/**
  * Handles request in order to authenticate.
  *
  * @param \AppserverIo\Psr\Servlet\Http\HttpServletRequestInterface  $servletRequest  The request instance
  * @param \AppserverIo\Psr\Servlet\Http\HttpServletResponseInterface $servletResponse The response instance
  *
  * @return boolean TRUE if the authentication has been successful, else FALSE
  *
  * @throws \Exception
  */
 public function handleRequest(HttpServletRequestInterface $servletRequest, HttpServletResponseInterface $servletResponse)
 {
     // iterate over all servlets and return the matching one
     /**
      * @var string $urlPattern
      * @var \AppserverIo\Http\Authentication\AuthenticationInterface $authenticationAdapter
      */
     foreach ($this->authenticationAdapters as $urlPattern => $authenticationAdapter) {
         // we'll match our URI against the URL pattern
         if (fnmatch($urlPattern, $servletRequest->getServletPath() . $servletRequest->getPathInfo())) {
             // the URI pattern matches, init the adapter and try to authenticate
             // check if auth header is not set in coming request headers
             if (!$servletRequest->hasHeader(Protocol::HEADER_AUTHORIZATION)) {
                 // send header for challenge authentication against client
                 $servletResponse->addHeader(HttpProtocol::HEADER_WWW_AUTHENTICATE, $authenticationAdapter->getAuthenticateHeader());
             }
             // initialize the adapter with the current request
             $authenticationAdapter->init($servletRequest->getHeader(HttpProtocol::HEADER_AUTHORIZATION), $servletRequest->getMethod());
             // try to authenticate the request
             $authenticated = $authenticationAdapter->authenticate();
             if (!$authenticated) {
                 // send header for challenge authentication against client
                 $servletResponse->addHeader(HttpProtocol::HEADER_WWW_AUTHENTICATE, $authenticationAdapter->getAuthenticateHeader());
             }
             return $authenticated;
         }
     }
     // we did not find an adapter for that URI pattern, no authentication required then
     return true;
 }
 /**
  * Processes the request by invoking the request handler that executes the servlet
  * in a protected context.
  *
  * @param \AppserverIo\Psr\Servlet\Http\HttpServletRequestInterface  $servletRequest  The request instance
  * @param \AppserverIo\Psr\Servlet\Http\HttpServletResponseInterface $servletResponse The response instance
  *
  * @return void
  */
 public function invoke(HttpServletRequestInterface $servletRequest, HttpServletResponseInterface $servletResponse)
 {
     try {
         // unpack the remote method call
         $remoteMethod = RemoteMethodProtocol::unpack($servletRequest->getBodyContent());
         // load the application context
         /** @var \AppserverIo\Appserver\Application\Application $application */
         $application = $servletRequest->getContext();
         // prepare method name and parameters and invoke method
         $className = $remoteMethod->getClassName();
         $methodName = $remoteMethod->getMethodName();
         $parameters = $remoteMethod->getParameters();
         $sessionId = $remoteMethod->getSessionId();
         // load the bean manager and the bean instance
         $instance = $application->search($className, array($sessionId, array($application)));
         // invoke the remote method call on the local instance
         $response = call_user_func_array(array($instance, $methodName), $parameters);
         // serialize the remote method and write it to the socket
         $servletResponse->appendBodyStream(RemoteMethodProtocol::pack($response));
         // re-attach the bean instance in the container and unlock it
         $application->search('BeanContextInterface')->attach($instance, $sessionId);
     } catch (\Exception $e) {
         // catch the exception and append it to the body stream
         $servletResponse->appendBodyStream(RemoteMethodProtocol::pack(RemoteExceptionWrapper::factory($e)));
     }
     // finally dispatch this request, because we have finished processing it
     $servletRequest->setDispatched(true);
 }
Exemplo n.º 3
0
 /**
  * Try to authenticate the user making this request, based on the specified login configuration.
  *
  * Return TRUE if any specified constraint has been satisfied, or FALSE if we have created a response
  * challenge already.
  *
  * @param \AppserverIo\Psr\Servlet\Http\HttpServletRequestInterface  $servletRequest  The servlet request instance
  * @param \AppserverIo\Psr\Servlet\Http\HttpServletResponseInterface $servletResponse The servlet response instance
  *
  * @return boolean TRUE if authentication has already been processed on a request before, else FALSE
  * @throws \AppserverIo\Http\Authentication\AuthenticationException Is thrown if the request can't be authenticated
  */
 public function authenticate(HttpServletRequestInterface $servletRequest, HttpServletResponseInterface $servletResponse)
 {
     // check if auth header is not set in coming request headers
     if ($servletRequest->hasHeader(Protocol::HEADER_AUTHORIZATION) === false) {
         // stop processing immediately
         $servletRequest->setDispatched(true);
         $servletResponse->setStatusCode(401);
         $servletResponse->addHeader(Protocol::HEADER_WWW_AUTHENTICATE, $this->getAuthenticateHeader());
         return false;
     }
     // load the raw login credentials
     $rawAuthData = $servletRequest->getHeader(Protocol::HEADER_AUTHORIZATION);
     // set auth hash got from auth data request header and check if username and password has been passed
     if (strstr($credentials = base64_decode(trim(strstr($rawAuthData, " "))), ':') === false) {
         // stop processing immediately
         $servletRequest->setDispatched(true);
         $servletResponse->setStatusCode(401);
         $servletResponse->addHeader(Protocol::HEADER_WWW_AUTHENTICATE, $this->getAuthenticateHeader());
         return false;
     }
     // get out username and password
     list($username, $password) = explode(':', $credentials);
     // query whether or not a username and a password has been passed
     if ($password === null || $username === null) {
         // stop processing immediately
         $servletRequest->setDispatched(true);
         $servletResponse->setStatusCode(401);
         $servletResponse->addHeader(Protocol::HEADER_WWW_AUTHENTICATE, $this->getAuthenticateHeader());
         return false;
     }
     // set username and password
     $this->username = new String($username);
     $this->password = new String($password);
     // load the realm to authenticate this request for
     /** @var AppserverIo\Appserver\ServletEngine\Security\RealmInterface $realm */
     $realm = $this->getAuthenticationManager()->getRealm($this->getRealmName());
     // authenticate the request and initialize the user principal
     $userPrincipal = $realm->authenticate($this->getUsername(), $this->getPassword());
     // query whether or not the realm returned an authenticated user principal
     if ($userPrincipal == null) {
         // stop processing immediately
         $servletRequest->setDispatched(true);
         $servletResponse->setStatusCode(401);
         $servletResponse->setBodyStream('Unauthorized');
         $servletResponse->addHeader(Protocol::HEADER_WWW_AUTHENTICATE, $this->getAuthenticateHeader());
         return false;
     }
     // add the user principal and the authentication type to the request
     $servletRequest->setUserPrincipal($userPrincipal);
     $servletRequest->setAuthType($this->getAuthType());
     return true;
 }
Exemplo n.º 4
0
 /**
  * Encodes the request using the configured encoding method, e. g. JSON.
  *
  * @param \AppserverIo\Psr\Servlet\Http\HttpServletRequestInterface  $servletRequest  The request instance
  * @param \AppserverIo\Psr\Servlet\Http\HttpServletResponseInterface $servletResponse The response instance
  *
  * @return void
  */
 public function encode(HttpServletRequestInterface $servletRequest, HttpServletResponseInterface $servletResponse)
 {
     // load the servlet response status code
     $statusCode = $servletResponse->getStatusCode();
     // load the result to be encoded, but only if we've NO redirect response (response code 300 - 399)
     if (($statusCode < 299 || $statusCode > 399) && ($result = $servletRequest->getAttribute(RequestKeys::RESULT))) {
         // encode the result with the configured encoder
         $viewData = $this->getEncodingHandler()->encode($result);
         // add the header for the content type and append the encoded content
         $servletResponse->addHeader(HttpProtocol::HEADER_CONTENT_TYPE, $viewData->getContentType());
         $servletResponse->appendBodyStream($viewData->getData());
     }
 }
 /**
  * Processes the request by invoking the request handler that executes the servlet
  * in a protected context.
