>false</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
</snapshots>
</repository>
<repository>
<id>ow2-snapshots</id>
<url>http://repository.ow2.org/nexus/content/repositories/snapshots/</url>
<releases>
<enabled>false</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
</snapshots>
</repository>
<repository>
<id>ow2-releases</id>
<url>http://repository.ow2.org/nexus/content/repositories/releases/</url>
<releases>
<enabled>false</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
</snapshots>
</repository>
</repositories>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.8.3</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<version>3.0</version>
</dependency>
<!-- https://mvnrepository.com/artifact/com.google.code.gson/gson -->
<dependency>
<groupId>com.google.code.gson</groupId>
<artifactId>gson</artifactId>
<version>2.7</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-ext-jdk15on</artifactId>
<version>1.55</version>
</dependency>
</dependencies>
<build>
<finalName>SecurityfilterServletProxy</finalName>
<plugins>
<plugin><!-- Plugin Maven pour creer archive WAR -->
<artifactId>maven-war-plugin</artifactId>
<version>2.6</version>
</plugin>
<plugin><!-- Plugin pour compilation code Java -->
<artifactId>maven-compiler-plugin</artifactId>
<version>3.5.1</version>
<configuration>
<!-- Java version for compiling the source code -->
<source>1.8</source>
<target>1.8</target>
</configuration>
</plugin>
</plugins>
</build>
<repositories>
<repository>
<id>sonatype</id>
<url>https://oss.sonatype.org/content/repositories/snapshots</url>
<releases>
<enabled>false</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
</snapshots>
</repository>
<repository>
<id>ow2-snapshots</id>
<url>http://repository.ow2.org/nexus/content/repositories/snapshots/</url>
<releases>
<enabled>false</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
</snapshots>
</repository>
<repository>
<id>ow2-releases</id>
<url>http://repository.ow2.org/nexus/content/repositories/releases/</url>
<releases>
<enabled>false</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
</snapshots>
</repository>
</repositories>
</project>
Security-filter-impl/src/main/java/eu/chorevolution/Encryptor.java 0 → 100644
View file @ 778ef2f1
package eu.chorevolution;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Base64;
import java.util.Properties;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.lang3.ArrayUtils;
public class Encryptor {
private static String algo ="AES";
private SecretKeySpec keySpec = null;
public Encryptor(String secretKey) {
System.out.println("CREATE ENCRYPTOR WITH : " + secretKey);
String actualKey = secretKey;
if (actualKey.length() < 16) {
StringBuilder actualKeyPadding = new StringBuilder(actualKey);
for (int i = 0; i < 16 - actualKey.length(); i++) {
actualKeyPadding.append('0');
}
actualKey = actualKeyPadding.toString();
}
try {
keySpec = new SecretKeySpec(ArrayUtils.subarray(
actualKey.getBytes("UTF-8"), 0, 16), algo);
} catch (UnsupportedEncodingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
public String encode(final String value) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, UnsupportedEncodingException{
String encodedValue = null;
if (value != null) {
final Cipher cipher = Cipher.getInstance("AES");
cipher.init(Cipher.ENCRYPT_MODE, keySpec);
byte[] envVal = cipher.doFinal(value.getBytes("UTF-8"));
encodedValue = Base64.getEncoder().encodeToString(envVal);
}
return encodedValue;
}
public String decode(final String encodedValue) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, UnsupportedEncodingException {
System.out.println("encoded value " + encodedValue);
String value = null;
if (encodedValue != null){
final Cipher cipher = Cipher.getInstance("AES");
cipher.init(Cipher.DECRYPT_MODE, keySpec);
byte[] decodedValue = Base64.getDecoder().decode(encodedValue);
byte[] decVal = cipher.doFinal(decodedValue);
value = new String(decVal, "UTF-8");
}
return value;
}
public static void main(String[] args) {
String password = "password";
Encryptor encryptor = new Encryptor("skjajsjsjljkdsa6633");
try {
String encryptedText = encryptor.encode(password);
String decryptedText = encryptor.decode(encryptedText);
System.out.println("original " + password);
System.out.println("encrypted " + encryptedText);
System.out.println("decrypted " + decryptedText);
System.out.println(encryptor.decode("AEdnzs++tE4XgTQVE6csCw=="));
} catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchPaddingException | IllegalBlockSizeException
| BadPaddingException | UnsupportedEncodingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
Security-filter-impl/src/main/java/eu/chorevolution/MySSLSocketFactory.java 0 → 100644
View file @ 778ef2f1
package eu.chorevolution;
import java.io.IOException;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.http.conn.ssl.SSLSocketFactory;
public class MySSLSocketFactory extends SSLSocketFactory {
SSLContext sslContext = SSLContext.getInstance("TLS");
public MySSLSocketFactory(KeyStore truststore) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
super(truststore);
TrustManager tm = new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
sslContext.init(null, new TrustManager[] { tm }, null);
}
@Override
public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException, UnknownHostException {
return sslContext.getSocketFactory().createSocket(socket, host, port, autoClose);