diff options
author | Endi S. Dewata <edewata@redhat.com> | 2013-10-07 11:48:54 -0400 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2013-10-25 17:17:39 -0400 |
commit | 2119f1b218e9d68b13496e7042785d9c68753966 (patch) | |
tree | b8c7cf5692723340d8d56e5d8c401acdee059ca5 /base/server/tomcat/src | |
parent | 7ca5adf1bd5bc4f9a7c5f2035426b9158007bb28 (diff) | |
download | pki-2119f1b218e9d68b13496e7042785d9c68753966.tar.gz pki-2119f1b218e9d68b13496e7042785d9c68753966.tar.xz pki-2119f1b218e9d68b13496e7042785d9c68753966.zip |
Reorganized server packages.
The tomcat, cms, and cmscore packages have been moved from base/common
into separate folders in base/server so that they can be built separately.
Diffstat (limited to 'base/server/tomcat/src')
4 files changed, 472 insertions, 0 deletions
diff --git a/base/server/tomcat/src/CMakeLists.txt b/base/server/tomcat/src/CMakeLists.txt new file mode 100644 index 000000000..d9808a803 --- /dev/null +++ b/base/server/tomcat/src/CMakeLists.txt @@ -0,0 +1,158 @@ +project(pki-tomcat) + +find_file(JSS_JAR + NAMES + jss4.jar + PATHS + ${JAVA_LIB_INSTALL_DIR} + /usr/share/java +) + +find_file(LDAPJDK_JAR + NAMES + ldapjdk.jar + PATHS + ${JAVA_LIB_INSTALL_DIR} + /usr/share/java +) + +find_file(COMMONS_CODEC_JAR + NAMES + commons-codec.jar + PATHS + /usr/share/java +) + +find_file(COMMONS_HTTPCLIENT_JAR + NAMES + commons-httpclient.jar + PATHS + /usr/share/java +) + +find_file(APACHE_COMMONS_LANG_JAR + NAMES + apache-commons-lang.jar + PATHS + /usr/share/java +) + +find_file(TOMCAT_CATALINA_JAR + NAMES + catalina.jar + PATHS + /usr/share/java/tomcat +) + +find_file(TOMCAT_UTIL_JAR + NAMES + tomcat-util.jar + PATHS + /usr/share/java/tomcat +) + +find_file(SERVLET_JAR + NAMES + servlet.jar + PATHS + ${JAVA_LIB_INSTALL_DIR} + /usr/share/java +) + +find_file(VELOCITY_JAR + NAMES + velocity.jar + PATHS + ${JAVA_LIB_INSTALL_DIR} + /usr/share/java +) + +find_file(XALAN_JAR + NAMES + xalan-j2.jar + PATHS + ${JAVA_LIB_INSTALL_DIR} + /usr/share/java +) + +find_file(XERCES_JAR + NAMES + xerces-j2.jar + PATHS + ${JAVA_LIB_INSTALL_DIR} + /usr/share/java +) + +find_file(JAXRS_API_JAR + NAMES + jaxrs-api.jar + PATHS + ${RESTEASY_LIB} +) + +find_file(RESTEASY_JAXRS_JAR + NAMES + resteasy-jaxrs.jar + PATHS + ${RESTEASY_LIB} +) + +find_file(RESTEASY_ATOM_PROVIDER_JAR + NAMES + resteasy-atom-provider.jar + PATHS + ${RESTEASY_LIB} +) + +find_file(HTTPCLIENT_JAR + NAMES + httpclient.jar + PATHS + /usr/share/java/httpcomponents +) + +find_file(HTTPCORE_JAR + NAMES + httpcore.jar + PATHS + /usr/share/java/httpcomponents +) + +# build pki-tomcat +javac(pki-tomcat-classes + SOURCES + com/netscape/cms/tomcat/*.java + CLASSPATH + ${SERVLET_JAR} ${TOMCAT_CATALINA_JAR} + OUTPUT_DIR + ${CMAKE_BINARY_DIR}/classes +) + +configure_file( + ${CMAKE_CURRENT_SOURCE_DIR}/pki-tomcat.mf + ${CMAKE_CURRENT_BINARY_DIR}/pki-tomcat.mf +) + +jar(pki-tomcat-jar + CREATE + ${CMAKE_BINARY_DIR}/dist/pki-tomcat.jar + OPTIONS + m + PARAMS + ${CMAKE_CURRENT_BINARY_DIR}/pki-tomcat.mf + INPUT_DIR + ${CMAKE_BINARY_DIR}/classes + FILES + com/netscape/cms/tomcat/*.class + DEPENDS + pki-tomcat-classes +) + +install( + FILES + ${CMAKE_BINARY_DIR}/dist/pki-tomcat.jar + DESTINATION + ${JAVA_JAR_INSTALL_DIR}/pki +) + +set(PKI_TOMCAT_JAR ${CMAKE_BINARY_DIR}/dist/pki-tomcat.jar CACHE INTERNAL "pki-tomcat jar file") diff --git a/base/server/tomcat/src/com/netscape/cms/tomcat/ProxyRealm.java b/base/server/tomcat/src/com/netscape/cms/tomcat/ProxyRealm.java new file mode 100644 index 000000000..094c0561f --- /dev/null +++ b/base/server/tomcat/src/com/netscape/cms/tomcat/ProxyRealm.java @@ -0,0 +1,139 @@ +package com.netscape.cms.tomcat; + +import java.beans.PropertyChangeListener; +import java.io.IOException; +import java.security.Principal; +import java.security.cert.X509Certificate; +import java.util.HashMap; +import java.util.Map; + +import org.apache.catalina.Container; +import org.apache.catalina.Context; +import org.apache.catalina.Realm; +import org.apache.catalina.Wrapper; +import org.apache.catalina.connector.Request; +import