Commit b41a78e6 authored by frederic motte's avatar frederic motte
Browse files

implementation of the setFSURL, change to CXF JAX-RS, implementation of the securityContext

parent bef7e0b6
......@@ -88,10 +88,12 @@ public class Utilities {
File webxml = new File(projectDir+System.getProperty("file.separator")+"WEB-INF"+System.getProperty("file.separator")+"web.xml");
String content = new StringBuilder(xmlLicenseHeader)
.append("<web-app xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"").append(System.getProperty("line.separator"))
.append("xmlns:web=\"http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd\"").append(System.getProperty("line.separator"))
.append("xsi:schemaLocation=\"http://java.sun.com/xml/ns/javaee\"").append(System.getProperty("line.separator"))
.append("version=\"3.0\"> ").append(System.getProperty("line.separator"))
// .append("<?xml version=\"1.0\" encoding=\"UTF-8\"?>").append(System.getProperty("line.separator"))
.append("<web-app version=\"2.5\" xmlns=\"http://java.sun.com/xml/ns/javee\"").append(System.getProperty("line.separator"))
.append("xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"").append(System.getProperty("line.separator"))
.append("xsi:schemaLocation=\"http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd\">").append(System.getProperty("line.separator"))
.append("\t <display-name>"+sfName+"</display-name>").append(System.getProperty("line.separator"))
.append("\t <filter>").append(System.getProperty("line.separator"))
......@@ -133,14 +135,20 @@ public class Utilities {
.append("\t\t </init-param>").append(System.getProperty("line.separator"))
.append("\t </servlet>").append(System.getProperty("line.separator"))
.append("\t <listener>").append(System.getProperty("line.separator"))
.append("\t\t <listener-class>org.springframework.web.context.ContextLoaderListener").append(System.getProperty("line.separator"))
.append("\t\t </listener-class>").append(System.getProperty("line.separator"))
.append("\t </listener>").append(System.getProperty("line.separator"))
.append("\t <context-param>").append(System.getProperty("line.separator"))
.append("\t\t <param-name>contextConfigLocation</param-name>").append(System.getProperty("line.separator"))
.append("\t\t <param-value>WEB-INF/rest-servlet.xml</param-value>").append(System.getProperty("line.separator"))
.append("\t </context-param>").append(System.getProperty("line.separator"))
.append("\t <servlet>").append(System.getProperty("line.separator"))
.append("\t\t <servlet-name>SecurityFilterManagement</servlet-name>").append(System.getProperty("line.separator"))
.append("\t\t <servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class>").append(System.getProperty("line.separator"))
.append("\t\t <init-param>").append(System.getProperty("line.separator"))
.append("\t\t\t <param-name>com.sun.jersey.config.property.packages</param-name>").append(System.getProperty("line.separator"))
.append("\t\t\t <param-value>eu.chorevolution.rest</param-value>").append(System.getProperty("line.separator"))
.append("\t\t </init-param>").append(System.getProperty("line.separator"))
.append("\t\t <load-on-startup>1</load-on-startup>").append(System.getProperty("line.separator"))
.append("\t\t <servlet-name>CXFServlet</servlet-name>").append(System.getProperty("line.separator"))
.append("\t\t <servlet-class>org.apache.cxf.transport.servlet.CXFServlet").append(System.getProperty("line.separator"))
.append("\t\t </servlet-class>").append(System.getProperty("line.separator"))
.append("\t </servlet>").append(System.getProperty("line.separator"))
.append("\t <servlet-mapping>").append(System.getProperty("line.separator"))
......@@ -149,7 +157,7 @@ public class Utilities {
.append("\t </servlet-mapping>").append(System.getProperty("line.separator"))
.append("\t <servlet-mapping>").append(System.getProperty("line.separator"))
.append("\t\t <servlet-name>SecurityFilterManagement</servlet-name>").append(System.getProperty("line.separator"))
.append("\t\t <servlet-name>CXFServlet</servlet-name>").append(System.getProperty("line.separator"))
.append("\t\t <url-pattern>/SecurityFilterManagement/*</url-pattern>").append(System.getProperty("line.separator"))
.append("\t </servlet-mapping>").append(System.getProperty("line.separator"))
.append("</web-app>").append(System.getProperty("line.separator"))
......@@ -249,26 +257,26 @@ public class Utilities {
public static File copyWarTemplate( String destination) throws IOException{
File dest = new File(destination + File.separatorChar + WARTEMPLATENAME);
final File jarFile = new File(Utilities.class.getProtectionDomain().getCodeSource().getLocation().getPath());
if (jarFile.isFile()){
final JarFile jar = new JarFile(Utilities.class.getProtectionDomain().getCodeSource().getLocation().getPath());
final Enumeration<JarEntry> entries =jar.entries();
while(entries.hasMoreElements()){
JarEntry entry = entries.nextElement();
if(entry.getName().equals("war-template/" + WARTEMPLATENAME)){
InputStream entrystream = jar.getInputStream(entry);
FileUtils.copyInputStreamToFile(entrystream, dest);
}
}
}else{
File war = new File( "." + File.separatorChar + "src" + File.separatorChar + "main" + File.separatorChar + "resources" + File.separatorChar+"war-template" + File.separatorChar + WARTEMPLATENAME);
FileUtils.copyFile(war, dest);
}
return dest;
......
