Loading projects/cadcTomcat/Dependencies.txt +5 −1 Original line number Diff line number Diff line Loading @@ -4,3 +4,7 @@ JAR files required for the OpenCADC cadcTomcat project Name in build.xml Versioned Name Project URL ----------------- -------------- ----------- catalina.jar catalina-7.0.33.jar http://tomcat.apache.org/ tomcat-util.jar tomcat-util-7.0.33.jar http://tomcat.apache.org/ tomcat-juli.jar tomcat-juli-7.0.33.jar http://tomcat.apache.org/ tomcat-coyote.jar tomcat-coyote-7.0.33.jar http://tomcat.apache.org/ cadcUtil http://code.google.com/p/opencadc/source/checkout No newline at end of file projects/cadcTomcat/README-REALM 0 → 100644 +16 −0 Original line number Diff line number Diff line =============================================================================== REALM README file for opencadc project cadcTomcat. This project contains plugins to apache tomcat for x509 client certificates and custom authentication realms. To use this plugin, add the following line to the <Host> element (within the <Service> element) in the tomcat 7 server.xml file: <Realm className="ca.nrc.cadc.tomcat.CadcBasicAuthenticator" /> =============================================================================== projects/cadcTomcat/README-SSL 0 → 100644 +116 −0 Original line number Diff line number Diff line =============================================================================== SSL README file for opencadc project cadcTomcat. cadcTomcat is a custom custom trust management implementation for apache tomcat (version 7) that overrides the default tomcat trust behaviour by adding trust to valid proxy certificates. =============================================================================== cadcTomcat Installation Steps: 1. Create / identify keystore file (serves as server identity) 2. Create / identify truststore file (list of CAs that server trusts) 3. Checkout cadcTomcat source and build 4. Include cadcTomcat.jar in $CATALINA_HOME/server/lib 5. Configure server.xml to use custom trust store Step 1: Create / identify keystore file (serves as server identity) =============================================================================== Steps to create a development version of a keystore file. Notes: - Common name (first & last name) must be the fully qualified name of the server. - Keystore password MUST match key password (only hit enter on last step) - Record name/location of keystore and password for use in Step 5. > keytool -keystore $KEYSTORE_DIR/tomcatkeystore.ks --genkey -alias tomcat Enter keystore password: Re-enter new password: What is your first and last name? [Unknown]: server.cadc.nrc.ca What is the name of your organizational unit? [Unknown]: CADC What is the name of your organization? [Unknown]: NRC What is the name of your City or Locality? [Unknown]: Victoria What is the name of your State or Province? [Unknown]: British Columbia What is the two-letter country code for this unit? [Unknown]: CA Is CN=server.cadc.nrc.ca OU=CADC, O=NRC, L=Victoria, ST=British Columbia, C=CA correct? [no]: yes Enter key password for <tomcat> (RETURN if same as keystore password): Step 2: Create / identify truststore file (list of CAs that server trusts) =============================================================================== Steps to create a development version of a truststore file. Notes: - Only one truststore file can be used. This means that the common list of CAs needs to be merged with any internal CAs. - The common list of java trusted CAs is: $JAVA_HOME/jre/lib/security/cacerts - Note the location / name of the truststore file. The password is 'changeit'. If no internal CAs need to be identified, then the default java trust store file can be used: $JAVA_HOME/jre/lib/security/cacerts Otherwise, follow these steps to combine the common set of CAs with internal CAs: > cp $JAVA_HOME/jre/lib/security/cacerts $KEYSTORE_DIR/tomcattruststore.ks > chmod 664 $KEYSTORE_DIR/tomcattruststore.ks > keytool -import -alias root -keystore $KEYSTORE_DIR/tomcattruststore.ks -trustcacerts -file <path to internal CA public key file .crt> Repeat the third command for each internal CA that needs importing. Step 3: Checkout cadcTomcat source and build =============================================================================== > svn checkout http://opencadc.googlecode.com/svn/trunk/projects/cadcTomcat $WORK_DIR/cadcTomcat > ant clean build Step 4: Include cadcTomcat.jar in $CATALINA_HOME/server/lib =============================================================================== > ln -s $WORK_DIR/cadcTomcat/build/lib/cadcTomcat.jar $CATALINA_HOME/server/lib/cadcTomcat.jar Step 5: Configure tomcat's conf/server.xml to use custom trust store =============================================================================== Add a connector in tomcat's server.xml file. Relevant elements are: keyStoreFile - Points to the created / identified keystore keystorePass - The keystore password truststoreFile - Points to the created / identified truststore truststorePass - The truststore password SSLImplementation - The CADC Custom implementation of TrustManagers that accepts proxy certificates (default tomcat trust manager does not.) <Connector port="443" protocol="org.apache.coyote.http11.Http11Protocol" maxThreads="600" scheme="https" secure="true" SSLEnabled="true" keystoreFile="$KEYSTORE_DIR/tomcatkeystore.ks" keystorePass="changeit" keyAlias="tomcat" clientAuth="true" truststoreFile="$KEYSTORE_DIR/tomcattruststore.ks" truststorePass="changeit" truststoreType="JKS" sslProtocol="TLS" SSLImplementation="ca.nrc.cadc.auth.CadcSSLImplementation"/> (Note that the environment variables cannot be used in server.xml in this way.) No newline at end of file projects/cadcTomcat/build.xml +31 −117 Original line number Diff line number Diff line Loading @@ -86,138 +86,52 @@ <!-- developer convenience: place for extra targets and properties --> <import file="extras.xml" optional="true" /> <property name="cadc" value="${lib}/cadcUtil.jar" /> <property name="log4j" value="${ext.lib}/log4j.jar" /> <property name="tomcat" value="${ext.lib}/catalina.jar" /> <property name="tomcat" value="${ext.lib}/catalina.jar:${ext.lib}/tomcat-util.jar:${ext.lib}/tomcat-coyote.jar" /> <property name="jars" value="${cadc}:${log4j}:${tomcat}" /> <property name="jars" value="${log4j}:${tomcat}" /> <target name="build" depends="simpleJar" /> <target name="build" depends="compile,resources"> <jar jarfile="${build}/lib/${project}.jar" basedir="${build}/class" update="no"> <exclude name="test/**" /> </jar> </target> <target name="resources"> <target name="test-resources"> <copy todir="${build}/class"> <fileset dir="src/resources"> <include name="**.xsd" /> <include name="**.properties" /> </fileset> </copy> <jar jarfile="${build}/tmp/test.jar" basedir="${build}/class" update="no"> <include name="ca/nrc/cadc/reg/client/**" /> <include name="**.properties" /> </jar> </target> <!-- JAR files needed to run the test suite --> <property name="asm" value="${ext.lib}/asm.jar" /> <property name="asm-attrs" value="${ext.lib}/asm-attrs.jar" /> <property name="cglib" value="${ext.lib}/cglib.jar" /> <property name="commons-logging" value="${ext.lib}/commons-logging.jar" /> <property name="easyMock" value="${ext.dev}/easymock.jar" /> <property name="easyMock" value="${ext.dev}/easymock.jar" /> <property name="junit" value="${ext.dev}/junit.jar" /> <property name="xerces" value="${ext.lib}/xerces.jar" /> <property name="gson" value="${ext.lib}/gson.jar" /> <property name="testingJars" value="${test.jdbc.drivers}:${asm}:${asm-attrs}:${cglib}:${commons-logging}:${easyMock}:${ext.dev}/objenesis.jar:${junit}:${xerces}:${gson}" /> <target name="setup-test"> <copy file="test/src/resources/foo.xsd" todir="${build}/test/class"/> <copy file="test/src/resources/bar.xsd" todir="${build}/test/class"/> <copy file="src/resources/UWS-v1.0.xsd" todir="${build}/test/class"/> <copy file="src/resources/XLINK.xsd" todir="${build}/test/class"/> </target> <target name="misc-test" depends="compile-test"> <junit printsummary="yes" haltonfailure="yes" fork="yes"> <classpath> <pathelement path="${build}/class"/> <pathelement path="${build}/test/class"/> <pathelement path="${build}/test/src"/> <pathelement path="${jars}:${testingJars}"/> </classpath> <test name="ca.nrc.cadc.uws.server.RandomStringGeneratorTest" /> <test name="ca.nrc.cadc.uws.web.restlet.RestletPrincipalExtractorTest" /> <test name="ca.nrc.cadc.uws.web.ResourceTestSuite" /> <formatter type="plain" usefile="false" /> </junit> </target> <target name="log-test" depends="compile-test"> <junit printsummary="yes" haltonfailure="yes" fork="yes"> <classpath> <pathelement path="${build}/class"/> <pathelement path="${build}/test/class"/> <pathelement