mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-08-14 17:58:59 +00:00
Refactoring to support ALF-9510, ALF-8702
ALF-8702: Solr-Repository SSL Communications (see solr/source/solr/instance/HowToSetUpSolr.txt ALF-9510: Initial checkin git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@30005 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Steven Glover
@@ -55,6 +55,7 @@ public class NodeContentGet extends StreamContent
|
|||||||
{
|
{
|
||||||
private static final String TRANSFORM_STATUS_HEADER = "X-Alfresco-transformStatus";
|
private static final String TRANSFORM_STATUS_HEADER = "X-Alfresco-transformStatus";
|
||||||
private static final String TRANSFORM_EXCEPTION_HEADER = "X-Alfresco-transformException";
|
private static final String TRANSFORM_EXCEPTION_HEADER = "X-Alfresco-transformException";
|
||||||
|
private static final String TRANSFORM_DURATION_HEADER = "X-Alfresco-transformDuration";
|
||||||
|
|
||||||
private static final Log logger = LogFactory.getLog(NodeContentGet.class);
|
private static final Log logger = LogFactory.getLog(NodeContentGet.class);
|
||||||
|
|
||||||
@@ -166,7 +167,10 @@ public class NodeContentGet extends StreamContent
|
|||||||
|
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
|
long start = System.currentTimeMillis();
|
||||||
transformer.transform(reader, writer);
|
transformer.transform(reader, writer);
|
||||||
|
long transformDuration = System.currentTimeMillis() - start;
|
||||||
|
res.setHeader(TRANSFORM_DURATION_HEADER, String.valueOf(transformDuration));
|
||||||
}
|
}
|
||||||
catch (ContentIOException e)
|
catch (ContentIOException e)
|
||||||
{
|
{
|
||||||
|
|||||||
@@ -1,67 +1,99 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (C) 2005-2011 Alfresco Software Limited.
|
||||||
|
*
|
||||||
|
* This file is part of Alfresco
|
||||||
|
*
|
||||||
|
* Alfresco is free software: you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU Lesser General Public License as published by
|
||||||
|
* the Free Software Foundation, either version 3 of the License, or
|
||||||
|
* (at your option) any later version.
|
||||||
|
*
|
||||||
|
* Alfresco is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU Lesser General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU Lesser General Public License
|
||||||
|
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
package org.alfresco.repo.web.scripts.solr;
|
package org.alfresco.repo.web.scripts.solr;
|
||||||
|
|
||||||
import java.io.ByteArrayInputStream;
|
|
||||||
import java.io.ByteArrayOutputStream;
|
import java.io.ByteArrayOutputStream;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.io.InputStream;
|
|
||||||
import java.io.OutputStream;
|
|
||||||
import java.io.PrintWriter;
|
import java.io.PrintWriter;
|
||||||
import java.security.AlgorithmParameters;
|
|
||||||
|
|
||||||
import javax.servlet.FilterChain;
|
import javax.servlet.FilterChain;
|
||||||
import javax.servlet.ServletContext;
|
import javax.servlet.ServletContext;
|
||||||
import javax.servlet.ServletException;
|
import javax.servlet.ServletException;
|
||||||
import javax.servlet.ServletInputStream;
|
|
||||||
import javax.servlet.ServletOutputStream;
|
import javax.servlet.ServletOutputStream;
|
||||||
import javax.servlet.ServletRequest;
|
import javax.servlet.ServletRequest;
|
||||||
import javax.servlet.ServletResponse;
|
import javax.servlet.ServletResponse;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
import javax.servlet.http.HttpServletRequestWrapper;
|
|
||||||
import javax.servlet.http.HttpServletResponse;
|
import javax.servlet.http.HttpServletResponse;
|
||||||
import javax.servlet.http.HttpServletResponseWrapper;
|
import javax.servlet.http.HttpServletResponseWrapper;
|
||||||
|
|
||||||
import org.alfresco.encryption.EncryptionUtils;
|
|
||||||
import org.alfresco.encryption.Encryptor;
|
|
||||||
import org.alfresco.encryption.KeyProvider;
|
|
||||||
import org.alfresco.error.AlfrescoRuntimeException;
|
import org.alfresco.error.AlfrescoRuntimeException;
|
||||||
import org.alfresco.repo.web.filter.beans.DependencyInjectedFilter;
|
import org.alfresco.repo.web.filter.beans.DependencyInjectedFilter;
|
||||||
import org.alfresco.util.Pair;
|
|
||||||
import org.apache.commons.logging.Log;
|
import org.apache.commons.logging.Log;
|
||||||
import org.apache.commons.logging.LogFactory;
|
import org.apache.commons.logging.LogFactory;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This filter protects the solr callback urls by verifying MACs on requests and encrypting responses
|
||||||
|
* and generating MACs on responses, if the secureComms property is set to "md5". If it is set to "https"
|
||||||
|
* or "none", the filter does nothing to the request and response.
