Author: reto
Date: Mon Jun 10 07:20:29 2013
New Revision: 1491355
URL: http://svn.apache.org/r1491355
Log:
STANBOL-1094: wotking around JERSEY-1926 issue in security
Modified:
stanbol/branches/commons-ng/commons/jobs/web/src/main/java/org/apache/stanbol/commons/jobs/web/resources/JobsResource.java
stanbol/branches/commons-ng/commons/security/authentication.basic/src/main/java/org/apache/stanbol/commons/authentication/basic/BasicAuthentication.java
stanbol/branches/commons-ng/commons/security/core/src/main/java/org/apache/stanbol/commons/security/auth/AuthenticatingFilter.java
stanbol/branches/commons-ng/commons/security/usermanagement/pom.xml
stanbol/branches/commons-ng/commons/web/base.jersey/src/main/java/org/apache/stanbol/commons/web/base/jersey/JerseyEndpoint.java
stanbol/branches/commons-ng/launchers/bundlelists/security/pom.xml
stanbol/branches/commons-ng/launchers/bundlelists/security/src/main/bundles/list.xml
stanbol/branches/commons-ng/launchers/mini/pom.xml
Modified:
stanbol/branches/commons-ng/commons/jobs/web/src/main/java/org/apache/stanbol/commons/jobs/web/resources/JobsResource.java
URL:
http://svn.apache.org/viewvc/stanbol/branches/commons-ng/commons/jobs/web/src/main/java/org/apache/stanbol/commons/jobs/web/resources/JobsResource.java?rev=1491355&r1=1491354&r2=1491355&view=diff
==============================================================================
---
stanbol/branches/commons-ng/commons/jobs/web/src/main/java/org/apache/stanbol/commons/jobs/web/resources/JobsResource.java
(original)
+++
stanbol/branches/commons-ng/commons/jobs/web/src/main/java/org/apache/stanbol/commons/jobs/web/resources/JobsResource.java
Mon Jun 10 07:20:29 2013
@@ -39,13 +39,14 @@ import org.apache.felix.scr.annotations.
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.Service;
-import org.apache.stanbol.commons.viewable.Viewable;
+
import org.apache.stanbol.commons.web.base.resource.BaseStanbolResource;
import org.apache.stanbol.commons.jobs.api.Job;
import org.apache.stanbol.commons.jobs.api.JobInfo;
import org.apache.stanbol.commons.jobs.api.JobManager;
import org.apache.stanbol.commons.jobs.api.JobResult;
import org.apache.stanbol.commons.jobs.impl.JobInfoImpl;
+import org.apache.stanbol.commons.web.viewable.Viewable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
Modified:
stanbol/branches/commons-ng/commons/security/authentication.basic/src/main/java/org/apache/stanbol/commons/authentication/basic/BasicAuthentication.java
URL:
http://svn.apache.org/viewvc/stanbol/branches/commons-ng/commons/security/authentication.basic/src/main/java/org/apache/stanbol/commons/authentication/basic/BasicAuthentication.java?rev=1491355&r1=1491354&r2=1491355&view=diff
==============================================================================
---
stanbol/branches/commons-ng/commons/security/authentication.basic/src/main/java/org/apache/stanbol/commons/authentication/basic/BasicAuthentication.java
(original)
+++
stanbol/branches/commons-ng/commons/security/authentication.basic/src/main/java/org/apache/stanbol/commons/authentication/basic/BasicAuthentication.java
Mon Jun 10 07:20:29 2013
@@ -123,7 +123,7 @@ public class BasicAuthentication impleme
"Basic realm=\"Apache Stanbol authentication
needed\"");
final java.io.InputStream pipedIn = new
ByteArrayInputStream(message.getBytes());
response.setHeader("Content-Length",
""+message.getBytes().length);
- response.getOutputStream().write(message.getBytes());
+ response.getOutputStream().write(message.getBytes());
}
@Override
Modified:
stanbol/branches/commons-ng/commons/security/core/src/main/java/org/apache/stanbol/commons/security/auth/AuthenticatingFilter.java
URL:
http://svn.apache.org/viewvc/stanbol/branches/commons-ng/commons/security/core/src/main/java/org/apache/stanbol/commons/security/auth/AuthenticatingFilter.java?rev=1491355&r1=1491354&r2=1491355&view=diff
==============================================================================
---
