public void removePropertyValue(PropertyTypeDefinition propDef) throws Exception {
RequestContext requestContext = RequestContext.getRequestContext();
Repository repository = requestContext.getRepository();
String token = SecurityContext.getSecurityContext().getToken();
Path uri = requestContext.getResourceURI();
Resource resource = repository.retrieve(token, uri, true);
if (resource.getProperty(propDef) != null) {
resource.removeProperty(propDef);
repository.store(token, resource);
}
}
public void setPropertyDateValue(PropertyTypeDefinition datePropDef, Date date) throws Exception {
RequestContext requestContext = RequestContext.getRequestContext();
Repository repository = requestContext.getRepository();
String token = SecurityContext.getSecurityContext().getToken();
Path uri = requestContext.getResourceURI();
Resource resource = repository.retrieve(token, uri, true);
Property dateProp = resource.getProperty(datePropDef);
if (dateProp == null) {
dateProp = datePropDef.createProperty();
resource.addProperty(dateProp);
}
dateProp.setDateValue(date);
repository.store(token, resource);
}
public void setUp() throws Exception {
BaseContext.pushContext();
SecurityContext securityContext = new SecurityContext(null, null);
SecurityContext.setSecurityContext(securityContext);
RequestContext requestContext =
new RequestContext(
mockRequest,
securityContext,
mockService,
null,
getRequestPath(),
null,
false,
false,
true,
mockRepository);
RequestContext.setRequestContext(requestContext);
}
public boolean postAuthentication(HttpServletRequest req, HttpServletResponse resp) {
String authHeader = req.getHeader("Authorization");
if (authHeader == null) {
return false;
}
String headerFields = authHeader.substring("Digest: ".length() - 1);
String nonce = HttpUtil.extractHeaderField(headerFields, "nonce");
String opaque = HttpUtil.extractHeaderField(headerFields, "opaque");
if (nonce == null || opaque == null) {
return false;
}
Principal principal = SecurityContext.getSecurityContext().getPrincipal();
if (principal == null) {
return false;
}
if (this.maintainState) {
StateEntry entry = (StateEntry) this.stateMap.remove(nonce + ":" + opaque);
if (entry == null) {
return false;
}
Date timestamp = new Date();
String nextNonce = this.generateNonce();
entry.setUsername(principal.getQualifiedName());
entry.setNonce(nextNonce);
entry.setTimestamp(timestamp);
entry.setNonceCount(entry.getNonceCount() + 1);
entry.setStale(false);
this.stateMap.put(nextNonce + ":" + opaque, entry);
resp.addHeader("Authentication-Info", "nextnonce=" + nextNonce);
}
return false;
}
/** @see vtk.web.ContextInitializer#destroyContext() */
public void destroyContext() {
if (logger.isDebugEnabled()) {
logger.debug("Destroying security context: " + SecurityContext.getSecurityContext());
}
SecurityContext.setSecurityContext(null);
}
/**
* Logs out the client from the authentication system. Clears the {@link SecurityContext} and
* removes the principal from the {@link TokenManager}. Finally, calls the authentication
* handler's {@link AuthenticationHandler#logout logout} method.
*
* @param request the request
* @param response the response
* @return the return value of the authentication handler's <code>logout()</code> method.
* @throws AuthenticationProcessingException if an underlying problem prevented the request from
* being processed
* @throws IOException
* @throws ServletException
* @see AuthenticationHandler#logout
*/
public boolean logout(HttpServletRequest request, HttpServletResponse response)
throws AuthenticationProcessingException, ServletException, IOException {
if (!SecurityContext.exists()) {
return false;
}
SecurityContext securityContext = SecurityContext.getSecurityContext();
Principal principal = securityContext.getPrincipal();
if (principal == null) {
return false;
}
AuthenticationHandler handler =
this.tokenManager.getAuthenticationHandler(securityContext.getToken());
// FIXME: what if handler.isLogoutSupported() == false?
