stratos-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From pradee...@apache.org
Subject git commit: implementing session based authentication/authorization. backend bits done. todo : authenticate the frontend using carbon user-store
Date Sun, 02 Feb 2014 11:35:20 GMT
Updated Branches:
  refs/heads/master bf48fbcd0 -> dac3417d7


implementing session based authentication/authorization. backend bits done. todo : authenticate
the frontend using carbon user-store


Project: http://git-wip-us.apache.org/repos/asf/incubator-stratos/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-stratos/commit/dac3417d
Tree: http://git-wip-us.apache.org/repos/asf/incubator-stratos/tree/dac3417d
Diff: http://git-wip-us.apache.org/repos/asf/incubator-stratos/diff/dac3417d

Branch: refs/heads/master
Commit: dac3417d713f385b759ad3af3a4c3e95cf9b13a7
Parents: bf48fbc
Author: Pradeep Fernando <pradeepfn@gmail.com>
Authored: Sun Feb 2 17:04:59 2014 +0530
Committer: Pradeep Fernando <pradeepfn@gmail.com>
Committed: Sun Feb 2 17:04:59 2014 +0530

----------------------------------------------------------------------
 .../console/controllers/login.jag               | 66 ++++++++-------
 .../console/controllers/loginSubmit.jag         | 25 ++++++
 .../console/controllers/router.jag              |  4 +-
 .../console/jaggery.conf                        |  4 +
 .../modules/security/security.provider.js       |  1 -
 .../console/themes/theme1/partials/login.hbs    |  8 +-
 .../console/util/utility.jag                    | 51 ++++++++----
 .../org/apache/stratos/rest/endpoint/Utils.java | 13 ++-
 .../endpoint/context/AuthenticationContext.java | 38 +++++++++
 ...tractAuthenticationAuthorizationHandler.java |  4 +-
 .../CookieBasedAuthenticationHandler.java       | 87 ++++++++++++++++++++
 .../rest/endpoint/handlers/OAuthHandler.java    |  2 +
 .../handlers/StratosAuthenticationHandler.java  |  5 +-
 .../handlers/StratosAuthorizingHandler.java     | 27 +++---
 .../endpoint/services/AuthenticationAdmin.java  | 67 +++++++++++++++
 .../rest/endpoint/services/StratosAdmin.java    | 31 +++++--
 .../main/webapp/stratos/WEB-INF/cxf-servlet.xml |  6 +-
 17 files changed, 363 insertions(+), 76 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-stratos/blob/dac3417d/components/org.apache.stratos.manager.console/console/controllers/login.jag
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.manager.console/console/controllers/login.jag b/components/org.apache.stratos.manager.console/console/controllers/login.jag
index a45ab4e..ca4d54c 100755
--- a/components/org.apache.stratos.manager.console/console/controllers/login.jag
+++ b/components/org.apache.stratos.manager.console/console/controllers/login.jag
@@ -1,37 +1,45 @@
 <%
 (function(){
-    var dataConfig = require('/config/console.json'),
-            sso = require("sso"),
-            process = require("process"),
-            sessionId = session.getId(),
-            requestURI,
-            requestedPage = request.getParameter("requestedPage"),
-            relayState = '/console',log = new Log();
-    log.info(dataConfig.ssoConfiguration.issuer);
-    var encodedSAMLAuthRequest = sso.client.getEncodedSAMLAuthRequest(dataConfig.ssoConfiguration.issuer);
-    postUrl = "https://" + process.getProperty('carbon.local.ip') + ":" + "9443";
-    log.info(postUrl);
+    var log = new Log("controllers.login.jag");
+    var dataConfig = require('/config/console.json');
+    if(!dataConfig.ssoConfiguration.enabled){
+        request.getMappedPath = function() {
+            return '/login.jag'; // setting path for caramel framework
+        };
+        include('/login.jag');
+    } else {
+        var sso = require("sso"),
+                process = require("process"),
+                sessionId = session.getId(),
+                requestURI,
+                requestedPage = request.getParameter("requestedPage"),
+                relayState = '/console',log = new Log();
+        log.debug(dataConfig.ssoConfiguration.issuer);
+        var encodedSAMLAuthRequest = sso.client.getEncodedSAMLAuthRequest(dataConfig.ssoConfiguration.issuer);
+        postUrl = "https://" + process.getProperty('carbon.local.ip') + ":" + "9443";
+        log.debug(postUrl);
 