org.apache.catalina.connector.Response; +import org.apache.catalina.deploy.SecurityConstraint; +import org.ietf.jgss.GSSContext; + +/** + * @author Endi S. Dewata + */ +public class ProxyRealm implements Realm { + + public static Map<String, ProxyRealm> proxies = new HashMap<String, ProxyRealm>(); + + public Container container; + public Realm realm; + + public ProxyRealm() { + } + + @Override + public Container getContainer() { + return container; + } + + @Override + public void setContainer(Container container) { + this.container = container; + if (container instanceof Context) { + Context context = (Context)container; + proxies.put(context.getBaseName(), this); + } + } + + public Realm getRealm() { + return realm; + } + + public void setRealm(Realm realm) { + this.realm = realm; + realm.setContainer(container); + } + + public static void registerRealm(String contextName, Realm realm) { + ProxyRealm proxy = proxies.get(contextName); + if (proxy == null) return; + + proxy.setRealm(realm); + } + + @Override + public Principal authenticate(String username, String password) { + return realm.authenticate(username, password); + } + + @Override + public Principal authenticate(X509Certificate certs[]) { + return realm.authenticate(certs); + } + + @Override + public Principal authenticate( + String username, + String digest, + String nonce, + String nc, + String cnonce, + String qop, + String realmName, + String md5a2 + ) { + return realm.authenticate(username, digest, nonce, nc, cnonce, qop, realmName, md5a2); + } + + @Override + public Principal authenticate(GSSContext gssContext, boolean storeCreds) { + return realm.authenticate(gssContext, storeCreds); + } + + @Override + public boolean hasResourcePermission( + Request request, + Response response, + SecurityConstraint[] constraints, + Context context + ) throws IOException { + return realm.hasResourcePermission(request, response, constraints, context); + } + + @Override + public String getInfo() { + return realm.getInfo(); + } + + @Override + public void backgroundProcess() { + realm.backgroundProcess(); + } + + @Override + public SecurityConstraint[] findSecurityConstraints(Request request, Context context) { + return realm.findSecurityConstraints(request, context); + } + + @Override + public boolean hasRole(Wrapper wrapper, Principal principal, String role) { + return realm.hasRole(wrapper, principal, role); + } + + @Override + public boolean hasUserDataPermission( + Request request, + Response response, + SecurityConstraint[] constraint + ) throws IOException { + return realm.hasUserDataPermission(request, response, constraint); + } + + @Override + public void addPropertyChangeListener(PropertyChangeListener listener) { + realm.addPropertyChangeListener(listener); + } + + @Override + public void removePropertyChangeListener(PropertyChangeListener listener) { + realm.removePropertyChangeListener(listener); + } +} diff --git a/base/server/tomcat/src/com/netscape/cms/tomcat/SSLAuthenticatorWithFallback.java b/base/server/tomcat/src/com/netscape/cms/tomcat/SSLAuthenticatorWithFallback.java new file mode 100644 index 000000000..20bf85d22 --- /dev/null +++ b/base/server/tomcat/src/com/netscape/cms/tomcat/SSLAuthenticatorWithFallback.java @@ -0,0 +1,172 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2012 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +package com.netscape.cms.tomcat; + +import java.io.IOException; +import java.security.cert.X509Certificate; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpServletResponseWrapper; + +import org.apache.catalina.Container; +import org.apache.catalina.Globals; +import org.apache.catalina.LifecycleException; +import org.apache.catalina.authenticator.AuthenticatorBase; +import org.apache.catalina.authenticator.BasicAuthenticator; +import org.apache.catalina.authenticator.FormAuthenticator; +import org.apache.catalina.authenticator.SSLAuthenticator; +import org.apache.catalina.connector.Request; +import org.apache.catalina.deploy.LoginConfig; + +/** + * @author Endi