grouper-users - Re: [grouper-users] lite ui and authentication mechanism
Subject: Grouper Users - Open Discussion List
List archive
- From: Martin Feller <>
- To:
- Subject: Re: [grouper-users] lite ui and authentication mechanism
- Date: Mon, 14 Feb 2011 16:44:10 -0600
Actually, the filter order shouldn't even matter...
On 2/14/11 4:26 PM, Martin Feller wrote:
> Ah, request.setAttribute("REMOTE_USER", username), I didn't think of that
> one. If this filter is run before the existing filter it should work out.
> And yes, the cookie information is signed, so messing with the cookie
> shouldn't work.
>
> Thanks,
>
> Martin
>
> On 2/14/11 4:00 PM, Chris Hyzer wrote:
>> True, we should add that capability... I assume you have a way so that
>> nefarious users don't set their cookie value to act as other users... :)
>>
>> This is what you need to do:
>>
>> 1. in the web.xml declare your filter:
>>
>> <filter>
>> <filter-name>Your Filter</filter-name>
>> <filter-class>com.path.whatever.YourFilter</filter-class>
>> </filter>
>>
>>
>> Note, this part Im not sure about... I think you can just protect
>> everything (*), though you could pick and choose URL patterns like the
>> existing config does... Note, this part has to be above the existing
>> filter mappings in the web.xml so it is outside the other filters.
>>
>> <filter-mapping>
>> <filter-name>Your Filter</filter-name>
>> <url-pattern>* </url-pattern>
>> </filter-mapping>
>>
>> 2. Make a Java class called that, and do this: here is a simple example
>>
>>
>> /*
>> * @author mchyzer
>> * $Id: WebsecFilter.java,v 1.3 2009-11-25 20:01:26 mchyzer Exp $
>> */
>> package com.path.whatever;
>>
>> import java.io.IOException;
>>
>> import javax.servlet.Filter;
>> import javax.servlet.FilterChain;
>> import javax.servlet.FilterConfig;
>> import javax.servlet.ServletException;
>> import javax.servlet.ServletRequest;
>> import javax.servlet.ServletResponse;
>> import javax.servlet.http.Cookie;
>> import javax.servlet.http.HttpServletRequest;
>>
>>
>> /**
>> *
>> */
>> public class YourFilter implements Filter {
>>
>> /**
>> * @see javax.servlet.Filter#destroy()
>> */
>> public void destroy() {
>> }
>>
>> /**
>> * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest,
>> javax.servlet.ServletResponse, javax.servlet.FilterChain)
>> */
>> public void doFilter(ServletRequest req, ServletResponse res,
>> FilterChain filterChain)
>> throws IOException, ServletException {
>>
>> HttpServletRequest request = (HttpServletRequest)req;
>>
>> String username = cookieValue(request, "someCookieName");
>>
>> //do some decryption or something? :)
>>
>> request.setAttribute("REMOTE_USER", username);
>>
>> filterChain.doFilter(request, res);
>> }
>>
>> /**
>> * get a cookie value by name, null if not there
>> * @param httpServletRequest
>> * @param name
>> * @return the cookie value or null if not there
>> */
>> public static String cookieValue(HttpServletRequest httpServletRequest,
>> String name) {
>> Cookie cookie = findCookie(httpServletRequest, name);
>> return cookie == null ? null : cookie.getValue();
>> }
>>
>> /**
>> * find a cookie or null if cant find
>> * @param httpServletRequest
>> * @param name
>> * @return the cookie or null if not found
>> */
>> public static Cookie findCookie(HttpServletRequest httpServletRequest,
>> String name) {
>> //no nulls
>> if (name != null) {
>> Cookie[] cookies = httpServletRequest.getCookies();
>> //go through all cookies and find the cookie by name
>> int cookiesLength = cookies == null ? 0 : cookies.length;
>> for (int i=0;i<cookiesLength;i++) {
>> if (name.equals(cookies[i].getName())) {
>> return cookies[i];
>> }
>> }
>> }
>> return null;
>> }
>>
>>
>> /**
>> * @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
>> */
>> public void init(FilterConfig arg0) throws ServletException {
>> }
>>
>> }
>>
>>
>>
>> -----Original Message-----
>> From: Martin Feller
>> [mailto:]
>>
>> Sent: Monday, February 14, 2011 4:44 PM
>> To: Chris Hyzer
>> Cc:
>>
>> Subject: Re: [grouper-users] lite ui and authentication mechanism
>>
>> I try to integrate the light UI into an existing webpage. After logging
>> into that webpage information about
>> the user (like username) is stored in a cookie. I don't want an additional
>> basic authentication step when the group
>> management page is rendered, but rather have the Grouper UI servlet use
>> the information from the cookie to get the user id.
