Adds support for protecting incoming connections via SSL and basic authentication.

Author: Eric Meyer

.classpath

@@ -106,5 +106,6 @@
 	<classpathentry kind="lib" path="lib/test/derby-10.5.3.0.jar"/>
 	<classpathentry kind="lib" path="lib/stax2-api-3.0.2.jar"/>
 	<classpathentry kind="lib" path="lib/woodstox-core-asl-4.0.8.jar"/>
+	<classpathentry kind="lib" path="lib/jopt-simple-3.2.jar" sourcepath="lib/jopt-simple-3.2-sources.jar"/>
 	<classpathentry kind="output" path="build.eclipse"/>
 </classpath>

build.xml

@@ -188,7 +188,7 @@
         </jar>
     </target>
 
-    <target name="standalone-jar" depends="war">
+    <target name="standalone-jar" depends="war" description="Built the stand-alone executable jar.">
         <delete file="build.ant/discovery_datatool_standalone.jar"/>
         <jar destfile="build.ant/discovery_datatool_standalone.jar">
             <fileset dir="build.ant/main">
@@ -197,6 +197,7 @@
               <include name="com/t11e/discovery/datatool/CustomLogFormatter.class"/>
             </fileset>
             <zipgroupfileset dir="lib">
+                <include name="jopt-simple-3.2.jar"/>
                 <include name="jetty/jetty-6.1.22.jar"/>
                 <include name="jetty/jetty-util-6.1.22.jar"/>
                 <include name="javax/servlet-2.5.jar"/>
@@ -213,7 +214,8 @@
     </target>
 
     <property name="external.version" value="0.0.0"/>
-    <target name="release" depends="standalone-jar">
+    <target name="release" depends="standalone-jar"
+      description="Build the distribution ZIP. Can set external.version if building from a tag.">
       <delete file="build.ant/discovery_datatool.zip"/>
       <zip destfile="build.ant/discovery_datatool-${external.version}.zip">
         <zipfileset prefix="discovery_datatool-${external.version}/" dir="stage" excludes="*.sh"/>

lib/jopt-simple-3.2-sources.jar

@@ -8,7 +8,23 @@
         </New>
     </Arg>
   </Call>
-
+  <Call name="addConnector">
+    <Arg>
+      <!--
+      nio class not found
+      <New class="org.mortbay.jetty.security.SslSelectChannelConnector">
+        -->
+      <New class="org.mortbay.jetty.security.SslSocketConnector">
+        <Set name="Port"><SystemProperty name="jetty.ssl.port" default="8443"/></Set>
+        <Set name="maxIdleTime">30000</Set>
+        <Set name="keystore"><SystemProperty name="jetty.keystore" default="./datatool" /></Set>
+        <Set name="password">datatool</Set>
+        <Set name="keyPassword">datatool</Set>
+        <Set name="truststore"><SystemProperty name="jetty.truststore" default="./datatool" /></Set>
+        <Set name="trustPassword">datatool</Set>
+      </New>
+    </Arg>
+  </Call>
   <Array id="plusConfig" type="java.lang.String">
     <Item>org.mortbay.jetty.webapp.WebInfConfiguration</Item>
     <Item>org.mortbay.jetty.plus.webapp.EnvConfiguration</Item>

lib/jopt-simple-3.2.jar

@@ -1,8 +1,9 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <beans xmlns="http://www.springframework.org/schema/beans"
        xmlns:context="http://www.springframework.org/schema/context"
-       xmlns:mvc="http://www.springframework.org/schema/mvc"
        xmlns:jee="http://www.springframework.org/schema/jee"
+       xmlns:mvc="http://www.springframework.org/schema/mvc"
+       xmlns:sec="http://www.springframework.org/schema/security"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://www.springframework.org/schema/beans
            http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
@@ -11,11 +12,28 @@
            http://www.springframework.org/schema/mvc
            http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
            http://www.springframework.org/schema/jee
-           http://www.springframework.org/schema/jee/spring-jee-3.0.xsd">
+           http://www.springframework.org/schema/jee/spring-jee-3.0.xsd
+           http://www.springframework.org/schema/security
+           http://www.springframework.org/schema/security/spring-security-3.0.xsd
+           ">
   <context:annotation-config/>
   <context:component-scan base-package="com.t11e.discovery.datatool"/>
   <mvc:annotation-driven/>
 