boolean result = handler.logout(principal, request, response);
String status = result ? "OK" : "FAIL";
if (authLogger.isDebugEnabled()) {
authLogger.debug(
request.getRemoteAddr()
+ " - request-URI: "
+ request.getRequestURI()
+ " - "
+ "logout_method: Logout: principal: '"
+ principal
+ "' - method: '"
+ handler.getIdentifier()
+ "' - status: "
+ status);
}
this.tokenManager.removeToken(securityContext.getToken());
SecurityContext.setSecurityContext(null);
if (this.rememberAuthMethod) {
List<String> spCookies = new ArrayList<String>();
spCookies.add(vrtxAuthSP);
spCookies.add(uioAuthIDP);
if (this.cookieLinksEnabled) {
spCookies.add(VRTXLINK_COOKIE);
}
for (String cookie : spCookies) {
Cookie c = getCookie(request, cookie);
if (c != null) {
if (logger.isDebugEnabled()) {
logger.debug("Deleting cookie " + cookie);
}
c = new Cookie(cookie, c.getValue());
if (!cookie.equals(VRTXLINK_COOKIE)) {
c.setSecure(true);
}
c.setPath("/");
if (this.spCookieDomain != null && !cookie.equals(VRTXLINK_COOKIE)) {
c.setDomain(this.spCookieDomain);
}
c.setMaxAge(0);
response.addCookie(c);
}
}
}
return result;
}
/**
* Removes authentication state from the authentication system. The {@link SecurityContext} is
* cleared, the current principal is removed from the {@link TokenManager}, but the {@link
* AuthenticationHandler#logout logout} process is not initiated.
*
* @return <code>true</code> if any state was removed, <code>false</code> otherwise
*/
public boolean removeAuthState(HttpServletRequest request, HttpServletResponse response) {
if (!SecurityContext.exists()) {
return false;
}
SecurityContext securityContext = SecurityContext.getSecurityContext();
Principal principal = securityContext.getPrincipal();
if (principal == null) {
return false;
}
this.tokenManager.removeToken(securityContext.getToken());
SecurityContext.setSecurityContext(null);
if (authLogger.isDebugEnabled()) {
authLogger.debug(
request.getRemoteAddr()
+ " - request-URI: "
+ request.getRequestURI()
+ " - "
+ "removeAuthState_method: Logout: principal: '"
+ principal
+ "' - method: '<none>' - status: OK");
}
if (this.rememberAuthMethod) {
List<String> spCookies = new ArrayList<String>();
spCookies.add(vrtxAuthSP);
spCookies.add(uioAuthIDP);
spCookies.add(VRTXLINK_COOKIE);
for (String cookie : spCookies) {
Cookie c = getCookie(request, cookie);
if (c != null) {
if (logger.isDebugEnabled()) {
logger.debug("Deleting cookie " + cookie);
}
if (authLogger.isDebugEnabled()) {
authLogger.debug(
request.getRemoteAddr()
+ " - request-URI: "
+ request.getRequestURI()
+ " - "
+ "Deleting cookie "
+ cookie);
}
c = new Cookie(cookie, c.getValue());
if (!cookie.equals(VRTXLINK_COOKIE)) {
c.setSecure(true);
}
c.setPath("/");
if (this.spCookieDomain != null && !cookie.equals(VRTXLINK_COOKIE)) {
c.setDomain(this.spCookieDomain);
}
c.setMaxAge(0);
response.addCookie(c);
}
}
}
HttpSession session = request.getSession(false);
if (session != null) {
session.invalidate();
}
return true;
}
/**
* @param req
* @param resp
* @return <code>true</code> if request processing should continue after context has been created,
* <code>false</code> otherwise (which means that security context initialization handles a
* challenge or any authentication post-processing requests by itself).
