Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
/*
************************************************************************
******************* CANADIAN ASTRONOMY DATA CENTRE *******************
************** CENTRE CANADIEN DE DONNÉES ASTRONOMIQUES **************
*
* (c) 2014. (c) 2014.
* Government of Canada Gouvernement du Canada
* National Research Council Conseil national de recherches
* Ottawa, Canada, K1A 0R6 Ottawa, Canada, K1A 0R6
* All rights reserved Tous droits réservés
*
* NRC disclaims any warranties, Le CNRC dénie toute garantie
* expressed, implied, or énoncée, implicite ou légale,
* statutory, of any kind with de quelque nature que ce
* respect to the software, soit, concernant le logiciel,
* including without limitation y compris sans restriction
* any warranty of merchantability toute garantie de valeur
* or fitness for a particular marchande ou de pertinence
* purpose. NRC shall not be pour un usage particulier.
* liable in any event for any Le CNRC ne pourra en aucun cas
* damages, whether direct or être tenu responsable de tout
* indirect, special or general, dommage, direct ou indirect,
* consequential or incidental, particulier ou général,
* arising from the use of the accessoire ou fortuit, résultant
* software. Neither the name de l'utilisation du logiciel. Ni
* of the National Research le nom du Conseil National de
* Council of Canada nor the Recherches du Canada ni les noms
* names of its contributors may de ses participants ne peuvent
* be used to endorse or promote être utilisés pour approuver ou
* products derived from this promouvoir les produits dérivés
* software without specific prior de ce logiciel sans autorisation
* written permission. préalable et particulière
* par écrit.
*
* This file is part of the Ce fichier fait partie du projet
* OpenCADC project. OpenCADC.
*
* OpenCADC is free software: OpenCADC est un logiciel libre ;
* you can redistribute it and/or vous pouvez le redistribuer ou le
* modify it under the terms of modifier suivant les termes de
* the GNU Affero General Public la “GNU Affero General Public
* License as published by the License” telle que publiée
* Free Software Foundation, par la Free Software Foundation
* either version 3 of the : soit la version 3 de cette
* License, or (at your option) licence, soit (à votre gré)
* any later version. toute version ultérieure.
*
* OpenCADC is distributed in the OpenCADC est distribué
* hope that it will be useful, dans l’espoir qu’il vous
* but WITHOUT ANY WARRANTY; sera utile, mais SANS AUCUNE
* without even the implied GARANTIE : sans même la garantie
* warranty of MERCHANTABILITY implicite de COMMERCIALISABILITÉ
* or FITNESS FOR A PARTICULAR ni d’ADÉQUATION À UN OBJECTIF
* PURPOSE. See the GNU Affero PARTICULIER. Consultez la Licence
* General Public License for Générale Publique GNU Affero
* more details. pour plus de détails.
*
* You should have received Vous devriez avoir reçu une
* a copy of the GNU Affero copie de la Licence Générale
* General Public License along Publique GNU Affero avec
* with OpenCADC. If not, see OpenCADC ; si ce n’est
* <http://www.gnu.org/licenses/>. pas le cas, consultez :
* <http://www.gnu.org/licenses/>.
*
* $Revision: 4 $
*
************************************************************************
*/
package ca.nrc.cadc.ac.server.web;
import java.io.IOException;
import java.net.URI;
import java.security.AccessControlException;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
Alinga Yeung
committed
import java.util.ArrayList;
import java.util.Calendar;
import java.util.GregorianCalendar;
Alinga Yeung
committed
import java.util.List;
import java.util.Set;
import java.util.TimeZone;
import javax.security.auth.Subject;
import javax.security.auth.x500.X500Principal;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
import ca.nrc.cadc.ac.User;
import ca.nrc.cadc.ac.UserAlreadyExistsException;
import ca.nrc.cadc.ac.UserNotFoundException;
import ca.nrc.cadc.ac.server.ACScopeValidator;
import ca.nrc.cadc.ac.server.PluginFactory;
import ca.nrc.cadc.ac.server.UserPersistence;
import ca.nrc.cadc.auth.AuthenticationUtil;
import ca.nrc.cadc.auth.DelegationToken;
import ca.nrc.cadc.auth.HttpPrincipal;
import ca.nrc.cadc.auth.ServletPrincipalExtractor;
import ca.nrc.cadc.log.ServletLogInfo;
import ca.nrc.cadc.net.TransientException;
import ca.nrc.cadc.util.StringUtil;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
/**
* Servlet to handle password resets. Passwords are an integral part of the
* access control system and are handled differently to accommodate stricter
* guidelines.
