From f24368ca6d55e411509576fe817c538e8df77ac4 Mon Sep 17 00:00:00 2001 From: maartenplieger Date: Fri, 17 Nov 2017 17:13:53 +0100 Subject: [PATCH 1/2] Security between controller and compute now works via X509 --- .../adaguc/security/AuthenticatorImpl.java | 85 +++++++++++++------ .../nl/knmi/adaguc/security/user/User.java | 63 +++++++++++--- .../adaguc/security/user/UserManager.java | 71 +++++++++++++++- .../services/adagucserver/ADAGUCServer.java | 13 ++- .../knmi/adaguc/services/basket/Basket.java | 10 +-- .../services/basket/BasketRequestMapper.java | 40 ++++++++- .../DatasetCatalogConfigurator.java | 3 + .../adaguc/services/oauth2/OAuth2Handler.java | 13 +-- .../services/oauth2/OAuth2RequestMapper.java | 70 ++++++++++++++- .../xml2json/ServiceHelperRequestMapper.java | 31 ++++++- 10 files changed, 336 insertions(+), 63 deletions(-) diff --git a/src/main/java/nl/knmi/adaguc/security/AuthenticatorImpl.java b/src/main/java/nl/knmi/adaguc/security/AuthenticatorImpl.java index ecff7ff..38ed3ae 100644 --- a/src/main/java/nl/knmi/adaguc/security/AuthenticatorImpl.java +++ b/src/main/java/nl/knmi/adaguc/security/AuthenticatorImpl.java @@ -1,14 +1,34 @@ package nl.knmi.adaguc.security; import java.io.IOException; +import java.security.InvalidKeyException; +import java.security.KeyManagementException; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.SignatureException; +import java.security.UnrecoverableKeyException; +import java.security.cert.CertificateException; +import java.util.Enumeration; +import java.util.List; +import java.util.Map; import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpSession; +import org.apache.http.client.methods.CloseableHttpResponse; +import org.apache.http.client.methods.HttpGet; +import org.apache.http.impl.client.CloseableHttpClient; +import org.apache.http.util.EntityUtils; +import org.ietf.jgss.GSSException; import org.springframework.security.core.AuthenticationException; import nl.knmi.adaguc.security.PemX509Tools.X509Info; +import nl.knmi.adaguc.security.PemX509Tools.X509UserCertAndKey; import nl.knmi.adaguc.security.token.Token; import nl.knmi.adaguc.security.token.TokenManager; +import nl.knmi.adaguc.security.user.User; +import nl.knmi.adaguc.security.user.UserManager; import nl.knmi.adaguc.tools.Debug; import nl.knmi.adaguc.tools.ElementNotFoundException; import nl.knmi.adaguc.tools.HTTPTools; @@ -24,55 +44,72 @@ public AuthenticatorImpl() { // TODO Auto-generated constructor stub } - @Override - public void init(HttpServletRequest request) { -// Debug.println("Init"); + public synchronized void init(HttpServletRequest request) { + if (request == null ) { + return; + } + // Debug.println("Init"); + String sessionId = null; + HttpSession session = request.getSession(); + if (session!=null) { + sessionId = (String) session.getAttribute("user_identifier"); + } + + + if (sessionId!=null) { + x509 = new PemX509Tools().new X509Info(sessionId, sessionId); + Debug.println("Got userid from session"); + return; + } else { + Debug.println("No userinfo from session"); + } + x509 = new PemX509Tools().getUserIdFromCertificate(request); Debug.println("No user info found from certificates"); if(x509 == null){ String path = request.getServletPath(); - - String tokenStr = new TokenManager().getTokenFromPath(path); - - if(tokenStr == null){ - try { + + String tokenStr = new TokenManager().getTokenFromPath(path); + + if(tokenStr == null){ + try { tokenStr = HTTPTools.getHTTPParam(request, "key"); - } catch (Exception e) { + } catch (Exception e1) { Debug.println("No access token set in URL via key= KVP"); } - } - - if(tokenStr!=null){ - Token token = null; + } + + if(tokenStr!