-    if (!session.get("Loged")) {
-        %>
+        if (!session.get("Loged")) {
+            %>
 
-                <div>
+                    <div>
 
-                            <p>You are now being redirected to Identity Server. If
the
-                            redirection fails, please click on the button below.</p>
-                            <form method="post" action="<%=postUrl%>/samlsso">
-                            <p>
-                               <input type="hidden" name="SAMLRequest" value="<%= encodedSAMLAuthRequest
%>"/>
-                               <input type="hidden" name="RelayState" value="<%= relayState
%>"/>
-                               <input type="hidden" name="SSOAuthSessionID" value="<%=
sessionId %>"/>
-                               <button type="submit">Redirect manually</button>
-                           </p>
-                       </form>
-                   </div>
-                   <script type = "text/javascript" >
-                          document.forms[0].submit();
-                   </script>
-        <%
+                                <p>You are now being redirected to Identity Server.
If the
+                                redirection fails, please click on the button below.</p>
+                                <form method="post" action="<%=postUrl%>/samlsso">
+                                <p>
+                                   <input type="hidden" name="SAMLRequest" value="<%=
encodedSAMLAuthRequest %>"/>
+                                   <input type="hidden" name="RelayState" value="<%=
relayState %>"/>
+                                   <input type="hidden" name="SSOAuthSessionID" value="<%=
sessionId %>"/>
+                                   <button type="submit">Redirect manually</button>
+                               </p>
+                           </form>
+                       </div>
+                       <script type = "text/javascript" >
+                              document.forms[0].submit();
+                       </script>
+            <%
+        }
     }
 }());
 %>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-stratos/blob/dac3417d/components/org.apache.stratos.manager.console/console/controllers/loginSubmit.jag
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.manager.console/console/controllers/loginSubmit.jag
b/components/org.apache.stratos.manager.console/console/controllers/loginSubmit.jag
new file mode 100644
index 0000000..4cd11c3
--- /dev/null
+++ b/components/org.apache.stratos.manager.console/console/controllers/loginSubmit.jag
@@ -0,0 +1,25 @@
+<%
+(function(){
+    var log = new Log("controller.credentialSubmit");
+    var utils = require('/util/utility.jag');
+    var username = request.getParameter("username").trim();
+    var password = request.getParameter("password"); // not trimming the password
+    log.info("username/password submitted");
+    log.info(username);
+    log.info(password);
+    //authenticate with carbon usr-store
+
+
+    //call the authentication rest-endpoint and get the JSESSION_ID
+    var response =  utils.consoleAppUtil.getSessionCookie(username,password);
+    log.info(response.data.Success.sessionId);
+    //TODO: handle the error scenario
+    //save the JSESSION_ID in current console.session.
+    var jSessionId = response.data.Success.sessionId;
+    session.put("JSESSIONID",jSessionId);
+    require('console').server.current(session,username);
+    //redirect
+    response.sendRedirect(request.getContextPath());
+
+}());
+%>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-stratos/blob/dac3417d/components/org.apache.stratos.manager.console/console/controllers/router.jag
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.manager.console/console/controllers/router.jag
b/components/org.apache.stratos.manager.console/console/controllers/router.jag
index 50a3c4e..baa7832 100755
--- a/components/org.apache.stratos.manager.console/console/controllers/router.jag
+++ b/components/org.apache.stratos.manager.console/console/controllers/router.jag
@@ -13,14 +13,14 @@
     var sm=securityModule.cached();
 
     //This will short circuit the handling of the requests
-    //var passed=sm.check(session);
+    var passed=sm.check(session);
     //var tenantDomain = session.get("TENANT_DOMAIN");
     //var roleArray = session.get("ROLE_ARRAY");
 
     // comment out the above and uncomment below code bits for testing. It removes authentication/authorization
     // of the app.
 
