From cca7da7fb372f186a601217bb364cd788322a9f5 Mon Sep 17 00:00:00 2001 From: Stefan Bischof Date: Tue, 26 Aug 2025 13:26:03 +0200 Subject: [PATCH 1/2] update to new ci java build pattern Signed-off-by: Stefan Bischof --- .github/workflows/build_deploy.yml | 19 +++++++++++++++++++ .github/workflows/java_build_test.yml | 13 ------------- .github/workflows/java_deploy.yml | 11 ----------- 3 files changed, 19 insertions(+), 24 deletions(-) create mode 100644 .github/workflows/build_deploy.yml delete mode 100644 .github/workflows/java_build_test.yml delete mode 100644 .github/workflows/java_deploy.yml diff --git a/.github/workflows/build_deploy.yml b/.github/workflows/build_deploy.yml new file mode 100644 index 0000000..606bb87 --- /dev/null +++ b/.github/workflows/build_deploy.yml @@ -0,0 +1,19 @@ +name: Build, Test and Deploy + +on: + push: + branches: + - 'main' + pull_request: + branches: + - 'main' + +jobs: + build_test: + uses: eclipse-daanse/.github/.github/workflows/reuse_java_build_test.yml@main + + maven_deploy: + if: ${{ github.ref == 'refs/heads/main' && github.event_name == 'push' }} + needs: build_test + uses: eclipse-daanse/.github/.github/workflows/reuse_java_deploy.yml@main + secrets: inherit diff --git a/.github/workflows/java_build_test.yml b/.github/workflows/java_build_test.yml deleted file mode 100644 index 4491956..0000000 --- a/.github/workflows/java_build_test.yml +++ /dev/null @@ -1,13 +0,0 @@ -name: Java Build, Test - -on: - push: - branches: - - 'main' - pull_request: - branches: - - 'main' - -jobs: - build: - uses: eclipse-daanse/.github/.github/workflows/reuse_java_build_test.yml@main diff --git a/.github/workflows/java_deploy.yml b/.github/workflows/java_deploy.yml deleted file mode 100644 index 71d13e7..0000000 --- a/.github/workflows/java_deploy.yml +++ /dev/null @@ -1,11 +0,0 @@ -name: Deploy Maven - -on: - push: - branches: - - 'main' - -jobs: - publish: - uses: eclipse-daanse/.github/.github/workflows/reuse_java_deploy.yml@main - secrets: inherit From 523641e4000cb601e209dd3e8c08015e092c5cd8 Mon Sep 17 00:00:00 2001 From: Stefan Bischof Date: Tue, 26 Aug 2025 13:30:11 +0200 Subject: [PATCH 2/2] rm auth, use jakarta.servlet repo filters Signed-off-by: Stefan Bischof --- server/authentication/pom.xml | 41 --------- .../HeaderMapRequestWrapper.java | 77 ---------------- .../authentication/NameToRoleAuthFilter.java | 87 ------------------- .../server/authentication/package-info.java | 18 ---- server/pom.xml | 1 - 5 files changed, 224 deletions(-) delete mode 100644 server/authentication/pom.xml delete mode 100644 server/authentication/src/main/java/org/eclipse/daanse/xmla/server/authentication/HeaderMapRequestWrapper.java delete mode 100644 server/authentication/src/main/java/org/eclipse/daanse/xmla/server/authentication/NameToRoleAuthFilter.java delete mode 100644 server/authentication/src/main/java/org/eclipse/daanse/xmla/server/authentication/package-info.java diff --git a/server/authentication/pom.xml b/server/authentication/pom.xml deleted file mode 100644 index 756e4bc..0000000 --- a/server/authentication/pom.xml +++ /dev/null @@ -1,41 +0,0 @@ - - - - 4.0.0 - - org.eclipse.daanse - org.eclipse.daanse.xmla.server - ${revision} - - org.eclipse.daanse.xmla.server.authentication - Daanse XMLA Server Authentication - Authentication module for XMLA server. Provides security and authentication mechanisms for protecting XMLA endpoints, including servlet-based authentication and authorization support. - - - org.osgi - org.osgi.service.servlet - - - org.apache.felix - org.apache.felix.http.servlet-api - - - org.eclipse.daanse - org.eclipse.daanse.jakarta.servlet.soap - 0.0.1-SNAPSHOT - compile - - - diff --git a/server/authentication/src/main/java/org/eclipse/daanse/xmla/server/authentication/HeaderMapRequestWrapper.java b/server/authentication/src/main/java/org/eclipse/daanse/xmla/server/authentication/HeaderMapRequestWrapper.java deleted file mode 100644 index d70277c..0000000 --- a/server/authentication/src/main/java/org/eclipse/daanse/xmla/server/authentication/HeaderMapRequestWrapper.java +++ /dev/null @@ -1,77 +0,0 @@ -/* - * Copyright (c) 2023 Contributors to the Eclipse Foundation. - * - * This program and the accompanying materials are made - * available under the terms of the Eclipse Public License 2.0 - * which is available at https://www.eclipse.org/legal/epl-2.0/ - * - * SPDX-License-Identifier: EPL-2.0 - * - * Contributors: - * SmartCity Jena - initial - * Stefan Bischof (bipolis.org) - initial - */ -package org.eclipse.daanse.xmla.server.authentication; - -import jakarta.servlet.http.HttpServletRequest; -import jakarta.servlet.http.HttpServletRequestWrapper; - -import java.util.Collections; -import java.util.Enumeration; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -public class HeaderMapRequestWrapper extends HttpServletRequestWrapper { - /** - * construct a wrapper for this request - * - * @param request - */ - public HeaderMapRequestWrapper(HttpServletRequest