......@@ -55,10 +55,14 @@
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<!-- works with v4.1 and forward; see .travis.yml -->
<httpclient.version>4.5</httpclient.version>
<httpclient.version>4.5.1</httpclient.version>
<!-- the last version to provide LocalTestServer.java -->
<httpclient.test.version>4.3.5</httpclient.test.version>
<jackson.version>2.8.3</jackson.version>
<jax.ws.rs>2.0.1</jax.ws.rs>
<springmvc>4.1.4.RELEASE</springmvc>
<cxf.version>3.1.4</cxf.version>
<jackson.version>1.9.12</jackson.version>
<!-- <httpclient.version>3.1</httpclient.version> -->
</properties>
<dependencies>
......@@ -124,15 +128,30 @@
<artifactId>sts-provision-data</artifactId>
<version>0.0.1-SNAPSHOT</version>
</dependency>
<!-- <dependency> <groupId>com.sun.jersey</groupId> <artifactId>jersey-server</artifactId>
<version>1.9</version> </dependency> <dependency> <groupId>com.sun.jersey</groupId>
<artifactId>jersey-servlet</artifactId> <version>1.12</version> </dependency> -->
<dependency>
<groupId>com.sun.jersey</groupId>
<artifactId>jersey-server</artifactId>
<artifactId>jersey-client</artifactId>
<version>1.9</version>
</dependency>
<dependency>
<groupId>com.sun.jersey</groupId>
<artifactId>jersey-client</artifactId>
<version>1.9</version>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
<version>${springmvc}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>${springmvc}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>${springmvc}</version>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
......@@ -144,6 +163,34 @@
<artifactId>cxf-rt-frontend-jaxws</artifactId>
<version>3.1.4</version>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-frontend-jaxrs</artifactId>
<version>3.1.4</version>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-transports-http</artifactId>
<version>${cxf.version}</version>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-rs-extension-providers</artifactId>
<version>${cxf.version}</version>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-rs-extension-search</artifactId>
<version>${cxf.version}</version>
</dependency>
<dependency>
<groupId>javax.ws.rs</groupId>
<artifactId>javax.ws.rs-api</artifactId>
<version>${jax.ws.rs}</version>
</dependency>
<!-- <dependency> <groupId>org.codehaus.jackson</groupId> <artifactId>jackson-jaxrs</artifactId>
<version>${jackson.version}</version> </dependency> -->
<dependency>
<groupId>org.apache.cxf.services.sts</groupId>
<artifactId>cxf-services-sts-core</artifactId>
......@@ -171,6 +218,22 @@
<artifactId>jackson-databind</artifactId>
<version>2.8.3</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.jaxrs</groupId>
<artifactId>jackson-jaxrs-json-provider</artifactId>
<version>2.8.3</version>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-rs-client</artifactId>
<version>${cxf.version}</version>
</dependency>
<dependency>
<groupId>org.codehaus.jettison</groupId>
<artifactId>jettison</artifactId>
<version>1.3.8</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
......@@ -187,6 +250,8 @@
<artifactId>bcprov-ext-jdk15on</artifactId>
<version>1.55</version>
</dependency>
<!-- <dependency> <groupId>org.codehaus.jackson</groupId> <artifactId>jackson-jaxrs</artifactId>
<version>1.9.0</version> </dependency> -->
</dependencies>
<build>
<finalName>SecurityfilterServletProxy</finalName>
......