-    var passed=true;
+    //var passed=true;
     var tenantDomain = "carbon.super";
     var roleArray = ["admin","Internal/Everyone"];
 

http://git-wip-us.apache.org/repos/asf/incubator-stratos/blob/dac3417d/components/org.apache.stratos.manager.console/console/jaggery.conf
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.manager.console/console/jaggery.conf b/components/org.apache.stratos.manager.console/console/jaggery.conf
index 80b8f8f..d742b11 100644
--- a/components/org.apache.stratos.manager.console/console/jaggery.conf
+++ b/components/org.apache.stratos.manager.console/console/jaggery.conf
@@ -3,6 +3,10 @@
     "logLevel": "info",
     "urlMappings":[
                 {
+                    "url":"/loginSubmit",
+                    "path":"/controllers/loginSubmit.jag"
+                },
+                {
                     "url":"/acs",
                     "path":"/controllers/acs.jag"
                 },

http://git-wip-us.apache.org/repos/asf/incubator-stratos/blob/dac3417d/components/org.apache.stratos.manager.console/console/modules/security/security.provider.js
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.manager.console/console/modules/security/security.provider.js
b/components/org.apache.stratos.manager.console/console/modules/security/security.provider.js
index b21b4ac..6877312 100644
--- a/components/org.apache.stratos.manager.console/console/modules/security/security.provider.js
+++ b/components/org.apache.stratos.manager.console/console/modules/security/security.provider.js
@@ -7,7 +7,6 @@
 
 var securityModule = function () {
 
-    var LOGGED_IN_USER = 'LOGGED_IN_USER';
     var log=new Log('security.provider');
 
     /*

http://git-wip-us.apache.org/repos/asf/incubator-stratos/blob/dac3417d/components/org.apache.stratos.manager.console/console/themes/theme1/partials/login.hbs
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.manager.console/console/themes/theme1/partials/login.hbs
b/components/org.apache.stratos.manager.console/console/themes/theme1/partials/login.hbs
index e6cf4a2..5857e5c 100644
--- a/components/org.apache.stratos.manager.console/console/themes/theme1/partials/login.hbs
+++ b/components/org.apache.stratos.manager.console/console/themes/theme1/partials/login.hbs
@@ -5,16 +5,16 @@
             <div class="login-box">
                 <div class="login-box-top">
                     <h2 class="login-sub-title">Login to create cartridges</h2>
-                    <form>
+                    <form method="post" action="{{url "/loginSubmit"}}">
                         <div class="username-wrapper">
-                            <input class="input-username" type="text" placeholder="Email"
/>
+                            <input name="username" class="input-username" type="text"
placeholder="Email" />
                         </div>
                         <div class="password-wrapper">
-                            <input class="input-password" type="text" placeholder="Password"
/>
+                            <input name="password" class="input-password" type="text"
placeholder="Password" />
                         </div>
 
                         <div class="login-button-wrapper">
-                            <button class="btn btn-primary login-button" type="button">Sign
In</button>
+                            <button class="btn btn-primary login-button" type="submit">Sign
In</button>
                         </div>
                     </form>
                 </div>

http://git-wip-us.apache.org/repos/asf/incubator-stratos/blob/dac3417d/components/org.apache.stratos.manager.console/console/util/utility.jag
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.manager.console/console/util/utility.jag b/components/org.apache.stratos.manager.console/console/util/utility.jag
index 43e8f7e..a883585 100644
--- a/components/org.apache.stratos.manager.console/console/util/utility.jag
+++ b/components/org.apache.stratos.manager.console/console/util/utility.jag
@@ -160,20 +160,31 @@ consoleAppUtil = new function(){
         }
         return configStatus;
     };
+
+    this.getRequestHeaders = function(ssoEnabled){
+        var requestHeaders;
+        if(ssoEnabled){
+            var accessToken = this.getAccessTokenFromSession();
+            requestHeaders = {
+                "Authorization": "Bearer "+accessToken,
+                "Content-Type": "application/json"
+            };
+        }else{
+            requestHeaders = {
+                "Content-Type": "application/json",
+                "Cookie": "JSESSIONID="+session.get("JSESSIONID")
+            };
+        }
+        return requestHeaders;
+    };
+
     // refactor sendRecive and send method. duplicate code...
     this.sendReceive = function(httpMethod,urlPostFix,data){
         var config = require('/config/console.js').config();
         var backendServerURL = config.backendServerConfiguration.url;
         // getting the access token from the session.
         var endpoint = backendServerURL + urlPostFix;
-        //var endpoint = "http://localhost:9000/stratos/admin" + urlPostFix;
-
-        var accessToken = this.getAccessTokenFromSession();
-        // the header values are constant
-        var headers = {
-            "Authorization": "Bearer "+accessToken,
-            "Content-Type": "application/json"
-        };
+        var headers = this.getRequestHeaders(config.ssoConfiguration.enabled);
         var type = "json"; // response format
         var response;
         switch (httpMethod){
@@ -201,12 +212,7 @@ consoleAppUtil = new function(){
         var backendServerURL = config.backendServerConfiguration.url;
         // getting the access token from the session.
         var endpoint = backendServerURL + urlPostFix;
-        var accessToken = this.getAccessTokenFromSession();
-        // the header values are constant
-        var headers = {
-            "Authorization": "Bearer "+accessToken,
-            "Content-Type": "application/json"
-        };
+        var headers = this.getRequestHeaders(config.ssoConfiguration.enabled);
         var type = "json"; // response format
         var response;
         switch (httpMethod){
@@ -247,10 +253,27 @@ consoleAppUtil = new function(){
         return response;
     };
 