+  <sec:authentication-manager>
+    <sec:authentication-provider user-service-ref="userDetailsService"/>
+  </sec:authentication-manager>
+  <sec:http auto-config="true" realm="datatool">
+    <sec:custom-filter ref="BypassAuthenticationFilter" before="ANONYMOUS_FILTER"/>
+    <sec:intercept-url pattern="/**" access="ROLE_USER" />
+    <sec:http-basic />
+  </sec:http>
+  <bean id="userDetailsService" class="org.springframework.security.core.userdetails.memory.InMemoryDaoImpl">
+    <property name="userProperties">
+      <props/>
+    </property>
+  </bean>
+
   <bean name="ConfigurationManager" class="com.t11e.discovery.datatool.ConfigurationManager">
     <property name="exitOnInvalidConfigAtStartup" value="true"/>
   </bean>

src/config/jetty.xml

@@ -0,0 +1,144 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<schema xmlns="http://www.w3.org/2001/XMLSchema"
+    targetNamespace="http://transparensee.com/schema/datatool-config-3"
+    xmlns:tns="http://transparensee.com/schema/datatool-config-3"
+    elementFormDefault="qualified"
+    >
+
+    <element name="config" type="tns:ConfigType"/>
+
+    <complexType name="ConfigType">
+      <sequence>
+        <element name="accessControl" type="tns:AccessControlType" minOccurs="0" maxOccurs="1"/>
+        <element name="dataSources" type="tns:DataSourcesType"/>
+        <element name="profiles" type="tns:ProfilesType"/>
+        <element name="publishers" type="tns:PublishersType"/>
+      </sequence>
+    </complexType>
+
+    <complexType name="AccessControlType">
+      <annotation>
+        <documentation xml:lang="en">
+          Optional restrict feed access using basic HTTP authentication.
+          Since datatool-config-3.
+          By adding the element, you turn on basic HTTP authentication.
+          Add child user elements.
+        </documentation>
+      </annotation>
+      <sequence minOccurs="0">
+        <element name="user">
+          <complexType>
+            <attribute name="name" type="string" use="required"/>
+            <attribute name="password" type="string" use="required"/>
+          </complexType>
+        </element>
+      </sequence>
+    </complexType>
+
+    <complexType name="DataSourcesType">
+      <sequence minOccurs="1" maxOccurs="unbounded">
+        <choice>
+          <element name="dataSource" type="tns:DataSourceType"/>
+          <element name="driver" type="tns:DriverType"/>
+        </choice>
+      </sequence>
+    </complexType>
+
+    <complexType name="DataSourceType">
+      <sequence minOccurs="0" maxOccurs="unbounded">
+        <any processContents="lax"/>
+      </sequence>
+      <attribute name="name" type="string" use="required"/>
+      <attribute name="jar" type="string" use="optional"/>
+      <attribute name="class" type="string" use="required"/>
+    </complexType>
+
+    <complexType name="DriverType">
+      <sequence>
+        <element name="url"/>
+        <element name="username" minOccurs="0"/>
+        <element name="password" minOccurs="0"/>
+        <element name="properties" minOccurs="0">
+          <complexType>
+            <sequence minOccurs="0" maxOccurs="unbounded">
+              <any processContents="lax"/>
+            </sequence>
+          </complexType>
+        </element>
+      </sequence>
+      <attribute name="name" type="string" use="required"/>
+      <attribute name="jar" type="string" use="optional"/>
+      <attribute name="class" type="string" use="required"/>
+    </complexType>
+
+    <complexType name="ProfilesType">
+      <sequence minOccurs="1" maxOccurs="unbounded">
+        <element name="sqlProfile" type="tns:SqlProfileType"/>
+      </sequence>
+    </complexType>
+
+    <complexType name="PublishersType">
+      <sequence minOccurs="1" maxOccurs="unbounded">
+        <element name="sqlPublisher" type="tns:SqlPublisherType"/>
+      </sequence>
+    </complexType>
+
+    <complexType name="SqlProfileType">
+      <sequence>
+        <element name="createSql" type="string" minOccurs="0">
+          <annotation>
+            <documentation xml:lang="en">
+              Optional SQL used to create a profile when one is not found.
+              Since datatool-config-2.
+              Bound parameters:
+                :name -- profile name
+              Outputs:
+                none
+            </documentation>
+          </annotation>
+        </element>
+        <element name="retrieveSql" type="tns:retrieveSql"/>
+        <element name="updateSql" type="string"/>
+      </sequence>
+      <attribute name="name" type="string" use="required"/>
+      <attribute name="dataSource" type="string" use="required"/>
+    </complexType>
+
+    <complexType name="retrieveSql" mixed="true">
+      <attribute name="startColumn" use="required"/>
+      <attribute name="endColumn" use="required"/>
+    </complexType>
+
+    <complexType name="SqlPublisherType">
+      <sequence minOccurs="1" maxOccurs="unbounded">
+        <element name="action" type="tns:ActionType"/>
+      </sequence>
+      <attribute name="name" type="string" use="required"/>
+      <attribute name="dataSource" type="string" use="required"/>
+      <attribute name="profile" type="string" use="required"/>
+    </complexType>
+
+    <complexType name="ActionType">
+      <sequence>
+        <element name="query" type="string"/>
+      </sequence>
+      <attribute name="type" type="tns:ActionTypeType" use="required"/>
+      <attribute name="filter" type="tns:FilterActionType" use="optional"/>
+      <attribute name="idColumn" type="string" use="required"/>
+      <attribute name="jsonColumnNames" type="string"  use="optional"/>
+    </complexType>
+
+    <simpleType name="ActionTypeType">
+      <restriction base="string">
+        <enumeration value="create"/>
+        <enumeration value="delete"/>
+      </restriction>
+    </simpleType>
+
+    <simpleType name="FilterActionType">
+      <restriction base="string">
+        <enumeration value="delta"/>
+        <enumeration value="snapshot"/>
+      </restriction>
+    </simpleType>
+</schema>

