0ct0pu5/fess
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

#571

Browse source
This commit is contained in:
Shinsuke Sugaya 2016-07-12 22:21:34 +09:00
parent 8b90e941a6
commit bb7f65c957
11 changed files with 375 additions and 83 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
pom.xml
View file

@ -1057,6 +1057,11 @@
<artifactId>corelib</artifactId>
<version>0.3.5</version>
</dependency>
<dependency>
<groupId>org.codelibs</groupId>
<artifactId>spnego</artifactId>
<version>1.0-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>

2
src/main/java/org/codelibs/fess/app/web/base/FessSearchAction.java
View file

@ -15,12 +15,12 @@
*/
package org.codelibs.fess.app.web.base;
import java.util.HashSet;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.HashSet;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;

1
src/main/java/org/codelibs/fess/app/web/login/LoginAction.java
View file

@ -16,7 +16,6 @@
package org.codelibs.fess.app.web.login;
import org.codelibs.fess.app.web.base.FessLoginAction;
import org.codelibs.fess.app.web.base.login.UserPasswordLoginCredential;
import org.codelibs.fess.util.RenderDataUtil;
import org.lastaflute.web.Execute;
import org.lastaflute.web.login.exception.LoginFailureException;

28
src/main/java/org/codelibs/fess/exception/ServletRuntimeException.java Normal file
View file

@ -0,0 +1,28 @@
/*
* Copyright 2012-2016 CodeLibs Project and the Others.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the specific language
* governing permissions and limitations under the License.
*/
package org.codelibs.fess.exception;
import javax.servlet.ServletException;
public class ServletRuntimeException extends RuntimeException {
private static final long serialVersionUID = 1L;
public ServletRuntimeException(ServletException e) {
super(e);
}
}

149
src/main/java/org/codelibs/fess/filter/SpnegoFilter.java Normal file
View file

@ -0,0 +1,149 @@
/*
* Copyright 2012-2016 CodeLibs Project and the Others.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the specific language
* governing permissions and limitations under the License.
*/
package org.codelibs.fess.filter;
import java.io.IOException;
import java.util.Enumeration;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.codelibs.core.exception.IORuntimeException;
import org.codelibs.core.lang.StringUtil;
import org.codelibs.fess.exception.FessSystemException;
import org.codelibs.fess.exception.ServletRuntimeException;
import org.codelibs.fess.mylasta.action.FessUserBean;
import org.codelibs.fess.util.ComponentUtil;
import org.codelibs.spnego.SpnegoHttpFilter;
import org.codelibs.spnego.SpnegoHttpServletRequest;
/**
* SpnegoFilter supports Integrated Windows Authentication(SSO).
*
* @author shinsuke
*/
public class SpnegoFilter extends SpnegoHttpFilter {
public void init(final FilterConfig filterConfig) throws ServletException {
ComponentUtil.processAfterContainerInit(() -> {
if (ComponentUtil.getFessConfig().isSsoEnabled()) {
initAuthenticator(filterConfig);
}
});
}
private void initAuthenticator(final FilterConfig filterConfig) {
try {
super.init(new FilterConfig() {
@Override
public ServletContext getServletContext() {
return filterConfig.getServletContext();
}
@Override
public Enumeration<String> getInitParameterNames() {
return filterConfig.getInitParameterNames();
}
@Override
public String getInitParameter(String name) {
if (Constants.KRB5_CONF.equals(name)) {
final String krb5Conf = ComponentUtil.getFessConfig().getSpnegoKrb5Conf();
if (StringUtil.isNotBlank(krb5Conf)) {
return krb5Conf;
}
} else if (Constants.LOGIN_CONF.equals(name)) {
final String loginConf = ComponentUtil.getFessConfig().getSpnegoLoginConf();
if (StringUtil.isNotBlank(loginConf)) {
return loginConf;
}
} else if (Constants.PREAUTH_USERNAME.equals(name)) {
final String username = ComponentUtil.getFessConfig().getSpnegoPreauthUsername();
if (StringUtil.isNotBlank(username)) {
return username;
}
} else if (Constants.PREAUTH_PASSWORD.equals(name)) {
final String password = ComponentUtil.getFessConfig().getSpnegoPreauthPassword();
if (StringUtil.isNotBlank(password)) {
return password;
}
}
return filterConfig.getInitParameter(name);
}
@Override
public String getFilterName() {
return filterConfig.getFilterName();
}
});
} catch (final ServletException e) {
throw new FessSystemException("Initialization failed.", e);
}
}
@Override
public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) throws IOException,
ServletException {
try {
ComponentUtil.getRequestManager().findUserBean(FessUserBean.class).ifPresent(u -> {
doFilter(() -> chain.doFilter(request, response));
}).orElse(() -> {
if (ComponentUtil.getFessConfig().isSsoEnabled()) {
doFilter(() -> SpnegoFilter.super.doFilter(request, response, chain));
} else {
doFilter(() -> chain.doFilter(request, response));
}
});
} catch (final IORuntimeException e) {
throw (IOException) e.getCause();
} catch (final ServletRuntimeException e) {
throw (ServletException) e.getCause();
}
}
@Override
protected void processRequest(final SpnegoHttpServletRequest request, final ServletResponse response, final FilterChain chain)
throws IOException, ServletException {
if (StringUtil.isNotBlank(request.getRemoteUser())) {
// TODO save path and parameters into session
RequestDispatcher dispatcher = request.getRequestDispatcher(ComponentUtil.getFessConfig().getSsoLoginPath());
dispatcher.forward(request, response);
} else {
chain.doFilter(request, response);
}
}
protected void doFilter(DoFilterCallback callback) {
try {
callback.run();
} catch (IOException e) {
throw new IORuntimeException(e);
} catch (ServletException e) {
throw new ServletRuntimeException(e);
}
}
interface DoFilterCallback {
void run() throws IOException, ServletException;
}
}

