/*
*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*
*/
package org.apache.qpid.server.management.plugin.servlet.rest;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.security.AccessControlException;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import javax.security.auth.Subject;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.codec.binary.Base64;
import org.apache.log4j.Logger;
import org.apache.qpid.framing.AMQShortString;
import org.apache.qpid.server.logging.LogActor;
import org.apache.qpid.server.logging.RootMessageLogger;
import org.apache.qpid.server.logging.actors.CurrentActor;
import org.apache.qpid.server.logging.actors.HttpManagementActor;
import org.apache.qpid.server.management.plugin.session.LoginLogoutReporter;
import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.registry.ApplicationRegistry;
import org.apache.qpid.server.security.SecurityManager;
import org.apache.qpid.server.security.SubjectCreator;
import org.apache.qpid.server.security.auth.AuthenticationResult.AuthenticationStatus;
import org.apache.qpid.server.security.auth.SubjectAuthenticationResult;
import org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManager;
public abstract class AbstractServlet extends HttpServlet
{
private static final Logger LOGGER = Logger.getLogger(AbstractServlet.class);
private static final String ATTR_LOGIN_LOGOUT_REPORTER = "AbstractServlet.loginLogoutReporter";
private static final String ATTR_SUBJECT = "AbstractServlet.subject";
private static final String ATTR_LOG_ACTOR = "AbstractServlet.logActor";
private final Broker _broker;
private RootMessageLogger _rootLogger;
protected AbstractServlet()
{
super();
_broker = ApplicationRegistry.getInstance().getBroker();
_rootLogger = ApplicationRegistry.getInstance().getRootMessageLogger();
}
protected AbstractServlet(Broker broker)
{
_broker = broker;
_rootLogger = ApplicationRegistry.getInstance().getRootMessageLogger();
}
@Override
protected final void doGet(final HttpServletRequest request, final HttpServletResponse resp)
{
doWithSubjectAndActor(
new PrivilegedExceptionAction<Void>()
{
@Override
public Void run() throws Exception
{
doGetWithSubjectAndActor(request, resp);
return null;
}
},
request,
resp
);
}
/**
* Performs the GET action as the logged-in {@link Subject}.
* The {@link LogActor} is set before this method is called.
* Subclasses commonly override this method
*/
protected void doGetWithSubjectAndActor(HttpServletRequest request, HttpServletResponse resp) throws ServletException, IOException
{
throw new UnsupportedOperationException("GET not supported by this servlet");
}
@Override
protected final void doPost(final HttpServletRequest request, final HttpServletResponse resp)
{
doWithSubjectAndActor(
new PrivilegedExceptionAction<Void>()
{
@Override
public Void run() throws Exception
{
doPostWithSubjectAndActor(request, resp);
return null;
}
},
request,
resp
);
}
/**
* Performs the POST action as the logged-in {@link Subject}.
* The {@link LogActor} is set before this method is called.
* Subclasses commonly override this method
*/
protected void doPostWithSubjectAndActor(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException
{
throw new UnsupportedOperationException("POST not supported by this servlet");
}
@Override
protected final void doPut(final HttpServletRequest request, final HttpServletResponse resp)
{
doWithSubjectAndActor(
new PrivilegedExceptionAction<Void>()
{
@Override
public Void run() throws Exception
{
doPutWithSubjectAndActor(request, resp);
return null;
}
},
request,
resp
);
}
/**
* Performs the PUT action as the logged-in {@link Subject}.
* The {@link LogActor} is set before this method is called.
* Subclasses commonly override this method
*/
protected void doPutWithSubjectAndActor(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException
{
throw new UnsupportedOperationException("PUT not supported by this servlet");
}
@Override
protected final void doDelete(final HttpServletRequest request, final HttpServletResponse resp)
throws ServletException, IOException
{
doWithSubjectAndActor(
new PrivilegedExceptionAction<Void>()
{
@Override
public Void run() throws Exception
{
doDeleteWithSubjectAndActor(request, resp);
return null;
}
},
request,
resp
);
}
/**
* Performs the PUT action as the logged-in {@link Subject}.
* The {@link LogActor} is set before this method is called.
* Subclasses commonly override this method
*/
protected void doDeleteWithSubjectAndActor(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException
{
throw new UnsupportedOperationException("DELETE not supported by this servlet");
}
private void doWithSubjectAndActor(
PrivilegedExceptionAction<Void> privilegedExceptionAction,
final HttpServletRequest request,
final HttpServletResponse resp)
{
Subject subject;
try
{
subject = getAndCacheAuthorizedSubject(request);
}
catch (AccessControlException e)
{
sendError(resp, HttpServletResponse.SC_FORBIDDEN);
return;
}
SecurityManager.setThreadSubject(subject);
try
{
HttpManagementActor logActor = getLogActorAndCacheInSession(request);
CurrentActor.set(logActor);
try
{
Subject.doAs(subject, privilegedExceptionAction);
}
catch(RuntimeException e)
{
LOGGER.error("Unable to perform action", e);
throw e;
}
catch (PrivilegedActionException e)
{
LOGGER.error("Unable to perform action", e);
throw new RuntimeException(e.getCause());
}
finally
{
CurrentActor.remove();
}
}
finally
{
try
{
SecurityManager.setThreadSubject(null);
}
finally
{
AMQShortString.clearLocalCache();
}
}
}
/**
* Gets the logged-in {@link Subject} by trying the following:
*
* <ul>
* <li>Get it from the session</li>
* <li>Get it from the request</li>
* <li>Log in using the username and password in the Authorization HTTP header</li>
* <li>Create a Subject representing the anonymous user.</li>
* </ul>
*
* If an authenticated subject is found it is cached in the http session.
