1 25 26 package com.rift.coad.lib.httpd; 28 29 import java.io.ByteArrayOutputStream ; 31 import java.io.File ; 32 import java.io.IOException ; 33 import java.net.Socket ; 34 import java.net.URL ; 35 import java.net.URLDecoder ; 36 import java.util.Iterator ; 37 import java.lang.reflect.Constructor ; 38 39 import org.apache.log4j.Logger; 41 42 import org.apache.http.HttpServerConnection; 44 import org.apache.http.protocol.HttpService; 45 import org.apache.http.HttpException; 46 import org.apache.http.HttpRequest; 47 import org.apache.http.HttpResponse; 48 import org.apache.http.Header; 49 import org.apache.http.HttpStatus; 50 import org.apache.http.HttpEntity; 51 import org.apache.http.entity.StringEntity; 52 import org.apache.http.entity.FileEntity; 53 import org.apache.http.message.BasicHttpEntityEnclosingRequest; 54 import org.apache.http.message.HttpPost; 55 import org.apache.http.params.HttpParams; 56 57 58 import org.apache.axis.configuration.EngineConfigurationFactoryFinder; 60 import org.apache.axis.EngineConfiguration; 61 import org.apache.axis.AxisEngine; 62 import org.apache.axis.server.AxisServer; 63 import org.apache.axis.management.ServiceAdmin; 64 import org.apache.axis.Message; 65 import org.apache.axis.MessageContext; 66 import org.apache.axis.handlers.JAXRPCHandler; 67 import org.w3c.dom.Document ; 68 import org.apache.axis.utils.XMLUtils; 69 import org.apache.axis.handlers.soap.SOAPService; 70 import org.apache.axis.providers.java.RPCProvider; 71 import org.apache.axis.constants.Scope; 72 import org.apache.http.Header; 73 import javax.xml.soap.MimeHeader ; 74 import javax.xml.soap.MimeHeaders ; 75 import javax.xml.soap.SOAPMessage ; 76 import org.apache.axis.Constants; 77 import org.apache.axis.transport.http.NonBlockingBufferedInputStream; 78 79 80 import com.rift.coad.lib.configuration.Configuration; 82 import com.rift.coad.lib.configuration.ConfigurationFactory; 83 import com.rift.coad.lib.deployment.webservice.WebServiceConnector; 84 import com.rift.coad.lib.security.AuthorizationException; 85 import com.rift.coad.lib.security.UserSession; 86 import com.rift.coad.lib.security.Validator; 87 import com.rift.coad.lib.security.login.AuthenticationException; 88 import com.rift.coad.lib.security.login.SessionLogin; 89 import com.rift.coad.lib.security.login.handlers.PasswordInfoHandler; 90 import com.rift.coad.lib.security.sudo.Sudo; 91 import com.rift.coad.lib.security.sudo.SudoCallbackHandler; 92 import com.rift.coad.lib.security.user.UserSessionManager; 93 import com.rift.coad.lib.security.user.UserSessionManagerAccessor; 94 import com.rift.coad.lib.thread.BasicThread; 95 import com.rift.coad.lib.thirdparty.axis.AxisManager; 96 import com.rift.coad.lib.thirdparty.base64.Base64; 97 import com.rift.coad.lib.webservice.WebServiceWrapper; 98 import com.rift.coad.lib.webservice.WebServiceException; 99 100 101 107 public class HttpServiceHandler extends HttpService 108 implements SudoCallbackHandler, RequestInterface { 109 110 111 private final static String AUTH_HEADER = "Authorization"; 113 private final static String CHALLENGE_HEADER = "WWW-Authenticate"; 114 private final static String BASIC = "Basic"; 115 private final static String SESSION_ID = "sessionid"; 116 private final static String CODE_BASE = "/codebase/"; 117 118 private Logger log = 120 Logger.getLogger(HttpServiceHandler.class.getName()); 121 private Socket socket = null; 122 private HttpRequestCookieManager httpRequestCookieManager = null; 123 private String realm = null; 124 private HttpRequest request = null; 125 private HttpResponse response = null; 126 private String clientStubDir = null; 127 128 129 136 public HttpServiceHandler(HttpServerConnection conn,Socket socket, 137 String realm) throws HttpException { 138 super(conn); 139 this.socket = socket; 140 this.realm = realm; 141 try { 142 Configuration config = ConfigurationFactory.getInstance().getConfig( 143 HttpServiceHandler.class); 144 clientStubDir = config.getString("Client_Stub"); 145 } catch (Exception ex) { 146 throw new HttpException("Failed to init the http service handler : " 147 + ex.getMessage(),ex); 148 } 149 150 } 151 152 153 161 protected void doService(HttpRequest request, HttpResponse response) 162 throws