+    this.getSessionCookie = function(userName, password){
+        var config = require('/config/console.js').config();
+        var backendServerURL = config.backendServerConfiguration.url;
+        var endpoint = backendServerURL + "/cookie";
+        var sso = require("sso"); //TODO: get rid of this...
+        var basicAuthToken = sso.client.b64encode(userName + ":" + password);
+        var headers = {
+            "Authorization": "Basic "+basicAuthToken,
+            "Content-Type": "application/json"
+        };
+        var response = get(endpoint,{},headers,"json");
+        log.info(stringify(response));
+        return response;
+    };
+
     this.getAccessTokenFromSession = function(){
         return session.get("access_token");
     };
 
+
+
 };
 
 

http://git-wip-us.apache.org/repos/asf/incubator-stratos/blob/dac3417d/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/Utils.java
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/Utils.java
b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/Utils.java
index 638fb63..c702e16 100644
--- a/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/Utils.java
+++ b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/Utils.java
@@ -22,7 +22,7 @@ public class Utils {
     public static String buildMessage(int errorCode, String errorMessage) {
         String jsonResponse = "{\"Error\":{" +
                 " \"errorCode\": \" " + errorCode + "\"," +
-                " \"errorMessage\": \" " + errorMessage + "\"," +
+                " \"errorMessage\": \" " + errorMessage + "\"" +
                 "}" +
                 "}";
         return jsonResponse;
@@ -31,7 +31,16 @@ public class Utils {
     public static String buildMessage(String errorMessage) {
         String jsonResponse = "{\"Error\":{" +
                 " \"errorCode\": \" " + -1234 + "\"," +
-                " \"errorMessage\": \" " + errorMessage + "\"," +
+                " \"errorMessage\": \" " + errorMessage + "\"" +
+                "}" +
+                "}";
+        return jsonResponse;
+    }
+
+
+    public static String buildAuthenticationSuccessMessage(String jSessionId) {
+        String jsonResponse = "{\"Success\":{" +
+                " \"sessionId\": \"" + jSessionId + "\"" +
                 "}" +
                 "}";
         return jsonResponse;

http://git-wip-us.apache.org/repos/asf/incubator-stratos/blob/dac3417d/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/context/AuthenticationContext.java
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/context/AuthenticationContext.java
b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/context/AuthenticationContext.java
new file mode 100644
index 0000000..a5cab41
--- /dev/null
+++ b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/context/AuthenticationContext.java
@@ -0,0 +1,38 @@
+package org.apache.stratos.rest.endpoint.context;/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+public class AuthenticationContext {
+    // maintaining the authenticated state in threadLocal. We want to skip subsequent authentication
handlers
+    // once a request get authenticated by a handler.
+    private static final ThreadLocal<Boolean> authenticated = new ThreadLocal<Boolean>(){
+        @Override
+        protected Boolean initialValue() {
+            return false;
+        }
+    };
+
+
+    public static boolean isAthenticated(){
+        return authenticated.get();
+    }
+
+    public static void setAuthenticated(boolean isAuthenticated){
+        authenticated.set(isAuthenticated);
+    }
+}