stanbol/branches/commons-ng/commons/security/core/src/main/java/org/apache/stanbol/commons/security/auth/AuthenticatingFilter.java
(original)
+++
stanbol/branches/commons-ng/commons/security/core/src/main/java/org/apache/stanbol/commons/security/auth/AuthenticatingFilter.java
Mon Jun 10 07:20:29 2013
@@ -19,11 +19,14 @@
package org.apache.stanbol.commons.security.auth;
import java.io.IOException;
+import java.io.OutputStream;
+import java.io.PrintWriter;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Comparator;
import java.util.Iterator;
+import java.util.Locale;
import java.util.Set;
import java.util.SortedSet;
import java.util.TreeSet;
@@ -33,10 +36,13 @@ import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
+import javax.servlet.ServletOutputStream;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
+import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpServletResponseWrapper;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Properties;
@@ -49,141 +55,196 @@ import org.apache.stanbol.commons.securi
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-
-@Component(immediate=true)
+@Component(immediate = true)
@Service(Filter.class)
@Properties(value = {
- @Property(name="pattern",value=".*"),
+ @Property(name = "pattern", value = ".*"),
@Property(name = "service.ranking", intValue = Integer.MAX_VALUE)
})
-@Reference(name="weightedAuthenticationMethod",
- cardinality=ReferenceCardinality.MANDATORY_MULTIPLE,
- policy=ReferencePolicy.DYNAMIC,
- referenceInterface=WeightedAuthenticationMethod.class)
+@Reference(name = "weightedAuthenticationMethod",
+ cardinality = ReferenceCardinality.MANDATORY_MULTIPLE,
+ policy = ReferencePolicy.DYNAMIC,
+ referenceInterface = WeightedAuthenticationMethod.class)
public class AuthenticatingFilter implements Filter {
-
- private final Logger logger =
LoggerFactory.getLogger(AuthenticatingFilter.class);
- private SortedSet<WeightedAuthenticationMethod> methodList =
- new TreeSet<WeightedAuthenticationMethod>(new
WeightedAuthMethodComparator());
-
-
- private Subject getSubject() {
- Subject subject = UserUtil.getCurrentSubject();
- if (subject== null) {
- subject = new Subject();
- }
- return subject;
- }
-
- /**
- * Registers a <code>WeightedAuthenticationMethod</code>
- *
- * @param method the method to be registered
- */
- protected void
bindWeightedAuthenticationMethod(WeightedAuthenticationMethod method) {
- methodList.add(method);
- }
-
- /**
- * Unregister a <code>WeightedAuthenticationMethod</code>
- *
- * @param method the method to be unregistered
- */
- protected void
unbindWeightedAuthenticationMethod(WeightedAuthenticationMethod method) {
- methodList.remove(method);
- }
-
- /**
- * Compares the WeightedAuthenticationMethods, descending for weight
and ascending by name
- */
- static class WeightedAuthMethodComparator
- implements Comparator<WeightedAuthenticationMethod> {
-
- @Override
- public int compare(WeightedAuthenticationMethod o1,
- WeightedAuthenticationMethod o2) {
- int o1Weight = o1.getWeight();
- int o2Weight = o2.getWeight();
- if (o1Weight != o2Weight) {
- return o2Weight - o1Weight;
- }
- return
o1.getClass().toString().compareTo(o2.getClass().toString());
- }
- }
-
- private void writeLoginResponse(final HttpServletRequest request, final
HttpServletResponse response, Throwable e) throws ServletException, IOException
{
- for (AuthenticationMethod authMethod : methodList) {
- if (authMethod.writeLoginResponse(request, response,
e)) {
- break;
- }
- }
- }
-
- @Override
- public void init(FilterConfig filterConfig) throws ServletException {
- // TODO Auto-generated method stub
-
- }
-
- @Override
- public void doFilter(final ServletRequest servletRequest, final
ServletResponse servletResponse,
- final FilterChain chain) throws IOException,
ServletException {
-
- logger.debug("filtering request");
- final HttpServletRequest request = (HttpServletRequest)
servletRequest;
- final HttpServletResponse response = (HttpServletResponse)
servletResponse;
- final Subject subject = getSubject();
- {
- AuthenticationMethod authenticationMethod = null;
