diff --git a/CHANGELOG.md b/CHANGELOG.md index 0c0387c942..bb957186ba 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,8 +1,13 @@ -1.8 (in-progress) -================= -* Added try/catch to authorization header base64 decode in cases of invalid or unsupported authentication header. +1.7.1 (11/24/2014 - waffle-jna only) +==================================== +* [#164](https://github.com/dblock/waffle/issues/164): Added try/catch to authorization header base64 decode in cases of invalid or unsupported authentication header. ** Throws runtimeException "Invalid authorization header." - +* [#168](https://github.com/dblock/waffle/pull/168): Exception stack trace on invalid credentials. + ** Change in waffle 1.7 per sonar to trap only thrown errors resulted in a regression where user enters invalid + creditionals and expected behaviour is to ask again but instead a stack trace was thrown. Special thanks to + @gstanchev for finding and helping resolve this issue. +* Drop legacy base64 usage previously deprecated. We use guava for this now. +* Small number of array object creations cleanup. 1.7 (9/25/2014) =============== diff --git a/Source/JNA/waffle-jetty/src/test/java/waffle/jetty/StartEmbeddedJettyValidateNTLMGroup.java b/Source/JNA/waffle-jetty/src/test/java/waffle/jetty/StartEmbeddedJettyValidateNTLMGroup.java index 6eb945f0da..32e47cac82 100644 --- a/Source/JNA/waffle-jetty/src/test/java/waffle/jetty/StartEmbeddedJettyValidateNTLMGroup.java +++ b/Source/JNA/waffle-jetty/src/test/java/waffle/jetty/StartEmbeddedJettyValidateNTLMGroup.java @@ -50,19 +50,19 @@ public class StartEmbeddedJettyValidateNTLMGroup { private static Logger LOGGER = LoggerFactory.getLogger(StartEmbeddedJettyValidateNTLMGroup.class); - public static void main(String args[]) { + public static void main(final String args[]) { System.setProperty(SimpleLogger.DEFAULT_LOG_LEVEL_KEY, "TRACE"); - Server server = new Server(8080); + final Server server = new Server(8080); - ServletContextHandler context = new ServletContextHandler(ServletContextHandler.SESSIONS); + final ServletContextHandler context = new ServletContextHandler(ServletContextHandler.SESSIONS); context.setContextPath("/"); - ServletHandler handler = new ServletHandler(); - ServletHolder sh = new ServletHolder(new InfoServlet()); + final ServletHandler handler = new ServletHandler(); + final ServletHolder sh = new ServletHolder(new InfoServlet()); context.addServlet(sh, "/*"); - FilterHolder fh = handler.addFilterWithMapping(NegotiateSecurityFilter.class, "/*", + final FilterHolder fh = handler.addFilterWithMapping(NegotiateSecurityFilter.class, "/*", EnumSet.of(DispatcherType.REQUEST)); setFilterParams(fh); context.addFilter(fh, "/*", EnumSet.of(DispatcherType.REQUEST)); @@ -77,7 +77,7 @@ public static void main(String args[]) { } } - private static void setFilterParams(FilterHolder fh) { + private static void setFilterParams(final FilterHolder fh) { fh.setInitParameter("principalFormat", "fqn"); fh.setInitParameter("roleFormat", "both"); @@ -98,12 +98,12 @@ public static class InfoServlet extends HttpServlet { private static List authorisedGroups = Arrays.asList("NTGroup1", "NTGroup2"); @Override - public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, - IOException { + public void doGet(final HttpServletRequest request, final HttpServletResponse response) + throws ServletException, IOException { response.setContentType("text/html"); response.setStatus(HttpServletResponse.SC_OK); - boolean isUserAuthorised = isUserAuthorised(request, authorisedGroups); + final boolean isUserAuthorised = isUserAuthorised(request, authorisedGroups); if (isUserAuthorised) { response.getWriter().println("User is authorised"); } else { @@ -111,35 +111,35 @@ public void doGet(HttpServletRequest request, HttpServletResponse response) thro } } - private boolean isUserAuthorised(HttpServletRequest request, List authorizedGroups) { - List usersGroups = getUsersGroups(request); + private boolean