Implementação do filtro para tratamento de passagem de credenciais via

autenticação BASIC

Implementação do filtro para tratamento de passagem de credenciais via
autenticação BASIC
Cleverson Sacramento
1 parent c6d910ef
Showing 7 changed files with 255 additions and 18 deletions Show diff stats
impl/core/src/main/java/br/gov/frameworkdemoiselle/transaction/TransactionalInterceptor.java
impl/extension/servlet/pom.xml
impl/extension/servlet/src/main/java/br/gov/frameworkdemoiselle/internal/implementation/BasicAuthenticationFilter.java
impl/extension/servlet/src/main/java/br/gov/frameworkdemoiselle/internal/implementation/HttpServletRequestProducerFilter.java
impl/extension/servlet/src/main/java/br/gov/frameworkdemoiselle/internal/implementation/HttpServletResponseProducerFilter.java
impl/extension/servlet/src/main/java/br/gov/frameworkdemoiselle/internal/implementation/InternalProcessorFilterImpl.java
impl/extension/servlet/src/main/java/br/gov/frameworkdemoiselle/util/ServletFilter.java
@@ -187,7 +187,7 @@ public class TransactionalInterceptor implements Serializable {
 		return logger;
 	}
-	private static class VoidTransactionInfo extends TransactionInfo {
+	static class VoidTransactionInfo extends TransactionInfo {
 		private static final long serialVersionUID = 1L;
@@ -34,7 +34,8 @@
  ou escreva para a Fundação do Software Livre (FSF) Inc.,
  51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA.
 -->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
 	<modelVersion>4.0.0</modelVersion>
@@ -72,6 +73,12 @@
 			<artifactId>javax.servlet-api</artifactId>
 		</dependency>
 		<dependency>
+			<groupId>commons-codec</groupId>
+			<artifactId>commons-codec</artifactId>
+			<version>1.4</version>
+		</dependency>
+
+		<dependency>
 			<groupId>javax.el</groupId>
 			<artifactId>el-api</artifactId>
 			<scope>test</scope>
@@ -0,0 +1,113 @@
+/*
+ * Demoiselle Framework
+ * Copyright (C) 2010 SERPRO
+ * ----------------------------------------------------------------------------
+ * This file is part of Demoiselle Framework.
+ * 
+ * Demoiselle Framework is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License version 3
+ * as published by the Free Software Foundation.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public License version 3
+ * along with this program; if not,  see <http://www.gnu.org/licenses/>
+ * or write to the Free Software Foundation, Inc., 51 Franklin Street,
+ * Fifth Floor, Boston, MA  02110-1301, USA.
+ * ----------------------------------------------------------------------------
+ * Este arquivo é parte do Framework Demoiselle.
+ * 
+ * O Framework Demoiselle é um software livre; você pode redistribuí-lo e/ou
+ * modificá-lo dentro dos termos da GNU LGPL versão 3 como publicada pela Fundação
+ * do Software Livre (FSF).
+ * 
+ * Este programa é distribuído na esperança que possa ser útil, mas SEM NENHUMA
+ * GARANTIA; sem uma garantia implícita de ADEQUAÇÃO a qualquer MERCADO ou
+ * APLICAÇÃO EM PARTICULAR. Veja a Licença Pública Geral GNU/LGPL em português
+ * para maiores detalhes.
+ * 
+ * Você deve ter recebido uma cópia da GNU LGPL versão 3, sob o título
+ * "LICENCA.txt", junto com esse programa. Se não, acesse <http://www.gnu.org/licenses/>
+ * ou escreva para a Fundação do Software Livre (FSF) Inc.,
+ * 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA.
+ */
+package br.gov.frameworkdemoiselle.internal.implementation;
+
+import java.io.IOException;
+import java.util.Arrays;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.commons.codec.binary.Base64;
+
+import br.gov.frameworkdemoiselle.security.AuthenticationException;
+import br.gov.frameworkdemoiselle.security.Credentials;
+import br.gov.frameworkdemoiselle.security.SecurityContext;
+import br.gov.frameworkdemoiselle.util.Beans;
+
+public class BasicAuthenticationFilter implements Filter {
+
+	@Override
+	public void init(FilterConfig filterConfig) throws ServletException {
+	}
+
+	@Override
+	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
+			ServletException {
+
+		String[] basicCredentials = getCredentials((HttpServletRequest) request);
+
+		if (basicCredentials != null) {
+			Credentials credentials = Beans.getReference(Credentials.class);
+			credentials.setUsername(basicCredentials[0]);
+			credentials.setPassword(basicCredentials[1]);
+
+			try {
+				Beans.getReference(SecurityContext.class).login();
+
+			} catch (AuthenticationException cause) {
+				// TODO Informar via logger que a autenticação não foi bem sucedida.