S. Dewata + */ +public class SSLAuthenticatorWithFallback extends AuthenticatorBase { + + public final static String BASIC_AUTHENTICATOR = "BASIC"; + public final static String FORM_AUTHENTICATOR = "FORM"; + + String fallbackMethod = BASIC_AUTHENTICATOR; + + AuthenticatorBase sslAuthenticator = new SSLAuthenticator(); + AuthenticatorBase fallbackAuthenticator = new BasicAuthenticator(); + + public SSLAuthenticatorWithFallback() { + log("Creating SSL authenticator with fallback"); + } + + @Override + public String getInfo() { + return "SSL authenticator with "+fallbackMethod+" fallback."; + } + + public String getFallbackMethod() { + return fallbackMethod; + } + + public void setFallbackMethod(String fallbackMethod) { + log("Fallback method: "+fallbackMethod); + this.fallbackMethod = fallbackMethod; + + if (BASIC_AUTHENTICATOR.equalsIgnoreCase(fallbackMethod)) { + fallbackAuthenticator = new BasicAuthenticator(); + + } else if (FORM_AUTHENTICATOR.equalsIgnoreCase(fallbackMethod)) { + fallbackAuthenticator = new FormAuthenticator(); + } + + } + + @Override + public boolean authenticate(Request request, HttpServletResponse response, LoginConfig config) throws IOException { + + X509Certificate certs[] = (X509Certificate[]) request.getAttribute(Globals.CERTIFICATES_ATTR); + boolean result; + + if (certs != null && certs.length > 0) { + log("Authenticate with client certificate authentication"); + HttpServletResponseWrapper wrapper = new HttpServletResponseWrapper(response) { + public void setHeader(String name, String value) { + log("SSL auth header: "+name+"="+value); + }; + public void sendError(int code) { + log("SSL auth return code: "+code); + } + }; + result = sslAuthenticator.authenticate(request, wrapper, config); + + } else { + log("Authenticating with "+fallbackMethod+" authentication"); + HttpServletResponseWrapper wrapper = new HttpServletResponseWrapper(response) { + public void setHeader(String name, String value) { + log("Fallback auth header: "+name+"="+value); + }; + public void sendError(int code) { + log("Fallback auth return code: "+code); + } + }; + result = fallbackAuthenticator.authenticate(request, wrapper, config); + } + + if (result) + return true; + + log("Result: "+result); + + StringBuilder value = new StringBuilder(16); + value.append("Basic realm=\""); + if (config.getRealmName() == null) { + value.append(REALM_NAME); + } else { + value.append(config.getRealmName()); + } + value.append('\"'); + response.setHeader(AUTH_HEADER_NAME, value.toString()); + response.sendError(HttpServletResponse.SC_UNAUTHORIZED); + + return false; + } + + @Override + protected String getAuthMethod() { + return HttpServletRequest.CLIENT_CERT_AUTH; + }; + + @Override + public void setContainer(Container container) { + log("Setting container"); + super.setContainer(container); + sslAuthenticator.setContainer(container); + fallbackAuthenticator.setContainer(container); + } + + @Override + protected void initInternal() throws LifecycleException { + log("Initializing authenticators"); + + super.initInternal(); + + sslAuthenticator.setAlwaysUseSession(alwaysUseSession); + sslAuthenticator.init(); + + fallbackAuthenticator.setAlwaysUseSession(alwaysUseSession); + fallbackAuthenticator.init(); + } + + @Override + public void startInternal() throws LifecycleException { + log("Starting authenticators"); + super.startInternal(); + sslAuthenticator.start(); + fallbackAuthenticator.start(); + } + + @Override + public void stopInternal() throws LifecycleException { + log("Stopping authenticators"); + super.stopInternal(); + sslAuthenticator.stop(); + fallbackAuthenticator.stop(); + } + + public void log(String message) { + System.out.println("SSLAuthenticatorWithFallback: "+message); + } +} diff --git a/base/server/tomcat/src/pki-tomcat.mf b/base/server/tomcat/src/pki-tomcat.mf new file mode 100644 index 000000000..ca8d3bf1b --- /dev/null +++ b/base/server/tomcat/src/pki-tomcat.mf @@ -0,0 +1,3 @@ +Name: pki-tomcat +Specification-Version: ${APPLICATION_VERSION} +Implementation-Version: ${VERSION} |