Ajustes no filtro de autenticação Basic

Luciano Borges
1 parent 5a02fdef
Showing 2 changed files with 24 additions and 74 deletions Show diff stats
impl/extension/rest/src/main/java/br/gov/frameworkdemoiselle/security/BasicAuthFilter.java
impl/extension/rest/src/main/resources/META-INF/web-fragment.xml
@@ -36,98 +36,41 @@
  */
 package br.gov.frameworkdemoiselle.security;
-import static javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED;
-
-import java.io.IOException;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
 import org.apache.commons.codec.binary.Base64;
-import br.gov.frameworkdemoiselle.security.AuthenticationException;
-import br.gov.frameworkdemoiselle.security.Credentials;
-import br.gov.frameworkdemoiselle.security.InvalidCredentialsException;
-import br.gov.frameworkdemoiselle.security.SecurityContext;
 import br.gov.frameworkdemoiselle.util.Beans;
+import br.gov.frameworkdemoiselle.util.Strings;
-public class BasicAuthFilter implements Filter {
+public class BasicAuthFilter extends AbstractHTTPAuthorizationFilter {
-	@Override
-	public void init(FilterConfig filterConfig) throws ServletException {
-	}
+	private String header;
 	@Override
-	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
-			ServletException {
-//		if (request instanceof HttpServletRequest && ((HttpServletRequest) request).getUserPrincipal() == null) {
-//			tryLogin((HttpServletRequest) request, (HttpServletResponse) response, chain);
-//		} else {
-			chain.doFilter(request, response);
-//		}
-	}
-
-	private void tryLogin(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
-			throws IOException, ServletException {
-		try {
-			boolean isLoggedIn = performLogin(getAuthHeader(request), request);
-
-			chain.doFilter(request, response);
-
-			if (isLoggedIn) {
-				performLogout();
-			}
-
-		} catch (InvalidCredentialsException cause) {
-			setUnauthorizedStatus(response, cause);
-		}
+	protected boolean isSupported(String authHeader) {
+		header = authHeader;
+		return !Strings.isEmpty(header);
 	}
-	private boolean performLogin(String header, HttpServletRequest request) {
-		boolean result = false;
-		SecurityContext securityContext = Beans.getReference(SecurityContext.class);
-
+	@Override
+	protected void prepareForLogin() {
 		if (header != null) {
 			String[] basicCredentials = getCredentials(header);
 			Credentials credentials = Beans.getReference(Credentials.class);
 			credentials.setUsername(basicCredentials[0]);
 			credentials.setPassword(basicCredentials[1]);
-
-			securityContext.login();
-			result = securityContext.isLoggedIn();
 		}
-
-		return result;
 	}
-	private void performLogout() {
-		Beans.getReference(SecurityContext.class).logout();
-	}
-
-	private void setUnauthorizedStatus(HttpServletResponse response, AuthenticationException cause) throws IOException {
-		response.setStatus(SC_UNAUTHORIZED);
-		response.setContentType("text/html");
-
-		response.getWriter().write(cause.getMessage());
-		response.getWriter().flush();
-		response.getWriter().close();
-	}
-
-	private String getAuthHeader(HttpServletRequest request) {
-		String result = request.getHeader("Authorization");
-		return (result == null ? request.getHeader("authorization") : result);
+	@Override
+	protected void prepareForLogout() {
 	}
-	private static String[] getCredentials(String header) throws InvalidCredentialsException {
+	private static String[] getCredentials(String header)
+			throws InvalidCredentialsException {
 		String[] result = null;
 		String regexp = "^Basic[ \\n]+(.+)$";
@@ -140,13 +83,11 @@ public class BasicAuthFilter implements Filter {
 		}
 		if (result == null || result.length != 2) {
-			throw new InvalidCredentialsException("Formato inválido do cabeçalho");
+			throw new InvalidCredentialsException(
+					"Formato inválido do cabeçalho");
 		}
 		return result;
 	}
-	@Override
-	public void destroy() {
-	}
-}
+}
 \ No newline at end of file
@@ -41,6 +41,15 @@
 	<name>demoiselle_rest</name>
 	<filter>
+		<filter-name>Demoiselle BasicAuth Filter</filter-name>
+		<filter-class>br.gov.frameworkdemoiselle.security.BasicAuthFilter</filter-class>
+	</filter>
+	<filter-mapping>
+		<filter-name>Demoiselle BasicAuth Filter</filter-name>
+		<url-pattern>/*</url-pattern>
+	</filter-mapping>
+
+	<filter>
 		<filter-name>Demoiselle Token Auth Filter</filter-name>
 		<filter-class>br.gov.frameworkdemoiselle.security.TokenAuthFilter</filter-class>
 	</filter>
	@@ -36,98 +36,41 @@		@@ -36,98 +36,41 @@
36	*/	36	*/
37	package br.gov.frameworkdemoiselle.security;	37	package br.gov.frameworkdemoiselle.security;
38		38
39	-import static javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED;
40	-
41	-import java.io.IOException;
42	import java.util.regex.Matcher;	39	import java.util.regex.Matcher;
43	import java.util.regex.Pattern;	40	import java.util.regex.Pattern;
44		41
45	-import javax.servlet.Filter;
46	-import javax.servlet.FilterChain;
47	-import javax.servlet.FilterConfig;
48	-import javax.servlet.ServletException;
49	-import javax.servlet.ServletRequest;
50	-import javax.servlet.ServletResponse;
51	-import javax.servlet.http.HttpServletRequest;
52	-import javax.servlet.http.HttpServletResponse;