HttpException, IOException { 163 try { 164 this.request = request; 165 this.response = response; 166 167 log.debug("Received a requests"); 169 String target = request.getRequestLine().getUri(); 170 String filePath = URLDecoder.decode(target,MimeTypes.UTF_8); 171 if (filePath.indexOf(CODE_BASE) == 0) { 172 returnClientStubCode(request, response, filePath); 173 return; 174 } 175 176 177 httpRequestCookieManager = new 179 HttpRequestCookieManager(request, response); 180 181 if (sudoAndProcess() == false) { 183 response.setStatusCode(HttpStatus.SC_UNAUTHORIZED); 184 response.addHeader(new Header(CHALLENGE_HEADER,BASIC + " realm=" 185 + "\"" + realm + "\"")); 186 return; 187 } 188 189 } catch (Exception ex) { 190 log.error("Failed to respond to the request : " + ex.getMessage(), 191 ex); 192 response.setStatusCode(HttpStatus.SC_INTERNAL_SERVER_ERROR); 193 response.setEntity(new StringEntity("Internal server error [" + 194 ex.getMessage() + "].","UTF-8")); 195 } 196 } 197 198 205 private void returnClientStubCode(HttpRequest request, 206 HttpResponse response, String path) throws HttpException { 207 try { 208 File file = new File (clientStubDir,path.substring( 209 CODE_BASE.length() - 1)); 210 if (!file.exists()) { 211 response.setStatusCode(HttpStatus.SC_NOT_FOUND); 212 StringEntity body = new StringEntity("File not found [" + 213 file.getPath() + "]","UTF-8"); 214 response.setEntity(body); 215 return; 216 } else if (!file.canRead() || file.isDirectory()) { 217 response.setStatusCode(HttpStatus.SC_FORBIDDEN); 218 StringEntity body = new StringEntity("Access Denied","UTF-8"); 219 response.setEntity(body); 220 return; 221 } 222 response.setStatusCode(HttpStatus.SC_OK); 223 FileEntity fileEntity = new FileEntity(file, 224 "application/x-compressed"); 225 response.setEntity(fileEntity); 226 log.info("Return the file [" + file.getPath() + "]"); 227 } catch (Exception ex) { 228 log.error("Failed to retrieve the file : " + 229 ex.getMessage(),ex); 230 throw new HttpException("Failed to retrieve the file : " + 231 ex.getMessage(),ex); 232 } 233 } 234 235 236 241 private boolean sudoAndProcess() throws HttpdException { 242 243 try { 244 CookieWrapper cookieWrapper = 246 httpRequestCookieManager.getCookie(SESSION_ID); 247 248 log.debug("Check for cookie [" + cookieWrapper + "]"); 250 if (cookieWrapper != null) { 251 String sessionId = cookieWrapper.getValue(); 252 log.info("Retrieve the session id [" + sessionId 253 + "] from cookie."); 254 try { 255 UserSessionManagerAccessor.getInstance(). 256 getUserSessionManager().getSessionById(sessionId); 257 Sudo.sudoThreadBySessionId(sessionId,this); 258 return true; 259 } catch (com.rift.coad.lib.security.user.UserException ex) { 260 } 262 } 263 264 log.debug("Check for an auth header."); 266 if (request.containsHeader(AUTH_HEADER)) { 267 log.info("Auth user."); 268 Header header = request.getFirstHeader(AUTH_HEADER); 269 if (!checkForBasic(header)) { 270 return false; 271 } 272 String decodedValue = decodeHeader(header); 273 String sessionId = authenticate(decodedValue); 274 log.debug("Session id is [" + sessionId + "]"); 275 httpRequestCookieManager.addCookie(new CookieWrapper( 276 SESSION_ID,sessionId)); 277 Sudo.sudoThreadBySessionId(sessionId,this); 278 return true; 279 } 280 281 process(); 283 return true; 284 } catch (AuthorizationException ex) { 285 log.error("Insufficiant permission [" + ex.getMessage() + "]",ex); 286 return false; 287 } catch (AuthenticationException ex) { 288 log.info("Authentication failed [" + ex.getMessage() + "]",ex); 289 return false; 290 } catch (Exception ex) { 291 throw new HttpdException("Failed to auth the user because : " + 292 ex.getMessage(),ex); 293 } 294 } 295 296 297 300 public void process() throws Exception { 301 302 try { 303 String target = request.getRequestLine().getUri(); 305 String filePath = URLDecoder.decode(target,MimeTypes.UTF_8); 306 307 String strippedFile = filePath; 309 int getParam = filePath.indexOf('?'); 310 if (getParam != -1) { 311 strippedFile = filePath.substring(0,getParam); 312 } 313 314 log.info("Find the file [" + strippedFile + "]"); 316 WebServiceWrapper webServiceWrapper = (WebServiceWrapper) 317 WebServiceConnector.getInstance().getService(strippedFile); 318 if (webServiceWrapper == null) { 319 response.setStatusCode(HttpStatus.SC_NOT_FOUND); 320 response.setEntity(new StringEntity("The Web Service [" + 321 strippedFile + "] does not exist.",MimeTypes.UTF_8)); 322 return; 323 } 324 325 Validator.validate(this.getClass(),webServiceWrapper.getRole()); 327 328 String method = request.getRequestLine().getMethod(); 330 331 if (method.equalsIgnoreCase("GET") && 332 getParam != -1 && (filePath.substring(getParam + 1). 333 equalsIgnoreCase("wsdl"))){ 334 String result = webServiceWrapper.generateWSDL(); 335 StringEntity stringEntity = new StringEntity(result); 336 stringEntity.setContentType(MimeTypes.XML); 337 response.setEntity(stringEntity); 338 return; 339 } 340 else if (request instanceof BasicHttpEntityEnclosingRequest) { 341 BasicHttpEntityEnclosingRequest post = 342 (BasicHttpEntityEnclosingRequest)request; 343 HttpEntity entity = post.getEntity(); 344 345 MimeHeaders mimeHeaders = new MimeHeaders (); 347 Header[] headerList = request.getAllHeaders(); 348 for (int i = 0; i < headerList.length; i++) { 349 mimeHeaders.addHeader(headerList[i].getName(), 350 headerList[i].getValue()); 351 } 352 353 String result = webServiceWrapper.processRequest( 354 entity.getContent(),mimeHeaders); 355 StringEntity stringEntity = new StringEntity(result); 356 stringEntity.setContentType(MimeTypes.XML); 357 response.setEntity(stringEntity); 358 return; 359 } 360 response.setStatusCode(HttpStatus.SC_BAD_REQUEST); 361 response.setEntity(new StringEntity("Unrecognised request", 362 MimeTypes.UTF_8)); 363 } catch (AuthorizationException ex) { 364 log.error("In sufficiant privaleges : " + ex.getMessage(), 365 ex); 366 throw ex; 367 } catch (WebServiceException ex) { 368 log.error("Failed to process the soap request : " + ex.getMessage(), 369 ex); 370 response.setStatusCode(HttpStatus.SC_INTERNAL_SERVER_ERROR); 371 StringEntity stringEntity = new StringEntity(ex.getMessage(), 372 MimeTypes.UTF_8); 373 stringEntity.setContentEncoding(ex.getEncoding()); 374 response.setEntity(stringEntity); 375 376 } catch (Exception ex) { 377 log.error("Failed to process the soap request : " + ex.getMessage(), 378 ex); 379 response.setStatusCode(HttpStatus.SC_NOT_FOUND); 380 response.setEntity(new StringEntity("Failed to invoke the request " + 381 "because : " + ex.getMessage(),MimeTypes.UTF_8)); 382 } 383 } 384 385 386 392 private boolean checkForBasic(Header authHeader) { 393 if (authHeader.getValue().toLowerCase().contains(BASIC.toLowerCase())) { 394 return true; 395 } 396 return false; 397 } 398 399 400 406 private String decodeHeader(Header authHeader) { 407 String encodedValue = authHeader.getValue().trim(); 408 String fullValue = encodedValue; 409 encodedValue = encodedValue.substring(encodedValue.indexOf(" ")).trim(); 410 String decodedValue = new String (Base64.decode(encodedValue)); 411 log.debug("Full value [" + fullValue + "] Encoded value [" 412 + encodedValue + "] decoded value [" 413 + decodedValue + "]"); 414 return decodedValue; 415 } 416 417 418 425 private String authenticate(String decodedHeaderValue) 426 throws AuthenticationException, HttpdException { 427 try { 428 log.debug("Decoded header value [" + decodedHeaderValue 429 + "] colon value [" + decodedHeaderValue.indexOf(':') 430 + "]"); 431 String username = null; 433 String password = null; 434 int pos = decodedHeaderValue.indexOf('='); 435 if (pos != -1) { 436 username = decodedHeaderValue.substring(0,pos); 437 password = decodedHeaderValue.substring(pos + 1); 438 439 } 440 else if ((pos = decodedHeaderValue.indexOf(':')) != -1) { 442 username = decodedHeaderValue.substring(0,pos).trim(); 443 password = decodedHeaderValue.substring(pos + 1).trim(); 444 } else { 445 throw new HttpdException("Authentication not recognised."); 446 } 447 448 log.debug("User name [" + username + "] password [" + password + "]"); 450 SessionLogin sessionLogin = new SessionLogin( 451 new PasswordInfoHandler(username,password)); 452 sessionLogin.login(); 453 return sessionLogin.getUser().getSessionId(); 454 } catch (AuthenticationException ex) { 455 throw ex; 456 } catch (Exception ex) { 457 throw new HttpdException("Failed to authenticate the user : " + 458 ex.getMessage(),ex); 459 } 460 } 461 } 462 | Popular Tags |