  *
  * @param \AppserverIo\Psr\Servlet\Http\HttpServletRequestInterface  $servletRequest  The request instance
  * @param \AppserverIo\Psr\Servlet\Http\HttpServletResponseInterface $servletResponse The response instance
  *
  * @return void
  */
 public function invoke(HttpServletRequestInterface $servletRequest, HttpServletResponseInterface $servletResponse)
 {
     try {
         // unpack the remote method call
         $remoteMethod = RemoteMethodProtocol::unpack($servletRequest->getBodyContent());
         // load the application context
         /** @var \AppserverIo\Appserver\Application\Application $application */
         $application = $servletRequest->getContext();
         // invoke the remote method and re-attach the bean instance to the container
         $response = $application->search(BeanContextInterface::IDENTIFIER)->invoke($remoteMethod, new ArrayList());
         // serialize the remote method and write it to the socket
         $servletResponse->appendBodyStream(RemoteMethodProtocol::pack($response));
     } catch (\Exception $e) {
         // catch the exception and append it to the body stream
         $servletResponse->appendBodyStream(RemoteMethodProtocol::pack(RemoteExceptionWrapper::factory($e)));
     }
     // finally dispatch this request, because we have finished processing it
     $servletRequest->setDispatched(true);
 }
Exemplo n.º 6
0
 /**
  * Forward's the request to the configured error page.
  *
  * @param \AppserverIo\Psr\Servlet\Http\HttpServletRequestInterface  $servletRequest  The servlet request instance
  * @param \AppserverIo\Psr\Servlet\Http\HttpServletResponseInterface $servletResponse The servlet response instance
  *
  * @return void
  */
 protected function forwardToErrorPage(HttpServletRequestInterface $servletRequest, HttpServletResponseInterface $servletResponse)
 {
     // query whether or not we've an error page configured
     if ($formLoginConfig = $this->getConfigData()->getFormLoginConfig()) {
         if ($formErrorPage = $formLoginConfig->getFormErrorPage()) {
             // initialize the location to redirect to
             $location = $formErrorPage->__toString();
             if ($baseModifier = $servletRequest->getBaseModifier()) {
                 $location = $baseModifier . $location;
             }
             // redirect to the configured error page
             $servletRequest->setDispatched(true);
             $servletResponse->setStatusCode(307);
             $servletResponse->addHeader(Protocol::HEADER_LOCATION, $location);
             return;
         }
     }
     // redirect to the default error page
     $servletRequest->setAttribute(RequestHandlerKeys::ERROR_MESSAGE, 'Please configure a form-error-page when using auth-method \'Form\' in the login-config of your application\'s web.xml');
     $servletRequest->setDispatched(true);
     $servletResponse->setStatusCode(500);
 }
Exemplo n.º 7
0
 /**
  * This method finally handles all PHP and user errors as well as the exceptions that
  * have been thrown through the servlet processing.
  *
  * @param \AppserverIo\Appserver\ServletEngine\RequestHandler        $requestHandler  The request handler instance
  * @param \AppserverIo\Psr\Servlet\Http\HttpServletRequestInterface  $servletRequest  The actual request instance
  * @param \AppserverIo\Psr\Servlet\Http\HttpServletResponseInterface $servletResponse The actual request instance
  *
  * @return void
  */
 public function handleErrors(RequestHandler $requestHandler, HttpServletRequestInterface $servletRequest, HttpServletResponseInterface $servletResponse)
 {
     // return immediately if we don't have any errors
     if (sizeof($errors = $requestHandler->getErrors()) === 0) {
         return;
     }
     // iterate over the errors to process each of them
     foreach ($errors as $error) {
         // prepare the error message
         $message = $this->prepareMessage($error);
         // query whether or not we have to log the error
         if (Boolean::valueOf(new String(ini_get('log_errors')))->booleanValue()) {
             // create a local copy of the application
             if ($application = $servletRequest->getContext()) {
                 // try to load the system logger from the application
                 if ($systemLogger = $application->getLogger(LoggerUtils::SYSTEM)) {
                     $systemLogger->log($this->mapLogLevel($error), $message);
                 }
             }
         }
         // query whether or not, the error has an status code
         if ($statusCode = $error->getStatusCode()) {
             $servletResponse->setStatusCode($statusCode);
         }
     }
     // we add the error to the servlet request
     $servletRequest->setAttribute(RequestHandlerKeys::ERROR_MESSAGES, $errors);
     // we append the the errors to the body stream if display_errors is on
