From: Mathieu Baudier Date: Wed, 25 Feb 2015 17:53:26 +0000 (+0000) Subject: Intercept client certificate X-Git-Tag: argeo-commons-2.1.30~324 X-Git-Url: https://git.argeo.org/?a=commitdiff_plain;h=9417e33dda6b8987312a89ca44cdb2f511f04050;p=lgpl%2Fargeo-commons.git Intercept client certificate git-svn-id: https://svn.argeo.org/commons/trunk@7955 4cfe0d0a-d680-48aa-b62c-e0a02a3f76cc --- diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeHttp.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeHttp.java index cbad27154..418771d98 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeHttp.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeHttp.java @@ -3,6 +3,7 @@ package org.argeo.cms.internal.kernel; import static org.argeo.jackrabbit.servlet.WebdavServlet.INIT_PARAM_RESOURCE_CONFIG; import java.io.IOException; +import java.security.cert.X509Certificate; import java.util.Enumeration; import java.util.Properties; import java.util.StringTokenizer; @@ -175,25 +176,19 @@ class NodeHttp implements KernelConstants, ArgeoJcrConstants { public void doFilter(HttpSession httpSession, HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException { - if (log.isTraceEnabled()) { - log.debug(request.getContextPath()); - log.debug(request.getServletPath()); - log.debug(request.getRequestURI()); - log.debug(request.getQueryString()); - StringBuilder buf = new StringBuilder(); - Enumeration en = request.getHeaderNames(); - while (en.hasMoreElements()) { - String header = en.nextElement(); - Enumeration values = request.getHeaders(header); - while (values.hasMoreElements()) - buf.append(" " + header + ": " + values.nextElement()); - buf.append('\n'); - } - log.debug("\n" + buf); - } + if (log.isTraceEnabled()) + logRequest(request); String servletPath = request.getServletPath(); + // client certificate + X509Certificate clientCert = extractCertificate(request); + if (clientCert != null) { + // TODO authenticate + // if (log.isDebugEnabled()) + // log.debug(clientCert.getSubjectX500Principal().getName()); + } + // skip data if (servletPath.startsWith(PATH_DATA)) { filterChain.doFilter(request, response); @@ -224,6 +219,42 @@ class NodeHttp implements KernelConstants, ArgeoJcrConstants { } } + private void logRequest(HttpServletRequest request) { + log.debug(request.getContextPath()); + log.debug(request.getServletPath()); + log.debug(request.getRequestURI()); + log.debug(request.getQueryString()); + StringBuilder buf = new StringBuilder(); + // headers + Enumeration en = request.getHeaderNames(); + while (en.hasMoreElements()) { + String header = en.nextElement(); + Enumeration values = request.getHeaders(header); + while (values.hasMoreElements()) + buf.append(" " + header + ": " + values.nextElement()); + buf.append('\n'); + } + + // attributed + Enumeration an = request.getAttributeNames(); + while (an.hasMoreElements()) { + String attr = an.nextElement(); + Object value = request.getAttribute(attr); + buf.append(" " + attr + ": " + value); + buf.append('\n'); + } + log.debug("\n" + buf); + } + + private X509Certificate extractCertificate(HttpServletRequest req) { + X509Certificate[] certs = (X509Certificate[]) req + .getAttribute("javax.servlet.request.X509Certificate"); + if (null != certs && certs.length > 0) { + return certs[0]; + } + return null; + } + /** Intercepts all requests. Authenticates. */ private class AnonymousFilter extends HttpFilter { @Override