2
src/main/java/org/codelibs/fess/helper/SystemHelper.java
View file

@ -102,6 +102,8 @@ public class SystemHelper {
return langItems;
}
});
ComponentUtil.doInitProcesses(p -> p.run());
}
@PreDestroy

8
src/main/java/org/codelibs/fess/ldap/LdapManager.java
View file

@ -85,6 +85,12 @@ public class LdapManager {
fessConfig.getLdapProviderUrl(), fessConfig.getLdapSecurityPrincipal(username), password);
}
protected Hashtable<String, String> createSearchEnv() {
final FessConfig fessConfig = ComponentUtil.getFessConfig();
return createEnvironment(fessConfig.getLdapInitialContextFactory(), fessConfig.getLdapSecurityAuthentication(),
fessConfig.getLdapProviderUrl(), fessConfig.getLdapAdminSecurityPrincipal(), fessConfig.getLdapAdminSecurityCredentials());
}
public OptionalEntity<FessUser> login(final String username, final String password) {
final FessConfig fessConfig = ComponentUtil.getFessConfig();
@ -106,7 +112,7 @@ public class LdapManager {
}
public OptionalEntity<FessUser> login(final String username) {
final Hashtable<String, String> env = createAdminEnv();
final Hashtable<String, String> env = createSearchEnv();
try (DirContextHolder holder = getDirContext(() -> env)) {
final DirContext context = holder.get();
if (logger.isDebugEnabled()) {