......@@ -65,6 +65,7 @@ import org.w3c.dom.Document;
import org.w3c.dom.Element;
import eu.chorevolution.configuration.SecurityPolicy;
import eu.chorevolution.securityfilter.api.SecurityContext;
import eu.chorevolution.securityfilter.api.Status;
/**
......@@ -197,6 +198,11 @@ public class SecurityFilter implements Filter {
logger.error("config is null");
}
// check if the security filter is configured
ServletContext context = config.getServletContext();
if (context.getAttribute("Status") == null){
......@@ -205,6 +211,35 @@ public class SecurityFilter implements Filter {
return;
}
SecurityContext cont = (SecurityContext)context.getAttribute("SecurityContext");
if (context.getAttribute("SecurityContext")!= null){
logger.debug("Into the filter SecurityContext" + cont.toString());
if (SecurityContext.DENY_ACCESS.equals((SecurityContext)context.getAttribute("SecurityContext"))){
//if not, throw an exception
httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, "The access to the service is unauthorized");
return;
}
if (SecurityContext.NOT_ENFORCED.equals((SecurityContext)context.getAttribute("SecurityContext"))){
//if not, throw an exception
chain.doFilter(request, response);
return;
}
}
if (context.getAttribute("FederationServerURL") !=null){
STSUrl = (String) context.getAttribute("FederationServerURL");
}
else{
httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN, "FederationServer URL not specified");
return;
}
if (policy == null){
httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN, "Security Filter has not configuration file");
return;
......@@ -268,15 +303,6 @@ public class SecurityFilter implements Filter {
SOAPMessage msg = messageFactory.createMessage(headers2, is);
SOAPHeader soapHeader= msg.getSOAPPart().getEnvelope().getHeader();
// Iterator<SOAPHeaderElement> itr = soapHeader.examineAllHeaderElements();
//
// while (itr.hasNext()) {
// SOAPHeaderElement ele = itr.next();
// javax.xml.namespace.QName headerName = ele.getElementQName();
// logger.debug("headerName " + headerName.getLocalPart());
// logger.debug("actor " + ele.getActor());
// }
// create WSSecurity engine
WSSecurityEngine securityEngine=new WSSecurityEngine();
......@@ -297,21 +323,11 @@ public class SecurityFilter implements Filter {
WSSConfig wssConfig = WSSConfig.getNewInstance();
securityEngine.setWssConfig(wssConfig);
// String domainValidation="domain1";
// String domainIssuer="domain2";
String domainValidation=policy.getDomain();
// String domainIssuer=policy.getDomain(); ;
// if ((policy.getProvider().getCredential().getGenericAccount()!= null) && (policy.getProvider().getCredential().getGenericCredential()!= null)){
// domainIssuer=null;
// }
logger.debug("domainValidation : " + domainValidation);
// logger.debug("domainIssuer : " + domainIssuer);
// logger.debug("Consumer type : " + policy.getConsumer().getType());
// logger.debug("Provider type : " + policy.getProvider().getType());
// specify the validator class for the usernametoken
wssConfig.setValidator(WSSecurityEngine.USERNAME_TOKEN, new UsernameTokenValidator(STSUrl, policy, xacmlConfigurationFile));
wssConfig.setValidator(WSSecurityEngine.USERNAME_TOKEN, new UsernameTokenValidator(STSUrl, policy, xacmlConfigurationFile, context) );
reqData.setCallbackHandler(new CommonCallbackHandler());
List<WSSecurityEngineResult> res = securityEngine.processSecurityHeader(e, reqData);
......@@ -354,21 +370,21 @@ public class SecurityFilter implements Filter {
logger.debug("headerName " + headerName.getLocalPart());
logger.debug("actor " + ele.getActor());
if (headerName.getLocalPart().equalsIgnoreCase("Security")) {
logger.debug("remove the security header attributes");
soapHeader.removeChild(ele);
}
}
logger.debug("recreate the security header attributes");
//add security attributes
QName security = new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd",
"Security");
SOAPElement Security= msg.getSOAPHeader().addChildElement(security);
SOAPElement UsernameToken= Security.addChildElement(new QName("UsernameToken"));
SOAPElement Username= UsernameToken.addChildElement(new QName("Username"));
......@@ -407,67 +423,8 @@ public class SecurityFilter implements Filter {
