Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Servlet filter revert #13

Merged
merged 2 commits into from
Nov 28, 2018
Merged

Servlet filter revert #13

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
0fc40ec
Revert "Change Tomcat Valve to servlet Filter (#11)"
dannylamb Nov 28, 2018
e5f235e
Version bump so it gets the right number this time
dannylamb Nov 28, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
55 changes: 35 additions & 20 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@

## Description

A ServletFilter that authenticates the JWT tokens created by Islandora in order to provide sessionless Authentication for Fedora4. Named after the Norse goddess [Syn](https://en.wikipedia.org/wiki/Syn_(goddess)).
A valve for Tomcat8 that authenticates the JWT tokens created by Islandora in order to provide sessionless Authentication for Fedora4. Named after the Norse goddess [Syn](https://en.wikipedia.org/wiki/Syn_(goddess)).

## Building

Expand All @@ -15,39 +15,54 @@ This project requires Java 8 and can be built with [Gradle](https://gradle.org).
## Installing

### Copy Syn JAR
Copy the JAR that was built above from `build/libs/islandora-syn-X.X.X-all.jar` and place into `$TOMCAT_HOME/lib` directory or the individual webapps `WEB-INF/lib` directory. Can be found in Ubuntu at: `/var/lib/tomcat8/lib/`. Note that this JAR is built to contain all the dependancies.
Copy the JAR that was built above from `build/libs/islandora-syn-X.X.X-all.jar` and place into `$TOMCAT_HOME/lib` directory. Can be found in Ubuntu at: `/var/lib/tomcat8/lib/`. Note that this JAR is built to contain all the dependancies.

### Register Filter
Now register the filter in web applications' `web.xml` file by adding something like.
### Register Valve
Now register the valve in Tomcat configuration file.
In Ubuntu this file is located at: `/var/lib/tomcat8/conf/context.xml`

```xml
<filter>
<filter-name>SynFilter</filter-name>
<filter-class>ca.islandora.syn.valve.SynFilter</filter-class>
<init-param>
<param-name>settings-path</param-name>
<param-value>/var/lib/tomcat8/conf/syn-settings.yml</param-value>
</init-param>
</filter>

<filter-mapping>
<filter-name>SynFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<Valve className="ca.islandora.syn.valve.SynValve"
pathname="conf/syn-settings.xml" />
```

Where the **settings-path** `param-value` is the the location of the settings file.
where:
* ***pathname***: The location of the settings file. Defaults to `$CATALINA_BASE/conf/syn-settings.xml`.

### Enable `security-contraint`
The valve checks if requested url is under **security contraints**. So, valve will activate only if the Fedora4 *web.xml* file contains something like:

```xml
<security-constraint>
<web-resource-collection>
<web-resource-name>Fedora4</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-role>
<role-name>islandora</role-name>
</security-role>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>fcrepo</realm-name>
</login-config>
```

On ubuntu this file can be found at:
`/var/lib/tomcat8/webapps/fcrepo/WEB-INF/web.xml`

### Setup Syn Configuration
Modify the [example configuration](./conf/syn-settings.example.yaml) and move it to: `$CATALINA_BASE/conf/syn-settings.xml`. Then use this path when configuring the application's filter `init-param`s.
Modify the [example configuration](./conf/syn-settings.example.xml) and move it to: `$CATALINA_BASE/conf/syn-settings.xml`.

## Maintainers

* [Jonathan Green](https://github.com/jonathangreen/)
* [Jared Whiklo](https://github.com/whikloj)

## Development

Expand Down
54 changes: 10 additions & 44 deletions build.gradle
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,27 +7,13 @@ apply plugin: 'jacoco'
apply plugin: 'com.github.johnrengelman.shadow'

def projectName = 'islandora-syn'
def projectVersion = '0.1.0'
def projectVersion = '0.3.0'

sourceCompatibility = 1.8
targetCompatibility = 1.8

def tomcatVersion = '8.0.28'

ext {

versions = [
bcprov : '1.56',
jackson : '2.9.2',
javaJwt : '3.1.0',
junit : '4.12',
logback : '1.0.13',
mockito : '2.7.14',
servlet : '3.0.1',
slf4j : '1.7.12'
]
}

checkstyle {
configFile = rootProject.file('gradle/checkstyle/checkstyle.xml')
configProperties.checkstyleConfigDir = rootProject.file('gradle/checkstyle')
Expand All @@ -38,17 +24,15 @@ repositories {
}

