[Neuclear-develop] neuclear-id/src/java/org/neuclear/id/auth AuthenticationFilter.java,NONE,1.1 AuthenticationServlet.java,NONE,1.1 AuthenticationTicket.java,NONE,1.1 DemoAuthenticationServlet.java,NONE,1.1

[<pe...@us...>]

Update of /cvsroot/neuclear/neuclear-id/src/java/org/neuclear/id/auth
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv1482/src/java/org/neuclear/id/auth

Added Files:
	AuthenticationFilter.java AuthenticationServlet.java 
	AuthenticationTicket.java DemoAuthenticationServlet.java 
Log Message:
Further cleanups in neuclear-id. Moved everything under id.

--- NEW FILE: AuthenticationFilter.java ---
package org.neuclear.id.auth;

import org.neuclear.commons.Utility;
import org.neuclear.commons.crypto.Base64;
import org.neuclear.id.Identity;
import org.neuclear.id.SignedNamedObject;
import org.neuclear.id.verifier.VerifyingReader;

import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpSession;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.Principal;

/*
NeuClear Distributed Transaction Clearing Platform
(C) 2003 Pelle Braendgaard

This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.

This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
Lesser General Public License for more details.

You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

$Id: AuthenticationFilter.java,v 1.1 2004/03/02 18:59:10 pelle Exp $
$Log: AuthenticationFilter.java,v $
Revision 1.1  2004/03/02 18:59:10  pelle
Further cleanups in neuclear-id. Moved everything under id.

Revision 1.2  2003/11/21 04:45:10  pelle
EncryptedFileStore now works. It uses the PBECipher with DES3 afair.
Otherwise You will Finaliate.
Anything that can be final has been made final throughout everyting. We've used IDEA's Inspector tool to find all instance of variables that could be final.
This should hopefully make everything more stable (and secure).

Revision 1.1  2003/11/15 01:58:16  pelle
More work all around on web applications.

*/

/**
 * User: pelleb
 * Date: Nov 14, 2003
 * Time: 3:56:48 PM
 */
public final class AuthenticationFilter implements Filter {
    public final void init(final FilterConfig filterConfig) throws ServletException {
        serviceid = filterConfig.getInitParameter("serviceid");
        ctx = filterConfig.getServletContext();
        ctx.log("AUTH: Starting AuthenticationFilter");

    }

    public final void doFilter(ServletRequest request, final ServletResponse response, final FilterChain chain) throws IOException, ServletException {
        final HttpSession sess = ((HttpServletRequest) request).getSession(true);
        ctx.log("AUTH: Filtering request: " + ((HttpServletRequest) request).getServletPath());

        if (!Utility.isEmpty(request.getParameter("logout"))) {
            ctx.log("AUTH: Logging out");
            sess.removeAttribute("NeuClearAuthTicket");
        }
        try {
            AuthenticationTicket ticket = null;
            final String reqstring = request.getParameter("neuclear-request");
            if (!Utility.isEmpty(reqstring)) {
                ctx.log("AUTH: Got neuclear-request");

                final SignedNamedObject obj = VerifyingReader.getInstance().read(new ByteArrayInputStream(Base64.decode(reqstring)));
                if (obj instanceof AuthenticationTicket) {
                    ticket = (AuthenticationTicket) obj;
                    sess.setAttribute("NeuClearAuthTicket", ticket);
                }
            } else {
                ticket = (AuthenticationTicket) sess.getAttribute("NeuClearAuthTicket");
            }
            if (ticket != null) {
                final Identity user = ticket.getSignatory();
                request = new HttpServletRequestWrapper((HttpServletRequest) request) {
                    public String getRemoteUser() {
                        return user.getName();    //To change body of overriden methods use Options | File Templates.
                    }

                    public Principal getUserPrincipal() {
                        return user;    //To change body of overriden methods use Options | File Templates.
                    }
                };
                ctx.log("AUTH: logged in:" + user.getName());
            }
        } catch (Exception e) {
            ctx.log("AUTH: " + e.getLocalizedMessage());// The errors arent important we ignore them
        }
        chain.doFilter(request, response);

    }

    public final void destroy() {

    }

    private String serviceid;
    private ServletContext ctx;
}

--- NEW FILE: AuthenticationServlet.java ---
package org.neuclear.id.auth;

import org.neuclear.commons.NeuClearException;
import org.neuclear.commons.Utility;
import org.neuclear.commons.crypto.signers.*;
import org.neuclear.commons.crypto.passphraseagents.*;
import org.neuclear.commons.crypto.CryptoTools;
import org.neuclear.commons.servlets.ServletTools;
import org.neuclear.id.builders.AuthenticationTicketBuilder;
import org.neuclear.id.builders.SignatureRequestBuilder;
import org.neuclear.id.builders.Builder;
import org.neuclear.id.resolver.NSResolver;
import org.neuclear.id.Identity;
import org.neuclear.id.InvalidNamedObjectException;
import org.neuclear.xml.XMLException;
import org.neuclear.xml.xmlsec.XMLSecTools;
import org.neuclear.xml.xmlsec.XMLSecurityException;
import org.neuclear.id.signers.SignatureRequestServlet;

import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.io.FileNotFoundException;
import java.security.GeneralSecurityException;

/*
NeuClear Distributed Transaction Clearing Platform
(C) 2003 Pelle Braendgaard

This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.