- try {
- for (Iterator<WeightedAuthenticationMethod> it
= methodList.iterator(); it.hasNext();) {
- authenticationMethod = it.next();
- if
(authenticationMethod.authenticate(request,subject)) {
- break;
- }
- }
- } catch (LoginException ex) {
- if
(!authenticationMethod.writeLoginResponse(request, response, ex)) {
- writeLoginResponse(request, response,
ex);
- }
- return;
- }
- }
-
- Set<Principal> principals = subject.getPrincipals();
- if (principals.size() == 0) {
- principals.add(UserUtil.ANONYMOUS);
- }
- try {
- Subject.doAsPrivileged(subject, new
PrivilegedExceptionAction<Object>() {
-
- @Override
- public Object run() throws Exception {
- chain.doFilter(request, response);
- return null;
- }
- }, null);
-
- } catch (PrivilegedActionException e) {
- Throwable cause = e.getCause();
- if (cause instanceof ServletException) {
- throw (ServletException) cause;
- }
- if (cause instanceof RuntimeException) {
- throw (RuntimeException) cause;
- }
- throw new RuntimeException(e);
- } catch (SecurityException e) {
- logger.debug("SecurityException: {}", e);
- writeLoginResponse(request, response, e);
- }
-
- }
-
- @Override
- public void destroy() {
- // TODO Auto-generated method stub
-
- }
+ private final Logger logger =
LoggerFactory.getLogger(AuthenticatingFilter.class);
+ private SortedSet<WeightedAuthenticationMethod> methodList =
+ new TreeSet<WeightedAuthenticationMethod>(new
WeightedAuthMethodComparator());
+
+ private Subject getSubject() {
+ Subject subject = UserUtil.getCurrentSubject();
+ if (subject == null) {
+ subject = new Subject();
+ }
+ return subject;
+ }
+
+ /**
+ * Registers a
+ * <code>WeightedAuthenticationMethod</code>
+ *
+ * @param method the method to be registered
+ */
+ protected void
bindWeightedAuthenticationMethod(WeightedAuthenticationMethod method) {
+ methodList.add(method);
+ }
+
+ /**
+ * Unregister a
+ * <code>WeightedAuthenticationMethod</code>
+ *
+ * @param method the method to be unregistered
+ */
+ protected void
unbindWeightedAuthenticationMethod(WeightedAuthenticationMethod method) {
+ methodList.remove(method);
+ }
+
+ /**
+ * Compares the WeightedAuthenticationMethods, descending for weight and
+ * ascending by name
+ */
+ static class WeightedAuthMethodComparator
+ implements Comparator<WeightedAuthenticationMethod> {
+
+ @Override
+ public int compare(WeightedAuthenticationMethod o1,
+ WeightedAuthenticationMethod o2) {
+ int o1Weight = o1.getWeight();
+ int o2Weight = o2.getWeight();
+ if (o1Weight != o2Weight) {
+ return o2Weight - o1Weight;
+ }
+ return
o1.getClass().toString().compareTo(o2.getClass().toString());
+ }
+ }
+
+ private void writeLoginResponse(final HttpServletRequest request, final
HttpServletResponse response, Throwable e) throws ServletException, IOException
{
+ logger.debug("SecurityException: {}", e);
+ try {
+ for (AuthenticationMethod authMethod : methodList) {
+ if (authMethod.writeLoginResponse(request, response, e)) {
+ break;
+ }
+ }
+ } catch (IOException ex) {
+ //only needed because jetty is doing a bad job at logging
+ logger.error("Exception writing loging respone", e);
+ throw ex;
+ }
+ }
+
+ @Override
+ public void init(FilterConfig filterConfig) throws ServletException {
+ // TODO Auto-generated method stub
+ }
+
+ @Override
+ public void doFilter(final ServletRequest servletRequest, final
ServletResponse servletResponse,
+ final FilterChain chain) throws IOException, ServletException {
+
+ logger.debug("filtering request");
+ final HttpServletRequest request = (HttpServletRequest) servletRequest;
+ final HttpServletResponse response = (HttpServletResponse)
servletResponse;
+ final Subject subject = getSubject();
+ {
+ AuthenticationMethod authenticationMethod = null;
+ try {
+ for (Iterator<WeightedAuthenticationMethod> it =
methodList.iterator(); it.hasNext();) {
+ authenticationMethod = it.next();
+ if (authenticationMethod.authenticate(request, subject)) {
+ break;
+ }
+ }
+ } catch (LoginException ex) {
+ if (!authenticationMethod.writeLoginResponse(request,