=null){ + Token token = null; try { token = TokenManager.getToken(tokenStr); -// Debug.println("Found token "+token); + // Debug.println("Found token "+token); x509 = new PemX509Tools().new X509Info(token.getUserId(), token.getToken()); -// Debug.println("Found user "+x509.getCN()); - } catch (AuthenticationException | IOException | ElementNotFoundException e) { + // Debug.println("Found user "+x509.getCN()); + } catch (AuthenticationException | IOException | ElementNotFoundException e1) { // TODO Auto-generated catch block - Debug.printStackTrace(e); + Debug.printStackTrace(e1); } - - - + + + }else{ Debug.println("Unable to find user info from certificate or accesstoken"); } - - + + } } - + public String getClientId(){ if(x509 == null){ return null; } return x509.getCN(); } - + } diff --git a/src/main/java/nl/knmi/adaguc/security/user/User.java b/src/main/java/nl/knmi/adaguc/security/user/User.java index 6c97b44..ae88da3 100644 --- a/src/main/java/nl/knmi/adaguc/security/user/User.java +++ b/src/main/java/nl/knmi/adaguc/security/user/User.java @@ -2,32 +2,38 @@ import java.io.IOException; + import lombok.Getter; import nl.knmi.adaguc.tools.ElementNotFoundException; import nl.knmi.adaguc.config.MainServicesConfigurator; +import nl.knmi.adaguc.security.PemX509Tools; +import nl.knmi.adaguc.security.PemX509Tools.X509UserCertAndKey; +import nl.knmi.adaguc.security.SecurityConfigurator; import nl.knmi.adaguc.tools.Debug; import nl.knmi.adaguc.tools.Tools; public class User { @Getter String homeDir = null; - + @Getter String userId = null; - + @Getter String dataDir = null; - - + + private X509UserCertAndKey userCert; + + public static String makePosixUserId(String userId){ - if (userId == null) - return null; + if (userId == null) + return null; - userId = userId.replace("http://", ""); - userId = userId.replace("https://", ""); - userId = userId.replaceAll("/", "."); - return userId; - } + userId = userId.replace("http://", ""); + userId = userId.replace("https://", ""); + userId = userId.replaceAll("/", "."); + return userId; + } public User(String _id) throws IOException, ElementNotFoundException { @@ -41,6 +47,41 @@ public User(String _id) throws IOException, ElementNotFoundException { Debug.println("User Home Dir: "+homeDir); } + /** + * Create NetCDF .httprc or .dodsrc resource file and store it in the users + * home directory + * + * @param user + * The user object + * @throws IOException + * @throws ElementNotFoundException + */ + private synchronized void createNCResourceFile() + throws IOException, ElementNotFoundException { + String fileContents = + "HTTP.SSL.VALIDATE=0\n" + + "HTTP.COOKIEJAR=" + this.homeDir + "/.dods_cookies\n" + + "HTTP.SSL.CERTIFICATE=" + this.homeDir + "/cert.crt" + "\n" + + "HTTP.SSL.KEY=" + this.homeDir + "/cert.key" + "\n" + + "HTTP.SSL.SSLv3="+this.homeDir + "/cert.crt"+"\n" + + "HTTP.SSL.CAPATH="+ SecurityConfigurator.getTrustRootsCADirectory(); + Debug.println("createNCResourceFile for user "+this.userId+":\n"+fileContents); + Tools.writeFile(this.homeDir + "/.httprc", fileContents); + Tools.writeFile(this.homeDir + "/.dodsrc", fileContents); + } + public void setCertificate(X509UserCertAndKey userCert) throws IOException, ElementNotFoundException { + /* TODO could optinally write cert to user basket */ + + PemX509Tools.writeCertificateToPemFile(userCert.getUserSlCertificate(), this.homeDir + "/cert.crt"); + PemX509Tools.writePrivateKeyToPemFile(userCert.getPrivateKey(), this.homeDir + "/cert.key"); + this.userCert = userCert; + createNCResourceFile(); + } + + public X509UserCertAndKey getCertificate() { + return this.userCert; + } + } diff --git a/src/main/java/nl/knmi/adaguc/security/user/UserManager.java b/src/main/java/nl/knmi/adaguc/security/user/UserManager.java index 921e887..ea2a28e 100644 --- a/src/main/java/nl/knmi/adaguc/security/user/UserManager.java +++ b/src/main/java/nl/knmi/adaguc/security/user/UserManager.java @@ -1,14 +1,38 @@ package nl.knmi.adaguc.security.user; import java.io.IOException; +import java.security.InvalidKeyException; +import java.security.KeyManagementException; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.SignatureException; +import java.security.UnrecoverableKeyException; +import java.security.cert.CertificateException; import java.util.Map; import