     if (Boolean::valueOf(new String(ini_get('display_errors')))->booleanValue()) {
         $servletResponse->appendBodyStream(implode('<br/>', $errors));
     }
     // query whether or not we've a client or an server error
     if ($servletResponse->getStatusCode() > 399) {
         try {
             // create a local copy of the application
             $application = $servletRequest->getContext();
             // inject the application and servlet response
             $servletRequest->injectResponse($servletResponse);
             $servletRequest->injectContext($application);
             // load the servlet context instance
             $servletManager = $application->search(ServletContextInterface::IDENTIFIER);
             // initialize the request URI for the error page to be rendered
             $requestUri = null;
             // iterate over the configured error pages to find a matching one
             foreach ($servletManager->getErrorPages() as $errorCodePattern => $errorPage) {
                 // query whether or not we found an error page configured for the actual status code
                 if (fnmatch($errorCodePattern, $servletResponse->getStatusCode())) {
                     $requestUri = $errorPage;
                     break;
                 }
             }
             // query whether or not we've an found a configured error page
             if ($requestUri == null) {
                 throw new ServletException(sprintf('Please configure an error page for status code %s', $servletResponse->getStatusCode()));
             }
             // initialize the request URI
             $servletRequest->setRequestUri($requestUri);
             // prepare the request with the new data
             $servletRequest->prepare();
             // reset the body stream to remove content, that has already been appended
             $servletResponse->resetBodyStream();
             // load the servlet path and session-ID
             $servletPath = $servletRequest->getServletPath();
             $sessionId = $servletRequest->getProposedSessionId();
             // load and process the servlet
             $servlet = $servletManager->lookup($servletPath, $sessionId);
             $servlet->service($servletRequest, $servletResponse);
         } catch (\Exception $e) {
             // finally log the exception
             $application->getInitialContext()->getSystemLogger()->critical($e->__toString());
             // append the exception message to the body stream
             $servletResponse->appendBodyStream($e->__toString());
         }
     }
 }
Exemplo n.º 8
0
 /**
  * Tries to load the requested file and adds the content to the response.
  *
  * @param \AppserverIo\Psr\Servlet\Http\HttpServletRequestInterface  $servletRequest  The request instance
  * @param \AppserverIo\Psr\Servlet\Http\HttpServletResponseInterface $servletResponse The response instance
  *
  * @return void
  */
 public function doGet(HttpServletRequestInterface $servletRequest, HttpServletResponseInterface $servletResponse)
 {
     // load \Mage
     $this->load();
     // init globals
     $this->initGlobals($servletRequest);
     // run \Mage and set content
     $servletResponse->appendBodyStream($this->run($servletRequest));
     // add the status code we've caught from the legacy app
     $servletResponse->setStatusCode(appserver_get_http_response_code());
     // add this header to prevent .php request to be cached
     $servletResponse->addHeader(Protocol::HEADER_EXPIRES, '19 Nov 1981 08:52:00 GMT');
     $servletResponse->addHeader(Protocol::HEADER_CACHE_CONTROL, 'no-store, no-cache, must-revalidate, post-check=0, pre-check=0');
     $servletResponse->addHeader(Protocol::HEADER_PRAGMA, 'no-cache');
     // set per default text/html mimetype
     $servletResponse->addHeader(Protocol::HEADER_CONTENT_TYPE, 'text/html');
     // grep headers and set to response object
     foreach (appserver_get_headers(true) as $i => $h) {
         // set headers defined in sapi headers
         $h = explode(':', $h, 2);
         if (isset($h[1])) {
             // load header key and value
             $key = trim($h[0]);
             $value = trim($h[1]);
             // if no status, add the header normally
             if ($key === Protocol::HEADER_STATUS) {
                 // set status by Status header value which is only used by fcgi sapi's normally
                 $servletResponse->setStatusCode($value);
             } elseif ($key === Protocol::HEADER_SET_COOKIE) {
                 $servletResponse->addHeader($key, $value, true);
             } else {
                 $servletResponse->addHeader($key, $value);
             }
         }
     }
 }
Exemplo n.º 9
0
 /**
  * Tries to load the requested vhosts and adds them to the response.
