Author: gnodet
Date: Thu Dec 23 16:12:51 2010
New Revision: 1052310
URL: http://svn.apache.org/viewvc?rev=1052310&view=rev
Log:
[KARAF-340] Use the authenticated subject to run the webconsole code
Added:
karaf/trunk/webconsole/console/
karaf/trunk/webconsole/console/pom.xml
karaf/trunk/webconsole/console/src/
karaf/trunk/webconsole/console/src/main/
karaf/trunk/webconsole/console/src/main/java/
karaf/trunk/webconsole/console/src/main/java/org/
karaf/trunk/webconsole/console/src/main/java/org/apache/
karaf/trunk/webconsole/console/src/main/java/org/apache/felix/
karaf/trunk/webconsole/console/src/main/java/org/apache/felix/webconsole/
karaf/trunk/webconsole/console/src/main/java/org/apache/felix/webconsole/internal/
karaf/trunk/webconsole/console/src/main/java/org/apache/felix/webconsole/internal/KarafOsgiManager.java
karaf/trunk/webconsole/console/src/main/java/org/apache/felix/webconsole/internal/KarafOsgiManagerActivator.java
Modified:
karaf/trunk/assembly/pom.xml
karaf/trunk/assembly/src/main/filtered-resources/features.xml
karaf/trunk/pom.xml
karaf/trunk/webconsole/branding/pom.xml
karaf/trunk/webconsole/branding/src/main/java/org/apache/karaf/webconsole/JaasSecurityProvider.java
karaf/trunk/webconsole/pom.xml
Modified: karaf/trunk/assembly/pom.xml
URL:
http://svn.apache.org/viewvc/karaf/trunk/assembly/pom.xml?rev=1052310&r1=1052309&r2=1052310&view=diff
==============================================================================
--- karaf/trunk/assembly/pom.xml (original)
+++ karaf/trunk/assembly/pom.xml Thu Dec 23 16:12:51 2010
@@ -189,6 +189,10 @@
</dependency>
<dependency>
<groupId>org.apache.karaf.webconsole</groupId>
+ <artifactId>org.apache.karaf.webconsole.console</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.karaf.webconsole</groupId>
<artifactId>org.apache.karaf.webconsole.features</artifactId>
</dependency>
<dependency>
Modified: karaf/trunk/assembly/src/main/filtered-resources/features.xml
URL:
http://svn.apache.org/viewvc/karaf/trunk/assembly/src/main/filtered-resources/features.xml?rev=1052310&r1=1052309&r2=1052310&view=diff
==============================================================================
--- karaf/trunk/assembly/src/main/filtered-resources/features.xml (original)
+++ karaf/trunk/assembly/src/main/filtered-resources/features.xml Thu Dec 23
16:12:51 2010
@@ -123,7 +123,7 @@
<feature>http</feature>
<bundle>mvn:org.apache.felix/org.apache.felix.metatype/${felix.metatype.version}</bundle>
<bundle>mvn:org.apache.karaf.webconsole/org.apache.karaf.webconsole.branding/${project.version}</bundle>
-
<bundle>mvn:org.apache.felix/org.apache.felix.webconsole/${felix.webconsole.version}</bundle>
+
<bundle>mvn:org.apache.karaf.webconsole/org.apache.karaf.webconsole.console/${project.version}</bundle>
</feature>
<feature name="webconsole" version="${project.version}">
<feature version="${project.version}">webconsole-base</feature>
Modified: karaf/trunk/pom.xml
URL:
http://svn.apache.org/viewvc/karaf/trunk/pom.xml?rev=1052310&r1=1052309&r2=1052310&view=diff
==============================================================================
--- karaf/trunk/pom.xml (original)
+++ karaf/trunk/pom.xml Thu Dec 23 16:12:51 2010
@@ -417,6 +417,11 @@
</dependency>
<dependency>
<groupId>org.apache.karaf.webconsole</groupId>
+ <artifactId>org.apache.karaf.webconsole.console</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.karaf.webconsole</groupId>
<artifactId>org.apache.karaf.webconsole.features</artifactId>