}
// || ((policy.getProvider().getCredential().getGenericAccount()!= null) && (policy.getProvider().getCredential().getGenericCredential()!= null)))
// { // remove the security soap header
// Iterator<SOAPHeaderElement> itr2 = soapHeader.examineAllHeaderElements();
//
// while (itr2.hasNext()) {
// SOAPHeaderElement ele = itr2.next();
// javax.xml.namespace.QName headerName = ele.getElementQName();
// logger.debug("headerName " + headerName.getLocalPart());
// logger.debug("actor " + ele.getActor());
// if (headerName.getLocalPart() == "Security") {
// soapHeader.removeChild(ele);
// }
//
// }
//
//
// //attribute
// QName security = new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd",
// "Security");
// SOAPElement Security= msg.getSOAPHeader().addChildElement(security);
// SOAPElement UsernameToken= Security.addChildElement(new QName("UsernameToken"));
// SOAPElement Username= UsernameToken.addChildElement(new QName("Username"));
// SOAPElement Password= UsernameToken.addChildElement(new QName("Password"));
//
// Password.addAttribute(new QName("Type"), WSConstants.PASSWORD_TEXT);
//
// if ((policy.getProvider().getCredential().getGenericAccount()!= null) && (policy.getProvider().getCredential().getGenericCredential()!= null))
// {
// //enter the username and password coming from the configuration
//
// logger.debug("name" + policy.getProvider().getCredential().getGenericAccount());
// logger.debug("password" + policy.getProvider().getCredential().getGenericCredential());
// Username.addTextNode(policy.getProvider().getCredential().getGenericAccount());
// Password.addTextNode(policy.getProvider().getCredential().getGenericCredential());
//
// }else{
// //enter the username and password coming from the STS
// if (principal != null && principal instanceof WSUsernameTokenPrincipal)
// {
// WSUsernameTokenPrincipal wsUsernameTokenPrincipal = (WSUsernameTokenPrincipal)principal;
// logger.debug("name" + wsUsernameTokenPrincipal.getName());
// logger.debug("password" + wsUsernameTokenPrincipal.getPassword());
// Username.addTextNode(wsUsernameTokenPrincipal.getName());
// Password.addTextNode(wsUsernameTokenPrincipal.getPassword());
// }
// }
//
// }
//
// }
ByteArrayOutputStream out2 = new ByteArrayOutputStream();
// Iterator iterMins = msg.getMimeHeaders().getAllHeaders();
// while (iterMins.hasNext()) {
// MimeHeader object = (MimeHeader) iterMins.next();
// System.out.println(object.getName() + " " + object.getValue());
// }
msg.saveChanges();
msg.writeTo(out2);
int length = 0;
......@@ -487,19 +444,8 @@ public class SecurityFilter implements Filter {
InputStreamModifiedRequestWrapper requestWrapper = new InputStreamModifiedRequestWrapper((HttpServletRequest) multiReadRequest);
requestWrapper.setInputStream(byteArrayInputStream);
requestWrapper.setContentLength(length);
// Enumeration<String> headers = requestWrapper.getHeaderNames();
// while(headers.hasMoreElements()){
// String key = (String) headers.nextElement();
// logger.debug("key " + key + " value + " + requestWrapper.getHeader(key) );
//
// }
requestWrapper.setContentLength(length);
// pass the request along the filter chain
chain.doFilter(requestWrapper, response);
}
......@@ -511,11 +457,6 @@ public class SecurityFilter implements Filter {
}
} catch (TransformerConfigurationException e) {
// TODO Auto-generated catch block
e.printStackTrace();
......@@ -554,6 +495,7 @@ public class SecurityFilter implements Filter {
config.getServletContext().setAttribute("Status", Status.ENABLED.toString());
STSUrl = config.getInitParameter("STS-URL");
config.getServletContext().setAttribute("FederationServerURL", STSUrl);
try {
JAXBContext jaxbContext = JAXBContext.newInstance(SecurityPolicy.class);
Unmarshaller jaxbUnmarshaller = jaxbContext.createUnmarshaller();
......@@ -568,8 +510,8 @@ public class SecurityFilter implements Filter {
try {
url = config.getServletContext().getResource("/WEB-INF/pdp.xml");
xacmlConfigurationFile = new File(url.toURI());
if(!xacmlConfigurationFile.exists()){
xacmlConfigurationFile = null;
}
......@@ -580,7 +522,7 @@ public class SecurityFilter implements Filter {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
......
