/** * Handles request in order to authenticate. * * @param \AppserverIo\Psr\Servlet\Http\HttpServletRequestInterface $servletRequest The request instance * @param \AppserverIo\Psr\Servlet\Http\HttpServletResponseInterface $servletResponse The response instance * * @return boolean TRUE if the authentication has been successful, else FALSE * * @throws \Exception */ public function handleRequest(HttpServletRequestInterface $servletRequest, HttpServletResponseInterface $servletResponse) { // iterate over all servlets and return the matching one /** * @var string $urlPattern * @var \AppserverIo\Http\Authentication\AuthenticationInterface $authenticationAdapter */ foreach ($this->authenticationAdapters as $urlPattern => $authenticationAdapter) { // we'll match our URI against the URL pattern if (fnmatch($urlPattern, $servletRequest->getServletPath() . $servletRequest->getPathInfo())) { // the URI pattern matches, init the adapter and try to authenticate // check if auth header is not set in coming request headers if (!$servletRequest->hasHeader(Protocol::HEADER_AUTHORIZATION)) { // send header for challenge authentication against client $servletResponse->addHeader(HttpProtocol::HEADER_WWW_AUTHENTICATE, $authenticationAdapter->getAuthenticateHeader()); } // initialize the adapter with the current request $authenticationAdapter->init($servletRequest->getHeader(HttpProtocol::HEADER_AUTHORIZATION), $servletRequest->getMethod()); // try to authenticate the request $authenticated = $authenticationAdapter->authenticate(); if (!$authenticated) { // send header for challenge authentication against client $servletResponse->addHeader(HttpProtocol::HEADER_WWW_AUTHENTICATE, $authenticationAdapter->getAuthenticateHeader()); } return $authenticated; } } // we did not find an adapter for that URI pattern, no authentication required then return true; }
/** * Try to authenticate the user making this request, based on the specified login configuration. * * Return TRUE if any specified constraint has been satisfied, or FALSE if we have created a response * challenge already. * * @param \AppserverIo\Psr\Servlet\Http\HttpServletRequestInterface $servletRequest The servlet request instance * @param \AppserverIo\Psr\Servlet\Http\HttpServletResponseInterface $servletResponse The servlet response instance * * @return boolean TRUE if authentication has already been processed on a request before, else FALSE * @throws \AppserverIo\Http\Authentication\AuthenticationException Is thrown if the request can't be authenticated */ public function authenticate(HttpServletRequestInterface $servletRequest, HttpServletResponseInterface $servletResponse) { // check if auth header is not set in coming request headers if ($servletRequest->hasHeader(Protocol::HEADER_AUTHORIZATION) === false) { // stop processing immediately $servletRequest->setDispatched(true); $servletResponse->setStatusCode(401); $servletResponse->addHeader(Protocol::HEADER_WWW_AUTHENTICATE, $this->getAuthenticateHeader()); return false; } // load the raw login credentials $rawAuthData = $servletRequest->getHeader(Protocol::HEADER_AUTHORIZATION); // set auth hash got from auth data request header and check if username and password has been passed if (strstr($credentials = base64_decode(trim(strstr($rawAuthData, " "))), ':') === false) { // stop processing immediately $servletRequest->setDispatched(true); $servletResponse->setStatusCode(401); $servletResponse->addHeader(Protocol::HEADER_WWW_AUTHENTICATE, $this->getAuthenticateHeader()); return false; } // get out username and password list($username, $password) = explode(':', $credentials); // query whether or not a username and a password has been passed if ($password === null || $username === null) { // stop processing immediately $servletRequest->setDispatched(true); $servletResponse->setStatusCode(401); $servletResponse->addHeader(Protocol::HEADER_WWW_AUTHENTICATE, $this->getAuthenticateHeader()); return false; } // set username and password $this->username = new String($username); $this->password = new String($password); // load the realm to authenticate this request for /** @var AppserverIo\Appserver\ServletEngine\Security\RealmInterface $realm */ $realm = $this->getAuthenticationManager()->getRealm($this->getRealmName()); // authenticate the request and initialize the user principal $userPrincipal = $realm->authenticate($this->getUsername(), $this->getPassword()); // query whether or not the realm returned an authenticated user principal if ($userPrincipal == null) { // stop processing immediately $servletRequest->setDispatched(true); $servletResponse->setStatusCode(401); $servletResponse->setBodyStream('Unauthorized'); $servletResponse->addHeader(Protocol::HEADER_WWW_AUTHENTICATE, $this->getAuthenticateHeader()); return false; } // add the user principal and the authentication type to the request $servletRequest->setUserPrincipal($userPrincipal); $servletRequest->setAuthType($this->getAuthType()); return true; }
