bradleybeddoes/0.vho-filter.java Secret

## 0.vho-filter.java
package aaf.vhr.idp.http;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.codec.Charsets;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import aaf.vhr.idp.VhrBasicAuthValidator;

public class VhrBasicAuthFilter implements Filter {

  private String realm;
  private VhrBasicAuthValidator vhrBasicAuthValidator;

  Logger log = LoggerFactory.getLogger("aaf.vhr.idp.http.VhrFilter");

  @Override
  public void destroy() {
  }

  @Override
  public void doFilter(ServletRequest req, ServletResponse res,
      FilterChain chain) throws IOException, ServletException {

    HttpServletRequest request = (HttpServletRequest) req;
    HttpServletResponse response = (HttpServletResponse) res;

    final String authorization = request.getHeader( "Authorization" );
    if(authorization != null && authorization.contains(" ")) {
      log.info("Attempting to establish session via Basic Auth");
      log.debug("WWW-Authenticate: " + authorization);

      final String[] credentials = StringUtils.split( new String( Base64.decodeBase64( authorization.substring( authorization.indexOf(" ") ) ), Charsets.UTF_8 ), ':' );

      if ( credentials.length == 2 ) {
    	final String login = credentials[0];
    	final String password = credentials[1];
        log.info ("Located basic authentication credentials for " + login + " validating password");

        final String remoteUser = // Some method of authentication unique to your system which you may need to cache

        if(remoteUser != null) {
          log.info ("Confirmed supplied credentials for " + credentials[0]);
          VhrRequestWrapper vhrRequestWrapper = new VhrRequestWrapper(request, remoteUser);
          chain.doFilter(vhrRequestWrapper, response);
        }
      } else {
        log.info ("Invalid Authorization header detected when attempting to setup session");
      }
    }

    response.setHeader( "WWW-Authenticate", "Basic realm=\"" + realm + "\"" );
    response.sendError( HttpServletResponse.SC_UNAUTHORIZED );
  }

}

## 1.wrapper.java
package aaf.vhr.idp.http;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;

public class VhrRequestWrapper extends HttpServletRequestWrapper {

	String remoteUser;

	public VhrRequestWrapper(HttpServletRequest request, String remoteUser) {
		super(request);
		this.remoteUser = remoteUser;
	}

	@Override
	public String getRemoteUser() {
		return remoteUser;
	}


}

## 2.web.xml
<!-- web.xml snippet for Shibboleth IdP -->

<filter>
  <filter-name>VhrBasicAuthFilter</filter-name>
  <filter-class>aaf.vhr.idp.http.VhrBasicAuthFilter</filter-class>
  <init-param>
    <param-name>..</param-name>
    <param-value>...</param-value>
  </init-param>
</filter>

<filter-mapping>
  <filter-name>VhrBasicAuthFilter</filter-name>
  <url-pattern>/profile/SAML2/SOAP/ECP</url-pattern>
</filter-mapping>
	package aaf.vhr.idp.http;

	import java.io.IOException;

	import javax.servlet.Filter;
	import javax.servlet.FilterChain;
	import javax.servlet.FilterConfig;
	import javax.servlet.ServletException;
	import javax.servlet.ServletRequest;
	import javax.servlet.ServletResponse;
	import javax.servlet.http.HttpServletRequest;
	import javax.servlet.http.HttpServletResponse;

	import org.apache.commons.codec.Charsets;
	import org.apache.commons.codec.binary.Base64;
	import org.apache.commons.lang.StringUtils;
	import org.slf4j.Logger;
	import org.slf4j.LoggerFactory;

	import aaf.vhr.idp.VhrBasicAuthValidator;

	public class VhrBasicAuthFilter implements Filter {

	private String realm;
	private VhrBasicAuthValidator vhrBasicAuthValidator;

	Logger log = LoggerFactory.getLogger("aaf.vhr.idp.http.VhrFilter");

	@Override
	public void destroy() {
	}

	@Override
	public void doFilter(ServletRequest req, ServletResponse res,
	FilterChain chain) throws IOException, ServletException {

	HttpServletRequest request = (HttpServletRequest) req;
	HttpServletResponse response = (HttpServletResponse) res;

	final String authorization = request.getHeader( "Authorization" );
	if(authorization != null && authorization.contains(" ")) {
	log.info("Attempting to establish session via Basic Auth");
	log.debug("WWW-Authenticate: " + authorization);

	final String[] credentials = StringUtils.split( new String( Base64.decodeBase64( authorization.substring( authorization.indexOf(" ") ) ), Charsets.UTF_8 ), ':' );

	if ( credentials.length == 2 ) {
	final String login = credentials[0];
	final String password = credentials[1];
	log.info ("Located basic authentication credentials for " + login + " validating password");

	final String remoteUser = // Some method of authentication unique to your system which you may need to cache

	if(remoteUser != null) {
	log.info ("Confirmed supplied credentials for " + credentials[0]);
	VhrRequestWrapper vhrRequestWrapper = new VhrRequestWrapper(request, remoteUser);
	chain.doFilter(vhrRequestWrapper, response);
	}
	} else {
	log.info ("Invalid Authorization header detected when attempting to setup session");
	}
	}

	response.setHeader( "WWW-Authenticate", "Basic realm=\"" + realm + "\"" );
	response.sendError( HttpServletResponse.SC_UNAUTHORIZED );
	}

	}
	<!-- web.xml snippet for Shibboleth IdP -->

	<filter>
	<filter-name>VhrBasicAuthFilter</filter-name>
	<filter-class>aaf.vhr.idp.http.VhrBasicAuthFilter</filter-class>
	<init-param>
	<param-name>..</param-name>
	<param-value>...</param-value>
	</init-param>
	</filter>

	<filter-mapping>
	<filter-name>VhrBasicAuthFilter</filter-name>
	<url-pattern>/profile/SAML2/SOAP/ECP</url-pattern>
	</filter-mapping>