* This servlet handles GET and POST only. It relies on the Subject being set higher
* up by the AccessControlFilter as configured in the web descriptor.
*/
public class ResetPasswordServlet extends HttpServlet
{
private static final Logger log = Logger.getLogger(ResetPasswordServlet.class);
Alinga Yeung
committed
List<Subject> privilegedSubjects;
UserPersistence userPersistence;
/**
* Servlet initialization method.
*
* <p>
* Receives the servlet configuration object and initializes UserPersistence
* using input parameters read from it. Users who do augment
* subject calls are constructed by taking the principals out of the ServletConfig
* input parameter.
*
* <p>
* The ResetPasswordServlet configuration in the web deployment descriptor file
* <code>web.xml</code> must have two input parameters:
* <ul>
* <li><code>ca.nrc.cadc.ac.server.web.ResetPasswordServlet.PrivilegedX500Principals</code>
* is a list of trusted administrators DNs. It is a multi-line list with
* line breaks between the trusted DNs and each DN eclosed in double quotes.</li>
* <li><code>ca.nrc.cadc.ac.server.web.ResetPasswordServlet.PrivilegedHttpPrincipals</code>
* is a list of space separated userids (HTTP identities) corresponding
* </ul>
* The two lists of principal names must be of the same
* length and correspond to each other in order.
*
* @param config The servlet configuration object.
* @param response The HTTP Response.
*
* @throws javax.servlet.ServletException For general Servlet exceptions.
*/
@Override
public void init(final ServletConfig config) throws ServletException
{
super.init(config);
Alinga Yeung
committed
try
{
String x500Users = config.getInitParameter(ResetPasswordServlet.class.getName() + ".PrivilegedX500Principals");
log.debug("privilegedX500Users: " + x500Users);
String httpUsers = config.getInitParameter(ResetPasswordServlet.class.getName() + ".PrivilegedHttpPrincipals");
log.debug("privilegedHttpUsers: " + httpUsers);
List<String> x500List = new ArrayList<String>();
List<String> httpList = new ArrayList<String>();
Alinga Yeung
committed
if (x500Users != null && httpUsers != null)
{
Pattern pattern = Pattern.compile("([^\"]\\S*|\".+?\")\\s*");
Matcher x500Matcher = pattern.matcher(x500Users);
Matcher httpMatcher = pattern.matcher(httpUsers);
Alinga Yeung
committed
while (x500Matcher.find())
{
String next = x500Matcher.group(1);
x500List.add(next.replace("\"", ""));
}
while (httpMatcher.find())
{
String next = httpMatcher.group(1);
httpList.add(next.replace("\"", ""));
}
if (x500List.size() != httpList.size())
{
throw new RuntimeException("Init exception: Lists of augment subject principals not equivalent in length");
}
privilegedSubjects = new ArrayList<Subject>(x500Users.length());
for (int i=0; i<x500List.size(); i++)
{
Subject s = new Subject();
s.getPrincipals().add(new X500Principal(x500List.get(i)));
s.getPrincipals().add(new HttpPrincipal(httpList.get(i)));
privilegedSubjects.add(s);
}
}
else
{
log.warn("No Privileged users configured.");
Alinga Yeung
committed
}
PluginFactory pluginFactory = new PluginFactory();
userPersistence = pluginFactory.createUserPersistence();
}
catch (Throwable t)
{
log.fatal("Error initializing group persistence", t);
throw new ExceptionInInitializerError(t);
}
}
Alinga Yeung
committed
protected boolean isPrivilegedSubject(final HttpServletRequest request)
{
Alinga Yeung
committed
if (privilegedSubjects == null || privilegedSubjects.isEmpty())
{
return false;
}
Alinga Yeung
committed
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
ServletPrincipalExtractor extractor = new ServletPrincipalExtractor(request);
