Changeset 2674
- Timestamp:
- 03/11/13 10:35:08 (11 years ago)
- Location:
- cats/ISOcat/trunk
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
cats/ISOcat/trunk/mod-ISOcat-control-access/control/credentials.js
r2519 r2674 19 19 // first try HTTP Basic authentication 20 20 if (req.argumentExists("Authorization")) { 21 22 23 24 25 21 auth = req.getArgument("Authorization"); 22 auth = auth.replace("data:text/plain,",""); 23 auth = java.net.URLDecoder.decode(auth,"UTF-8"); 24 auth = auth.trim(); 25 if (auth.startsWith("Basic ")) { 26 26 // the shibboleth token password can never come by BASIC authentication 27 27 if (!auth.endsWith(":shib")) { … … 33 33 //java.lang.System.out.println("DBG:credentials.js:auth["+auth+"] without prefix"); 34 34 cred = auth; 35 36 37 35 subreq.addArgument("credentials","data:text/plain,"+java.net.URLEncoder.encode(cred,"UTF-8")); 36 } 37 } 38 38 } 39 39 40 40 // try Shibboleth EPPN authentication 41 41 if ((req.argumentExists("eduPersonPrincipalName"))) { 42 var auth = req.getArgument("eduPersonPrincipalName"); 43 auth = auth.replace("data:text/plain,",""); 44 //java.lang.System.out.println("DBG:credentials.js:principal["+auth+"]"); 45 if (auth != "") { 46 shib = auth; 47 } 42 var auth = req.getArgument("eduPersonPrincipalName"); 43 auth = auth.replace("data:text/plain,",""); 44 //java.lang.System.out.println("DBG:credentials.js:principal["+auth+"]"); 45 if (auth != "") { 46 shib = auth; 47 } 48 } 49 50 // if no principal yet, try Shibboleth EPTID authentication 51 if (shib == null) { 52 if ((req.argumentExists("eduPersonTargetedID"))) { 53 var auth = req.getArgument("eduPersonTargetedID"); 54 auth = auth.replace("data:text/plain,",""); 55 //java.lang.System.out.println("DBG:credentials.js:principal["+auth+"]"); 56 if (auth != "") { 57 shib = auth; 58 } 59 } 48 60 } 49 61 … … 76 88 //java.lang.System.out.println("DBG:credentials.js:tokres["+tokres+"]"); 77 89 if (tokres != "") { 78 90 shib = tokres; 79 91 } 80 92 } 81 82 83 84 93 } 94 } 95 } 96 } 85 97 } 86 98 } 87 99 88 100 //java.lang.System.out.println("DBG:credentials.js:principal["+shib+"]"); 101 if (shib == null) { 102 subreq.addArgument("principal","data:text/plain,"+java.net.URLEncoder.encode(shib,"UTF-8")); 103 } 89 104 90 105 // if no credentials but the principal is known, try to resolve principal to credentials 91 106 if ((cred == null) && (shib != null)) { 92 subreq.addArgument("principal","data:text/plain,"+java.net.URLEncoder.encode(shib,"UTF-8"));93 107 // request the credentials for the principal 94 108 var credreq = context.createSubRequest(); 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 109 credreq.setURI("active:ISOcat.manage.access.shibboleth"); 110 credreq.addArgument("principal","data:text/plain,"+java.net.URLEncoder.encode(shib,"UTF-8")); 111 credreq.setAspectClass(DOMXDAAspect); 112 auth = context.issueSubRequest(credreq); 113 if (auth != null) { 114 //java.lang.System.out.println("DBG:credentials.js:cred["+auth.getAspects()+"]"); 115 if (auth.hasAspect(DOMXDAAspect)) { 116 auth = auth.getAspect(DOMXDAAspect); 117 //java.lang.System.out.println("DBG:credentials.js:XDA["+auth+"]"); 118 if (auth != null) { 119 auth = auth.getXDA(); 120 if (auth.isTrue("/string")) { 121 auth = auth.getText("/string",true); 122 //java.lang.System.out.println("DBG:credentials.js:auth["+auth+"]"); 123 cred = auth; 124 subreq.addArgument("credentials","data:text/plain,"+java.net.URLEncoder.encode(cred,"UTF-8")); 125 } //else 126 //java.lang.System.out.println("ERR:credentials.js:cred["+cred+"] has no <string/> envelop"); 127 } //else 128 //java.lang.System.out.println("ERR:credentials.js:cred["+cred+"] has NULL DOMXDAAspect"); 129 } //else 130 //java.lang.System.out.println("ERR:credentials.js:cred["+cred+"] has no DOMXDAAspect"); 117 131 } //else 118 132 //java.lang.System.out.println("ERR:credentials.js:auth is NULL"); 119 133 } 120 134 121 java.lang.System.out.println("DBG:credentials.js:authorization