diff options
Diffstat (limited to 'upstream/odl-aaa-moon/aaa/aaa-authn-federation/src/main/java/org/opendaylight/aaa/federation/SssdFilter.java')
| -rw-r--r-- | upstream/odl-aaa-moon/aaa/aaa-authn-federation/src/main/java/org/opendaylight/aaa/federation/SssdFilter.java | 151 |
1 files changed, 151 insertions, 0 deletions
diff --git a/upstream/odl-aaa-moon/aaa/aaa-authn-federation/src/main/java/org/opendaylight/aaa/federation/SssdFilter.java b/upstream/odl-aaa-moon/aaa/aaa-authn-federation/src/main/java/org/opendaylight/aaa/federation/SssdFilter.java new file mode 100644 index 00000000..9223c6dd --- /dev/null +++ b/upstream/odl-aaa-moon/aaa/aaa-authn-federation/src/main/java/org/opendaylight/aaa/federation/SssdFilter.java @@ -0,0 +1,151 @@ +/* + * Copyright (c) 2014, 2015 Red Hat, Inc. and others. All rights reserved. + * + * This program and the accompanying materials are made available under the + * terms of the Eclipse Public License v1.0 which accompanies this distribution, + * and is available at http://www.eclipse.org/legal/epl-v10.html + */ + +package org.opendaylight.aaa.federation; + +import java.io.IOException; +import javax.servlet.Filter; +import javax.servlet.FilterChain; +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletRequestWrapper; + +class SssdHeadersRequest extends HttpServletRequestWrapper { + private static final String headerPrefix = "X-SSSD-"; + + public SssdHeadersRequest(HttpServletRequest request) { + super(request); + } + + public Object getAttribute(String name) { + HttpServletRequest request = (HttpServletRequest) getRequest(); + String headerValue; + + headerValue = request.getHeader(headerPrefix + name); + if (headerValue != null) { + return headerValue; + } else { + return request.getAttribute(name); + } + } + + @Override + public String getRemoteUser() { + HttpServletRequest request = (HttpServletRequest) getRequest(); + String headerValue; + + headerValue = request.getHeader(headerPrefix + "REMOTE_USER"); + if (headerValue != null) { + return headerValue; + } else { + return request.getRemoteUser(); + } + } + + @Override + public String getAuthType() { + HttpServletRequest request = (HttpServletRequest) getRequest(); + String headerValue; + + headerValue = request.getHeader(headerPrefix + "AUTH_TYPE"); + if (headerValue != null) { + return headerValue; + } else { + return request.getAuthType(); + } + } + + @Override + public String getRemoteAddr() { + HttpServletRequest request = (HttpServletRequest) getRequest(); + String headerValue; + + headerValue = request.getHeader(headerPrefix + "REMOTE_ADDR"); + if (headerValue != null) { + return headerValue; + } else { + return request.getRemoteAddr(); + } + } + + @Override + public String getRemoteHost() { + HttpServletRequest request = (HttpServletRequest) getRequest(); + String headerValue; + + headerValue = request.getHeader(headerPrefix + "REMOTE_HOST"); + if (headerValue != null) { + return headerValue; + } else { + return request.getRemoteHost(); + } + } + + @Override + public int getRemotePort() { + HttpServletRequest request = (HttpServletRequest) getRequest(); + String headerValue; + + headerValue = request.getHeader(headerPrefix + "REMOTE_PORT"); + if (headerValue != null) { + return Integer.parseInt(headerValue); + } else { + return request.getRemotePort(); + } + } + +} + +/** + * Populate HttpRequestServlet API data from HTTP extension headers. + * + * When SSSD is used for authentication and identity lookup those actions occur + * in an Apache HTTP server which is fronting the servlet container. After + * successful authentication Apache will proxy the request to the container + * along with additional authentication and identity metadata. + * + * The preferred way to transport the metadata and have it appear seamlessly in + * the servlet API is via the AJP protocol. However AJP may not be available or + * desirable. An alternative method is to transport the metadata in extension + * HTTP headers. However we still want the standard servlet request API methods + * to work. Another way to say this is we do not want upper layers to be aware + * of the transport mechanism. To achieve this we wrap the HttpServletRequest + * class and override specific methods which need to extract the data from the + * extension HTTP headers. (This is roughly equivalent to what happens when AJP + * is implemented natively in the container). + * + * The extension HTTP headers are identified by the prefix "X-SSSD-". The + * overridden methods check for the existence of the appropriate extension + * header and if present returns the value found in the extension header, + * otherwise it returns the value from the method it's wrapping. + * + */ +public class SssdFilter implements Filter { + @Override + public void init(FilterConfig fc) throws ServletException { + } + + @Override + public void destroy() { + } + + @Override + public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, + FilterChain filterChain) throws IOException, ServletException { + if (servletRequest instanceof HttpServletRequest) { + HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest; + SssdHeadersRequest request = new SssdHeadersRequest(httpServletRequest); + filterChain.doFilter(request, servletResponse); + } else { + filterChain.doFilter(servletRequest, servletResponse); + } + } +} |