java.util.concurrent.ConcurrentHashMap; +import javax.servlet.http.HttpServletRequest; + +import org.apache.http.client.methods.CloseableHttpResponse; +import org.apache.http.client.methods.HttpGet; +import org.apache.http.impl.client.CloseableHttpClient; +import org.apache.http.util.EntityUtils; +import org.bouncycastle.operator.OperatorCreationException; +import org.ietf.jgss.GSSException; +import org.json.JSONException; import org.springframework.security.core.AuthenticationException; +import nl.knmi.adaguc.tools.Debug; import nl.knmi.adaguc.tools.ElementNotFoundException; import nl.knmi.adaguc.security.AuthenticationExceptionImpl; +import nl.knmi.adaguc.security.AuthenticatorFactory; import nl.knmi.adaguc.security.AuthenticatorInterface; +import nl.knmi.adaguc.security.CertificateVerificationException; +import nl.knmi.adaguc.security.PemX509Tools; +import nl.knmi.adaguc.security.SecurityConfigurator; +import nl.knmi.adaguc.security.PemX509Tools.X509UserCertAndKey; +import nl.knmi.adaguc.services.oauth2.OAuth2Handler; @@ -30,10 +54,55 @@ public synchronized static User getUser(String id) throws IOException, ElementNo } private static String harmonizeUserId(String id) { - return id; + return User.makePosixUserId(id); } public synchronized static User getUser(AuthenticatorInterface authenticator) throws IOException, ElementNotFoundException, AuthenticationException { return getUser(authenticator.getClientId()); } + + public static String makeGetRequestWithUserFromServletRequest (HttpServletRequest servletRequest, String requestStr) throws ElementNotFoundException, AuthenticationException, IOException, KeyManagementException, UnrecoverableKeyException, InvalidKeyException, NoSuchAlgorithmException, KeyStoreException, CertificateException, NoSuchProviderException, SignatureException, GSSException { + String ts = SecurityConfigurator.getTrustStore(); + + char [] tsPass = SecurityConfigurator.getTrustStorePassword().toCharArray(); + + Debug.println("Running remote adaguc with truststore"); + + X509UserCertAndKey userCertificate = null; + + AuthenticatorInterface authenticator = AuthenticatorFactory.getAuthenticator(servletRequest); + if(authenticator!=null){ + User user = UserManager.getUser(authenticator); + if(user!=null){ + userCertificate = user.getCertificate(); + if (userCertificate == null) { + try { + OAuth2Handler.makeUserCertificate(user.userId); + } catch (OperatorCreationException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } catch (CertificateVerificationException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } catch (JSONException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + } + } + } + if (userCertificate!=null) { + Debug.println("Making request with user certificate"); + } + + + CloseableHttpClient httpClient = (new PemX509Tools()). + getHTTPClientForPEMBasedClientAuth(ts, tsPass, userCertificate); + CloseableHttpResponse httpResponse = httpClient.execute(new HttpGet(requestStr)); + return EntityUtils.toString(httpResponse.getEntity()); + } + + + + } diff --git a/src/main/java/nl/knmi/adaguc/services/adagucserver/ADAGUCServer.java b/src/main/java/nl/knmi/adaguc/services/adagucserver/ADAGUCServer.java index 5603e55..e9ca65b 100644 --- a/src/main/java/nl/knmi/adaguc/services/adagucserver/ADAGUCServer.java +++ b/src/main/java/nl/knmi/adaguc/services/adagucserver/ADAGUCServer.java @@ -71,11 +71,16 @@ public static void runADAGUC(HttpServletRequest request,HttpServletResponse resp List environmentVariables = new ArrayList(); String userHomeDir="/tmp/"; -// AuthenticatorInterface authenticator = AuthenticatorFactory.getAuthenticator(request); -// if(authenticator != null){ -// userHomeDir = UserManager.getUser(authenticator).getHomeDir(); -// } + AuthenticatorInterface authenticator = AuthenticatorFactory.getAuthenticator(request); + if(authenticator != null){ + try { + userHomeDir = UserManager.getUser(authenticator).getHomeDir(); + } catch(Exception e){ + + } + } + Debug.println("Using