request) { - super(request); - } - - private Map headerMap = new HashMap(); - - /** - * add a header with given name and value - * - * @param name - * @param value - */ - public void addHeader(String name, String value) { - headerMap.put(name, value); - } - - @Override - public String getHeader(String name) { - String headerValue = super.getHeader(name); - if (headerMap.containsKey(name)) { - headerValue = headerMap.get(name); - } - return headerValue; - } - - /** - * get the Header names - */ - @Override - public Enumeration getHeaderNames() { - List names = Collections.list(super.getHeaderNames()); - for (String name : headerMap.keySet()) { - names.add(name); - } - return Collections.enumeration(names); - } - - @Override - public Enumeration getHeaders(String name) { - List values = Collections.list(super.getHeaders(name)); - if (headerMap.containsKey(name)) { - values.add(headerMap.get(name)); - } - return Collections.enumeration(values); - } - -} diff --git a/server/authentication/src/main/java/org/eclipse/daanse/xmla/server/authentication/NameToRoleAuthFilter.java b/server/authentication/src/main/java/org/eclipse/daanse/xmla/server/authentication/NameToRoleAuthFilter.java deleted file mode 100644 index 7618497..0000000 --- a/server/authentication/src/main/java/org/eclipse/daanse/xmla/server/authentication/NameToRoleAuthFilter.java +++ /dev/null @@ -1,87 +0,0 @@ -package org.eclipse.daanse.xmla.server.authentication; - -import jakarta.servlet.*; -import jakarta.servlet.http.*; -import java.io.IOException; -import java.nio.charset.StandardCharsets; -import java.security.Principal; -import java.util.Base64; -import java.util.Set; -import java.util.stream.Collectors; -import java.util.stream.Stream; - -public class NameToRoleAuthFilter implements Filter { - - @Override - public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) - throws IOException, ServletException { - - HttpServletRequest request = (HttpServletRequest) req; - HttpServletResponse response = (HttpServletResponse) res; - - String auth = request.getHeader("Authorization"); - if (auth == null || !auth.startsWith("Basic ")) { - response.setHeader("WWW-Authenticate", "Basic realm=\"app\""); - response.sendError(HttpServletResponse.SC_UNAUTHORIZED); - return; - } - - // --- Decode credentials --- - String base64 = auth.substring("Basic ".length()); - String credentials = new String(Base64.getDecoder().decode(base64), StandardCharsets.UTF_8); - - int idx = credentials.indexOf(':'); - if (idx < 0) { - response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Invalid Basic header"); - return; - } - - String usernameAndRoles = credentials.substring(0, idx); - String password = credentials.substring(idx + 1); - - // Split username and roles using '|' - String[] parts = usernameAndRoles.split("\\|"); - String username = parts[0]; - - Set roles = Stream.of(parts).skip(1) // skip username - .collect(Collectors.toSet()); - - // Hier kannst du Passwort prüfen (DB, LDAP, etc.) - if (!authenticate(username, password)) { - response.sendError(HttpServletResponse.SC_UNAUTHORIZED); - return; - } - - // Request wrappen, um Security-Methoden bereitzustellen - HttpServletRequest wrapped = new HttpServletRequestWrapper(request) { - private final Principal principal = (Principal) () -> username; - - @Override - public Principal getUserPrincipal() { - return principal; - } - - @Override - public String getRemoteUser() { - return username; - } - - @Override - public String getAuthType() { - return HttpServletRequest.BASIC_AUTH; - } - - @Override - public boolean isUserInRole(String role) { - return roles.contains(role); - } - }; - - chain.doFilter(wrapped, response); - } - - private boolean authenticate(String u, String p) { - // sichere Prüfung implementieren - return true; - } -} diff --git a/server/authentication/src/main/java/org/eclipse/daanse/xmla/server/authentication/package-info.java b/server/authentication/src/main/java/org/eclipse/daanse/xmla/server/authentication/package-info.java deleted file mode 100644 index 297af4c..0000000 --- a/server/authentication/src/main/java/org/eclipse/daanse/xmla/server/authentication/package-info.java +++ /dev/null @@ -1,18 +0,0 @@ -/* -* Copyright (c) 2023 Contributors to the Eclipse Foundation. -* -* This program and the accompanying materials are made -* available under the terms of the Eclipse Public License 2.0 -* which is available at https://www.eclipse.org/legal/epl-2.0/ -* -* SPDX-License-Identifier: EPL-2.0 -* -* Contributors: -* SmartCity Jena - initial -* Stefan Bischof (bipolis.org) - initial -* Sergei Semenkov - initial -*/ - -@org.osgi.annotation.bundle.Export -@org.osgi.annotation.versioning.Version("0.0.1") -package org.eclipse.daanse.xmla.server.authentication; diff --git a/server/pom.xml b/server/pom.xml index 1915536..4c83014 100644 --- a/server/pom.xml +++ b/server/pom.xml @@ -30,6 +30,5 @@ jakarta.xml.ws.provider.soapmessage jakarta.saaj jdk.httpserver - authentication