dependencies {
compile group: 'com.auth0', name: 'java-jwt', version: versions.javaJwt
compile group: 'org.bouncycastle', name: 'bcprov-jdk15on', version: versions.bcprov
compile group: 'org.slf4j', name: 'slf4j-api', version: versions.slf4j
compile group: 'javax.servlet', name: 'javax.servlet-api', version: versions.servlet
compile group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: versions.jackson
compile group: 'com.fasterxml.jackson.dataformat', name: 'jackson-dataformat-yaml', version: versions.jackson

testRuntime group: 'ch.qos.logback', name: 'logback-classic', version: versions.logback

testCompile group: 'junit', name: 'junit', version: versions.junit
testCompile group: 'org.mockito', name: 'mockito-core', version: versions.mockito
compile group: 'com.auth0', name: 'java-jwt', version:'3.1.0'
compile group: 'org.bouncycastle', name: 'bcprov-jdk15on', version:'1.56'
compileOnly group: 'org.apache.tomcat', name: 'tomcat-catalina', version:tomcatVersion
compileOnly group: 'org.apache.tomcat', name: 'tomcat-coyote', version:tomcatVersion

testCompile group: 'junit', name: 'junit', version:'4.12'
testCompile group: 'org.mockito', name: 'mockito-core', version:'2.7.14'
testCompile group: 'org.apache.tomcat', name: 'tomcat-catalina', version:tomcatVersion
testCompile group: 'org.apache.tomcat', name: 'tomcat-coyote', version:tomcatVersion
}

jacocoTestReport {
Expand All @@ -70,13 +54,6 @@ buildscript {
jar {
baseName = projectName
version = projectVersion
manifest {
attributes("Implementation-Title": baseName,
"Implementation-Version": version,
"Implementation-Vendor": "Islandora",
"Class-Path": configurations.compile.collect { it.getName() }.join(' '))
}

}

shadowJar {
Expand All @@ -85,14 +62,3 @@ shadowJar {
}

assemble.dependsOn(shadowJar);

test {
testLogging {
// Make sure output from
// standard out or error is shown
// in Gradle output.
// showStandardStreams = true
//events 'standard_out'
exceptionFormat = 'full'
}
}
36 changes: 36 additions & 0 deletions conf/syn-settings.example.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
<config version='1'>
<!--
Sites can be specified with a Key inline, or with a reference to a key
stored in a file. Both are shown in examples below.

The encoding parameter depends on what algorithm is chosen.
HS256, HS384, HS512 support: plain and base64.
RS256, RS384, RS512 support: PEM.
-->

<!-- A site with an inline key -->
<site url='http://test.com' algorithm='HS256' encoding='plain'>
my secret key
</site>

<!-- A site with a key stored in a file -->
<site url='http://test2.com' algorithm='HS256' encoding='base64' path='/somewhere/on/filesystem.key'/>

<!-- A site that allows all GET requests -->
<site url='http://test3.com' algorithm='HS256' encoding='plain' anonymous='true'/>

<!--
This is how you specify a default site, which will be chosen if no
other site matches the JWT url claim
-->
<site algorithm='RS256' encoding='PEM' path='/somewhere/on/filesystem.key' default='true'/>

<!--
This lets you specify a master token for testing. This should be used with care, as it gives anyone
with this token unlimited access to your repository.
-->
<token user='test' roles='role1,role2,role3'>
my super secret token
</token>

</config>
43 changes: 0 additions & 43 deletions conf/syn-settings.example.yaml
View file
Open in desktop

This file was deleted.

20 changes: 6 additions & 14 deletions src/main/java/ca/islandora/syn/settings/Config.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,37 +3,29 @@
import java.util.ArrayList;
import java.util.List;

import com.fasterxml.jackson.annotation.JsonSetter;

public class Config {
private int version = -1;
private final List<Site> sites = new ArrayList<>();
private final List<Token> tokens = new ArrayList<>();
private List<Site> sites = new ArrayList<>();
private List<Token> tokens = new ArrayList<>();

@JsonSetter("site")
public void addSite(final Site site) {
this.sites.add(site);
sites.add(site);
}

public List<Site> getSites() {
return this.sites;
return sites;
}

public int getVersion() {
return this.version;
}

public void setVersion(final int version) {
this.version = version;
}

@JsonSetter("token")
public void addToken(final Token token) {
this.tokens.add(token);
tokens.add(token);
}

public List<Token> getTokens() {
return this.tokens;
return tokens;
}

}
Loading