97
src/main/java/org/codelibs/fess/mylasta/direction/FessConfig.java
View file

@ -928,6 +928,24 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
/** The key of the configuration. e.g. homeDirectory */
String LDAP_ATTR_HOME_DIRECTORY = "ldap.attr.homeDirectory";
/** The key of the configuration. e.g. false */
String SSO_ENABLED = "sso.enabled";
/** The key of the configuration. e.g. /sso/ */
String SSO_LOGIN_PATH = "sso.login.path";
/** The key of the configuration. e.g. krb5.conf */
String SPNEGO_KRB5_CONF = "spnego.krb5.conf";
/** The key of the configuration. e.g. auth_login.conf */
String SPNEGO_LOGIN_CONF = "spnego.login.conf";
/** The key of the configuration. e.g. username */
String SPNEGO_PREAUTH_USERNAME = "spnego.preauth.username";
/** The key of the configuration. e.g. password */
String SPNEGO_PREAUTH_PASSWORD = "spnego.preauth.password";
/**
* Get the value of property as {@link String}.
* @param propertyKey The key of the property. (NotNull)
@ -3722,6 +3740,57 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
*/
String getLdapAttrHomeDirectory();
/**
* Get the value for the key 'sso.enabled'. <br>
* The value is, e.g. false <br>
* comment: ------
* @return The value of found property. (NotNull: if not found, exception but basically no way)
*/
String getSsoEnabled();
/**
* Is the property for the key 'sso.enabled' true? <br>
* The value is, e.g. false <br>
* comment: ------
* @return The determination, true or false. (if not found, exception but basically no way)
*/
boolean isSsoEnabled();
/**
* Get the value for the key 'sso.login.path'. <br>
* The value is, e.g. /sso/ <br>
* @return The value of found property. (NotNull: if not found, exception but basically no way)
*/
String getSsoLoginPath();
/**
* Get the value for the key 'spnego.krb5.conf'. <br>
* The value is, e.g. krb5.conf <br>
* @return The value of found property. (NotNull: if not found, exception but basically no way)
*/
String getSpnegoKrb5Conf();
/**
* Get the value for the key 'spnego.login.conf'. <br>
* The value is, e.g. auth_login.conf <br>
* @return The value of found property. (NotNull: if not found, exception but basically no way)
*/
String getSpnegoLoginConf();
/**
* Get the value for the key 'spnego.preauth.username'. <br>
* The value is, e.g. username <br>
* @return The value of found property. (NotNull: if not found, exception but basically no way)
*/
String getSpnegoPreauthUsername();
/**
* Get the value for the key 'spnego.preauth.password'. <br>
* The value is, e.g. password <br>
* @return The value of found property. (NotNull: if not found, exception but basically no way)
*/
String getSpnegoPreauthPassword();
/**
* The simple implementation for configuration.
* @author FreeGen
@ -5202,5 +5271,33 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
public String getLdapAttrHomeDirectory() {
return get(FessConfig.LDAP_ATTR_HOME_DIRECTORY);
}
public String getSsoEnabled() {
return get(FessConfig.SSO_ENABLED);
}
public boolean isSsoEnabled() {
return is(FessConfig.SSO_ENABLED);
}
public String getSsoLoginPath() {
return get(FessConfig.SSO_LOGIN_PATH);
}
public String getSpnegoKrb5Conf() {
return get(FessConfig.SPNEGO_KRB5_CONF);
}
public String getSpnegoLoginConf() {
return get(FessConfig.SPNEGO_LOGIN_CONF);
}
public String getSpnegoPreauthUsername() {
return get(FessConfig.SPNEGO_PREAUTH_USERNAME);
}
public String getSpnegoPreauthPassword() {
return get(FessConfig.SPNEGO_PREAUTH_PASSWORD);
}
}
}

22
src/main/java/org/codelibs/fess/util/ComponentUtil.java
View file

@ -15,6 +15,10 @@
*/
package org.codelibs.fess.util;
import java.util.ArrayList;
import java.util.List;
import java.util.function.Consumer;
import org.apache.lucene.queryparser.classic.QueryParser;
import org.codelibs.core.crypto.CachedCipher;
import org.codelibs.core.misc.DynamicProperties;
@ -153,9 +157,27 @@ public final class ComponentUtil {
private static FessConfig fessConfig;
private static List<Runnable> initProcesses = new ArrayList<>();
private ComponentUtil() {
}
public static void processAfterContainerInit(Runnable process) {
if (available()) {
process.run();
} else {
initProcesses.add(process);
}
}
public static void doInitProcesses(Consumer<? super Runnable> action) {
try {
initProcesses.forEach(action);
} finally {
initProcesses.clear();
}
}
public static CachedCipher getCipher(final String cipherName) {
return getComponent(cipherName);
}

11
src/main/resources/fess_config.properties
View file

@ -468,3 +468,14 @@ ldap.attr.departmentNumber=departmentNumber
ldap.attr.uidNumber=uidNumber
ldap.attr.gidNumber=gidNumber
ldap.attr.homeDirectory=homeDirectory
# ----------------------------------------------------------
# SSO
# ------
sso.enabled=false
sso.login.path=/sso/
spnego.krb5.conf=krb5.conf
spnego.login.conf=auth_login.conf
spnego.preauth.username=username
spnego.preauth.password=password

