Loading cadcTomcat/build.xml +1 −1 Original line number Diff line number Diff line Loading @@ -136,7 +136,7 @@ </classpath> <test name="ca.nrc.cadc.tomcat.CadcBasicAuthenticatorTest"/> <test name="ca.nrc.cadc.tomcat.RealmRegistryClientTest"/> <test name="ca.nrc.cadc.tomcat.AuthenticationLookupTest"/> <formatter type="plain" usefile="false"/> </junit> </target> Loading cadcTomcat/src/ca/nrc/cadc/tomcat/RealmRegistryClient.java→cadcTomcat/src/ca/nrc/cadc/tomcat/AuthenticationLookup.java +26 −147 Original line number Diff line number Diff line Loading @@ -69,21 +69,13 @@ package ca.nrc.cadc.tomcat; import java.io.File; import java.io.IOException; import java.io.InputStream; import java.net.InetAddress; import java.net.MalformedURLException; import java.net.URI; import java.net.URL; import java.net.UnknownHostException; import java.util.List; import org.apache.log4j.Logger; import java.util.ArrayList; import java.util.ListIterator; /** * A very simple caching IVOA Registry client. All the lookups done by this client use a properties Loading @@ -102,52 +94,26 @@ import java.util.ListIterator; * <pre> * ca.nrc.cadc.reg.client.RegistryClient.host=www.example.com * </pre> * * <p> * This class is a forked and trimmed version of ca.nrc.cadc.reg.client.RegistryClient. It was forked * to allow the realm implementation to be deployed without library dependencies. * * @author pdowler */ public class RealmRegistryClient public class AuthenticationLookup { private static Logger log = Logger.getLogger(RealmRegistryClient.class); private static Logger log = Logger.getLogger(AuthenticationLookup.class); private static final String CACHE_FILENAME = "RegistryClient.properties"; private static final String LOCAL_PROPERTY = "ca.nrc.cadc.reg.client.RegistryClient.local"; private static final String HOST_PROPERTY = "ca.nrc.cadc.reg.client.RegistryClient.host"; private static final String SHORT_HOST_PROPERTY = "ca.nrc.cadc.reg.client.RegistryClient.shortHostname"; private URL url; private RealmMultiValuedProperties mvp; private String hostname; private String shortHostname; /** * Constructor. Uses a properties file called RegistryClient.properties found in the classpath. */ public RealmRegistryClient() { try { File conf = new File(System.getProperty("user.home") + "/config", CACHE_FILENAME); URL furl; if (conf.exists()) furl = new URL("file://" + conf.getAbsolutePath()); else furl = RealmRegistryClient.class.getResource("/"+CACHE_FILENAME); init(furl, false); } catch(Exception ex) { throw new RuntimeException("failed to find URL to " + CACHE_FILENAME, ex); } } private void init(URL url, boolean unused) private void init() { this.url = url; try { String localP = System.getProperty(LOCAL_PROPERTY); Loading @@ -159,8 +125,10 @@ public class RealmRegistryClient log.debug("shortHost: " + shortHostP); if ("true".equals(localP)) { log.debug(LOCAL_PROPERTY + " is set, assuming localhost runs the service"); this.hostname = InetAddress.getLocalHost().getCanonicalHostName(); log.debug(LOCAL_PROPERTY + " is set, assuming localhost runs the service"); this.hostname = InetAddress.getLocalHost() .getCanonicalHostName(); } if (shortHostP != null) Loading @@ -176,66 +144,36 @@ public class RealmRegistryClient { hostP = hostP.trim(); if (hostP.length() > 0) { this.hostname = hostP; } } } catch (UnknownHostException ex) { log.warn("failed to find localhost name via name resolution (" + ex.toString() + "): using localhost"); log.warn("failed to find localhost name via name resolution (" + ex.toString() + "): using localhost"); this.hostname = "localhost"; } } public URL getServiceURL(URI serviceID, String protocol, String path) public URL configureAuthenticationServiceURL(URL serviceURL) throws MalformedURLException { init(); log.debug("getServiceURL: " + serviceID + "," + protocol + "," + path); //List<URL> urls = lookup.get(serviceID); List<String> strs = mvp.getProperty(serviceID.toString()); if (strs == null || strs.isEmpty() ) { return null; // no matching serviceURI } List<Service> srvs = new ArrayList<Service>(strs.size()); for (String s : strs) { srvs.add(new Service(s)); } String testproto = protocol + "://"; ListIterator<Service> iter = srvs.listIterator(); while ( iter.hasNext() ) { Service srv = iter.next(); boolean noMatch = false; if (protocol != null && !srv.url.startsWith(testproto)) noMatch = true; // wrong protocol if (noMatch) { iter.remove(); log.debug("getServiceURL: constraints not matched: " + srv + " vs " + protocol); } else log.debug("getServiceURL: found match: " + srv + " vs " + protocol); } if (srvs.isEmpty()) return null; Service srv = srvs.get(0); // first match log.debug("configureAuthenticationServiceURL: " + serviceURL + "," + serviceURL.getProtocol() + "," + serviceURL.getPath()); StringBuilder sb = new StringBuilder(); final StringBuilder sb = new StringBuilder(); if (hostname != null || shortHostname != null) { URL ret = new URL(srv.url); sb.append(ret.getProtocol()); sb.append(serviceURL.getProtocol()); sb.append("://"); if (shortHostname != null) { String hname = shortHostname; String fqhn = ret.getHost(); String fqhn = serviceURL.getHost(); int i = fqhn.indexOf('.'); if (i > 0) { Loading @@ -248,78 +186,19 @@ public class RealmRegistryClient { sb.append(hostname); } int p = ret.getPort(); if (p > 0 && p != ret.getDefaultPort()) int p = serviceURL.getPort(); if (p > 0 && p != serviceURL.getDefaultPort()) { sb.append(":"); sb.append(p); } sb.append(ret.getPath()); sb.append(serviceURL.getPath()); } else sb.append(srv.url); if (path != null) sb.append(path); return new URL(sb.toString()); } private class Service { String str; String url; public String toString() { return str; } Service(String s) { this.str = s; String[] parts = s.split(" "); this.url = parts[0]; sb.append(serviceURL); } } private void init() { if (mvp != null) return; InputStream istream = null; try { // find the cache resource from the url if (url == null) throw new RuntimeException("failed to find cache resource."); // read the properties log.debug("init: reading config from " + url); istream = url.openStream(); this.mvp = new RealmMultiValuedProperties(); mvp.load(istream); if (log.isDebugEnabled()) { for (String k : mvp.keySet()) { List<String> values = mvp.getProperty(k); for (String v : values) { log.debug(k + " = " + v); } } } } catch(IOException ex) { throw new RuntimeException("failed to load resource: " + CACHE_FILENAME, ex); } finally { if (istream != null) try { istream.close(); } catch(Throwable t) { log.warn("failed to close " + url, t); } } return new URL(sb.toString()); } } cadcTomcat/src/ca/nrc/cadc/tomcat/CadcBasicAuthenticator.java +40 −25 Original line number Diff line number Diff line Loading @@ -71,11 +71,9 @@ package ca.nrc.cadc.tomcat; import java.io.IOException; import java.net.HttpURLConnection; import java.net.URI; import java.net.URISyntaxException; import java.net.URL; import java.security.Principal; import java.util.Arrays; import java.util.Collections; import java.util.List; import org.apache.catalina.realm.GenericPrincipal; Loading @@ -83,11 +81,12 @@ import org.apache.catalina.realm.RealmBase; import org.apache.log4j.Level; import org.apache.log4j.Logger; /** * Custom class for Tomcat realm authentication. * * <p> * This class was written against the Apache Tomcat 7 (7.0.33.0) API * * <p> * Authentication checks are performed as REST calls to servers * implementing the cadcAccessControl-Server code. * Loading @@ -97,7 +96,9 @@ public class CadcBasicAuthenticator extends RealmBase { private static Logger log = Logger.getLogger(CadcBasicAuthenticator.class); private static final String AC_URI = "ivo://ivoa.net/std/UMS#login-0.1"; private String loginURL; static { Loading @@ -105,6 +106,17 @@ public class CadcBasicAuthenticator extends RealmBase Logger.getLogger("ca.nrc.cadc.tomcat").setLevel(Level.INFO); } /** * Set the login URL for the current host. Used by the realm configuration. * * @param loginURL The String login URL. */ public void setLoginURL(final String loginURL) { this.loginURL = loginURL; } @Override protected String getName() { Loading Loading @@ -139,7 +151,7 @@ public class CadcBasicAuthenticator extends RealmBase if (valid) { // authentication ok, add public role List<String> roles = Arrays.asList("public"); List<String> roles = Collections.singletonList("public"); // Don't want to return the password here in the principal // in case it makes it into the servlet somehow Loading @@ -151,7 +163,8 @@ public class CadcBasicAuthenticator extends RealmBase catch (Throwable t) { success = false; String message = "Could not do http basic authentication: " + t.getMessage(); String message = "Could not do http basic authentication: " + t.getMessage(); log.error(message, t); throw new IllegalStateException(message, t); } Loading @@ -159,28 +172,30 @@ public class CadcBasicAuthenticator extends RealmBase { long duration = System.currentTimeMillis() - start; StringBuilder json = new StringBuilder(); json.append("{"); json.append("\"method\":\"AUTH\","); json.append("\"user\":\"" + username + "\","); json.append("\"success\":" + success + ","); json.append("\"time\":" + duration); json.append("}"); // Converted from StringBuilder as it was unnecessary. // jenkinsd 2016.08.09 String json = "{" + "\"method\":\"AUTH\"," + "\"user\":\"" + username + "\"," + "\"success\":" + success + "," + "\"time\":" + duration + "}"; log.info(json.toString()); log.info(json); } } boolean login(String username, String credentials) throws URISyntaxException, IOException throws IOException { RealmRegistryClient registryClient = new RealmRegistryClient(); URL loginURL = registryClient.getServiceURL( new URI(AC_URI + "#login"), "http", ""); AuthenticationLookup registryClient = new AuthenticationLookup(); URL authServiceURL = registryClient.configureAuthenticationServiceURL( new URL(loginURL)); String post = "username=" + username + "&password=" + credentials; HttpURLConnection conn = (HttpURLConnection) loginURL.openConnection(); HttpURLConnection conn = (HttpURLConnection) authServiceURL.openConnection(); conn.setRequestMethod("POST"); conn.setDoOutput(true); Loading @@ -199,7 +214,8 @@ public class CadcBasicAuthenticator extends RealmBase { // not an unauthorized, so log the // possible server side error String errorMessage = "Error calling /ac/login, error code: " + responseCode; String errorMessage = "Error calling /ac/login, error code: " + responseCode; throw new IllegalStateException(errorMessage); } Loading @@ -211,5 +227,4 @@ public class CadcBasicAuthenticator extends RealmBase } } cadcTomcat/test/src/ca/nrc/cadc/tomcat/RealmRegistryClientTest.java→cadcTomcat/test/src/ca/nrc/cadc/tomcat/AuthenticationLookupTest.java +48 −100 Original line number Diff line number Diff line Loading @@ -70,6 +70,7 @@ package ca.nrc.cadc.tomcat; import java.net.InetAddress; import java.net.MalformedURLException; import java.net.URI; import java.net.URL; Loading @@ -84,12 +85,12 @@ import org.junit.Test; /** * * @author pdowler */ public class RealmRegistryClientTest public class AuthenticationLookupTest { private static Logger log = Logger.getLogger(RealmRegistryClientTest.class); private static Logger log = Logger .getLogger(AuthenticationLookupTest.class); static { Loading Loading @@ -130,110 +131,47 @@ public class RealmRegistryClientTest { } static String DUMMY_URI = "ivo://example.com/srv"; static String DUMMY_URL = "http://www.example.com/current/path/to/my/service"; static String DUMMY_CERT_URL = "https://www.example.com/current/path/to/my/service"; static String DUMMY_PASSWORD_URL = "http://www.example.com/current/path/to/my/auth-service"; static String DUMMY_TOKEN_URL = DUMMY_URL; static String DUMMY_COOKIE_URL = DUMMY_URL; static URL DUMMY_URL; @Test public void testNotFound() throws Exception static { try { RealmRegistryClient rc = new RealmRegistryClient(); URL url = rc.getServiceURL(new URI("ivo://foo/bar"), null, null); Assert.assertNull(url); DUMMY_URL = new URL( "http://www.example.com/current/path/to/my/service"); } catch(Exception unexpected) catch (MalformedURLException e) { log.error("unexpected exception", unexpected); Assert.fail("unexpected exception: " + unexpected); // Will never happen. } } @Test public void testFound() throws Exception { try { RealmRegistryClient rc = new RealmRegistryClient(); URL expected = new URL(DUMMY_URL); URL url = rc.getServiceURL(new URI(DUMMY_URI), null, null); Assert.assertEquals(expected, url); } catch(Exception unexpected) { log.error("unexpected exception", unexpected); Assert.fail("unexpected exception: " + unexpected); } } @Test public void testFoundViaConfigFile() throws Exception { String home = System.getProperty("user.home"); try public void testFound() throws Exception { String fakeHome = System.getProperty("user.dir") + "/test"; log.debug("setting user.home = " + fakeHome); System.setProperty("user.home", fakeHome); RealmRegistryClient rc = new RealmRegistryClient(); AuthenticationLookup authLookup = new AuthenticationLookup(); URL expected = new URL("http://alt.example.com/current/path/to/my/service"); URL url = rc.getServiceURL(new URI("ivo://example.com/srv"), "http", null); Assert.assertEquals(expected, url); URL url = authLookup.configureAuthenticationServiceURL(DUMMY_URL); Assert.assertEquals(DUMMY_URL, url); } catch(Exception unexpected) { log.error("unexpected exception", unexpected); Assert.fail("unexpected exception: " + unexpected); } finally { // reset System.setProperty("user.home", home); } } @Test public void testFoundWithProtocol() throws Exception { try { RealmRegistryClient rc = new RealmRegistryClient(); URL expected = new URL(DUMMY_URL); URL url = rc.getServiceURL(new URI(DUMMY_URI), "http", null); Assert.assertEquals(expected, url); expected = new URL(DUMMY_CERT_URL); url = rc.getServiceURL(new URI(DUMMY_URI), "https", null); Assert.assertEquals(expected, url); } catch(Exception unexpected) { log.error("unexpected exception", unexpected); Assert.fail("unexpected exception: " + unexpected); } } @Test public void testFoundLocal() throws Exception { try { System.setProperty("ca.nrc.cadc.reg.client.RegistryClient.local", "true"); RealmRegistryClient rc = new RealmRegistryClient(); System.setProperty("ca.nrc.cadc.reg.client.RegistryClient.local", "true"); AuthenticationLookup authLookup = new AuthenticationLookup(); String localhost = InetAddress.getLocalHost().getCanonicalHostName(); URL expected = new URL("http://" + localhost + "/current/path/to/my/service"); String localhost = InetAddress.getLocalHost() .getCanonicalHostName(); URL expected = new URL("http://" + localhost + "/current/path/to/my/service"); URL url = rc.getServiceURL(new URI(DUMMY_URI), null, null); URL url = authLookup.configureAuthenticationServiceURL(DUMMY_URL); Assert.assertEquals(expected, url); } catch (Exception unexpected) Loading @@ -243,7 +181,8 @@ public class RealmRegistryClientTest } finally { System.setProperty("ca.nrc.cadc.reg.client.RegistryClient.local", "false"); System.setProperty("ca.nrc.cadc.reg.client.RegistryClient.local", "false"); } } Loading @@ -252,14 +191,17 @@ public class RealmRegistryClientTest { try { System.setProperty("ca.nrc.cadc.reg.client.RegistryClient.host", "foo.bar.com"); RealmRegistryClient rc = new RealmRegistryClient(); System.setProperty("ca.nrc.cadc.reg.client.RegistryClient.host", "foo.bar.com"); AuthenticationLookup authLookup = new AuthenticationLookup(); URL url = rc.getServiceURL(new URI(DUMMY_URI), null, null); Assert.assertEquals("http://foo.bar.com/current/path/to/my/service", url.toExternalForm()); URL url = authLookup.configureAuthenticationServiceURL(DUMMY_URL); Assert.assertEquals("http://foo.bar.com/current/path/to/my/service", url.toExternalForm()); url = rc.getServiceURL(new URI(DUMMY_URI), null, null); Assert.assertEquals("http://foo.bar.com/current/path/to/my/service", url.toExternalForm()); url = authLookup.configureAuthenticationServiceURL(DUMMY_URL); Assert.assertEquals("http://foo.bar.com/current/path/to/my/service", url.toExternalForm()); } catch (Exception unexpected) { Loading @@ -268,7 +210,8 @@ public class RealmRegistryClientTest } finally { System.setProperty("ca.nrc.cadc.reg.client.RegistryClient.host", ""); System.setProperty("ca.nrc.cadc.reg.client.RegistryClient.host", ""); } } Loading @@ -277,11 +220,15 @@ public class RealmRegistryClientTest { try { System.setProperty("ca.nrc.cadc.reg.client.RegistryClient.shortHostname", "foo"); RealmRegistryClient rc = new RealmRegistryClient(); System.setProperty( "ca.nrc.cadc.reg.client.RegistryClient.shortHostname", "foo"); AuthenticationLookup authLookup = new AuthenticationLookup(); URL url = rc.getServiceURL(new URI(DUMMY_URI), null, null); Assert.assertEquals("http://foo.example.com/current/path/to/my/service", url.toExternalForm()); URL url = authLookup.configureAuthenticationServiceURL(DUMMY_URL); Assert.assertEquals( "http://foo.example.com/current/path/to/my/service", url.toExternalForm()); } catch (Exception unexpected) Loading @@ -291,7 +238,8 @@ public class RealmRegistryClientTest } finally { System.setProperty("ca.nrc.cadc.reg.client.RegistryClient.shortHostname", ""); System.setProperty( "ca.nrc.cadc.reg.client.RegistryClient.shortHostname", ""); } } } cadcTomcat/test/src/ca/nrc/cadc/tomcat/CadcBasicAuthenticatorTest.java +8 −6 Original line number Diff line number Diff line Loading @@ -71,7 +71,6 @@ package ca.nrc.cadc.tomcat; import java.io.IOException; import java.net.URISyntaxException; import junit.framework.Assert; Loading @@ -80,10 +79,12 @@ import org.apache.log4j.Level; import org.apache.log4j.Logger; import org.junit.Test; public class CadcBasicAuthenticatorTest { private static Logger log = Logger.getLogger(CadcBasicAuthenticatorTest.class); private static Logger log = Logger.getLogger(CadcBasicAuthenticatorTest.class); static { Loading @@ -97,7 +98,8 @@ public class CadcBasicAuthenticatorTest try { TestAuthenticator auth = new TestAuthenticator(true); GenericPrincipal p = (GenericPrincipal) auth.authenticate("user", "pass"); GenericPrincipal p = (GenericPrincipal) auth.authenticate("user", "pass"); Assert.assertNotNull(p); Assert.assertEquals("wrong num roles", 1, p.getRoles().length); Loading @@ -117,7 +119,8 @@ public class CadcBasicAuthenticatorTest try { TestAuthenticator auth = new TestAuthenticator(false); GenericPrincipal p = (GenericPrincipal) auth.authenticate("user", "pass"); GenericPrincipal p = (GenericPrincipal) auth.authenticate("user", "pass"); Assert.assertNull(p); } Loading @@ -138,8 +141,7 @@ public class CadcBasicAuthenticatorTest } @Override boolean login(String username, String credentials) throws URISyntaxException, IOException boolean login(String username, String credentials) throws IOException { return authenticate; } Loading Loading
