Extract common base class for SSLAuthenticatorWithFallback

Two Tomcat version-specific implementations of SSLAuthenticatorWithFallback exist, with much duplicate code. Extract an abstract base class 'AbstractPKIAuthenticator' and implement just the unique bits in the concrete classes. Part of: https://fedorahosted.org/pki/ticket/1359
author: Fraser Tweedale <ftweedal@redhat.com> 2015-12-03 16:09:04 +1100
committer: Fraser Tweedale <ftweedal@redhat.com> 2016-01-21 19:59:17 +1000
commit: 67ac39227e5db83c7a4a7ad72364f3dcd30db05e (patch)
tree: 62fbd3b5a12f71d35676089f405b2d2e42285011 /base/server/tomcat7/src/com
parent: cbcdeddc2e794be3955edf20ea1597e58c443ba6 (diff)
download: pki-67ac39227e5db83c7a4a7ad72364f3dcd30db05e.tar.gz
pki-67ac39227e5db83c7a4a7ad72364f3dcd30db05e.tar.xz
pki-67ac39227e5db83c7a4a7ad72364f3dcd30db05e.zip
1 files changed, 18 insertions, 125 deletions
diff --git a/base/server/tomcat7/src/com/netscape/cms/tomcat/SSLAuthenticatorWithFallback.java b/base/server/tomcat7/src/com/netscape/cms/tomcat/SSLAuthenticatorWithFallback.java
index 20bf85d22..38c2431d8 100644
--- a/base/server/tomcat7/src/com/netscape/cms/tomcat/SSLAuthenticatorWithFallback.java
+++ b/base/server/tomcat7/src/com/netscape/cms/tomcat/SSLAuthenticatorWithFallback.java
@@ -19,154 +19,47 @@
 package com.netscape.cms.tomcat;
 
 import java.io.IOException;
-import java.security.cert.X509Certificate;
+import java.lang.ThreadLocal;
 
-import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpServletResponseWrapper;
 
-import org.apache.catalina.Container;
-import org.apache.catalina.Globals;
-import org.apache.catalina.LifecycleException;
-import org.apache.catalina.authenticator.AuthenticatorBase;
-import org.apache.catalina.authenticator.BasicAuthenticator;
-import org.apache.catalina.authenticator.FormAuthenticator;
-import org.apache.catalina.authenticator.SSLAuthenticator;
+import org.apache.catalina.Authenticator;
 import org.apache.catalina.connector.Request;
 import org.apache.catalina.deploy.LoginConfig;
 
 /**
  * @author Endi S. Dewata
  */
-public class SSLAuthenticatorWithFallback extends AuthenticatorBase {
+public class SSLAuthenticatorWithFallback extends AbstractPKIAuthenticator {
 
-    public final static String BASIC_AUTHENTICATOR = "BASIC";
-    public final static String FORM_AUTHENTICATOR = "FORM";
-
-    String fallbackMethod = BASIC_AUTHENTICATOR;
-
-    AuthenticatorBase sslAuthenticator = new SSLAuthenticator();
-    AuthenticatorBase fallbackAuthenticator = new BasicAuthenticator();
-
-    public SSLAuthenticatorWithFallback() {
-        log("Creating SSL authenticator with fallback");
-    }
+    protected static final ThreadLocal<LoginConfig> loginConfig =
+        new ThreadLocal<>();
 
     @Override
     public String getInfo() {
         return "SSL authenticator with "+fallbackMethod+" fallback.";
     }
 