133
src/main/webapp/WEB-INF/web.xml
View file

@ -55,68 +55,38 @@
<filter-class>org.lastaflute.web.servlet.filter.LastaToActionFilter</filter-class>
</filter>
<!-- SPNEGO -->
<!--
<filter>
<filter-name>SpnegoHttpFilter</filter-name>
<filter-class>net.sourceforge.spnego.SpnegoHttpFilter</filter-class>
<init-param>
<param-name>spnego.allow.basic</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>spnego.allow.localhost</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>spnego.allow.unsecure.basic</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>spnego.login.client.module</param-name>
<param-value>spnego-client</param-value>
</init-param>
<init-param>
<param-name>spnego.krb5.conf</param-name>
<param-value>krb5.conf</param-value>
</init-param>
<init-param>
<param-name>spnego.login.conf</param-name>
<param-value>login.conf</param-value>
</init-param>
<init-param>
<param-name>spnego.preauth.username</param-name>
<param-value>knldguser</param-value>
</init-param>
<init-param>
<param-name>spnego.preauth.password</param-name>
<param-value>zaq12wsx</param-value>
</init-param>
<init-param>
<param-name>spnego.login.server.module</param-name>
<param-value>spnego-server</param-value>
</init-param>
<init-param>
<param-name>spnego.prompt.ntlm</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>spnego.logger.level</param-name>
<param-value>1</param-value>
</init-param>
<filter-name>spnegoFilter</filter-name>
<filter-class>org.codelibs.fess.filter.SpnegoFilter</filter-class>
<init-param>
<param-name>spnego.allow.basic</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>spnego.allow.localhost</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>spnego.allow.unsecure.basic</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>spnego.login.client.module</param-name>
<param-value>spnego-client</param-value>
</init-param>
<init-param>
<param-name>spnego.login.server.module</param-name>
<param-value>spnego-server</param-value>
</init-param>
<init-param>
<param-name>spnego.prompt.ntlm</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>spnego.logger.level</param-name>
<param-value>0</param-value>
</init-param>
</filter>
-->
<!-- ================================================================================= -->
<!-- Filter Mapping -->
@ -136,6 +106,12 @@
<dispatcher>INCLUDE</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>spnegoFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>webApiFilter</filter-name>
<url-pattern>/*</url-pattern>
@ -154,13 +130,6 @@
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<!--
<filter-mapping>
<filter-name>SpnegoHttpFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
-->
<!-- ================================================================================= -->
<!-- Servlet -->
<!-- ======= -->
@ -173,7 +142,7 @@
<!-- Servlet Listener -->
<!-- ================ -->
<listener>
<listener-class>org.apache.commons.fileupload.servlet.FileCleanerCleanup</listener-class>
<listener-class>org.apache.commons.fileupload.servlet.FileCleanerCleanup</listener-class>
</listener>
<!-- ================================================================================= -->
@ -183,7 +152,7 @@
<session-config>
<session-timeout>1</session-timeout>
</session-config>
-->
-->
<!-- ================================================================================= -->
<!-- Welcome File -->
@ -191,7 +160,7 @@
<!--
<welcome-file-list>
</welcome-file-list>
-->
-->
<!-- ================================================================================= -->
<!-- JSP Config -->
@ -210,23 +179,27 @@
<!-- Error Page -->
<!-- ========== -->
<error-page>
<error-code>400</error-code>
<location>/WEB-INF/view/error/redirect.jsp?type=badRequest</location>
<error-code>400</error-code>
<location>/WEB-INF/view/error/redirect.jsp?type=badRequest</location>
</error-page>
<error-page>
<error-code>403</error-code>
<location>/WEB-INF/view/error/redirect.jsp?type=logOut</location>
<error-code>401</error-code>
<location>/WEB-INF/view/error/redirect.jsp?type=badAuth</location>
</error-page>
<error-page>
<error-code>404</error-code>
<location>/WEB-INF/view/error/redirect.jsp?type=notFound</location>
<error-code>403</error-code>
<location>/WEB-INF/view/error/redirect.jsp?type=logOut</location>
</error-page>
<error-page>
<error-code>408</error-code>
<location>/WEB-INF/view/error/redirect.jsp?type=logOut</location>
<error-code>404</error-code>
<location>/WEB-INF/view/error/redirect.jsp?type=notFound</location>
</error-page>
<error-page>
<error-code>500</error-code>
<location>/WEB-INF/view/error/redirect.jsp?type=systemError</location>
<error-code>408</error-code>
<location>/WEB-INF/view/error/redirect.jsp?type=logOut</location>
</error-page>
<error-page>
<error-code>500</error-code>
<location>/WEB-INF/view/error/redirect.jsp?type=systemError</location>
</error-page>
</web-app>