http://git-wip-us.apache.org/repos/asf/incubator-stratos/blob/dac3417d/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/AbstractAuthenticationAuthorizationHandler.java
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/AbstractAuthenticationAuthorizationHandler.java
b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/AbstractAuthenticationAuthorizationHandler.java
index 4c0d274..de6d083 100644
--- a/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/AbstractAuthenticationAuthorizationHandler.java
+++ b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/AbstractAuthenticationAuthorizationHandler.java
@@ -20,6 +20,7 @@ import org.apache.cxf.jaxrs.ext.RequestHandler;
 import org.apache.cxf.jaxrs.impl.HttpHeadersImpl;
 import org.apache.cxf.jaxrs.model.ClassResourceInfo;
 import org.apache.cxf.message.Message;
+import org.apache.stratos.rest.endpoint.context.AuthenticationContext;
 
 import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.core.Response;
@@ -33,7 +34,8 @@ public abstract class AbstractAuthenticationAuthorizationHandler implements
Requ
     public Response handleRequest(Message message, ClassResourceInfo classResourceInfo) {
         HttpHeaders headers = new HttpHeadersImpl(message);
         List<String> authHeader = headers.getRequestHeader(HttpHeaders.AUTHORIZATION);
-        if(authHeader != null && authHeader.size() > 0 && canHandle(authHeader.get(0).trim().split("
")[0])){
+        if(!AuthenticationContext.isAthenticated() && authHeader != null &&
authHeader.size() > 0 &&
+                canHandle(authHeader.get(0).trim().split(" ")[0])){
              return handle(message,classResourceInfo);
         }
         // give the control to the next handler

http://git-wip-us.apache.org/repos/asf/incubator-stratos/blob/dac3417d/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/CookieBasedAuthenticationHandler.java
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/CookieBasedAuthenticationHandler.java
b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/CookieBasedAuthenticationHandler.java
new file mode 100644
index 0000000..9ddf5fe
--- /dev/null
+++ b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/CookieBasedAuthenticationHandler.java
@@ -0,0 +1,87 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.stratos.rest.endpoint.handlers;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.cxf.jaxrs.ext.MessageContext;
+import org.apache.cxf.jaxrs.ext.RequestHandler;
+import org.apache.cxf.jaxrs.impl.HttpHeadersImpl;
+import org.apache.cxf.jaxrs.model.ClassResourceInfo;
+import org.apache.cxf.message.Message;
+import org.apache.stratos.rest.endpoint.Utils;
+import org.apache.stratos.rest.endpoint.context.AuthenticationContext;
+import org.wso2.carbon.context.PrivilegedCarbonContext;
+import sun.security.krb5.internal.crypto.crc32;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.HttpHeaders;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import java.util.List;
+/*
+* authenticate an incoming request using the session availability. Session is first established
using the
+* basic auth authentication. This handler will be the last to get executed in the current
handler chain. Hence failure
+* too provide a session would result in an authentication failure.
+* */
+public class CookieBasedAuthenticationHandler implements RequestHandler {
+    private Log log = LogFactory.getLog(CookieBasedAuthenticationHandler.class);
+
+    public Response handleRequest(Message message, ClassResourceInfo classResourceInfo) {
+       if(AuthenticationContext.isAthenticated()){
+           return null;
+       }
+
+       HttpServletRequest httpServletRequest =  (HttpServletRequest)message.get("HTTP.REQUEST");
+       HttpSession httpSession = httpServletRequest.getSession(false);
+       if(httpSession != null && isUserLoggedIn(httpSession)){ // if sesion is avaialble
+           String userName = (String)httpSession.getAttribute("userName");
+           String tenantDomain = (String)httpSession.getAttribute("tenantDomain");
+           int tenantId = (Integer)httpSession.getAttribute("tenantId");
+           // the following will get used by the authorization handler..
+           PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
+           carbonContext.setUsername(userName);
+           carbonContext.setTenantDomain(tenantDomain);
+           carbonContext.setTenantId(tenantId);
+
+           AuthenticationContext.setAuthenticated(true);
+           return null;
+
+       }
+        return Response.status(Response.Status.FORBIDDEN).
+                type(MediaType.APPLICATION_JSON).entity(Utils.buildMessage("The endpoint
requires authentication")).build();
+    }
+
+    /*
+    * if the userName and tenantDomain is present in the session, we conclude this as an
authenticated session.
+    * Thos params get set by the AuthenticationAdmin endpoint.
+    * */
+    private boolean isUserLoggedIn(HttpSession httpSession){
+        String userName = (String)httpSession.getAttribute("userName");
+        String tenantDomain = (String)httpSession.getAttribute("tenantDomain");
+        Integer tenantId = (Integer)httpSession.getAttribute("tenantId");
+        if(userName != null && tenantDomain!=null && tenantId!=null) {
+            return true;
+        }
+        return false;
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-stratos/blob/dac3417d/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/OAuthHandler.java
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/OAuthHandler.java
b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/OAuthHandler.java
index ce7524f..74c0bc8 100644
--- a/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/OAuthHandler.java
+++ b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/OAuthHandler.java
@@ -24,6 +24,7 @@ import org.apache.cxf.jaxrs.ext.RequestHandler;
 import org.apache.cxf.jaxrs.impl.HttpHeadersImpl;
 import org.apache.cxf.jaxrs.model.ClassResourceInfo;
 import org.apache.cxf.message.Message;
+import org.apache.stratos.rest.endpoint.context.AuthenticationContext;
 import org.apache.stratos.rest.endpoint.oauth2.ValidationServiceClient;
 import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationResponseDTO;
 