Set<Principal> principals = extractor.getPrincipals();
for (Principal principal : principals)
{
if (principal instanceof X500Principal)
{
for (Subject s : privilegedSubjects)
{
Set<X500Principal> x500Principals = s.getPrincipals(X500Principal.class);
for (X500Principal p2 : x500Principals)
{
if (p2.getName().equalsIgnoreCase(principal.getName()))
{
return true;
}
}
}
}
if (principal instanceof HttpPrincipal)
{
for (Subject s : privilegedSubjects)
{
Set<HttpPrincipal> httpPrincipals = s.getPrincipals(HttpPrincipal.class);
for (HttpPrincipal p2 : httpPrincipals)
{
if (p2.getName().equalsIgnoreCase(principal.getName()))
{
return true;
}
}
}
}
}
return false;
Alinga Yeung
committed
* Handle a /ac GET operation. The subject provided is expected to be a privileged user.
*
* @param request The HTTP Request.
* @param response The HTTP Response.
* @throws ServletException Anything goes wrong at the Servlet level.
* @throws IOException Any reading/writing errors.
*/
@Override
protected void doGet(final HttpServletRequest request,
final HttpServletResponse response)
throws ServletException, IOException
{
final long start = System.currentTimeMillis();
final ServletLogInfo logInfo = new ServletLogInfo(request);
log.info(logInfo.start());
try
{
final Subject subject = getSubject(request);
Alinga Yeung
committed
logInfo.setSubject(subject);
if ((subject == null) || (subject.getPrincipals().isEmpty()))
Alinga Yeung
committed
logInfo.setMessage("Unauthorized subject");
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
}
else
{
Alinga Yeung
committed
if (isPrivilegedSubject(request))
Alinga Yeung
committed
String token = (String) Subject.doAs(subject, new PrivilegedExceptionAction<Object>()
Alinga Yeung
committed
public Object run() throws Exception
Alinga Yeung
committed
String emailAddress = request.getParameter("emailAddress");
if (StringUtil.hasText(emailAddress))
{
User user = userPersistence.getUserByEmailAddress(emailAddress);
HttpPrincipal userID = (HttpPrincipal) user.getHttpPrincipal();
Alinga Yeung
committed
URI scopeURI = new URI(ACScopeValidator.RESET_PASSWORD_SCOPE);
int duration = 24; // hours
Calendar expiry = new GregorianCalendar(TimeZone.getTimeZone("UTC"));
expiry.add(Calendar.HOUR, duration);
DelegationToken dt = new DelegationToken(userID, scopeURI, expiry.getTime());
Alinga Yeung
committed
return DelegationToken.format(dt);
}
else
{
throw new IllegalArgumentException("Missing email address");
}
Alinga Yeung
committed
});
Alinga Yeung
committed
response.setContentType("text/plain");
response.setContentLength(token.length());
response.getWriter().write(token);
}
else
{
logInfo.setMessage("Permission denied subject");
response.setStatus(HttpServletResponse.SC_FORBIDDEN);
}
Alinga Yeung
committed
catch (Throwable t)
Alinga Yeung
committed
try
Alinga Yeung
committed
if (t instanceof PrivilegedActionException)
{
Exception e = ((PrivilegedActionException) t).getException();
if (e != null)
Alinga Yeung
committed
{
Alinga Yeung
committed
throw e;
Alinga Yeung
committed
}
Alinga Yeung
committed
throw t;
}
catch (UserAlreadyExistsException e)
{
log.debug(e.getMessage(), e);
logInfo.setMessage(e.getMessage());
response.setStatus(HttpServletResponse.SC_CONFLICT);
}
Alinga Yeung
committed
catch (UserNotFoundException e)
{
log.debug(e.getMessage(), e);
logInfo.setMessage(e.getMessage());
response.setStatus(HttpServletResponse.SC_NOT_FOUND);
Alinga Yeung
committed
catch (IllegalArgumentException e)
{
log.debug(e.getMessage(), e);
logInfo.setMessage(e.getMessage());
response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