path="${build}/test/src"/> <pathelement path="${jars}:${testingJars}"/> </classpath> <test name="ca.nrc.cadc.uws.util.JobLogInfoTest" /> <test name="ca.nrc.cadc.uws.util.RestletLogInfoTest" /> <formatter type="plain" usefile="false" /> </junit> </target> <target name="xml-test" depends="compile-test"> <junit printsummary="yes" haltonfailure="yes" fork="yes"> <classpath> <pathelement path="${build}/class"/> <pathelement path="${build}/test/class"/> <pathelement path="${build}/test/src"/> <pathelement path="${jars}:${testingJars}"/> </classpath> <test name="ca.nrc.cadc.uws.JobReaderWriterTest" /> <test name="ca.nrc.cadc.uws.JobListReaderWriterTest" /> <formatter type="plain" usefile="false" /> </junit> </target> <target name="dao-test" depends="build,compile-test"> <property name="dev.junit" value="${ext.dev}/junit.jar" /> <property name="servlet" value="${ext.lib}/servlet-api.jar" /> <property name="log" value="${ext.lib}/commons-logging.jar" /> <property name="juli" value="${ext.lib}/tomcat-juli.jar" /> <property name="tomcatUtil" value="${ext.lib}/tomcat-util.jar" /> <property name="test" value="${build}/tmp/test.jar" /> <property name="testingJars" value="${dev.junit}:${servlet}:${log}:${juli}:${tomcatUtil}:${test}" /> <!-- Run the test suite --> <target name="test" depends="compile-test,test-resources"> <echo message="Running test" /> <!-- Run the junit test suite --> <echo message="Running test suite..." /> <junit printsummary="yes" haltonfailure="yes" fork="yes"> <classpath> <pathelement path="${build}/class"/> <pathelement path="${build}/test/class" /> <pathelement path="${build}/test/src"/> <pathelement path="${jars}:${testingJars}"/> </classpath> <test name="ca.nrc.cadc.uws.server.SybaseJobDAOTest" /> <test name="ca.nrc.cadc.uws.server.PostgresJobDAOTest" /> <formatter type="plain" usefile="false" /> </junit> </target> <target name="exec-test" depends="compile-test"> <junit printsummary="yes" haltonfailure="yes" fork="yes"> <classpath> <pathelement path="."/> <pathelement path="src"/> <pathelement path="test/src"/> <pathelement path="${build}/class" /> <pathelement path="${build}/test/class"/> <pathelement path="${jars}:${testingJars}" /> </classpath> <formatter type="plain" usefile="false"/> <test name="ca.nrc.cadc.uws.server.ThreadExecutorTest"/> <test name="ca.nrc.cadc.uws.server.ThreadPoolExecutorTest"/> </junit> </target> <target name="util-test" depends="compile-test"> <junit printsummary="yes" haltonfailure="yes" fork="yes"> <classpath> <pathelement path="."/> <pathelement path="src"/> <pathelement path="test/src"/> <pathelement path="${build}/class"/> <pathelement path="${build}/test/class"/> <pathelement path="${jars}:${testingJars}"/> </classpath> <test name="ca.nrc.cadc.tomcat.CadcBasicAuthenticatorTest"/> <test name="ca.nrc.cadc.tomcat.RealmRegistryClientTest"/> <formatter type="plain" usefile="false"/> <test name="ca.nrc.cadc.uws.util.IterableContentTest"/> </junit> </target> Loading projects/cadcTomcat/src/ca/nrc/cadc/tomcat/CadcBasicAuthenticator.java +47 −87 Original line number Diff line number Diff line Loading @@ -69,8 +69,11 @@ package ca.nrc.cadc.tomcat; import java.io.IOException; import java.net.HttpURLConnection; import java.net.MalformedURLException; import java.net.URI; import java.net.URISyntaxException; import java.net.URL; import java.security.Principal; import java.util.Arrays; Loading @@ -78,12 +81,8 @@ import java.util.List; import org.apache.catalina.realm.GenericPrincipal; import org.apache.catalina.realm.RealmBase; import org.apache.log4j.BasicConfigurator; import org.apache.log4j.ConsoleAppender; import org.apache.log4j.Level; import org.apache.log4j.Logger; import org.apache.log4j.PatternLayout; import org.apache.log4j.varia.LevelRangeFilter; /** * Custom class for Tomcat realm authentication. Loading @@ -101,18 +100,9 @@ public class CadcBasicAuthenticator extends RealmBase private static Logger log = Logger.getLogger(CadcBasicAuthenticator.class); private static final String AC_URI = "ivo://cadc.nrc.ca/canfargms"; private static final String ISO_DATE_FORMAT = "yyyy-MM-dd HH:mm:ss.SSS"; // SHORT_FORMAT applies to DEBUG and TRACE logging levels private static final String SHORT_FORMAT = "%-4r [%t] %-5p %c{1} %x - %m\n"; // LONG_FORMAT applies to INFO, WARN, ERROR and FATAL logging levels private static final String LONG_FORMAT = "%d{" + ISO_DATE_FORMAT + "} [%t] %-5p %c{1} %x - %m\n"; static { initLogging(); RealmUtil.initLogging(); Logger.getLogger("ca.nrc.cadc.tomcat").setLevel(Level.INFO); } Loading Loading @@ -145,50 +135,23 @@ public class CadcBasicAuthenticator extends RealmBase try { RealmRegistryClient registryClient = new RealmRegistryClient(); URL loginURL = registryClient.getServiceURL( new URI(AC_URI), "http", "/login"); String post = "userid=" + username + "&password=" + credentials; HttpURLConnection conn = (HttpURLConnection) loginURL.openConnection(); conn.setRequestMethod("POST"); conn.setDoOutput(true); byte[] postData = post.getBytes("UTF-8"); conn.getOutputStream().write(postData); int responseCode = conn.getResponseCode(); boolean valid = login(username, credentials); log.debug("Http POST to /ac/login returned " + responseCode + " for user " + username); if (responseCode != 200) if (valid) { // authentication not ok if (responseCode != 401) { // not an unauthorized, so log the // possible server side error String errorMessage = "Error calling /ac/login, error code: " + responseCode; success = false; throw new IllegalStateException(errorMessage); } // authentication simply failed return null; } // authentication ok, add public role List<String> roles = Arrays.asList("public"); // Don't want to return the password here in the principal // in case it makes it into the servlet somehow return new GenericPrincipal(username, "", roles); return new GenericPrincipal(username, null, roles); } return null; } catch (Throwable t) { success = false; String message = "Could not do http basic authentication: " + t.getMessage(); log.error(message, t); throw new IllegalStateException(message, t); Loading @@ -209,48 +172,45 @@ public class CadcBasicAuthenticator extends RealmBase } } private static void initLogging() boolean login(String username, String credentials) throws URISyntaxException, IOException { // Clear all existing appenders, if there's any. BasicConfigurator.resetConfiguration(); Logger.getRootLogger().setLevel(Level.ERROR); // must redo after reset RealmRegistryClient registryClient = new RealmRegistryClient(); URL loginURL = registryClient.getServiceURL( new URI(AC_URI), "http", "/login"); String post = "userid=" + username + "&password=" + credentials; HttpURLConnection conn = (HttpURLConnection) loginURL.openConnection(); conn.setRequestMethod("POST"); conn.setDoOutput(true); byte[] postData = post.getBytes("UTF-8"); conn.getOutputStream().write(postData); int responseCode = conn.getResponseCode(); String errorLogFormat = LONG_FORMAT; String infoLogFormat = LONG_FORMAT; String debugLogFormat = SHORT_FORMAT; log.debug("Http POST to /ac/login returned " + responseCode + " for user " + username); // Appender for WARN, ERROR and FATAL with LONG_FORMAT message prefix ConsoleAppender conAppenderHigh = new ConsoleAppender(new PatternLayout(errorLogFormat)); LevelRangeFilter errorFilter = new LevelRangeFilter(); errorFilter.setLevelMax(Level.FATAL); errorFilter.setLevelMin(Level.WARN); errorFilter.setAcceptOnMatch(true); conAppenderHigh.clearFilters(); conAppenderHigh.addFilter(errorFilter); BasicConfigurator.configure(conAppenderHigh); if (responseCode != 200) { // authentication not ok if (responseCode != 401) { // not an unauthorized, so log the // possible server side error String errorMessage = "Error calling /ac/login, error code: " + responseCode; throw new IllegalStateException(errorMessage); } // Appender for INFO with LONG_FORMAT message prefix ConsoleAppender conAppenderInfo = new ConsoleAppender(new PatternLayout(infoLogFormat)); LevelRangeFilter infoFilter = new LevelRangeFilter(); infoFilter.setLevelMax(Level.INFO); infoFilter.setLevelMin(Level.INFO); infoFilter.setAcceptOnMatch(true); conAppenderInfo.clearFilters(); conAppenderInfo.addFilter(infoFilter); BasicConfigurator.configure(conAppenderInfo); // authentication simply failed return false; } // Appender for DEBUG and TRACE with LONG_FORMAT message prefix ConsoleAppender conAppenderDebug = new ConsoleAppender(new PatternLayout(debugLogFormat)); LevelRangeFilter debugFilter = new LevelRangeFilter(); debugFilter.setLevelMax(Level.DEBUG); debugFilter.setLevelMin(Level.TRACE); debugFilter.setAcceptOnMatch(true); conAppenderDebug.clearFilters(); conAppenderDebug.addFilter(debugFilter); BasicConfigurator.configure(conAppenderDebug); return true; } } No newline at end of file Loading