response, ex)) {
+ writeLoginResponse(request, response, ex);
+ }
+ return;
+ }
+ }
+
+ Set<Principal> principals = subject.getPrincipals();
+ if (principals.size() == 0) {
+ principals.add(UserUtil.ANONYMOUS);
+ }
+ //the response wrapping is because of JERSEY-1926
+ final ServletOutputStream[] out = new ServletOutputStream[1];
+ final boolean[] closed = new boolean[1];
+ final String[] sentErrorMsg = new String[1];
+ final int[] sentErrorCode = new int[1];
+ sentErrorCode[0] = -1;
+ try {
+ Subject.doAsPrivileged(subject, new
PrivilegedExceptionAction<Object>() {
+ @Override
+ public Object run() throws Exception {
+ HttpServletResponse wrapped = new
HttpServletResponseWrapper(response) {
+ @Override
+ public ServletOutputStream getOutputStream() throws
IOException {
+ final ServletOutputStream orig =
response.getOutputStream();
+ out[0] = orig;
+ return new ServletOutputStream() {
+
+ @Override
+ public void write(int i) throws IOException {
+ orig.write(i);
+ }
+
+ @Override
+ public void close() throws IOException {
+ closed[0] = true;
+ }
+
+ };
+ }
+
+
+ @Override
+ public void sendError(int sc, String msg) throws
IOException {
+ sentErrorCode[0] = sc;
+ sentErrorMsg[0] = msg;
+ }
+
+ };
+ chain.doFilter(request, wrapped);
+ return null;
+ }
+ }, null);
+
+ } catch (PrivilegedActionException e) {
+ Throwable cause = e.getCause();
+ if (cause instanceof ServletException) {
+ if (cause.getCause() instanceof SecurityException) {
+ //working around JERSEY-1926
+ writeLoginResponse(request, response,
+ (SecurityException) cause.getCause());
+ } else {
+ throw (ServletException) cause;
+ }
+ }
+ if (cause instanceof RuntimeException) {
+ throw (RuntimeException) cause;
+ }
+ throw new RuntimeException(e);
+ } catch (SecurityException e) {
+ writeLoginResponse(request, response, e);
+ }
+ if (!response.isCommitted()) {
+ if (closed[0]) {
+ try {
+ out[0].close();
+ } catch (IOException e) {
+ //do nothing
+ }
+ }
+ if (sentErrorCode[0] > -1) {
+ response.sendError(sentErrorCode[0], sentErrorMsg[0]);
+ }
+ }
+
+ }
+
+ @Override
+ public void destroy() {
+ // TODO Auto-generated method stub
+ }
}
Modified: stanbol/branches/commons-ng/commons/security/usermanagement/pom.xml
URL:
http://svn.apache.org/viewvc/stanbol/branches/commons-ng/commons/security/usermanagement/pom.xml?rev=1491355&r1=1491354&r2=1491355&view=diff
==============================================================================
--- stanbol/branches/commons-ng/commons/security/usermanagement/pom.xml
(original)
+++ stanbol/branches/commons-ng/commons/security/usermanagement/pom.xml Mon Jun
10 07:20:29 2013
@@ -107,7 +107,7 @@
<dependency>
<groupId>org.apache.stanbol</groupId>
<artifactId>org.apache.stanbol.commons.ldpathtemplate</artifactId>
- <version>0.12.0-SNAPSHOT</version>
+ <version>1.0.0-SNAPSHOT</version>
</dependency>
<dependency>
@@ -139,7 +139,7 @@
<dependency>
<groupId>org.apache.stanbol</groupId>
<artifactId>org.apache.stanbol.commons.web.viewable</artifactId>
- <version>0.12.0-SNAPSHOT</version>
+ <version>1.0.0-SNAPSHOT</version>
</dependency>
<!-- OSGi tax -->
Modified:
stanbol/branches/commons-ng/commons/web/base.jersey/src/main/java/org/apache/stanbol/commons/web/base/jersey/JerseyEndpoint.java
URL:
http://svn.apache.org/viewvc/stanbol/branches/commons-ng/commons/web/base.jersey/src/main/java/org/apache/stanbol/commons/web/base/jersey/JerseyEndpoint.java?rev=1491355&r1=1491354&r2=1491355&view=diff
==============================================================================
---
stanbol/branches/commons-ng/commons/web/base.jersey/src/main/java/org/apache/stanbol/commons/web/base/jersey/JerseyEndpoint.java
(original)
+++
stanbol/branches/commons-ng/commons/web/base.jersey/src/main/java/org/apache/stanbol/commons/web/base/jersey/JerseyEndpoint.java
Mon Jun 10 07:20:29 2013
@@ -167,7 +167,6 @@ public class JerseyEndpoint {
} else {
exposedHeaders = new HashSet<String>();
}
-
if (!webFragments.isEmpty()) {
initJersey();
}
@@ -175,6 +174,10 @@ public class JerseyEndpoint {