* @throws AuthenticationProcessingException
* @throws ServletException
* @throws IOException
*/
public boolean createContext(HttpServletRequest req, HttpServletResponse resp)
throws AuthenticationProcessingException, ServletException, IOException {
/**
* HttpSession session = getSession(req); String token = null;
*
* <p>if (session != null) { token = (String) session.getAttribute(SECURITY_TOKEN_SESSION_ATTR);
* }
*/
String token = getToken(req, resp);
if (token != null) {
Principal principal = this.tokenManager.getPrincipal(token);
if (principal != null) {
if (logger.isDebugEnabled()) {
logger.debug(
"Found valid token '"
+ token
+ "', principal "
+ principal
+ " in request session, setting security context");
}
SecurityContext.setSecurityContext(new SecurityContext(token, principal));
if (getCookie(req, VRTXLINK_COOKIE) == null && this.cookieLinksEnabled) {
UUID cookieLinkID = this.cookieLinkStore.addToken(req, token);
Cookie c = new Cookie(VRTXLINK_COOKIE, cookieLinkID.toString());
c.setPath("/");
resp.addCookie(c);
if (logger.isDebugEnabled()) {
logger.debug("Setting cookie: " + c + ": " + cookieLinkID.toString());
}
}
return true;
}
if (logger.isDebugEnabled()) {
logger.debug(
"Invalid token '"
+ token
+ "' in request session, "
+ "will proceed to check authentication");
}
}
for (AuthenticationHandler handler : this.authenticationHandlers) {
if (handler.isRecognizedAuthenticationRequest(req)) {
if (logger.isDebugEnabled()) {
logger.debug(
"Request "
+ req
+ " is recognized as an authentication attempt by handler "
+ handler
+ ", will try to authenticate");
}
try {
AuthResult result = handler.authenticate(req);
if (result == null) {
throw new IllegalStateException(
"Principal handler returned NULL AuthResult: " + handler + " for request " + req);
}
Principal principal =
this.principalFactory.getPrincipal(result.getUID(), Principal.Type.USER);
// boolean valid = this.principalManager.validatePrincipal(principal);
// if (!valid) {
// logger.warn("Unknown principal: " + principal + " returned by authentication handler "
// + handler + ". " + "Not setting security context.");
//
// throw new IllegalStateException("Invalid principal: " + principal);
// }
if (logger.isDebugEnabled()) {
logger.debug(
"Successfully authenticated principal: "
+ principal
+ " using authentication handler "
+ handler
+ ". "
+ "Setting security context.");
}
if (authLogger.isDebugEnabled()) {
authLogger.debug(
req.getRemoteAddr()
+ " - request-URI: "
+ req.getRequestURI()
+ " - "
+ "Auth: principal: '"
+ principal
+ "' - method: '"
+ handler.getIdentifier()
+ "' - status: OK");
}
token = this.tokenManager.newToken(principal, handler);
SecurityContext securityContext =
new SecurityContext(token, this.tokenManager.getPrincipal(token));
SecurityContext.setSecurityContext(securityContext);
HttpSession session = req.getSession(true);
session.setAttribute(SECURITY_TOKEN_SESSION_ATTR, token);
onSuccessfulAuthentication(req, resp, handler, token);
if (!handler.postAuthentication(req, resp)) {
if (logger.isDebugEnabled()) {
logger.debug(
"Authentication post-processing completed by authentication handler "
+ handler
+ ", request processing will proceed");
}
return true;
}
if (logger.isDebugEnabled()) {
logger.debug(
"Authentication post-processing completed by authentication handler "
+ handler
+ ", response already committed.");
}
return false;
} catch (AuthenticationException exception) {
AuthenticationChallenge challenge = handler.getAuthenticationChallenge();
if (logger.isDebugEnabled()) {
logger.debug(
"Authentication attempt "
+ req
+ " rejected by "
+ "handler "
+ handler
+ " with message "
+ exception.getMessage()
+ ", presenting challenge "
+ challenge
+ " to the client");
}
if (authLogger.isDebugEnabled()) {
authLogger.debug(
req.getRemoteAddr()
+ " - request-URI: "
+ req.getRequestURI()
+ " - "
+ "Auth: request: '"
+ req.getRequestURI()
+ "' - method: '"
+ handler.getIdentifier()
+ "' - status: FAIL ");
authLogger.debug(
req.getRemoteAddr()
+ " - request-URI: "
+ req.getRequestURI()
+ " - "
+ "Authentication attempt "
+ req
+ " rejected by "
+ "handler "
+ handler
+ " with message "
+ exception.getMessage()
+ ", presenting challenge "
+ challenge
+ " to the client");
}
doChallenge(req, resp, challenge);
return false;
}
}
}
if (logger.isDebugEnabled()) {
logger.debug(
"Request "
+ req
+ " is not recognized as an authentication "
+ "attempt by any authentication handler. Creating default "
+ "security context.");
}
SecurityContext.setSecurityContext(new SecurityContext(null, null));
return true;
}