  *
  * @param \AppserverIo\Psr\Servlet\Http\HttpServletRequestInterface  $servletRequest  The request instance
  * @param \AppserverIo\Psr\Servlet\Http\HttpServletResponseInterface $servletResponse The response instance
  *
  * @return void
  * @see \AppserverIo\Psr\Servlet\Http\HttpServlet::doGet()
  *
  * @SWG\Get(
  *   path="/virtualHosts.do",
  *   tags={"virtualHosts"},
  *   summary="List's all virtual hosts",
  *   @SWG\Response(
  *     response=200,
  *     description="A list with the available virtual hosts",
  *     @SWG\Schema(
  *       type="array",
  *       @SWG\Items(ref="#/definitions/VirtualHostOverviewData")
  *     )
  *   ),
  *   @SWG\Response(
  *     response="500",
  *     description="Internal Server Error"
  *   )
  * )
  *
  * @SWG\Get(
  *   path="/virtualHosts.do/{id}",
  *   tags={"virtualHosts"},
  *   summary="Loads the virtual host with the passed ID",
  *   @SWG\Parameter(
  *      name="id",
  *      in="path",
  *      description="The UUID of the virtual host to load",
  *      required=true,
  *      type="string"
  *   ),
  *   @SWG\Response(
  *     response=200,
  *     description="The requested virtual host",
  *     @SWG\Schema(
  *       ref="#/definitions/VirtualHostViewData"
  *     )
  *   ),
  *   @SWG\Response(
  *     response="500",
  *     description="Internal Server Error"
  *   )
  * )
  */
 public function doGet(HttpServletRequestInterface $servletRequest, HttpServletResponseInterface $servletResponse)
 {
     try {
         // load the requested path info, e. g. /api/applications.do/example/
         $pathInfo = trim($servletRequest->getPathInfo(), '/');
         // extract the entity and the ID, if available
         list($id, ) = explode('/', $pathInfo);
         // query whether we've found an ID or not
         if ($id == null) {
             $content = $this->getVirtualHostProcessor()->findAll();
         } else {
             $content = $this->getVirtualHostProcessor()->load($id);
         }
     } catch (\Exception $e) {
         // set error message and status code
         $content = $e->getMessage();
         $servletResponse->setStatusCode(500);
     }
     // add the result to the request
     $servletRequest->setAttribute(RequestKeys::RESULT, $content);
 }
Exemplo n.º 10
0
 /**
  * Dummy action implementation.
  *
  * @param \AppserverIo\Psr\Servlet\Http\HttpServletRequestInterface  $servletRequest  The request instance
  * @param \AppserverIo\Psr\Servlet\Http\HttpServletResponseInterface $servletResponse The response instance
  *
  * @return void
  */
 public function testAction(HttpServletRequestInterface $servletRequest, HttpServletResponseInterface $servletResponse)
 {
     $servletResponse->appendBodyStream($servletRequest->getPathInfo());
 }
Exemplo n.º 11
0
 /**
  * Tries to load the requested thumbnail from the applications WEB-INF directory
  * and adds it to the response.
  *
  * @param \AppserverIo\Psr\Servlet\Http\HttpServletRequestInterface  $servletRequest  The request instance
  * @param \AppserverIo\Psr\Servlet\Http\HttpServletResponseInterface $servletResponse The response instance
  *
  * @return void
  * @see \AppserverIo\Psr\Servlet\Http\HttpServlet::doGet()
  *
  * @SWG\Get(
  *   path="/thumbnails.do/{id}",
  *   tags={"applications"},
  *   summary="The application's thumbnail",
  *   produces={"image/png"},
  *   @SWG\Parameter(
  *      name="id",
  *      in="path",
  *      description="The name of the application to load the thumbnail for",
  *      required=true,
  *      type="string"
  *   ),
  *   @SWG\Response(
  *     response=200,
  *     description="The application's thumbnail"
  *   ),
  *   @SWG\Response(
  *     response=500,
  *     description="Internal Server Error"
  *   )
  * )
  */
 public function doGet(HttpServletRequestInterface $servletRequest, HttpServletResponseInterface $servletResponse)
 {
     // load the requested path info, e. g. /api/thumbnails.do/example/
     $pathInfo = trim($servletRequest->getPathInfo(), '/');
     // extract the entity and the ID, if available
     list($id, ) = explode('/', $pathInfo);
     // load file information and return the file object if possible
