Ravi Nori has uploaded a new change for review. Change subject: aaa: Add SSO Session validation service ......................................................................
aaa: Add SSO Session validation service Add sso session validation service that determines if the session identified by the given session id is still valid Change-Id: Ie30bd3a486c201ad8ccb1bb8056bb8c97fc8dd7f Bug-Url: https://bugzilla.redhat.com/1092744 Signed-off-by: Ravi Nori <[email protected]> --- M backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/servlets/SSOContextListener.java A backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/servlets/SSOSessionListener.java A backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/servlets/SessionValidationServlet.java M backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/utils/SSOUtils.java M backend/manager/modules/enginesso/src/main/webapp/WEB-INF/web.xml 5 files changed, 58 insertions(+), 0 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/11/38011/1 diff --git a/backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/servlets/SSOContextListener.java b/backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/servlets/SSOContextListener.java index ef43b3b..ec7e518 100644 --- a/backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/servlets/SSOContextListener.java +++ b/backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/servlets/SSOContextListener.java @@ -16,6 +16,7 @@ import java.io.FileInputStream; import java.io.InputStream; import java.security.KeyStore; +import java.util.TreeSet; public class SSOContextListener implements ServletContextListener { @@ -55,6 +56,7 @@ } catch (Exception e) { throw new RuntimeException("Unable to instantiate TicketEncoder", e); } + ctx.setAttribute(SSOUtils.SSO_SESSIONS, new TreeSet<String>()); } private TicketEncoder getTicketEncoder(ServletContext ctx, SSOLocalConfig localConfig, int lifetime) throws Exception { diff --git a/backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/servlets/SSOSessionListener.java b/backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/servlets/SSOSessionListener.java new file mode 100644 index 0000000..934a1eb --- /dev/null +++ b/backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/servlets/SSOSessionListener.java @@ -0,0 +1,19 @@ +package org.ovirt.engine.core.sso.servlets; + +import org.ovirt.engine.core.sso.utils.SSOUtils; + +import javax.servlet.http.HttpSessionEvent; +import javax.servlet.http.HttpSessionListener; +import java.util.Set; + +public class SSOSessionListener implements HttpSessionListener { + @Override + public void sessionCreated(HttpSessionEvent se) { + ((Set<String>) se.getSession().getServletContext().getAttribute(SSOUtils.SSO_SESSIONS)).add(se.getSession().getId()); + } + + @Override + public void sessionDestroyed(HttpSessionEvent se) { + ((Set<String>) se.getSession().getServletContext().getAttribute(SSOUtils.SSO_SESSIONS)).remove(se.getSession().getId()); + } +} diff --git a/backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/servlets/SessionValidationServlet.java b/backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/servlets/SessionValidationServlet.java new file mode 100644 index 0000000..c910f2f --- /dev/null +++ b/backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/servlets/SessionValidationServlet.java @@ -0,0 +1,32 @@ +package org.ovirt.engine.core.sso.servlets; + +import org.apache.commons.codec.binary.Base64; +import org.apache.commons.lang.StringUtils; +import org.ovirt.engine.core.sso.utils.SSOUtils; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; +import java.net.HttpURLConnection; +import java.nio.charset.Charset; +import java.util.Set; + +public class SessionValidationServlet extends HttpServlet { + private static final long serialVersionUID = -5918206701007271897L; + + @Override + protected void service(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + String sessionId = request.getParameter("sso_session_id"); + if (StringUtils.isEmpty(sessionId) || + !((Set<String>) request.getServletContext().getAttribute(SSOUtils.SSO_SESSIONS)).contains(new String(Base64.decodeBase64(sessionId), Charset.forName("UTF-8")))) { + response.setStatus(HttpURLConnection.HTTP_INTERNAL_ERROR); + } else { + response.getWriter().print(true); + response.setStatus(HttpURLConnection.HTTP_OK); + } + } + +} diff --git a/backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/utils/SSOUtils.java b/backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/utils/SSOUtils.java index 7e2d5bf..f312862 100644 --- a/backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/utils/SSOUtils.java +++ b/backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/utils/SSOUtils.java @@ -36,6 +36,7 @@ public static final String POST_ACTION_URL = "post_action_url"; public static final String SSO_CONFIG = "config"; public static final String SSO_TICKET_ENCODER = "ticketEncoder"; + public static final String SSO_SESSIONS = "sessions"; public static final String AUTH_PROFILE_REPOSITORY = "auth_profile_repository"; public static final String DEFAULT_USER_ID = "00000000-0000-0000-0000-000000000000"; public static final String HEADER_AUTHORIZATION = "Authorization"; @@ -89,6 +90,7 @@ payload.put("profile", session.getAttribute(SSOUtils.SSO_PROFILE_ATTR_NAME)); payload.put("principalRecord", principalRecord); payload.put("authRecord", session.getAttribute(SSOUtils.SSO_AUTH_RECORD_ATTR_NAME)); + payload.put("sso_session_id", new String(Base64.encodeBase64(session.getId().getBytes()))); ObjectMapper mapper = new ObjectMapper().configure(Feature.FAIL_ON_UNKNOWN_PROPERTIES, false) .enableDefaultTyping(ObjectMapper.DefaultTyping.OBJECT_AND_NON_CONCRETE); diff --git a/backend/manager/modules/enginesso/src/main/webapp/WEB-INF/web.xml b/backend/manager/modules/enginesso/src/main/webapp/WEB-INF/web.xml index d188a0c..83b5eb6 100644 --- a/backend/manager/modules/enginesso/src/main/webapp/WEB-INF/web.xml +++ b/backend/manager/modules/enginesso/src/main/webapp/WEB-INF/web.xml @@ -6,6 +6,9 @@ <listener> <listener-class>org.ovirt.engine.core.sso.servlets.SSOContextListener</listener-class> </listener> + <listener> + <listener-class>org.ovirt.engine.core.sso.servlets.SSOSessionListener</listener-class> + </listener> <!-- Application with context parameters --> <context-param> -- To view, visit http://gerrit.ovirt.org/38011 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ie30bd3a486c201ad8ccb1bb8056bb8c97fc8dd7f Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Ravi Nori <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
