private void addCookiesAttribute(HttpServletRequest servletRequest, SecuredServiceRequest secRequest) { Cookie[] cookies = servletRequest.getCookies(); if (cookies != null && cookies.length > 0) { secRequest.addAttribute(new SimpleTransferAttribute(TransferAttribute.HTTP_COOKIES, cookies)); } }
private void addRequestIpAttribute(HttpServletRequest servletRequest, SecuredServiceRequest secRequest) { secRequest.addAttribute(new SimpleTransferAttribute(TransferAttribute.REQUEST_IP_ATTR, servletRequest .getRemoteAddr())); }
private void addQueryStringAttribute(HttpServletRequest servletRequest, SecuredServiceRequest secRequest) { // add querystring attribute only, if method was not GET, because query // string is already part of payload. if (!(secRequest.getPayload() instanceof QueryStringPayload) && !servletRequest.getMethod().equalsIgnoreCase("GET")) { secRequest.addAttribute(new SimpleTransferAttribute(TransferAttribute.QUERY_STRING_ATTR, servletRequest .getQueryString())); } }
private void addAllHttpHeadersAttrributes(HttpServletRequest securedServletRequest, SecuredServiceRequest secRequest) { Enumeration headerNames = securedServletRequest.getHeaderNames(); while (headerNames.hasMoreElements()) { String headerName = (String) headerNames.nextElement(); // Tomcat normalizes header names to lower-case letters which is // problematic as e.g. interceptors use case-sensitive // HttpHeaderAttribute.HEADER_NAME_XYZ // to find header attributes. So we omit the import ones in this // loop and add them later on // using the desired case-sensitive version. // if (headerName.equalsIgnoreCase("content-type")) continue; // if (headerName.equalsIgnoreCase("content-encoding")) continue; String headerValue = securedServletRequest.getHeader(headerName); // Add all headers as simple TransferAttributes, so they don't get // appended to the request sent // to the protected service. Header might be: content-length, which // is unlikely to // fit for the forwarded request. secRequest.addAttribute(new SimpleTransferAttribute(headerName, headerValue)); } }
private void addPathinfoAttribute(Transferable secRequest) { String proxyRequestPathInfo = m_wssRequestUrl.getEffectivePathInfo(); if (proxyRequestPathInfo != null) { secRequest .addAttribute(new SimpleTransferAttribute(TransferAttribute.PATHINFO_ATTR, proxyRequestPathInfo)); } }
private void addRedirectionUrlAttribute(SecuredServiceRequest secRequest) { String redirectionUrl = getRedirectionAuthenticationUrl(); if (redirectionUrl != null) { secRequest.addAttribute(new SimpleTransferAttribute("noauth.url", redirectionUrl)); } }
public void setTransferAttributes(SecuredServiceRequest req) { if (getEndpointHttpBasicUsername() != null && getEndpointHttpBasicUsername().length() > 0) { req.addAttribute(new SimpleTransferAttribute(TransferAttribute.HTTP_AUTH_BASIC_USERNAME, getEndpointHttpBasicUsername())); // basic password is expected to be base64 encoded! req.addAttribute(new SimpleTransferAttribute(TransferAttribute.HTTP_AUTH_BASIC_PASSWORD, getEndpointHttpBasicPassword())); } }
private void addWSSLicenseReferenceAttribute(HttpServletRequest servletRequest, SecuredServiceRequest secRequest) { if (!hasLicenseReference(servletRequest)) { return; } secRequest.addAttribute(new SimpleTransferAttribute(TransferAttribute.LICENSE_REFERENCE, getLicenseReference(servletRequest))); }
requestTransferable.addAttribute(new SimpleTransferAttribute(TransferAttribute.QUERY_STRING_ATTR, lQueryString.toString()));
new SimpleTransferAttribute(TransferAttribute.PATHINFO_ATTR, newPathInfo));
public SecuredServiceRequest build(HttpServletRequest servletRequest, HttpServletResponse servletResponse) throws IOException { SecuredServiceRequest securedRequest = buildSecuredServiceRequest(servletRequest); addPathinfoAttribute(securedRequest); addQueryStringAttribute(servletRequest, securedRequest); addWSSLicenseReferenceAttribute(servletRequest, securedRequest); addAllHttpHeadersAttrributes(servletRequest, securedRequest); addRedirectionUrlAttribute(securedRequest); addRequestIpAttribute(servletRequest, securedRequest); addCookiesAttribute(servletRequest, securedRequest); securedRequest.addAttribute(new SimpleTransferAttribute(TransferAttribute.HTTP_REQUEST, servletRequest)); securedRequest.addAttribute(new SimpleTransferAttribute(TransferAttribute.HTTP_RESPONSE, servletResponse)); // make the wss url available to interceptors, too // it is bad that we can't that it as environment property, // so however let's do this hack securedRequest.addAttribute(new SimpleTransferAttribute(TransferAttribute.SERVICE_BASE_URL, m_wssRequestUrl .buildServiceUrl())); securedRequest.addAttribute(new SimpleTransferAttribute(TransferAttribute.ENFORCEMENTPOINT_ID, m_wssRequestUrl.getEnforcementPointId())); addReferrerHeaderAttribute(servletRequest, securedRequest); addContentTypeHeaderAttribute(servletRequest, securedRequest); addContentCharsetHeaderAttribute(servletRequest, securedRequest); addXForwardedForHeaderAttribute(servletRequest, securedRequest); return securedRequest; }