/** * Populates the passed request with the request data of the original request * found in the also passed session. * * @param \AppserverIo\Psr\Servlet\Http\HttpServletRequestInterface $servletRequest The servlet request instance * @param \AppserverIo\Psr\Servlet\Http\HttpSessionInterface $session The session instance * * @return void */ protected function restoreRequest(HttpServletRequestInterface $servletRequest, HttpSessionInterface $session) { // query whether or not we can find the original request in the session if ($session->hasKey(Constants::FORM_REQUEST)) { // load the origin request from the session $req = $session->getData(Constants::FORM_REQUEST); // restore the original request data $servletRequest->setHeaders($req->headers); $servletRequest->setCookies($req->cookies); $servletRequest->setUserPrincipal($req->userPrincipal); $servletRequest->setServerName($req->serverName); $servletRequest->setQueryString($req->queryString); $servletRequest->setRequestUri($req->requestUri); $servletRequest->setDocumentRoot($req->documentRoot); $servletRequest->setRequestUrl($req->requestUrl); // set the body content if we can find one if ($servletRequest->getHeader(Protocol::HEADER_CONTENT_LENGTH) > 0) { $servletRequest->setBodyStream($req->bodyContent); } } }
/** * Returns the array with the $_COOKIE vars. * * @param \AppserverIo\Psr\Servlet\Http\HttpServletRequestInterface $servletRequest The request instance * * @return array The $_COOKIE vars */ protected function initCookieGlobals(HttpServletRequestInterface $servletRequest) { $cookie = array(); foreach (explode(';', $servletRequest->getHeader(Protocol::HEADER_COOKIE)) as $cookieLine) { list($key, $value) = explode('=', $cookieLine); $cookie[trim($key)] = trim($value); } return $cookie; }
/** * Tries to load the requested thumbnail from the applications WEB-INF directory * and adds it to the response. * * @param \AppserverIo\Psr\Servlet\Http\HttpServletRequestInterface $servletRequest The request instance * @param \AppserverIo\Psr\Servlet\Http\HttpServletResponseInterface $servletResponse The response instance * * @return void * @see \AppserverIo\Psr\Servlet\Http\HttpServlet::doGet() * * @SWG\Get( * path="/thumbnails.do/{id}", * tags={"applications"}, * summary="The application's thumbnail", * produces={"image/png"}, * @SWG\Parameter( * name="id", * in="path", * description="The name of the application to load the thumbnail for", * required=true, * type="string" * ), * @SWG\Response( * response=200, * description="The application's thumbnail" * ), * @SWG\Response( * response=500, * description="Internal Server Error" * ) * ) */ public function doGet(HttpServletRequestInterface $servletRequest, HttpServletResponseInterface $servletResponse) { // load the requested path info, e. g. /api/thumbnails.do/example/ $pathInfo = trim($servletRequest->getPathInfo(), '/'); // extract the entity and the ID, if available list($id, ) = explode('/', $pathInfo); // load file information and return the file object if possible $fileInfo = new \SplFileInfo($path = $this->getApplicationProcessor()->thumbnail($id)); if ($fileInfo->isDir()) { throw new FoundDirInsteadOfFileException(sprintf("Requested file %s is a directory", $path)); } if ($fileInfo->isFile() === false) { throw new FileNotFoundException(sprintf('File %s not not found', $path)); } if ($fileInfo->isReadable() === false) { throw new FileNotReadableException(sprintf('File %s is not readable', $path)); } // open the file itself $file = $fileInfo->openFile(); // set mimetypes to header $servletResponse->addHeader(HttpProtocol::HEADER_CONTENT_TYPE, MimeTypes::getMimeTypeByExtension(pathinfo($file->getFilename(), PATHINFO_EXTENSION))); // set last modified date from file $servletResponse->addHeader(HttpProtocol::HEADER_LAST_MODIFIED, gmdate('D, d M Y H:i:s \\G\\M\\T', $file->getMTime())); // set expires date $servletResponse->addHeader(HttpProtocol::HEADER_EXPIRES, gmdate('D, d M Y H:i:s \\G\\M\\T', time() + 3600)); // check if If-Modified-Since header info is set if ($servletRequest->getHeader(HttpProtocol::HEADER_IF_MODIFIED_SINCE)) { // check if file is modified since header given header date if (strtotime($servletRequest->getHeader(HttpProtocol::HEADER_IF_MODIFIED_SINCE)) >= $file->getMTime()) { // send 304 Not Modified Header information without content $servletResponse->addHeader(HttpProtocol::HEADER_STATUS, 'HTTP/1.1 304 Not Modified'); $servletResponse->appendBodyStream(PHP_EOL); return; } } // add the thumbnail as response content $servletResponse->appendBodyStream(file_get_contents($file->getRealPath())); }