Created
February 18, 2015 23:06
-
-
Save jbunting/8dddb13981cf15cd4da9 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package com.example.trusted; | |
import java.util.List; | |
import org.apache.shiro.authc.AuthenticationToken; | |
/** | |
* TODO: Document this class | |
*/ | |
class TrustedHostAuthToken implements AuthenticationToken | |
{ | |
private final String remoteUser; | |
private final List<String> originatingHosts; | |
public TrustedHostAuthToken(final String remoteUser, final List<String> originatingHosts) | |
{ | |
this.remoteUser = remoteUser; | |
this.originatingHosts = originatingHosts; | |
} | |
@Override | |
public Object getPrincipal() | |
{ | |
return this.remoteUser; | |
} | |
@Override | |
public Object getCredentials() | |
{ | |
return this.originatingHosts; | |
} | |
public String getRemoteUser() | |
{ | |
return remoteUser; | |
} | |
public List<String> getOriginatingHosts() | |
{ | |
return originatingHosts; | |
} | |
@Override | |
public boolean equals(final Object o) | |
{ | |
if (this == o) | |
{ | |
return true; | |
} | |
if (!(o instanceof TrustedHostAuthToken)) | |
{ | |
return false; | |
} | |
final TrustedHostAuthToken that = (TrustedHostAuthToken) o; | |
if (!originatingHosts.equals(that.originatingHosts)) | |
{ | |
return false; | |
} | |
if (!remoteUser.equals(that.remoteUser)) | |
{ | |
return false; | |
} | |
return true; | |
} | |
@Override | |
public int hashCode() | |
{ | |
int result = remoteUser.hashCode(); | |
result = 31 * result + originatingHosts.hashCode(); | |
return result; | |
} | |
@Override | |
public String toString() | |
{ | |
return "TrustedHostAuthToken{" + | |
"remoteUser='" + remoteUser + '\'' + | |
", originatingHosts=" + originatingHosts + | |
'}'; | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package com.example.trusted; | |
import java.util.ArrayList; | |
import java.util.Enumeration; | |
import java.util.List; | |
import javax.servlet.ServletRequest; | |
import javax.servlet.ServletResponse; | |
import javax.servlet.http.HttpServletRequest; | |
import org.apache.shiro.authc.AuthenticationToken; | |
import org.apache.shiro.web.filter.authc.AuthenticatingFilter; | |
import org.apache.shiro.web.util.WebUtils; | |
/** | |
* TODO: Document this class | |
*/ | |
public class TrustedHostFilter extends AuthenticatingFilter | |
{ | |
@Override | |
protected AuthenticationToken createToken(final ServletRequest request, final ServletResponse response) throws Exception | |
{ | |
List<String> originatingHosts = new ArrayList<>(); | |
String remoteHost = request.getRemoteHost(); | |
originatingHosts.add(remoteHost); | |
if (request instanceof HttpServletRequest) | |
{ | |
final HttpServletRequest httpServletRequest = WebUtils.toHttp(request); | |
final Enumeration headers = httpServletRequest.getHeaders("X-Forwarded-For"); | |
while (headers.hasMoreElements()) | |
{ | |
String header = (String) headers.nextElement(); | |
final String[] splits = header.split(","); | |
for (String split: splits) | |
{ | |
originatingHosts.add(split); | |
} | |
} | |
} | |
return new TrustedHostAuthToken(WebUtils.getHttpRequest(request).getRemoteUser(), originatingHosts); | |
} | |
@Override | |
protected boolean onAccessDenied(final ServletRequest request, final ServletResponse response) throws Exception | |
{ | |
final boolean isForwarded = request instanceof HttpServletRequest | |
&& ((HttpServletRequest) request).getHeader("X-Forwarded-User") != null; | |
if (isForwarded) { | |
executeLogin(request, response); | |
} | |
return true; | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package com.example.trusted; | |
import java.util.List; | |
import org.apache.shiro.authc.AuthenticationException; | |
import org.apache.shiro.authc.AuthenticationInfo; | |
import org.apache.shiro.authc.AuthenticationToken; | |
import org.apache.shiro.authc.SimpleAuthenticationInfo; | |
import org.apache.shiro.authc.credential.AllowAllCredentialsMatcher; | |
import org.apache.shiro.realm.AuthenticatingRealm; | |
/** | |
* Note: if {@code allowForwardedFor} is set to {@code true}, then ALL proxies and the originating host must be contained with the | |
* {@code trustedHosts} parameter. | |
*/ | |
public class TrustedHostRealm extends AuthenticatingRealm | |
{ | |
private List<String> trustedHosts; | |
private boolean allowForwardedFor = true; | |
{ | |
this.setCredentialsMatcher(new AllowAllCredentialsMatcher()); | |
this.setAuthenticationTokenClass(TrustedHostAuthToken.class); | |
} | |
@Override | |
protected AuthenticationInfo doGetAuthenticationInfo(final AuthenticationToken token) throws AuthenticationException | |
{ | |
TrustedHostAuthToken hostToken = (TrustedHostAuthToken) token; | |
if (this.trustedHosts.containsAll(hostToken.getOriginatingHosts())) | |
{ | |
return new SimpleAuthenticationInfo(token.getPrincipal(), null, this.getName()); | |
} | |
else | |
{ | |
return null; | |
} | |
} | |
public List<String> getTrustedHosts() | |
{ | |
return trustedHosts; | |
} | |
public void setTrustedHosts(final List<String> trustedHosts) | |
{ | |
this.trustedHosts = trustedHosts; | |
} | |
public boolean isAllowForwardedFor() | |
{ | |
return allowForwardedFor; | |
} | |
public void setAllowForwardedFor(final boolean allowForwardedFor) | |
{ | |
this.allowForwardedFor = allowForwardedFor; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment