Skip to content

Commit

Permalink
Revert "Change Tomcat Valve to servlet Filter (Islandora#11)"
Browse files Browse the repository at this point in the history
This reverts commit 9482e95.
  • Loading branch information
dannylamb committed Nov 28, 2018
1 parent 9482e95 commit 0fc40ec
Show file tree
Hide file tree
Showing 24 changed files with 1,514 additions and 1,805 deletions.
55 changes: 35 additions & 20 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@

## Description

A ServletFilter that authenticates the JWT tokens created by Islandora in order to provide sessionless Authentication for Fedora4. Named after the Norse goddess [Syn](https://en.wikipedia.org/wiki/Syn_(goddess)).
A valve for Tomcat8 that authenticates the JWT tokens created by Islandora in order to provide sessionless Authentication for Fedora4. Named after the Norse goddess [Syn](https://en.wikipedia.org/wiki/Syn_(goddess)).

## Building

Expand All @@ -15,39 +15,54 @@ This project requires Java 8 and can be built with [Gradle](https://gradle.org).
## Installing

### Copy Syn JAR
Copy the JAR that was built above from `build/libs/islandora-syn-X.X.X-all.jar` and place into `$TOMCAT_HOME/lib` directory or the individual webapps `WEB-INF/lib` directory. Can be found in Ubuntu at: `/var/lib/tomcat8/lib/`. Note that this JAR is built to contain all the dependancies.
Copy the JAR that was built above from `build/libs/islandora-syn-X.X.X-all.jar` and place into `$TOMCAT_HOME/lib` directory. Can be found in Ubuntu at: `/var/lib/tomcat8/lib/`. Note that this JAR is built to contain all the dependancies.

### Register Filter
Now register the filter in web applications' `web.xml` file by adding something like.
### Register Valve
Now register the valve in Tomcat configuration file.
In Ubuntu this file is located at: `/var/lib/tomcat8/conf/context.xml`

```xml
<filter>
<filter-name>SynFilter</filter-name>
<filter-class>ca.islandora.syn.valve.SynFilter</filter-class>
<init-param>
<param-name>settings-path</param-name>
<param-value>/var/lib/tomcat8/conf/syn-settings.yml</param-value>
</init-param>
</filter>

<filter-mapping>
<filter-name>SynFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<Valve className="ca.islandora.syn.valve.SynValve"
pathname="conf/syn-settings.xml" />
```

Where the **settings-path** `param-value` is the the location of the settings file.
where:
* ***pathname***: The location of the settings file. Defaults to `$CATALINA_BASE/conf/syn-settings.xml`.

### Enable `security-contraint`
The valve checks if requested url is under **security contraints**. So, valve will activate only if the Fedora4 *web.xml* file contains something like:

```xml
<security-constraint>
<web-resource-collection>
<web-resource-name>Fedora4</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-role>
<role-name>islandora</role-name>
</security-role>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>fcrepo</realm-name>
</login-config>
```

On ubuntu this file can be found at:
`/var/lib/tomcat8/webapps/fcrepo/WEB-INF/web.xml`

### Setup Syn Configuration
Modify the [example configuration](./conf/syn-settings.example.yaml) and move it to: `$CATALINA_BASE/conf/syn-settings.xml`. Then use this path when configuring the application's filter `init-param`s.
Modify the [example configuration](./conf/syn-settings.example.xml) and move it to: `$CATALINA_BASE/conf/syn-settings.xml`.

## Maintainers

* [Jonathan Green](https://github.com/jonathangreen/)
* [Jared Whiklo](https://github.com/whikloj)

## Development

Expand Down
52 changes: 9 additions & 43 deletions build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -14,20 +14,6 @@ targetCompatibility = 1.8

def tomcatVersion = '8.0.28'

ext {

versions = [
bcprov : '1.56',
jackson : '2.9.2',
javaJwt : '3.1.0',
junit : '4.12',
logback : '1.0.13',
mockito : '2.7.14',
servlet : '3.0.1',
slf4j : '1.7.12'
]
}

checkstyle {
configFile = rootProject.file('gradle/checkstyle/checkstyle.xml')
configProperties.checkstyleConfigDir = rootProject.file('gradle/checkstyle')
Expand All @@ -38,17 +24,15 @@ repositories {
}