@@ -78,6 +79,7 @@ public class OAuthHandler extends AbstractAuthenticationAuthorizationHandler
{
             log.error("Error while validating access token", e);
             return Response.status(Response.Status.FORBIDDEN).build();
         }
+        AuthenticationContext.setAuthenticated(true);
         return null;
     }
 }

http://git-wip-us.apache.org/repos/asf/incubator-stratos/blob/dac3417d/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/StratosAuthenticationHandler.java
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/StratosAuthenticationHandler.java
b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/StratosAuthenticationHandler.java
index b9da59c..f8f0bc2 100644
--- a/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/StratosAuthenticationHandler.java
+++ b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/StratosAuthenticationHandler.java
@@ -27,6 +27,7 @@ import org.apache.cxf.message.Message;
 import org.apache.cxf.security.SecurityContext;
 import org.apache.stratos.rest.endpoint.ServiceHolder;
 import org.apache.stratos.rest.endpoint.Utils;
+import org.apache.stratos.rest.endpoint.context.AuthenticationContext;
 import org.apache.stratos.rest.endpoint.exception.RestAPIException;
 import org.apache.stratos.rest.endpoint.security.StratosSecurityContext;
 import org.wso2.carbon.context.PrivilegedCarbonContext;
@@ -97,7 +98,9 @@ public class StratosAuthenticationHandler extends AbstractAuthenticationAuthoriz
                 //populate the secuirtyContext of authenticated user
                 SecurityContext securityContext = new StratosSecurityContext(username);
                 message.put(SecurityContext.class, securityContext);
-                // let request to continue
+
+                // set the authenticated flag and let the request to continue
+                AuthenticationContext.setAuthenticated(true);
                 return null;
             } else {
                 log.warn("unable to authenticate the request");

http://git-wip-us.apache.org/repos/asf/incubator-stratos/blob/dac3417d/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/StratosAuthorizingHandler.java
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/StratosAuthorizingHandler.java
b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/StratosAuthorizingHandler.java
index d9a044d..a7e5f09 100644
--- a/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/StratosAuthorizingHandler.java
+++ b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/StratosAuthorizingHandler.java
@@ -26,7 +26,6 @@ import org.apache.cxf.interceptor.security.AccessDeniedException;
 import org.apache.cxf.jaxrs.ext.RequestHandler;
 import org.apache.cxf.jaxrs.model.ClassResourceInfo;
 import org.apache.cxf.message.Message;
-import org.apache.cxf.security.SecurityContext;
 import org.apache.cxf.service.Service;
 import org.apache.cxf.service.model.BindingOperationInfo;
 import org.apache.stratos.rest.endpoint.Utils;
@@ -48,7 +47,7 @@ import java.util.*;
  * details using annotations present in the service bean. This particular implementation
is inspired
  * by the {@link org.apache.cxf.jaxrs.security.SimpleAuthorizingFilter}
  */
-public class StratosAuthorizingHandler extends AbstractAuthenticationAuthorizationHandler
{
+public class StratosAuthorizingHandler implements RequestHandler {
     private Log log = LogFactory.getLog(StratosAuthorizingHandler.class);
 
     private static String SUPPORTED_AUTHENTICATION_TYPE = "Basic";
@@ -66,17 +65,18 @@ public class StratosAuthorizingHandler extends AbstractAuthenticationAuthorizati
                         "equals", "toString", "hashCode"}));
     }
 
