Ajustes no filtro de autenticação Basic

Luciano Borges
1 parent 5a02fdef
Showing 2 changed files with 24 additions and 74 deletions Show diff stats
impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/security/BasicAuthFilter.java
impl/extension/rest/src/main/resources/META-INF/web-fragment.xml
@@ -36,98 +36,41 @@
  */
 package br.gov.frameworkdemoiselle.security;
  
-import static javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED;
-
-import java.io.IOException;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
  
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
 import org.apache.commons.codec.binary.Base64;
  
-import br.gov.frameworkdemoiselle.security.AuthenticationException;
-import br.gov.frameworkdemoiselle.security.Credentials;
-import br.gov.frameworkdemoiselle.security.InvalidCredentialsException;
-import br.gov.frameworkdemoiselle.security.SecurityContext;
 import br.gov.frameworkdemoiselle.util.Beans;
+import br.gov.frameworkdemoiselle.util.Strings;
  
-public class BasicAuthFilter implements Filter {
+public class BasicAuthFilter extends AbstractHTTPAuthorizationFilter {
  
-	@Override
-	public void init(FilterConfig filterConfig) throws ServletException {
-	}
+	private String header;
  
 	@Override
-	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
-			ServletException {
-//		if (request instanceof HttpServletRequest && ((HttpServletRequest) request).getUserPrincipal() == null) {
-//			tryLogin((HttpServletRequest) request, (HttpServletResponse) response, chain);
-//		} else {
-			chain.doFilter(request, response);
-//		}
-	}
-
-	private void tryLogin(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
-			throws IOException, ServletException {
-		try {
-			boolean isLoggedIn = performLogin(getAuthHeader(request), request);
-
-			chain.doFilter(request, response);
-
-			if (isLoggedIn) {
-				performLogout();
-			}
-
-		} catch (InvalidCredentialsException cause) {
-			setUnauthorizedStatus(response, cause);
-		}
+	protected boolean isSupported(String authHeader) {
+		header = authHeader;
+		return !Strings.isEmpty(header);
 	}
  
-	private boolean performLogin(String header, HttpServletRequest request) {
-		boolean result = false;
-		SecurityContext securityContext = Beans.getReference(SecurityContext.class);
-
+	@Override
+	protected void prepareForLogin() {
 		if (header != null) {
 			String[] basicCredentials = getCredentials(header);
  
 			Credentials credentials = Beans.getReference(Credentials.class);
 			credentials.setUsername(basicCredentials[0]);
 			credentials.setPassword(basicCredentials[1]);
-
-			securityContext.login();
-			result = securityContext.isLoggedIn();
 		}
-
-		return result;
 	}
  
-	private void performLogout() {
-		Beans.getReference(SecurityContext.class).logout();
-	}
-
-	private void setUnauthorizedStatus(HttpServletResponse response, AuthenticationException cause) throws IOException {
-		response.setStatus(SC_UNAUTHORIZED);
-		response.setContentType("text/html");
-
-		response.getWriter().write(cause.getMessage());
-		response.getWriter().flush();
-		response.getWriter().close();
-	}
-
-	private String getAuthHeader(HttpServletRequest request) {
-		String result = request.getHeader("Authorization");
-		return (result == null ? request.getHeader("authorization") : result);
+	@Override
+	protected void prepareForLogout() {
 	}
  
-	private static String[] getCredentials(String header) throws InvalidCredentialsException {
+	private static String[] getCredentials(String header)
+			throws InvalidCredentialsException {
 		String[] result = null;
  
 		String regexp = "^Basic[ \\n]+(.+)$";
@@ -140,13 +83,11 @@ public class BasicAuthFilter implements Filter {
 		}
  
 		if (result == null || result.length != 2) {
-			throw new InvalidCredentialsException("Formato inválido do cabeçalho");
+			throw new InvalidCredentialsException(
+					"Formato inválido do cabeçalho");
 		}
  
 		return result;
 	}
  
-	@Override
-	public void destroy() {
-	}
-}
+}
 \ No newline at end of file
@@ -41,6 +41,15 @@
 	<name>demoiselle_rest</name>
  