dependencies {
compile group: 'com.auth0', name: 'java-jwt', version: versions.javaJwt
compile group: 'org.bouncycastle', name: 'bcprov-jdk15on', version: versions.bcprov
compile group: 'org.slf4j', name: 'slf4j-api', version: versions.slf4j
compile group: 'javax.servlet', name: 'javax.servlet-api', version: versions.servlet
compile group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: versions.jackson
compile group: 'com.fasterxml.jackson.dataformat', name: 'jackson-dataformat-yaml', version: versions.jackson

testRuntime group: 'ch.qos.logback', name: 'logback-classic', version: versions.logback

testCompile group: 'junit', name: 'junit', version: versions.junit
testCompile group: 'org.mockito', name: 'mockito-core', version: versions.mockito
compile group: 'com.auth0', name: 'java-jwt', version:'3.1.0'
compile group: 'org.bouncycastle', name: 'bcprov-jdk15on', version:'1.56'
compileOnly group: 'org.apache.tomcat', name: 'tomcat-catalina', version:tomcatVersion
compileOnly group: 'org.apache.tomcat', name: 'tomcat-coyote', version:tomcatVersion

testCompile group: 'junit', name: 'junit', version:'4.12'
testCompile group: 'org.mockito', name: 'mockito-core', version:'2.7.14'
testCompile group: 'org.apache.tomcat', name: 'tomcat-catalina', version:tomcatVersion
testCompile group: 'org.apache.tomcat', name: 'tomcat-coyote', version:tomcatVersion
}

jacocoTestReport {
Expand All @@ -70,13 +54,6 @@ buildscript {
jar {
baseName = projectName
version = projectVersion
manifest {
attributes("Implementation-Title": baseName,
"Implementation-Version": version,
"Implementation-Vendor": "Islandora",
"Class-Path": configurations.compile.collect { it.getName() }.join(' '))
}

}

shadowJar {
Expand All @@ -85,14 +62,3 @@ shadowJar {
}

assemble.dependsOn(shadowJar);

test {
testLogging {
// Make sure output from
// standard out or error is shown
// in Gradle output.
// showStandardStreams = true
//events 'standard_out'
exceptionFormat = 'full'
}
}
36 changes: 36 additions & 0 deletions conf/syn-settings.example.xml
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
<config version='1'>
<!--
Sites can be specified with a Key inline, or with a reference to a key
stored in a file. Both are shown in examples below.
The encoding parameter depends on what algorithm is chosen.
HS256, HS384, HS512 support: plain and base64.
RS256, RS384, RS512 support: PEM.
-->

<!-- A site with an inline key -->
<site url='http://test.com' algorithm='HS256' encoding='plain'>
my secret key
</site>

<!-- A site with a key stored in a file -->
<site url='http://test2.com' algorithm='HS256' encoding='base64' path='/somewhere/on/filesystem.key'/>

<!-- A site that allows all GET requests -->
<site url='http://test3.com' algorithm='HS256' encoding='plain' anonymous='true'/>

<!--
This is how you specify a default site, which will be chosen if no
other site matches the JWT url claim
-->
<site algorithm='RS256' encoding='PEM' path='/somewhere/on/filesystem.key' default='true'/>

<!--
This lets you specify a master token for testing. This should be used with care, as it gives anyone
with this token unlimited access to your repository.
-->
<token user='test' roles='role1,role2,role3'>
my super secret token
</token>

</config>
43 changes: 0 additions & 43 deletions conf/syn-settings.example.yaml

This file was deleted.

20 changes: 6 additions & 14 deletions src/main/java/ca/islandora/syn/settings/Config.java
Original file line number Diff line number Diff line change
Expand Up @@ -3,37 +3,29 @@
import java.util.ArrayList;
import java.util.List;

import com.fasterxml.jackson.annotation.JsonSetter;

public class Config {
private int version = -1;
private final List<Site> sites = new ArrayList<>();
private final List<Token> tokens = new ArrayList<>();
private List<Site> sites = new ArrayList<>();
private List<Token> tokens = new ArrayList<>();

@JsonSetter("site")
public void addSite(final Site site) {
this.sites.add(site);
sites.add(site);
}

public List<Site> getSites() {
return this.sites;
return sites;
}

public int getVersion() {
return this.version;
}

public void setVersion(final int version) {
this.version = version;
}

@JsonSetter("token")
public void addToken(final Token token) {
this.tokens.add(token);
tokens.add(token);
}

public List<Token> getTokens() {
return this.tokens;
return tokens;
}

}
Loading

0 comments on commit 0fc40ec

Please sign in to comment.