From 4d2b6c1ee3e409a2b58454f27548aa8df55b77e9 Mon Sep 17 00:00:00 2001 From: ndp-opendap Date: Mon, 8 Sep 2025 11:25:08 -0700 Subject: [PATCH 1/5] Patch for the 403 situation --- src/opendap/auth/IdFilter.java | 4 +++- src/opendap/coreServlet/OPeNDAPException.java | 24 +++++++++++++------ 2 files changed, 20 insertions(+), 8 deletions(-) diff --git a/src/opendap/auth/IdFilter.java b/src/opendap/auth/IdFilter.java index 953677a65..fd9afff48 100644 --- a/src/opendap/auth/IdFilter.java +++ b/src/opendap/auth/IdFilter.java @@ -160,7 +160,7 @@ private void init() throws IOException, JDOMException { } - public void doFilter(ServletRequest sreq, ServletResponse response, FilterChain filterChain) throws IOException, ServletException { + public void doFilter(ServletRequest sreq, ServletResponse sresp, FilterChain filterChain) throws IOException, ServletException { // Ensure initialization has been accomplished if (!isInitialized) { @@ -178,6 +178,7 @@ public void doFilter(ServletRequest sreq, ServletResponse response, FilterChain try { HttpServletRequest request = (HttpServletRequest) sreq; + HttpServletResponse response = (HttpServletResponse) sresp; RequestCache.open(request); RequestId requestId = RequestCache.getRequestId(); @@ -341,6 +342,7 @@ else if (enableGuestProfile && requestURI.equals(guestEndpoint)) { } catch (Forbidden http_403){ log.error("Unable to validate Authorization header. Message: "+http_403.getMessage()); + OPeNDAPException.anyExceptionHandler(http_403,request.getServletContext(),response); } } } diff --git a/src/opendap/coreServlet/OPeNDAPException.java b/src/opendap/coreServlet/OPeNDAPException.java index a34bab808..9f532351c 100644 --- a/src/opendap/coreServlet/OPeNDAPException.java +++ b/src/opendap/coreServlet/OPeNDAPException.java @@ -36,6 +36,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import javax.servlet.ServletContext; import javax.servlet.ServletOutputStream; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; @@ -187,7 +188,6 @@ public final void setErrorMessage(String msg) { } - /** * ************************************************************************ * Recasts any Throwable to be an OPeNDAPException and then transmits it @@ -195,18 +195,29 @@ public final void setErrorMessage(String msg) { * is already an OPeNDAPException, it is not recast. * * @param t The Exception that caused the problem. + * @param servlet The current servlet. Used to find things shipped in the deployment. * @param response The HttpServletResponse for the client. */ public static int anyExceptionHandler(Throwable t, HttpServlet servlet, HttpServletResponse response) { + return anyExceptionHandler(t, servlet.getServletContext(), response); + } - Logger log = org.slf4j.LoggerFactory.getLogger(OPeNDAPException.class); - + /** + * ************************************************************************ + * Recasts any Throwable to be an OPeNDAPException and then transmits it + * on to the passed stream as a DAP2 error object. If the passed Throwable + * is already an OPeNDAPException, it is not recast. + * + * @param t The Exception that caused the problem. + * @param servletContext The servlet context. Used to find things shipped in the deployment. + * @param response The HttpServletResponse for the client. + */ + public static int anyExceptionHandler(Throwable t, ServletContext servletContext, HttpServletResponse response) { + Logger log = org.slf4j.LoggerFactory.getLogger(OPeNDAPException.class); try { - log.error("anyExceptionHandler(): " + t); - ByteArrayOutputStream baos =new ByteArrayOutputStream(); PrintStream ps = new PrintStream( baos, true, HyraxStringEncoding.getCharsetName()); t.printStackTrace(ps); @@ -232,14 +243,13 @@ public static int anyExceptionHandler(Throwable t, HttpServlet servlet, HttpServ oe = new OPeNDAPException(UNDEFINED_ERROR, msg); oe.setHttpStatusCode(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); - } if(!response.isCommitted()){ response.reset(); - oe.setSystemPath(ServletUtil.getSystemPath(servlet,"")); + oe.setSystemPath(ServletUtil.getSystemPath(servletContext,"")); try { oe.sendHttpErrorResponse(response); } From 397fc8e07ffed3ab18f73510f21be37adeeaf658 Mon Sep 17 00:00:00 2001 From: ndp-opendap Date: Mon, 8 Sep 2025 11:35:41 -0700 Subject: [PATCH 2/5] * wip --- src/opendap/auth/IdFilter.java | 18 +++++++++++------- src/opendap/coreServlet/OPeNDAPException.java | 2 +- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/src/opendap/auth/IdFilter.java b/src/opendap/auth/IdFilter.java index fd9afff48..cbf69820c 100644 --- a/src/opendap/auth/IdFilter.java +++ b/src/opendap/auth/IdFilter.java @@ -159,6 +159,14 @@ private void init() throws IOException, JDOMException { } + void doForbidden(Exception