isUserAuthorised(final HttpServletRequest request, final List authorizedGroups) { + final List usersGroups = getUsersGroups(request); - boolean noOverlappingGroups = Collections.disjoint(authorizedGroups, usersGroups); + final boolean noOverlappingGroups = Collections.disjoint(authorizedGroups, usersGroups); if (!noOverlappingGroups) { return true; } return false; } - private List getUsersGroups(HttpServletRequest request) { - List result = new ArrayList(); - Principal principal = request.getUserPrincipal(); + private List getUsersGroups(final HttpServletRequest request) { + final List result = new ArrayList(); + final Principal principal = request.getUserPrincipal(); if (principal instanceof WindowsPrincipal) { - WindowsPrincipal windowsPrincipal = (WindowsPrincipal) principal; - for (WindowsAccount account : windowsPrincipal.getGroups().values()) { - String groupName = getGroupName(account.getDomain(), account.getFqn()); + String groupName; + final WindowsPrincipal windowsPrincipal = (WindowsPrincipal) principal; + for (final WindowsAccount account : windowsPrincipal.getGroups().values()) { + groupName = getGroupName(account.getDomain(), account.getFqn()); result.add(groupName); } } return result; } - private String getGroupName(String domain, String groupString) { + private String getGroupName(final String domain, final String groupString) { if (domain == null || groupString == null) { return ""; } - String group = groupString.split(domain)[1]; - return group.substring(1); + return groupString.split(domain)[1].substring(1); } } diff --git a/Source/JNA/waffle-jna/pom.xml b/Source/JNA/waffle-jna/pom.xml index caf32a26b0..505efa2784 100644 --- a/Source/JNA/waffle-jna/pom.xml +++ b/Source/JNA/waffle-jna/pom.xml @@ -4,11 +4,11 @@ com.github.dblock.waffle waffle-parent - 1.8-SNAPSHOT + 1.7 ../waffle-parent waffle-jna - 1.8-SNAPSHOT + 1.7.1-SNAPSHOT jar waffle-jna WAFFLE JNA implementation diff --git a/Source/JNA/waffle-jna/src/main/java/waffle/servlet/spi/SecurityFilterProviderCollection.java b/Source/JNA/waffle-jna/src/main/java/waffle/servlet/spi/SecurityFilterProviderCollection.java index 13320ad2b7..417ceee60b 100644 --- a/Source/JNA/waffle-jna/src/main/java/waffle/servlet/spi/SecurityFilterProviderCollection.java +++ b/Source/JNA/waffle-jna/src/main/java/waffle/servlet/spi/SecurityFilterProviderCollection.java @@ -25,6 +25,8 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import com.sun.jna.platform.win32.Win32Exception; + import waffle.util.AuthorizationHeader; import waffle.windows.auth.IWindowsAuthProvider; import waffle.windows.auth.IWindowsIdentity; @@ -127,7 +129,11 @@ public IWindowsIdentity doFilter(final HttpServletRequest request, final HttpSer if (provider == null) { throw new RuntimeException("Unsupported security package: " + authorizationHeader.getSecurityPackage()); } - return provider.doFilter(request, response); + try { + return provider.doFilter(request, response); + } catch (Win32Exception e) { + throw new IOException(e); + } } /** diff --git a/Source/JNA/waffle-jna/src/main/java/waffle/util/SPNegoMessage.java b/Source/JNA/waffle-jna/src/main/java/waffle/util/SPNegoMessage.java index 27d1fa99db..5e9f5cd290 100644 --- a/Source/JNA/waffle-jna/src/main/java/waffle/util/SPNegoMessage.java +++ b/Source/JNA/waffle-jna/src/main/java/waffle/util/SPNegoMessage.java @@ -81,7 +81,7 @@ public static boolean isNegTokenArg(final byte[] message) { int lenBytes; int len; - // Get lenght of message for additional check. + // Get length of message for additional check. if ((message[1] & 0x80) == 0) { len = message[1]; } else { diff --git a/Source/JNA/waffle-parent/pom.xml b/Source/JNA/waffle-parent/pom.xml index 86a504f409..5addcdab06 100644 --- a/Source/JNA/waffle-parent/pom.xml +++ b/Source/JNA/waffle-parent/pom.xml @@ -272,7 +272,7 @@ org.apache.maven.plugins maven-pmd-plugin - 3.2 + 3.3 @@ -283,7 +283,7 @@ org.apache.maven.plugins maven-assembly-plugin - 2.5.1 + 2.5.2 ${project.basedir}/src/assembly/assembly.xml