 	<filter>
+		<filter-name>Demoiselle BasicAuth Filter</filter-name>
+		<filter-class>br.gov.frameworkdemoiselle.security.BasicAuthFilter</filter-class>
+	</filter>
+	<filter-mapping>
+		<filter-name>Demoiselle BasicAuth Filter</filter-name>
+		<url-pattern>/*</url-pattern>
+	</filter-mapping>
+
+	<filter>
 		<filter-name>Demoiselle Token Auth Filter</filter-name>
 		<filter-class>br.gov.frameworkdemoiselle.security.TokenAuthFilter</filter-class>
 	</filter>
...	...	@@ -36,98 +36,41 @@
36	36	*/
37	37	package br.gov.frameworkdemoiselle.security;
38	38
39		-import static javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED;
40		-
41		-import java.io.IOException;
42	39	import java.util.regex.Matcher;
43	40	import java.util.regex.Pattern;
44	41
45		-import javax.servlet.Filter;
46		-import javax.servlet.FilterChain;
47		-import javax.servlet.FilterConfig;
48		-import javax.servlet.ServletException;
49		-import javax.servlet.ServletRequest;
50		-import javax.servlet.ServletResponse;
51		-import javax.servlet.http.HttpServletRequest;
52		-import javax.servlet.http.HttpServletResponse;
53		-
54	42	import org.apache.commons.codec.binary.Base64;
55	43
56		-import br.gov.frameworkdemoiselle.security.AuthenticationException;
57		-import br.gov.frameworkdemoiselle.security.Credentials;
58		-import br.gov.frameworkdemoiselle.security.InvalidCredentialsException;
59		-import br.gov.frameworkdemoiselle.security.SecurityContext;
60	44	import br.gov.frameworkdemoiselle.util.Beans;
	45	+import br.gov.frameworkdemoiselle.util.Strings;
61	46
62		-public class BasicAuthFilter implements Filter {
	47	+public class BasicAuthFilter extends AbstractHTTPAuthorizationFilter {
63	48
64		- @Override
65		- public void init(FilterConfig filterConfig) throws ServletException {
66		- }
	49	+ private String header;
67	50
68	51	@Override
69		- public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
70		- ServletException {
71		-// if (request instanceof HttpServletRequest && ((HttpServletRequest) request).getUserPrincipal() == null) {
72		-// tryLogin((HttpServletRequest) request, (HttpServletResponse) response, chain);
73		-// } else {
74		- chain.doFilter(request, response);
75		-// }
76		- }
77		-
78		- private void tryLogin(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
79		- throws IOException, ServletException {
80		- try {
81		- boolean isLoggedIn = performLogin(getAuthHeader(request), request);
82		-
83		- chain.doFilter(request, response);
84		-
85		- if (isLoggedIn) {
86		- performLogout();
87		- }
88		-
89		- } catch (InvalidCredentialsException cause) {
90		- setUnauthorizedStatus(response, cause);
91		- }
	52	+ protected boolean isSupported(String authHeader) {
	53	+ header = authHeader;
	54	+ return !Strings.isEmpty(header);
92	55	}
93	56
94		- private boolean performLogin(String header, HttpServletRequest request) {
95		- boolean result = false;
96		- SecurityContext securityContext = Beans.getReference(SecurityContext.class);
97		-
	57	+ @Override
	58	+ protected void prepareForLogin() {
98	59	if (header != null) {
99	60	String[] basicCredentials = getCredentials(header);
100	61
101	62	Credentials credentials = Beans.getReference(Credentials.class);
102	63	credentials.setUsername(basicCredentials[0]);
103	64	credentials.setPassword(basicCredentials[1]);
104		-
105		- securityContext.login();
106		- result = securityContext.isLoggedIn();
107	65	}
108		-
109		- return result;
110	66	}
111	67
112		- private void performLogout() {
113		- Beans.getReference(SecurityContext.class).logout();
114		- }
115		-
116		- private void setUnauthorizedStatus(HttpServletResponse response, AuthenticationException cause) throws IOException {
117		- response.setStatus(SC_UNAUTHORIZED);
118		- response.setContentType("text/html");
119		-
120		- response.getWriter().write(cause.getMessage());
121		- response.getWriter().flush();
122		- response.getWriter().close();
123		- }
124		-
125		- private String getAuthHeader(HttpServletRequest request) {
126		- String result = request.getHeader("Authorization");
127		- return (result == null ? request.getHeader("authorization") : result);
	68	+ @Override
	69	+ protected void prepareForLogout() {
128	70	}
129	71
130		- private static String[] getCredentials(String header) throws InvalidCredentialsException {
	72	+ private static String[] getCredentials(String header)
	73	+ throws InvalidCredentialsException {
131	74	String[] result = null;
132	75
133	76	String regexp = "^Basic[ \\n]+(.+)$";
...	...	@@ -140,13 +83,11 @@ public class BasicAuthFilter implements Filter {
140	83	}
141	84
142	85	if (result == null \|\| result.length != 2) {
143		- throw new InvalidCredentialsException("Formato inválido do cabeçalho");
	86	+ throw new InvalidCredentialsException(
	87	+ "Formato inválido do cabeçalho");
144	88	}
145	89
146	90	return result;
147	91	}
148	92
149		- @Override
150		- public void destroy() {
151		- }
152		-}
	93	+}
153	94	\ No newline at end of file
...	...
...	...	@@ -41,6 +41,15 @@
41	41	<name>demoiselle_rest</name>
42	42
43	43	<filter>
	44	+ <filter-name>Demoiselle BasicAuth Filter</filter-name>
	45	+ <filter-class>br.gov.frameworkdemoiselle.security.BasicAuthFilter</filter-class>
	46	+ </filter>
	47	+ <filter-mapping>
	48	+ <filter-name>Demoiselle BasicAuth Filter</filter-name>
	49	+ <url-pattern>/*</url-pattern>
	50	+ </filter-mapping>
	51	+
	52	+ <filter>
44	53	<filter-name>Demoiselle Token Auth Filter</filter-name>
45	54	<filter-class>br.gov.frameworkdemoiselle.security.TokenAuthFilter</filter-class>
46	55	</filter>
...	...