net.sf.jguard.jee.provisioning.HttpServletProvisioningServicePoint.java Source code

Java tutorial

Introduction

Here is the source code for net.sf.jguard.jee.provisioning.HttpServletProvisioningServicePoint.java

Source

/*
jGuard is a security framework based on top of jaas (java authentication and authorization security).
it is written for web applications, to resolve simply, access control problems.
version $Name$
http://sourceforge.net/projects/jguard/
    
Copyright (C) 2004  Charles Lescot
    
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
    
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
Lesser General Public License for more details.
    
You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
    
    
jGuard project home page:
http://sourceforge.net/projects/jguard/
    
*/

package net.sf.jguard.jee.provisioning;

import net.sf.jguard.core.authentication.StatefulAuthenticationServicePoint;
import net.sf.jguard.core.authentication.credentials.JGuardCredential;
import net.sf.jguard.core.authentication.exception.AuthenticationException;
import net.sf.jguard.core.authentication.manager.AuthenticationManager;
import net.sf.jguard.core.authorization.filters.LastAccessDeniedFilter;
import net.sf.jguard.core.authorization.permissions.URLPermission;
import net.sf.jguard.core.lifecycle.Request;
import net.sf.jguard.core.lifecycle.Response;
import net.sf.jguard.core.principals.SubjectTemplate;
import net.sf.jguard.core.provisioning.ProvisioningServicePoint;
import net.sf.jguard.core.util.CryptUtils;
import net.sf.jguard.core.util.XMLUtils;
import net.sf.jguard.jee.HttpConstants;
import net.sf.jguard.jee.HttpServletRequestAdapter;
import net.sf.jguard.jee.lifecycle.AnonymizerRequestWrapper;
import org.dom4j.Document;
import org.dom4j.Element;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import javax.inject.Inject;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.net.URL;
import java.security.NoSuchAlgorithmException;
import java.security.Permission;
import java.security.Permissions;
import java.util.*;

/**
 * @author <a href="mailto:diabolo512@users.sourceforge.net">Charles Lescot</a>
 */
public class HttpServletProvisioningServicePoint
        implements ProvisioningServicePoint<HttpServletRequest, HttpServletResponse> {

    private static final Logger logger = LoggerFactory
            .getLogger(HttpServletProvisioningServicePoint.class.getName());
    private String registerURI;
    private URLPermission registerProcessPermission;
    private URLPermission registerPermission;
    private static final String J_GUARD_FILTER_2_0_0_XSD = "jGuardFilter_2.0.0.xsd";
    private AuthenticationManager authenticationManager;

    /**
     * Creates a new instance of HttpServletProvisioningServicePoint
     */
    @Inject
    public HttpServletProvisioningServicePoint(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    public void init(URL location) {
        setSettings(loadFilterConfiguration(location));

    }

    public Permission getRegisterPermission() {
        return registerPermission;
    }

    public Permission getRegisterProcessPermission() {
        return registerProcessPermission;
    }

    public boolean registerProcess(Request<HttpServletRequest> req, Response<HttpServletResponse> res) {
        boolean registerSucceed = registerCoreProcess(req);
        HttpServletRequest request = req.get();
        HttpServletResponse response = res.get();
        boolean result = false;
        if (!registerSucceed) {
            logger.debug(" registration failed ", " registerProcess phase ");