<version>${project.version}</version>
</dependency>
Modified: karaf/trunk/webconsole/branding/pom.xml
URL:
http://svn.apache.org/viewvc/karaf/trunk/webconsole/branding/pom.xml?rev=1052310&r1=1052309&r2=1052310&view=diff
==============================================================================
--- karaf/trunk/webconsole/branding/pom.xml (original)
+++ karaf/trunk/webconsole/branding/pom.xml Thu Dec 23 16:12:51 2010
@@ -42,9 +42,13 @@
<dependencies>
<dependency>
- <groupId>org.apache.felix</groupId>
- <artifactId>org.apache.felix.webconsole</artifactId>
- <scope>provided</scope>
+ <groupId>org.apache.karaf.webconsole</groupId>
+ <artifactId>org.apache.karaf.webconsole.console</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>org.apache.felix.webconsole</artifactId>
+ <scope>provided</scope>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
@@ -64,8 +68,9 @@
<instructions>
<Bundle-SymbolicName>${project.artifactId}</Bundle-SymbolicName>
<Bundle-DocURL>http://felix.apache.org/site/apache-karaf.html</Bundle-DocURL>
-
<Fragment-Host>org.apache.felix.webconsole;bundle-version="[3,4)"</Fragment-Host>
+
<Fragment-Host>org.apache.karaf.webconsole.console;bundle-version="[2,3)"</Fragment-Host>
<Export-Package>!*</Export-Package>
+
<Import-Package>!org.apache.felix.webconsole*,*</Import-Package>
</instructions>
</configuration>
</plugin>
Modified:
karaf/trunk/webconsole/branding/src/main/java/org/apache/karaf/webconsole/JaasSecurityProvider.java
URL:
http://svn.apache.org/viewvc/karaf/trunk/webconsole/branding/src/main/java/org/apache/karaf/webconsole/JaasSecurityProvider.java?rev=1052310&r1=1052309&r2=1052310&view=diff
==============================================================================
---
karaf/trunk/webconsole/branding/src/main/java/org/apache/karaf/webconsole/JaasSecurityProvider.java
(original)
+++
karaf/trunk/webconsole/branding/src/main/java/org/apache/karaf/webconsole/JaasSecurityProvider.java
Thu Dec 23 16:12:51 2010
@@ -17,6 +17,7 @@
package org.apache.karaf.webconsole;
import java.io.IOException;
+import java.io.UnsupportedEncodingException;
import java.security.GeneralSecurityException;
import javax.security.auth.Subject;
@@ -28,14 +29,25 @@ import javax.security.auth.callback.Unsu
import javax.security.auth.login.AccountException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginContext;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
-import org.apache.felix.webconsole.WebConsoleSecurityProvider;
+import org.apache.felix.webconsole.WebConsoleSecurityProvider2;
+import org.apache.felix.webconsole.internal.KarafOsgiManager;
+import org.apache.felix.webconsole.internal.servlet.Base64;
+import org.osgi.service.http.HttpContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-public class JaasSecurityProvider implements WebConsoleSecurityProvider {
+public class JaasSecurityProvider implements WebConsoleSecurityProvider2 {
- private static final Logger LOG =
LoggerFactory.getLogger(WebConsoleSecurityProvider.class);
+ private static final Logger LOG =
LoggerFactory.getLogger(JaasSecurityProvider.class);
+
+ private static final String HEADER_WWW_AUTHENTICATE = "WWW-Authenticate";
+
+ private static final String HEADER_AUTHORIZATION = "Authorization";
+
+ private static final String AUTHENTICATION_SCHEME_BASIC = "Basic";
private String realm;
@@ -48,6 +60,10 @@ public class JaasSecurityProvider implem
}
public Object authenticate(final String username, final String password) {
+ return doAuthenticate( username, password );
