Package waffle.servlet.spi

Source Code of waffle.servlet.spi.SecurityFilterProviderCollection

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
/**
* Waffle (https://github.com/dblock/waffle)
*
* Copyright (c) 2010 - 2014 Application Security, Inc.
*
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the Eclipse Public License v1.0
* which accompanies this distribution, and is available at
* http://www.eclipse.org/legal/epl-v10.html
*
* Contributors:
*     Application Security, Inc.
*/
package waffle.servlet.spi;

import java.io.IOException;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import java.util.ArrayList;
import java.util.List;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import waffle.util.AuthorizationHeader;
import waffle.windows.auth.IWindowsAuthProvider;
import waffle.windows.auth.IWindowsIdentity;

/**
* A collection of security filter providers.
*
* @author dblock[at]dblock[dot]org
*/
public class SecurityFilterProviderCollection {

    private static final Logger          LOGGER    = LoggerFactory.getLogger(SecurityFilterProviderCollection.class);
    private List<SecurityFilterProvider> providers = new ArrayList<SecurityFilterProvider>();

    public SecurityFilterProviderCollection(final SecurityFilterProvider[] providerArray) {
        for (SecurityFilterProvider provider : providerArray) {
            LOGGER.info("using '{}'", provider.getClass().getName());
            this.providers.add(provider);
        }
    }

    @SuppressWarnings("unchecked")
    public SecurityFilterProviderCollection(final String[] providerNames, final IWindowsAuthProvider auth) {
        for (String providerName : providerNames) {
            providerName = providerName.trim();
            LOGGER.info("loading '{}'", providerName);
            try {
                Class<SecurityFilterProvider> providerClass = (Class<SecurityFilterProvider>) Class
                        .forName(providerName);
                Constructor<SecurityFilterProvider> c = providerClass.getConstructor(IWindowsAuthProvider.class);
                SecurityFilterProvider provider = c.newInstance(auth);
                this.providers.add(provider);
            } catch (final ClassNotFoundException e) {
                LOGGER.error("error loading '{}': {}", providerName, e.getMessage());
                LOGGER.trace("{}", e);
                throw new RuntimeException(e);
            } catch (final SecurityException e) {
                LOGGER.error("error loading '{}': {}", providerName, e.getMessage());
                LOGGER.trace("{}", e);
            } catch (final NoSuchMethodException e) {
                LOGGER.error("error loading '{}': {}", providerName, e.getMessage());
                LOGGER.trace("{}", e);
            } catch (final IllegalArgumentException e) {
                LOGGER.error("error loading '{}': {}", providerName, e.getMessage());
                LOGGER.trace("{}", e);
            } catch (final InstantiationException e) {
                LOGGER.error("error loading '{}': {}", providerName, e.getMessage());
                LOGGER.trace("{}", e);
            } catch (final IllegalAccessException e) {
                LOGGER.error("error loading '{}': {}", providerName, e.getMessage());
                LOGGER.trace("{}", e);
            } catch (final InvocationTargetException e) {
                LOGGER.error("error loading '{}': {}", providerName, e.getMessage());
                LOGGER.trace("{}", e);
            }
        }
    }

    public SecurityFilterProviderCollection(final IWindowsAuthProvider auth) {
        this.providers.add(new NegotiateSecurityFilterProvider(auth));
        this.providers.add(new BasicSecurityFilterProvider(auth));
    }

    /**
     * Tests whether a specific security package is supported by any of the underlying providers.
     *
     * @param securityPackage
     *            Security package.
     * @return True if the security package is supported, false otherwise.
     */
    public boolean isSecurityPackageSupported(final String securityPackage) {
        return get(securityPackage) != null;
    }

    private SecurityFilterProvider get(final String securityPackage) {
        for (SecurityFilterProvider provider : this.providers) {
            if (provider.isSecurityPackageSupported(securityPackage)) {
                return provider;
            }
        }
        return null;
    }

    /**
     * Filter.
     *
     * @param request
     *            Http Request
     * @param response
     *            Http Response
     * @return Windows Identity or NULL.
     * @throws IOException
     *             on doFilter.
     */
    public IWindowsIdentity doFilter(final HttpServletRequest request, final HttpServletResponse response)
            throws IOException {

        final AuthorizationHeader authorizationHeader = new AuthorizationHeader(request);
        final SecurityFilterProvider provider = get(authorizationHeader.getSecurityPackage());
        if (provider == null) {
            throw new RuntimeException("Unsupported security package: " + authorizationHeader.getSecurityPackage());
        }
        return provider.doFilter(request, response);
    }

    /**
     * Returns true if authentication still needs to happen despite an existing principal.
     *
     * @param request
     *            Http Request
     * @return True if authentication is required.
     */
    public boolean isPrincipalException(final HttpServletRequest request) {

        for (SecurityFilterProvider provider : this.providers) {
            if (provider.isPrincipalException(request)) {
                return true;
            }
        }

        return false;
    }

    /**
     * Send authorization headers.
     *
     * @param response
     *            Http Response
     */
    public void sendUnauthorized(final HttpServletResponse response) {
        for (SecurityFilterProvider provider : this.providers) {
            provider.sendUnauthorized(response);
        }
    }

    /**
     * Number of providers.
     *
     * @return Number of providers.
     */
    public int size() {
        return this.providers.size();
    }

    /**
     * Get a security provider by class name.
     *
     * @param name
     *            Class name.
     * @return A security provider instance.
     * @throws ClassNotFoundException
     *             when class not found.
     */
    public SecurityFilterProvider getByClassName(final String name) throws ClassNotFoundException {
        for (SecurityFilterProvider provider : this.providers) {
            if (provider.getClass().getName().equals(name)) {
                return provider;
            }
        }
        throw new ClassNotFoundException(name);
    }
}
TOP

Related Classes of waffle.servlet.spi.SecurityFilterProviderCollection

  • waffle.servlet.NegotiateSecurityFilter
  • waffle.spring.NegotiateSecurityFilterTests
  • waffle.util.AuthorizationHeader
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.