Exemplo n.º 1
0
 public _HttpServletRequestWrapper_532(AuthenticationToken authToken, HttpServletRequest
                                       baseArg1)
     : base(baseArg1)
 {
     this.authToken = authToken;
 }
 /// <summary>This is an empty implementation, it always returns <code>TRUE</code>.</summary>
 /// <param name="token">the authentication token if any, otherwise <code>NULL</code>.
 ///     </param>
 /// <param name="request">the HTTP client request.</param>
 /// <param name="response">the HTTP client response.</param>
 /// <returns><code>TRUE</code></returns>
 /// <exception cref="System.IO.IOException">it is never thrown.</exception>
 /// <exception cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException
 ///     ">it is never thrown.</exception>
 public override bool ManagementOperation(AuthenticationToken token, HttpServletRequest
                                          request, HttpServletResponse response)
 {
     return(true);
 }
Exemplo n.º 3
0
        /// <summary>
        /// If the request has a valid authentication token it allows the request to continue to the target resource,
        /// otherwise it triggers an authentication sequence using the configured
        /// <see cref="AuthenticationHandler"/>
        /// .
        /// </summary>
        /// <param name="request">the request object.</param>
        /// <param name="response">the response object.</param>
        /// <param name="filterChain">the filter chain object.</param>
        /// <exception cref="System.IO.IOException">thrown if an IO error occurred.</exception>
        /// <exception cref="Javax.Servlet.ServletException">thrown if a processing error occurred.
        ///     </exception>
        public virtual void DoFilter(ServletRequest request, ServletResponse response, FilterChain
                                     filterChain)
        {
            bool unauthorizedResponse = true;
            int  errCode = HttpServletResponse.ScUnauthorized;
            AuthenticationException authenticationEx = null;
            HttpServletRequest      httpRequest      = (HttpServletRequest)request;
            HttpServletResponse     httpResponse     = (HttpServletResponse)response;
            bool isHttps = "https".Equals(httpRequest.GetScheme());

            try
            {
                bool newToken = false;
                AuthenticationToken token;
                try
                {
                    token = GetToken(httpRequest);
                }
                catch (AuthenticationException ex)
                {
                    Log.Warn("AuthenticationToken ignored: " + ex.Message);
                    // will be sent back in a 401 unless filter authenticates
                    authenticationEx = ex;
                    token            = null;
                }
                if (authHandler.ManagementOperation(token, httpRequest, httpResponse))
                {
                    if (token == null)
                    {
                        if (Log.IsDebugEnabled())
                        {
                            Log.Debug("Request [{}] triggering authentication", GetRequestURL(httpRequest));
                        }
                        token = authHandler.Authenticate(httpRequest, httpResponse);
                        if (token != null && token.GetExpires() != 0 && token != AuthenticationToken.Anonymous)
                        {
                            token.SetExpires(Runtime.CurrentTimeMillis() + GetValidity() * 1000);
                        }
                        newToken = true;
                    }
                    if (token != null)
                    {
                        unauthorizedResponse = false;
                        if (Log.IsDebugEnabled())
                        {
                            Log.Debug("Request [{}] user [{}] authenticated", GetRequestURL(httpRequest), token
                                      .GetUserName());
                        }
                        AuthenticationToken authToken = token;
                        httpRequest = new _HttpServletRequestWrapper_532(authToken, httpRequest);
                        if (newToken && !token.IsExpired() && token != AuthenticationToken.Anonymous)
                        {
                            string signedToken = signer.Sign(token.ToString());
                            CreateAuthCookie(httpResponse, signedToken, GetCookieDomain(), GetCookiePath(), token
                                             .GetExpires(), isHttps);
                        }
                        DoFilter(filterChain, httpRequest, httpResponse);
                    }
                }
                else
                {
                    unauthorizedResponse = false;
                }
            }
            catch (AuthenticationException ex)
            {
                // exception from the filter itself is fatal
                errCode          = HttpServletResponse.ScForbidden;
                authenticationEx = ex;
                if (Log.IsDebugEnabled())
                {
                    Log.Debug("Authentication exception: " + ex.Message, ex);
                }
                else
                {
                    Log.Warn("Authentication exception: " + ex.Message);
                }
            }
            if (unauthorizedResponse)
            {
                if (!httpResponse.IsCommitted())
                {
                    CreateAuthCookie(httpResponse, string.Empty, GetCookieDomain(), GetCookiePath(),
                                     0, isHttps);
                    // If response code is 401. Then WWW-Authenticate Header should be
                    // present.. reset to 403 if not found..
                    if ((errCode == HttpServletResponse.ScUnauthorized) && (!httpResponse.ContainsHeader
                                                                                (KerberosAuthenticator.WwwAuthenticate)))
                    {
                        errCode = HttpServletResponse.ScForbidden;
                    }
                    if (authenticationEx == null)
                    {
                        httpResponse.SendError(errCode, "Authentication required");
                    }
                    else
                    {
                        httpResponse.SendError(errCode, authenticationEx.Message);
                    }
                }
            }
        }