......@@ -15,6 +15,7 @@ import java.util.Set;
import org.apache.cxf.interceptor.LoggingInInterceptor;
import org.apache.cxf.interceptor.LoggingOutInterceptor;
import javax.servlet.ServletContext;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBElement;
import javax.xml.bind.JAXBException;
......@@ -23,6 +24,7 @@ import javax.xml.bind.Marshaller;
import org.apache.cxf.frontend.ClientProxy;
import eu.chorevolution.configuration.SecurityPolicy;
import eu.chorevolution.securityfilter.api.SecurityContext;
import eu.chorevolution.securitytokenservice.SecurityTokenService;
import eu.chorevolution.securitytokenservice.SecurityTokenServiceConstants;
import eu.chorevolution.securitytokenservice.federationserver.api.EndUser;
......@@ -80,7 +82,6 @@ import org.springframework.util.ResourceUtils;
import com.fasterxml.jackson.databind.ObjectMapper;
//import com.google.gson.Gson;
import com.sun.jersey.api.client.Client;
import com.sun.jersey.api.client.ClientResponse;
import com.sun.jersey.api.client.WebResource;
......@@ -125,15 +126,19 @@ public class UsernameTokenValidator implements Validator {
private SecurityPolicy policy = null;
private File xacmlConfigurationFile = null;
private ServletContext context = null;
/**
* @param sTSUrl
* @param context
*/
public UsernameTokenValidator(String sTSUrl , SecurityPolicy policy, File xacmlConfigurationFile) {
public UsernameTokenValidator(String sTSUrl , SecurityPolicy policy, File xacmlConfigurationFile, ServletContext context) {
// TODO Auto-generated constructor stub
this.sTSUrl = sTSUrl;
this.policy = policy;
this.domain = policy.getDomain();
this.xacmlConfigurationFile = xacmlConfigurationFile;
this.context = context;
// this.domainIssuer = policy.getDomain();
}
......@@ -379,9 +384,20 @@ public class UsernameTokenValidator implements Validator {
// TODO Auto-generated catch block
e.printStackTrace();
}
checkAuthZ(originUsername, this.domain, this.sTSUrl, xacmlConfigurationFile);
logger.debug("*******************************" + context.getAttribute("SecurityContext"));
if (context.getAttribute("SecurityContext")!= null){
if (!SecurityContext.AUTHENTICATED_ONLY.equals((SecurityContext)context.getAttribute("SecurityContext"))){
logger.debug("** Performed the Authorization");
checkAuthZ(originUsername, this.domain, this.sTSUrl, xacmlConfigurationFile);
}else{
logger.debug("*** Don't performed the Authorization");
}
} else {
logger.debug("** Performed the Authorization");
checkAuthZ(originUsername, this.domain, this.sTSUrl, xacmlConfigurationFile);
}
logger.debug("*******************************");
return credential;
}
......
package eu.chorevolution.rest;
import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.SerializationFeature;
public class CompanyObjectMapper extends ObjectMapper {
public CompanyObjectMapper() {
super();
enable(DeserializationFeature.READ_ENUMS_USING_TO_STRING);
enable(SerializationFeature.WRITE_ENUMS_USING_TO_STRING);
}
}
\ No newline at end of file
package eu.chorevolution.rest;
public class SecurityFilterConfiguration {
String URL;
public String getURL() {
return URL;
}
public void setURL(String uRL) {
URL = uRL;
}
}
......@@ -6,43 +6,91 @@ import eu.chorevolution.securityfilter.api.SecurityContext;
import eu.chorevolution.securityfilter.api.SecurityFilterManagement;
import eu.chorevolution.securityfilter.api.Status;
import java.io.IOException;
import javax.servlet.ServletContext;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import org.codehaus.jettison.json.JSONException;
import org.codehaus.jettison.json.JSONObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import com.fasterxml.jackson.databind.ObjectMapper;
@Path("/management")
public class SecurityFilterManagementImpl implements SecurityFilterManagement {
public class SecurityFilterManagementImpl {
private static final Logger logger = LoggerFactory.getLogger(SecurityFilterManagementImpl.class);
@Context
private ServletContext context;
public void init(){
}
@Override