+ }
+
+ public Subject doAuthenticate(final String username, final String
password) {
try {
Subject subject = new Subject();
LoginContext loginContext = new LoginContext(realm, subject, new
CallbackHandler() {
@@ -80,4 +96,89 @@ public class JaasSecurityProvider implem
public boolean authorize(Object o, String s) {
return true;
}
+
+ public boolean authenticate( HttpServletRequest request,
HttpServletResponse response )
+ {
+ // Return immediately if the header is missing
+ String authHeader = request.getHeader( HEADER_AUTHORIZATION );
+ if ( authHeader != null && authHeader.length() > 0 )
+ {
+
+ // Get the authType (Basic, Digest) and authInfo (user/password)
+ // from the header
+ authHeader = authHeader.trim();
+ int blank = authHeader.indexOf( ' ' );
+ if ( blank > 0 )
+ {
+ String authType = authHeader.substring( 0, blank );
+ String authInfo = authHeader.substring( blank ).trim();
+
+ // Check whether authorization type matches
+ if ( authType.equalsIgnoreCase( AUTHENTICATION_SCHEME_BASIC ) )
+ {
+ try
+ {
+ String srcString = base64Decode( authInfo );
+ int i = srcString.indexOf( ':' );
+ String username = srcString.substring( 0, i );
+ String password = srcString.substring( i + 1 );
+
+ // authenticate
+ Subject subject = doAuthenticate( username, password );
+ if ( subject != null )
+ {
+ // as per the spec, set attributes
+ request.setAttribute(
HttpContext.AUTHENTICATION_TYPE, HttpServletRequest.BASIC_AUTH );
+ request.setAttribute( HttpContext.REMOTE_USER,
username );
+
+ // set web console user attribute
+ request.setAttribute(
WebConsoleSecurityProvider2.USER_ATTRIBUTE, username );
+
+ // set the JAAS subject
+ request.setAttribute(
KarafOsgiManager.SUBJECT_RUN_AS, subject );
+
+ // succeed
+ return true;
+ }
+ }
+ catch ( Exception e )
+ {
+ // Ignore
+ }
+ }
+ }
+ }
+
+ // request authentication
+ try
+ {
+ response.setHeader( HEADER_WWW_AUTHENTICATE,
AUTHENTICATION_SCHEME_BASIC + " realm=\"" + this.realm + "\"" );
+ response.setStatus( HttpServletResponse.SC_UNAUTHORIZED );
+ response.setContentLength( 0 );
+ response.flushBuffer();
+ }
+ catch ( IOException ioe )
+ {
+ // failed sending the response ... cannot do anything about it
+ }
+
+ // inform HttpService that authentication failed
+ return false;
+ }
+
+
+ private static String base64Decode( String srcString )
+ {
+ byte[] transformed = Base64.decodeBase64(srcString);
+ try
+ {
+ return new String( transformed, "ISO-8859-1" );
+ }
+ catch ( UnsupportedEncodingException uee )
+ {
+ return new String( transformed );
+ }
+ }
+
+
}
Added: karaf/trunk/webconsole/console/pom.xml
URL:
http://svn.apache.org/viewvc/karaf/trunk/webconsole/console/pom.xml?rev=1052310&view=auto
==============================================================================
--- karaf/trunk/webconsole/console/pom.xml (added)
+++ karaf/trunk/webconsole/console/pom.xml Thu Dec 23 16:12:51 2010
@@ -0,0 +1,160 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/xsd/maven-4.0.0.xsd";>
+
+ <!--
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+ <modelVersion>4.0.0</modelVersion>
+
+ <parent>
+ <groupId>org.apache.karaf.webconsole</groupId>
+ <artifactId>webconsole</artifactId>
+ <version>2.1.99-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>org.apache.karaf.webconsole.console</artifactId>
+ <packaging>bundle</packaging>
+ <name>Apache Karaf :: Web Console :: Console</name>
+
+ <description>Apache Felix webconsole rebundled with small security related
changes.