            if (!response.isCommitted()) {
                try {
                    if (URLPermission.REDIRECT.equalsIgnoreCase(registerPermission.getDispatch())) {
                        response.sendRedirect(response.encodeRedirectURL(request.getContextPath() + registerURI));
                    } else {
                        request.getRequestDispatcher(registerURI).forward(request, response);
                    }
                } catch (IOException e) {
                    logger.warn(" we cannot dispatch to " + request.getContextPath() + registerURI + " because "
                            + e.getMessage());
                } catch (ServletException e) {
                    logger.warn(" we cannot dispatch to " + request.getContextPath() + registerURI + " because "
                            + e.getMessage());
                }
            } else {
                logger.warn(" we cannot dispatch to " + request.getContextPath() + registerURI
                        + " because response is already commited ");
            }
            result = false;
        } else {
            logger.debug(" registration succeed ", " registerProcess phase ");
            //the user is registered and we submit directly its credentials to the authentication phase
            request.getSession(true).removeAttribute(StatefulAuthenticationServicePoint.LOGIN_CONTEXT_WRAPPER);
            request.getSession(true).removeAttribute(LastAccessDeniedFilter.LAST_ACCESS_DENIED_PERMISSION);
            result = true;

        }
        return result;
    }

    /**
     * register the user against the @link SubjectTemplate.
     *
     * @param req
     * @return true if registration succeed, false otherwise
     */
    public boolean registerCoreProcess(Request<HttpServletRequest> req) {
        HttpServletRequest request = req.get();
        boolean success;
        SubjectTemplate st = null;
        try {
            st = buildSubjectTemplate(request);
        } catch (AuthenticationException e1) {
            logger.error(" subject template cannot be built ", e1);
            return false;
        }
        String passwordField = "password";
        Set<JGuardCredential> credentials = st.getRequiredCredentials();
        JGuardCredential passwordCredential = null;
        for (JGuardCredential cred : credentials) {
            if (cred.getName().equals(passwordField)) {
                passwordCredential = cred;
                break;
            }

        }

        if (passwordCredential == null) {
            logger.warn("JGuardTagCredential matching  passwordField not found in the SubjectTemplate");
            success = false;
            return success;
        }
        char[] password = (passwordCredential.getValue().toString()).toCharArray();

        try {
            credentials.remove(passwordCredential);
            credentials.add(new JGuardCredential(passwordCredential.getName(),
                    CryptUtils.cryptPassword(password).toString()));
        } catch (NoSuchAlgorithmException ex) {
            logger.warn(ex.getMessage());
            success = false;
            return success;
        }

        try {
            authenticationManager.createUser(st, authenticationManager.getDefaultOrganization());
            success = true;
        } catch (AuthenticationException e) {
            logger.debug(" registrationProcess failed ");
            success = false;
        }

        return success;
    }

    public Request<HttpServletRequest> anonymize(Request<HttpServletRequest> req) {
        HttpServletRequest request = req.get();
        return new HttpServletRequestAdapter(new AnonymizerRequestWrapper(request));
    }

    /**
     * fill in the SubjectTemplate the credentials from HttpServletRequest.
     *
     * @param req HttpServletRequest
     * @return SubjectTemplate filled.
     * @throws AuthenticationException
     */
    private SubjectTemplate buildSubjectTemplate(HttpServletRequest req) throws AuthenticationException {
        SubjectTemplate defaultSt = authenticationManager.getDefaultOrganization().getSubjectTemplate();
        SubjectTemplate st = new SubjectTemplate();

        //private required credentials
        Set privateCredRequiredFromDefaultSt = defaultSt.getPrivateRequiredCredentials();
        Set<JGuardCredential> privRequiredCred = grabRegistrationForm(req, privateCredRequiredFromDefaultSt);
        st.setPrivateRequiredCredentials(privRequiredCred);

        //public required credentials
        Set publicCredRequiredFromDefaultSt = defaultSt.getPublicRequiredCredentials();
        Set<JGuardCredential> pubRequiredCred = grabRegistrationForm(req, publicCredRequiredFromDefaultSt);
        st.setPublicRequiredCredentials(pubRequiredCred);

        //public optional credentials
        Set publicCredOptionalFromDefaultSt = defaultSt.getPublicOptionalCredentials();
        Set<JGuardCredential> pubOptionalCred = grabRegistrationForm(req, publicCredOptionalFromDefaultSt);
        st.setPublicOptionalCredentials(pubOptionalCred);