projects/cadcTomcat/Dependencies.txt +5 −1 Original line number Diff line number Diff line Loading @@ -4,3 +4,7 @@ JAR files required for the OpenCADC cadcTomcat project Name in build.xml Versioned Name Project URL ----------------- -------------- ----------- catalina.jar catalina-7.0.33.jar http://tomcat.apache.org/ tomcat-util.jar tomcat-util-7.0.33.jar http://tomcat.apache.org/ tomcat-juli.jar tomcat-juli-7.0.33.jar http://tomcat.apache.org/ tomcat-coyote.jar tomcat-coyote-7.0.33.jar http://tomcat.apache.org/ cadcUtil http://code.google.com/p/opencadc/source/checkout No newline at end of file
projects/cadcTomcat/README-REALM 0 → 100644 +16 −0 Original line number Diff line number Diff line =============================================================================== REALM README file for opencadc project cadcTomcat. This project contains plugins to apache tomcat for x509 client certificates and custom authentication realms. To use this plugin, add the following line to the <Host> element (within the <Service> element) in the tomcat 7 server.xml file: <Realm className="ca.nrc.cadc.tomcat.CadcBasicAuthenticator" /> ===============================================================================
projects/cadcTomcat/README-SSL 0 → 100644 +116 −0 Original line number Diff line number Diff line =============================================================================== SSL README file for opencadc project cadcTomcat. cadcTomcat is a custom custom trust management implementation for apache tomcat (version 7) that overrides the default tomcat trust behaviour by adding trust to valid proxy certificates. =============================================================================== cadcTomcat Installation Steps: 1. Create / identify keystore file (serves as server identity) 2. Create / identify truststore file (list of CAs that server trusts) 3. Checkout cadcTomcat source and build 4. Include cadcTomcat.jar in $CATALINA_HOME/server/lib 5. Configure server.xml to use custom trust store Step 1: Create / identify keystore file (serves as server identity) =============================================================================== Steps to create a development version of a keystore file. Notes: - Common name (first & last name) must be the fully qualified name of the server. - Keystore password MUST match key password (only hit enter on last step) - Record name/location of keystore and password for use in Step 5. > keytool -keystore $KEYSTORE_DIR/tomcatkeystore.ks --genkey -alias tomcat Enter keystore password: Re-enter new password: What is your first and last name? [Unknown]: server.cadc.nrc.ca What is the name of your organizational unit? [Unknown]: CADC What is the name of your organization? [Unknown]: NRC What is the name of your City or Locality? [Unknown]: Victoria What is the name of your State or Province? [Unknown]: British Columbia What is the two-letter country code for this unit? [Unknown]: CA Is CN=server.cadc.nrc.ca OU=CADC, O=NRC, L=Victoria, ST=British Columbia, C=CA correct? [no]: yes Enter key password for <tomcat> (RETURN if same as keystore password): Step 2: Create / identify truststore file (list of CAs that server trusts) =============================================================================== Steps to create a development version of a truststore file. Notes: - Only one truststore file can be used. This means that the common list of CAs needs to be merged with any internal CAs. - The common list of java trusted CAs is: $JAVA_HOME/jre/lib/security/cacerts - Note the location / name of the truststore file. The password is 'changeit'. If no internal CAs need to be identified, then the default java trust store file can be used: $JAVA_HOME/jre/lib/security/cacerts Otherwise, follow these steps to combine the common set of CAs with internal CAs: > cp $JAVA_HOME/jre/lib/security/cacerts $KEYSTORE_DIR/tomcattruststore.ks > chmod 664 $KEYSTORE_DIR/tomcattruststore.ks > keytool -import -alias root -keystore $KEYSTORE_DIR/tomcattruststore.ks -trustcacerts -file <path to internal CA public key file .crt> Repeat the third command for each internal CA that needs importing. Step 3: Checkout cadcTomcat source and build =============================================================================== > svn checkout http://opencadc.googlecode.com/svn/trunk/projects/cadcTomcat $WORK_DIR/cadcTomcat > ant clean build Step 4: Include cadcTomcat.jar in $CATALINA_HOME/server/lib =============================================================================== > ln -s $WORK_DIR/cadcTomcat/build/lib/cadcTomcat.jar $CATALINA_HOME/server/lib/cadcTomcat.jar Step 5: Configure tomcat's conf/server.xml to use custom trust store =============================================================================== Add a connector in tomcat's server.xml file. Relevant elements are: keyStoreFile - Points to the created / identified keystore keystorePass - The keystore password truststoreFile - Points to the created / identified truststore truststorePass - The truststore password SSLImplementation - The CADC Custom implementation of TrustManagers that accepts proxy certificates (default tomcat trust manager does not.) <Connector port="443" protocol="org.apache.coyote.http11.Http11Protocol" maxThreads="600" scheme="https" secure="true" SSLEnabled="true" keystoreFile="$KEYSTORE_DIR/tomcatkeystore.ks" keystorePass="changeit" keyAlias="tomcat" clientAuth="true" truststoreFile="$KEYSTORE_DIR/tomcattruststore.ks" truststorePass="changeit" truststoreType="JKS" sslProtocol="TLS" SSLImplementation="ca.nrc.cadc.auth.CadcSSLImplementation"/> (Note that the environment variables cannot be used in server.xml in this way.) No newline at end of file
projects/cadcTomcat/build.xml +31 −117 Original line number Diff line number Diff line Loading @@ -86,138 +86,52 @@ <!-- developer convenience: place for extra targets and properties --> <import file="extras.xml" optional="true" /> <property name="cadc" value="${lib}/cadcUtil.jar" /> <property name="log4j" value="${ext.lib}/log4j.jar" /> <property name="tomcat" value="${ext.lib}/catalina.jar" /> <property name="tomcat" value="${ext.lib}/catalina.jar:${ext.lib}/tomcat-util.jar:${ext.lib}/tomcat-coyote.jar" /> <property name="jars" value="${cadc}:${log4j}:${tomcat}" /> <property name="jars" value="${log4j}:${tomcat}" /> <target name="build" depends="simpleJar" /> <target name="build" depends="compile,resources"> <jar jarfile="${build}/lib/${project}.jar" basedir="${build}/class" update="no"> <exclude name="test/**" /> </jar> </target> <target name="resources"> <target name="test-resources"> <copy todir="${build}/class"> <fileset dir="src/resources"> <include name="**.xsd" /> <include name="**.properties" /> </fileset> </copy> <jar jarfile="${build}/tmp/test.jar" basedir="${build}/class" update="no"> <include name="ca/nrc/cadc/reg/client/**" /> <include name="**.properties" /> </jar> </target> <!-- JAR files needed to run the test suite --> <property name="asm" value="${ext.lib}/asm.jar" /> <property name="asm-attrs" value="${ext.lib}/asm-attrs.jar" /> <property name="cglib" value="${ext.lib}/cglib.jar" /> <property name="commons-logging" value="${ext.lib}/commons-logging.jar" /> <property name="easyMock" value="${ext.dev}/easymock.jar" /> <property name="easyMock" value="${ext.dev}/easymock.jar" /> <property name="junit" value="${ext.dev}/junit.jar" /> <property name="xerces" value="${ext.lib}/xerces.jar" /> <property name="gson" value="${ext.lib}/gson.jar" /> <property name="testingJars" value="${test.jdbc.drivers}:${asm}:${asm-attrs}:${cglib}:${commons-logging}:${easyMock}:${ext.dev}/objenesis.jar:${junit}:${xerces}:${gson}" /> <target name="setup-test"> <copy file="test/src/resources/foo.xsd" todir="${build}/test/class"/> <copy file="test/src/resources/bar.xsd" todir="${build}/test/class"/> <copy file="src/resources/UWS-v1.0.xsd" todir="${build}/test/class"/> <copy file="src/resources/XLINK.xsd" todir="${build}/test/class"/> </target> <target name="misc-test" depends="compile-test"> <junit printsummary="yes" haltonfailure="yes" fork="yes"> <classpath> <pathelement path="${build}/class"/> <pathelement path="${build}/test/class"/> <pathelement path="${build}/test/src"/> <pathelement path="${jars}:${testingJars}"/> </classpath> <test name="ca.nrc.cadc.uws.server.RandomStringGeneratorTest" /> <test name="ca.nrc.cadc.uws.web.restlet.RestletPrincipalExtractorTest" /> <test name="ca.nrc.cadc.uws.web.ResourceTestSuite" /> <formatter type="plain" usefile="false" /> </junit> </target> <target name="log-test" depends="compile-test"> <junit printsummary="yes" haltonfailure="yes" fork="yes"> <classpath> <pathelement path="${build}/class"/> <pathelement path="${build}/test/class"/> <pathelement