+ </description>
+
+ <properties>
+
<appendedResourcesDirectory>${basedir}/../../etc/appended-resources</appendedResourcesDirectory>
+ </properties>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.geronimo.specs</groupId>
+ <artifactId>geronimo-servlet_2.5_spec</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.osgi</groupId>
+ <artifactId>org.osgi.core</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.osgi</groupId>
+ <artifactId>org.osgi.compendium</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>org.apache.felix.webconsole</artifactId>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-api</artifactId>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>commons-fileupload</groupId>
+ <artifactId>commons-fileupload</artifactId>
+ <version>1.1.1</version>
+ <scope>provided</scope>
+ <optional>true</optional>
+ </dependency>
+ <dependency>
+ <groupId>commons-io</groupId>
+ <artifactId>commons-io</artifactId>
+ <version>1.4</version>
+ <scope>provided</scope>
+ <optional>true</optional>
+ </dependency>
+ <dependency>
+ <groupId>org.json</groupId>
+ <artifactId>json</artifactId>
+ <version>20070829</version>
+ <scope>provided</scope>
+ <optional>true</optional>
+ </dependency>
+ </dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-bundle-plugin</artifactId>
+ <version>${felix.plugin.version}</version>
+ <extensions>true</extensions>
+ <configuration>
+ <instructions>
+ <Bundle-SymbolicName>
+ ${artifactId}
+ </Bundle-SymbolicName>
+ <Bundle-Vendor>
+ The Apache Software Foundation
+ </Bundle-Vendor>
+ <Bundle-DocURL>
+
http://felix.apache.org/site/apache-felix-web-console.html
+ </Bundle-DocURL>
+ <Bundle-Activator>
+
org.apache.felix.webconsole.internal.KarafOsgiManagerActivator
+ </Bundle-Activator>
+ <Export-Package>
+ org.apache.felix.webconsole;version=3.1.2
+ </Export-Package>
+ <Private-Package>
+ !org.apache.felix.webconsole,
+ org.apache.felix.webconsole.*,
+ </Private-Package>
+ <Import-Package>
+
org.apache.felix.scr;version=1.0;resolution:=optional,
+ org.osgi.service.http,
+ org.apache.felix.shell;
+ org.osgi.service.*;resolution:=optional,
+ javax.portlet;resolution:=optional,
+ javax.servlet.*;version=2.4,
+ *
+ </Import-Package>
+ <DynamicImport-Package>
+ org.apache.felix.bundlerepository,
+ org.osgi.service.obr
+ </DynamicImport-Package>
+ <Embed-Dependency>
+ <!-- Webconsole -->
+ org.apache.felix.webconsole;inline=**,
+
+ <!-- Import/Export-Package parsing -->
+
org.apache.felix.utils;inline=org/apache/felix/utils/manifest/**,
+
org.apache.felix.framework;inline=org/apache/felix/framework/util/VersionRange**,
+
+ <!-- ServiceTracker -->
+ org.osgi.compendium;
+ inline=org/osgi/util/tracker/*,
+
+ <!-- Required for JSON data transfer -->
+ json,
+
+ <!-- File Upload functionality -->
+ commons-fileupload,
+
+ <!-- Required by FileUpload and Util -->
+ commons-io
+ </Embed-Dependency>
+
+ <_removeheaders>
+ Embed-Dependency,Private-Package,Include-Resource
+ </_removeheaders>
+ </instructions>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+
+</project>
Added:
karaf/trunk/webconsole/console/src/main/java/org/apache/felix/webconsole/internal/KarafOsgiManager.java
URL:
http://svn.apache.org/viewvc/karaf/trunk/webconsole/console/src/main/java/org/apache/felix/webconsole/internal/KarafOsgiManager.java?rev=1052310&view=auto
==============================================================================
---
karaf/trunk/webconsole/console/src/main/java/org/apache/felix/webconsole/internal/KarafOsgiManager.java
(added)
+++
karaf/trunk/webconsole/console/src/main/java/org/apache/felix/webconsole/internal/KarafOsgiManager.java