        //public optional credentials
        Set privateCredOptionalFromDefaultSt = defaultSt.getPrivateOptionalCredentials();
        Set<JGuardCredential> privOptionalCred = grabRegistrationForm(req, privateCredOptionalFromDefaultSt);
        st.setPrivateOptionalCredentials(privOptionalCred);

        return st;
    }

    /**
     * build a set of credentials by grabbing data from HttpServletRequest.
     *
     * @param req                      HttpServletRequest
     * @param credentialsFromDefaultSt
     * @return Set of {@link JGuardCredential}
     */
    private static Set<JGuardCredential> grabRegistrationForm(HttpServletRequest req,
            Set credentialsFromDefaultSt) {
        Iterator itCredentials = credentialsFromDefaultSt.iterator();
        Set<JGuardCredential> credSet = new HashSet<JGuardCredential>();
        while (itCredentials.hasNext()) {
            JGuardCredential jcredFromDefault = (JGuardCredential) itCredentials.next();

            //test if we've found the credential in the http request
            if (req.getParameter(jcredFromDefault.getName()) != null) {

                try {
                    JGuardCredential jcred = new JGuardCredential(jcredFromDefault.getName(),
                            req.getParameter(jcredFromDefault.getName()));
                    credSet.add(jcred);
                } catch (IllegalArgumentException iae) {
                    logger.warn(" the property " + jcredFromDefault.getName()
                            + " doesn't exist in the HttpServletRequest ");
                }
            }

        }
        return credSet;
    }

    /**
     * load configuration from an XML file.
     *
     * @param configurationLocation
     * @return Map containing filter configuration
     */
    private Map<String, String> loadFilterConfiguration(URL configurationLocation) {
        URL url = Thread.currentThread().getContextClassLoader().getResource(J_GUARD_FILTER_2_0_0_XSD);
        Document doc = XMLUtils.read(configurationLocation, url);

        Element authentication = doc.getRootElement();
        Map<String, String> filterSettings = new HashMap<String, String>();
        if (authentication.element(HttpConstants.REGISTER_PROCESS_URI) != null) {
            filterSettings.put(HttpConstants.REGISTER_PROCESS_URI,
                    authentication.element(HttpConstants.REGISTER_PROCESS_URI).getTextTrim());
        }
        if (authentication.element(HttpConstants.REGISTER_URI) != null) {
            filterSettings.put(HttpConstants.REGISTER_URI,
                    authentication.element(HttpConstants.REGISTER_URI).getTextTrim());
        }

        filterSettings.put(HttpConstants.AUTH_SCHEME,
                authentication.element(HttpConstants.AUTH_SCHEME).getTextTrim());
        Element loginElement = authentication.element(HttpConstants.LOGIN_FIELD);
        if (loginElement != null) {
            filterSettings.put(HttpConstants.LOGIN_FIELD, loginElement.getTextTrim());
        }
        Element passwordElement = authentication.element(HttpConstants.PASSWORD_FIELD);
        if (passwordElement != null) {
            filterSettings.put(HttpConstants.PASSWORD_FIELD, passwordElement.getTextTrim());
        }

        return filterSettings;
    }

    /**
     * @param settings Map which contains filter options
     */
    private void setSettings(Map<String, String> settings) {

        registerProcessPermission = new URLPermission(HttpConstants.REGISTER_PROCESS_URI,
                settings.get(HttpConstants.REGISTER_PROCESS_URI));
        registerURI = settings.get(HttpConstants.REGISTER_URI);
        registerPermission = new URLPermission(HttpConstants.REGISTER_URI, registerURI);

    }

    public Permissions getGrantedPermissions() {

        Permissions alwaysGrantedPermissions = new Permissions();
        alwaysGrantedPermissions.add(getRegisterPermission());
        alwaysGrantedPermissions.add(getRegisterProcessPermission());
        return alwaysGrantedPermissions;
    }

}