*/
private Subject getAndCacheAuthorizedSubject(HttpServletRequest request)
{
HttpSession session = request.getSession();
Subject subject = getAuthorisedSubjectFromSession(session);
if(subject != null)
{
return subject;
}
SubjectCreator subjectCreator = ApplicationRegistry.getInstance().getSubjectCreator(getSocketAddress(request));
subject = authenticate(request, subjectCreator);
if (subject != null)
{
authoriseManagement(request, subject);
setAuthorisedSubjectInSession(subject, request, session);
}
else
{
subject = subjectCreator.createSubjectWithGroups(AnonymousAuthenticationManager.ANONYMOUS_USERNAME);
}
return subject;
}
protected void authoriseManagement(HttpServletRequest request, Subject subject)
{
// TODO: We should eliminate SecurityManager.setThreadSubject in favour of Subject.doAs
SecurityManager.setThreadSubject(subject); // Required for accessManagement check
LogActor actor = createHttpManagementActor(request);
CurrentActor.set(actor);
try
{
try
{
Subject.doAs(subject, new PrivilegedExceptionAction<Void>() // Required for proper logging of Subject
{
@Override
public Void run() throws Exception
{
boolean allowed = ApplicationRegistry.getInstance().getSecurityManager().accessManagement();
if (!allowed)
{
throw new AccessControlException("User is not authorised for management");
}
return null;
}
});
}
catch (PrivilegedActionException e)
{
throw new RuntimeException("Unable to perform access check", e);
}
}
finally
{
try
{
CurrentActor.remove();
}
finally
{
SecurityManager.setThreadSubject(null);
}
}
}
private Subject authenticate(HttpServletRequest request, SubjectCreator subjectCreator)
{
Subject subject = null;
String remoteUser = request.getRemoteUser();
if(remoteUser != null)
{
subject = authenticateUserAndGetSubject(subjectCreator, remoteUser, null);
}
else
{
String header = request.getHeader("Authorization");
if (header != null)
{
String[] tokens = header.split("\\s");
if(tokens.length >= 2 && "BASIC".equalsIgnoreCase(tokens[0]))
{
if(!isBasicAuthSupported(request))
{
//TODO: write a return response indicating failure?
throw new IllegalArgumentException("BASIC Authorization is not enabled.");
}
subject = performBasicAuth(subject, subjectCreator, tokens[1]);
}
}
}
return subject;
}
private Subject performBasicAuth(Subject subject,SubjectCreator subjectCreator, String base64UsernameAndPassword)
{
String[] credentials = (new String(Base64.decodeBase64(base64UsernameAndPassword.getBytes()))).split(":",2);
if(credentials.length == 2)
{
subject = authenticateUserAndGetSubject(subjectCreator, credentials[0], credentials[1]);
}
else
{
//TODO: write a return response indicating failure?
throw new AccessControlException("Invalid number of credentials supplied: "
+ credentials.length);
}
return subject;
}
private Subject authenticateUserAndGetSubject(SubjectCreator subjectCreator, String username, String password)
{
SubjectAuthenticationResult authResult = subjectCreator.authenticate(username, password);
if( authResult.getStatus() != AuthenticationStatus.SUCCESS)
{
//TODO: write a return response indicating failure?
throw new AccessControlException("Incorrect username or password");
}
Subject subject = authResult.getSubject();
return subject;
}
private boolean isBasicAuthSupported(HttpServletRequest req)
{
return req.isSecure() ? ApplicationRegistry.getInstance().getConfiguration().getHTTPSManagementBasicAuth()
: ApplicationRegistry.getInstance().getConfiguration().getHTTPManagementBasicAuth();
}
private HttpManagementActor getLogActorAndCacheInSession(HttpServletRequest req)
{
HttpSession session = req.getSession();
HttpManagementActor actor = (HttpManagementActor) session.getAttribute(ATTR_LOG_ACTOR);
if(actor == null)
{
actor = createHttpManagementActor(req);
session.setAttribute(ATTR_LOG_ACTOR, actor);
}
return actor;
}
protected Subject getAuthorisedSubjectFromSession(HttpSession session)
{
return (Subject)session.getAttribute(ATTR_SUBJECT);
}
protected void setAuthorisedSubjectInSession(Subject subject, HttpServletRequest request, final HttpSession session)
{
session.setAttribute(ATTR_SUBJECT, subject);
LogActor logActor = createHttpManagementActor(request);
// Cause the user logon to be logged.
session.setAttribute(ATTR_LOGIN_LOGOUT_REPORTER, new LoginLogoutReporter(logActor, subject));
}
protected Broker getBroker()
{
return _broker;
}
protected SocketAddress getSocketAddress(HttpServletRequest request)
{
return InetSocketAddress.createUnresolved(request.getServerName(), request.getServerPort());
}
protected void sendError(final HttpServletResponse resp, int errorCode)
{
try
{
resp.sendError(errorCode);
}
catch (IOException e)
{
throw new RuntimeException("Failed to send error response code " + errorCode, e);
}
}
private HttpManagementActor createHttpManagementActor(HttpServletRequest request)
{
return new HttpManagementActor(_rootLogger, request.getRemoteAddr(), request.getRemotePort());
}
}