This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
Lesser General Public License for more details.

You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

$Id: AuthenticationServlet.java,v 1.1 2004/03/02 18:59:10 pelle Exp $
$Log: AuthenticationServlet.java,v $
Revision 1.1  2004/03/02 18:59:10  pelle
Further cleanups in neuclear-id. Moved everything under id.

Revision 1.13  2004/01/12 22:39:26  pelle
Completed all the builders and contracts.
Added a new abstract Value class to contain either an amount or a list of serial numbers.
Now ready to finish off the AssetControllers.

Revision 1.12  2003/12/17 23:53:50  pelle
Added SignatureRequestServlet which is abstract and can be used for building SignatureRequests for various applications.

Revision 1.11  2003/12/16 15:04:59  pelle
Added SignedMessage contract for signing simple textual contracts.
Added NeuSender, updated SmtpSender and Sender to take plain email addresses (without the mailto:)
Added AbstractObjectCreationTest to make it quicker to write unit tests to verify
NamedObjectBuilder/SignedNamedObject Pairs.
Sample application has been expanded with a basic email application.
Updated docs for sample web app.
Added missing LGPL LICENSE.txt files to signer and sample app

Revision 1.10  2003/12/15 23:33:04  pelle
added ServletTools.getInitParam() which first tries the ServletConfig, then the context config.
All the web.xml's have been updated to support this. Also various further generalizations have been done throughout
for getServiceid(), getTitle(), getSigner()

Revision 1.9  2003/12/14 20:53:04  pelle
Added ServletPassPhraseAgent which uses ThreadLocal to transfer the passphrase to the signer.
Added ServletSignerFactory, which builds Signers for use within servlets based on parameters in the Servlets
Init parameters in web.xml
Updated SQLContext to use ThreadLocal
Added jakarta cactus unit tests to neuclear-commons to test the 2 new features above.
Added use of the new features in neuclear-commons to the servilets within neuclear-id and added
configuration parameters in web.xml

Revision 1.7  2003/12/10 23:58:51  pelle
Did some cleaning up in the builders
Fixed some stuff in IdentityCreator
New maven goal to create executable jarapp
We are close to 0.8 final of ID, 0.11 final of XMLSIG and 0.5 of commons.
Will release shortly.

Revision 1.6  2003/11/21 04:45:10  pelle
EncryptedFileStore now works. It uses the PBECipher with DES3 afair.
Otherwise You will Finaliate.
Anything that can be final has been made final throughout everyting. We've used IDEA's Inspector tool to find all instance of variables that could be final.
This should hopefully make everything more stable (and secure).

Revision 1.5  2003/11/18 23:35:45  pelle
Payment Web Application is getting there.

Revision 1.4  2003/11/15 01:58:16  pelle
More work all around on web applications.

Revision 1.3  2003/11/12 23:48:14  pelle
Much work done in creating good test environment.
PaymentReceiverTest works, but needs a abit more work in its environment to succeed testing.

Revision 1.2  2003/11/11 21:18:42  pelle
Further vital reshuffling.
org.neudist.crypto.* and org.neudist.utils.* have been moved to respective areas under org.neuclear.commons
org.neuclear.signers.* as well as org.neuclear.passphraseagents have been moved under org.neuclear.commons.crypto as well.
Did a bit of work on the Canonicalizer and changed a few other minor bits.

Revision 1.1  2003/11/06 20:01:52  pelle
Implemented AuthenticationTicket and friends to comply with the newer model.
Created SignatureRequest and friends to receive unsigned NamedObjectBuilders to interactive signing services.