cadcTomcat/build.xml +1 −1 Original line number Diff line number Diff line Loading @@ -136,7 +136,7 @@ </classpath> <test name="ca.nrc.cadc.tomcat.CadcBasicAuthenticatorTest"/> <test name="ca.nrc.cadc.tomcat.RealmRegistryClientTest"/> <test name="ca.nrc.cadc.tomcat.AuthenticationLookupTest"/> <formatter type="plain" usefile="false"/> </junit> </target> Loading
cadcTomcat/src/ca/nrc/cadc/tomcat/RealmRegistryClient.java→cadcTomcat/src/ca/nrc/cadc/tomcat/AuthenticationLookup.java +26 −147 Original line number Diff line number Diff line Loading @@ -69,21 +69,13 @@ package ca.nrc.cadc.tomcat; import java.io.File; import java.io.IOException; import java.io.InputStream; import java.net.InetAddress; import java.net.MalformedURLException; import java.net.URI; import java.net.URL; import java.net.UnknownHostException; import java.util.List; import org.apache.log4j.Logger; import java.util.ArrayList; import java.util.ListIterator; /** * A very simple caching IVOA Registry client. All the lookups done by this client use a properties Loading @@ -102,52 +94,26 @@ import java.util.ListIterator; * <pre> * ca.nrc.cadc.reg.client.RegistryClient.host=www.example.com * </pre> * * <p> * This class is a forked and trimmed version of ca.nrc.cadc.reg.client.RegistryClient. It was forked * to allow the realm implementation to be deployed without library dependencies. * * @author pdowler */ public class RealmRegistryClient public class AuthenticationLookup { private static Logger log = Logger.getLogger(RealmRegistryClient.class); private static Logger log = Logger.getLogger(AuthenticationLookup.class); private static final String CACHE_FILENAME = "RegistryClient.properties"; private static final String LOCAL_PROPERTY = "ca.nrc.cadc.reg.client.RegistryClient.local"; private static final String HOST_PROPERTY = "ca.nrc.cadc.reg.client.RegistryClient.host"; private static final String SHORT_HOST_PROPERTY = "ca.nrc.cadc.reg.client.RegistryClient.shortHostname"; private URL url; private RealmMultiValuedProperties mvp; private String hostname; private String shortHostname; /** * Constructor. Uses a properties file called RegistryClient.properties found in the classpath. */ public RealmRegistryClient() { try { File conf = new File(System.getProperty("user.home") + "/config", CACHE_FILENAME); URL furl; if (conf.exists()) furl = new URL("file://" + conf.getAbsolutePath()); else furl = RealmRegistryClient.class.getResource("/"+CACHE_FILENAME); init(furl, false); } catch(Exception ex) { throw new RuntimeException("failed to find URL to " + CACHE_FILENAME, ex); } } private void init(URL url, boolean unused) private void init() { this.url = url; try { String localP = System.getProperty(LOCAL_PROPERTY); Loading @@ -159,8 +125,10 @@ public class RealmRegistryClient log.debug("shortHost: " + shortHostP); if ("true".equals(localP)) { log.debug(LOCAL_PROPERTY + " is set, assuming localhost runs the service"); this.hostname = InetAddress.getLocalHost().getCanonicalHostName(); log.debug(LOCAL_PROPERTY + " is set, assuming localhost runs the service"); this.hostname = InetAddress.getLocalHost() .getCanonicalHostName(); } if (shortHostP != null) Loading @@ -176,66 +144,36 @@ public class RealmRegistryClient { hostP = hostP.trim(); if (hostP.length() > 0) { this.hostname = hostP; } } } catch (UnknownHostException ex) { log.warn("failed to find localhost name via name resolution (" + ex.toString() + "): using localhost"); log.warn("failed to find localhost name via name resolution (" + ex.toString() + "): using localhost"); this.hostname = "localhost"; } } public URL getServiceURL(URI serviceID, String protocol, String path) public URL configureAuthenticationServiceURL(URL serviceURL) throws MalformedURLException { init(); log.debug("getServiceURL: " + serviceID + "," + protocol + "," + path); //List<URL> urls = lookup.get(serviceID); List<String> strs = mvp.getProperty(serviceID.toString()); if (strs == null || strs.isEmpty() ) { return null; // no matching serviceURI } List<Service> srvs = new ArrayList<Service>(strs.size()); for (String s : strs) { srvs.add(new Service(s)); } String testproto = protocol + "://"; ListIterator<Service> iter = srvs.listIterator(); while ( iter.hasNext() ) { Service srv = iter.next(); boolean noMatch = false; if (protocol != null && !srv.url.startsWith(testproto)) noMatch = true; // wrong protocol if (noMatch) { iter.remove(); log.debug("getServiceURL: constraints not matched: " + srv + " vs " + protocol); } else log.debug("getServiceURL: found match: " + srv + " vs " + protocol); } if (srvs.isEmpty()) return null; Service srv = srvs.get(0); // first match log.debug("configureAuthenticationServiceURL: " + serviceURL + "," + serviceURL.getProtocol() + "," + serviceURL.getPath()); StringBuilder sb = new StringBuilder(); final StringBuilder sb = new StringBuilder(); if (hostname != null || shortHostname != null) { URL ret = new URL(srv.url); sb.append(ret.getProtocol()); sb.append(serviceURL.getProtocol()); sb.append("://"); if (shortHostname != null) { String hname = shortHostname; String fqhn = ret.getHost(); String fqhn = serviceURL.getHost(); int i = fqhn.indexOf('.'); if (i > 0) { Loading @@ -248,78 +186,19 @@ public class RealmRegistryClient { sb.append(hostname); } int p = ret.getPort(); if (p > 0 && p != ret.getDefaultPort()) int p = serviceURL.getPort(); if (p > 0 && p != serviceURL.getDefaultPort()) { sb.append(":"); sb.append(p); } sb.append(ret.getPath()); sb.append(serviceURL.getPath()); } else sb.append(srv.url); if (path != null) sb.append(path); return new URL(sb.toString()); } private class Service { String str; String url; public String toString() { return str; } Service(String s) { this.str = s; String[] parts = s.split(" "); this.url = parts[0]; sb.append(serviceURL); } } private void init() { if (mvp != null) return; InputStream istream = null; try { // find the cache resource from the url if (url == null) throw new RuntimeException("failed to find cache resource."); // read the properties log.debug("init: reading config from " + url); istream = url.openStream(); this.mvp = new RealmMultiValuedProperties(); mvp.load(istream); if (log.isDebugEnabled()) { for (String k : mvp.keySet()) { List<String> values = mvp.getProperty(k); for (String v : values) { log.debug(k + " = " + v); } } } } catch(IOException ex) { throw new RuntimeException("failed to load resource: " + CACHE_FILENAME, ex); } finally { if (istream != null) try { istream.close(); } catch(Throwable t) { log.warn("failed to close " + url, t); } } return new URL(sb.toString()); } }
cadcTomcat/src/ca/nrc/cadc/tomcat/CadcBasicAuthenticator.java +40 −25 Original line number Diff line number Diff line Loading @@ -71,11 +71,9 @@ package ca.nrc.cadc.tomcat; import java.io.IOException; import java.net.HttpURLConnection; import java.net.URI; import java.net.URISyntaxException; import java.net.URL; import java.security.Principal; import java.util.Arrays; import java.util.Collections; import java.util.List; import org.apache.catalina.realm.GenericPrincipal; Loading @@ -83,11 +81,12 @@ import org.apache.catalina.realm.RealmBase; import org.apache.log4j.Level; import org.apache.log4j.Logger; /** * Custom class for Tomcat realm authentication. * * <p> * This class was written against the Apache Tomcat 7 (7.0.33.0) API * * <p> * Authentication checks are performed as REST calls to servers * implementing the cadcAccessControl-Server code. * Loading @@ -97,7 +96,9 @@ public class CadcBasicAuthenticator extends RealmBase { private static Logger log = Logger.getLogger(CadcBasicAuthenticator.class); private static final String AC_URI = "ivo://ivoa.net/std/UMS#login-0.1"; private String loginURL; static { Loading @@ -105,6 +106,17 @@ public class CadcBasicAuthenticator extends RealmBase Logger.getLogger("ca.nrc.cadc.tomcat").setLevel(Level.INFO); } /** * Set the login URL for the current host. Used by the realm configuration. * * @param loginURL The String login URL. */ public void setLoginURL(final String loginURL) { this.loginURL = loginURL; } @Override protected String getName() { Loading Loading @@ -139,7 +151,7 @@ public class CadcBasicAuthenticator extends RealmBase if (valid) { // authentication ok, add public role List<String> roles = Arrays.asList("public"); List<String> roles = Collections.singletonList("public"); // Don't want to return the password here in the principal // in case it makes it into the servlet somehow Loading @@ -151,7 +163,8 @@ public class CadcBasicAuthenticator extends RealmBase catch (Throwable t) { success = false; String message = "Could not do http basic authentication: " + t.getMessage(); String message = "Could not do http basic authentication: " + t.getMessage(); log.error(message, t); throw new IllegalStateException(message, t); } Loading @@ -159,28 +172,30 @@ public class CadcBasicAuthenticator extends RealmBase { long duration = System.currentTimeMillis() - start; StringBuilder json = new StringBuilder(); json.append("{"); json.append("\"method\":\"AUTH\","); json.append("\"user\":\"" + username + "\","); json.append("\"success\":" + success + ","); json.append("\"time\":" + duration); json.append("}"); // Converted from StringBuilder as it was unnecessary. // jenkinsd 2016.08.09 String json = "{" + "\"method\":\"AUTH\"," + "\"user\":\"" + username + "\"," + "\"success\":" + success + "," + "\"time\":" + duration + "}"; log.info(json.toString()); log.info(json); } } boolean login(String username, String credentials) throws URISyntaxException, IOException throws IOException { RealmRegistryClient registryClient = new RealmRegistryClient(); URL loginURL = registryClient.getServiceURL( new URI(AC_URI + "#login"), "http", ""); AuthenticationLookup registryClient = new AuthenticationLookup(); URL authServiceURL = registryClient.configureAuthenticationServiceURL( new URL(loginURL)); String post = "username=" + username + "&password=" + credentials; HttpURLConnection conn = (HttpURLConnection) loginURL.openConnection(); HttpURLConnection conn = (HttpURLConnection) authServiceURL.openConnection(); conn.setRequestMethod("POST"); conn.setDoOutput(true); Loading @@ -199,7 +214,8 @@ public class CadcBasicAuthenticator extends RealmBase { // not an unauthorized, so log the // possible server side error String errorMessage = "Error calling /ac/login, error code: " + responseCode; String errorMessage = "Error calling /ac/login, error code: " + responseCode; throw new IllegalStateException(errorMessage); } Loading @@ -211,5 +227,4 @@ public class CadcBasicAuthenticator extends RealmBase } }
cadcTomcat/test/src/ca/nrc/cadc/tomcat/RealmRegistryClientTest.java→cadcTomcat/test/src/ca/nrc/cadc/tomcat/AuthenticationLookupTest.java +48 −100 Original line number Diff line number Diff line Loading @@ -70,6 +70,7 @@ package ca.nrc.cadc.tomcat; import java.net.InetAddress; import java.net.MalformedURLException; import java.net.URI; import java.net.URL; Loading @@ -84,12 +85,12 @@ import org.junit.Test; /** * * @author pdowler */ public class RealmRegistryClientTest public class AuthenticationLookupTest { private static Logger log = Logger.getLogger(RealmRegistryClientTest.class); private static Logger log = Logger .getLogger(AuthenticationLookupTest.class); static { Loading Loading @@ -130,110 +131,47 @@ public class RealmRegistryClientTest { } static String DUMMY_URI = "ivo://example.com/srv"; static String DUMMY_URL = "http://www.example.com/current/path/to/my/service"; static String DUMMY_CERT_URL = "https://www.example.com/current/path/to/my/service"; static String DUMMY_PASSWORD_URL = "http://www.example.com/current/path/to/my/auth-service"; static String DUMMY_TOKEN_URL = DUMMY_URL; static String DUMMY_COOKIE_URL = DUMMY_URL; static URL DUMMY_URL; @Test public void testNotFound() throws Exception static { try { RealmRegistryClient rc = new RealmRegistryClient(); URL url = rc.getServiceURL(new URI("ivo://foo/bar"), null, null); Assert.assertNull(url); DUMMY_URL = new URL( "http://www.example.com/current/path/to/my/service"); } catch(Exception unexpected) catch (MalformedURLException e) { log.error("unexpected exception", unexpected); Assert.fail("unexpected exception: " + unexpected); // Will never happen. } } @Test public void testFound() throws Exception { try { RealmRegistryClient rc = new RealmRegistryClient(); URL expected = new URL(DUMMY_URL); URL url = rc.getServiceURL(new URI(DUMMY_URI), null, null); Assert.assertEquals(expected, url); } catch(Exception unexpected) { log.error("unexpected exception", unexpected); Assert.fail("unexpected exception: " + unexpected); } } @Test public void testFoundViaConfigFile() throws Exception { String home = System.getProperty("user.home"); try public void testFound() throws Exception { String fakeHome = System.getProperty("user.dir") + "/test"; log.debug("setting user.home = " + fakeHome); System.setProperty("user.home", fakeHome); RealmRegistryClient rc = new RealmRegistryClient(); AuthenticationLookup authLookup = new AuthenticationLookup(); URL expected = new URL("http://alt.example.com/current/path/to/my/service"); URL url = rc.getServiceURL(new URI("ivo://example.com/srv"), "http", null); Assert.assertEquals(expected, url); URL url = authLookup.configureAuthenticationServiceURL(DUMMY_URL); Assert.assertEquals(DUMMY_URL, url); } catch(Exception unexpected) { log.error("unexpected exception", unexpected); Assert.fail("unexpected exception: " + unexpected); } finally { // reset System.setProperty("user.home", home); } } @Test public void testFoundWithProtocol() throws Exception { try { RealmRegistryClient rc = new RealmRegistryClient(); URL expected = new URL(DUMMY_URL); URL url = rc.getServiceURL(new URI(DUMMY_URI), "http", null); Assert.assertEquals(expected, url); expected = new URL(DUMMY_CERT_URL); url = rc.getServiceURL(new URI(DUMMY_URI), "https", null); Assert.assertEquals(expected, url); } catch(Exception unexpected) { log.error("unexpected exception", unexpected); Assert.fail("unexpected exception: " + unexpected); } } @Test public void testFoundLocal() throws Exception { try { System.setProperty("ca.nrc.cadc.reg.client.RegistryClient.local", "true"); RealmRegistryClient rc = new RealmRegistryClient(); System.setProperty("ca.nrc.cadc.reg.client.RegistryClient.local", "true"); AuthenticationLookup authLookup = new AuthenticationLookup(); String localhost = InetAddress.getLocalHost().getCanonicalHostName(); URL expected = new URL("http://" + localhost + "/current/path/to/my/service"); String localhost = InetAddress.getLocalHost() .getCanonicalHostName(); URL expected = new URL("http://" + localhost + "/current/path/to/my/service"); URL url = rc.getServiceURL(new URI(DUMMY_URI), null, null); URL url = authLookup.configureAuthenticationServiceURL(DUMMY_URL); Assert.assertEquals(expected, url); } catch (Exception unexpected) Loading @@ -243,7 +181,8 @@ public class RealmRegistryClientTest } finally { System.setProperty("ca.nrc.cadc.reg.client.RegistryClient.local", "false"); System.setProperty("ca.nrc.cadc.reg.client.RegistryClient.local", "false"); } } Loading @@ -252,14 +191,17 @@ public class RealmRegistryClientTest { try { System.setProperty("ca.nrc.cadc.reg.client.RegistryClient.host", "foo.bar.com"); RealmRegistryClient rc = new RealmRegistryClient(); System.setProperty("ca.nrc.cadc.reg.client.RegistryClient.host", "foo.bar.com"); AuthenticationLookup authLookup = new AuthenticationLookup(); URL url = rc.getServiceURL(new URI(DUMMY_URI), null, null); Assert.assertEquals("http://foo.bar.com/current/path/to/my/service", url.toExternalForm()); URL url = authLookup.configureAuthenticationServiceURL(DUMMY_URL); Assert.assertEquals("http://foo.bar.com/current/path/to/my/service", url.toExternalForm()); url = rc.getServiceURL(new URI(DUMMY_URI), null, null); Assert.assertEquals("http://foo.bar.com/current/path/to/my/service", url.toExternalForm()); url = authLookup.configureAuthenticationServiceURL(DUMMY_URL); Assert.assertEquals("http://foo.bar.com/current/path/to/my/service", url.toExternalForm()); } catch (Exception unexpected) { Loading @@ -268,7 +210,8 @@ public class RealmRegistryClientTest } finally { System.setProperty("ca.nrc.cadc.reg.client.RegistryClient.host", ""); System.setProperty("ca.nrc.cadc.reg.client.RegistryClient.host", ""); } } Loading @@ -277,11 +220,15 @@ public class RealmRegistryClientTest { try { System.setProperty("ca.nrc.cadc.reg.client.RegistryClient.shortHostname", "foo"); RealmRegistryClient rc = new RealmRegistryClient(); System.setProperty( "ca.nrc.cadc.reg.client.RegistryClient.shortHostname", "foo"); AuthenticationLookup authLookup = new AuthenticationLookup(); URL url = rc.getServiceURL(new URI(DUMMY_URI), null, null); Assert.assertEquals("http://foo.example.com/current/path/to/my/service", url.toExternalForm()); URL url = authLookup.configureAuthenticationServiceURL(DUMMY_URL); Assert.assertEquals( "http://foo.example.com/current/path/to/my/service", url.toExternalForm()); } catch (Exception unexpected) Loading @@ -291,7 +238,8 @@ public class RealmRegistryClientTest } finally { System.setProperty("ca.nrc.cadc.reg.client.RegistryClient.shortHostname", ""); System.setProperty( "ca.nrc.cadc.reg.client.RegistryClient.shortHostname", ""); } } }
cadcTomcat/test/src/ca/nrc/cadc/tomcat/CadcBasicAuthenticatorTest.java +8 −6 Original line number Diff line number Diff line Loading @@ -71,7 +71,6 @@ package ca.nrc.cadc.tomcat; import java.io.IOException; import java.net.URISyntaxException; import junit.framework.Assert; Loading @@ -80,10 +79,12 @@ import org.apache.log4j.Level; import org.apache.log4j.Logger; import org.junit.Test; public class CadcBasicAuthenticatorTest { private static Logger log = Logger.getLogger(CadcBasicAuthenticatorTest.class); private static Logger log = Logger.getLogger(CadcBasicAuthenticatorTest.class); static { Loading @@ -97,7 +98,8 @@ public class CadcBasicAuthenticatorTest try { TestAuthenticator auth = new TestAuthenticator(true); GenericPrincipal p = (GenericPrincipal) auth.authenticate("user", "pass"); GenericPrincipal p = (GenericPrincipal) auth.authenticate("user", "pass"); Assert.assertNotNull(p); Assert.assertEquals("wrong num roles", 1, p.getRoles().length); Loading @@ -117,7 +119,8 @@ public class CadcBasicAuthenticatorTest try { TestAuthenticator auth = new TestAuthenticator(false); GenericPrincipal p = (GenericPrincipal) auth.authenticate("user", "pass"); GenericPrincipal p = (GenericPrincipal) auth.authenticate("user", "pass"); Assert.assertNull(p); } Loading @@ -138,8 +141,7 @@ public class CadcBasicAuthenticatorTest } @Override boolean login(String username, String credentials) throws URISyntaxException, IOException boolean login(String username, String credentials) throws IOException { return authenticate; } Loading