home " + userHomeDir); String homeURL=MainServicesConfigurator.getServerExternalURL(); String adagucExecutableLocation = ADAGUCConfigurator.getADAGUCExecutable(); Debug.println("adagucExecutableLocation: "+adagucExecutableLocation); diff --git a/src/main/java/nl/knmi/adaguc/services/basket/Basket.java b/src/main/java/nl/knmi/adaguc/services/basket/Basket.java index 0e12542..233377b 100644 --- a/src/main/java/nl/knmi/adaguc/services/basket/Basket.java +++ b/src/main/java/nl/knmi/adaguc/services/basket/Basket.java @@ -71,13 +71,5 @@ public BasketNode listFiles(BasketNode bn, String dir) throws ElementNotFoundExc } - public static void main(String[]argv) { - Basket b=new Basket("/nobackup/users/vreedede/testimpactspace", "testBasket", null); - try { - System.err.println(b.listFiles()); - } catch (ElementNotFoundException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - } + } diff --git a/src/main/java/nl/knmi/adaguc/services/basket/BasketRequestMapper.java b/src/main/java/nl/knmi/adaguc/services/basket/BasketRequestMapper.java index e439736..0ac7ccb 100644 --- a/src/main/java/nl/knmi/adaguc/services/basket/BasketRequestMapper.java +++ b/src/main/java/nl/knmi/adaguc/services/basket/BasketRequestMapper.java @@ -2,13 +2,28 @@ import java.io.File; import java.io.IOException; +import java.security.InvalidKeyException; +import java.security.KeyManagementException; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.SignatureException; +import java.security.UnrecoverableKeyException; +import java.security.cert.CertificateException; +import java.util.Vector; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.http.client.methods.CloseableHttpResponse; +import org.apache.http.client.methods.HttpGet; +import org.apache.http.impl.client.CloseableHttpClient; +import org.apache.http.util.EntityUtils; +import org.ietf.jgss.GSSException; import org.json.JSONObject; import org.springframework.context.annotation.Bean; import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter; +import org.springframework.security.core.AuthenticationException; import org.springframework.web.bind.annotation.CrossOrigin; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; @@ -23,8 +38,14 @@ import nl.knmi.adaguc.security.AuthenticatorFactory; import nl.knmi.adaguc.security.AuthenticatorInterface; +import nl.knmi.adaguc.security.PemX509Tools; +import nl.knmi.adaguc.security.SecurityConfigurator; +import nl.knmi.adaguc.security.PemX509Tools.X509UserCertAndKey; +import nl.knmi.adaguc.security.SecurityConfigurator.ComputeNode; +import nl.knmi.adaguc.security.user.User; import nl.knmi.adaguc.security.user.UserManager; import nl.knmi.adaguc.tools.Debug; +import nl.knmi.adaguc.tools.ElementNotFoundException; import nl.knmi.adaguc.tools.HTTPTools; import nl.knmi.adaguc.tools.JSONResponse; @@ -41,6 +62,7 @@ public MappingJackson2HttpMessageConverter mappingJackson2HttpMessageConverter() return converter; } + @ResponseBody @RequestMapping("/list") public void listBasket(HttpServletResponse response, HttpServletRequest request) throws IOException{ @@ -48,11 +70,27 @@ public void listBasket(HttpServletResponse response, HttpServletRequest request) ObjectMapper om=new ObjectMapper(); om.registerModule(new JSR310Module()); om.disable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS); + + Debug.println("basket/list received"); try { boolean enabled = BasketConfigurator.getEnabled(); if(!enabled){ - jsonResponse.setMessage(new JSONObject().put("error","ADAGUC basket is not enabled")); + /* Make a basket of the remote instance */ + Vector computeNodes = SecurityConfigurator.getComputeNodes(); + if (computeNodes.size() == 0) { + jsonResponse.setMessage(new JSONObject().put("error","ADAGUC basket is not enabled and no computenodes are available")); + } else { + String url = computeNodes.get(0).url + "/basket/list"; + Debug.println("Getting basket from " + url); + String basketResponse = UserManager.makeGetRequestWithUserFromServletRequest(request, url); + Debug.println(basketResponse); + jsonResponse.setMessage(new JSONObject(). + put("type","ROOT"). + put("name",computeNodes.get(0).url.replace("https://","")). + put("children", new JSONObject(basketResponse))); + } }else{ + /*Try to use the basket locally available */ Debug.println("getoverview"); String tokenStr=null; try { diff --git a/src/main/java/nl/knmi/adaguc/services/datasetcatalog/DatasetCatalogConfigurator.java b/src/main/java/nl/knmi/adaguc/services/datasetcatalog/DatasetCatalogConfigurator.java index d626fa6..b6e4e18 100644 --- a/src/main/java/nl/knmi/adaguc/services/datasetcatalog/DatasetCatalogConfigurator.java +++ b/src/main/java/nl/knmi/adaguc/services/datasetcatalog/DatasetCatalogConfigurator.java @@ -13,6 +13,9 @@ public void doConfig(XMLElement configReader) throws ElementNotFoundException { if(configReader.getNodeValue("adaguc-services.basket") == null){ return; } + if(configReader.getNodeValue("adaguc-services.datasetcatalog") == null){ + return; + } String enabledStr=configReader.getNodeValue("adaguc-services.datasetcatalog.enabled"); if(enabledStr != null && enabledStr.equals("true")){ enabled = true; diff --git a/src/main/java/nl/knmi/adaguc/services/oauth2/OAuth2Handler.java b/src/main/java/nl/knmi/adaguc/services/oauth2/OAuth2Handler.java index 72a9182..0a5635f 100644 --- a/src/main/java/nl/knmi/adaguc/services/oauth2/OAuth2Handler.java +++ b/src/main/java/nl/knmi/adaguc/services/oauth2/OAuth2Handler.java @@ -97,6 +97,8 @@ of this software and associated documentation files (the "Software"), to deal import nl.knmi.adaguc.security.PemX509Tools.X509UserCertAndKey; import nl.knmi.adaguc.security.SecurityConfigurator; import nl.knmi.adaguc.security.SecurityConfigurator.ComputeNode; +import nl.knmi.adaguc.security.user.User; +import nl.knmi.adaguc.security.user.UserManager; import nl.knmi.adaguc.services.oauth2.OAuthConfigurator.Oauth2Settings; import nl.knmi.adaguc.tools.DateFunctions; import nl.knmi.adaguc.tools.Debug; @@ -531,7 +533,7 @@ public static void setSessionInfo(HttpServletRequest request, request.getSession().setAttribute("login_method", "oauth2"); try { - JSONObject accessToken = makeUserCertificate(userInfo.user_identifier.replaceAll("/", ".")); + JSONObject accessToken = makeUserCertificate(User.makePosixUserId(userInfo.user_identifier)); if ( accessToken.has("error")){ Debug.errprintln("Error getting user cert: " + accessToken.toString()); request.getSession().setAttribute("services_access_token", accessToken.toString()); @@ -549,16 +551,15 @@ public static void setSessionInfo(HttpServletRequest request, } }; - private static JSONObject makeUserCertificate(String clientId) throws CertificateException, IOException, InvalidKeyException, NoSuchAlgorithmException, OperatorCreationException, KeyManagementException, UnrecoverableKeyException, KeyStoreException, NoSuchProviderException, SignatureException, GSSException, ElementNotFoundException, CertificateVerificationException, JSONException { + public static JSONObject makeUserCertificate(String clientId) throws CertificateException, IOException, InvalidKeyException, NoSuchAlgorithmException, OperatorCreationException, KeyManagementException, UnrecoverableKeyException, KeyStoreException, NoSuchProviderException, SignatureException, GSSException, ElementNotFoundException, CertificateVerificationException, JSONException { + + User user = UserManager.getUser(clientId); Debug.println("Making user cert for "+clientId); X509Certificate caCertificate = PemX509Tools.readCertificateFromPEM(SecurityConfigurator.getCACertificate()); PrivateKey privateKey = PemX509Tools.readPrivateKeyFromPEM(SecurityConfigurator.getCAPrivateKey()); X509UserCertAndKey userCert = new PemX509Tools().setupSLCertificateUser(clientId, caCertificate, privateKey); - - /* TODO could optinally write cert to user basket */ -// PemX509Tools.writeCertificateToPemFile(userCert.getUserSlCertificate(), "/tmp/cert.crt"); -// PemX509Tools.writePrivateKeyToPemFile(userCert.getPrivateKey(), "/tmp/cert.key"); + user.setCertificate(userCert); CloseableHttpClient