+			}
+		}
+
+		chain.doFilter(request, response);
+	}
+
+	private String getAuthHeader(HttpServletRequest request) {
+		String result = request.getHeader("Authorization");
+		result = (result == null ? request.getHeader("authorization") : result);
+
+		return result;
+	}
+
+	private String[] getCredentials(HttpServletRequest request) {
+		String[] result = null;
+		String header = getAuthHeader(request);
+
+		if (header != null) {
+			byte[] decoded = Base64.decodeBase64(header.substring(6));
+			result = new String(decoded).split(":");
+		}
+
+		if (result != null && Arrays.asList(result).size() != 2) {
+			result = null;
+
+			// TODO Informar via logger que o header Authorization não contém as informações de username e password
+		}
+
+		return result;
+	}
+
+	@Override
+	public void destroy() {
+	}
+}
@@ -0,0 +1,32 @@
+package br.gov.frameworkdemoiselle.internal.implementation;
+
+import java.io.IOException;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+
+import br.gov.frameworkdemoiselle.internal.producer.HttpServletRequestProducer;
+import br.gov.frameworkdemoiselle.util.Beans;
+
+public class HttpServletRequestProducerFilter implements Filter {
+
+	@Override
+	public void init(FilterConfig config) throws ServletException {
+	}
+
+	@Override
+	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
+			ServletException {
+		Beans.getReference(HttpServletRequestProducer.class).setDelegate((HttpServletRequest) request);
+		chain.doFilter(request, response);
+	}
+
+	@Override
+	public void destroy() {
+	}
+}
@@ -0,0 +1,32 @@
+package br.gov.frameworkdemoiselle.internal.implementation;
+
+import java.io.IOException;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletResponse;
+
+import br.gov.frameworkdemoiselle.internal.producer.HttpServletResponseProducer;
+import br.gov.frameworkdemoiselle.util.Beans;
+
+public class HttpServletResponseProducerFilter implements Filter {
+
+	@Override
+	public void init(FilterConfig config) throws ServletException {
+	}
+
+	@Override
+	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
+			ServletException {
+		Beans.getReference(HttpServletResponseProducer.class).setDelegate((HttpServletResponse) response);
+		chain.doFilter(request, response);
+	}
+
+	@Override
+	public void destroy() {
+	}
+}
@@ -0,0 +1,62 @@
+package br.gov.frameworkdemoiselle.internal.implementation;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+
+import br.gov.frameworkdemoiselle.annotation.StaticScoped;
+import br.gov.frameworkdemoiselle.util.ServletFilter.InternalProcessorFilter;
+
+@StaticScoped
+public class InternalProcessorFilterImpl implements InternalProcessorFilter {
+
+	private List<Filter> filters;
+
+	public InternalProcessorFilterImpl() {
+		filters = new ArrayList<Filter>();
+
+		filters.add(new HttpServletRequestProducerFilter());
+		filters.add(new HttpServletResponseProducerFilter());
+		filters.add(new BasicAuthenticationFilter());
+	}
+
+	@Override
+	public void init(FilterConfig config) throws ServletException {
+		for (Filter filter : filters) {
+			filter.init(config);
+		}
+	}
+
+	@Override
+	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
+			ServletException {
+		FilterChain emptyChain = createEmptyChain();
+
+		for (Filter filter : filters) {
+			filter.doFilter(request, response, emptyChain);
+		}
+	}
+
+	@Override
+	public void destroy() {
+		for (Filter filter : filters) {
+			filter.destroy();
+		}
+	}
+
+	private FilterChain createEmptyChain() {
+		return new FilterChain() {
+
+			@Override
+			public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException {
+			}
+		};
+	}
+}
@@ -44,36 +44,27 @@ import javax.servlet.FilterConfig;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import br.gov.frameworkdemoiselle.internal.producer.HttpServletRequestProducer;
-import br.gov.frameworkdemoiselle.internal.producer.HttpServletResponseProducer;
 public class ServletFilter implements Filter {
 	@Override
-	public void init(FilterConfig filterConfig) throws ServletException {
+	public void init(FilterConfig config) throws ServletException {
+		Beans.getReference(InternalProcessorFilter.class).init(config);
 	}
 	@Override
 	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
 			ServletException {
-
-		Beans.getReference(HttpServletRequestProducer.class).setDelegate((HttpServletRequest) request);
-		Beans.getReference(HttpServletResponseProducer.class).setDelegate((HttpServletResponse) response);
-
-		// X509Certificate[] certificates = (X509Certificate[]) ((HttpServletRequest) request)
-		// .getAttribute("javax.servlet.request.X509Certificate");
-		//
-		// for (X509Certificate certificate : certificates) {
-		// System.out.println(certificate.toString());
-		// }
+		Beans.getReference(InternalProcessorFilter.class).doFilter(request, response, chain);
 		chain.doFilter(request, response);
 	}
 	@Override
 	public void destroy() {
+		Beans.getReference(InternalProcessorFilter.class).destroy();
+	}
+
+	public interface InternalProcessorFilter extends Filter {
 	}
 }
	@@ -187,7 +187,7 @@ public class TransactionalInterceptor implements Serializable {		@@ -187,7 +187,7 @@ public class TransactionalInterceptor implements Serializable {
187	return logger;	187	return logger;
188	}	188	}
189		189
190	- private static class VoidTransactionInfo extends TransactionInfo {	190	+ static class VoidTransactionInfo extends TransactionInfo {
191		191
192	private static final long serialVersionUID = 1L;	192	private static final long serialVersionUID = 1L;
193		193
@@ -0,0 +1,113 @@		@@ -0,0 +1,113 @@
	1	+/*
	2	+ * Demoiselle Framework
	3	+ * Copyright (C) 2010 SERPRO
	4	+ * ----------------------------------------------------------------------------
	5	+ * This file is part of Demoiselle Framework.