     $fileInfo = new \SplFileInfo($path = $this->getApplicationProcessor()->thumbnail($id));
     if ($fileInfo->isDir()) {
         throw new FoundDirInsteadOfFileException(sprintf("Requested file %s is a directory", $path));
     }
     if ($fileInfo->isFile() === false) {
         throw new FileNotFoundException(sprintf('File %s not not found', $path));
     }
     if ($fileInfo->isReadable() === false) {
         throw new FileNotReadableException(sprintf('File %s is not readable', $path));
     }
     // open the file itself
     $file = $fileInfo->openFile();
     // set mimetypes to header
     $servletResponse->addHeader(HttpProtocol::HEADER_CONTENT_TYPE, MimeTypes::getMimeTypeByExtension(pathinfo($file->getFilename(), PATHINFO_EXTENSION)));
     // set last modified date from file
     $servletResponse->addHeader(HttpProtocol::HEADER_LAST_MODIFIED, gmdate('D, d M Y H:i:s \\G\\M\\T', $file->getMTime()));
     // set expires date
     $servletResponse->addHeader(HttpProtocol::HEADER_EXPIRES, gmdate('D, d M Y H:i:s \\G\\M\\T', time() + 3600));
     // check if If-Modified-Since header info is set
     if ($servletRequest->getHeader(HttpProtocol::HEADER_IF_MODIFIED_SINCE)) {
         // check if file is modified since header given header date
         if (strtotime($servletRequest->getHeader(HttpProtocol::HEADER_IF_MODIFIED_SINCE)) >= $file->getMTime()) {
             // send 304 Not Modified Header information without content
             $servletResponse->addHeader(HttpProtocol::HEADER_STATUS, 'HTTP/1.1 304 Not Modified');
             $servletResponse->appendBodyStream(PHP_EOL);
             return;
         }
     }
     // add the thumbnail as response content
     $servletResponse->appendBodyStream(file_get_contents($file->getRealPath()));
 }
 public function prepareResponse(HttpServletRequestInterface $servletRequest, HttpServletResponseInterface $servletResponse)
 {
     error_log("Now in " . __METHOD__ . " handling request " . $servletRequest->getUri());
     // load the session and persist the data from $_SESSION
     $session = $servletRequest->getSession();
     if ($session != null && isset($_SESSION)) {
         foreach ($_SESSION as $namespace => $data) {
             if ($namespace !== 'identifier') {
                 error_log("Now add data for session {$session->getId()} and namespace {$namespace}: " . PHP_EOL . var_export($data, true));
                 $session->putData($namespace, $data);
             }
         }
     }
     // add the status code we've caught from the legacy app
     $servletResponse->setStatusCode(appserver_get_http_response_code());
     // add this header to prevent .php request to be cached
     $servletResponse->addHeader(Protocol::HEADER_EXPIRES, '19 Nov 1981 08:52:00 GMT');
     $servletResponse->addHeader(Protocol::HEADER_CACHE_CONTROL, 'no-store, no-cache, must-revalidate, post-check=0, pre-check=0');
     $servletResponse->addHeader(Protocol::HEADER_PRAGMA, 'no-cache');
     // set per default text/html mimetype
     $servletResponse->addHeader(Protocol::HEADER_CONTENT_TYPE, 'text/html');
     error_log("============= RESPONSE before appserver_get_headers(true) =================");
     error_log(var_export($servletResponse, true));
     // grep headers and set to response object
     foreach (appserver_get_headers(true) as $i => $h) {
         // set headers defined in sapi headers
         $h = explode(':', $h, 2);
         if (isset($h[1])) {
             // load header key and value
             $key = trim($h[0]);
             $value = trim($h[1]);
             // if no status, add the header normally
             if ($key === Protocol::HEADER_STATUS) {
                 // set status by Status header value which is only used by fcgi sapi's normally
                 $servletResponse->setStatus($value);
             } elseif ($key === Protocol::HEADER_SET_COOKIE) {
                 $servletResponse->addHeader($key, $value, true);
             } else {
                 $servletResponse->addHeader($key, $value);
             }
         }
     }
     error_log("============= RESPONSE after appserver_get_headers(true) =================");
     error_log(var_export($servletResponse, true));
 }