Thu Dec 23 16:12:51 2010
@@ -0,0 +1,69 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.felix.webconsole.internal;
+
+import java.io.IOException;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+import javax.security.auth.Subject;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+
+import org.apache.felix.webconsole.internal.servlet.OsgiManager;
+import org.osgi.framework.BundleContext;
+
+public class KarafOsgiManager extends OsgiManager {
+
+ public static final String SUBJECT_RUN_AS = "karaf.subject.runas";
+
+ public KarafOsgiManager(BundleContext bundleContext) {
+ super(bundleContext);
+ }
+
+ @Override
+ public void service(final ServletRequest req, final ServletResponse res)
throws ServletException, IOException {
+ Object obj = req.getAttribute(SUBJECT_RUN_AS);
+ if (obj instanceof Subject) {
+ try {
+ Subject.doAs((Subject) obj, new
PrivilegedExceptionAction<Object>() {
+ public Object run() throws Exception {
+ doService(req, res);
+ return null;
+ }
+ });
+ } catch (PrivilegedActionException e) {
+ Exception cause = e.getException();
+ if (cause instanceof ServletException) {
+ throw (ServletException) cause;
+ }
+ if (cause instanceof IOException) {
+ throw (IOException) cause;
+ }
+ throw new ServletException(cause);
+ }
+ } else {
+ super.service(req, res);
+ }
+ }
+
+ protected void doService(final ServletRequest req, final ServletResponse
res) throws ServletException, IOException {
+ super.service(req, res);
+ }
+}
Added:
karaf/trunk/webconsole/console/src/main/java/org/apache/felix/webconsole/internal/KarafOsgiManagerActivator.java
URL:
http://svn.apache.org/viewvc/karaf/trunk/webconsole/console/src/main/java/org/apache/felix/webconsole/internal/KarafOsgiManagerActivator.java?rev=1052310&view=auto
==============================================================================
---
karaf/trunk/webconsole/console/src/main/java/org/apache/felix/webconsole/internal/KarafOsgiManagerActivator.java
(added)
+++
karaf/trunk/webconsole/console/src/main/java/org/apache/felix/webconsole/internal/KarafOsgiManagerActivator.java
Thu Dec 23 16:12:51 2010
@@ -0,0 +1,56 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.felix.webconsole.internal;
+
+
+import org.osgi.framework.BundleActivator;
+import org.osgi.framework.BundleContext;
+
+
+/**
+ * This is the main, starting class of the Bundle. It initializes and disposes
+ * the Apache Web Console upon bundle lifecycle requests.
+ */
+public class KarafOsgiManagerActivator implements BundleActivator
+{
+
+ private KarafOsgiManager osgiManager;
+
+
+ /**
+ * @see
org.osgi.framework.BundleActivator#start(org.osgi.framework.BundleContext)
+ */
+ public void start( BundleContext bundleContext )
+ {
+ osgiManager = new KarafOsgiManager( bundleContext );
+ }
+
+
+ /**
+ * @see
org.osgi.framework.BundleActivator#stop(org.osgi.framework.BundleContext)
+ */
+ public void stop( BundleContext arg0 )
+ {
+ if ( osgiManager != null )
+ {
+ osgiManager.dispose();
+ }
+ }
+
+}
Modified: karaf/trunk/webconsole/pom.xml
URL:
http://svn.apache.org/viewvc/karaf/trunk/webconsole/pom.xml?rev=1052310&r1=1052309&r2=1052310&view=diff
==============================================================================
--- karaf/trunk/webconsole/pom.xml (original)
+++ karaf/trunk/webconsole/pom.xml Thu Dec 23 16:12:51 2010
@@ -33,9 +33,10 @@
<name>Apache Karaf :: Web Console</name>
<modules>
+ <module>console</module>
+ <module>branding</module>
<module>features</module>
<module>gogo</module>
- <module>branding</module>
<module>admin</module>
</modules>
