Revert "Change Tomcat Valve to servlet Filter (Islandora#11)"

This reverts commit 9482e95.
dannylamb · Nov 28, 2018 · 0fc40ec · 0fc40ec
1 parent 9482e95
commit 0fc40ec
Show file tree

Hide file tree

Showing 24 changed files with 1,514 additions and 1,805 deletions.
diff --git a/README.md b/README.md
@@ -6,7 +6,7 @@
 
 ## Description
 
-A ServletFilter that authenticates the JWT tokens created by Islandora in order to provide sessionless Authentication for Fedora4. Named after the Norse goddess [Syn](https://en.wikipedia.org/wiki/Syn_(goddess)).
+A valve for Tomcat8 that authenticates the JWT tokens created by Islandora in order to provide sessionless Authentication for Fedora4. Named after the Norse goddess [Syn](https://en.wikipedia.org/wiki/Syn_(goddess)).
 
 ## Building
 
@@ -15,39 +15,54 @@ This project requires Java 8 and can be built with [Gradle](https://gradle.org).
 ## Installing
 
 ### Copy Syn JAR
-Copy the JAR that was built above from `build/libs/islandora-syn-X.X.X-all.jar` and place into `$TOMCAT_HOME/lib` directory or the individual webapps `WEB-INF/lib` directory. Can be found in Ubuntu at: `/var/lib/tomcat8/lib/`. Note that this JAR is built to contain all the dependancies.
+Copy the JAR that was built above from `build/libs/islandora-syn-X.X.X-all.jar` and place into `$TOMCAT_HOME/lib` directory. Can be found in Ubuntu at: `/var/lib/tomcat8/lib/`. Note that this JAR is built to contain all the dependancies.
 
-### Register Filter
-Now register the filter in web applications' `web.xml` file by adding something like.
+### Register Valve
+Now register the valve in Tomcat configuration file.
+In Ubuntu this file is located at: `/var/lib/tomcat8/conf/context.xml` 
 
 ```xml
-  <filter>
-    <filter-name>SynFilter</filter-name>
-    <filter-class>ca.islandora.syn.valve.SynFilter</filter-class>
-    <init-param>
-      <param-name>settings-path</param-name>
-      <param-value>/var/lib/tomcat8/conf/syn-settings.yml</param-value>
-    </init-param>
-  </filter>
-
-  <filter-mapping>
-    <filter-name>SynFilter</filter-name>
-    <url-pattern>/*</url-pattern>
-  </filter-mapping>
+<Valve className="ca.islandora.syn.valve.SynValve" 
+	  		 pathname="conf/syn-settings.xml" />
 ```
 
-Where the **settings-path** `param-value` is the the location of the settings file.
+where:
+* ***pathname***: The location of the settings file. Defaults to `$CATALINA_BASE/conf/syn-settings.xml`.
+
+### Enable `security-contraint`
+The valve checks if requested url is under **security contraints**. So, valve will activate only if the Fedora4  *web.xml* file contains something like:
+
+```xml
+<security-constraint>
+    <web-resource-collection>
+      <web-resource-name>Fedora4</web-resource-name>
+      <url-pattern>/*</url-pattern>
+    </web-resource-collection>
+    <auth-constraint>
+        <role-name>*</role-name>
+    </auth-constraint>
+    <user-data-constraint>
+      <transport-guarantee>NONE</transport-guarantee>
+    </user-data-constraint>
+</security-constraint>
+<security-role>
+    <role-name>islandora</role-name>
+</security-role>
+<login-config>
+  <auth-method>BASIC</auth-method>
+  <realm-name>fcrepo</realm-name>
+</login-config>
+```
 
 On ubuntu this file can be found at: 
 `/var/lib/tomcat8/webapps/fcrepo/WEB-INF/web.xml`
 
 ### Setup Syn Configuration
-Modify the [example configuration](./conf/syn-settings.example.yaml) and move it to: `$CATALINA_BASE/conf/syn-settings.xml`. Then use this path when configuring the application's filter `init-param`s.
+Modify the [example configuration](./conf/syn-settings.example.xml) and move it to: `$CATALINA_BASE/conf/syn-settings.xml`.
 
 ## Maintainers
 
 * [Jonathan Green](https://github.com/jonathangreen/)
-* [Jared Whiklo](https://github.com/whikloj)
 
 ## Development
 

diff --git a/build.gradle b/build.gradle
@@ -14,20 +14,6 @@ targetCompatibility = 1.8
 
 def tomcatVersion = '8.0.28'
 