-    public boolean canHandle(String authHeaderPrefix){
-        return SUPPORTED_AUTHENTICATION_TYPE.equals(authHeaderPrefix);
-    }
 
-    public Response handle(Message message, ClassResourceInfo resourceClass) {
+
+    public Response handleRequest(Message message, ClassResourceInfo resourceClass) {
         try {
-            SecurityContext securityContext = message.get(SecurityContext.class);
-            Method method = getTargetMethod(message);
-            if (!authorize(securityContext, method)) {
-               log.warn("User :"+ securityContext.getUserPrincipal().getName() + "trying
to perform unauthrorized action" +
-                       " against the resource :"+ method);
+
+            String userName = CarbonContext.getThreadLocalCarbonContext().getUsername();
+            String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
+            int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
+            Method targetMethod = getTargetMethod(message);
+            if (!authorize(userName,tenantDomain,tenantId,targetMethod)) {
+               log.warn("User :"+ userName + "trying to perform unauthrorized action" +
+                       " against the resource :"+ targetMethod);
                return Response.status(Response.Status.FORBIDDEN).type(MediaType.APPLICATION_JSON).
                        entity(Utils.buildMessage("The user does not have required permissions
to " +
                                "perform this operation")).build();
@@ -90,15 +90,12 @@ public class StratosAuthorizingHandler extends AbstractAuthenticationAuthorizati
         }
     }
 
-    private boolean authorize(SecurityContext securityContext, Method targetMethod) throws
Exception{
+    private boolean authorize(String userName, String tenantDomain,int tenantId, Method targetMethod)
throws Exception{
             // first we try to see whether this is a super.tenant only operation
-            String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
-            int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
             if (superTenantServiceSet.contains(targetMethod.getName()) && !isCurrentUserSuperTenant(tenantDomain,
tenantId)) {
                 return false;
             }
             // authorize using permissionString given as annotation in the service class
-            String userName = securityContext.getUserPrincipal().getName();
             String permissionString = authorizationActionMap.get(targetMethod.getName());
 
             // get the authorization manager for this tenant..

http://git-wip-us.apache.org/repos/asf/incubator-stratos/blob/dac3417d/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/services/AuthenticationAdmin.java
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/services/AuthenticationAdmin.java
b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/services/AuthenticationAdmin.java
new file mode 100644
index 0000000..7a2fd3d
--- /dev/null
+++ b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/services/AuthenticationAdmin.java
@@ -0,0 +1,67 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.stratos.rest.endpoint.services;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.stratos.rest.endpoint.Utils;
+import org.apache.stratos.rest.endpoint.annotation.AuthorizationAction;
+import org.wso2.carbon.context.PrivilegedCarbonContext;
+
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+import javax.ws.rs.*;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+
+@Path("/auth/")
+public class AuthenticationAdmin extends AbstractAdmin {
+    Log log = LogFactory.getLog(AuthenticationAdmin.class);
+    // TODO: investigate on the thread safety of this apprach...
+    @Context
+    HttpServletRequest httpServletRequest;
+
+
+    /*
+    This method gets called by the client who are interested in using session mechanism to
authenticate themselves in
+    subsequent calls. This method call get authenticated by the basic authenticator.
+    Once the authenticated call received, the method creates a session.
+
+     */
+    @GET
+    @Path("/cookie")
+    @Produces("application/json")
+    @Consumes("application/json")
+    @AuthorizationAction("/permission/protected/manage/monitor/tenants")
+    public Response getCookie(){
+       HttpSession httpSession = httpServletRequest.getSession(true);//create session if
not found
+       PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
+       httpSession.setAttribute("userName",carbonContext.getUsername());
+       httpSession.setAttribute("tenantDomain",carbonContext.getTenantDomain());
+       httpSession.setAttribute("tenantId",carbonContext.getTenantId());
+
+       String sessionId = httpSession.getId();
+        return Response.ok().header("WWW-Authenticate", "Basic").type(MediaType.APPLICATION_JSON).
+                entity(Utils.buildAuthenticationSuccessMessage(sessionId)).build();
+    }
+
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-stratos/blob/dac3417d/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/services/StratosAdmin.java
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/services/StratosAdmin.java
b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/services/StratosAdmin.java
index 82f40c1..f86f8a9 100644
--- a/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/services/StratosAdmin.java
+++ b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/services/StratosAdmin.java
@@ -28,6 +28,7 @@ import org.apache.stratos.manager.dto.Cartridge;
 import org.apache.stratos.manager.dto.SubscriptionInfo;
 import org.apache.stratos.manager.exception.ADCException;
 import org.apache.stratos.rest.endpoint.ServiceHolder;
+import org.apache.stratos.rest.endpoint.Utils;
 import org.apache.stratos.rest.endpoint.annotation.AuthorizationAction;
 import org.apache.stratos.rest.endpoint.annotation.SuperTenantService;
 import org.apache.stratos.rest.endpoint.bean.CartridgeInfoBean;
@@ -51,7 +52,12 @@ import org.wso2.carbon.user.core.tenant.Tenant;
 import org.wso2.carbon.user.core.tenant.TenantManager;
 import org.wso2.carbon.utils.multitenancy.MultitenantConstants;
 