httpClient = new PemX509Tools().getHTTPClientForPEMBasedClientAuth( diff --git a/src/main/java/nl/knmi/adaguc/services/oauth2/OAuth2RequestMapper.java b/src/main/java/nl/knmi/adaguc/services/oauth2/OAuth2RequestMapper.java index fbdb656..367770b 100644 --- a/src/main/java/nl/knmi/adaguc/services/oauth2/OAuth2RequestMapper.java +++ b/src/main/java/nl/knmi/adaguc/services/oauth2/OAuth2RequestMapper.java @@ -1,10 +1,21 @@ package nl.knmi.adaguc.services.oauth2; import java.io.IOException; +import java.security.InvalidKeyException; +import java.security.KeyManagementException; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.SignatureException; +import java.security.UnrecoverableKeyException; +import java.security.cert.CertificateException; +import java.util.Vector; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.bouncycastle.operator.OperatorCreationException; +import org.ietf.jgss.GSSException; import org.json.JSONException; import org.json.JSONObject; import org.springframework.context.annotation.Bean; @@ -18,7 +29,12 @@ import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.databind.SerializationFeature; +import nl.knmi.adaguc.config.MainServicesConfigurator; +import nl.knmi.adaguc.security.CertificateVerificationException; +import nl.knmi.adaguc.security.SecurityConfigurator; +import nl.knmi.adaguc.security.SecurityConfigurator.ComputeNode; import nl.knmi.adaguc.tools.ElementNotFoundException; +import nl.knmi.adaguc.tools.HTTPTools; import nl.knmi.adaguc.tools.JSONResponse; @@ -40,11 +56,57 @@ public MappingJackson2HttpMessageConverter mappingJackson2HttpMessageConverter() method = RequestMethod.GET ) public void doOauth(HttpServletResponse response, HttpServletRequest request) throws JSONException, IOException, ElementNotFoundException{ - //JSONResponse jsonResponse = new JSONResponse(request); -// jsonResponse.setMessage(new JSONObject().put("Test","Test")); + boolean useDev = false; + if (useDev) { + request.getSession().setAttribute("user_identifier","maarten"); + Vector computeNodes = SecurityConfigurator.getComputeNodes(); + request.getSession().setAttribute("domain",computeNodes.get(0).url.replace("https://", "")); + try { + OAuth2Handler.makeUserCertificate("maarten"); + } catch (InvalidKeyException e1) { + // TODO Auto-generated catch block + e1.printStackTrace(); + } catch (KeyManagementException e1) { + // TODO Auto-generated catch block + e1.printStackTrace(); + } catch (UnrecoverableKeyException e1) { + // TODO Auto-generated catch block + e1.printStackTrace(); + } catch (CertificateException e1) { + // TODO Auto-generated catch block + e1.printStackTrace(); + } catch (NoSuchAlgorithmException e1) { + // TODO Auto-generated catch block + e1.printStackTrace(); + } catch (OperatorCreationException e1) { + // TODO Auto-generated catch block + e1.printStackTrace(); + } catch (KeyStoreException e1) { + // TODO Auto-generated catch block + e1.printStackTrace(); + } catch (NoSuchProviderException e1) { + // TODO Auto-generated catch block + e1.printStackTrace(); + } catch (SignatureException e1) { + // TODO Auto-generated catch block + e1.printStackTrace(); + } catch (GSSException e1) { + // TODO Auto-generated catch block + e1.printStackTrace(); + } catch (CertificateVerificationException e1) { + // TODO Auto-generated catch block + e1.printStackTrace(); + } +; try { + response.sendRedirect(HTTPTools.getHTTPParam(request, "returnurl")); + } catch (Exception e) { + e.printStackTrace(); + response.sendRedirect(MainServicesConfigurator.getServerExternalURL()); + } + return; + } + OAuth2Handler.doGet(request, response); - //jsonResponse.print(response); - } /** * Small function to check if the Id is unknown. diff --git a/src/main/java/nl/knmi/adaguc/services/xml2json/ServiceHelperRequestMapper.java b/src/main/java/nl/knmi/adaguc/services/xml2json/ServiceHelperRequestMapper.java index 76455cd..b1177a6 