PageRenderTime 31ms CodeModel.GetById 14ms app.highlight 12ms RepoModel.GetById 1ms app.codeStats 0ms

/hudson-core/src/main/java/hudson/security/HudsonFilter.java

http://github.com/hudson/hudson
Java | 175 lines | 74 code | 17 blank | 84 comment | 10 complexity | 8987494ec7ddddc840d7d421f43297ac MD5 | raw file
  1/*
  2 * The MIT License
  3 * 
  4 * Copyright (c) 2004-2009, Sun Microsystems, Inc., Kohsuke Kawaguchi
  5 * 
  6 * Permission is hereby granted, free of charge, to any person obtaining a copy
  7 * of this software and associated documentation files (the "Software"), to deal
  8 * in the Software without restriction, including without limitation the rights
  9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 10 * copies of the Software, and to permit persons to whom the Software is
 11 * furnished to do so, subject to the following conditions:
 12 * 
 13 * The above copyright notice and this permission notice shall be included in
 14 * all copies or substantial portions of the Software.
 15 * 
 16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 19 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 22 * THE SOFTWARE.
 23 */
 24package hudson.security;
 25
 26import hudson.model.Hudson;
 27
 28import java.io.IOException;
 29import java.util.logging.Logger;
 30import static java.util.logging.Level.SEVERE;
 31
 32import javax.servlet.Filter;
 33import javax.servlet.FilterChain;
 34import javax.servlet.FilterConfig;
 35import javax.servlet.ServletContext;
 36import javax.servlet.ServletException;
 37import javax.servlet.ServletRequest;
 38import javax.servlet.ServletResponse;
 39
 40import org.acegisecurity.AuthenticationManager;
 41import org.acegisecurity.ui.rememberme.RememberMeServices;
 42import org.acegisecurity.userdetails.UserDetailsService;
 43
 44/**
 45 * {@link Filter} that Hudson uses to implement security support.
 46 *
 47 * <p>
 48 * This is the instance the servlet container creates, but
 49 * internally this just acts as a proxy to the real {@link Filter},
 50 * created by {@link SecurityRealm#createFilter(FilterConfig)}.
 51 *
 52 * @author Kohsuke Kawaguchi
 53 * @since 1.160
 54 */
 55public class HudsonFilter implements Filter {
 56    /**
 57     * The SecurityRealm specific filter.
 58     */
 59    private volatile Filter filter;
 60    
 61    /**
 62     * The {@link #init(FilterConfig)} may be called before the Hudson instance is up (which is
 63     * required for initialization of the filter).  So we store the
 64     * filterConfig for later lazy-initialization of the filter.
 65     */
 66    private FilterConfig filterConfig;
 67
 68    /**
 69     * {@link AuthenticationManager} proxy so that the acegi filter chain can stay the same
 70     * even when security setting is reconfigured.
 71     *
 72     * @deprecated in 1.271.
 73     * This proxy always delegate to {@code Hudson.getInstance().getSecurityRealm().getSecurityComponents().manager},
 74     * so use that instead.
 75     */
 76    public static final AuthenticationManagerProxy AUTHENTICATION_MANAGER = new AuthenticationManagerProxy();
 77
 78    /**
 79     * {@link UserDetailsService} proxy so that the acegi filter chain can stay the same
 80     * even when security setting is reconfigured.
 81     *
 82     * @deprecated in 1.271.
 83     * This proxy always delegate to {@code Hudson.getInstance().getSecurityRealm().getSecurityComponents().userDetails},
 84     * so use that instead.
 85     */
 86    public static final UserDetailsServiceProxy USER_DETAILS_SERVICE_PROXY = new UserDetailsServiceProxy();
 87    
 88    /**
 89     * {@link RememberMeServices} proxy so that the acegi filter chain can stay the same
 90     * even when security setting is reconfigured.
 91     *
 92     * @deprecated in 1.271.
 93     * This proxy always delegate to {@code Hudson.getInstance().getSecurityRealm().getSecurityComponents().rememberMe},
 94     * so use that instead.
 95     */
 96    public static final RememberMeServicesProxy REMEMBER_ME_SERVICES_PROXY = new RememberMeServicesProxy();
 97
 98    public void init(FilterConfig filterConfig) throws ServletException {
 99        this.filterConfig = filterConfig;
100        // this is how we make us available to the rest of Hudson.
101        filterConfig.getServletContext().setAttribute(HudsonFilter.class.getName(),this);
102        try {
103            Hudson hudson = Hudson.getInstance();
104            if (hudson != null) {
105                // looks like we are initialized after Hudson came into being. initialize it now. See #3069
106                LOGGER.fine("Security wasn't initialized; Initializing it...");
107                SecurityRealm securityRealm = hudson.getSecurityRealm();
108                reset(securityRealm);
109                LOGGER.fine("securityRealm is " + securityRealm);
110                LOGGER.fine("Security initialized");
111            }
112        } catch (ExceptionInInitializerError e) {
113            // see HUDSON-4592. In some containers this happens before
114            // WebAppMain.contextInitialized kicks in, which makes
115            // the whole thing fail hard before a nicer error check
116            // in WebAppMain.contextInitialized. So for now,
117            // just report it here, and let the WebAppMain handle the failure gracefully.
118            LOGGER.log(SEVERE, "Failed to initialize Hudson",e);
119        }
120    }
121
122    /**
123     * Gets the {@link HudsonFilter} created for the given {@link ServletContext}.
124     */
125    public static HudsonFilter get(ServletContext context) {
126        return (HudsonFilter)context.getAttribute(HudsonFilter.class.getName());
127    }
128
129    /**
130     * Reset the proxies and filter for a change in {@link SecurityRealm}.
131     */
132    public void reset(SecurityRealm securityRealm) throws ServletException {
133        if (securityRealm != null) {
134            SecurityRealm.SecurityComponents sc = securityRealm.getSecurityComponents();
135            AUTHENTICATION_MANAGER.setDelegate(sc.manager);
136            USER_DETAILS_SERVICE_PROXY.setDelegate(sc.userDetails);
137            REMEMBER_ME_SERVICES_PROXY.setDelegate(sc.rememberMe);
138            // make sure this.filter is always a valid filter.
139            Filter oldf = this.filter;
140            Filter newf = securityRealm.createFilter(this.filterConfig);
141            newf.init(this.filterConfig);
142            this.filter = newf;
143            if(oldf!=null)
144                oldf.destroy();
145        } else {
146            // no security related filter needed.
147            AUTHENTICATION_MANAGER.setDelegate(null);
148            USER_DETAILS_SERVICE_PROXY.setDelegate(null);
149            REMEMBER_ME_SERVICES_PROXY.setDelegate(null);
150            filter = null;
151        }
152    }
153
154    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
155        LOGGER.entering(HudsonFilter.class.getName(), "doFilter");
156        
157        // to deal with concurrency, we need to capture the object.
158        Filter f = filter;
159
160        if(f==null) {
161            // Hudson is starting up.
162            chain.doFilter(request,response);
163        } else {
164            f.doFilter(request,response,chain);
165        }
166    }
167
168    public void destroy() {
169        // the filter can be null if the filter is not initialized yet.
170        if(filter != null)
171            filter.destroy();
172    }
173
174    private static final Logger LOGGER = Logger.getLogger(HudsonFilter.class.getName());
175}