private Transferable addCommonAttributes(Transferable request) { String pathInfo = getPathInfo(); String additionalPath = FacadeTools.extractAdditionalPathInfo(pathInfo); request.addAttribute(new SimpleTransferAttribute(TransferAttribute.PATHINFO_ATTR, additionalPath)); request.addAttribute(new SimpleTransferAttribute(TransferAttribute.REQUEST_IP_ATTR, getRemoteAddress())); // Is the "X-Forwarded-For" header already set? String headerXForwardedFor = getXForwardedForHeader(); // If not set, set caller's ip, otherwise append caller's ip headerXForwardedFor = (headerXForwardedFor == null) ? getRemoteAddress() : headerXForwardedFor .concat(" ," + getRemoteAddress()); // Create according TransferAttribute request.addAttribute(HttpHeaderAttribute.createHttpHeaderAttribute( HttpHeaderAttribute.HEADER_NAME_XFORWARDEDFOR, headerXForwardedFor)); String referrerHeader = getHttpReferrerHeader(); if (referrerHeader != null) { request.addAttribute(HttpHeaderAttribute.createHttpHeaderAttribute(HttpHeaderAttribute.HEADER_NAME_REFERER, referrerHeader)); } return request; }
pRequest.addAttribute(new SimpleTransferAttribute(TransferAttribute.QUERY_STRING_ATTR, lQueryString.toString()));
private Transferable createPostTransferable() throws FacadeRequestBuilderException { String requestEncoding = getCharacterEncoding(); String requestContentType = getContentType(); String requestQueryString = reencodeQueryString(); Transferable transferable; try { transferable = TransferableFactory.getInstance().createStreamTransferable(requestContentType, getInputStream(), requestEncoding); } catch (IOException e) { throw new FacadeRequestBuilderException("Could not create request transferable", e); } if (requestQueryString != null && requestQueryString.length() > 0) { transferable.addAttribute(new SimpleTransferAttribute(TransferAttribute.QUERY_STRING_ATTR, requestQueryString)); } return transferable; }
responseTransferable.addAttribute(new SimpleTransferAttribute(TransferAttribute.RESPONSE_STATUS_CODE, String.valueOf(statusCode.getCode())));
lRes.addAttribute(new SimpleTransferAttribute(TransferAttribute.RESPONSE_STATUS_CODE, String.valueOf(httpResponse.getStatus().getCode())));
protected void service(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException { EnforcementServiceRequest wssRequestUrl = getWssRequestUrlFactory().getInstance(ServletUtils.getServletLocation(req), req.getServletPath(), req.getPathInfo()); //get authentication scheme from request url String authenticationScheme = getWssRequestUrlFactory().getAuthenticationScheme((WSSRequestUrl) wssRequestUrl); String pesId = wssRequestUrl.getEnforcementPointId(); PolicyEnforcementServiceImpl pes = m_pesLocator.locate(pesId, authenticationScheme); if (pes == null) { String errorMessage = String.format( "No enforcement point configuration for id <%s>", pesId); resp.sendError(HttpServletResponse.SC_NOT_FOUND, errorMessage); return; } ForwardingSecuredServiceRequestBuilder requestBuilder = new ForwardingSecuredServiceRequestBuilder(wssRequestUrl); requestBuilder.setProtectedServiceEndpoint(new URL(pes.getEndpoint())); requestBuilder.setRedirectionAuthenticationUrl(buildRedirectionUrl(wssRequestUrl, getWssRequestUrlFactory(), pes.getRedirectionAuthenticationScheme())); SecuredServiceRequest secRequest = requestBuilder.build(req, resp); secRequest.addAttribute(new SimpleTransferAttribute(HttpRequestForward.HTTP_CLIENT_FACTORY, getHttpClientFactory())); authorize(resp, pes, secRequest); }
public void doService(WebSecurityProcessingContext securityCtx, WebContext webCtx, WebSecurityProcessorChain processorChain) throws IOException { HttpServletRequest req = webCtx.getRequest(); HttpServletResponse resp = webCtx.getResponse(); WSSRequestUrlFactory requestUrlFactory = new WSSRequestUrlFactory(); requestUrlFactory.setTargetPathPatternMappingService(getPathMappingService()); EnforcementServiceRequest wssRequestUrl = requestUrlFactory.getInstance(req); String pesId = wssRequestUrl.getEnforcementPointId(); PolicyEnforcementServiceImpl pes = pesLocator.locate(pesId); if (pes == null) { String errorMessage = String.format( "No enforcement point configuration for id <%s>", pesId); resp.sendError(HttpServletResponse.SC_NOT_FOUND, errorMessage); return; } ForwardingSecuredServiceRequestBuilder requestBuilder = new ForwardingSecuredServiceRequestBuilder(wssRequestUrl); requestBuilder.setProtectedServiceEndpoint(new URL(pes.getEndpoint())); //this doesn't work, yet. It simply assumes, that there is a valid path to this endpoint ending with /public requestBuilder.setRedirectionAuthenticationUrl(wssRequestUrl.buildServiceUrl() + "/public"); SecuredServiceRequest secRequest = requestBuilder.build(req, resp); if (getHttpClientFactory() == null){ secRequest.addAttribute(new SimpleTransferAttribute(HttpRequestForward.HTTP_CLIENT_FACTORY, new JDKHTTPClientFactory())); } else { secRequest.addAttribute(new SimpleTransferAttribute(HttpRequestForward.HTTP_CLIENT_FACTORY, getHttpClientFactory())); } authorize(resp, pes, secRequest, securityCtx.getAuthenticationContext()); processorChain.performAccessControl(webCtx); }