/** Initialize the Jersey subsystem */
private synchronized void initJersey() throws NamespaceException,
ServletException {
+ if (componentContext == null) {
+ //we have not yet been activated
+ return;
+ }
//temporary workaround for STANBOL-1073
InputStream in = new ByteArrayInputStream(
"<http://example.org/me> <http://xmlns.com/foaf/0.1/name>
\"Jane Doe\" .".getBytes());
Modified: stanbol/branches/commons-ng/launchers/bundlelists/security/pom.xml
URL:
http://svn.apache.org/viewvc/stanbol/branches/commons-ng/launchers/bundlelists/security/pom.xml?rev=1491355&r1=1491354&r2=1491355&view=diff
==============================================================================
--- stanbol/branches/commons-ng/launchers/bundlelists/security/pom.xml
(original)
+++ stanbol/branches/commons-ng/launchers/bundlelists/security/pom.xml Mon Jun
10 07:20:29 2013
@@ -21,13 +21,13 @@
<parent>
<groupId>org.apache.stanbol</groupId>
<artifactId>stanbol-parent</artifactId>
- <version>4-SNAPSHOT</version>
+ <version>5-SNAPSHOT</version>
<relativePath>../../../parent</relativePath>
</parent>
<groupId>org.apache.stanbol</groupId>
<artifactId>org.apache.stanbol.launchers.bundlelists.security</artifactId>
- <version>0.10.0-SNAPSHOT</version>
+ <version>1.0.0-SNAPSHOT</version>
<packaging>partialbundlelist</packaging>
<name>Apache Stanbol Bundlelist for Security</name>
Modified:
stanbol/branches/commons-ng/launchers/bundlelists/security/src/main/bundles/list.xml
URL:
http://svn.apache.org/viewvc/stanbol/branches/commons-ng/launchers/bundlelists/security/src/main/bundles/list.xml?rev=1491355&r1=1491354&r2=1491355&view=diff
==============================================================================
---
stanbol/branches/commons-ng/launchers/bundlelists/security/src/main/bundles/list.xml
(original)
+++
stanbol/branches/commons-ng/launchers/bundlelists/security/src/main/bundles/list.xml
Mon Jun 10 07:20:29 2013
@@ -21,7 +21,7 @@
<bundle>
<groupId>org.apache.clerezza</groupId>
<artifactId>platform.config</artifactId>
- <version>0.3-incubating</version>
+ <version>0.4-SNAPSHOT</version>
</bundle>
<bundle>
<groupId>org.apache.clerezza</groupId>
@@ -53,5 +53,20 @@
<artifactId>org.apache.stanbol.commons.security.usermanagement</artifactId>
<version>0.12.0-SNAPSHOT</version>
</bundle>
+ <!-- <bundle>
+ <groupId>org.apache.clerezza</groupId>
+ <artifactId>platform.security</artifactId>
+ <version>0.8-incubating</version>
+ </bundle> -->
+ <!-- <bundle>
+ <groupId>org.apache.clerezza</groupId>
+ <artifactId>platform</artifactId>
+ <version>0.1-incubating</version>
+ </bundle> -->
+ <bundle>
+ <groupId>org.apache.clerezza</groupId>
+ <artifactId>platform.graphprovider.content</artifactId>
+ <version>0.6-incubating</version>
+ </bundle>
</startLevel>
</bundles>
Modified: stanbol/branches/commons-ng/launchers/mini/pom.xml
URL:
http://svn.apache.org/viewvc/stanbol/branches/commons-ng/launchers/mini/pom.xml?rev=1491355&r1=1491354&r2=1491355&view=diff
==============================================================================
--- stanbol/branches/commons-ng/launchers/mini/pom.xml (original)
+++ stanbol/branches/commons-ng/launchers/mini/pom.xml Mon Jun 10 07:20:29 2013
@@ -180,22 +180,15 @@
</dependency>
<!-- Security Support -->
- <!-- getting exception about missing RuntimePermission anonymous actually
has <dependency>
+ <!-- getting exception about missing RuntimePermission anonymous actually
has -->
+ <dependency>
<groupId>org.apache.stanbol</groupId>
<artifactId>org.apache.stanbol.launchers.bundlelists.security</artifactId>
- <version>0.10.0-SNAPSHOT</version>
+ <version>1.0.0-SNAPSHOT</version>
<type>partialbundlelist</type>
<scope>provided</scope>
- </dependency> -->
+ </dependency>
- <!-- Security currently depends on zzshell! -->
- <dependency>
- <groupId>org.apache.stanbol</groupId>
- <artifactId>org.apache.stanbol.launchers.bundlelists.zzshell</artifactId>
- <version>0.10.0-SNAPSHOT</version>
- <type>partialbundlelist</type>
- <scope>provided</scope>
- </dependency>
</dependencies>
</project>
