summaryrefslogtreecommitdiffstats
path: root/base/common/src/com/netscape/cms/tomcat
diff options
context:
space:
mode:
Diffstat (limited to 'base/common/src/com/netscape/cms/tomcat')
-rw-r--r--base/common/src/com/netscape/cms/tomcat/ProxyRealm.java139
-rw-r--r--base/common/src/com/netscape/cms/tomcat/SSLAuthenticatorWithFallback.java167
2 files changed, 306 insertions, 0 deletions
diff --git a/base/common/src/com/netscape/cms/tomcat/ProxyRealm.java b/base/common/src/com/netscape/cms/tomcat/ProxyRealm.java
new file mode 100644
index 000000000..094c0561f
--- /dev/null
+++ b/base/common/src/com/netscape/cms/tomcat/ProxyRealm.java
@@ -0,0 +1,139 @@
+package com.netscape.cms.tomcat;
+
+import java.beans.PropertyChangeListener;
+import java.io.IOException;
+import java.security.Principal;
+import java.security.cert.X509Certificate;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.catalina.Container;
+import org.apache.catalina.Context;
+import org.apache.catalina.Realm;
+import org.apache.catalina.Wrapper;
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
+import org.apache.catalina.deploy.SecurityConstraint;
+import org.ietf.jgss.GSSContext;
+
+/**
+ * @author Endi S. Dewata
+ */
+public class ProxyRealm implements Realm {
+
+ public static Map<String, ProxyRealm> proxies = new HashMap<String, ProxyRealm>();
+
+ public Container container;
+ public Realm realm;
+
+ public ProxyRealm() {
+ }
+
+ @Override
+ public Container getContainer() {
+ return container;
+ }
+
+ @Override
+ public void setContainer(Container container) {
+ this.container = container;
+ if (container instanceof Context) {
+ Context context = (Context)container;
+ proxies.put(context.getBaseName(), this);
+ }
+ }
+
+ public Realm getRealm() {
+ return realm;
+ }
+
+ public void setRealm(Realm realm) {
+ this.realm = realm;
+ realm.setContainer(container);
+ }
+
+ public static void registerRealm(String contextName, Realm realm) {
+ ProxyRealm proxy = proxies.get(contextName);
+ if (proxy == null) return;
+
+ proxy.setRealm(realm);
+ }
+
+ @Override
+ public Principal authenticate(String username, String password) {
+ return realm.authenticate(username, password);
+ }
+
+ @Override
+ public Principal authenticate(X509Certificate certs[]) {
+ return realm.authenticate(certs);
+ }
+
+ @Override
+ public Principal authenticate(
+ String username,
+ String digest,
+ String nonce,
+ String nc,
+ String cnonce,
+ String qop,
+ String realmName,
+ String md5a2
+ ) {
+ return realm.authenticate(username, digest, nonce, nc, cnonce, qop, realmName, md5a2);
+ }
+
+ @Override
+ public Principal authenticate(GSSContext gssContext, boolean storeCreds) {
+ return realm.authenticate(gssContext, storeCreds);
+ }
+
+ @Override
+ public boolean hasResourcePermission(
+ Request request,
+ Response response,
+ SecurityConstraint[] constraints,
+ Context context
+ ) throws IOException {
+ return realm.hasResourcePermission(request, response, constraints, context);
+ }
+
+ @Override
+ public String getInfo() {
+ return realm.getInfo();
+ }
+
+ @Override
+ public void backgroundProcess() {
+ realm.backgroundProcess();
+ }
+
+ @Override
+ public SecurityConstraint[] findSecurityConstraints(Request request, Context context) {
+ return realm.findSecurityConstraints(request, context);
+ }
+
+ @Override
+ public boolean hasRole(Wrapper wrapper, Principal principal, String role) {
+ return realm.hasRole(wrapper, principal, role);
+ }
+
+ @Override
+ public boolean hasUserDataPermission(
+ Request request,
+ Response response,
+ SecurityConstraint[] constraint
+ ) throws IOException {
+ return realm.hasUserDataPermission(request, response, constraint);
+ }
+
+ @Override
+ public void addPropertyChangeListener(PropertyChangeListener listener) {
+ realm.addPropertyChangeListener(listener);
+ }
+
+ @Override
+ public void removePropertyChangeListener(PropertyChangeListener listener) {
+ realm.removePropertyChangeListener(listener);
+ }
+}
diff --git a/base/common/src/com/netscape/cms/tomcat/SSLAuthenticatorWithFallback.java b/base/common/src/com/netscape/cms/tomcat/SSLAuthenticatorWithFallback.java
new file mode 100644
index 000000000..d1b3dc3f2
--- /dev/null
+++ b/base/common/src/com/netscape/cms/tomcat/SSLAuthenticatorWithFallback.java
@@ -0,0 +1,167 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2012 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+package com.netscape.cms.tomcat;