}
catch (TransientException e)
{
log.debug(e.getMessage(), e);
String message = e.getMessage();
logInfo.setMessage(message);
logInfo.setSuccess(false);
response.setContentType("text/plain");
if (e.getRetryDelay() > 0)
response.setHeader("Retry-After", Integer.toString(e.getRetryDelay()));
response.getWriter().write("Transient Error: " + message);
response.setStatus(503);
}
Alinga Yeung
committed
catch (AccessControlException e)
{
log.debug(e.getMessage(), e);
logInfo.setMessage(e.getMessage());
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
}
catch (Throwable t1)
{
String message = "Internal Server Error: " + t.getMessage();
log.error(message, t);
logInfo.setSuccess(false);
logInfo.setMessage(message);
response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
}
}
finally
{
logInfo.setElapsedTime(System.currentTimeMillis() - start);
log.info(logInfo.end());
}
}
/**
* Attempt to change password.
*
* @param request The HTTP Request.
* @param response The HTTP Response.
* @throws IOException Any errors that are not expected.
Alinga Yeung
committed
*/
public void doPost(final HttpServletRequest request,
final HttpServletResponse response)
throws IOException
{
final long start = System.currentTimeMillis();
final ServletLogInfo logInfo = new ServletLogInfo(request);
log.info(logInfo.start());
try
{
final Subject subject = getSubject(request);
logInfo.setSubject(subject);
if ((subject == null) || (subject.getPrincipals().isEmpty()))
{
logInfo.setMessage("Unauthorized subject");
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
}
else
{
Subject.doAs(subject, new PrivilegedExceptionAction<Object>()
{
public Object run() throws Exception
{
Set<HttpPrincipal> pset = subject.getPrincipals(HttpPrincipal.class);
if (pset.isEmpty())
Alinga Yeung
committed
{
throw new IllegalStateException("no HttpPrincipal in subject");
Alinga Yeung
committed
}
HttpPrincipal userID = pset.iterator().next();
Alinga Yeung
committed
String newPassword = request.getParameter("password");
if (StringUtil.hasText(newPassword))
Alinga Yeung
committed
userPersistence.resetPassword(userID, newPassword);
Alinga Yeung
committed
throw new IllegalArgumentException("Missing password");
return null;
}
});
}
}
catch (Throwable t)
{
Alinga Yeung
committed
try
{
if (t instanceof PrivilegedActionException)
{
Exception e = ((PrivilegedActionException) t).getException();
if (e != null)
{
throw e;
}
}
Alinga Yeung
committed
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
throw t;
}
catch (UserNotFoundException e)
{
log.debug(e.getMessage(), e);
logInfo.setMessage(e.getMessage());
response.setStatus(HttpServletResponse.SC_NOT_FOUND);
}
catch (IllegalArgumentException e)
{
log.debug(e.getMessage(), e);
logInfo.setMessage(e.getMessage());
response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
}
catch (AccessControlException e)
{
log.debug(e.getMessage(), e);
logInfo.setMessage(e.getMessage());
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
}
catch (Throwable t1)
{
String message = "Internal Server Error: " + t.getMessage();
log.error(message, t);
logInfo.setSuccess(false);
logInfo.setMessage(message);
response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
}
}
finally
{
logInfo.setElapsedTime(System.currentTimeMillis() - start);
log.info(logInfo.end());
}
Alinga Yeung
committed
}
/**
* Get and augment the Subject. Tests can override this method.
*
* @param request Servlet request
* @return augmented Subject
*/
Subject getSubject(final HttpServletRequest request)
{
return AuthenticationUtil.getSubject(request);
}
}