|
||||||
|
*
|
||||||
|
* @since 4.0
|
||||||
|
*
|
||||||
|
*/
|
||||||
public class SOLRAuthenticationFilter implements DependencyInjectedFilter
|
public class SOLRAuthenticationFilter implements DependencyInjectedFilter
|
||||||
{
|
{
|
||||||
|
public static enum SecureCommsType
|
||||||
|
{
|
||||||
|
HTTPS, NONE;
|
||||||
|
|
||||||
|
public static SecureCommsType getType(String type)
|
||||||
|
{
|
||||||
|
if(type.equalsIgnoreCase("https"))
|
||||||
|
{
|
||||||
|
return HTTPS;
|
||||||
|
}
|
||||||
|
else if(type.equalsIgnoreCase("none"))
|
||||||
|
{
|
||||||
|
return NONE;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
throw new IllegalArgumentException("Invalid communications type");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
// Logger
|
// Logger
|
||||||
private static Log logger = LogFactory.getLog(SOLRAuthenticationFilter.class);
|
private static Log logger = LogFactory.getLog(SOLRAuthenticationFilter.class);
|
||||||
|
|
||||||
private boolean enabled = true;
|
private SecureCommsType secureComms = SecureCommsType.HTTPS;
|
||||||
private Encryptor encryptor;
|
|
||||||
private EncryptionUtils encryptionUtils;
|
|
||||||
|
|
||||||
public void setEncryptor(Encryptor encryptor)
|
public void setSecureComms(String type)
|
||||||
{
|
{
|
||||||
this.encryptor = encryptor;
|
try
|
||||||
}
|
{
|
||||||
|
this.secureComms = SecureCommsType.getType(type);
|
||||||
public void setEncryptionUtils(EncryptionUtils encryptionUtils)
|
}
|
||||||
{
|
catch(IllegalArgumentException e)
|
||||||
this.encryptionUtils = encryptionUtils;
|
{
|
||||||
}
|
throw new AlfrescoRuntimeException("", e);
|
||||||
|
}
|
||||||
public void setEnabled(boolean enabled)
|
|
||||||
{
|
|
||||||
this.enabled = enabled;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public void doFilter(ServletContext context, ServletRequest request,
|
public void doFilter(ServletContext context, ServletRequest request,
|
||||||
ServletResponse response, FilterChain chain) throws IOException,
|
ServletResponse response, FilterChain chain) throws IOException,
|
||||||
ServletException
|
ServletException
|
||||||
{
|
{
|
||||||
if(enabled)
|
HttpServletRequest httpRequest = (HttpServletRequest)request;
|
||||||
{
|
HttpServletResponse httpResponse = (HttpServletResponse)response;
|
||||||
HttpServletRequest httpRequest = (HttpServletRequest)request;
|
|
||||||
HttpServletResponse httpResponse = (HttpServletResponse)response;
|
|
||||||
|
|
||||||
|
/* if(secureComms == SecureCommsType.ALFRESCO)
|
||||||
|
{
|
||||||
// Need to get as a byte array because we need to read the request twice, once for authentication
|
// Need to get as a byte array because we need to read the request twice, once for authentication
|
||||||
// and again by the web service.
|
// and again by the web service.
|
||||||
SOLRHttpServletRequestWrapper requestWrapper = new SOLRHttpServletRequestWrapper(httpRequest, encryptionUtils);
|
SOLRHttpServletRequestWrapper requestWrapper = new SOLRHttpServletRequestWrapper(httpRequest, encryptionUtils);
|
||||||
@@ -101,6 +133,18 @@ public class SOLRAuthenticationFilter implements DependencyInjectedFilter
|
|||||||
httpResponse.setStatus(401);
|
httpResponse.setStatus(401);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
else */if(secureComms == SecureCommsType.HTTPS)
|
||||||
|
{
|
||||||
|
if(httpRequest.isSecure())
|
||||||
|
{
|
||||||
|
// https authentication
|
||||||
|
chain.doFilter(request, response);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
throw new AlfrescoRuntimeException("Expected a https request");
|
||||||
|
}
|
||||||
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
chain.doFilter(request, response);
|
chain.doFilter(request, response);
|
||||||
@@ -130,7 +174,7 @@ public class SOLRAuthenticationFilter implements DependencyInjectedFilter
|
|||||||
return((currentTime - timestamp) < 30 * 1000); // 5s
|
return((currentTime - timestamp) < 30 * 1000); // 5s
|
||||||
}
|
}
|
||||||
|
|
||||||
private static class SOLRHttpServletRequestWrapper extends HttpServletRequestWrapper
|
/* private static class SOLRHttpServletRequestWrapper extends HttpServletRequestWrapper
|
||||||
{
|
{
|
||||||
private byte[] body;
|
private byte[] body;
|
||||||
|
|
||||||
@@ -168,7 +212,7 @@ public class SOLRAuthenticationFilter implements DependencyInjectedFilter
|
|||||||
}
|
}
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
}
|
}*/
|
||||||
|
|
||||||
private static class ByteArrayServletOutputStream extends ServletOutputStream
|
private static class ByteArrayServletOutputStream extends ServletOutputStream
|
||||||
{
|
{
|
||||||
|
|||||||
Reference in New Issue
Block a user