LoginHandlerInterceptor.java example

Explorer
geode-master
/*
 * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
 * agreements. See the NOTICE file distributed with this work for additional information regarding
 * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance with the License. You may obtain a
 * copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software distributed under the License
 * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
 * or implied. See the License for the specific language governing permissions and limitations under
 * the License.
 */
package org.apache.geode.management.internal.web.controllers.support;

import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.logging.log4j.Logger;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

import org.apache.geode.cache.Cache;
import org.apache.geode.distributed.internal.DistributionConfig;
import org.apache.geode.internal.logging.LogService;
import org.apache.geode.internal.security.IntegratedSecurityService;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.management.internal.cli.multistep.CLIMultiStepHelper;
import org.apache.geode.management.internal.security.ResourceConstants;
import org.apache.geode.management.internal.web.util.UriUtils;
import org.apache.geode.security.Authenticator;

/**
 * The GetEnvironmentHandlerInterceptor class handles extracting Gfsh environment variables encoded
 * in the HTTP request message as request parameters.
 * <p/>
 * 
 * @see javax.servlet.http.HttpServletRequest
 * @see javax.servlet.http.HttpServletResponse
 * @see org.springframework.web.servlet.handler.HandlerInterceptorAdapter
 * @since GemFire 8.0
 */
@SuppressWarnings("unused")
public class LoginHandlerInterceptor extends HandlerInterceptorAdapter {

  private static final Logger logger = LogService.getLogger();

  private Cache cache;

  private Authenticator auth = null;

  private SecurityService securityService = IntegratedSecurityService.getSecurityService();

  private static final ThreadLocal<Map<String, String>> ENV =
      new ThreadLocal<Map<String, String>>() {
        @Override
        protected Map<String, String> initialValue() {
          return Collections.emptyMap();
        }
      };

  protected static final String ENVIRONMENT_VARIABLE_REQUEST_PARAMETER_PREFIX = "vf.gf.env.";

  protected static final String SECURITY_VARIABLE_REQUEST_HEADER_PREFIX =
      DistributionConfig.SECURITY_PREFIX_NAME;

  public static Map<String, String> getEnvironment() {
    return ENV.get();
  }

  @Override
  public boolean preHandle(final HttpServletRequest request, final HttpServletResponse response,
      final Object handler) throws Exception {
    final Map<String, String> requestParameterValues = new HashMap<String, String>();

    for (Enumeration<String> requestParameters = request.getParameterNames(); requestParameters
        .hasMoreElements();) {
      final String requestParameter = requestParameters.nextElement();
      if (requestParameter.startsWith(ENVIRONMENT_VARIABLE_REQUEST_PARAMETER_PREFIX)) {
        String requestValue = request.getParameter(requestParameter);
        // GEODE-1469: since we enced stepArgs, we will need to decode it here. See
        // #ClientHttpRequest
        if (requestParameter.contains(CLIMultiStepHelper.STEP_ARGS)) {
          requestValue = UriUtils.decode(requestValue);
        }
        requestParameterValues.put(
            requestParameter.substring(ENVIRONMENT_VARIABLE_REQUEST_PARAMETER_PREFIX.length()),
            requestValue);
      }
    }



    for (Enumeration<String> requestHeaders = request.getHeaderNames(); requestHeaders
        .hasMoreElements();) {

      // since http request headers are case-insensitive and all our security-* properties
      // are in lower case, it's safe to do toLowerCase here.
      final String requestHeader = requestHeaders.nextElement().toLowerCase();

      if (requestHeader.startsWith(SECURITY_VARIABLE_REQUEST_HEADER_PREFIX)) {
        requestParameterValues.put(requestHeader, request.getHeader(requestHeader));
      }
    }

    String username = requestParameterValues.get(ResourceConstants.USER_NAME);
    String password = requestParameterValues.get(ResourceConstants.PASSWORD);
    this.securityService.login(username, password);

    ENV.set(requestParameterValues);

    return true;
  }


  @Override
  public void afterCompletion(final HttpServletRequest request, final HttpServletResponse response,
      final Object handler, final Exception ex) throws Exception {
    afterConcurrentHandlingStarted(request, response, handler);
    this.securityService.logout();
  }

  @Override
  public void afterConcurrentHandlingStarted(HttpServletRequest request,
      HttpServletResponse response, Object handler) throws Exception {
    ENV.remove();
  }
}