	6	+ *
	7	+ * Demoiselle Framework is free software; you can redistribute it and/or
	8	+ * modify it under the terms of the GNU Lesser General Public License version 3
	9	+ * as published by the Free Software Foundation.
	10	+ *
	11	+ * This program is distributed in the hope that it will be useful,
	12	+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
	13	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	14	+ * GNU General Public License for more details.
	15	+ *
	16	+ * You should have received a copy of the GNU Lesser General Public License version 3
	17	+ * along with this program; if not, see <http://www.gnu.org/licenses/>
	18	+ * or write to the Free Software Foundation, Inc., 51 Franklin Street,
	19	+ * Fifth Floor, Boston, MA 02110-1301, USA.
	20	+ * ----------------------------------------------------------------------------
	21	+ * Este arquivo é parte do Framework Demoiselle.
	22	+ *
	23	+ * O Framework Demoiselle é um software livre; você pode redistribuí-lo e/ou
	24	+ * modificá-lo dentro dos termos da GNU LGPL versão 3 como publicada pela Fundação
	25	+ * do Software Livre (FSF).
	26	+ *
	27	+ * Este programa é distribuído na esperança que possa ser útil, mas SEM NENHUMA
	28	+ * GARANTIA; sem uma garantia implícita de ADEQUAÇÃO a qualquer MERCADO ou
	29	+ * APLICAÇÃO EM PARTICULAR. Veja a Licença Pública Geral GNU/LGPL em português
	30	+ * para maiores detalhes.
	31	+ *
	32	+ * Você deve ter recebido uma cópia da GNU LGPL versão 3, sob o título
	33	+ * "LICENCA.txt", junto com esse programa. Se não, acesse <http://www.gnu.org/licenses/>
	34	+ * ou escreva para a Fundação do Software Livre (FSF) Inc.,
	35	+ * 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA.
	36	+ */
	37	+package br.gov.frameworkdemoiselle.internal.implementation;
	38	+
	39	+import java.io.IOException;
	40	+import java.util.Arrays;
	41	+
	42	+import javax.servlet.Filter;
	43	+import javax.servlet.FilterChain;
	44	+import javax.servlet.FilterConfig;
	45	+import javax.servlet.ServletException;
	46	+import javax.servlet.ServletRequest;
	47	+import javax.servlet.ServletResponse;
	48	+import javax.servlet.http.HttpServletRequest;
	49	+
	50	+import org.apache.commons.codec.binary.Base64;
	51	+
	52	+import br.gov.frameworkdemoiselle.security.AuthenticationException;
	53	+import br.gov.frameworkdemoiselle.security.Credentials;
	54	+import br.gov.frameworkdemoiselle.security.SecurityContext;
	55	+import br.gov.frameworkdemoiselle.util.Beans;
	56	+
	57	+public class BasicAuthenticationFilter implements Filter {
	58	+
	59	+ @Override
	60	+ public void init(FilterConfig filterConfig) throws ServletException {
	61	+ }
	62	+
	63	+ @Override
	64	+ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
	65	+ ServletException {
	66	+
	67	+ String[] basicCredentials = getCredentials((HttpServletRequest) request);
	68	+
	69	+ if (basicCredentials != null) {
	70	+ Credentials credentials = Beans.getReference(Credentials.class);
	71	+ credentials.setUsername(basicCredentials[0]);
	72	+ credentials.setPassword(basicCredentials[1]);
	73	+
	74	+ try {
	75	+ Beans.getReference(SecurityContext.class).login();
	76	+
	77	+ } catch (AuthenticationException cause) {
	78	+ // TODO Informar via logger que a autenticação não foi bem sucedida.