path="${build}/test/src"/> <pathelement path="${jars}:${testingJars}"/> </classpath> <test name="ca.nrc.cadc.uws.util.JobLogInfoTest" /> <test name="ca.nrc.cadc.uws.util.RestletLogInfoTest" /> <formatter type="plain" usefile="false" /> </junit> </target> <target name="xml-test" depends="compile-test"> <junit printsummary="yes" haltonfailure="yes" fork="yes"> <classpath> <pathelement path="${build}/class"/> <pathelement path="${build}/test/class"/> <pathelement path="${build}/test/src"/> <pathelement path="${jars}:${testingJars}"/> </classpath> <test name="ca.nrc.cadc.uws.JobReaderWriterTest" /> <test name="ca.nrc.cadc.uws.JobListReaderWriterTest" /> <formatter type="plain" usefile="false" /> </junit> </target> <target name="dao-test" depends="build,compile-test"> <property name="dev.junit" value="${ext.dev}/junit.jar" /> <property name="servlet" value="${ext.lib}/servlet-api.jar" /> <property name="log" value="${ext.lib}/commons-logging.jar" /> <property name="juli" value="${ext.lib}/tomcat-juli.jar" /> <property name="tomcatUtil" value="${ext.lib}/tomcat-util.jar" /> <property name="test" value="${build}/tmp/test.jar" /> <property name="testingJars" value="${dev.junit}:${servlet}:${log}:${juli}:${tomcatUtil}:${test}" /> <!-- Run the test suite --> <target name="test" depends="compile-test,test-resources"> <echo message="Running test" /> <!-- Run the junit test suite --> <echo message="Running test suite..." /> <junit printsummary="yes" haltonfailure="yes" fork="yes"> <classpath> <pathelement path="${build}/class"/> <pathelement path="${build}/test/class" /> <pathelement path="${build}/test/src"/> <pathelement path="${jars}:${testingJars}"/> </classpath> <test name="ca.nrc.cadc.uws.server.SybaseJobDAOTest" /> <test name="ca.nrc.cadc.uws.server.PostgresJobDAOTest" /> <formatter type="plain" usefile="false" /> </junit> </target> <target name="exec-test" depends="compile-test"> <junit printsummary="yes" haltonfailure="yes" fork="yes"> <classpath> <pathelement path="."/> <pathelement path="src"/> <pathelement path="test/src"/> <pathelement path="${build}/class" /> <pathelement path="${build}/test/class"/> <pathelement path="${jars}:${testingJars}" /> </classpath> <formatter type="plain" usefile="false"/> <test name="ca.nrc.cadc.uws.server.ThreadExecutorTest"/> <test name="ca.nrc.cadc.uws.server.ThreadPoolExecutorTest"/> </junit> </target> <target name="util-test" depends="compile-test"> <junit printsummary="yes" haltonfailure="yes" fork="yes"> <classpath> <pathelement path="."/> <pathelement path="src"/> <pathelement path="test/src"/> <pathelement path="${build}/class"/> <pathelement path="${build}/test/class"/> <pathelement path="${jars}:${testingJars}"/> </classpath> <test name="ca.nrc.cadc.tomcat.CadcBasicAuthenticatorTest"/> <test name="ca.nrc.cadc.tomcat.RealmRegistryClientTest"/> <formatter type="plain" usefile="false"/> <test name="ca.nrc.cadc.uws.util.IterableContentTest"/> </junit> </target> Loading
projects/cadcTomcat/src/ca/nrc/cadc/tomcat/CadcBasicAuthenticator.java +47 −87 Original line number Diff line number Diff line Loading @@ -69,8 +69,11 @@ package ca.nrc.cadc.tomcat; import java.io.IOException; import java.net.HttpURLConnection; import java.net.MalformedURLException; import java.net.URI; import java.net.URISyntaxException; import java.net.URL; import java.security.Principal; import java.util.Arrays; Loading @@ -78,12 +81,8 @@ import java.util.List; import org.apache.catalina.realm.GenericPrincipal; import org.apache.catalina.realm.RealmBase; import org.apache.log4j.BasicConfigurator; import org.apache.log4j.ConsoleAppender; import org.apache.log4j.Level; import org.apache.log4j.Logger; import org.apache.log4j.PatternLayout; import org.apache.log4j.varia.LevelRangeFilter; /** * Custom class for Tomcat realm authentication. Loading @@ -101,18 +100,9 @@ public class CadcBasicAuthenticator extends RealmBase private static Logger log = Logger.getLogger(CadcBasicAuthenticator.class); private static final String AC_URI = "ivo://cadc.nrc.ca/canfargms"; private static final String ISO_DATE_FORMAT = "yyyy-MM-dd HH:mm:ss.SSS"; // SHORT_FORMAT applies to DEBUG and TRACE logging levels private static final String SHORT_FORMAT = "%-4r [%t] %-5p %c{1} %x - %m\n"; // LONG_FORMAT applies to INFO, WARN, ERROR and FATAL logging levels private static final String LONG_FORMAT = "%d{" + ISO_DATE_FORMAT + "} [%t] %-5p %c{1} %x - %m\n"; static { initLogging(); RealmUtil.initLogging(); Logger.getLogger("ca.nrc.cadc.tomcat").setLevel(Level.INFO); } Loading Loading @@ -145,50 +135,23 @@ public class CadcBasicAuthenticator extends RealmBase try { RealmRegistryClient registryClient = new RealmRegistryClient(); URL loginURL = registryClient.getServiceURL( new URI(AC_URI), "http", "/login"); String post = "userid=" + username + "&password=" + credentials; HttpURLConnection conn = (HttpURLConnection) loginURL.openConnection(); conn.setRequestMethod("POST"); conn.setDoOutput(true); byte[] postData = post.getBytes("UTF-8"); conn.getOutputStream().write(postData); int responseCode = conn.getResponseCode(); boolean valid = login(username, credentials); log.debug("Http POST to /ac/login returned " + responseCode + " for user " + username); if (responseCode != 200) if (valid) { // authentication not ok if (responseCode != 401) { // not an unauthorized, so log the // possible server side error String errorMessage = "Error calling /ac/login, error code: " + responseCode; success = false; throw new IllegalStateException(errorMessage); } // authentication simply failed return null; } // authentication ok, add public role List<String> roles = Arrays.asList("public"); // Don't want to return the password here in the principal // in case it makes it into the servlet somehow return new GenericPrincipal(username, "", roles); return new GenericPrincipal(username, null, roles); } return null; } catch (Throwable t) { success = false; String message = "Could not do http basic authentication: " + t.getMessage(); log.error(message, t); throw new IllegalStateException(message, t); Loading @@ -209,48 +172,45 @@ public class CadcBasicAuthenticator extends RealmBase } } private static void initLogging() boolean login(String username, String credentials) throws URISyntaxException, IOException { // Clear all existing appenders, if there's any. BasicConfigurator.resetConfiguration(); Logger.getRootLogger().setLevel(Level.ERROR); // must redo after reset RealmRegistryClient registryClient = new RealmRegistryClient(); URL loginURL = registryClient.getServiceURL( new URI(AC_URI), "http", "/login"); String post = "userid=" + username + "&password=" + credentials; HttpURLConnection conn = (HttpURLConnection) loginURL.openConnection(); conn.setRequestMethod("POST"); conn.setDoOutput(true); byte[] postData = post.getBytes("UTF-8"); conn.getOutputStream().write(postData); int responseCode = conn.getResponseCode(); String errorLogFormat = LONG_FORMAT; String infoLogFormat = LONG_FORMAT; String debugLogFormat = SHORT_FORMAT; log.debug("Http POST to /ac/login returned " + responseCode + " for user " + username); // Appender for WARN, ERROR and FATAL with LONG_FORMAT message prefix ConsoleAppender conAppenderHigh = new ConsoleAppender(new PatternLayout(errorLogFormat)); LevelRangeFilter errorFilter = new LevelRangeFilter(); errorFilter.setLevelMax(Level.FATAL); errorFilter.setLevelMin(Level.WARN); errorFilter.setAcceptOnMatch(true); conAppenderHigh.clearFilters(); conAppenderHigh.addFilter(errorFilter); BasicConfigurator.configure(conAppenderHigh); if (responseCode != 200) { // authentication not ok if (responseCode != 401) { // not an unauthorized, so log the // possible server side error String errorMessage = "Error calling /ac/login, error code: " + responseCode; throw new IllegalStateException(errorMessage); } // Appender for INFO with LONG_FORMAT message prefix ConsoleAppender conAppenderInfo = new ConsoleAppender(new PatternLayout(infoLogFormat)); LevelRangeFilter infoFilter = new LevelRangeFilter(); infoFilter.setLevelMax(Level.INFO); infoFilter.setLevelMin(Level.INFO); infoFilter.setAcceptOnMatch(true); conAppenderInfo.clearFilters(); conAppenderInfo.addFilter(infoFilter); BasicConfigurator.configure(conAppenderInfo); // authentication simply failed return false; } // Appender for DEBUG and TRACE with LONG_FORMAT message prefix ConsoleAppender conAppenderDebug = new ConsoleAppender(new PatternLayout(debugLogFormat)); LevelRangeFilter debugFilter = new LevelRangeFilter(); debugFilter.setLevelMax(Level.DEBUG); debugFilter.setLevelMin(Level.TRACE); debugFilter.setAcceptOnMatch(true); conAppenderDebug.clearFilters(); conAppenderDebug.addFilter(debugFilter); BasicConfigurator.configure(conAppenderDebug); return true; } } No newline at end of file