-    public String getFallbackMethod() {
-        return fallbackMethod;
-    }
-
-    public void setFallbackMethod(String fallbackMethod) {
-        log("Fallback method: "+fallbackMethod);
-        this.fallbackMethod = fallbackMethod;
-
-        if (BASIC_AUTHENTICATOR.equalsIgnoreCase(fallbackMethod)) {
-            fallbackAuthenticator = new BasicAuthenticator();
-
-        } else if (FORM_AUTHENTICATOR.equalsIgnoreCase(fallbackMethod)) {
-            fallbackAuthenticator = new FormAuthenticator();
-        }
-
-    }
-
-    @Override
-    public boolean authenticate(Request request, HttpServletResponse response, LoginConfig config) throws IOException {
-
-        X509Certificate certs[] = (X509Certificate[]) request.getAttribute(Globals.CERTIFICATES_ATTR);
-        boolean result;
-
-        if (certs != null && certs.length > 0) {
-            log("Authenticate with client certificate authentication");
-            HttpServletResponseWrapper wrapper = new HttpServletResponseWrapper(response) {
-                public void setHeader(String name, String value) {
-                    log("SSL auth header: "+name+"="+value);
-                };
-                public void sendError(int code) {
-                    log("SSL auth return code: "+code);
-                }
-            };
-            result = sslAuthenticator.authenticate(request, wrapper, config);
-
-        } else {
-            log("Authenticating with "+fallbackMethod+" authentication");
-            HttpServletResponseWrapper wrapper = new HttpServletResponseWrapper(response) {
-                public void setHeader(String name, String value) {
-                    log("Fallback auth header: "+name+"="+value);
-                };
-                public void sendError(int code) {
-                    log("Fallback auth return code: "+code);
-                }
-            };
-            result = fallbackAuthenticator.authenticate(request, wrapper, config);
-        }
-
-        if (result)
-            return true;
-
-        log("Result: "+result);
-
-        StringBuilder value = new StringBuilder(16);
-        value.append("Basic realm=\"");
-        if (config.getRealmName() == null) {
-            value.append(REALM_NAME);
-        } else {
-            value.append(config.getRealmName());
-        }
-        value.append('\"');
-        response.setHeader(AUTH_HEADER_NAME, value.toString());
-        response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
-
-        return false;
-    }
-
-    @Override
-    protected String getAuthMethod() {
-        return HttpServletRequest.CLIENT_CERT_AUTH;
-    };
-
-    @Override
-    public void setContainer(Container container) {
-        log("Setting container");
-        super.setContainer(container);
-        sslAuthenticator.setContainer(container);
-        fallbackAuthenticator.setContainer(container);
-    }
-
     @Override
-    protected void initInternal() throws LifecycleException {
-        log("Initializing authenticators");
-
-        super.initInternal();
-
-        sslAuthenticator.setAlwaysUseSession(alwaysUseSession);
-        sslAuthenticator.init();
-
-        fallbackAuthenticator.setAlwaysUseSession(alwaysUseSession);
-        fallbackAuthenticator.init();
+    public boolean doSubAuthenticate(
+            Authenticator auth, Request req, HttpServletResponse resp)
+            throws IOException {
+        return auth.authenticate(req, resp, loginConfig.get());
     }
 
     @Override
-    public void startInternal() throws LifecycleException {
-        log("Starting authenticators");
-        super.startInternal();
-        sslAuthenticator.start();
-        fallbackAuthenticator.start();
+    public String doGetRealmName(Request request /* ignored */) {
+        return loginConfig.get().getRealmName();
     }
 
     @Override
-    public void stopInternal() throws LifecycleException {
-        log("Stopping authenticators");
-        super.stopInternal();
-        sslAuthenticator.stop();
-        fallbackAuthenticator.stop();
+    public boolean authenticate(Request request, HttpServletResponse response, LoginConfig config) throws IOException {
+        loginConfig.set(config);
+        try {
+            return doAuthenticate(request, response);
+        } finally {
+            loginConfig.remove();
+        }
     }
 
-    public void log(String message) {
-        System.out.println("SSLAuthenticatorWithFallback: "+message);
-    }
 }
author	Fraser Tweedale <ftweedal@redhat.com>	2015-12-03 16:09:04 +1100
committer	Fraser Tweedale <ftweedal@redhat.com>	2016-01-21 19:59:17 +1000
commit	67ac39227e5db83c7a4a7ad72364f3dcd30db05e (patch)
tree	62fbd3b5a12f71d35676089f405b2d2e42285011 /base/server/tomcat7/src/com
parent	cbcdeddc2e794be3955edf20ea1597e58c443ba6 (diff)
download	pki-67ac39227e5db83c7a4a7ad72364f3dcd30db05e.tar.gz pki-67ac39227e5db83c7a4a7ad72364f3dcd30db05e.tar.xz pki-67ac39227e5db83c7a4a7ad72364f3dcd30db05e.zip