+
+import java.io.IOException;
+import java.security.cert.X509Certificate;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpServletResponseWrapper;
+
+import org.apache.catalina.Container;
+import org.apache.catalina.Globals;
+import org.apache.catalina.LifecycleException;
+import org.apache.catalina.authenticator.AuthenticatorBase;
+import org.apache.catalina.authenticator.BasicAuthenticator;
+import org.apache.catalina.authenticator.FormAuthenticator;
+import org.apache.catalina.authenticator.SSLAuthenticator;
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.deploy.LoginConfig;
+
+/**
+ * @author Endi S. Dewata
+ */
+public class SSLAuthenticatorWithFallback extends AuthenticatorBase {
+
+ public final static String BASIC_AUTHENTICATOR = "BASIC";
+ public final static String FORM_AUTHENTICATOR = "FORM";
+
+ String fallbackMethod = BASIC_AUTHENTICATOR;
+
+ AuthenticatorBase sslAuthenticator = new SSLAuthenticator();
+ AuthenticatorBase fallbackAuthenticator = new BasicAuthenticator();
+
+ public SSLAuthenticatorWithFallback() {
+ log("Creating SSL authenticator with fallback");
+ }
+
+ @Override
+ public String getInfo() {
+ return "SSL authenticator with "+fallbackMethod+" fallback.";
+ }
+
+ public String getFallbackMethod() {
+ return fallbackMethod;
+ }
+
+ public void setFallbackMethod(String fallbackMethod) {
+ log("Fallback method: "+fallbackMethod);
+ this.fallbackMethod = fallbackMethod;
+
+ if (BASIC_AUTHENTICATOR.equalsIgnoreCase(fallbackMethod)) {
+ fallbackAuthenticator = new BasicAuthenticator();
+
+ } else if (FORM_AUTHENTICATOR.equalsIgnoreCase(fallbackMethod)) {
+ fallbackAuthenticator = new FormAuthenticator();
+ }
+
+ }
+
+ @Override
+ public boolean authenticate(Request request, HttpServletResponse response, LoginConfig config) throws IOException {
+
+ X509Certificate certs[] = (X509Certificate[]) request.getAttribute(Globals.CERTIFICATES_ATTR);
+ boolean result;
+
+ if (certs != null && certs.length > 0) {
+ log("Authenticate with client certificate authentication");
+ HttpServletResponseWrapper wrapper = new HttpServletResponseWrapper(response) {
+ public void setHeader(String name, String value) {
+ log("SSL auth header: "+name+"="+value);
+ };
+ public void sendError(int code) {
+ log("SSL auth return code: "+code);
+ }
+ };
+ result = sslAuthenticator.authenticate(request, wrapper, config);
+
+ } else {
+ log("Authenticating with "+fallbackMethod+" authentication");
+ HttpServletResponseWrapper wrapper = new HttpServletResponseWrapper(response) {
+ public void setHeader(String name, String value) {
+ log("Fallback auth header: "+name+"="+value);
+ };
+ public void sendError(int code) {
+ log("Fallback auth return code: "+code);
+ }
+ };
+ result = fallbackAuthenticator.authenticate(request, wrapper, config);
+ }
+
+ if (result)
+ return true;
+
+ log("Result: "+result);
+
+ StringBuilder value = new StringBuilder(16);
+ value.append("Basic realm=\"");
+ if (config.getRealmName() == null) {
+ value.append(REALM_NAME);
+ } else {
+ value.append(config.getRealmName());
+ }
+ value.append('\"');
+ response.setHeader(AUTH_HEADER_NAME, value.toString());
+ response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+
+ return false;
+ }
+
+ @Override
+ protected String getAuthMethod() {
+ return HttpServletRequest.CLIENT_CERT_AUTH;
+ };
+
+ @Override
+ public void setContainer(Container container) {
+ log("Setting container");
+ super.setContainer(container);
+ sslAuthenticator.setContainer(container);
+ fallbackAuthenticator.setContainer(container);
+ }
+
+ @Override
+ protected void initInternal() throws LifecycleException {
+ log("Initializing authenticators");
+ super.initInternal();
+ sslAuthenticator.init();
+ fallbackAuthenticator.init();
+ }
+
+ @Override
+ public void startInternal() throws LifecycleException {
+ log("Starting authenticators");
+ super.startInternal();
+ sslAuthenticator.start();
+ fallbackAuthenticator.start();
+ }
+
+ @Override
+ public void stopInternal() throws LifecycleException {
+ log("Stopping authenticators");
+ super.stopInternal();
+ sslAuthenticator.stop();
+ fallbackAuthenticator.stop();
+ }
+
+ public void log(String message) {
+ System.out.println("SSLAuthenticatorWithFallback: "+message);
+ }
+}
generated by cgit (git 2.34.1) at 2024-05-04 12:41:22 +0000