-ext {
-
-	versions = [
-		bcprov : '1.56',
-		jackson : '2.9.2',
-		javaJwt : '3.1.0',
-		junit : '4.12',
-		logback : '1.0.13',
-		mockito : '2.7.14',
-		servlet : '3.0.1',
-		slf4j : '1.7.12'
-	]
-}
-
 checkstyle {
     configFile = rootProject.file('gradle/checkstyle/checkstyle.xml')
     configProperties.checkstyleConfigDir = rootProject.file('gradle/checkstyle')
@@ -38,17 +24,15 @@ repositories {
 }
 
 dependencies {
-    compile group: 'com.auth0', name: 'java-jwt', version: versions.javaJwt
-    compile group: 'org.bouncycastle', name: 'bcprov-jdk15on', version: versions.bcprov
-    compile group: 'org.slf4j', name: 'slf4j-api', version: versions.slf4j
-    compile group: 'javax.servlet', name: 'javax.servlet-api', version: versions.servlet
-    compile group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: versions.jackson
-    compile group: 'com.fasterxml.jackson.dataformat', name: 'jackson-dataformat-yaml', version: versions.jackson
-
-    testRuntime group: 'ch.qos.logback', name: 'logback-classic', version: versions.logback
-
-    testCompile group: 'junit', name: 'junit', version: versions.junit
-    testCompile group: 'org.mockito', name: 'mockito-core', version: versions.mockito
+    compile group: 'com.auth0', name: 'java-jwt', version:'3.1.0'
+    compile group: 'org.bouncycastle', name: 'bcprov-jdk15on', version:'1.56'
+    compileOnly group: 'org.apache.tomcat', name: 'tomcat-catalina', version:tomcatVersion
+    compileOnly group: 'org.apache.tomcat', name: 'tomcat-coyote', version:tomcatVersion
+
+    testCompile group: 'junit', name: 'junit', version:'4.12'
+    testCompile group: 'org.mockito', name: 'mockito-core', version:'2.7.14'
+    testCompile group: 'org.apache.tomcat', name: 'tomcat-catalina', version:tomcatVersion
+    testCompile group: 'org.apache.tomcat', name: 'tomcat-coyote', version:tomcatVersion
 }
 
 jacocoTestReport {
@@ -70,13 +54,6 @@ buildscript {
 jar {
     baseName = projectName
     version = projectVersion
-    manifest {
-        attributes("Implementation-Title": baseName,
-            "Implementation-Version": version,
-            "Implementation-Vendor": "Islandora",
-            "Class-Path": configurations.compile.collect { it.getName() }.join(' '))
-    }
-
 }
 
 shadowJar {
@@ -85,14 +62,3 @@ shadowJar {
 }
 
 assemble.dependsOn(shadowJar);
-
-test {
-   testLogging {
-        // Make sure output from
-        // standard out or error is shown
-        // in Gradle output.
-        // showStandardStreams = true
-        //events 'standard_out'
-        exceptionFormat = 'full'
-    }
-}
diff --git a/conf/syn-settings.example.xml b/conf/syn-settings.example.xml
@@ -0,0 +1,36 @@
+<config version='1'>
+  <!-- 
+  Sites can be specified with a Key inline, or with a reference to a key 
+  stored in a file. Both are shown in examples below.
+
+  The encoding parameter depends on what algorithm is chosen. 
+  HS256, HS384, HS512 support: plain and base64.
+  RS256, RS384, RS512 support: PEM.
+  -->
+
+  <!-- A site with an inline key -->
+  <site url='http://test.com' algorithm='HS256' encoding='plain'>
+my secret key
+  </site>
+
+  <!-- A site with a key stored in a file -->
+  <site url='http://test2.com' algorithm='HS256' encoding='base64' path='/somewhere/on/filesystem.key'/>
+
+  <!-- A site that allows all GET requests  -->
+  <site url='http://test3.com' algorithm='HS256' encoding='plain' anonymous='true'/>
+
+  <!-- 
+  This is how you specify a default site, which will be chosen if no 
+  other site matches the JWT url claim
+  -->
+  <site algorithm='RS256' encoding='PEM' path='/somewhere/on/filesystem.key' default='true'/>
+
+  <!--
+  This lets you specify a master token for testing. This should be used with care, as it gives anyone
+  with this token unlimited access to your repository.
+  -->
+  <token user='test' roles='role1,role2,role3'>
+    my super secret token
+  </token>
+
+</config>
diff --git a/conf/syn-settings.example.yaml b/conf/syn-settings.example.yaml
diff --git a/src/main/java/ca/islandora/syn/settings/Config.java b/src/main/java/ca/islandora/syn/settings/Config.java
@@ -3,37 +3,29 @@
 import java.util.ArrayList;
 import java.util.List;
 
-import com.fasterxml.jackson.annotation.JsonSetter;
-
 public class Config {
     private int version = -1;
-    private final List<Site> sites = new ArrayList<>();
-    private final List<Token> tokens = new ArrayList<>();
+    private List<Site> sites = new ArrayList<>();
+    private List<Token> tokens = new ArrayList<>();
 
-    @JsonSetter("site")
     public void addSite(final Site site) {
-        this.sites.add(site);
+        sites.add(site);
     }
-
     public List<Site> getSites() {
-        return this.sites;
+        return sites;
     }
 
     public int getVersion() {
         return this.version;
     }
-
     public void setVersion(final int version) {
         this.version = version;
     }
 
-    @JsonSetter("token")
     public void addToken(final Token token) {
-        this.tokens.add(token);
+        tokens.add(token);
     }
-
     public List<Token> getTokens() {
-        return this.tokens;
+        return tokens;
     }
-
 }