100644 --- a/src/main/java/nl/knmi/adaguc/services/xml2json/ServiceHelperRequestMapper.java +++ b/src/main/java/nl/knmi/adaguc/services/xml2json/ServiceHelperRequestMapper.java @@ -6,6 +6,7 @@ import java.net.URL; import java.net.URLDecoder; +import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.http.client.methods.CloseableHttpResponse; @@ -24,8 +25,13 @@ import com.fasterxml.jackson.databind.SerializationFeature; import nl.knmi.adaguc.config.MainServicesConfigurator; +import nl.knmi.adaguc.security.AuthenticatorFactory; +import nl.knmi.adaguc.security.AuthenticatorInterface; import nl.knmi.adaguc.security.PemX509Tools; +import nl.knmi.adaguc.security.PemX509Tools.X509UserCertAndKey; import nl.knmi.adaguc.security.SecurityConfigurator; +import nl.knmi.adaguc.security.user.User; +import nl.knmi.adaguc.security.user.UserManager; import nl.knmi.adaguc.services.adagucserver.ADAGUCServer; import nl.knmi.adaguc.tools.Debug; import nl.knmi.adaguc.tools.MyXMLParser; @@ -44,7 +50,10 @@ public MappingJackson2HttpMessageConverter mappingJackson2HttpMessageConverter() @ResponseBody @CrossOrigin @RequestMapping("xml2json") - public void XML2JSON(@RequestParam(value="request")String request,@RequestParam(value="callback", required=false)String callback, HttpServletResponse response){ + public void XML2JSON( + @RequestParam(value="request")String request, + @RequestParam(value="callback", + required=false)String callback, HttpServletRequest servletRequest, HttpServletResponse response){ /** * Converts XML file pointed with request to JSON file * @param requestStr @@ -76,7 +85,7 @@ public void XML2JSON(@RequestParam(value="request")String request,@RequestParam( String url = requestStr.substring(MainServicesConfigurator.getServerExternalURL().length()); url = url.substring(url.indexOf("?")+1); Debug.println("url = ["+url+"]"); - ADAGUCServer.runADAGUCWMS(null, null, url, outputStream); + ADAGUCServer.runADAGUCWMS(servletRequest, null, url, outputStream); String getCapabilities = new String(outputStream.toByteArray()); outputStream.close(); rootElement.parseString(getCapabilities); @@ -92,8 +101,24 @@ public void XML2JSON(@RequestParam(value="request")String request,@RequestParam( Debug.println("Running remote adaguc with truststore"); + X509UserCertAndKey userCertificate = null; + + AuthenticatorInterface authenticator = AuthenticatorFactory.getAuthenticator(servletRequest); + if(authenticator!=null){ + User user = UserManager.getUser(authenticator); + if(user!=null){ + userCertificate = user.getCertificate(); + } + } + if (userCertificate!=null) { + Debug.println("Making request with user certificate"); + } else { + Debug.println("Making request without user certificate"); + } + + CloseableHttpClient httpClient = (new PemX509Tools()). - getHTTPClientForPEMBasedClientAuth(ts, tsPass, null); + getHTTPClientForPEMBasedClientAuth(ts, tsPass, userCertificate); CloseableHttpResponse httpResponse = httpClient.execute(new HttpGet(requestStr)); String result = EntityUtils.toString(httpResponse.getEntity()); rootElement.parseString(result); From 0662c2c7c0367a87cfaaeaf0f9e8402aa160477d Mon Sep 17 00:00:00 2001 From: maartenplieger Date: Thu, 1 Feb 2018 14:24:22 +0100 Subject: [PATCH 2/2] Added cross origin flag to WMS endpoint --- .../knmi/adaguc/services/adagucserver/ADAGUCRequestMapper.java | 1 + 1 file changed, 1 insertion(+) diff --git a/src/main/java/nl/knmi/adaguc/services/adagucserver/ADAGUCRequestMapper.java b/src/main/java/nl/knmi/adaguc/services/adagucserver/ADAGUCRequestMapper.java index 66bb217..0e285e3 100644 --- a/src/main/java/nl/knmi/adaguc/services/adagucserver/ADAGUCRequestMapper.java +++ b/src/main/java/nl/knmi/adaguc/services/adagucserver/ADAGUCRequestMapper.java @@ -26,6 +26,7 @@ public MappingJackson2HttpMessageConverter mappingJackson2HttpMessageConverter() return converter; } @ResponseBody + @CrossOrigin @RequestMapping("wms") public void ADAGUCSERVERWMS(HttpServletResponse response, HttpServletRequest request){