src/docroot/WEB-INF/applicationContext.xml

@@ -29,6 +29,15 @@
     <load-on-startup>2</load-on-startup>
   </servlet>
 
+  <filter>
+    <filter-name>springSecurityFilterChain</filter-name>
+    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
+  </filter>
+  <filter-mapping>
+    <filter-name>springSecurityFilterChain</filter-name>
+    <url-pattern>/*</url-pattern>
+  </filter-mapping>
+
   <servlet-mapping>
     <servlet-name>static</servlet-name>
     <url-pattern>/static/*</url-pattern>

src/docroot/WEB-INF/classes/datatool-config-3.xsd

@@ -0,0 +1,58 @@
+package com.t11e.discovery.datatool;
+
+import java.io.IOException;
+import java.util.Arrays;
+import java.util.List;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+
+import org.springframework.security.authentication.AnonymousAuthenticationToken;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.GrantedAuthorityImpl;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.GenericFilterBean;
+
+@Component("BypassAuthenticationFilter")
+public class BypassAuthenticationFilter
+  extends GenericFilterBean
+{
+  private static final List<GrantedAuthority> DEFAULT_ROLES =
+    Arrays.asList((GrantedAuthority) new GrantedAuthorityImpl("ROLE_USER"));
+  private final byte[] bypassLock = {};
+  private boolean bypass = true;
+
+  @Override
+  public void doFilter(
+    final ServletRequest request,
+    final ServletResponse response,
+    final FilterChain chain)
+    throws IOException, ServletException
+  {
+    final boolean doBypass;
+    synchronized (bypassLock)
+    {
+      doBypass = bypass;
+    }
+    if (doBypass && SecurityContextHolder.getContext().getAuthentication() == null)
+    {
+      final AnonymousAuthenticationToken auth =
+        new AnonymousAuthenticationToken("bypass_auth", "bypass_auth", DEFAULT_ROLES);
+      auth.setDetails(new User("bypass_auth", "bypass_auth", true, true, true, true, DEFAULT_ROLES));
+      SecurityContextHolder.getContext().setAuthentication(auth);
+    }
+    chain.doFilter(request, response);
+  }
+
+  public void setBypass(final boolean bypass)
+  {
+    synchronized (bypassLock)
+    {
+      this.bypass = bypass;
+    }
+  }
+}