e, HttpServletRequest req, HttpServletResponse resp, IdProvider idProvider) throws IOException { + String msg = "Your Login Transaction FAILED! " + + "Authentication Context: '"+idProvider.getAuthContext()+ + "' Message: "+ e.getMessage(); + log.error("doForbidden() - {}", msg); + OPeNDAPException.setCachedErrorMessage(msg); + resp.sendError(HttpServletResponse.SC_UNAUTHORIZED,msg); + } public void doFilter(ServletRequest sreq, ServletResponse sresp, FilterChain filterChain) throws IOException, ServletException { @@ -278,12 +286,7 @@ else if (enableGuestProfile && requestURI.equals(guestEndpoint)) { } catch (IOException | Forbidden e) { - String msg = "Your Login Transaction FAILED! " + - "Authentication Context: '"+idProvider.getAuthContext()+ - "' Message: "+ e.getMessage(); - log.error("doFilter() - {}", msg); - OPeNDAPException.setCachedErrorMessage(msg); - ((HttpServletResponse)response).sendError(HttpServletResponse.SC_UNAUTHORIZED,msg); + doForbidden(e,request,response,idProvider); log.debug("END (session: {})",session.getId()); return; } @@ -342,7 +345,8 @@ else if (enableGuestProfile && requestURI.equals(guestEndpoint)) { } catch (Forbidden http_403){ log.error("Unable to validate Authorization header. Message: "+http_403.getMessage()); - OPeNDAPException.anyExceptionHandler(http_403,request.getServletContext(),response); + doForbidden(e,request,response,idProvider); + log.debug("END (session: {})",session.getId()); } } } diff --git a/src/opendap/coreServlet/OPeNDAPException.java b/src/opendap/coreServlet/OPeNDAPException.java index 9f532351c..e09496157 100644 --- a/src/opendap/coreServlet/OPeNDAPException.java +++ b/src/opendap/coreServlet/OPeNDAPException.java @@ -514,7 +514,7 @@ public void sendAsHtmlErrorPage(HttpServletResponse response) throws Exception { // for the JSP to retrieve. The RequestCache for this thread gets destroyed when the doGet/doPost // methods exit which is normal and expected behavior, but the JSP page is invoked afterward so we // need a rendezvous for the message. We utilize this errorMessage cache for this purpose. The only - // public method for retrieving the message is tied to the thread of execution and it removes the + // public method for retrieving the message is tied to the thread of execution, and it removes the // message from the cache (clears the cache for the thread) once it is retrieved. _errorMessageCache.put(Thread.currentThread(), getMessage()); From 4824c8c04fc8d3aa2414e79173f3af6e05720c3f Mon Sep 17 00:00:00 2001 From: ndp-opendap Date: Mon, 8 Sep 2025 12:03:31 -0700 Subject: [PATCH 3/5] * wip --- src/opendap/auth/IdFilter.java | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/src/opendap/auth/IdFilter.java b/src/opendap/auth/IdFilter.java index cbf69820c..39717a832 100644 --- a/src/opendap/auth/IdFilter.java +++ b/src/opendap/auth/IdFilter.java @@ -159,7 +159,7 @@ private void init() throws IOException, JDOMException { } - void doForbidden(Exception e, HttpServletRequest req, HttpServletResponse resp, IdProvider idProvider) throws IOException { + void doUnathorized(Exception e, HttpServletRequest req, HttpServletResponse resp, IdProvider idProvider) throws IOException { String msg = "Your Login Transaction FAILED! " + "Authentication Context: '"+idProvider.getAuthContext()+ "' Message: "+ e.getMessage(); @@ -168,6 +168,15 @@ void doForbidden(Exception e, HttpServletRequest req, HttpServletResponse resp, resp.sendError(HttpServletResponse.SC_UNAUTHORIZED,msg); } + void doForbidden(Exception e, HttpServletRequest req, HttpServletResponse resp, IdProvider idProvider) throws IOException { + String msg = "Your Login Transaction FAILED! " + + "Authentication Context: '"+idProvider.getAuthContext()+ + "' Message: "+ e.getMessage(); + log.error("doForbidden() - {}", msg); + OPeNDAPException.setCachedErrorMessage(msg); + resp.sendError(HttpServletResponse.SC_FORBIDDEN,msg); + } + public void doFilter(ServletRequest sreq, ServletResponse sresp, FilterChain filterChain) throws IOException, ServletException { // Ensure initialization has been accomplished @@ -286,8 +295,8 @@ else if (enableGuestProfile && requestURI.equals(guestEndpoint)) { } catch (IOException | Forbidden e) { - doForbidden(e,request,response,idProvider); - log.debug("END (session: {})",session.getId()); + doForbidden(e, request, response, idProvider); + log.debug("END (session: {})", session.getId()); return; } } @@ -345,8 +354,8 @@ else if (enableGuestProfile && requestURI.equals(guestEndpoint)) { } catch (Forbidden http_403){ log.error("Unable to validate Authorization header. Message: "+http_403.getMessage()); - doForbidden(e,request,response,idProvider); - log.debug("END (session: {})",session.getId()); + doForbidden(e, request, response, idProvider); + log.debug("END (session: {})", session.getId()); } } } From 2be3cbcd59959a939cdaaa17619c0726e3b565c8 Mon Sep 17 00:00:00 2001 From: ndp-opendap Date: Tue, 9 Sep 2025 08:18:20 -0700 Subject: [PATCH 4/5] wip --- src/opendap/auth/IdFilter.java | 9 +++++---- src/opendap/auth/UrsIdP.java | 1 - 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/opendap/auth/IdFilter.java b/src/opendap/auth/IdFilter.java index 39717a832..f59c8b613 100644 --- a/src/opendap/auth/IdFilter.java +++ b/src/opendap/auth/IdFilter.java @@ -170,7 +170,7 @@ void doUnathorized(Exception e, HttpServletRequest req, HttpServletResponse resp void doForbidden(Exception e, HttpServletRequest req, HttpServletResponse resp, IdProvider idProvider) throws IOException { String msg = "Your Login Transaction FAILED! " + - "Authentication Context: '"+idProvider.getAuthContext()+ + "Authentication Context: '" + idProvider.getAuthContext() + "' Message: "+ e.getMessage(); log.error("doForbidden() - {}", msg); OPeNDAPException.setCachedErrorMessage(msg); @@ -326,10 +326,11 @@ else if (enableGuestProfile && requestURI.equals(guestEndpoint)) { log.debug("No UserProfile object found in Session. Request is not yet authenticated. " + "Checking Authorization headers..."); if (IdPManager.hasDefaultProvider()) { + IdProvider idProvider = IdPManager.getDefaultProvider(); try { UserProfile userProfile = new UserProfile(); boolean retVal; - retVal = IdPManager.getDefaultProvider().doTokenAuthentication(request, userProfile); + retVal = idProvider.doTokenAuthentication(request, userProfile); if(retVal){ log.info("Validated Authorization header. uid: {}", userProfile.getUID()); // By adding the UserProfile to the session here @@ -353,8 +354,8 @@ else if (enableGuestProfile && requestURI.equals(guestEndpoint)) { } } catch (Forbidden http_403){ - log.error("Unable to validate Authorization header. Message: "+http_403.getMessage()); - doForbidden(e, request, response, idProvider); + log.error("Unable to validate Authorization header. Message: {}", http_403.getMessage()); + doForbidden(http_403, request, response, idProvider); log.debug("END (session: {})", session.getId()); } } diff --git a/src/opendap/auth/UrsIdP.java b/src/opendap/auth/UrsIdP.java index a20a50967..f2045a256 100644 --- a/src/opendap/auth/UrsIdP.java +++ b/src/opendap/auth/UrsIdP.java @@ -627,7 +627,6 @@ public boolean doLogin(HttpServletRequest request, HttpServletResponse response) log.info("URS Token: {}", contents); - // Parse the json to extract the token. JsonParser jparse = new JsonParser(); JsonObject json = jparse.parse(contents).getAsJsonObject(); From 78aacb7f3cc4b02495e9657d7558e4ca1c76f6cf Mon Sep 17 00:00:00 2001 From: ndp-opendap Date: Tue, 9 Sep 2025 11:28:53 -0700 Subject: [PATCH 5/5] Dropped unused method parameter from doForbidden() --- src/opendap/auth/IdFilter.java | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/opendap/auth/IdFilter.java b/src/opendap/auth/IdFilter.java index f59c8b613..798904a0e 100644 --- a/src/opendap/auth/IdFilter.java +++ b/src/opendap/auth/IdFilter.java @@ -159,16 +159,16 @@ private void init() throws IOException, JDOMException { } - void doUnathorized(Exception e, HttpServletRequest req, HttpServletResponse resp, IdProvider idProvider) throws IOException { + void doUnathorized(Exception e, HttpServletResponse resp, IdProvider idProvider) throws IOException { String msg = "Your Login Transaction FAILED! " + "Authentication Context: '"+idProvider.getAuthContext()+ "' Message: "+ e.getMessage(); - log.error("doForbidden() - {}", msg); + log.error("doUnathorized() - {}", msg); OPeNDAPException.setCachedErrorMessage(msg); resp.sendError(HttpServletResponse.SC_UNAUTHORIZED,msg); } - void doForbidden(Exception e, HttpServletRequest req, HttpServletResponse resp, IdProvider idProvider) throws IOException { + void doForbidden(Exception e, HttpServletResponse resp, IdProvider idProvider) throws IOException { String msg = "Your Login Transaction FAILED! " + "Authentication Context: '" + idProvider.getAuthContext() + "' Message: "+ e.getMessage(); @@ -295,7 +295,7 @@ else if (enableGuestProfile && requestURI.equals(guestEndpoint)) { } catch (IOException | Forbidden e) { - doForbidden(e, request, response, idProvider); + doForbidden(e, response, idProvider); log.debug("END (session: {})", session.getId()); return; } @@ -355,7 +355,7 @@ else if (enableGuestProfile && requestURI.equals(guestEndpoint)) { } catch (Forbidden http_403){ log.error("Unable to validate Authorization header. Message: {}", http_403.getMessage()); - doForbidden(http_403, request, response, idProvider); + doForbidden(http_403, response, idProvider); log.debug("END (session: {})", session.getId()); } }