	79	+ }
	80	+ }
	81	+
	82	+ chain.doFilter(request, response);
	83	+ }
	84	+
	85	+ private String getAuthHeader(HttpServletRequest request) {
	86	+ String result = request.getHeader("Authorization");
	87	+ result = (result == null ? request.getHeader("authorization") : result);
	88	+
	89	+ return result;
	90	+ }
	91	+
	92	+ private String[] getCredentials(HttpServletRequest request) {
	93	+ String[] result = null;
	94	+ String header = getAuthHeader(request);
	95	+
	96	+ if (header != null) {
	97	+ byte[] decoded = Base64.decodeBase64(header.substring(6));
	98	+ result = new String(decoded).split(":");
	99	+ }
	100	+
	101	+ if (result != null && Arrays.asList(result).size() != 2) {
	102	+ result = null;
	103	+
	104	+ // TODO Informar via logger que o header Authorization não contém as informações de username e password
	105	+ }
	106	+
	107	+ return result;
	108	+ }
	109	+
	110	+ @Override
	111	+ public void destroy() {
	112	+ }
	113	+}
@@ -0,0 +1,32 @@		@@ -0,0 +1,32 @@
	1	+package br.gov.frameworkdemoiselle.internal.implementation;
	2	+
	3	+import java.io.IOException;
	4	+
	5	+import javax.servlet.Filter;
	6	+import javax.servlet.FilterChain;
	7	+import javax.servlet.FilterConfig;
	8	+import javax.servlet.ServletException;
	9	+import javax.servlet.ServletRequest;
	10	+import javax.servlet.ServletResponse;
	11	+import javax.servlet.http.HttpServletRequest;
	12	+
	13	+import br.gov.frameworkdemoiselle.internal.producer.HttpServletRequestProducer;
	14	+import br.gov.frameworkdemoiselle.util.Beans;
	15	+
	16	+public class HttpServletRequestProducerFilter implements Filter {
	17	+
	18	+ @Override
	19	+ public void init(FilterConfig config) throws ServletException {
	20	+ }
	21	+
	22	+ @Override
	23	+ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
	24	+ ServletException {
	25	+ Beans.getReference(HttpServletRequestProducer.class).setDelegate((HttpServletRequest) request);
	26	+ chain.doFilter(request, response);
	27	+ }
	28	+
	29	+ @Override
	30	+ public void destroy() {
	31	+ }
	32	+}
@@ -0,0 +1,62 @@		@@ -0,0 +1,62 @@
	1	+package br.gov.frameworkdemoiselle.internal.implementation;
	2	+
	3	+import java.io.IOException;
	4	+import java.util.ArrayList;
	5	+import java.util.List;
	6	+
	7	+import javax.servlet.Filter;
	8	+import javax.servlet.FilterChain;
	9	+import javax.servlet.FilterConfig;
	10	+import javax.servlet.ServletException;
	11	+import javax.servlet.ServletRequest;
	12	+import javax.servlet.ServletResponse;
	13	+
	14	+import br.gov.frameworkdemoiselle.annotation.StaticScoped;
	15	+import br.gov.frameworkdemoiselle.util.ServletFilter.InternalProcessorFilter;
	16	+
	17	+@StaticScoped
	18	+public class InternalProcessorFilterImpl implements InternalProcessorFilter {
	19	+
	20	+ private List<Filter> filters;
	21	+
	22	+ public InternalProcessorFilterImpl() {
	23	+ filters = new ArrayList<Filter>();
	24	+
	25	+ filters.add(new HttpServletRequestProducerFilter());
	26	+ filters.add(new HttpServletResponseProducerFilter());
	27	+ filters.add(new BasicAuthenticationFilter());
	28	+ }
	29	+
	30	+ @Override
	31	+ public void init(FilterConfig config) throws ServletException {
	32	+ for (Filter filter : filters) {
	33	+ filter.init(config);
	34	+ }
	35	+ }
	36	+
	37	+ @Override
	38	+ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
	39	+ ServletException {
	40	+ FilterChain emptyChain = createEmptyChain();
	41	+
	42	+ for (Filter filter : filters) {
	43	+ filter.doFilter(request, response, emptyChain);
	44	+ }
	45	+ }
	46	+
	47	+ @Override
	48	+ public void destroy() {
	49	+ for (Filter filter : filters) {
	50	+ filter.destroy();
	51	+ }
	52	+ }
	53	+
	54	+ private FilterChain createEmptyChain() {
	55	+ return new FilterChain() {
	56	+
	57	+ @Override
	58	+ public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException {
	59	+ }
	60	+ };
	61	+ }
	62	+}