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
 import javax.ws.rs.*;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.UUID;
@@ -59,16 +65,31 @@ import java.util.UUID;
 @Path("/admin/")
 public class StratosAdmin extends AbstractAdmin {
     private static Log log = LogFactory.getLog(StratosAdmin.class);
+    @Context
+    HttpServletRequest httpServletRequest;
 
-    @POST
-    @Path("/init")
+
+    /*
+    This method gets called by the client who are interested in using session mechanism to
authenticate themselves in
+    subsequent calls. This method call get authenticated by the basic authenticator.
+    Once the authenticated call received, the method creates a session.
+
+     */
+    @GET
+    @Path("/cookie")
     @Produces("application/json")
     @Consumes("application/json")
     @AuthorizationAction("/permission/protected/manage/monitor/tenants")
-    public void initialize ()
-            throws RestAPIException {
+    public Response getCookie(){
+        HttpSession httpSession = httpServletRequest.getSession(true);//create session if
not found
+        PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
+        httpSession.setAttribute("userName",carbonContext.getUsername());
+        httpSession.setAttribute("tenantDomain",carbonContext.getTenantDomain());
+        httpSession.setAttribute("tenantId",carbonContext.getTenantId());
 
-        //login
+        String sessionId = httpSession.getId();
+        return Response.ok().header("WWW-Authenticate", "Basic").type(MediaType.APPLICATION_JSON).
+                entity(Utils.buildAuthenticationSuccessMessage(sessionId)).build();
     }
 
     @POST

http://git-wip-us.apache.org/repos/asf/incubator-stratos/blob/dac3417d/components/org.apache.stratos.rest.endpoint/src/main/webapp/stratos/WEB-INF/cxf-servlet.xml
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.rest.endpoint/src/main/webapp/stratos/WEB-INF/cxf-servlet.xml
b/components/org.apache.stratos.rest.endpoint/src/main/webapp/stratos/WEB-INF/cxf-servlet.xml
index 873bbbc..22a9ca3 100644
--- a/components/org.apache.stratos.rest.endpoint/src/main/webapp/stratos/WEB-INF/cxf-servlet.xml
+++ b/components/org.apache.stratos.rest.endpoint/src/main/webapp/stratos/WEB-INF/cxf-servlet.xml
@@ -33,14 +33,16 @@
         <jaxrs:providers>
             <ref bean="jsonProvider"/>
             <ref bean="exceptionHandler"/>
-            <ref bean="authenticationFilter"/>
+            <ref bean="basicAuthenticationFilter"/>
+            <ref bean="sessionAuthenticationFilter"/>
             <ref bean="authorizationFilter"/>
             <ref bean="OAuthFilter"/>
         </jaxrs:providers>
     </jaxrs:server>
 
     <bean id="stratosRestEndpointBean" class="org.apache.stratos.rest.endpoint.services.StratosAdmin"/>
-    <bean id="authenticationFilter" class="org.apache.stratos.rest.endpoint.handlers.StratosAuthenticationHandler"/>
+    <bean id="basicAuthenticationFilter" class="org.apache.stratos.rest.endpoint.handlers.StratosAuthenticationHandler"/>
+    <bean id="sessionAuthenticationFilter" class="org.apache.stratos.rest.endpoint.handlers.CookieBasedAuthenticationHandler"/>
     <bean id="authorizationFilter" class="org.apache.stratos.rest.endpoint.handlers.StratosAuthorizingHandler">
         <property name="securedObject" ref="stratosRestEndpointBean"/>
     </bean>


Mime
View raw message