credentials["+cred+"]");122 java.lang.System.out.println("DBG:credentials.js:shiboleth principal["+shib+"]");135 //java.lang.System.out.println("DBG:credentials.js:authorization credentials["+cred+"]"); 136 //java.lang.System.out.println("DBG:credentials.js:shiboleth principal["+shib+"]"); 123 137 124 138 for(iter = req.getArguments(); iter.hasNext(); ) { 125 arg = iter.next(); 126 if (arg.equals("Authorization")) { 127 continue; 128 } else if (arg.equals("eduPersonPrincipalName")) { 129 continue; 130 } else if (arg.equals("principal")) { 131 continue; 132 } else if (arg.equals("uri")) { 133 continue; 134 } else if (arg.equals("operator")) { 135 continue; 136 } else { 137 //java.lang.System.out.println("DBG:credentials.js:arg["+arg+"]"); 138 argURI = req.getArgument(arg); 139 if (argURI != null) { 140 //java.lang.System.out.println("DBG:credentials.js:arg["+arg+"]["+argURI+"]"); 141 argValue = req.getArgumentValue(argURI); 142 //java.lang.System.out.println("DBG:credentials.js:arg["+arg+"]["+argURI+"]["+argValue+"]"); 143 if (argValue != null) { 144 //java.lang.System.out.println("DBG:credentials.js:arg["+arg+"]["+argValue+"] value"); 145 subreq.addArgument(arg,argValue); 146 //} else if (argURI.startsWith("data:text/plain,")) { 147 // var val = java.net.URLEncoder.encode(argURI.replaceFirst("data:text/plain,",""),"UTF-8"); 148 // val = val.replace("\+","%20");// we don't want + to escape spaces but %20, as + has a special meaning in an active URI 149 // java.lang.System.out.println("DBG:credentials.js:arg["+arg+"]["+argURI+"][data:text/plain,"+val+"] encoded URI"); 150 // subreq.addArgument(arg,"data:text/plain,"+val); 151 } else { 152 //java.lang.System.out.println("DBG:credentials.js:arg["+arg+"]["+argURI+"] URI"); 153 subreq.addArgument(arg,argURI); 154 } 155 }// else 156 // java.lang.System.out.println("DBG:credentials.js:arg["+arg+"] null"); 157 } 139 arg = iter.next(); 140 if (arg.equals("Authorization")) { 141 continue; 142 } else if (arg.equals("eduPersonPrincipalName")) { 143 continue; 144 } else if (arg.equals("eduPersonTargetedID")) { 145 continue; 146 } else if (arg.equals("principal")) { 147 continue; 148 } else if (arg.equals("uri")) { 149 continue; 150 } else if (arg.equals("operator")) { 151 continue; 152 } else { 153 //java.lang.System.out.println("DBG:credentials.js:arg["+arg+"]"); 154 argURI = req.getArgument(arg); 155 if (argURI != null) { 156 //java.lang.System.out.println("DBG:credentials.js:arg["+arg+"]["+argURI+"]"); 157 argValue = req.getArgumentValue(argURI); 158 //java.lang.System.out.println("DBG:credentials.js:arg["+arg+"]["+argURI+"]["+argValue+"]"); 159 if (argValue != null) { 160 //java.lang.System.out.println("DBG:credentials.js:arg["+arg+"]["+argValue+"] value"); 161 subreq.addArgument(arg,argValue); 162 //} else if (argURI.startsWith("data:text/plain,")) { 163 // var val = java.net.URLEncoder.encode(argURI.replaceFirst("data:text/plain,",""),"UTF-8"); 164 // val = val.replace("\+","%20");// we don't want + to escape spaces but %20, as + has a special meaning in an active URI 165 // java.lang.System.out.println("DBG:credentials.js:arg["+arg+"]["+argURI+"][data:text/plain,"+val+"] encoded URI"); 166 // subreq.addArgument(arg,"data:text/plain,"+val); 167 } else { 168 //java.lang.System.out.println("DBG:credentials.js:arg["+arg+"]["+argURI+"] URI"); 169 subreq.addArgument(arg,argURI); 170 } 171 }// else 172 // java.lang.System.out.println("DBG:credentials.js:arg["+arg+"] null"); 173 } 158 174 } 159 175 -
cats/ISOcat/trunk/mod-ISOcat-interface-rest/etc/HTTPBridgeConfig.xml
r2029 r2674 5 5 <passMethod/> 6 6 <passCookies/> 7 <passHeaders>User-Agent X-Forwarded-For Referer Authorization Accept eduPersonPrincipalName </passHeaders>7 <passHeaders>User-Agent X-Forwarded-For Referer Authorization Accept eduPersonPrincipalName eduPersonTargetedID</passHeaders> 8 8 <passRemoteHost/> 9 9 <passByURI/>
Note: See TracChangeset
for help on using the changeset viewer.