53	-
54	import org.apache.commons.codec.binary.Base64;	42	import org.apache.commons.codec.binary.Base64;
55		43
56	-import br.gov.frameworkdemoiselle.security.AuthenticationException;
57	-import br.gov.frameworkdemoiselle.security.Credentials;
58	-import br.gov.frameworkdemoiselle.security.InvalidCredentialsException;
59	-import br.gov.frameworkdemoiselle.security.SecurityContext;
60	import br.gov.frameworkdemoiselle.util.Beans;	44	import br.gov.frameworkdemoiselle.util.Beans;
		45	+import br.gov.frameworkdemoiselle.util.Strings;
61		46
62	-public class BasicAuthFilter implements Filter {	47	+public class BasicAuthFilter extends AbstractHTTPAuthorizationFilter {
63		48
64	- @Override
65	- public void init(FilterConfig filterConfig) throws ServletException {
66	- }	49	+ private String header;
67		50
68	@Override	51	@Override
69	- public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
70	- ServletException {
71	-// if (request instanceof HttpServletRequest && ((HttpServletRequest) request).getUserPrincipal() == null) {
72	-// tryLogin((HttpServletRequest) request, (HttpServletResponse) response, chain);
73	-// } else {
74	- chain.doFilter(request, response);
75	-// }
76	- }
77	-
78	- private void tryLogin(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
79	- throws IOException, ServletException {
80	- try {
81	- boolean isLoggedIn = performLogin(getAuthHeader(request), request);
82	-
83	- chain.doFilter(request, response);
84	-
85	- if (isLoggedIn) {
86	- performLogout();
87	- }
88	-
89	- } catch (InvalidCredentialsException cause) {
90	- setUnauthorizedStatus(response, cause);
91	- }	52	+ protected boolean isSupported(String authHeader) {
		53	+ header = authHeader;
		54	+ return !Strings.isEmpty(header);
92	}	55	}
93		56
94	- private boolean performLogin(String header, HttpServletRequest request) {
95	- boolean result = false;
96	- SecurityContext securityContext = Beans.getReference(SecurityContext.class);
97	-	57	+ @Override
		58	+ protected void prepareForLogin() {
98	if (header != null) {	59	if (header != null) {
99	String[] basicCredentials = getCredentials(header);	60	String[] basicCredentials = getCredentials(header);
100		61
101	Credentials credentials = Beans.getReference(Credentials.class);	62	Credentials credentials = Beans.getReference(Credentials.class);
102	credentials.setUsername(basicCredentials[0]);	63	credentials.setUsername(basicCredentials[0]);
103	credentials.setPassword(basicCredentials[1]);	64	credentials.setPassword(basicCredentials[1]);
104	-
105	- securityContext.login();
106	- result = securityContext.isLoggedIn();
107	}	65	}
108	-
109	- return result;
110	}	66	}
111		67
112	- private void performLogout() {
113	- Beans.getReference(SecurityContext.class).logout();
114	- }
115	-
116	- private void setUnauthorizedStatus(HttpServletResponse response, AuthenticationException cause) throws IOException {
117	- response.setStatus(SC_UNAUTHORIZED);
118	- response.setContentType("text/html");
119	-
120	- response.getWriter().write(cause.getMessage());
121	- response.getWriter().flush();
122	- response.getWriter().close();
123	- }
124	-
125	- private String getAuthHeader(HttpServletRequest request) {
126	- String result = request.getHeader("Authorization");
127	- return (result == null ? request.getHeader("authorization") : result);	68	+ @Override
		69	+ protected void prepareForLogout() {
128	}	70	}
129		71
130	- private static String[] getCredentials(String header) throws InvalidCredentialsException {	72	+ private static String[] getCredentials(String header)
		73	+ throws InvalidCredentialsException {
131	String[] result = null;	74	String[] result = null;
132		75
133	String regexp = "^Basic[ \\n]+(.+)$";	76	String regexp = "^Basic[ \\n]+(.+)$";
	@@ -140,13 +83,11 @@ public class BasicAuthFilter implements Filter {		@@ -140,13 +83,11 @@ public class BasicAuthFilter implements Filter {
140	}	83	}
141		84
142	if (result == null \|\| result.length != 2) {	85	if (result == null \|\| result.length != 2) {
143	- throw new InvalidCredentialsException("Formato inválido do cabeçalho");	86	+ throw new InvalidCredentialsException(
		87	+ "Formato inválido do cabeçalho");
144	}	88	}
145		89
146	return result;	90	return result;
147	}	91	}
148		92
149	- @Override
150	- public void destroy() {
151	- }
152	-}	93	+}
153	\ No newline at end of file	94	\ No newline at end of file
	@@ -41,6 +41,15 @@		@@ -41,6 +41,15 @@
41	<name>demoiselle_rest</name>	41	<name>demoiselle_rest</name>
42		42
43	<filter>	43	<filter>
		44	+ <filter-name>Demoiselle BasicAuth Filter</filter-name>
		45	+ <filter-class>br.gov.frameworkdemoiselle.security.BasicAuthFilter</filter-class>
		46	+ </filter>
		47	+ <filter-mapping>
		48	+ <filter-name>Demoiselle BasicAuth Filter</filter-name>
		49	+ <url-pattern>/*</url-pattern>
		50	+ </filter-mapping>
		51	+
		52	+ <filter>
44	<filter-name>Demoiselle Token Auth Filter</filter-name>	53	<filter-name>Demoiselle Token Auth Filter</filter-name>
45	<filter-class>br.gov.frameworkdemoiselle.security.TokenAuthFilter</filter-class>	54	<filter-class>br.gov.frameworkdemoiselle.security.TokenAuthFilter</filter-class>
46	</filter>	55	</filter>