*/

/**
 * User: pelleb
 * Date: Nov 6, 2003
 * Time: 2:04:31 PM
 */
public class AuthenticationServlet extends SignatureRequestServlet {

    protected Builder createBuilder(final HttpServletRequest request) throws NeuClearException {
        final String userns = request.getParameter("identity");
        request.getSession(true).setAttribute("auth", userns);
        return new AuthenticationTicketBuilder(userns, getServiceid(), request.getRequestURI());
    }

}

--- NEW FILE: AuthenticationTicket.java ---
/*
 * Created by IntelliJ IDEA.
 * User: pelleb
 * Date: Sep 14, 2002
 * Time: 1:13:38 PM
 * To change template for new class use 
 * Code Style | Class Templates options (Tools | IDE Options).
 */
package org.neuclear.id.auth;

import org.dom4j.DocumentHelper;
import org.dom4j.Element;
import org.dom4j.Namespace;
import org.dom4j.QName;
import org.neuclear.commons.NeuClearException;
import org.neuclear.commons.Utility;
import org.neuclear.commons.time.TimeTools;
import org.neuclear.id.*;
import org.neuclear.xml.xmlsec.XMLSecurityException;

import java.sql.Timestamp;
import java.text.ParseException;

/**
 * This Authentication Ticket is used by websites to authenticate a user.
 * It generates a unique Name in the users Identity, which the user then signs.
 */
public final class AuthenticationTicket extends SignedNamedObject {
    /**
     * <p>Used by a website to create an authentication ticket for validation.</p>
     * <p>Eg.:<br>
     * <tt>SignedNamedObject ticket=new AuthenticationTicket("neu://test/bob","neu://site/neubay",36000,"http://neubay.com");</tt><br>
     * Would give you a namedobject containing the following xml:<br>
     * <pre>&lt;auth:AuthenticationTicket xmlns:auth="http://neuclear.org/neu/auth" xmlns:nsdl="http://neuclear.org/neu/nsdl" nsdl:name="/test/two/neu.testapp.-2o1qkqrvxyesyt7dae22ulvp56eju30zyys5t6nxjjie2gw3qq" auth:validto="20021002T084919848GMT+00:00" auth:href="http://localhost:8080/neuclearframework/"&gt;
     * &lt;/auth:AuthenticationTicket&gt;
     * </pre>
     * 
     * @param core
     * @param requester
     * @param validto   
     * @param siteurl   
     */
    private AuthenticationTicket(final SignedNamedCore core, final String requester, final Timestamp validto, final String siteurl)  {
        super(core);
        this.validTo = validto.getTime();
        this.siteurl = siteurl;
        this.requester = requester;

    }


    /**
     * Get the end time of the validity of the ticket
     * 
     * @return Timestamp object containing the end time of the ticket
     * @throws NeuClearException 
     */
    public final Timestamp getValidTo() throws NeuClearException {
        return new Timestamp(validTo);
    }

    /**
     * The Site URL of the site requesting authentication.
     * 
     * @return the URL or null if unavailable.
     */
    public final String getSiteHref() {
        return siteurl;
    }

    public final static class Reader implements NamedObjectReader {
        /**
         * Read object from Element and fill in its details
         * 
         * @param elem 
         * @return 
         */
        public final SignedNamedObject read(final SignedNamedCore core, final Element elem) throws InvalidNamedObjectException {
            final QName qelem=DocumentHelper.createQName(TAG_NAME,NS_NSAUTH);
            InvalidNamedObjectException.assertElementQName(core,elem,qelem);
            final QName qreq = DocumentHelper.createQName("requester", NS_NSAUTH);
            final String requester = InvalidNamedObjectException.assertAttributeQName(core,elem,qreq);
            final QName qsite = DocumentHelper.createQName("sitehref", NS_NSAUTH);
            final String sitehref = InvalidNamedObjectException.assertAttributeQName(core,elem,qsite);
            try {
                final QName qtime = DocumentHelper.createQName("validto", NS_NSAUTH);
                final Timestamp validto = TimeTools.parseTimeStamp(InvalidNamedObjectException.assertAttributeQName(core,elem,qtime));
                return new AuthenticationTicket(core, requester, validto, sitehref);
            } catch (ParseException e) {
                throw new InvalidNamedObjectException(core.getName(),e.getLocalizedMessage());
            }
        }

    }

    private final String requester;
    private final String siteurl;
    private final long validTo;
    public static final String TAG_NAME = "AuthenticationTicket";
    public static final String URI_NSAUTH = "http://neuclear.org/neu/auth";
    public static final Namespace NS_NSAUTH = DocumentHelper.createNamespace("auth", URI_NSAUTH);
}

--- NEW FILE: DemoAuthenticationServlet.java ---
package org.neuclear.id.auth;

import org.neuclear.commons.crypto.signers.Signer;
import org.neuclear.commons.crypto.signers.TestCaseSigner;
import org.neuclear.commons.NeuClearException;

import javax.servlet.ServletConfig;
import java.io.FileNotFoundException;
import java.security.GeneralSecurityException;

/**
 * Created by IntelliJ IDEA.
 * User: pelleb
 * Date: Dec 12, 2003
 * Time: 9:17:38 PM
 * To change this template use Options | File Templates.
 */
public class DemoAuthenticationServlet extends AuthenticationServlet{
    protected Signer createSigner(ServletConfig config) throws FileNotFoundException, GeneralSecurityException, NeuClearException {
        return new TestCaseSigner();
    }
}