>> All works fine, I see the cookies, but I think I need to do changes in the
>> filter code to accomplish this.
>> Having a declarative option, like in grouper-ws, would be cleaner, I guess
>>
>> Thanks,
>>
>> Martin
>>
>> On 2/14/11 3:28 PM, Chris Hyzer wrote:
>>> What authentication mechanism do you want to use?
>>>
>>> Thanks,
>>> Chris
>>>
>>> -----Original Message-----
>>> From:
>>>
>>>
>>> [mailto:]
>>> On Behalf Of Martin Feller
>>> Sent: Monday, February 14, 2011 4:27 PM
>>> To:
>>>
>>> Subject: [grouper-users] lite ui and authentication mechanism
>>>
>>> Hi,
>>>
>>> Can somebody please confirm the following?
>>>
>>> I was trying to write a custom authentication mechanism and hook it into
>>> the Prototype Lite UI, as described
>>> here: https://spaces.internet2.edu/display/Grouper/Authentication
>>>
>>> But I think this won't work, because the mechanisms described there are
>>> only for grouper-ws.
>>> The lite UI servlet that handles the AJAX calls from grouper.html, or
>>> rather the service logic classes used by the
>>> lite UI servlet, call a static method of the GrouperUI filter to get the
>>> remote user though.
>>>
>>> So there's no configuration-only way to change the authentication
>>> mechanism for this UI, right?
>>>
>>> Thanks!
>>>
>>> Martin
>>
>
- [grouper-users] lite ui and authentication mechanism, Martin Feller, 02/14/2011
- RE: [grouper-users] lite ui and authentication mechanism, Chris Hyzer, 02/14/2011
- Re: [grouper-users] lite ui and authentication mechanism, Martin Feller, 02/14/2011
- Re: [grouper-users] lite ui and authentication mechanism, Martin Feller, 02/14/2011
- RE: [grouper-users] lite ui and authentication mechanism, Chris Hyzer, 02/14/2011
- Re: [grouper-users] lite ui and authentication mechanism, Martin Feller, 02/14/2011
- Re: [grouper-users] lite ui and authentication mechanism, Martin Feller, 02/14/2011
- Re: [grouper-users] lite ui and authentication mechanism, Martin Feller, 02/17/2011
- Re: [grouper-users] lite ui and authentication mechanism, Martin Feller, 02/17/2011
- Re: [grouper-users] lite ui and authentication mechanism, Shilen Patel, 02/18/2011
- RE: [grouper-users] lite ui and authentication mechanism, Chris Hyzer, 02/22/2011
- Re: [grouper-users] lite ui and authentication mechanism, Martin Feller, 02/17/2011
- Re: [grouper-users] lite ui and authentication mechanism, Martin Feller, 02/14/2011
- Re: [grouper-users] lite ui and authentication mechanism, Martin Feller, 02/14/2011
- Re: [grouper-users] lite ui and authentication mechanism, Martin Feller, 02/14/2011
- RE: [grouper-users] lite ui and authentication mechanism, Chris Hyzer, 02/14/2011
Archive powered by MHonArc 2.6.16.