Mercurial > lada > lada-server
view src/main/java/de/intevation/lada/util/auth/ShibbolethFilter.java @ 1089:719129c13666
Fix regression of Rev 37952c111f71.
Rev 37952c111f71 led to wiping away every role given in a comma
separated list after the first comma, which also broke the automatic
tests.
author | Tom Gottfried <tom@intevation.de> |
---|---|
date | Thu, 13 Oct 2016 19:46:28 +0200 |
parents | 37952c111f71 |
children | 186d602e031a |
line wrap: on
line source
/* Copyright (C) 2015 by Bundesamt fuer Strahlenschutz * Software engineering by Intevation GmbH * * This file is Free Software under the GNU GPL (v>=3) * and comes with ABSOLUTELY NO WARRANTY! Check out * the documentation coming with IMIS-Labordaten-Application for details. */ package de.intevation.lada.util.auth; import java.io.IOException; import java.io.InputStream; import java.util.HashSet; import java.util.Set; import java.util.Properties; import javax.inject.Inject; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.annotation.WebFilter; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.log4j.Logger; /** ServletFilter used for Shibboleth authentification. */ @WebFilter({"/rest/*", "/data/*"}) public class ShibbolethFilter implements Filter { private static final String CONFIG_FILE = "/shibboleth.properties"; private String applicationId = "default"; @Inject private Logger logger = Logger.getLogger(ShibbolethFilter.class); @Override public void init(FilterConfig filterConfig) throws ServletException { /* Read config and initialize configuration variables */ Properties properties = new Properties(); InputStream stream = null; try { stream = getClass().getResourceAsStream(CONFIG_FILE); properties.load(stream); stream.close(); } catch (java.io.FileNotFoundException e) { logger.error ("Failed to find config file: " + CONFIG_FILE); } catch (java.io.IOException e) { logger.error ("Failed to read config file: " + CONFIG_FILE); } //applicationId = properties.getProperty("applicationId"); } @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { if (!(request instanceof HttpServletRequest)) { throw new ServletException("Unsupported request!"); } if (!(response instanceof HttpServletResponse)) { throw new ServletException("Unsupported request!"); } HttpServletRequest httpRequest = (HttpServletRequest)request; HttpServletResponse httpResponse = (HttpServletResponse)response; //Enumeration<String> headers = httpRequest.getHeaderNames(); //while(headers.hasMoreElements()) { // String name = headers.nextElement(); // logger.debug("key: " + name + " value: " + httpRequest.getHeader(name)); //} String user = httpRequest.getHeader("X-SHIB-user"); String roles = httpRequest.getHeader("X-SHIB-roles"); //String appId = httpRequest.getHeader("X_SHIB-applicationId"); //if (!applicationId.equals(appId)) { // httpResponse.reset(); // httpResponse.setStatus(401); // httpResponse.getOutputStream().print("{\"success\":false,\"message\":\"698\",\"data\":" + // "\"Not authenticated via the Lada application!\",\"errors\":{},\"warnings\":{}," + // "\"readonly\":false,\"totalCount\":0}"); // httpResponse.getOutputStream().flush(); // return; //} if (user == null || "".equals(user)) { httpResponse.reset(); httpResponse.setStatus(401); httpResponse.getOutputStream().print("{\"success\":false,\"message\":\"698\",\"data\":" + "\"No valid user found!\",\"errors\":{},\"warnings\":{}," + "\"readonly\":false,\"totalCount\":0}"); httpResponse.getOutputStream().flush(); return; } Set<String> rolesValue = extractRoles(roles); if (rolesValue == null || rolesValue.isEmpty()) { httpResponse.reset(); httpResponse.setStatus(401); httpResponse.getOutputStream().print("{\"success\":false,\"message\":\"698\",\"data\":" + "\"No valid role found!\",\"errors\":{},\"warnings\":{}," + "\"readonly\":false,\"totalCount\":0}"); httpResponse.getOutputStream().flush(); return; } String roleAttribute = ""; for (String r : rolesValue) { roleAttribute += r + ","; } roleAttribute = roleAttribute.substring(0, roleAttribute.length() - 2); httpRequest.setAttribute("lada.user.roles", rolesValue); httpRequest.setAttribute("lada.user.name", user); chain.doFilter(request, response); return; } @Override public void destroy() { } private Set<String> extractRoles(String roles) { Set<String> groups = new HashSet<>(); if (roles == null || "".equals(roles) || "(null)".equals(roles)) { return groups; } else { String[] groupStrings = roles.split(";"); String item; for (int i = 0; i < groupStrings.length; i++) { String[] items = groupStrings[i].trim().split(","); for (int j = 0; j < items.length; j++) { groups.add(items[j].replace("cn=", "").trim()); } } return groups; } } }